You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by ra...@apache.org on 2006/08/14 12:03:19 UTC
svn commit: r431318 - in /xml/security/trunk: ./
src/org/apache/xml/security/transforms/implementations/
src_unitTests/org/apache/xml/security/test/
src_unitTests/org/apache/xml/security/test/c14n/implementations/
src_unitTests/org/apache/xml/security/...
Author: raul
Date: Mon Aug 14 03:03:15 2006
New Revision: 431318
URL: http://svn.apache.org/viewvc?rev=431318&view=rev
Log:
Big optimizations in XPath2 transformation.
Fixed bug 40245 in XPATH2 transformation(only in development version)
Added:
xml/security/trunk/src_unitTests/org/apache/xml/security/test/transforms/implementations/Xpath2TransformationTest.java
Removed:
xml/security/trunk/src_unitTests/org/apache/xml/security/test/c14n/implementations/C14NInteropTest.java
Modified:
xml/security/trunk/CHANGELOG.txt
xml/security/trunk/TODO
xml/security/trunk/src/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java
xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java
xml/security/trunk/src_unitTests/org/apache/xml/security/test/c14n/implementations/ExclusiveC14NInterop.java
Modified: xml/security/trunk/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/xml/security/trunk/CHANGELOG.txt?rev=431318&r1=431317&r2=431318&view=diff
==============================================================================
--- xml/security/trunk/CHANGELOG.txt (original)
+++ xml/security/trunk/CHANGELOG.txt Mon Aug 14 03:03:15 2006
@@ -38,6 +38,8 @@
Optimization in RetrievelMethod handling don't reparse the bytes into a DOM tree if not needed thanks David Garcia.
Fixed bug 40215: Base64 is not working in EBCDIC platform. Thanks to
acastro.dit@aeat.es for fix.
+ Big optimizations in XPath2 transformation.
+ Fixed bug 40245 in XPATH2 transformation(only in development version)
New in v1.3
Modified: xml/security/trunk/TODO
URL: http://svn.apache.org/viewvc/xml/security/trunk/TODO?rev=431318&r1=431317&r2=431318&view=diff
==============================================================================
--- xml/security/trunk/TODO (original)
+++ xml/security/trunk/TODO Mon Aug 14 03:03:15 2006
@@ -30,4 +30,6 @@
[X] Migrate to JSR105 API
[X] Optimize certifacate & public key getting. for loops look wrong,
better registring..
-[ ] Optimize xpath2 to only look for the node not for the node and all the parents.
\ No newline at end of file
+[X] Optimize xpath2 to only look for the node not for the node and all the parents.
+[ ] There are several places in the library where a Dom is created from a byte array
+see if this is really needed and unified this creation in one class.
\ No newline at end of file
Modified: xml/security/trunk/src/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java?rev=431318&r1=431317&r2=431318&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/transforms/implementations/TransformXPath2Filter.java Mon Aug 14 03:03:15 2006
@@ -20,7 +20,10 @@
import java.io.IOException;
import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
@@ -141,7 +144,8 @@
}
- input.addNodeFilter(new XPath2NodeFilter(unionNodes,substractNodes,intersectNodes));
+ input.addNodeFilter(new XPath2NodeFilter(convertNodeListToSet(unionNodes),
+ convertNodeListToSet(substractNodes),convertNodeListToSet(intersectNodes)));
