You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/05/06 08:01:43 UTC
svn commit: r1877416 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/signature/
main/java/org/apache/xml/security/transforms/implementations/
main/java/org/apache/xml/security/utils/
test/java/org/apache/xml/security/test...
Author: coheigea
Date: Wed May 6 08:01:43 2020
New Revision: 1877416
URL: http://svn.apache.org/viewvc?rev=1877416&view=rev
Log:
Adding some code coverage tests for the utils package.
Added:
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/utils/JDKXPathFactoryTest.java
Removed:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/EncryptionElementProxy.java
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/ElementProxy.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/JDKXPathAPI.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayInputStream.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XPathFactory.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java Wed May 6 08:01:43 2020
@@ -29,9 +29,7 @@ import java.security.spec.AlgorithmParam
import javax.crypto.SecretKey;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
-import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
@@ -793,13 +791,7 @@ public final class XMLSignature extends
this.setSignatureValueElement(sa.sign());
} catch (XMLSignatureException ex) {
throw ex;
- } catch (CanonicalizationException ex) {
- throw new XMLSignatureException(ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new XMLSignatureException(ex);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException(ex);
- } catch (IOException ex) {
+ } catch (XMLSecurityException | IOException ex) {
throw new XMLSignatureException(ex);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformXPath.java Wed May 6 08:01:43 2020
@@ -93,7 +93,7 @@ public class TransformXPath extends Tran
String str = XMLUtils.getStrFromNode(xpathnode);
input.setNeedsToBeExpanded(needsCircumvent(str));
- XPathFactory xpathFactory = XPathFactory.newInstance();
+ XPathFactory xpathFactory = getXPathFactory();
XPathAPI xpathAPIInstance = xpathFactory.newXPathAPI();
input.addNodeFilter(new XPathNodeFilter(xpathElement, xpathnode, str, xpathAPIInstance));
input.setNodeSet(true);
@@ -103,6 +103,10 @@ public class TransformXPath extends Tran
}
}
+ protected XPathFactory getXPathFactory() {
+ return XPathFactory.newInstance();
+ }
+
/**
* @param str
* @return true if needs to be circumvent for bug.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/ElementProxy.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/ElementProxy.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/ElementProxy.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/ElementProxy.java Wed May 6 08:01:43 2020
@@ -206,7 +206,7 @@ public abstract class ElementProxy {
}
protected Text createText(String text) {
- return this.wrappedDoc.createTextNode(text);
+ return getDocument().createTextNode(text);
}
/**
@@ -286,15 +286,7 @@ public abstract class ElementProxy {
*/
public void addBase64Element(byte[] bytes, String localname) {
if (bytes != null) {
- Element el = XMLUtils.createElementInSignatureSpace(getDocument(), localname);
- Text text = getDocument().createTextNode(XMLUtils.encodeToString(bytes));
-
- el.appendChild(text);
-
- appendSelf(el);
- if (!XMLUtils.ignoreLineBreaks()) {
- appendSelf(createText("\n"));
- }
+ addTextElement(XMLUtils.encodeToString(bytes), localname);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/JDKXPathAPI.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/JDKXPathAPI.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/JDKXPathAPI.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/JDKXPathAPI.java Wed May 6 08:01:43 2020
@@ -33,7 +33,7 @@ import org.w3c.dom.NodeList;
/**
* An implementation for XPath evaluation that uses the JDK API.
*/
-public class JDKXPathAPI implements XPathAPI {
+class JDKXPathAPI implements XPathAPI {
private XPathFactory xpf;
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayInputStream.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayInputStream.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayInputStream.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayInputStream.java Wed May 6 08:01:43 2020
@@ -56,9 +56,7 @@ public class UnsyncByteArrayInputStream
* the byte array to stream over.
*/
public UnsyncByteArrayInputStream(byte[] buf) {
- this.mark = 0;
- this.buf = buf;
- this.count = buf.length;
+ this(buf, 0, buf.length);
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java Wed May 6 08:01:43 2020
@@ -472,26 +472,6 @@ public final class XMLUtils {
}
/**
- * Method createDSctx
- *
- * @param doc
- * @param prefix
- * @param namespace
- * @return the element.
