You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Peter De Maeyer (Jira)" <ji...@apache.org> on 2020/04/13 15:22:00 UTC
[jira] [Created] (SANTUARIO-538)
SignatureCreateReferenceURIResolverTest gives false positives
Peter De Maeyer created SANTUARIO-538:
-----------------------------------------
Summary: SignatureCreateReferenceURIResolverTest gives false positives
Key: SANTUARIO-538
URL: https://issues.apache.org/jira/browse/SANTUARIO-538
Project: Santuario
Issue Type: Bug
Components: Java
Affects Versions: Java 2.1.5
Reporter: Peter De Maeyer
Assignee: Colm O hEigeartaigh
{{SignatureCreationReferenceURIResolverTest.testSignatureCreationWithExternal*}} gives false positives.
The essence of these tests seems to be a {{SecurePart}} that has an external reference.
These secure parts never match anything, in spite of the fact that they are required (by default).
The reason they don't fail is because {{OutboundXMLSec.processOutMessage}} ignores them: because they have no {{getIdToSign()}}, no {{getName()}} and no {{isSecureEntireRequest()}}, they are never put ({{putAsMap}}) in the security context.
You can just as well remove them from the tests, and the tests are still green.
If someone could explain to me what the intent of this feature is, I would be happy to fix them.
I have the vague impression that they're tests for a feature that has not been implemented.
I bumped into this in the context of SANTUARIO-532, where {{SignatureCreationReferenceURIResolverTest}} started failing on the requiredness once I no longer ignore the secure parts in {{OutboundXMLSec.processOutMessage}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)