You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/07/19 20:33:09 UTC

svn commit: r1363464 - in /santuario/xml-security-java/trunk/src: main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java

Author: giger
Date: Thu Jul 19 18:33:09 2012
New Revision: 1363464

URL: http://svn.apache.org/viewvc?rev=1363464&view=rev
Log:
allow verification of multiple references to the same signed content

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
    santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java?rev=1363464&r1=1363463&r2=1363464&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java Thu Jul 19 18:33:09 2012
@@ -116,27 +116,30 @@ public abstract class AbstractSignatureR
         switch (xmlSecEvent.getEventType()) {
             case XMLStreamConstants.START_ELEMENT:
                 XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
-                ReferenceType referenceType = resolvesResource(xmlSecStartElement);
-                if (referenceType != null) {
+                List<ReferenceType> referenceTypes = resolvesResource(xmlSecStartElement);
+                if (!referenceTypes.isEmpty()) {
+                    for (int i = 0; i < referenceTypes.size(); i++) {
+                        ReferenceType referenceType = referenceTypes.get(i);
 
-                    if (processedReferences.contains(referenceType)) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
-                    }
-                    InternalSignatureReferenceVerifier internalSignatureReferenceVerifier =
-                            getSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain,
-                                    referenceType, xmlSecStartElement.getName());
-                    if (!internalSignatureReferenceVerifier.isFinished()) {
-                        internalSignatureReferenceVerifier.processEvent(xmlSecEvent, inputProcessorChain);
-                        inputProcessorChain.addProcessor(internalSignatureReferenceVerifier);
+                        if (processedReferences.contains(referenceType)) {
+                            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
+                        }
+                        InternalSignatureReferenceVerifier internalSignatureReferenceVerifier =
+                                getSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain,
+                                        referenceType, xmlSecStartElement.getName());
+                        if (!internalSignatureReferenceVerifier.isFinished()) {
+                            internalSignatureReferenceVerifier.processEvent(xmlSecEvent, inputProcessorChain);
+                            inputProcessorChain.addProcessor(internalSignatureReferenceVerifier);
+                        }
+                        processedReferences.add(referenceType);
+                        inputProcessorChain.getDocumentContext().setIsInSignedContent(
+                                inputProcessorChain.getProcessors().indexOf(internalSignatureReferenceVerifier),
+                                internalSignatureReferenceVerifier);
+
+                        // Fire a SecurityEvent
+                        List<QName> elementPath = xmlSecStartElement.getElementPath();
+                        processElementPath(elementPath, inputProcessorChain, xmlSecEvent);
                     }
-                    processedReferences.add(referenceType);
-                    inputProcessorChain.getDocumentContext().setIsInSignedContent(
-                            inputProcessorChain.getProcessors().indexOf(internalSignatureReferenceVerifier),
-                            internalSignatureReferenceVerifier);
-
-                    // Fire a SecurityEvent
-                    List<QName> elementPath = xmlSecStartElement.getElementPath();
-                    processElementPath(elementPath, inputProcessorChain, xmlSecEvent);
                 }
                 break;
         }
@@ -147,15 +150,20 @@ public abstract class AbstractSignatureR
             List<QName> elementPath, InputProcessorChain inputProcessorChain, XMLSecEvent xmlSecEvent
     ) throws XMLSecurityException;
 
-    protected ReferenceType resolvesResource(XMLSecStartElement xmlSecStartElement) {
+    protected List<ReferenceType> resolvesResource(XMLSecStartElement xmlSecStartElement) {
+        List<ReferenceType> referenceTypes = Collections.emptyList();
+
         Iterator<Map.Entry<ResourceResolver, ReferenceType>> resourceResolverIterator = sameDocumentReferences.entrySet().iterator();
         while (resourceResolverIterator.hasNext()) {
             Map.Entry<ResourceResolver, ReferenceType> entry = resourceResolverIterator.next();
             if (entry.getKey().matches(xmlSecStartElement)) {
-                return entry.getValue();
+                if (referenceTypes == Collections.<ReferenceType>emptyList()) {
+                    referenceTypes = new ArrayList<ReferenceType>();
+                }
+                referenceTypes.add(entry.getValue());
             }
         }
-        return null;
+        return referenceTypes;
     }
 
     @Override

Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java?rev=1363464&r1=1363463&r2=1363464&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java Thu Jul 19 18:33:09 2012
@@ -22,6 +22,7 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.math.BigInteger;
+import java.net.InetAddress;
 import java.security.Key;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
@@ -492,7 +493,6 @@ public class BaltimoreTest extends org.j
     
     // SANTUARIO-318
     @Test
-    @Ignore
     public void test_twenty_three_enveloping_b64_dsa() throws Exception {
         // Read in plaintext document
         InputStream sourceDocument = 
@@ -871,7 +871,6 @@ public class BaltimoreTest extends org.j
     
     // See SANTUARIO-330
     @Test
-    @Ignore
     public void testExcSignature() throws Exception {
         // Read in plaintext document
         InputStream sourceDocument =