You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2012/01/13 13:12:13 UTC
svn commit: r1231033 - in /santuario/xml-security-java/trunk:
samples/org/apache/xml/security/samples/
samples/org/apache/xml/security/samples/signature/
src/main/java/org/apache/jcp/xml/dsig/internal/dom/
src/main/java/org/apache/xml/security/algorith...
Author: coheigea
Date: Fri Jan 13 12:12:12 2012
New Revision: 1231033
URL: http://svn.apache.org/viewvc?rev=1231033&view=rev
Log:
Removing IdResolver cache and swiching to use the DOM APIs by default to resolve Reference elements
- Added secure validation enabled check for multiple elements in the tree with the same Id
Added:
santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/JSRWrappingAttackTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/secure_val/WrappingAttackTest.java
santuario/xml-security-java/trunk/src/test/resources/at/iaik/ixsil/coreFeatures/signatures/manifestSignatureWrapping.xml
Removed:
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/utils/IdResolverTest.java
Modified:
santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisSigner.java
santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisVerifier.java
santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleSixteen.java
santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleTwentyThree.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/ObjectContainer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperties.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperty.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/IdResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolverSpi.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverFragment.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverXPointer.java
santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Bug45961Test.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/encryption/XMLCipherTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/InvalidKeyTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/ProcessingInstructionTest.java
Modified: santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisSigner.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisSigner.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisSigner.java (original)
+++ santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisSigner.java Fri Jan 13 12:12:12 2012
@@ -27,7 +27,6 @@ import java.security.cert.X509Certificat
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Element;
@@ -97,7 +96,7 @@ public class AxisSigner {
);
bodyElem.setAttributeNS(SOAPSECNS, "SOAP-SEC:id", "Body");
- IdResolver.registerElementById(bodyElem, "Body");
+ bodyElem.setIdAttributeNS(SOAPSECNS, "id", true);
Element soapSignatureElem = doc.createElementNS(SOAPSECNS, "SOAP-SEC:Signature");
Modified: santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisVerifier.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisVerifier.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisVerifier.java (original)
+++ santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/AxisVerifier.java Fri Jan 13 12:12:12 2012
@@ -27,7 +27,6 @@ import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.IdResolver;
import org.w3c.dom.Element;
/**
@@ -68,7 +67,7 @@ public class AxisVerifier {
context.putPrefix("env", "http://www.w3.org/2001/12/soap-envelope");
Element bodyElement =
(Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
- IdResolver.registerElementById(bodyElement, "Body");
+ bodyElement.setIdAttributeNS("http://schemas.xmlsoap.org/soap/security/2000-12", "id", true);
XMLSignature sig = new XMLSignature(sigElement, BaseURI);
boolean verify = sig.checkSignatureValue(sig.getKeyInfo().getPublicKey());
Modified: santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleSixteen.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleSixteen.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleSixteen.java (original)
+++ santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleSixteen.java Fri Jan 13 12:12:12 2012
@@ -43,7 +43,6 @@ import org.apache.xml.security.transform
import org.apache.xml.security.transforms.params.XPathContainer;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.ElementProxy;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
@@ -138,7 +137,7 @@ public class CreateMerlinsExampleSixteen
Notaries.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "");
Notaries.setAttributeNS(null, "Id", "notaries");
- IdResolver.registerElementById(Notaries, "Id");
+ Notaries.setIdAttributeNS(null, "Id", true);
{
Element Notary = doc.createElementNS(null, "Notary");
Modified: santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleTwentyThree.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleTwentyThree.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleTwentyThree.java (original)
+++ santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleTwentyThree.java Fri Jan 13 12:12:12 2012
@@ -43,7 +43,6 @@ import org.apache.xml.security.transform
import org.apache.xml.security.transforms.params.XPathContainer;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.ElementProxy;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
@@ -139,7 +138,7 @@ public class CreateMerlinsExampleTwentyT
Notaries.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "");
Notaries.setAttributeNS(null, "Id", "notaries");
- IdResolver.registerElementById(Notaries, "Id");
+ Notaries.setIdAttributeNS(null, "Id", true);
{
Element Notary = doc.createElementNS(null, "Notary");
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java Fri Jan 13 12:12:12 2012
@@ -31,13 +31,13 @@ import javax.xml.crypto.dom.*;
import java.security.Provider;
import java.util.*;
+
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import org.apache.xml.security.utils.IdResolver;
-
/**
* DOM-based implementation of KeyInfo.
*
@@ -88,9 +88,12 @@ public final class DOMKeyInfo extends DO
throws MarshalException
{
// get Id attribute, if specified
- id = DOMUtils.getAttributeValue(kiElem, "Id");
- if (id != null) {
- IdResolver.registerElementById(kiElem, id);
+ Attr attr = kiElem.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ id = attr.getValue();
+ kiElem.setIdAttributeNode(attr, true);
+ } else {
+ id = null;
}
// get all children nodes
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java Fri Jan 13 12:12:12 2012
@@ -30,12 +30,12 @@ import javax.xml.crypto.dsig.*;
import java.security.Provider;
import java.util.*;
+
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.apache.xml.security.utils.IdResolver;
-
/**
* DOM-based implementation of Manifest.