- */
- public static Element createDSctx(Document doc, String prefix, String namespace) {
- if (prefix == null || prefix.trim().length() == 0) {
- throw new IllegalArgumentException("You must supply a prefix");
- }
-
- Element ctx = doc.createElementNS(null, "namespaceContext");
-
- ctx.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix.trim(), namespace);
-
- return ctx;
- }
-
- /**
* Method addReturnToElement
*
* @param e
@@ -842,25 +822,6 @@ public final class XMLUtils {
}
/**
- * Returns the attribute value for the attribute with the specified name.
- * Returns null if there is no such attribute, or
- * the empty string if the attribute value is empty.
- *
- * <p>This works around a limitation of the DOM
- * <code>Element.getAttributeNode</code> method, which does not distinguish
- * between an unspecified attribute and an attribute with a value of
- * "" (it returns "" for both cases).
- *
- * @param elem the element containing the attribute
- * @param name the name of the attribute
- * @return the attribute value (may be null if unspecified)
- */
- public static String getAttributeValue(Element elem, String name) {
- Attr attr = elem.getAttributeNodeNS(null, name);
- return (attr == null) ? null : attr.getValue();
- }
-
- /**
* This method is a tree-search to help prevent against wrapping attacks. It checks that no
* two Elements have ID Attributes that match the "value" argument, if this is the case then
* "false" is returned. Note that a return value of "true" does not necessarily mean that
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XPathFactory.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XPathFactory.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XPathFactory.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XPathFactory.java Wed May 6 08:01:43 2020
@@ -45,11 +45,8 @@ public abstract class XPathFactory {
* Get a new XPathFactory instance
*/
public static XPathFactory newInstance() {
- if (!xalanInstalled) {
- return new JDKXPathFactory();
- }
// Xalan is available
- if (XalanXPathAPI.isInstalled()) {
+ if (xalanInstalled && XalanXPathAPI.isInstalled()) {
return new XalanXPathFactory();
}
// Some problem was encountered in fixing up the Xalan FunctionTable so fall back to the
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XalanXPathAPI.java Wed May 6 08:01:43 2020
@@ -42,7 +42,7 @@ import org.w3c.dom.NodeList;
* An implementation of XPathAPI using Xalan. This supports the "here()" function defined in the digital
* signature spec.
*/
-public class XalanXPathAPI implements XPathAPI {
+class XalanXPathAPI implements XPathAPI {
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(XalanXPathAPI.class);
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java?rev=1877416&r1=1877415&r2=1877416&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java Wed May 6 08:01:43 2020
@@ -217,6 +217,59 @@ public class CreateSignatureTest {
}
@org.junit.jupiter.api.Test
+ public void testXPathSignature() throws Exception {
+ Document doc = TestUtils.newDocument();
+ doc.appendChild(doc.createComment(" Comment before "));
+ Element root = doc.createElementNS("", "RootElement");
+
+ doc.appendChild(root);
+ root.appendChild(doc.createTextNode("Some simple text\n"));
+
+ // Sign
+ XMLSignature sig =
+ new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA);
+ root.appendChild(sig.getElement());
+
+ ObjectContainer object = new ObjectContainer(doc);
+ object.setId("object-1");
+ object.setMimeType("text/plain");
+ object.setEncoding("http://www.w3.org/2000/09/xmldsig#base64");
+ object.appendChild(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="));
+ sig.appendObject(object);
+
+ Transforms transforms = new Transforms(doc);
+ XPathContainer xpathC = new XPathContainer(doc);
+ xpathC.setXPath("ancestor-or-self::dsig-xpath:Object");
+ xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH);
+
+ Element node = xpathC.getElement();
+ transforms.addTransform(Transforms.TRANSFORM_XPATH, node);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+
+ sig.sign(kp.getPrivate());
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ XMLUtils.outputDOMc14nWithComments(doc, bos);
+ String signedDoc = new String(bos.toByteArray());
+
+ // Now Verify
+ try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
