You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Elliotte Harold <el...@metalab.unc.edu> on 2005/02/02 23:36:25 UTC
Possible bug in exclusive canonicalization
When processing xmltest/invalid/002.xml from the W3C XML conformance
test suite using exclusive canonicalization with comments in
XML-Security 1.2, the results are:
<doc></doc><doc></doc>
However, the input document is:
<!DOCTYPE doc SYSTEM "002.ent">
<doc></doc>
002.ent is
<!ENTITY % e "(#PCDATA">
<!ELEMENT doc %e;)>
The result should be
<doc></doc>
This bug is seen by my program which follows. It would be nice if there
were a sample program bundled with XML_security that could test this
standalone. is there any such program?
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URI;
import java.net.URISyntaxException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
import nu.xom.Builder;
import nu.xom.Elements;
import org.apache.xml.security.c14n.*;
import org.apache.xml.security.utils.IgnoreAllErrorHandler;
public class ExclusiveC14N {
public static void main(String args[]) throws Exception {
org.apache.xml.security.Init.init();
DocumentBuilderFactory dfactory =
DocumentBuilderFactory.newInstance();
dfactory.setNamespaceAware(true);
dfactory.setValidating(true);
DocumentBuilder domBuilder = dfactory.newDocumentBuilder();
// throw away all validation warnings
domBuilder.setErrorHandler(new IgnoreAllErrorHandler());
File masterList = new File("data/canonical/xmlconf/xmlconf.xml");
Builder builder = new Builder();
nu.xom.Document xmlconf = builder.build(masterList);
Elements testcases =
xmlconf.getRootElement().getChildElements("TESTCASES");
processTestCases(domBuilder, testcases);
}
private static void processTestCases(DocumentBuilder domBuilder,
Elements testcases)
throws URISyntaxException, SAXException, IOException,
TransformerException, Exception {
for (int i = 0; i < testcases.size(); i++) {
nu.xom.Element testcase = testcases.get(i);
Elements tests = testcase.getChildElements("TEST");
processTests(domBuilder, tests);
Elements level2 = testcase.getChildElements("TESTCASES");
// need to be recursive to handle recursive IBM test cases
processTestCases(domBuilder, level2);
}
}
private static void processTests(DocumentBuilder domBuilder,
Elements tests)
throws URISyntaxException, SAXException, IOException,
TransformerException,
Exception {
Canonicalizer canonicalizer =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS);
for (int j = 0; j < tests.size(); j++) {
nu.xom.Element test = tests.get(j);
String namespace = test.getAttributeValue("NAMESPACE");
if ("no".equals(namespace)) continue;
String type = test.getAttributeValue("TYPE");
if ("not-wf".equals(type)) continue;
String uri = test.getAttributeValue("URI");
String base = test.getBaseURI();
URI baseURI= new URI(base);
URI testURI = baseURI.resolve(uri);
Document testdoc = domBuilder.parse(testURI.toString());
byte[] result = canonicalizer.canonicalizeSubtree(testdoc);
String outputFilename = testURI.toString().substring(5) +
".exc";
OutputStream out = new FileOutputStream(outputFilename);
out.write(result);
out.flush();
out.close();
System.out.println(outputFilename);
}
}
}
--
Elliotte Rusty Harold elharo@metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim