You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2017/08/11 10:20:50 UTC
svn commit: r1804762 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/algorithms/
main/java/org/apache/xml/security/signature/
main/java/org/apache/xml/security/utils/resolver/
test/java/org/apache/xml/security/test/dom/al...
Author: coheigea
Date: Fri Aug 11 10:20:50 2017
New Revision: 1804762
URL: http://svn.apache.org/viewvc?rev=1804762&view=rev
Log:
SANTUARIO-467 - Default to secure validation for the XMLSignature constructors
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/HMACSignatureAlgorithmTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/InteropTestBase.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java Fri Aug 11 10:20:50 2017
@@ -102,7 +102,7 @@ public class SignatureAlgorithm extends
* @throws XMLSecurityException
*/
public SignatureAlgorithm(Element element, String baseURI) throws XMLSecurityException {
- this(element, baseURI, false);
+ this(element, baseURI, true);
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java Fri Aug 11 10:20:50 2017
@@ -95,7 +95,7 @@ public class Manifest extends SignatureE
* @throws XMLSecurityException
*/
public Manifest(Element element, String baseURI) throws XMLSecurityException {
- this(element, baseURI, false);
+ this(element, baseURI, true);
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java Fri Aug 11 10:20:50 2017
@@ -209,7 +209,7 @@ public class Reference extends Signature
* @throws XMLSecurityException
*/
protected Reference(Element element, String baseURI, Manifest manifest) throws XMLSecurityException {
- this(element, baseURI, manifest, false);
+ this(element, baseURI, manifest, true);
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java Fri Aug 11 10:20:50 2017
@@ -159,7 +159,7 @@ public class SignedInfo extends Manifest
* Answer</A>
*/
public SignedInfo(Element element, String baseURI) throws XMLSecurityException {
- this(element, baseURI, false);
+ this(element, baseURI, true);
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java Fri Aug 11 10:20:50 2017
@@ -360,7 +360,7 @@ public final class XMLSignature extends
*/
public XMLSignature(Element element, String baseURI)
throws XMLSignatureException, XMLSecurityException {
- this(element, baseURI, false);
+ this(element, baseURI, true);
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java Fri Aug 11 10:20:50 2017
@@ -126,7 +126,7 @@ public class ResourceResolver {
public static ResourceResolver getInstance(
Attr uri, String baseURI, List<ResourceResolver> individualResolvers
) throws ResourceResolverException {
- return getInstance(uri, baseURI, individualResolvers, false);
+ return getInstance(uri, baseURI, individualResolvers, true);
}
/**
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/HMACSignatureAlgorithmTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/HMACSignatureAlgorithmTest.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/HMACSignatureAlgorithmTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/HMACSignatureAlgorithmTest.java Fri Aug 11 10:20:50 2017
@@ -120,7 +120,7 @@ public class HMACSignatureAlgorithmTest
sign("http://www.w3.org/2001/04/xmldsig-more#hmac-md5", document, localNames, key);
// XMLUtils.outputDOM(document, System.out);
- verify(document, key, localNames);
+ verify(document, key, localNames, false);
}
@org.junit.Test
@@ -279,6 +279,15 @@ public class HMACSignatureAlgorithmTest
Key key,
List<String> localNames
) throws Exception {
+ verify(document, key, localNames, true);
+ }
+
+ private void verify(
+ Document document,
+ Key key,
+ List<String> localNames,
+ boolean secureValidation
+ ) throws Exception {
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
@@ -296,7 +305,7 @@ public class HMACSignatureAlgorithmTest
signedElement.setIdAttributeNS(null, "Id", true);
}
- XMLSignature signature = new XMLSignature(sigElement, "");
+ XMLSignature signature = new XMLSignature(sigElement, "", secureValidation);
Assert.assertTrue(signature.checkSignatureValue(key));
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java Fri Aug 11 10:20:50 2017
@@ -101,7 +101,7 @@ public class PKSignatureAlgorithmTest ex
sign(XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5, document, localNames, rsaKeyPair.getPrivate());
// XMLUtils.outputDOM(document, System.out);
- verify(document, rsaKeyPair.getPublic(), localNames);
+ verify(document, rsaKeyPair.getPublic(), localNames, false);
}
@org.junit.Test
@@ -456,6 +456,15 @@ public class PKSignatureAlgorithmTest ex
Key key,
List<String> localNames
) throws Exception {
+ verify(document, key, localNames, true);
+ }
+
+ private void verify(
+ Document document,
+ Key key,
+ List<String> localNames,
+ boolean secureValidation
+ ) throws Exception {
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
@@ -473,7 +482,7 @@ public class PKSignatureAlgorithmTest ex
signedElement.setIdAttributeNS(null, "Id", true);
}
- XMLSignature signature = new XMLSignature(sigElement, "");
+ XMLSignature signature = new XMLSignature(sigElement, "", secureValidation);
Assert.assertTrue(signature.checkSignatureValue(key));
}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java Fri Aug 11 10:20:50 2017
@@ -109,7 +109,7 @@ public class Canonicalizer20010315Exclus
(Element) doc.getElementsByTagNameNS(
Constants.SignatureSpecNS, Constants._TAG_SIGNATURE).item(0);
XMLSignature xmlSignature = new XMLSignature(signatureElement,
- fileIn.toURI().toURL().toString());
+ fileIn.toURI().toURL().toString(), false);
