You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2009/07/10 15:31:32 UTC
svn commit: r792948 - in /xml/security/trunk: ./
data/org/apache/xml/security/testcases/
src/org/apache/xml/security/signature/
src_unitTests/org/apache/xml/security/test/signature/
Author: coheigea
Date: Fri Jul 10 13:31:31 2009
New Revision: 792948
URL: http://svn.apache.org/viewvc?rev=792948&view=rev
Log:
[45744] - XPath transform and xml-stylesheet.
Added:
xml/security/trunk/data/org/apache/xml/security/testcases/out.xml (with props)
xml/security/trunk/data/org/apache/xml/security/testcases/upp_sign.xml (with props)
xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/ProcessingInstructionTest.java (with props)
Modified:
xml/security/trunk/CHANGELOG.txt
xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java
xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/AllTests.java
Modified: xml/security/trunk/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/xml/security/trunk/CHANGELOG.txt?rev=792948&r1=792947&r2=792948&view=diff
==============================================================================
--- xml/security/trunk/CHANGELOG.txt (original)
+++ xml/security/trunk/CHANGELOG.txt Fri Jul 10 13:31:31 2009
@@ -1,5 +1,6 @@
Changelog for "Apache xml-security" <http://santuario.apache.org/>
New in v ...
+ Fixed Bug 45744: XPath transform and xml-stylesheet.
Fixed Bug 42986: The </#document> node inserted at the end of SOAPEnvelope.
Fixed Bug 47029: Unnecessary namespace declarations on EncryptedData children.
Fixed Bug 44335: Can't validate after invalid validation.
Added: xml/security/trunk/data/org/apache/xml/security/testcases/out.xml
URL: http://svn.apache.org/viewvc/xml/security/trunk/data/org/apache/xml/security/testcases/out.xml?rev=792948&view=auto
==============================================================================
--- xml/security/trunk/data/org/apache/xml/security/testcases/out.xml (added)
+++ xml/security/trunk/data/org/apache/xml/security/testcases/out.xml Fri Jul 10 13:31:31 2009
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type="text/xsl" href="http://test"?>
+<kot/>
Propchange: xml/security/trunk/data/org/apache/xml/security/testcases/out.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: xml/security/trunk/data/org/apache/xml/security/testcases/out.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: xml/security/trunk/data/org/apache/xml/security/testcases/out.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added: xml/security/trunk/data/org/apache/xml/security/testcases/upp_sign.xml
URL: http://svn.apache.org/viewvc/xml/security/trunk/data/org/apache/xml/security/testcases/upp_sign.xml?rev=792948&view=auto
==============================================================================
--- xml/security/trunk/data/org/apache/xml/security/testcases/upp_sign.xml (added)
+++ xml/security/trunk/data/org/apache/xml/security/testcases/upp_sign.xml Fri Jul 10 13:31:31 2009
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ala><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="ID-23ca29f0-7a8a-11dd-8101-005056c00008"><ds:SignedInfo Id="ID-23ada140-7a8a-11dd-8101-005056c00008"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference Id="ID-23afeb30-7a8a-11dd-8101-005056c00008" URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">not(ancestor-or-self::ds:Signature)</ds:XPath></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>tfIuivo9Uaub4wVmA54FPh5Ssm4=</ds:DigestValue></ds:Reference><ds:Reference Id="ID-23be4310-7a8a-11dd-8101-005056c00008" URI="out.xml"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">not(ancestor-or-self::*[@Id="pid-8ae3bccf-e44c-4707-bc4d-76e46fbe1aae" and ancestor-or-self::xades:UnsignedProperties] or ancestor-or-self::*[@Id="sid-04d124a5-6181-4a9c-adb2-b67d674fd6b3" and