*
@@ -87,9 +87,12 @@ public final class DOMManifest extends D
Provider provider)
throws MarshalException
{
- this.id = DOMUtils.getAttributeValue(manElem, "Id");
- if (this.id != null) {
- IdResolver.registerElementById(manElem, this.id);
+ Attr attr = manElem.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ this.id = attr.getValue();
+ manElem.setIdAttributeNode(attr, true);
+ } else {
+ this.id = null;
}
Boolean secureValidation = (Boolean)
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java Fri Jan 13 12:12:12 2012
@@ -51,7 +51,6 @@ import org.apache.xml.security.algorithm
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
/**
@@ -243,9 +242,13 @@ public final class DOMReference extends
// unmarshal attributes
this.uri = DOMUtils.getAttributeValue(refElem, "URI");
- this.id = DOMUtils.getAttributeValue(refElem, "Id");
- if (this.id != null) {
- IdResolver.registerElementById(refElem, this.id);
+
+ Attr attr = refElem.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ this.id = attr.getValue();
+ refElem.setIdAttributeNode(attr, true);
+ } else {
+ this.id = null;
}
this.type = DOMUtils.getAttributeValue(refElem, "Type");
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java Fri Jan 13 12:12:12 2012
@@ -29,13 +29,13 @@ import javax.xml.crypto.dom.DOMCryptoCon
import javax.xml.crypto.dsig.*;
import java.util.*;
+
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import org.apache.xml.security.utils.IdResolver;
-
/**
* DOM-based implementation of SignatureProperties.
*
@@ -90,9 +90,12 @@ public final class DOMSignaturePropertie
throws MarshalException
{
// unmarshal attributes
- id = DOMUtils.getAttributeValue(propsElem, "Id");
- if (id != null) {
- IdResolver.registerElementById(propsElem, id);
+ Attr attr = propsElem.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ id = attr.getValue();
+ propsElem.setIdAttributeNode(attr, true);
+ } else {
+ id = null;
}
NodeList nodes = propsElem.getChildNodes();
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java Fri Jan 13 12:12:12 2012
@@ -29,13 +29,13 @@ import javax.xml.crypto.dom.DOMCryptoCon
import javax.xml.crypto.dsig.*;
import java.util.*;
+
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import org.apache.xml.security.utils.IdResolver;
-
/**
* DOM-based implementation of SignatureProperty.
*
@@ -98,9 +98,12 @@ public final class DOMSignatureProperty
if (target == null) {
throw new MarshalException("target cannot be null");
}
- id = DOMUtils.getAttributeValue(propElem, "Id");
- if (id != null) {
- IdResolver.registerElementById(propElem, id);
+ Attr attr = propElem.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ id = attr.getValue();
+ propElem.setIdAttributeNode(attr, true);
+ } else {
+ id = null;
}
NodeList nodes = propElem.getChildNodes();
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java Fri Jan 13 12:12:12 2012
@@ -29,7 +29,7 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.apache.xml.security.Init;
-import org.apache.xml.security.utils.IdResolver;
+import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.signature.XMLSignatureInput;
@@ -65,8 +65,16 @@ public class DOMURIDereferencer implemen
Attr uriAttr = (Attr) domRef.getHere();
String uri = uriRef.getURI();
DOMCryptoContext dcc = (DOMCryptoContext) context;
-
- // Check if same-document URI and register ID
+ String baseURI = context.getBaseURI();
+
+ Boolean secureValidation = (Boolean)
+ context.getProperty("org.apache.jcp.xml.dsig.secureValidation");
+ boolean secVal = false;
+ if (secureValidation != null && secureValidation.booleanValue()) {
+ secVal = true;
+ }
+
+ // Check if same-document URI and already registered on the context
if (uri != null && uri.length() != 0 && uri.charAt(0) == '#') {
String id = uri.substring(1);
@@ -76,23 +84,32 @@ public class DOMURIDereferencer implemen
id = id.substring(i1+1, i2);
}
- // this is a bit of a hack to check for registered
- // IDRefs and manually register them with Apache's IdResolver
- // map which includes builtin schema knowledge of DSig/Enc IDs
Node referencedElem = dcc.getElementById(id);
if (referencedElem != null) {
- IdResolver.registerElementById((Element) referencedElem, id);
+ if (secVal) {
+ Element start = referencedElem.getOwnerDocument().getDocumentElement();
+ if (!XMLUtils.protectAgainstWrappingAttack(start, (Element)referencedElem, id)) {
+ String error = "Multiple Elements with the same ID " + id + " were detected";
+ throw new URIReferenceException(error);
+ }
+ }
+
+ XMLSignatureInput result = new XMLSignatureInput(referencedElem);
+ if (!uri.substring(1).startsWith("xpointer(id(")) {
+ result.setExcludeComments(true);
+ }
+
+ result.setMIMEType("text/xml");
+ if (baseURI != null && baseURI.length() > 0) {
+ result.setSourceURI(baseURI.concat(uriAttr.getNodeValue()));
+ } else {
+ result.setSourceURI(uriAttr.getNodeValue());
+ }
+ return new ApacheNodeSetData(result);
}
}
- Boolean secureValidation = (Boolean)
- context.getProperty("org.apache.jcp.xml.dsig.secureValidation");
- boolean secVal = false;
- if (secureValidation != null && secureValidation.booleanValue()) {
- secVal = true;
- }
try {
- String baseURI = context.getBaseURI();
ResourceResolver apacheResolver =
ResourceResolver.getInstance(uriAttr, baseURI, secVal);
XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java Fri Jan 13 12:12:12 2012
@@ -35,8 +35,6 @@ import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.spec.*;
-import org.apache.xml.security.utils.IdResolver;
-
/**
* Useful static DOM utility methods.
