You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/07/19 20:33:09 UTC
svn commit: r1363464 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
Author: giger
Date: Thu Jul 19 18:33:09 2012
New Revision: 1363464
URL: http://svn.apache.org/viewvc?rev=1363464&view=rev
Log:
allow verification of multiple references to the same signed content
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java?rev=1363464&r1=1363463&r2=1363464&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java Thu Jul 19 18:33:09 2012
@@ -116,27 +116,30 @@ public abstract class AbstractSignatureR
switch (xmlSecEvent.getEventType()) {
case XMLStreamConstants.START_ELEMENT:
XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
- ReferenceType referenceType = resolvesResource(xmlSecStartElement);
- if (referenceType != null) {
+ List<ReferenceType> referenceTypes = resolvesResource(xmlSecStartElement);
+ if (!referenceTypes.isEmpty()) {
+ for (int i = 0; i < referenceTypes.size(); i++) {
+ ReferenceType referenceType = referenceTypes.get(i);
- if (processedReferences.contains(referenceType)) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
- }
- InternalSignatureReferenceVerifier internalSignatureReferenceVerifier =
- getSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain,
- referenceType, xmlSecStartElement.getName());
- if (!internalSignatureReferenceVerifier.isFinished()) {
- internalSignatureReferenceVerifier.processEvent(xmlSecEvent, inputProcessorChain);
- inputProcessorChain.addProcessor(internalSignatureReferenceVerifier);
+ if (processedReferences.contains(referenceType)) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK, "duplicateId");
+ }
+ InternalSignatureReferenceVerifier internalSignatureReferenceVerifier =
+ getSignatureReferenceVerifier(getSecurityProperties(), inputProcessorChain,
+ referenceType, xmlSecStartElement.getName());
+ if (!internalSignatureReferenceVerifier.isFinished()) {
+ internalSignatureReferenceVerifier.processEvent(xmlSecEvent, inputProcessorChain);
+ inputProcessorChain.addProcessor(internalSignatureReferenceVerifier);
+ }
+ processedReferences.add(referenceType);
+ inputProcessorChain.getDocumentContext().setIsInSignedContent(
+ inputProcessorChain.getProcessors().indexOf(internalSignatureReferenceVerifier),
+ internalSignatureReferenceVerifier);
+
+ // Fire a SecurityEvent
+ List<QName> elementPath = xmlSecStartElement.getElementPath();
+ processElementPath(elementPath, inputProcessorChain, xmlSecEvent);
}
- processedReferences.add(referenceType);
- inputProcessorChain.getDocumentContext().setIsInSignedContent(
- inputProcessorChain.getProcessors().indexOf(internalSignatureReferenceVerifier),
- internalSignatureReferenceVerifier);
-
- // Fire a SecurityEvent
- List<QName> elementPath = xmlSecStartElement.getElementPath();
- processElementPath(elementPath, inputProcessorChain, xmlSecEvent);
}
break;
}
@@ -147,15 +150,20 @@ public abstract class AbstractSignatureR
List<QName> elementPath, InputProcessorChain inputProcessorChain, XMLSecEvent xmlSecEvent
) throws XMLSecurityException;
- protected ReferenceType resolvesResource(XMLSecStartElement xmlSecStartElement) {
+ protected List<ReferenceType> resolvesResource(XMLSecStartElement xmlSecStartElement) {
+ List<ReferenceType> referenceTypes = Collections.emptyList();
+
Iterator<Map.Entry<ResourceResolver, ReferenceType>> resourceResolverIterator = sameDocumentReferences.entrySet().iterator();
while (resourceResolverIterator.hasNext()) {
Map.Entry<ResourceResolver, ReferenceType> entry = resourceResolverIterator.next();
if (entry.getKey().matches(xmlSecStartElement)) {
- return entry.getValue();
+ if (referenceTypes == Collections.<ReferenceType>emptyList()) {
+ referenceTypes = new ArrayList<ReferenceType>();
+ }
+ referenceTypes.add(entry.getValue());
}
}
- return null;
+ return referenceTypes;
}
@Override
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java?rev=1363464&r1=1363463&r2=1363464&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java Thu Jul 19 18:33:09 2012
@@ -22,6 +22,7 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.math.BigInteger;
+import java.net.InetAddress;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
@@ -492,7 +493,6 @@ public class BaltimoreTest extends org.j
// SANTUARIO-318
@Test
- @Ignore
public void test_twenty_three_enveloping_b64_dsa() throws Exception {
// Read in plaintext document
InputStream sourceDocument =
@@ -871,7 +871,6 @@ public class BaltimoreTest extends org.j
// See SANTUARIO-330
@Test
- @Ignore
public void testExcSignature() throws Exception {
// Read in plaintext document
InputStream sourceDocument =