input.setNodeSet(true);
return input;
} catch (TransformerException ex) {
@@ -162,18 +166,39 @@
throw new TransformationException("empty", ex);
}
}
+ static Set convertNodeListToSet(List l){
+ Set result=new HashSet();
+ for (int j=0;j<l.size();j++) {
+ NodeList rootNodes=(NodeList) l.get(j);
+ int length = rootNodes.getLength();
+
+ for (int i = 0; i < length; i++) {
+ Node rootNode = rootNodes.item(i);
+ result.add(rootNode);
+
+ }
+
+ }
+ return result;
+ }
}
class XPath2NodeFilter implements NodeFilter {
- XPath2NodeFilter(List unionNodes, List substractNodes,
- List intersectNodes) {
+ boolean hasUnionNodes;
+ boolean hasSubstractNodes;
+ boolean hasIntersectNodes;
+ XPath2NodeFilter(Set unionNodes, Set substractNodes,
+ Set intersectNodes) {
this.unionNodes=unionNodes;
+ hasUnionNodes=!unionNodes.isEmpty();
this.substractNodes=substractNodes;
+ hasSubstractNodes=!substractNodes.isEmpty();
this.intersectNodes=intersectNodes;
+ hasIntersectNodes=!intersectNodes.isEmpty();
}
- List unionNodes=new ArrayList();
- List substractNodes=new ArrayList();
- List intersectNodes=new ArrayList();
+ Set unionNodes;
+ Set substractNodes;
+ Set intersectNodes;
/**
@@ -181,27 +206,71 @@
*/
public int isNodeInclude(Node currentNode) {
boolean notIncluded=false;
- if (!substractNodes.isEmpty() && rooted(currentNode, substractNodes)) {
+ if (hasSubstractNodes && rooted(currentNode, substractNodes)) {
notIncluded = true;
- } else if (!intersectNodes.isEmpty() && !rooted(currentNode, intersectNodes)) {
+ } else if (hasIntersectNodes && !rooted(currentNode, intersectNodes)) {
notIncluded = true;
}
//TODO OPTIMIZE
if (!notIncluded)
return 1;
- boolean hasUnionNodes=!unionNodes.isEmpty();
if (hasUnionNodes && rooted(currentNode, unionNodes)) {
return 1;
}
- if (!hasUnionNodes) {
+ if (!hasUnionNodes && !hasIntersectNodes) {
return -1; //Not union nodes to safe a node that has been exclude.
}
return 0;
}
+ int inSubstract=-1;
+ int inIntersect=-1;
+ int inUnion=-1;
public int isNodeIncludeDO(Node n, int level) {
- return isNodeInclude(n);
+ boolean notIncluded=false;
+ if (hasSubstractNodes) {
+ if ((inSubstract==-1) || (level<=inSubstract)) {
+ if (inList(n, substractNodes)) {
+ inSubstract=level;
+ } else {
+ inSubstract=-1;
+ }
+ }
+ if (inSubstract!=-1){
+ notIncluded=true;
+ }
+ }
+ if (!notIncluded){
+ if (hasIntersectNodes) {
+ if ((inIntersect==-1) || (level<=inIntersect)) {
+ if (!inList(n, intersectNodes)) {
+ inIntersect=-1;
+ notIncluded = true;
+ } else {
+ notIncluded=false;
+ inIntersect=level;
+ }
+ }
+ }
+ }
+
+ if (level<=inUnion)
+ inUnion=-1;
+ if (!notIncluded)
+ return 1;
+ if (hasUnionNodes) {
+ if ((inUnion==-1) && inList(n, unionNodes)) {
+ inUnion=level;
+ }
+ if (inUnion!=-1)
+ return 1;
+ }
+
+ if (!hasUnionNodes && !hasIntersectNodes) {
+ return -1; //Not union nodes to safe a node that has been exclude.
+ }
+ return 0;
}
/**
@@ -211,20 +280,28 @@
*
* @return if rooted bye the rootnodes
*/
- boolean rooted(Node currentNode, List nodeList ) {
- for (int j=0;j<nodeList.size();j++) {
- NodeList rootNodes=(NodeList) nodeList.get(j);
- int length = rootNodes.getLength();
-
- for (int i = 0; i < length; i++) {
- Node rootNode = rootNodes.item(i);
-
- if (XMLUtils.isDescendantOrSelf(rootNode,currentNode)) {
- return true;
- }
- }
-
