You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2021/08/11 09:15:44 UTC
[santuario-xml-security-java] branch master updated: SANTUARIO-573
- Remove local + http ResourceResolvers by default
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
The following commit(s) were added to refs/heads/master by this push:
new 8617987 SANTUARIO-573 - Remove local + http ResourceResolvers by default
8617987 is described below
commit 861798760e2a52f7d25d5d208a9006129d73a03b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Aug 11 10:15:13 2021 +0100
SANTUARIO-573 - Remove local + http ResourceResolvers by default
---
.../security/utils/resolver/ResourceResolver.java | 13 -------------
.../xml/crypto/test/dsig/BaltimoreIaik2Test.java | 4 ++++
.../java/javax/xml/crypto/test/dsig/C14N11Test.java | 4 ++++
.../xml/crypto/test/dsig/CreateBaltimore23Test.java | 3 +++
.../xml/crypto/test/dsig/IaikCoreFeaturesTest.java | 4 ++++
.../xml/crypto/test/dsig/IaikTransformsTest.java | 4 ++++
.../javax/xml/crypto/test/dsig/InteropC14nTest.java | 4 ++++
.../crypto/test/dsig/JSRForbiddenReferenceTest.java | 17 +++++++++--------
.../xml/crypto/test/dsig/ValidateSignatureTest.java | 4 ++++
.../Canonicalizer20010315ExclusiveTest.java | 3 +++
.../implementations/ExclusiveC14NInteropTest.java | 3 +++
.../xml/security/test/dom/interop/IAIKTest.java | 3 +++
.../test/dom/secure_val/ForbiddenReferenceTest.java | 21 ++++++++++++---------
.../dom/utils/resolver/ResourceResolverTest.java | 2 ++
.../SignatureCreationReferenceURIResolverTest.java | 9 +++++++++
...tionReferenceURIResolverRemoteReferenceTest.java | 3 +++
16 files changed, 71 insertions(+), 30 deletions(-)
diff --git a/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java b/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
index f3de97b..d18f2a5 100644
--- a/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
+++ b/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
@@ -26,9 +26,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.apache.xml.security.utils.JavaUtils;
-import org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP;
import org.apache.xml.security.utils.resolver.implementations.ResolverFragment;
-import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import org.apache.xml.security.utils.resolver.implementations.ResolverXPointer;
/**
@@ -133,9 +131,7 @@ public class ResourceResolver {
if (defaultResolversAdded.compareAndSet(false, true)) {
List<ResourceResolverSpi> resourceResolversToAdd = new ArrayList<>();
resourceResolversToAdd.add(new ResolverFragment());
- resourceResolversToAdd.add(new ResolverLocalFilesystem());
resourceResolversToAdd.add(new ResolverXPointer());
- resourceResolversToAdd.add(new ResolverDirectHTTP());
resolverList.addAll(resourceResolversToAdd);
}
@@ -155,15 +151,6 @@ public class ResourceResolver {
LOG.debug("check resolvability by class {}", resolver.getClass().getName());
if (resolver.engineCanResolveURI(context)) {
- // Check to see whether the Resolver is allowed
- if (context.secureValidation
- && (resolver instanceof ResolverLocalFilesystem
- || resolver instanceof ResolverDirectHTTP)) {
- Object[] exArgs = { resolver.getClass().getName() };
- throw new ResourceResolverException(
- "signature.Reference.ForbiddenResolver", exArgs, context.uriToResolve, context.baseUri
- );
- }
return resolver.engineResolveURI(context);
}
}
diff --git a/src/test/java/javax/xml/crypto/test/dsig/BaltimoreIaik2Test.java b/src/test/java/javax/xml/crypto/test/dsig/BaltimoreIaik2Test.java
index a816ba7..26433be 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/BaltimoreIaik2Test.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/BaltimoreIaik2Test.java
@@ -27,6 +27,9 @@ import java.security.Security;
import javax.xml.crypto.test.KeySelectors;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
+
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
@@ -42,6 +45,7 @@ public class BaltimoreIaik2Test {
static {
Security.insertProviderAt
(new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
public BaltimoreIaik2Test() {
diff --git a/src/test/java/javax/xml/crypto/test/dsig/C14N11Test.java b/src/test/java/javax/xml/crypto/test/dsig/C14N11Test.java
index 7a27ffb..203d242 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/C14N11Test.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/C14N11Test.java
@@ -25,6 +25,9 @@ import javax.xml.crypto.KeySelector;
import javax.xml.crypto.test.KeySelectors;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
+
import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -42,6 +45,7 @@ public class C14N11Test {
static {
Security.insertProviderAt
(new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
public C14N11Test() throws Exception {
diff --git a/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java b/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java
index dc6f499..c46f039 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java
@@ -35,6 +35,8 @@ import java.security.cert.X509CRL;
import java.util.*;
import org.apache.xml.security.parser.XMLParserException;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import org.w3c.dom.*;
import javax.xml.crypto.KeySelector;
@@ -84,6 +86,7 @@ public class CreateBaltimore23Test {
static {
Security.insertProviderAt
(new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
public CreateBaltimore23Test() throws Exception {
diff --git a/src/test/java/javax/xml/crypto/test/dsig/IaikCoreFeaturesTest.java b/src/test/java/javax/xml/crypto/test/dsig/IaikCoreFeaturesTest.java
index 77aa331..8c79a44 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/IaikCoreFeaturesTest.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/IaikCoreFeaturesTest.java
@@ -30,6 +30,9 @@ import javax.xml.crypto.*;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.test.KeySelectors;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
+
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
@@ -45,6 +48,7 @@ public class IaikCoreFeaturesTest {
static {
Security.insertProviderAt
(new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
public IaikCoreFeaturesTest() {
