You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/09/08 12:16:45 UTC
svn commit: r1623350 - in
/santuario/xml-security-java/branches/1.5.x-fixes/src:
main/java/org/apache/xml/security/signature/SignedInfo.java
test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java
Author: coheigea
Date: Mon Sep 8 10:16:45 2014
New Revision: 1623350
URL: http://svn.apache.org/r1623350
Log:
[SANTUARIO-398] - SignedInfo.getCanonicalizedOctetStream() -- getInclusiveNamespaces()
Conflicts:
src/main/java/org/apache/xml/security/signature/SignedInfo.java
src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java
Modified:
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java?rev=1623350&r1=1623349&r2=1623350&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java Mon Sep 8 10:16:45 2014
@@ -271,8 +271,12 @@ public class SignedInfo extends Manifest
Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
c14nizer.setSecureValidation(isSecureValidation());
- this.c14nizedBytes =
- c14nizer.canonicalizeSubtree(this.constructionElement);
+ String inclusiveNamespaces = this.getInclusiveNamespaces();
+ if (inclusiveNamespaces == null) {
+ this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement());
+ } else {
+ this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement(), inclusiveNamespaces);
+ }
}
// make defensive copy
@@ -353,7 +357,7 @@ public class SignedInfo extends Manifest
return new SecretKeySpec(secretKeyBytes, this.signatureAlgorithm.getJCEAlgorithmString());
}
- protected SignatureAlgorithm getSignatureAlgorithm() {
+ public SignatureAlgorithm getSignatureAlgorithm() {
return signatureAlgorithm;
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java?rev=1623350&r1=1623349&r2=1623350&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java Mon Sep 8 10:16:45 2014
@@ -37,10 +37,11 @@ import org.apache.xml.security.c14n.Cano
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.ObjectContainer;
import org.apache.xml.security.test.DSNamespaceContext;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.XPath2FilterContainer;
import org.apache.xml.security.transforms.params.XPathContainer;
-import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.ElementProxy;
import org.apache.xml.security.utils.XMLUtils;
@@ -206,6 +207,46 @@ public class CreateSignatureTest extends
XMLSignature signature = new XMLSignature(sigElement, "");
assertTrue(signature.checkSignatureValue(ks.getCertificate("test").getPublicKey()));
}
+
+ @org.junit.Test
+ public void testCanonicalizedOctetStream() throws Exception {
+ String signedXML = doSign();
+
+ org.w3c.dom.Document doc = db.parse(new ByteArrayInputStream(signedXML.getBytes()));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ KeyInfo ki = signature.getKeyInfo();
+
+ if (ki == null) {
+ throw new RuntimeException("No keyinfo");
+ }
+ PublicKey pk = signature.getKeyInfo().getPublicKey();
+
+ if (pk == null) {
+ throw new RuntimeException("No public key");
+ }
+
+ SignedInfo si = signature.getSignedInfo();
+ SignatureAlgorithm sa = si.getSignatureAlgorithm();
+ sa.initVerify(pk);
+
+ byte[] sigBytes = signature.getSignatureValue();
+
+ byte[] canonicalizedBytes = si.getCanonicalizedOctetStream();
+ sa.update(canonicalizedBytes, 0, canonicalizedBytes.length);
+
+ assertTrue(sa.verify(sigBytes));
+ assertTrue(si.verify(false));
+ }
+
private String doSign() throws Exception {
PrivateKey privateKey = kp.getPrivate();