+ static boolean rooted(Node currentNode, Set nodeList ) {
+ if (nodeList.contains(currentNode)) {
+ return true;
+ }
+ Iterator it=nodeList.iterator();
+ while (it.hasNext()) {
+ Node rootNode = (Node) it.next();
+ if (XMLUtils.isDescendantOrSelf(rootNode,currentNode)) {
+ return true;
+ }
}
return false;
}
+
+ /**
+ * Method rooted
+ * @param currentNode
+ * @param nodeList
+ *
+ * @return if rooted bye the rootnodes
+ */
+ static boolean inList(Node currentNode, Set nodeList ) {
+ return nodeList.contains(currentNode);
+ }
}
Modified: xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java?rev=431318&r1=431317&r2=431318&view=diff
==============================================================================
--- xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java (original)
+++ xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java Mon Aug 14 03:03:15 2006
@@ -19,6 +19,7 @@
import org.apache.xml.security.c14n.implementations.NameSpaceSymbTableTest;
import org.apache.xml.security.c14n.implementations.UtfHelperTest;
import org.apache.xml.security.c14n.implementations.UtfHelpper;
+import org.apache.xml.security.test.transforms.implementations.Xpath2TransformationTest;
import junit.framework.Test;
import junit.framework.TestCase;
@@ -58,6 +59,7 @@
suite.addTest(org.apache.xml.security.test.utils.Base64Test.suite());
suite.addTest(NameSpaceSymbTableTest.suite());
suite.addTest(UtfHelperTest.suite());
+ suite.addTest(Xpath2TransformationTest.suite());
// suite.addTest(org.apache.xml.security.test.algorithms.implementations.KeyWrapTest.suite());
// suite.addTest(org.apache.xml.security.test.algorithms.implementations.BlockEncryptionTest.suite());
//J+
Modified: xml/security/trunk/src_unitTests/org/apache/xml/security/test/c14n/implementations/ExclusiveC14NInterop.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/org/apache/xml/security/test/c14n/implementations/ExclusiveC14NInterop.java?rev=431318&r1=431317&r2=431318&view=diff
==============================================================================
--- xml/security/trunk/src_unitTests/org/apache/xml/security/test/c14n/implementations/ExclusiveC14NInterop.java (original)
+++ xml/security/trunk/src_unitTests/org/apache/xml/security/test/c14n/implementations/ExclusiveC14NInterop.java Mon Aug 14 03:03:15 2006
@@ -156,14 +156,7 @@
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document doc = db.parse(f);
- long start = System.currentTimeMillis();
-
- //XMLUtils.circumventBug2650(doc);
-
- long end = System.currentTimeMillis();
-
- log.debug("fixSubtree took " + (int) (end - start));
-
+
Element sigElement =
(Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
Constants._TAG_SIGNATURE).item(0);
Added: xml/security/trunk/src_unitTests/org/apache/xml/security/test/transforms/implementations/Xpath2TransformationTest.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/org/apache/xml/security/test/transforms/implementations/Xpath2TransformationTest.java?rev=431318&view=auto
==============================================================================
--- xml/security/trunk/src_unitTests/org/apache/xml/security/test/transforms/implementations/Xpath2TransformationTest.java (added)
+++ xml/security/trunk/src_unitTests/org/apache/xml/security/test/transforms/implementations/Xpath2TransformationTest.java Mon Aug 14 03:03:15 2006