boolean verify =
xmlSignature.checkSignatureValue(xmlSignature.getKeyInfo().getPublicKey());
int length = xmlSignature.getSignedInfo().getLength();
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java Fri Aug 11 10:20:50 2017
@@ -56,7 +56,7 @@ public class ExclusiveC14NInteropTest ex
@org.junit.Test
public void test_Y1() throws Exception {
- String success = t("src/test/resources/interop/c14n/Y1", "exc-signature.xml");
+ String success = t("src/test/resources/interop/c14n/Y1", "exc-signature.xml", true);
assertTrue(success, success == null);
}
@@ -69,7 +69,7 @@ public class ExclusiveC14NInteropTest ex
@org.junit.Test
public void test_Y2() throws Exception {
- String success = t("src/test/resources/interop/c14n/Y2", "signature-joseph-exc.xml");
+ String success = t("src/test/resources/interop/c14n/Y2", "signature-joseph-exc.xml", false);
assertTrue(success, success == null);
}
@@ -82,7 +82,7 @@ public class ExclusiveC14NInteropTest ex
@org.junit.Test
public void test_Y3() throws Exception {
- String success = t("src/test/resources/interop/c14n/Y3", "signature.xml");
+ String success = t("src/test/resources/interop/c14n/Y3", "signature.xml", false);
assertTrue(success, success == null);
}
@@ -95,7 +95,7 @@ public class ExclusiveC14NInteropTest ex
@org.junit.Test
public void test_Y4() throws Exception {
- String success = t("src/test/resources/interop/c14n/Y4", "signature.xml");
+ String success = t("src/test/resources/interop/c14n/Y4", "signature.xml", true);
assertTrue(success, success == null);
}
@@ -103,20 +103,12 @@ public class ExclusiveC14NInteropTest ex
@org.junit.Test
public void test_xfilter2() throws Exception {
- String success = t("src/test/resources/interop/xfilter2/merlin-xpath-filter2-three", "sign-spec.xml");
+ String success = t("src/test/resources/interop/xfilter2/merlin-xpath-filter2-three", "sign-spec.xml", true);
assertTrue(success, success == null);
}
- /**
- * Method t
- *
- * @param directory
- * @param file
- *
- * @throws Exception
- */
- private String t(String directory, String file) throws Exception {
+ private String t(String directory, String file, boolean secureValidation) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir != null && !"".equals(basedir)) {
directory = basedir + "/" + directory;
@@ -130,7 +122,7 @@ public class ExclusiveC14NInteropTest ex
Element sigElement =
(Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
Constants._TAG_SIGNATURE).item(0);
- XMLSignature signature = new XMLSignature(sigElement, f.toURI().toURL().toString());
+ XMLSignature signature = new XMLSignature(sigElement, f.toURI().toURL().toString(), secureValidation);
boolean verify =
signature.checkSignatureValue(signature.getKeyInfo().getPublicKey());
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java Fri Aug 11 10:20:50 2017
@@ -158,7 +158,7 @@ public class IAIKTest extends InteropTes
boolean verify = false;
try {
- verify = this.verify(filename, resolver, followManifests);
+ verify = this.verify(filename, resolver, followManifests, false);
} catch (RuntimeException ex) {
LOG.error("Verification crashed for " + filename);
@@ -187,7 +187,7 @@ public class IAIKTest extends InteropTes
boolean verify = false;
try {
- verify = this.verify(filename, resolver, followManifests);
+ verify = this.verify(filename, resolver, followManifests, false );
} catch (RuntimeException ex) {
LOG.error("Verification crashed for " + filename);
@@ -306,7 +306,7 @@ public class IAIKTest extends InteropTes
boolean verify = false;
try {
- verify = this.verify(filename, resolver, followManifests);
+ verify = this.verify(filename, resolver, followManifests, false);
} catch (RuntimeException ex) {
LOG.error("Verification crashed for " + filename);
@@ -334,7 +334,7 @@ public class IAIKTest extends InteropTes
boolean verify = false;
try {
- verify = this.verify(filename, resolver, followManifests);
+ verify = this.verify(filename, resolver, followManifests, false);
} catch (RuntimeException ex) {
LOG.error("Verification crashed for " + filename);
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/InteropTestBase.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/InteropTestBase.java?rev=1804762&r1=1804761&r2=1804762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/InteropTestBase.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/interop/InteropTestBase.java Fri Aug 11 10:20:50 2017
@@ -81,16 +81,14 @@ public class InteropTestBase extends org
return signature.checkSignatureValue(sk);
}
- /**
- * Method verify
- *
- * @param filename
- * @param resolver
- *
- * @throws Exception
- */
public boolean verify(String filename, ResourceResolverSpi resolver, boolean followManifests)
throws Exception {
+ return verify(filename, resolver, followManifests, true);
+ }
+
+ public boolean verify(String filename, ResourceResolverSpi resolver,
+ boolean followManifests, boolean secureValidation)
+ throws Exception {
File f = new File(filename);
javax.xml.parsers.DocumentBuilder db = XMLUtils.createDocumentBuilder(false, false);
org.w3c.dom.Document doc = db.parse(f);
@@ -102,7 +100,7 @@ public class InteropTestBase extends org
String expression = "//ds:Signature[1]";
Element sigElement =
(Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
- XMLSignature signature = new XMLSignature(sigElement, f.toURI().toURL().toString());
+ XMLSignature signature = new XMLSignature(sigElement, f.toURI().toURL().toString(), secureValidation);
if (resolver != null) {
signature.addResourceResolver(resolver);