ancestor-or-self::xades:UnsignedProperties] or ancestor-or-self::*[@Id="aid-5b31dc87-875c-4c7f-918e-af0d8cf852b5" and ancestor-or-self::xades:UnsignedProperties] or ancestor-or-self::*[@Id="cid-9e173524-6b12-4412-9b85-3c9eca45ef9e" and ancestor-or-self::xades:UnsignedProperties] or ancestor-or-self::*[@Id="rid-e8b28a37-7262-4b18-baa9-5cc107373eeb" and ancestor-or-self::xades:UnsignedProperties])</ds:XPath></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>23QjhyDHzlG1Pj0Ym7qHwu9+tsg=</ds:DigestValue></ds:Reference><ds:Reference Id="ID-2b80a6b3-7a8a-11dd-a32c-005056c00008" Type="http://uri.etsi.org/01903#SignedProperties" URI="#ID-2b80a6b1-7a8a-11dd
-a32c-005056c00008"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>C0rv5vLRlnfO/JoWcNb+W7WrD3Y=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue Id="ID-2ba21160-7a8a-11dd-a32c-005056c00008">dZZ94uBAyM1RzpQoY2ftSbczjRS6B6ozfLzmC89GJtfDKj2Uqxci8FKhKr0jvY3eSts1MizUNU65b4S73SjhesAYrypeqm7Kgt/AbF8b1IMA9eH56HRvqax3UHsO2PRLvvBr5zUxioH9VX69mmeQu2YnKJwyul81Ttn4e3sJriQ=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
+MIIChzCCAW+gAwIBAgICAUQwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCUEwx
+EDAOBgNVBAoTB0NPTUFSQ0gxGjAYBgNVBAMTEVRlc3QgQ0EgZm9yIGVQVUFQMB4X
+DTA4MDQxODIwMzA0NVoXDTE1MDQxNzIwMzA0NVowOjELMAkGA1UEBhMCUEwxDjAM
+BgNVBAoTBU1TV2lBMRswGQYDVQQDExJDb21hcmNoRVNQIFRlc3Rvd3kwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAMbN8U7GobHWsLeOkVFXwzwiXdoinj9QYPg0
+HPmzIn8a12S3oIWXwvmGqiQkJKCRUQb/Ue8wP2oGoWB/BzRQHhg+Oy2CYZ1ej7nx
+qF3Nr6P/0r/3hW4+r9suR+Rs05yLpPebxqTqu/Q/5ZIFbD9ycESkr1VrzDI7kWH/
+zR0fjlelAgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMA0GCSqGSIb3
+DQEBBQUAA4IBAQBJhyZlmGl4POY7Rw0lNsldAO04DeoYA6ePOv2B2bShtOsj93pj
+47VNw+4VqgAjkp/ehiLbJX0OQMhQFG4JYaVf7njnhjS8fF9DOyoML20aLELxtY7i
+rkSUGEN2DYTQw4r6GIlc8URYKbuO4JFZ/J079LS75W8i1yAwtGAMif/g+5ZeH+0j
+muOHbp9T+N/aA1qMKAX5hL7cyV0ZON8xJ5NqGB8nGjTi9PNaM6vnmLw9fY9C0vOM
+O/PBOFQ0F8tt7lZeM9mjq+lCNK/Ex5Rjmy3nDZY4atyZJERC6RWk4F+wyekvWgI/
+JcdkS4BFhZGAeKo3a1Ygo0nORXrXbMTjKZm5
+
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="ID-2b80a6b2-7a8a-11dd-a32c-005056c00008" Target="ID-23ca29f0-7a8a-11dd-8101-005056c00008"><xades:SignedProperties Id="ID-2b80a6b1-7a8a-11dd-a32c-005056c00008"><xades:SignedSignatureProperties><xades:SigningTime>2008-09-04T14:02:54Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>vmdGB4dDJVznxnnBb/LWJEtii1g=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test CA for ePUAP, O=COMARCH, C=PL</ds:X509IssuerName><ds:X509SerialNumber>324</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate><xades:SignaturePolicyIdentifier><xades:SignaturePolicyImplied></xades:SignaturePolicyImplied></xades:SignaturePolicyIdentifier></xades:SignedSignatureProperties><xades:Signe
dDataObjectProperties><xades:DataObjectFormat ObjectReference="out.xml"></xades:DataObjectFormat></xades:SignedDataObjectProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object></ds:Signature></ala>
Propchange: xml/security/trunk/data/org/apache/xml/security/testcases/upp_sign.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: xml/security/trunk/data/org/apache/xml/security/testcases/upp_sign.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: xml/security/trunk/data/org/apache/xml/security/testcases/upp_sign.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified: xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java?rev=792948&r1=792947&r2=792948&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java Fri Jul 10 13:31:31 2009
@@ -605,7 +605,7 @@
Document doc = db.parse(this.getOctetStream());
- this._subNode=doc.getDocumentElement();
+ this._subNode=doc;
} catch (SAXException ex) {
// if a not-wellformed nodeset exists, put a container around it...