@@ -0,0 +1,151 @@
+package org.apache.xml.security.test.transforms.implementations;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.xml.security.Init;
+import org.apache.xml.security.signature.Reference;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.JavaUtils;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+public class Xpath2TransformationTest extends TestCase {
+ static {
+ Init.init();
+ }
+ /**
+ * Method suite
+ *
+ *
+ */
+ public static Test suite() {
+ return new TestSuite(Xpath2TransformationTest.class);
+ }
+
+
+ public static void testXpath2Transform() throws Exception {
+ String sig="<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n" +
+ "<edoc:EDOC xmlns:dc=\"http://purl.org/dc/elements/1.1/\" xmlns:dcterms=\"http://purl.org/dc/terms/\" xmlns:edoc=\"http://www.imtf.com/hypersuite/edoc/2.0/\" sysid=\"CC9CC230-C0A8024E01A3CA10-AC154F78\">\r\n" +
+ " <edoc:Version>2.0</edoc:Version>\r\n" +
+ " <edoc:Object edocVersion=\"2.0\">\r\n" +
+ " <edoc:ObjectMetadata>\r\n" +
+ " <edoc:ObjectType>Record</edoc:ObjectType>\r\n" +
+ " <edoc:ObjectCreationDate>2004-12-13T14:27:35</edoc:ObjectCreationDate>\r\n" +
+ " </edoc:ObjectMetadata>\r\n" +
+ " <edoc:ObjectContent>\r\n" +
+ " <edoc:Record>\r\n" +
+ " <edoc:RecordMetadata></edoc:RecordMetadata>\r\n" +
+ " <edoc:Document id=\"Revision-1-Document-1\">\r\n" +
+ " <edoc:DocumentMetadata>\r\n" +
+ " <dc:date>2003-07-20</dc:date>\r\n" +
+ " <dc:type>20</dc:type>\r\n" +
+ " <dc:format>PDF</dc:format>\r\n" +
+ " <edoc:customer-number>222222</edoc:customer-number>\r\n" +
+ " </edoc:DocumentMetadata>\r\n" +
+ " <edoc:Encoding id=\"Revision-1-Document-1-Encoding-1\">\r\n" +
+ " <edoc:EncodingMetadata>\r\n" +
+ " </edoc:EncodingMetadata>\r\n" +
+ " <edoc:ContentData encapsulation=\"Base64\" id=\"Revision-1-Document-1-Encoding-1-ContentData-1\" sourceFileSize=\"102550\">AAA</edoc:ContentData>\r\n" +
+ " </edoc:Encoding>\r\n" +
+ " </edoc:Document>\r\n" +
+ " </edoc:Record>\r\n" +
+ " </edoc:ObjectContent>\r\n" +
+ " </edoc:Object>\r\n" +
+ "<edoc:SignatureBlock id=\"Revision-1-Signature-1\"><edoc:SignatureDate>2006-08-09T17:21:35</edoc:SignatureDate><edoc:Signer>Hess Yvan (first signature)</edoc:Signer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\r\n" +
+ "<ds:SignedInfo>\r\n" +
+ "<ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"></ds:CanonicalizationMethod>\r\n" +
+ "<ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"></ds:SignatureMethod>\r\n" +
+ "<ds:Reference URI=\"\">\r\n" +
+ "<ds:Transforms>\r\n" +
+ "<ds:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\">\r\n" +
+ "<dsig-xpath:XPath xmlns:dsig-xpath=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">/edoc:EDOC/edoc:Object</dsig-xpath:XPath>\r\n" +
+ "</ds:Transform>\r\n" +
+ "</ds:Transforms>\r\n" +
+ "<ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"></ds:DigestMethod>\r\n" +
+ "<ds:DigestValue>YMXHTYArDBcWDG99epurfdSEAWM=</ds:DigestValue>\r\n" +
+ "</ds:Reference>\r\n" +
+ "</ds:SignedInfo>\r\n" +
+ "<ds:SignatureValue>\r\n" +
+ "Un2HBIOcwGe36k8eDEJISKP8/EmCp813JlmV0qqxIPVgdMsIJXR5Wky6uqwP+E3wAXj4NykW76GV\r\n" +
+ "1eSD9dTKw/M/bFMbId0nBp0ZFaFE5DKU/My4956qr2oyJqiFRKOokCxds0jMQvGcKeWVC9oAROxR\r\n" +
+ "byZQbrtjGw9YS+D5afY=\r\n" +
+ "</ds:SignatureValue>\r\n" +
+ "<ds:KeyInfo>\r\n" +