*
@@ -105,7 +103,7 @@ public class DOMUtils {
public static void setAttributeID(Element elem, String name, String value) {
if (value == null) return;
elem.setAttributeNS(null, name, value);
- IdResolver.registerElementById(elem, value);
+ elem.setIdAttributeNS(null, name, true);
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java Fri Jan 13 12:12:12 2012
@@ -30,13 +30,13 @@ import javax.xml.crypto.dsig.*;
import java.security.Provider;
import java.util.*;
+
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import org.apache.xml.security.utils.IdResolver;
-
/**
* DOM-based implementation of XMLObject.
*
@@ -95,9 +95,13 @@ public final class DOMXMLObject extends
{
// unmarshal attributes
this.encoding = DOMUtils.getAttributeValue(objElem, "Encoding");
- this.id = DOMUtils.getAttributeValue(objElem, "Id");
- if (this.id != null) {
- IdResolver.registerElementById(objElem, this.id);
+
+ Attr attr = objElem.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ this.id = attr.getValue();
+ objElem.setIdAttributeNode(attr, true);
+ } else {
+ this.id = null;
}
this.mimeType = DOMUtils.getAttributeValue(objElem, "MimeType");
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java Fri Jan 13 12:12:12 2012
@@ -45,13 +45,14 @@ import java.util.Collections;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
+
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.IdResolver;
/**
* DOM-based implementation of XMLSignature.
@@ -494,9 +495,12 @@ public final class DOMXMLSignature exten
throw new MarshalException(bde);
}
- id = DOMUtils.getAttributeValue(sigValueElem, "Id");
- if (id != null) {
- IdResolver.registerElementById(sigValueElem, id);
+ Attr attr = sigValueElem.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ id = attr.getValue();
+ sigValueElem.setIdAttributeNode(attr, true);
+ } else {
+ id = null;
}
this.sigValueElem = sigValueElem;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java Fri Jan 13 12:12:12 2012
@@ -34,8 +34,7 @@ import org.apache.xml.security.signature
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.IdResolver;
-import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -121,9 +120,9 @@ public class SignatureAlgorithm extends
super(element, BaseURI);
algorithmURI = this.getURI();
- String id = XMLUtils.getAttributeValue(element, "Id");
- if (id != null) {
- IdResolver.registerElementById(element, id);
+ Attr attr = element.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ element.setIdAttributeNode(attr, true);
}
if (secureValidation && (XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(algorithmURI)
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java Fri Jan 13 12:12:12 2012
@@ -47,9 +47,9 @@ import org.apache.xml.security.keys.stor
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.EncryptionConstants;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -136,9 +136,9 @@ public class KeyInfo extends SignatureEl
public KeyInfo(Element element, String BaseURI) throws XMLSecurityException {
super(element, BaseURI);
- String id = XMLUtils.getAttributeValue(element, "Id");
- if (id != null) {
- IdResolver.registerElementById(element, id);
+ Attr attr = element.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ element.setIdAttributeNode(attr, true);
}
}
@@ -157,7 +157,7 @@ public class KeyInfo extends SignatureEl
public void setId(String Id) {
if (Id != null) {
this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
- IdResolver.registerElementById(this.constructionElement, Id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_de.properties?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
Binary files - no diff available.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
Binary files - no diff available.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Manifest.java Fri Jan 13 12:12:12 2012
@@ -34,11 +34,11 @@ import org.apache.xml.security.exception
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.I18n;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.w3c.dom.Attr;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -112,9 +112,9 @@ public class Manifest extends SignatureE
) throws XMLSecurityException {
super(element, baseURI);
- String id = XMLUtils.getAttributeValue(element, "Id");
- if (id != null) {
- IdResolver.registerElementById(element, id);
+ Attr attr = element.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ element.setIdAttributeNode(attr, true);
}
this.secureValidation = secureValidation;
@@ -143,9 +143,9 @@ public class Manifest extends SignatureE
for (int i = 0; i < le; i++) {
Element refElem = referencesEl[i];
- String refId = XMLUtils.getAttributeValue(refElem, "Id");
- if (refId != null) {
- IdResolver.registerElementById(refElem, refId);
+ Attr refAttr = refElem.getAttributeNodeNS(null, "Id");
+ if (refAttr != null) {
+ refElem.setIdAttributeNode(refAttr, true);
}
this.references.add(null);
}
@@ -244,7 +244,7 @@ public class Manifest extends SignatureE
public void setId(String Id) {
if (Id != null) {
this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
- IdResolver.registerElementById(this.constructionElement, Id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/ObjectContainer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/ObjectContainer.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/ObjectContainer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/ObjectContainer.java Fri Jan 13 12:12:12 2012
