You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2021/01/19 10:08:30 UTC
[santuario-xml-security-java] branch 2.2.x-fixes updated:
SANTUARIO-561 - TransformC14N returns empty byte array when nothing is
provided as an input
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 2.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
The following commit(s) were added to refs/heads/2.2.x-fixes by this push:
new 06a4c18 SANTUARIO-561 - TransformC14N returns empty byte array when nothing is provided as an input
06a4c18 is described below
commit 06a4c1875959612a893461373df3dadb5e481c97
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jan 19 10:00:40 2021 +0000
SANTUARIO-561 - TransformC14N returns empty byte array when nothing is provided as an input
---
.../transforms/implementations/TransformC14N.java | 2 +-
.../implementations/TransformC14NExclusive.java | 2 +-
.../dom/c14n/implementations/Santuario561Test.java | 69 ++++++++++++++++++++++
3 files changed, 71 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/TransformC14N.java b/src/main/java/org/apache/xml/security/transforms/implementations/TransformC14N.java
index 7c54dc0..8420ae2 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/TransformC14N.java
+++ b/src/main/java/org/apache/xml/security/transforms/implementations/TransformC14N.java
@@ -56,7 +56,7 @@ public class TransformC14N extends TransformSpi {
Canonicalizer20010315 c14n = getCanonicalizer();
- if (os == null) {
+ if (os == null && (input.isOctetStream() || input.isElement() || input.isNodeSet())) {
try (ByteArrayOutputStream writer = new ByteArrayOutputStream()) {
c14n.engineCanonicalize(input, writer, secureValidation);
writer.flush();
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/TransformC14NExclusive.java b/src/main/java/org/apache/xml/security/transforms/implementations/TransformC14NExclusive.java
index 09bda6c..2e722a4 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/TransformC14NExclusive.java
+++ b/src/main/java/org/apache/xml/security/transforms/implementations/TransformC14NExclusive.java
@@ -78,7 +78,7 @@ public class TransformC14NExclusive extends TransformSpi {
Canonicalizer20010315Excl c14n = getCanonicalizer();
- if (os == null) {
+ if (os == null && (input.isOctetStream() || input.isElement() || input.isNodeSet())) {
try (ByteArrayOutputStream writer = new ByteArrayOutputStream()) {
c14n.engineCanonicalize(input, inclusiveNamespaces, writer, secureValidation);
writer.flush();
diff --git a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario561Test.java b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario561Test.java
new file mode 100644
index 0000000..8d10543
--- /dev/null
+++ b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario561Test.java
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.c14n.implementations;
+
+import java.io.OutputStream;
+import java.security.MessageDigest;
+import java.util.Base64;
+
+import org.apache.xml.security.c14n.CanonicalizationException;
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.transforms.implementations.TransformC14N;
+import org.junit.jupiter.api.Test;
+import org.w3c.dom.Element;
+
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+/**
+ * This is a test for Santuario-561:
+ *
+ * https://issues.apache.org/jira/browse/SANTUARIO-561
+ *
+ * TransformC14N returns empty byte array when nothing is provided as an input
+ */
+public class Santuario561Test {
+
+ @Test
+ public void transformC14NWithDigestTest() throws Exception {
+ MessageDigest md = MessageDigest.getInstance("SHA-256");
+ byte[] digest = md.digest("Hello world!".getBytes());
+ XMLSignatureInput inputPrecomputed = new XMLSignatureInput(Base64.getEncoder().encodeToString(digest));
+
+ MockTransformC14N mockTransformC14N = new MockTransformC14N();
+
+ XMLSignatureInput xmlSignatureOutput =
+ mockTransformC14N.enginePerformTransform(inputPrecomputed, null, null, null, false);
+ assertNull(xmlSignatureOutput.getBytes());
+ }
+
+ public static class MockTransformC14N extends TransformC14N {
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ @Override
+ public XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream os,
+ Element transformElement, String baseURI,
+ boolean secureValidation) throws CanonicalizationException {
+ return super.enginePerformTransform(input, os, transformElement, baseURI, secureValidation);
+ }
+
+ }
+}
\ No newline at end of file