+ doc = XMLUtils.read(is, false);
+ }
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ assertTrue(signature.checkSignatureValue(kp.getPublic()));
+ }
+
+ @org.junit.jupiter.api.Test
public void testCanonicalizedOctetStream() throws Exception {
String signedXML = doSign();
Added: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/utils/JDKXPathFactoryTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/utils/JDKXPathFactoryTest.java?rev=1877416&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/utils/JDKXPathFactoryTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/utils/JDKXPathFactoryTest.java Wed May 6 08:01:43 2020
@@ -0,0 +1,143 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.utils;
+
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.xml.security.algorithms.SignatureAlgorithm;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.keys.keyresolver.KeyResolver;
+import org.apache.xml.security.signature.ObjectContainer;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.test.dom.DSNamespaceContext;
+import org.apache.xml.security.test.dom.TestUtils;
+import org.apache.xml.security.transforms.Transform;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.implementations.TransformXPath;
+import org.apache.xml.security.transforms.params.XPathContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.ElementProxy;
+import org.apache.xml.security.utils.I18n;
+import org.apache.xml.security.utils.JDKXPathFactory;
+import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolver;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * Test the JDKXPathFactory by adding a custom transform that hard-wires the use of JDKXPathFactory, instead of
+ * checking to see whether Xalan is on the classpath or not
+ */
+public class JDKXPathFactoryTest {
+
+ static org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(JDKXPathFactoryTest.class);
+
+ private KeyPair kp;
+
+ public JDKXPathFactoryTest() throws Exception {
+ // org.apache.xml.security.Init.init();
+ // Instead of calling Init.init(), instead initialize the library manually
+ I18n.init("en", "US");
+ ElementProxy.registerDefaultPrefixes();
+ SignatureAlgorithm.registerDefaultAlgorithms();
+ JCEMapper.registerDefaultAlgorithms();
+ Canonicalizer.registerDefaultAlgorithms();
+ ResourceResolver.registerDefaultResolvers();
+ KeyResolver.registerDefaultResolvers();
+
+ // Manually register TransformJDKXPath
+ Transform.register(Transforms.TRANSFORM_XPATH, TransformJDKXPath.class);
+
+ kp = KeyPairGenerator.getInstance("RSA").genKeyPair();
+ }
+
+ @org.junit.jupiter.api.Test
+ public void testXPathSignature() throws Exception {
+ Document doc = TestUtils.newDocument();
+ doc.appendChild(doc.createComment(" Comment before "));
+ Element root = doc.createElementNS("", "RootElement");
+
+ doc.appendChild(root);
+ root.appendChild(doc.createTextNode("Some simple text\n"));
+
+ // Sign
+ XMLSignature sig =
+ new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA);
+ root.appendChild(sig.getElement());
+
+ ObjectContainer object = new ObjectContainer(doc);
+ object.setId("object-1");
+ object.setMimeType("text/plain");
+ object.setEncoding("http://www.w3.org/2000/09/xmldsig#base64");
+ object.appendChild(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="));
+ sig.appendObject(object);
+
+ Transforms transforms = new Transforms(doc);
+ XPathContainer xpathC = new XPathContainer(doc);
+ xpathC.setXPath("ancestor-or-self::dsig-xpath:Object");
+ xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH);
+
+ Element node = xpathC.getElement();
+ transforms.addTransform(Transforms.TRANSFORM_XPATH, node);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+
+ sig.sign(kp.getPrivate());
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ XMLUtils.outputDOMc14nWithComments(doc, bos);
+ String signedDoc = new String(bos.toByteArray());
+
+ // Now Verify
+ try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
+ doc = XMLUtils.read(is, false);
+ }
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ assertTrue(signature.checkSignatureValue(kp.getPublic()));
+ }
+
+ public static class TransformJDKXPath extends TransformXPath {
+ @Override
+ protected org.apache.xml.security.utils.XPathFactory getXPathFactory() {
+ return new JDKXPathFactory();
+ }
+ }
+
+}
\ No newline at end of file