You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/04/02 14:01:12 UTC
svn commit: r1876048 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/keys/keyresolver/implementations/
main/java/org/apache/xml/security/signature/
test/java/org/apache/xml/security/test/dom/signature/
Author: coheigea
Date: Thu Apr 2 14:01:12 2020
New Revision: 1876048
URL: http://svn.apache.org/viewvc?rev=1876048&view=rev
Log:
Removing SignedInfo.reparse, which is not needed any more as we already check for known C14n algorithms
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/UnknownAlgoSignatureTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java?rev=1876048&r1=1876047&r2=1876048&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java Thu Apr 2 14:01:12 2020
@@ -222,7 +222,7 @@ public class KeyInfoReferenceResolver ex
IOException, SAXException, KeyResolverException {
Element e;
- if (resource.isElement()){
+ if (resource.isElement()) {
e = (Element) resource.getSubNode();
} else if (resource.isNodeSet()) {
LOG.debug("De-reference of KeyInfoReference returned an unsupported NodeSet");
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java?rev=1876048&r1=1876047&r2=1876048&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java Thu Apr 2 14:01:12 2020
@@ -227,7 +227,7 @@ public class RetrievalMethodResolver ext
throws CanonicalizationException, ParserConfigurationException,
IOException, SAXException, KeyResolverException {
Element e;
- if (resource.isElement()){
+ if (resource.isElement()) {
e = (Element) resource.getSubNode();
} else if (resource.isNodeSet()) {
// Retrieved resource is a nodeSet
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java?rev=1876048&r1=1876047&r2=1876048&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java Thu Apr 2 14:01:12 2020
@@ -18,17 +18,13 @@
*/
package org.apache.xml.security.signature;
-import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.io.OutputStream;
-import java.security.spec.AlgorithmParameterSpec;
import java.security.Provider;
-
+import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
-import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.c14n.CanonicalizationException;
@@ -38,10 +34,9 @@ import org.apache.xml.security.exception
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
+
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
/**
* Handles <code><ds:SignedInfo></code> elements
@@ -244,8 +239,7 @@ public class SignedInfo extends Manifest
public SignedInfo(
Element element, String baseURI, boolean secureValidation, Provider provider
) throws XMLSecurityException {
- // Parse the Reference children and Id attribute in the Manifest
- super(reparseSignedInfoElem(element, secureValidation), baseURI, secureValidation);
+ super(element, baseURI, secureValidation);
c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
if (c14nMethod == null ||
@@ -267,58 +261,6 @@ public class SignedInfo extends Manifest
new SignatureAlgorithm(signatureMethod, this.getBaseURI(), secureValidation, provider);
}
- private static Element reparseSignedInfoElem(Element element, boolean secureValidation)
- throws XMLSecurityException {
- /*
- * If a custom canonicalizationMethod is used, canonicalize
- * ds:SignedInfo, reparse it into a new document
- * and replace the original not-canonicalized ds:SignedInfo by
- * the re-parsed canonicalized one.
- */
- Element c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
- if (c14nMethod == null ||
- !(Constants.SignatureSpecNS.equals(c14nMethod.getNamespaceURI())
- && Constants._TAG_CANONICALIZATIONMETHOD.equals(c14nMethod.getLocalName()))) {
- Object[] exArgs = { Constants._TAG_CANONICALIZATIONMETHOD, Constants._TAG_SIGNEDINFO };
- throw new XMLSignatureException("xml.WrongContent", exArgs);
- }
-
- String c14nMethodURI =
- c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
- if (!(c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS))) {
- // the c14n is not a secure one and can rewrite the URIs or like
- // so reparse the SignedInfo to be sure
- try {
- Canonicalizer c14nizer = Canonicalizer.getInstance(c14nMethodURI);
-
- byte[] c14nizedBytes = null;
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
- c14nizer.canonicalizeSubtree(element, baos);
- c14nizedBytes = baos.toByteArray();
- }
- try (InputStream is = new ByteArrayInputStream(c14nizedBytes)) {
- Document newdoc = XMLUtils.read(is, secureValidation);
- Node imported = element.getOwnerDocument().importNode(
- newdoc.getDocumentElement(), true);
- element.getParentNode().replaceChild(imported, element);
- return (Element) imported;
- }
- } catch (ParserConfigurationException ex) {
- throw new XMLSecurityException(ex);
- } catch (IOException ex) {
- throw new XMLSecurityException(ex);
- } catch (SAXException ex) {
- throw new XMLSecurityException(ex);
- }
- }
- return element;
- }
-
/**
* Tests core validation process
*
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java?rev=1876048&r1=1876047&r2=1876048&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java Thu Apr 2 14:01:12 2020
@@ -568,7 +568,7 @@ public class XMLSignatureInput {
isNodeSet = b;
}
- void convertToNodes() throws CanonicalizationException,
+ private void convertToNodes() throws CanonicalizationException,
ParserConfigurationException, IOException, SAXException {
// select all nodes, also the comments.
try {
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/UnknownAlgoSignatureTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/UnknownAlgoSignatureTest.java?rev=1876048&r1=1876047&r2=1876048&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/UnknownAlgoSignatureTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/UnknownAlgoSignatureTest.java Thu Apr 2 14:01:12 2020
@@ -30,7 +30,6 @@ import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.Init;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.test.dom.DSNamespaceContext;
@@ -92,7 +91,7 @@ public class UnknownAlgoSignatureTest {
try {
assertTrue(checkSignature("signature-bad-c14n-algo.xml"));
fail("Exception not caught");
- } catch (InvalidCanonicalizerException e) {
+ } catch (XMLSignatureException e) {
// succeed
}
}