You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2011/04/27 12:25:50 UTC

svn commit: r1097066 - in /santuario/xml-security-java/trunk: CHANGELOG.txt src/main/java/org/apache/xml/security/c14n/implementations/Canonicalizer11.java src/test/java/org/apache/xml/security/test/c14n/implementations/Santuario191Test.java

Author: coheigea
Date: Wed Apr 27 10:25:49 2011
New Revision: 1097066

URL: http://svn.apache.org/viewvc?rev=1097066&view=rev
Log:
[SANTUARIO-291] - xml:id attributes are not correctly handled when using c14n11.

Added:
    santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Santuario191Test.java
Modified:
    santuario/xml-security-java/trunk/CHANGELOG.txt
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/implementations/Canonicalizer11.java

Modified: santuario/xml-security-java/trunk/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/CHANGELOG.txt?rev=1097066&r1=1097065&r2=1097066&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/CHANGELOG.txt (original)
+++ santuario/xml-security-java/trunk/CHANGELOG.txt Wed Apr 27 10:25:49 2011
@@ -1,6 +1,7 @@
 Changelog for "Apache xml-security" <http://santuario.apache.org/>
 
 New in v1.5.0-SNAPSHOT
+    Fixed SANTUARIO-291: xml:id attributes are not correctly handled when using c14n11.
     Fixed SANTUARIO-266: c14n11 produces different signatures using version 1.4.3 and 1.4.4.
     Fixed SANTUARIO-254: Rework org.apache.xml.security.utils.resolver.ResourceResolver.
     Fixed SANTUARIO-263: Canonicalizer can't handle dynamical created DOM correctly. Thanks to Martin Koegler.

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/implementations/Canonicalizer11.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/implementations/Canonicalizer11.java?rev=1097066&r1=1097065&r2=1097066&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/implementations/Canonicalizer11.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/implementations/Canonicalizer11.java Wed Apr 27 10:25:49 2011
@@ -429,9 +429,10 @@ public abstract class Canonicalizer11 ex
         int attrsLength = attrs.getLength();
         for (int i = 0; i < attrsLength; i++) {
             Attr N = (Attr) attrs.item(i);
+            
             if (!Constants.NamespaceSpecNS.equals(N.getNamespaceURI())) {
                 // Not a namespace definition, ignore.
-                if (XML_LANG_URI.equals(N.getNamespaceURI())) {
+                if (!"id".equals(N.getLocalName()) && XML_LANG_URI.equals(N.getNamespaceURI())) {
                     xmlattrStack.addXmlnsAttr(N);
                 }
                 continue;

Added: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Santuario191Test.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Santuario191Test.java?rev=1097066&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Santuario191Test.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Santuario191Test.java Wed Apr 27 10:25:49 2011
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.c14n.implementations;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+import org.apache.xml.security.c14n.implementations.Canonicalizer11;
+import org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments;
+
+/**
+ * This is a test for Santuario-191:
+ * 
+ * https://issues.apache.org/jira/browse/SANTUARIO-191
+ *
+ * An xml:Id attribute is appearing in a child element, contrary to the C14n11 spec.
+ */
+public class Santuario191Test extends org.junit.Assert {
+
+    private static final String INPUT_DATA =
+        "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+      + "<test xml:id=\"testid1\">"
+      + "<data>"
+      + "    <user1>Alice</user1>"
+      + "    <user2>Bob</user2>"
+      + "</data>"
+      + "</test>";
+    private static final String EXPECTED_RESULT =
+        "<data>"
+      + "    <user1>Alice</user1>"
+      + "    <user2>Bob</user2>"
+      + "</data>";
+
+    private DocumentBuilder db;
+    
+    static {
+        org.apache.xml.security.Init.init();
+    }
+
+    @org.junit.Test
+    public void testSantuario191() throws Exception {
+        //
+        // Parse the Data
+        //
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(true);
+        db = dbf.newDocumentBuilder();
+        Document doc = db.parse(new ByteArrayInputStream(INPUT_DATA.getBytes("UTF8")));
+        
+        //
+        // Canonicalize the data
+        //
+        NodeList dataNodes = doc.getElementsByTagName("data");
+        Canonicalizer11 c14ner = new Canonicalizer11_OmitComments();
+        byte[] result = c14ner.engineCanonicalizeSubTree(dataNodes.item(0));
+        
+        //
+        // Test against expected result
+        //
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        out.write(result);
+        assertTrue(EXPECTED_RESULT.equals(out.toString("UTF8")));
+    }
+    
+}