Modified: xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/AllTests.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/AllTests.java?rev=792948&r1=792947&r2=792948&view=diff
==============================================================================
--- xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/AllTests.java (original)
+++ xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/AllTests.java Fri Jul 10 13:31:31 2009
@@ -17,6 +17,7 @@
suite.addTest(XMLSignatureInputTest.suite());
suite.addTest(UnknownAlgoSignatureTest.suite());
suite.addTest(KeyValueTest.suite());
+ suite.addTest(ProcessingInstructionTest.suite());
suite.addTest(NoKeyInfoTest.suite());
//$JUnit-END$
return suite;
Added: xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/ProcessingInstructionTest.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/ProcessingInstructionTest.java?rev=792948&view=auto
==============================================================================
--- xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/ProcessingInstructionTest.java (added)
+++ xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/ProcessingInstructionTest.java Fri Jul 10 13:31:31 2009
@@ -0,0 +1,149 @@
+/*
+ * Copyright 1999-2009 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.xml.security.test.signature;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Iterator;
+
+import javax.xml.namespace.NamespaceContext;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.apache.xml.security.utils.resolver.ResourceResolverException;
+import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.apache.xml.utils.URI;
+
+/**
+ * A test-case for Bugzilla bug 45744 - "XPath transform and xml-stylesheet".
+ */
+public class ProcessingInstructionTest extends TestCase {
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ public static Test suite() {
+ return new TestSuite(ProcessingInstructionTest.class);
+ }
+
+ public void testProcessingInstruction() throws Exception {
+ String signatureFileName = "data/org/apache/xml/security/testcases/upp_sign.xml";
+ DocumentBuilderFactory dbf =
+ DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ File f = new File(signatureFileName);
+ Document doc = db.parse(new java.io.FileInputStream(f));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new NamespaceContext() {
+
+ public String getNamespaceURI(String arg0) {
+ if (!arg0.equals("ds"))
+ throw new RuntimeException();
+ return "http://www.w3.org/2000/09/xmldsig#";
+ }
+
+ public String getPrefix(String arg0) {
+ return "ds";
+ }
+
+ public Iterator getPrefixes(String arg0) {
+ List al = new ArrayList();
+ al.add("ds");
+ return al.iterator();
+ }
+
+ });
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ String baseUri = new File(".").toURL().toString();
+ XMLSignature signature = new XMLSignature(sigElement, baseUri);
+ signature.addResourceResolver(FileResolver.getInstance());
+ X509Certificate cert = signature.getKeyInfo().getX509Certificate();
+ if (!signature.checkSignatureValue(cert)) {
+ throw new Exception("Signature is invalid!");
+ }
+ }
+
+
+ /**
+ * This class resolves "out.xml" on the local filesystem.
+ */
+ private static class FileResolver extends ResourceResolverSpi {
+
+ private static FileResolver resolver = null;
+
+ public synchronized static ResourceResolverSpi getInstance() {
+ if (resolver == null) {
+ resolver = new FileResolver();
+ }
+ return resolver;
+ }
+
+ private FileResolver() {
+ }
+
+ public XMLSignatureInput engineResolve(Attr uri, String baseURI)
+ throws ResourceResolverException {
+
+ try {
+ URI uriNew = new URI(uri.getNodeValue(), baseURI);
+
+ FileInputStream inputStream =
+ new FileInputStream("data/org/apache/xml/security/testcases/out.xml");
+ XMLSignatureInput result = new XMLSignatureInput(inputStream);
+
+ result.setSourceURI(uriNew.toString());
+
+ return result;
+ } catch (Exception ex) {
+ throw new ResourceResolverException(
+ "generic.EmptyMessage", ex, uri, baseURI
+ );
+ }
+ }
+
+ public boolean engineCanResolve(Attr uri, String BaseURI) {
+ if (uri == null || !"out.xml".equals(uri.getNodeValue())) {
+ return false;
+ }
+ return true;
+ }
+ }
+
+}
Propchange: xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/ProcessingInstructionTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: xml/security/trunk/src_unitTests/org/apache/xml/security/test/signature/ProcessingInstructionTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date