@@ -20,7 +20,6 @@ package org.apache.xml.security.signatur
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -64,7 +63,7 @@ public class ObjectContainer extends Sig
public void setId(String Id) {
if (Id != null) {
this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
- IdResolver.registerElementById(this.constructionElement, Id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/Reference.java Fri Jan 13 12:12:12 2012
@@ -43,7 +43,6 @@ import org.apache.xml.security.transform
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.DigesterOutputStream;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
import org.apache.xml.security.utils.XMLUtils;
@@ -297,7 +296,7 @@ public class Reference extends Signature
public void setId(String Id) {
if (Id != null) {
this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
- IdResolver.registerElementById(this.constructionElement, Id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperties.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperties.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperties.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperties.java Fri Jan 13 12:12:12 2012
@@ -20,9 +20,9 @@ package org.apache.xml.security.signatur
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -56,18 +56,18 @@ public class SignatureProperties extends
public SignatureProperties(Element element, String BaseURI) throws XMLSecurityException {
super(element, BaseURI);
- String id = XMLUtils.getAttributeValue(element, "Id");
- if (id != null) {
- IdResolver.registerElementById(element, id);
+ Attr attr = element.getAttributeNodeNS(null, "Id");
+ if (attr != null) {
+ element.setIdAttributeNode(attr, true);
}
int length = getLength();
for (int i = 0; i < length; i++) {
Element propertyElem =
XMLUtils.selectDsNode(this.constructionElement, Constants._TAG_SIGNATUREPROPERTY, i);
- String propertyId = XMLUtils.getAttributeValue(propertyElem, "Id");
- if (propertyId != null) {
- IdResolver.registerElementById(propertyElem, propertyId);
+ Attr propertyAttr = propertyElem.getAttributeNodeNS(null, "Id");
+ if (propertyAttr != null) {
+ propertyElem.setIdAttributeNode(propertyAttr, true);
}
}
}
@@ -114,7 +114,7 @@ public class SignatureProperties extends
public void setId(String Id) {
if (Id != null) {
this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
- IdResolver.registerElementById(this.constructionElement, Id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperty.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperty.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperty.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignatureProperty.java Fri Jan 13 12:12:12 2012
@@ -20,7 +20,6 @@ package org.apache.xml.security.signatur
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -80,7 +79,7 @@ public class SignatureProperty extends S
public void setId(String Id) {
if (Id != null) {
this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
- IdResolver.registerElementById(this.constructionElement, Id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java Fri Jan 13 12:12:12 2012
@@ -38,13 +38,13 @@ import org.apache.xml.security.transform
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.I18n;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.apache.xml.security.utils.SignerOutputStream;
import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -363,9 +363,9 @@ public final class XMLSignature extends
Object exArgs[] = { Constants._TAG_SIGNATUREVALUE, Constants._TAG_SIGNATURE };
throw new XMLSignatureException("xml.WrongContent", exArgs);
}
- String signatureValueId = XMLUtils.getAttributeValue(signatureValueElement, "Id");
- if (signatureValueId != null) {
- IdResolver.registerElementById(signatureValueElement, signatureValueId);
+ Attr signatureValueAttr = signatureValueElement.getAttributeNodeNS(null, "Id");
+ if (signatureValueAttr != null) {
+ signatureValueElement.setIdAttributeNode(signatureValueAttr, true);
}
// <element ref="ds:KeyInfo" minOccurs="0"/>
@@ -384,9 +384,9 @@ public final class XMLSignature extends
Element objectElem =
XMLUtils.getNextElement(signatureValueElement.getNextSibling());
while (objectElem != null) {
- String objectId = XMLUtils.getAttributeValue(objectElem, "Id");
- if (objectId != null) {
- IdResolver.registerElementById(objectElem, objectId);
+ Attr objectAttr = objectElem.getAttributeNodeNS(null, "Id");
+ if (objectAttr != null) {
+ objectElem.setIdAttributeNode(objectAttr, true);
}
NodeList nodes = objectElem.getChildNodes();
@@ -419,7 +419,7 @@ public final class XMLSignature extends
public void setId(String id) {
if (id != null) {
this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
- IdResolver.registerElementById(this.constructionElement, id);
+ this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/IdResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/IdResolver.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/IdResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/IdResolver.java Fri Jan 13 12:12:12 2012
@@ -18,10 +18,6 @@
*/
package org.apache.xml.security.utils;
-import java.lang.ref.WeakReference;
-import java.util.Map;
-import java.util.WeakHashMap;
-
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -31,20 +27,10 @@ import org.w3c.dom.Element;
* Purpose of this class is to enable the XML Parser to keep track of ID
* attributes. This is done by 'registering' attributes of type ID at the
* IdResolver.
