You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Peter De Maeyer (Jira)" <ji...@apache.org> on 2020/04/13 15:22:00 UTC

[jira] [Created] (SANTUARIO-538) SignatureCreateReferenceURIResolverTest gives false positives

Peter De Maeyer created SANTUARIO-538:
-----------------------------------------

             Summary: SignatureCreateReferenceURIResolverTest gives false positives
                 Key: SANTUARIO-538
                 URL: https://issues.apache.org/jira/browse/SANTUARIO-538
             Project: Santuario
          Issue Type: Bug
          Components: Java
    Affects Versions: Java 2.1.5
            Reporter: Peter De Maeyer
            Assignee: Colm O hEigeartaigh


{{SignatureCreationReferenceURIResolverTest.testSignatureCreationWithExternal*}} gives false positives.
The essence of these tests seems to be a {{SecurePart}} that has an external reference.
These secure parts never match anything, in spite of the fact that they are required (by default).
The reason they don't fail is because {{OutboundXMLSec.processOutMessage}} ignores them: because they have no {{getIdToSign()}}, no {{getName()}} and no {{isSecureEntireRequest()}}, they are never put ({{putAsMap}}) in the security context.
You can just as well remove them from the tests, and the tests are still green.

If someone could explain to me what the intent of this feature is, I would be happy to fix them.
I have the vague impression that they're tests for a feature that has not been implemented.

I bumped into this in the context of SANTUARIO-532, where {{SignatureCreationReferenceURIResolverTest}} started failing on the requiredness once I no longer ignore the secure parts in {{OutboundXMLSec.processOutMessage}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)