You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by co...@apache.org on 2018/04/05 10:33:26 UTC

svn commit: r1828413 - in /santuario/xml-security-java/trunk/src: main/java/org/apache/xml/security/signature/Reference.java test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java

Author: coheigea
Date: Thu Apr  5 10:33:26 2018
New Revision: 1828413

URL: http://svn.apache.org/viewvc?rev=1828413&view=rev
Log:
SANTUARIO-483 - Reference.calculateDigest() method calls twice to ResourceResolvers

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java
    santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java?rev=1828413&r1=1828412&r2=1828413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java Thu Apr  5 10:33:26 2018
@@ -719,12 +719,17 @@ public class Reference extends Signature
             return getPreCalculatedDigest(input);
         }
 
+        cacheDereferencedElement(input);
+
         MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
         mda.reset();
 
         try (DigesterOutputStream diOs = new DigesterOutputStream(mda);
             OutputStream os = new UnsyncBufferedOutputStream(diOs)) {
-            XMLSignatureInput output = this.dereferenceURIandPerformTransforms(os);
+
+            XMLSignatureInput output = this.getContentsAfterTransformation(input, os);
+            this.transformsOutput = output;
+
             // if signing and c14n11 property == true explicitly add
             // C14N11 transform if needed
             if (Reference.useC14N11 && !validating && !output.isOutputStreamSet()

Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java?rev=1828413&r1=1828412&r2=1828413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java Thu Apr  5 10:33:26 2018
@@ -73,6 +73,7 @@ public class ForbiddenReferenceTest exte
 
         javax.xml.parsers.DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
         org.w3c.dom.Document doc = db.parse(f);
+        XMLUtils.repoolDocumentBuilder(db);
 
         Element manifestElement =
             (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,