You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2021/03/29 10:06:54 UTC
[santuario-xml-security-java] branch 2.2.x-fixes updated (e6cc7f7
-> 3dd970a)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 2.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git.
from e6cc7f7 SANTUARIO-564 - Fix warning message by avoiding returning null in ApacheCanonicalizer
new 0bb1ed8 Updating Jetty to 9.4.36.v20210114
new 566c5a5 Updating to Jetty 9.4.37.v20210219
new 546c383 Bump jetty.version from 9.4.38.v20210224 to 9.4.39.v20210325
new 3dd970a SANTUARIO-565 - Registered Java class for http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 doesn't exist
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
pom.xml | 2 +-
.../org/apache/xml/security/resource/config.xml | 2 -
.../org/apache/xml/security/test/dom/InitTest.java | 111 ++++++++++++++++++++-
3 files changed, 110 insertions(+), 5 deletions(-)
[santuario-xml-security-java] 01/04: Updating Jetty to
9.4.36.v20210114
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 2.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
commit 0bb1ed8e7c5494aaaf617a9ae5b620d253d3aa4b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jan 20 10:21:53 2021 +0000
Updating Jetty to 9.4.36.v20210114
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index c6fadaf..79955fc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -533,7 +533,7 @@
<xmlunit.version>2.6.3</xmlunit.version>
<commons.codec.version>1.15</commons.codec.version>
<woodstox.core.version>5.2.1</woodstox.core.version>
- <jetty.version>9.4.24.v20191120</jetty.version>
+ <jetty.version>9.4.36.v20210114</jetty.version>
<xmlsec.jaxb.context.class />
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<targetJdk>1.8</targetJdk>
[santuario-xml-security-java] 02/04: Updating to Jetty
9.4.37.v20210219
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 2.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
commit 566c5a591c3fb28a06654254dd4917963cc218f2
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Feb 23 06:36:34 2021 +0000
Updating to Jetty 9.4.37.v20210219
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 79955fc..c878145 100644
--- a/pom.xml
+++ b/pom.xml
@@ -533,7 +533,7 @@
<xmlunit.version>2.6.3</xmlunit.version>
<commons.codec.version>1.15</commons.codec.version>
<woodstox.core.version>5.2.1</woodstox.core.version>
- <jetty.version>9.4.36.v20210114</jetty.version>
+ <jetty.version>9.4.37.v20210219</jetty.version>
<xmlsec.jaxb.context.class />
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<targetJdk>1.8</targetJdk>
[santuario-xml-security-java] 04/04: SANTUARIO-565 - Registered
Java class for http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1
doesn't exist
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 2.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
commit 3dd970a2b54baa367d593c262121fde7ea0de8c5
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Mar 29 10:51:51 2021 +0100
SANTUARIO-565 - Registered Java class for http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 doesn't exist
---
.../org/apache/xml/security/resource/config.xml | 2 -
.../org/apache/xml/security/test/dom/InitTest.java | 111 ++++++++++++++++++++-
2 files changed, 109 insertions(+), 4 deletions(-)
diff --git a/src/main/java/org/apache/xml/security/resource/config.xml b/src/main/java/org/apache/xml/security/resource/config.xml
index 4444697..e460eb6 100644
--- a/src/main/java/org/apache/xml/security/resource/config.xml
+++ b/src/main/java/org/apache/xml/security/resource/config.xml
@@ -96,8 +96,6 @@
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" />
- <SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1"
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160MGF1" />
<SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1MGF1" />
<SignatureAlgorithm URI="http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1"
diff --git a/src/test/java/org/apache/xml/security/test/dom/InitTest.java b/src/test/java/org/apache/xml/security/test/dom/InitTest.java
index 65c8dfd..c7b7205 100644
--- a/src/test/java/org/apache/xml/security/test/dom/InitTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/InitTest.java
@@ -19,24 +19,42 @@
package org.apache.xml.security.test.dom;
+import java.io.InputStream;
+
import org.apache.xml.security.Init;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
+import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.c14n.CanonicalizerSpi;
+import org.apache.xml.security.keys.keyresolver.KeyResolver;
+import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transform;
+import org.apache.xml.security.transforms.TransformSpi;
+import org.apache.xml.security.utils.ClassLoaderUtils;
+import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class InitTest {
+ private static final String CONFIG_FILE = "org/apache/xml/security/resource/config.xml";