diff --git a/src/test/java/javax/xml/crypto/test/dsig/IaikTransformsTest.java b/src/test/java/javax/xml/crypto/test/dsig/IaikTransformsTest.java
index 2c92524..47986dd 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/IaikTransformsTest.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/IaikTransformsTest.java
@@ -27,6 +27,9 @@ import java.security.Security;
import javax.xml.crypto.test.KeySelectors;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
+
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
@@ -41,6 +44,7 @@ public class IaikTransformsTest {
static {
Security.insertProviderAt
(new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
public IaikTransformsTest() {
diff --git a/src/test/java/javax/xml/crypto/test/dsig/InteropC14nTest.java b/src/test/java/javax/xml/crypto/test/dsig/InteropC14nTest.java
index ed8741f..3bb517c 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/InteropC14nTest.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/InteropC14nTest.java
@@ -27,6 +27,9 @@ import java.security.Security;
import javax.xml.crypto.test.KeySelectors;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
+
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
@@ -42,6 +45,7 @@ public class InteropC14nTest {
static {
Security.insertProviderAt
(new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
public InteropC14nTest() {
diff --git a/src/test/java/javax/xml/crypto/test/dsig/JSRForbiddenReferenceTest.java b/src/test/java/javax/xml/crypto/test/dsig/JSRForbiddenReferenceTest.java
index 80603f5..76a47db 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/JSRForbiddenReferenceTest.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/JSRForbiddenReferenceTest.java
@@ -27,12 +27,15 @@ import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.test.KeySelectors;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
+
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
/**
- * This is a test for a forbidden Reference algorithm when secure validation is enabled.
+ * This is a test for a forbidden Reference algorithm.
*/
public class JSRForbiddenReferenceTest {
@@ -62,18 +65,16 @@ public class JSRForbiddenReferenceTest {
file, new KeySelectors.SecretKeySelector("secret".getBytes(StandardCharsets.US_ASCII))
);
- vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.FALSE);
- boolean coreValidity = validator.validate(vc);
- assertTrue(coreValidity, "Signature failed core validation");
-
- vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
-
try {
validator.validate(vc);
- fail("Failure expected when secure validation is enabled");
+ fail("Failure expected by default");
} catch (XMLSignatureException ex) {
assertTrue(ex.getMessage().contains("URIReferenceException"));
}
+
+ // Now it should work as we have added the local file resolver
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
+ assertTrue(validator.validate(vc));
}
}
\ No newline at end of file
diff --git a/src/test/java/javax/xml/crypto/test/dsig/ValidateSignatureTest.java b/src/test/java/javax/xml/crypto/test/dsig/ValidateSignatureTest.java
index 9399144..c007155 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/ValidateSignatureTest.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/ValidateSignatureTest.java
@@ -22,6 +22,9 @@ package javax.xml.crypto.test.dsig;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.security.Security;
+
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -53,6 +56,7 @@ public class ValidateSignatureTest {
static {
Security.insertProviderAt
(new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
public ValidateSignatureTest() {
diff --git a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java
index c4de623..08781ae 100644
--- a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315ExclusiveTest.java
@@ -43,6 +43,8 @@ import org.apache.xml.security.test.dom.TestUtils;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -58,6 +60,7 @@ public class Canonicalizer20010315ExclusiveTest {
static {
org.apache.xml.security.Init.init();
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
static org.slf4j.Logger LOG =
diff --git a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java
index c70fbd4..c890965 100644
--- a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/ExclusiveC14NInteropTest.java
@@ -27,6 +27,8 @@ import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.test.dom.interop.InteropTestBase;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import org.w3c.dom.Element;
import static org.junit.jupiter.api.Assertions.assertNull;
@@ -43,6 +45,7 @@ public class ExclusiveC14NInteropTest extends InteropTestBase {
static {
org.apache.xml.security.Init.init();
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
/**
diff --git a/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java b/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java
index b6e0b43..38404c5 100644
--- a/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/interop/IAIKTest.java
@@ -24,8 +24,10 @@ import org.apache.xml.security.test.dom.utils.resolver.OfflineResolver;
import java.nio.charset.StandardCharsets;
import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.apache.xml.security.utils.resolver.implementations.ResolverAnonymous;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
@@ -52,6 +54,7 @@ public class IAIKTest extends InteropTestBase {
gregorsDir = basedir + "/" + gregorsDir;
}
org.apache.xml.security.Init.init();
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
/**
diff --git a/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java b/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java
index 30f9ad4..b827390 100644
--- a/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenReferenceTest.java
@@ -27,6 +27,8 @@ import org.apache.xml.security.signature.MissingResourceFailureException;
import org.apache.xml.security.test.dom.interop.InteropTestBase;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import org.w3c.dom.Element;
import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -35,7 +37,7 @@ import static org.junit.jupiter.api.Assertions.fail;
/**
- * This is a test for a forbidden Reference algorithm when secure validation is enabled.