+ * @deprecated
*/
public class IdResolver {
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(IdResolver.class);
-
- private static Map<Document, Map<String, WeakReference<Element>>> docMap =
- new WeakHashMap<Document, Map<String, WeakReference<Element>>>();
-
- /**
- * Constructor IdResolver
- *
- */
private IdResolver() {
// we don't allow instantiation
}
@@ -53,49 +39,10 @@ public class IdResolver {
* Method registerElementById
*
* @param element the element to register
- * @param idValue the value of the ID attribute
- */
- public static void registerElementById(Element element, String idValue) {
- Document doc = element.getOwnerDocument();
- synchronized (docMap) {
- Map<String, WeakReference<Element>> elementMap = docMap.get(doc);
- if (elementMap == null) {
- elementMap = new WeakHashMap<String, WeakReference<Element>>();
- docMap.put(doc, elementMap);
- elementMap.put(idValue, new WeakReference<Element>(element));
- } else {
- WeakReference<Element> ref = elementMap.get(idValue);
- if (ref != null) {
- if (!ref.get().equals(element)) {
- throw new IllegalArgumentException("ID is already registered");
- }
- } else {
- elementMap.put(idValue, new WeakReference<Element>(element));
- }
- }
- }
- }
-
- /**
- * Force a removal of a registered document. Any element id associated
- * with this document will be removed from the weak reference map.
- *
- * @param doc the DOM document that is to be removed from the map.
- */
- public static void unregisterDocument(Document doc) {
- synchronized (docMap) {
- docMap.remove(doc);
- }
- }
-
- /**
- * Method registerElementById
- *
- * @param element the element to register
* @param id the ID attribute
*/
public static void registerElementById(Element element, Attr id) {
- IdResolver.registerElementById(element, id.getNodeValue());
+ element.setIdAttributeNode(id, true);
}
/**
@@ -106,69 +53,7 @@ public class IdResolver {
* @return the element obtained by the id, or null if it is not found.
*/
public static Element getElementById(Document doc, String id) {
-
- Element result = IdResolver.getElementByIdType(doc, id);
-
- if (result != null) {
- if (log.isDebugEnabled()) {
- log.debug(
- "I could find an Element using the simple getElementByIdType method: "
- + result.getTagName()
- );
- }
- return result;
- }
-
- result = IdResolver.getElementByIdUsingDOM(doc, id);
- if (result != null) {
- if (log.isDebugEnabled()) {
- log.debug(
- "I could find an Element using the simple getElementByIdUsingDOM method: "
- + result.getTagName()
- );
- }
- return result;
- }
-
- return null;
- }
-
-
- /**
- * Method getElementByIdUsingDOM
- *
- * @param doc the document
- * @param id the value of the ID
- * @return the element obtained by the id, or null if it is not found.
- */
- private static Element getElementByIdUsingDOM(Document doc, String id) {
- if (log.isDebugEnabled()) {
- log.debug("getElementByIdUsingDOM() Search for ID " + id);
- }
return doc.getElementById(id);
}
- /**
- * Method getElementByIdType
- *
- * @param doc the document
- * @param id the value of the ID
- * @return the element obtained by the id, or null if it is not found.
- */
- private static Element getElementByIdType(Document doc, String id) {
- if (log.isDebugEnabled()) {
- log.debug("getElementByIdType() Search for ID " + id);
- }
- synchronized (docMap) {
- Map<String, WeakReference<Element>> elementMap = docMap.get(doc);
- if (elementMap != null) {
- WeakReference<Element> weakReference = elementMap.get(id);
- if (weakReference != null) {
- return weakReference.get();
- }
- }
- }
- return null;
- }
-
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java Fri Jan 13 12:12:12 2012
@@ -816,5 +816,120 @@ public class XMLUtils {
Attr attr = elem.getAttributeNodeNS(null, name);
return (attr == null) ? null : attr.getValue();
}
+
+ /**
+ * This method is a tree-search to help prevent against wrapping attacks. It checks that no
+ * two Elements have ID Attributes that match the "value" argument, if this is the case then
+ * "false" is returned. Note that a return value of "true" does not necessarily mean that
+ * a matching Element has been found, just that no wrapping attack has been detected.
+ */
+ public static boolean protectAgainstWrappingAttack(Node startNode, String value) {
+ Node startParent = startNode.getParentNode();
+ Node processedNode = null;
+ Element foundElement = null;
+
+ String id = value.trim();
+ if (id.charAt(0) == '#') {
+ id = id.substring(1);
+ }
+
+ while (startNode != null) {
+ if (startNode.getNodeType() == Node.ELEMENT_NODE) {
+ Element se = (Element) startNode;
+
+ NamedNodeMap attributes = se.getAttributes();
+ if (attributes != null) {
+ for (int i = 0; i < attributes.getLength(); i++) {
+ Attr attr = (Attr)attributes.item(i);
+ if (attr.isId() && id.equals(attr.getValue())) {
+ if (foundElement == null) {
+ // Continue searching to find duplicates
+ foundElement = attr.getOwnerElement();
+ } else {
+ log.debug("Multiple elements with the same 'Id' attribute value!");
+ return false;
+ }
+ }
+ }
+ }
+ }
+
+ processedNode = startNode;
+ startNode = startNode.getFirstChild();
+
+ // no child, this node is done.
+ if (startNode == null) {
+ // close node processing, get sibling
+ startNode = processedNode.getNextSibling();
+ }
+
+ // no more siblings, get parent, all children
+ // of parent are processed.
