You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/09/08 12:16:45 UTC

svn commit: r1623350 - in /santuario/xml-security-java/branches/1.5.x-fixes/src: main/java/org/apache/xml/security/signature/SignedInfo.java test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java

Author: coheigea
Date: Mon Sep  8 10:16:45 2014
New Revision: 1623350

URL: http://svn.apache.org/r1623350
Log:
[SANTUARIO-398] - SignedInfo.getCanonicalizedOctetStream() -- getInclusiveNamespaces()


Conflicts:
	src/main/java/org/apache/xml/security/signature/SignedInfo.java
	src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java

Modified:
    santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java
    santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java

Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java?rev=1623350&r1=1623349&r2=1623350&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/signature/SignedInfo.java Mon Sep  8 10:16:45 2014
@@ -271,8 +271,12 @@ public class SignedInfo extends Manifest
                 Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
             c14nizer.setSecureValidation(isSecureValidation());
 
-            this.c14nizedBytes =
-                c14nizer.canonicalizeSubtree(this.constructionElement);
+            String inclusiveNamespaces = this.getInclusiveNamespaces();
+            if (inclusiveNamespaces == null) {
+                this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement());
+            } else {
+                this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement(), inclusiveNamespaces);
+            }
         }
 
         // make defensive copy
@@ -353,7 +357,7 @@ public class SignedInfo extends Manifest
         return new SecretKeySpec(secretKeyBytes, this.signatureAlgorithm.getJCEAlgorithmString());
     }
 
-    protected SignatureAlgorithm getSignatureAlgorithm() {
+    public SignatureAlgorithm getSignatureAlgorithm() {
         return signatureAlgorithm;
     }
 

Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java?rev=1623350&r1=1623349&r2=1623350&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/signature/CreateSignatureTest.java Mon Sep  8 10:16:45 2014
@@ -37,10 +37,11 @@ import org.apache.xml.security.c14n.Cano
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.signature.ObjectContainer;
 import org.apache.xml.security.test.DSNamespaceContext;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.transforms.Transforms;
 import org.apache.xml.security.transforms.params.XPath2FilterContainer;
 import org.apache.xml.security.transforms.params.XPathContainer;
-import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.utils.Constants;
 import org.apache.xml.security.utils.ElementProxy;
 import org.apache.xml.security.utils.XMLUtils;
@@ -206,6 +207,46 @@ public class CreateSignatureTest extends
         XMLSignature signature = new XMLSignature(sigElement, "");
         assertTrue(signature.checkSignatureValue(ks.getCertificate("test").getPublicKey()));
     }
+    
+    @org.junit.Test
+    public void testCanonicalizedOctetStream() throws Exception {        
+        String signedXML = doSign();
+        
+        org.w3c.dom.Document doc = db.parse(new ByteArrayInputStream(signedXML.getBytes()));
+
+        XPathFactory xpf = XPathFactory.newInstance();
+        XPath xpath = xpf.newXPath();
+        xpath.setNamespaceContext(new DSNamespaceContext());
+
+        String expression = "//ds:Signature[1]";
+        Element sigElement = 
+            (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+        
+        XMLSignature signature = new XMLSignature(sigElement, "");
+        KeyInfo ki = signature.getKeyInfo();
+
+        if (ki == null) {
+            throw new RuntimeException("No keyinfo");
+        }
+        PublicKey pk = signature.getKeyInfo().getPublicKey();
+
+        if (pk == null) {
+            throw new RuntimeException("No public key");
+        }
+        
+        SignedInfo si = signature.getSignedInfo();
+        SignatureAlgorithm sa = si.getSignatureAlgorithm();
+        sa.initVerify(pk);
+
+        byte[] sigBytes = signature.getSignatureValue();
+        
+        byte[] canonicalizedBytes = si.getCanonicalizedOctetStream();
+        sa.update(canonicalizedBytes, 0, canonicalizedBytes.length);
+        
+        assertTrue(sa.verify(sigBytes));
+        assertTrue(si.verify(false));
+    }
+
 
     private String doSign() throws Exception {
         PrivateKey privateKey = kp.getPrivate();