You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2018/04/05 10:33:26 UTC
svn commit: r1828413 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/signature/Reference.java
test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java
Author: coheigea
Date: Thu Apr 5 10:33:26 2018
New Revision: 1828413
URL: http://svn.apache.org/viewvc?rev=1828413&view=rev
Log:
SANTUARIO-483 - Reference.calculateDigest() method calls twice to ResourceResolvers
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java?rev=1828413&r1=1828412&r2=1828413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java Thu Apr 5 10:33:26 2018
@@ -719,12 +719,17 @@ public class Reference extends Signature
return getPreCalculatedDigest(input);
}
+ cacheDereferencedElement(input);
+
MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
mda.reset();
try (DigesterOutputStream diOs = new DigesterOutputStream(mda);
OutputStream os = new UnsyncBufferedOutputStream(diOs)) {
- XMLSignatureInput output = this.dereferenceURIandPerformTransforms(os);
+
+ XMLSignatureInput output = this.getContentsAfterTransformation(input, os);
+ this.transformsOutput = output;
+
// if signing and c14n11 property == true explicitly add
// C14N11 transform if needed
if (Reference.useC14N11 && !validating && !output.isOutputStreamSet()
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java?rev=1828413&r1=1828412&r2=1828413&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java Thu Apr 5 10:33:26 2018
@@ -73,6 +73,7 @@ public class ForbiddenReferenceTest exte
javax.xml.parsers.DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
org.w3c.dom.Document doc = db.parse(f);
+ XMLUtils.repoolDocumentBuilder(db);
Element manifestElement =
(Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,