+ while (startNode == null) {
+ processedNode = processedNode.getParentNode();
+ if (processedNode == startParent) {
+ return true;
+ }
+ // close parent node processing (processed node now)
+ startNode = processedNode.getNextSibling();
+ }
+ }
+ return true;
+ }
+
+ /**
+ * This method is a tree-search to help prevent against wrapping attacks. It checks that no other
+ * Element than the given "knownElement" argument has an ID attribute that matches the "value"
+ * argument, which is the ID value of "knownElement". If this is the case then "false" is returned.
+ */
+ public static boolean protectAgainstWrappingAttack(
+ Node startNode, Element knownElement, String value
+ ) {
+ Node startParent = startNode.getParentNode();
+ Node processedNode = null;
+
+ String id = value.trim();
+ if (id.charAt(0) == '#') {
+ id = id.substring(1);
+ }
+
+ while (startNode != null) {
+ if (startNode.getNodeType() == Node.ELEMENT_NODE) {
+ Element se = (Element) startNode;
+
+ NamedNodeMap attributes = se.getAttributes();
+ if (attributes != null) {
+ for (int i = 0; i < attributes.getLength(); i++) {
+ Attr attr = (Attr)attributes.item(i);
+ if (attr.isId() && id.equals(attr.getValue()) && se != knownElement) {
+ log.debug("Multiple elements with the same 'Id' attribute value!");
+ return false;
+ }
+ }
+ }
+ }
+
+ processedNode = startNode;
+ startNode = startNode.getFirstChild();
+
+ // no child, this node is done.
+ if (startNode == null) {
+ // close node processing, get sibling
+ startNode = processedNode.getNextSibling();
+ }
+
+ // no more siblings, get parent, all children
+ // of parent are processed.
+ while (startNode == null) {
+ processedNode = processedNode.getParentNode();
+ if (processedNode == startParent) {
+ return true;
+ }
+ // close parent node processing (processed node now)
+ startNode = processedNode.getNextSibling();
+ }
+ }
+ return true;
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java Fri Jan 13 12:12:12 2012
@@ -103,6 +103,7 @@ public class ResourceResolver {
);
}
+ resolverTmp.resolverSpi.secureValidation = secureValidation;
if ((resolverTmp != null) && resolverTmp.canResolve(uri, baseURI)) {
// Check to see whether the Resolver is allowed
if (secureValidation
@@ -171,6 +172,7 @@ public class ResourceResolver {
log.debug("check resolvability by class " + currentClass);
}
+ resolver.resolverSpi.secureValidation = secureValidation;
if (resolver.canResolve(uri, baseURI)) {
return resolver;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolverSpi.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolverSpi.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolverSpi.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolverSpi.java Fri Jan 13 12:12:12 2012
@@ -37,6 +37,8 @@ public abstract class ResourceResolverSp
/** Field properties */
protected java.util.Map<String, String> properties = null;
+
+ protected boolean secureValidation;
/**
* This is the workhorse method used to resolve resources.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverFragment.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverFragment.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverFragment.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverFragment.java Fri Jan 13 12:12:12 2012
@@ -19,11 +19,12 @@
package org.apache.xml.security.utils.resolver.implementations;
import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.IdResolver;
+import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import org.w3c.dom.Node;
/**
@@ -79,13 +80,22 @@ public class ResolverFragment extends Re
*/
String id = uriNodeValue.substring(1);
- selectedElem = IdResolver.getElementById(doc, id);
+ selectedElem = doc.getElementById(id);
if (selectedElem == null) {
Object exArgs[] = { id };
throw new ResourceResolverException(
"signature.Verification.MissingID", exArgs, uri, baseURI
);
}
+ if (secureValidation) {
+ Element start = uri.getOwnerDocument().getDocumentElement();
+ if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
+ Object exArgs[] = { id };
+ throw new ResourceResolverException(
+ "signature.Verification.MultipleIDs", exArgs, uri, baseURI
+ );
+ }
+ }
if (log.isDebugEnabled()) {
log.debug(
"Try to catch an Element with ID " + id + " and Element was " + selectedElem
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverXPointer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverXPointer.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverXPointer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverXPointer.java Fri Jan 13 12:12:12 2012
@@ -19,11 +19,12 @@
package org.apache.xml.security.utils.resolver.implementations;
import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.IdResolver;
+import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import org.w3c.dom.Node;
/**
@@ -69,7 +70,17 @@ public class ResolverXPointer extends Re
resultNode = doc;
} else if (isXPointerId(uriStr)) {
String id = getXPointerId(uriStr);
- resultNode = IdResolver.getElementById(doc, id);
+ resultNode = doc.getElementById(id);
+
+ if (secureValidation) {
+ Element start = uri.getOwnerDocument().getDocumentElement();
+ if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
+ Object exArgs[] = { id };
+ throw new ResourceResolverException(
+ "signature.Verification.MultipleIDs", exArgs, uri, baseURI
+ );
+ }
+ }
if (resultNode == null) {
Object exArgs[] = { id };
Modified: santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java Fri Jan 13 12:12:12 2012
@@ -25,7 +25,6 @@ import java.io.*;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStore;
-import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
Added: santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/JSRWrappingAttackTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/JSRWrappingAttackTest.java?rev=1231033&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/JSRWrappingAttackTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/JSRWrappingAttackTest.java Fri Jan 13 12:12:12 2012
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package javax.xml.crypto.test.dsig;
+
+import java.io.File;
+import java.security.Security;
+
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.test.KeySelectors;
+import javax.xml.crypto.test.dsig.SignatureValidator;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * This is a test for a wrapping attack.