+ "<ds:X509Data>\r\n" +
+ "<ds:X509Certificate>\r\n" +
+ "MIIDADCCAmmgAwIBAgIGAQpEtx7tMA0GCSqGSIb3DQEBBQUAMIGXMRQwEgYDVQQGEwtTd2l0emVy\r\n" +
+ "bGFuZDERMA8GA1UECBMIRnJpYm91cmcxETAPBgNVBAcTCEdpdmlzaWV6MRUwEwYDVQQLEwxIeXBl\r\n" +
+ "cnN1aXRlIDUxGTAXBgNVBAoTEEluZm9ybWF0aXF1ZS1NVEYxJzAlBgNVBAMTHklNVEYgUm9vdENl\r\n" +
+ "cnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjAzMjgyMjAwMDBaFw0xNjAzMTcyMzAwMDBaMIGMMRQw\r\n" +
+ "EgYDVQQGEwtTd2l0emVybGFuZDERMA8GA1UECBMIRnJpYm91cmcxETAPBgNVBAcTCEdpdmlzaWV6\r\n" +
+ "MRUwEwYDVQQLEwxIeXBlcnN1aXRlIDUxGTAXBgNVBAoTEEluZm9ybWF0aXF1ZS1NVEYxHDAaBgNV\r\n" +
+ "BAMTE0lNVEYgRW5kQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOxpALzU\r\n" +
+ "r8TjtFB7ghScWXdaDuHHRM7bPOoyuDSCxCznCBQitrwT/Un/vkZjDxSTG1bLWObqUMf1Yf6ul30n\r\n" +
+ "nU9NsHO2fr7+YwtGnCV5vZ+qzWSQBY7qS+Gg8Ft9z0PluNRe84ukcQt7mdqSYet2qKbYWLP8tyFc\r\n" +
+ "XCYs0JL5E6aTAgMBAAGjYDBeMB8GA1UdIwQYMBaAFIeIxHkuiPSRw5OArsqR7wZYgVPlMB0GA1Ud\r\n" +
+ "DgQWBBRrfNhYheJHag+VBqDPWEOQyt3rqDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAN\r\n" +
+ "BgkqhkiG9w0BAQUFAAOBgQB4OVKzObDkpadteusbvcEin2GdK3B2qz/HwqH07AEt/pQbJ/oQOsYL\r\n" +
+ "qVyDFt3umJ5uHon15nkps3HRE4MoYNfVbtz1G+0nMcAbxVYJDIfC4YBJRUAm/aA0twfkiH6gFmLi\r\n" +
+ "V8o5YRtkjXvZQKUtJ/Ps/m0DAC4A935jTHDd6F4FCw==\r\n" +
+ "</ds:X509Certificate>\r\n" +
+ "</ds:X509Data>\r\n" +
+ "</ds:KeyInfo>\r\n" +
+ "</ds:Signature></edoc:SignatureBlock></edoc:EDOC>";
+ String correctC14n="<edoc:Object xmlns:dc=\"http://purl.org/dc/elements/1.1/\" xmlns:dcterms=\"http://purl.org/dc/terms/\" xmlns:edoc=\"http://www.imtf.com/hypersuite/edoc/2.0/\" edocVersion=\"2.0\">\n" +
+ " <edoc:ObjectMetadata>\n" +
+ " <edoc:ObjectType>Record</edoc:ObjectType>\n" +
+ " <edoc:ObjectCreationDate>2004-12-13T14:27:35</edoc:ObjectCreationDate>\n" +
+ " </edoc:ObjectMetadata>\n" +
+ " <edoc:ObjectContent>\n" +
+ " <edoc:Record>\n" +
+ " <edoc:RecordMetadata></edoc:RecordMetadata>\n" +
+ " <edoc:Document id=\"Revision-1-Document-1\">\n" +
+ " <edoc:DocumentMetadata>\n" +
+ " <dc:date>2003-07-20</dc:date>\n" +
+ " <dc:type>20</dc:type>\n" +
+ " <dc:format>PDF</dc:format>\n" +
+ " <edoc:customer-number>222222</edoc:customer-number>\n" +
+ " </edoc:DocumentMetadata>\n" +
+ " <edoc:Encoding id=\"Revision-1-Document-1-Encoding-1\">\n" +
+ " <edoc:EncodingMetadata>\n" +
+ " </edoc:EncodingMetadata>\n" +
+ " <edoc:ContentData encapsulation=\"Base64\" id=\"Revision-1-Document-1-Encoding-1-ContentData-1\" sourceFileSize=\"102550\">AAA</edoc:ContentData>\n" +
+ " </edoc:Encoding>\n" +
+ " </edoc:Document>\n" +
+ " </edoc:Record>\n" +
+ " </edoc:ObjectContent>\n" +
+ " </edoc:Object>";
+ ByteArrayInputStream is=new ByteArrayInputStream(sig.getBytes());
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.parse(is);
+ Element sigElement =
+ (Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
+ Constants._TAG_SIGNATURE).item(0);
+ XMLSignature sign = new XMLSignature(sigElement,
+ "");
+ boolean verify =
+ sign.checkSignatureValue(sign.getKeyInfo().getPublicKey());
+ if (!verify) {
+ for (int i = 0; i < sign.getSignedInfo().getLength(); i++) {
+ boolean refVerify =
+ sign.getSignedInfo().getVerificationResult(i);
+ if (!refVerify) {
+ assertEquals(correctC14n, new String(sign.getSignedInfo().item(i).getContentsAfterTransformation().getBytes()));
+ }
+ }
+ }
+
+
+ }
+}