+
@BeforeAll
public static void setup() {
- System.setProperty("org.apache.xml.security.resource.config",
- "org/apache/xml/security/resource/config.xml");
+ System.setProperty("org.apache.xml.security.resource.config", CONFIG_FILE);
}
@AfterAll
@@ -55,4 +73,93 @@ public class InitTest {
assertEquals("MessageDigest", JCEMapper.getAlgorithmClassFromURI(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256));
}
+ @org.junit.jupiter.api.Test
+ public void checkConfigFileImplementationsExist() throws Exception {
+ try (InputStream is = ClassLoaderUtils.getResourceAsStream(CONFIG_FILE, InitTest.class)) {
+ /* read library configuration file */
+ Document doc = XMLUtils.read(is, true);
+ Node config = doc.getFirstChild();
+ for (; config != null; config = config.getNextSibling()) {
+ if ("Configuration".equals(config.getLocalName())) {
+ break;
+ }
+ }
+
+ for (Node el = config.getFirstChild(); el != null; el = el.getNextSibling()) {
+ if (Node.ELEMENT_NODE != el.getNodeType()) {
+ continue;
+ }
+ String tag = el.getLocalName();
+
+ if ("CanonicalizationMethods".equals(tag)) {
+ Element[] list =
+ XMLUtils.selectNodes(el.getFirstChild(), Init.CONF_NS, "CanonicalizationMethod");
+
+ for (Element element : list) {
+ String javaClass =
+ element.getAttributeNS(null, "JAVACLASS");
+
+ Class<? extends CanonicalizerSpi> clazz =
+ (Class<? extends CanonicalizerSpi>)
+ ClassLoaderUtils.loadClass(javaClass, Canonicalizer.class);
+ assertNotNull(clazz);
+ }
+ }
+
+ if ("TransformAlgorithms".equals(tag)) {
+ Element[] tranElem =
+ XMLUtils.selectNodes(el.getFirstChild(), Init.CONF_NS, "TransformAlgorithm");
+
+ for (Element element : tranElem) {
+ String javaClass =
+ element.getAttributeNS(null, "JAVACLASS");
+
+ Class<? extends TransformSpi> transformSpiClass =
+ (Class<? extends TransformSpi>)
+ ClassLoaderUtils.loadClass(javaClass, Transform.class);
+ assertNotNull(transformSpiClass);
+ }
+ }
+
+ if ("SignatureAlgorithms".equals(tag)) {
+ Element[] sigElems =
+ XMLUtils.selectNodes(el.getFirstChild(), Init.CONF_NS, "SignatureAlgorithm");
+
+ for (Element sigElem : sigElems) {
+ String javaClass =
+ sigElem.getAttributeNS(null, "JAVACLASS");
+
+ Class<? extends SignatureAlgorithmSpi> clazz =
+ (Class<? extends SignatureAlgorithmSpi>)
+ ClassLoaderUtils.loadClass(javaClass, SignatureAlgorithm.class);
+ assertNotNull(clazz);
+ }
+ }
+
+ if ("ResourceResolvers".equals(tag)) {
+ Element[] resolverElem =
+ XMLUtils.selectNodes(el.getFirstChild(), Init.CONF_NS, "Resolver");
+ for (Element element : resolverElem) {
+ String javaClass =
+ element.getAttributeNS(null, "JAVACLASS");
+ ResourceResolverSpi resourceResolverSpi =
+ (ResourceResolverSpi)ClassLoaderUtils.loadClass(javaClass, ResourceResolver.class).newInstance();
+ assertNotNull(resourceResolverSpi);
+ }
+ }
+
+ if ("KeyResolver".equals(tag)){
+ Element[] resolverElem =
+ XMLUtils.selectNodes(el.getFirstChild(), Init.CONF_NS, "Resolver");
+ for (Element element : resolverElem) {
+ String javaClass =
+ element.getAttributeNS(null, "JAVACLASS");
+ KeyResolverSpi keyResolverSpi =
+ (KeyResolverSpi) ClassLoaderUtils.loadClass(javaClass, KeyResolver.class).newInstance();
+ assertNotNull(keyResolverSpi);
+ }
+ }
+ }
+ }
+ }
}
[santuario-xml-security-java] 03/04: Bump jetty.version from
9.4.38.v20210224 to 9.4.39.v20210325
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 2.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
commit 546c383c84044e8d3627689135b2ce063183dd64
Author: dependabot[bot] <49...@users.noreply.github.com>
AuthorDate: Mon Mar 29 08:28:41 2021 +0000
Bump jetty.version from 9.4.38.v20210224 to 9.4.39.v20210325
Bumps `jetty.version` from 9.4.38.v20210224 to 9.4.39.v20210325.
Updates `jetty-server` from 9.4.38.v20210224 to 9.4.39.v20210325
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](https://github.com/eclipse/jetty.project/compare/jetty-9.4.38.v20210224...jetty-9.4.39.v20210325)
Updates `jetty-servlet` from 9.4.38.v20210224 to 9.4.39.v20210325
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](https://github.com/eclipse/jetty.project/compare/jetty-9.4.38.v20210224...jetty-9.4.39.v20210325)
Updates `jetty-servlets` from 9.4.38.v20210224 to 9.4.39.v20210325
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](https://github.com/eclipse/jetty.project/compare/jetty-9.4.38.v20210224...jetty-9.4.39.v20210325)
Signed-off-by: dependabot[bot] <su...@github.com>
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index c878145..fbc4880 100644
--- a/pom.xml
+++ b/pom.xml
@@ -533,7 +533,7 @@
<xmlunit.version>2.6.3</xmlunit.version>
<commons.codec.version>1.15</commons.codec.version>
<woodstox.core.version>5.2.1</woodstox.core.version>
- <jetty.version>9.4.37.v20210219</jetty.version>
+ <jetty.version>9.4.39.v20210325</jetty.version>
<xmlsec.jaxb.context.class />
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<targetJdk>1.8</targetJdk>