+ */
+public class JSRWrappingAttackTest extends org.junit.Assert {
+
+ private SignatureValidator validator;
+ private File dir;
+
+ static {
+ Security.insertProviderAt(new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ }
+
+ public JSRWrappingAttackTest() {
+ String fs = System.getProperty("file.separator");
+ String base = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
+
+ dir = new File(base + fs + "src/test/resources" + fs
+ + "at" + fs + "iaik" + fs + "ixsil" + fs + "coreFeatures", "signatures");
+ validator = new SignatureValidator(dir);
+ }
+
+
+ @org.junit.Test
+ public void testWrappingAttack() throws Exception {
+ String file = "manifestSignatureWrapping.xml";
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setValidating(false);
+ Document doc = dbf.newDocumentBuilder().parse(new File(dir, file));
+ Element sigElement = SignatureValidator.getSignatureElement(doc);
+ if (sigElement == null) {
+ throw new Exception("Couldn't find signature Element");
+ }
+ DOMValidateContext vc =
+ new DOMValidateContext(new KeySelectors.KeyValueKeySelector(), sigElement);
+ vc.setBaseURI(dir.toURI().toString());
+
+ vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.FALSE);
+ boolean coreValidity = validator.validate(vc);
+ assertTrue("Signature failed core validation", coreValidity);
+
+ vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
+
+ Element manifestElement =
+ (Element) doc.getElementsByTagName("Manifest").item(0);
+ vc.setIdAttributeNS(manifestElement, null, "Id");
+
+ try {
+ boolean valid = validator.validate(vc);
+ System.out.println("Valid: " + valid);
+ fail("Failure expected when secure validation is enabled");
+ } catch (XMLSignatureException ex) {
+ assertTrue(ex.getMessage().contains("URIReferenceException"));
+ }
+ }
+
+}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Bug45961Test.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Bug45961Test.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Bug45961Test.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/c14n/implementations/Bug45961Test.java Fri Jan 13 12:12:12 2012
@@ -104,6 +104,7 @@ public class Bug45961Test extends org.ju
object = new ObjectContainer(document);
object.appendChild(root2);
object.setId(OBJECT_ID);
+ root.appendChild(object.getElement());
signature.addDocument("#" + OBJECT_ID);
signature.addDocument("", getTransforms(document));
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/encryption/XMLCipherTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/encryption/XMLCipherTest.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/encryption/XMLCipherTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/encryption/XMLCipherTest.java Fri Jan 13 12:12:12 2012
@@ -47,7 +47,6 @@ import org.apache.xml.security.encryptio
import org.apache.xml.security.encryption.CipherData;
import org.apache.xml.security.transforms.params.XPathContainer;
import org.apache.xml.security.utils.EncryptionConstants;
-import org.apache.xml.security.utils.IdResolver;
import org.apache.xml.security.keys.KeyInfo;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -614,7 +613,7 @@ public class XMLCipherTest extends org.j
// Add the cipher text
Element encryptedElement = d.createElement("CipherText");
encryptedElement.setAttributeNS(null, "Id", "CipherTextId");
- IdResolver.registerElementById(encryptedElement, "CipherTextId");
+ encryptedElement.setIdAttributeNS(null, "Id", true);
encryptedElement.appendChild(d.createTextNode(tstBase64EncodedString));
docElement.appendChild(encryptedElement);
// dump(d);
Added: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/secure_val/WrappingAttackTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/secure_val/WrappingAttackTest.java?rev=1231033&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/secure_val/WrappingAttackTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/secure_val/WrappingAttackTest.java Fri Jan 13 12:12:12 2012
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.secure_val;
+
+import java.io.File;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.test.interop.InteropTestBase;
+import org.apache.xml.security.utils.Constants;
+import org.w3c.dom.Element;
+
+
+/**
+ * This is a test for a wrapping attack.
