You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/07/21 17:48:46 UTC

svn commit: r1364115 - in /santuario/xml-security-java/trunk/src: main/java/org/apache/xml/security/stax/impl/processor/output/ test/java/org/apache/xml/security/test/stax/signature/

Author: giger
Date: Sat Jul 21 15:48:45 2012
New Revision: 1364115

URL: http://svn.apache.org/viewvc?rev=1364115&view=rev
Log:
append signature directly after the root element. Fix for SANTUARIO-324

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
    santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java?rev=1364115&r1=1364114&r2=1364115&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java Sat Jul 21 15:48:45 2012
@@ -79,19 +79,15 @@ public abstract class AbstractSignatureE
                 TwY0Uxja4ZuI6U8m8Tg=
             </ds:SignatureValue>
             <ds:KeyInfo Id="KeyId-1043455692">
-                <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1008354042">
-                    <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#CertId-3458500" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
+                <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1008354042">
+                    <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                        URI="#CertId-3458500" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                 </wsse:SecurityTokenReference>
             </ds:KeyInfo>
         </ds:Signature>
     */
 
-    @Override
-    public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
-        setAppendAfterThisTokenId(outputProcessorChain.getSecurityContext().<String>get(XMLSecurityConstants.PROP_APPEND_SIGNATURE_ON_THIS_ID));
-        super.doFinal(outputProcessorChain);
-    }
-
     public void processHeaderEvent(OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
 
         OutputProcessorChain subOutputProcessorChain = outputProcessorChain.createSubChain(this);

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java?rev=1364115&r1=1364114&r2=1364115&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureEndingOutputProcessor.java Sat Jul 21 15:48:45 2012
@@ -20,6 +20,7 @@ package org.apache.xml.security.stax.imp
 
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Iterator;
 import java.util.List;
 
 import javax.xml.stream.XMLStreamException;
@@ -30,6 +31,7 @@ import org.apache.xml.security.stax.ext.
 import org.apache.xml.security.stax.ext.XMLSecurityException;
 import org.apache.xml.security.stax.ext.XMLSecurityUtils;
 import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
+import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
 import org.apache.xml.security.stax.impl.SignaturePartDef;
 import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
 import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
@@ -65,6 +67,19 @@ public class XMLSignatureEndingOutputPro
     }
 
     @Override
+    protected void flushBufferAndCallbackAfterTokenID(
+            OutputProcessorChain outputProcessorChain, Iterator<XMLSecEvent> xmlSecEventIterator)
+            throws XMLStreamException, XMLSecurityException {
+
+        //@see SANTUARIO-324
+        //output root element...
+        outputProcessorChain.reset();
+        outputProcessorChain.processEvent(xmlSecEventIterator.next());
+        //...then call super to append the signature and flush the rest
+        super.flushBufferAndCallbackAfterTokenID(outputProcessorChain, xmlSecEventIterator);
+    }
+
+    @Override
     protected void createKeyInfoStructureForSignature(
             OutputProcessorChain outputProcessorChain,
             SecurityToken securityToken,

Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java?rev=1364115&r1=1364114&r2=1364115&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java Sat Jul 21 15:48:45 2012
@@ -24,6 +24,7 @@ import org.junit.Assert;
 import org.junit.Test;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import javax.crypto.SecretKey;
@@ -82,6 +83,17 @@ public class SignatureCreationTest exten
         // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
         Document document = 
             documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+
+        //first child element must be the dsig:Signature @see SANTUARIO-324:
+        NodeList nodeList = document.getDocumentElement().getChildNodes();
+        for (int i = 0; i < nodeList.getLength(); i++) {
+            Node child = nodeList.item(i);
+            if (child.getNodeType() == Node.ELEMENT_NODE) {
+                Element element = (Element)child;
+                Assert.assertEquals(element.getLocalName(), "Signature");
+                break;
+            }
+        }
         
         // Verify using DOM
         verifyUsingDOM(document, cert, properties.getSignatureSecureParts());