+ * This is a test for a forbidden Reference algorithm
*/
public class ForbiddenReferenceTest extends InteropTestBase {
@@ -52,21 +54,22 @@ public class ForbiddenReferenceTest extends InteropTestBase {
@org.junit.jupiter.api.Test
public void testLocalFilesystem() throws Exception {
- boolean success =
- readAndVerifyManifest("src/test/resources/interop/c14n/Y3", "signature.xml", false);
-
- assertTrue(success);
-
try {
- readAndVerifyManifest("src/test/resources/interop/c14n/Y3", "signature.xml", true);
+ readAndVerifyManifest("src/test/resources/interop/c14n/Y3", "signature.xml");
fail("Failure expected when secure validation is enabled");
} catch (MissingResourceFailureException ex) {
assertTrue(ex.getMessage().contains("The Reference for URI"));
}
+
+ // Now it should work as we have added the local file resolver
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
+ boolean success =
+ readAndVerifyManifest("src/test/resources/interop/c14n/Y3", "signature.xml");
+ assertTrue(success);
}
private boolean readAndVerifyManifest(
- String directory, String file, boolean secValidation
+ String directory, String file
) throws Exception {
String basedir = System.getProperty("basedir");
if (basedir != null && basedir.length() != 0) {
@@ -80,7 +83,7 @@ public class ForbiddenReferenceTest extends InteropTestBase {
Element manifestElement =
(Element) doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
Constants._TAG_SIGNEDINFO).item(0);
- Manifest manifest = new Manifest(manifestElement, f.toURI().toURL().toString(), secValidation);
+ Manifest manifest = new Manifest(manifestElement, f.toURI().toURL().toString(), true);
return manifest.verifyReferences();
}
diff --git a/src/test/java/org/apache/xml/security/test/dom/utils/resolver/ResourceResolverTest.java b/src/test/java/org/apache/xml/security/test/dom/utils/resolver/ResourceResolverTest.java
index 975c540..0a37b59 100644
--- a/src/test/java/org/apache/xml/security/test/dom/utils/resolver/ResourceResolverTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/utils/resolver/ResourceResolverTest.java
@@ -24,6 +24,7 @@ import java.io.File;
import org.apache.xml.security.test.dom.TestUtils;
import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.ResourceResolverContext;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
@@ -84,6 +85,7 @@ public class ResourceResolverTest {
String file = new File(basedir, "pom.xml").toURI().toString();
uriAttr.setValue(file);
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
ResourceResolverContext resolverContext =
new ResourceResolverContext(uriAttr, file, false);
try {
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
index 09aa737..4430d67 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
@@ -46,7 +46,10 @@ import org.apache.xml.security.stax.impl.resourceResolvers.ResolverHttp;
import org.apache.xml.security.test.stax.utils.HttpRequestRedirectorProxy;
import org.apache.xml.security.test.stax.utils.XmlReaderToWriter;
import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
+import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -60,6 +63,12 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
*/
public class SignatureCreationReferenceURIResolverTest extends AbstractSignatureCreationTest {
+ @BeforeAll
+ public static void setup() throws Exception {
+ AbstractSignatureCreationTest.setup();
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
+ }
+
@Test
public void testSignatureCreationWithExternalFilesystemXMLReference() throws Exception {
// Set up the Configuration
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverRemoteReferenceTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverRemoteReferenceTest.java
index 6929c8c..d495b94 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverRemoteReferenceTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverRemoteReferenceTest.java
@@ -44,8 +44,10 @@ import org.apache.xml.security.stax.impl.resourceResolvers.ResolverHttp;
import org.apache.xml.security.test.stax.utils.HttpRequestRedirectorProxy;
import org.apache.xml.security.test.stax.utils.StAX2DOM;
import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
@@ -70,6 +72,7 @@ public class SignatureVerificationReferenceURIResolverRemoteReferenceTest extend
.getResource("security-config-allow-same-doc.xml").toURI(),
SignatureVerificationReferenceURIResolverRemoteReferenceTest.class);
org.apache.xml.security.Init.init();
+ ResourceResolver.register(new ResolverLocalFilesystem(), false);
}
@Test