You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/04/14 07:35:58 UTC
svn commit: r1876480 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/stax/ext/
test/java/org/apache/xml/security/test/stax/signature/
Author: coheigea
Date: Tue Apr 14 07:35:58 2020
New Revision: 1876480
URL: http://svn.apache.org/viewvc?rev=1876480&view=rev
Log:
SANTUARIO-538 - SignatureCreateReferenceURIResolverTest gives false positives
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java?rev=1876480&r1=1876479&r2=1876480&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java Tue Apr 14 07:35:58 2020
@@ -128,6 +128,12 @@ public class OutboundXMLSec {
securePart.getIdToSign(),
securePart
);
+ } else if (securePart.getExternalReference() != null) {
+ outputProcessorChain.getSecurityContext().putAsMap(
+ XMLSecurityConstants.SIGNATURE_PARTS,
+ securePart.getExternalReference(),
+ securePart
+ );
} else if (securePart.isSecureEntireRequest()) {
// Special functionality to sign the first element in the request
signEntireRequestPart = securePart;
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java?rev=1876480&r1=1876479&r2=1876480&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/AbstractSignatureCreationTest.java Tue Apr 14 07:35:58 2020
@@ -79,6 +79,16 @@ public class AbstractSignatureCreationTe
verifyUsingDOM(document, cert, secureParts, null);
}
+ protected void verifyUsingDOM(
+ Document document,
+ X509Certificate cert,
+ List<SecurePart> secureParts,
+ boolean secureValidation
+ ) throws Exception {
+ verifyUsingDOM(document, cert, secureParts, null,
+ true, "Id", secureValidation);
+ }
+
/**
* Verify the document using DOM
*/
@@ -88,7 +98,7 @@ public class AbstractSignatureCreationTe
List<SecurePart> secureParts,
ResourceResolverSpi resourceResolverSpi
) throws Exception {
- verifyUsingDOM(document, cert, secureParts, resourceResolverSpi, true, "Id");
+ verifyUsingDOM(document, cert, secureParts, resourceResolverSpi, true, "Id", true);
}
/**
@@ -100,9 +110,10 @@ public class AbstractSignatureCreationTe
List<SecurePart> secureParts,
ResourceResolverSpi resourceResolverSpi,
boolean keyInfoRequired,
- String idAttributeNS
+ String idAttributeNS,
+ boolean secureValidation
) throws Exception {
- XPath xpath = getxPath();
+ XPath xpath = getXPath();
String expression = "//dsig:Signature[1]";
Element sigElement =
@@ -120,7 +131,7 @@ public class AbstractSignatureCreationTe
signedElement.setIdAttributeNS(null, idAttributeNS, true);
}
- XMLSignature signature = new XMLSignature(sigElement, "");
+ XMLSignature signature = new XMLSignature(sigElement, "", secureValidation, null);
if (resourceResolverSpi != null) {
signature.addResourceResolver(resourceResolverSpi);
}
@@ -140,7 +151,7 @@ public class AbstractSignatureCreationTe
Key key,
List<SecurePart> secureParts
) throws Exception {
- XPath xpath = getxPath();
+ XPath xpath = getXPath();
String expression = "//dsig:Signature[1]";
Element sigElement =
@@ -159,12 +170,12 @@ public class AbstractSignatureCreationTe
assertTrue(signature.checkSignatureValue(key));
}
- protected void verifyUsingDOMWihtoutId(
+ protected void verifyUsingDOMWithoutId(
Document document,
Key key,
List<SecurePart> secureParts
) throws Exception {
- XPath xpath = getxPath();
+ XPath xpath = getXPath();
String expression = "//dsig:Signature[1]";
Element sigElement =
@@ -187,12 +198,12 @@ public class AbstractSignatureCreationTe
assertTrue(signature.checkSignatureValue(key));
}
- protected void verifyUsingDOMWihtoutIdAndDefaultTransform (
+ protected void verifyUsingDOMWithoutIdAndDefaultTransform (
Document document,
Key key,
List<SecurePart> secureParts
) throws Exception {
- XPath xpath = getxPath();
+ XPath xpath = getXPath();
String expression = "//dsig:Signature[1]";
Element sigElement =
@@ -213,7 +224,7 @@ public class AbstractSignatureCreationTe
assertTrue(signature.checkSignatureValue(key));
}
- private XPath getxPath() {
+ private XPath getXPath() {
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java?rev=1876480&r1=1876479&r2=1876480&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java Tue Apr 14 07:35:58 2020
@@ -108,7 +108,7 @@ public class SignatureCreationReferenceU
}
// Verify using DOM
- verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
+ verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), false);
}
@Test
@@ -159,7 +159,7 @@ public class SignatureCreationReferenceU
}
// Verify using DOM
- verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
+ verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), false);
}
@Test
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java?rev=1876480&r1=1876479&r2=1876480&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java Tue Apr 14 07:35:58 2020
@@ -518,7 +518,7 @@ public class SignatureCreationTest exten
}
// Verify using DOM
- verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), null, true, "ID");
+ verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), null, true, "ID", true);
}
@@ -1478,7 +1478,7 @@ public class SignatureCreationTest exten
}
// Verify using DOM
- verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), null, false, "Id");
+ verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), null, false, "Id", true);
}
@@ -1580,7 +1580,7 @@ public class SignatureCreationTest exten
assertEquals(cert.getIssuerDN().getName(), nodeList.item(0).getFirstChild().getTextContent());
// Verify using DOM
- verifyUsingDOMWihtoutId(document, cert.getPublicKey(), properties.getSignatureSecureParts());
+ verifyUsingDOMWithoutId(document, cert.getPublicKey(), properties.getSignatureSecureParts());
}
@Test
@@ -1635,6 +1635,6 @@ public class SignatureCreationTest exten
assertEquals(cert.getIssuerDN().getName(), nodeList.item(0).getFirstChild().getTextContent());
// Verify using DOM
- verifyUsingDOMWihtoutIdAndDefaultTransform(document, cert.getPublicKey(), properties.getSignatureSecureParts());
+ verifyUsingDOMWithoutIdAndDefaultTransform(document, cert.getPublicKey(), properties.getSignatureSecureParts());
}
}