+ */
+public class WrappingAttackTest extends InteropTestBase {
+
+ /** {@link org.apache.commons.logging} logging facility */
+ static org.apache.commons.logging.Log log =
+ org.apache.commons.logging.LogFactory.getLog(WrappingAttackTest.class.getName());
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ public WrappingAttackTest() {
+ super();
+ }
+
+ @org.junit.Test
+ public void testWrappingAttack() throws Exception {
+ boolean success =
+ readAndVerifySignature(
+ "src/test/resources/at/iaik/ixsil/coreFeatures/signatures",
+ "manifestSignatureWrapping.xml"
+ );
+
+ assertTrue(success);
+ try {
+ readAndVerifySignatureAndSetManifest(
+ "src/test/resources/at/iaik/ixsil/coreFeatures/signatures",
+ "manifestSignatureWrapping.xml"
+ );
+ fail("Failure expected when secure validation is enabled");
+ } catch (XMLSignatureException ex) {
+ assertTrue(ex.getMessage().contains("no XMLSignatureInput"));
+ }
+ }
+
+ private boolean readAndVerifySignature(
+ String directory, String file
+ ) throws Exception {
+ String basedir = System.getProperty("basedir");
+ if (basedir != null && !"".equals(basedir)) {
+ directory = basedir + "/" + directory;
+ }
+
+ File f = new File(directory + "/" + file);
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.parse(f);
+
+ Element sigElement =
+ (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
+ Constants._TAG_SIGNATURE).item(0);
+ XMLSignature signature = new XMLSignature(sigElement, f.toURI().toURL().toString());
+ return signature.checkSignatureValue(signature.getKeyInfo().getPublicKey());
+ }
+
+ private boolean readAndVerifySignatureAndSetManifest(
+ String directory, String file
+ ) throws Exception {
+ String basedir = System.getProperty("basedir");
+ if (basedir != null && !"".equals(basedir)) {
+ directory = basedir + "/" + directory;
+ }
+
+ File f = new File(directory + "/" + file);
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.parse(f);
+
+ Element sigElement =
+ (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
+ Constants._TAG_SIGNATURE).item(0);
+
+ Element manifestElement =
+ (Element) doc.getElementsByTagName("Manifest").item(0);
+ manifestElement.setIdAttribute("Id", true);
+
+ XMLSignature signature = new XMLSignature(sigElement, f.toURI().toURL().toString(), true);
+ return signature.checkSignatureValue(signature.getKeyInfo().getPublicKey());
+ }
+
+}
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java Fri Jan 13 12:12:12 2012
@@ -85,6 +85,7 @@ public class CreateSignatureTest extends
XMLSignature sig =
new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+ envelope.appendChild(sig.getElement());
ObjectContainer object1 = new ObjectContainer(doc);
object1.setId("object-1");
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/InvalidKeyTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/InvalidKeyTest.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/InvalidKeyTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/InvalidKeyTest.java Fri Jan 13 12:12:12 2012
@@ -26,7 +26,6 @@ import javax.xml.parsers.DocumentBuilder
import org.apache.xml.security.Init;
import org.apache.xml.security.signature.XMLSignature;
-import org.apache.xml.security.utils.IdResolver;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -77,9 +76,8 @@ public class InvalidKeyTest extends org.
assertion = assertion.getNextSibling();
}
Attr attr = ((Element)assertion).getAttributeNodeNS(null, "AssertionID");
- String id = (attr == null) ? null : attr.getValue();
- if (id != null) {
- IdResolver.registerElementById((Element)assertion, id);
+ if (attr != null) {
+ ((Element)assertion).setIdAttributeNode(attr, true);
}
NodeList nl = assertion.getChildNodes();
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/ProcessingInstructionTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/ProcessingInstructionTest.java?rev=1231033&r1=1231032&r2=1231033&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/ProcessingInstructionTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/signature/ProcessingInstructionTest.java Fri Jan 13 12:12:12 2012
@@ -37,8 +37,6 @@ import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.apache.xml.security.utils.IdResolver;
-import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
@@ -75,9 +73,9 @@ public class ProcessingInstructionTest e
doc.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties").item(0);
while (obj != null) {
if (obj instanceof Element) {
- String id = XMLUtils.getAttributeValue((Element)obj, "Id");
- if (id != null) {
- IdResolver.registerElementById((Element)obj, id);
+ Attr attr = ((Element)obj).getAttributeNode("Id");
+ if (attr != null) {
+ ((Element)obj).setIdAttributeNode(attr, true);
}
}
obj = obj.getFirstChild();
Added: santuario/xml-security-java/trunk/src/test/resources/at/iaik/ixsil/coreFeatures/signatures/manifestSignatureWrapping.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/resources/at/iaik/ixsil/coreFeatures/signatures/manifestSignatureWrapping.xml?rev=1231033&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/resources/at/iaik/ixsil/coreFeatures/signatures/manifestSignatureWrapping.xml (added)
+++ santuario/xml-security-java/trunk/src/test/resources/at/iaik/ixsil/coreFeatures/signatures/manifestSignatureWrapping.xml Fri Jan 13 12:12:12 2012
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE Envelope [
+ <!ATTLIST DataItem Id ID #IMPLIED>
+ ]>
+<Envelope xmlns="http://iaik.at#Envelope">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>1kF5aUeRTi9Jul2Qz3DmbZ0Od7I=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>M2bF8w1IQvdEedQ6SB9w8zaWc+KDNigoysBviNpifB6htymPhoW+1NBboygfkmAy
+8GSsOhmQ7gbpHoljjm2QPmZmo8BIt7ZGy7izhww1WZiIQxmqczIEaiPeBcsgsxDW
+SfOh7Ev9YXFfLF4UxJ59dfTR3ZTb9CVzGf6CSG4xXJk=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference URI="../samples/sampleXMLData.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>UXcq2OOH+aMla4fb5UOnYuaY9uQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature><DataItem Id="DataItem">
+ Some Data from IAIK
+ </DataItem>
+ <Manifest Id="manifest">BadManifest</Manifest>
+</Envelope>
\ No newline at end of file