You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2021/01/19 09:56:00 UTC
[jira] [Updated] (SANTUARIO-561) TransformC14N returns empty byte
array when nothing is provided as an input
[ https://issues.apache.org/jira/browse/SANTUARIO-561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated SANTUARIO-561:
------------------------------------------
Fix Version/s: Java 2.2.2
> TransformC14N returns empty byte array when nothing is provided as an input
> ---------------------------------------------------------------------------
>
> Key: SANTUARIO-561
> URL: https://issues.apache.org/jira/browse/SANTUARIO-561
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 2.2.1
> Reporter: Aleksandr Beliakov
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: Java 2.2.2
>
>
> {color:#172b4d}Hello,{color}
>
> {color:#172b4d}Thank you for resolving the ticket SANTUARIO-551 . However, we have faced with a similar issue in another place.{color}
>
> {color:#172b4d}When executing {color}+_TransformC14N_+ on an _XMLSignatureInput_ initialized from a pre-calculated digest, the output result returns an empty byte array, instead of a null result as it was in 2.1.6.
> As the result, the method {{org.apache.xml.security.signature.Reference.getReferencedBytes()}} unexpectedly returns an empty byte array on a digest document as well.
>
> Therefore we are not able to differentiate a digest document with an empty document.
>
> The problem seems to be coming from the changes made in TransformC14N (please also verify other transform implementations, the problem can be similar).
>
> The unit test that succeeds on 2.1.6 and fails with 2.2.1:
> {code:java}
> @Test
> public void transformC14NWithDigestTest() throws Exception {
> MessageDigest md = MessageDigest.getInstance("SHA-256");
> byte[] digest = md.digest("Hello world!".getBytes());
> XMLSignatureInput inputPrecomputed = new XMLSignatureInput(Base64.getEncoder().encodeToString(digest));
> MockTransformC14N mockTransformC14N = new MockTransformC14N();
> // for Santuario 2.2.1
> XMLSignatureInput xmlSignatureOutput = mockTransformC14N.enginePerformTransform(inputPrecomputed, null, null, null, false);
> // for Santuario 2.1.6
> // XMLSignatureInput xmlSignatureOutput = mockTransformC14N.enginePerformTransform(inputPrecomputed);
> assertNull(xmlSignatureOutput.getBytes());
> }
> public static class MockTransformC14N extends TransformC14N {
> static {
> org.apache.xml.security.Init.init();
> }
> // for Santuario 2.2.1
> @Override
> public XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os,
> Element transformElement, String baseURI,
> boolean secureValidation) throws CanonicalizationException {
> return super.enginePerformTransform(input, os, transformElement, baseURI, secureValidation);
> }
> // for Santuario 2.1.6
> // @Override
> // protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input)
> // throws IOException, CanonicalizationException, InvalidCanonicalizerException, TransformationException, ParserConfigurationException, SAXException {
> // return super.enginePerformTransform(input);
> // }
> }
> {code}
>
> Thank you.
>
> Best regards,
> Aleksandr.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)