You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/01/24 17:03:05 UTC
svn commit: r1561046 - in /santuario/xml-security-java/trunk/src: main/java/org/apache/xml/security/resource/ main/java/org/apache/xml/security/stax/ext/ test/java/org/apache/xml/security/test/stax/

Author: coheigea
Date: Fri Jan 24 16:03:05 2014
New Revision: 1561046

URL: http://svn.apache.org/r1561046
Log:
Reject duplicate actions

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
    santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties?rev=1561046&r1=1561045&r2=1561046&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] Fri Jan 24 16:03:05 2014
@@ -136,6 +136,7 @@ secureProcessing.AllowMD5Algorithm = The
 secureProcessing.AllowNotSameDocumentReferences = External references found. Processing of external references is disabled by default. You can enable it via the \"AllowNotSameDocumentReferences\" property in the configuration.
 secureProcessing.MaximumAllowedXMLStructureDepth = Maximum depth ({0}) of the XML structure reached. You can raise the maximum via the \"MaximumAllowedXMLStructureDepth\" property in the configuration.
 secureProcessing.inputStreamLimitReached = Maximum byte count ({0}) reached.
+stax.duplicateActions = Duplicate Actions are not allowed
 stax.missingSecurityProperties = SecurityProperties must not be null!
 stax.noOutputAction = No outgoing actions specified.
 stax.noKey = Key could not be resolved and no key was loaded for {0}

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java?rev=1561046&r1=1561045&r2=1561046&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java Fri Jan 24 16:03:05 2014
@@ -22,6 +22,7 @@ import java.net.URISyntaxException;
 import java.net.URL;
 import java.security.interfaces.DSAPrivateKey;
 import java.security.interfaces.RSAPrivateKey;
+import java.util.HashSet;
 
 import javax.crypto.SecretKey;
 
@@ -103,6 +104,12 @@ public class XMLSec {
         if (securityProperties.getActions() == null) {
             throw new XMLSecurityConfigurationException("stax.noOutputAction");
         }
+        
+        // Check for duplicate actions
+        if (new HashSet<XMLSecurityConstants.Action>(securityProperties.getActions()).size() 
+            != securityProperties.getActions().size()) {
+            throw new XMLSecurityConfigurationException("stax.duplicateActions");
+        }
 
         for (XMLSecurityConstants.Action action : securityProperties.getActions()) {
             if (XMLSecurityConstants.SIGNATURE.equals(action)) {

Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java?rev=1561046&r1=1561045&r2=1561046&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java Fri Jan 24 16:03:05 2014
@@ -21,10 +21,15 @@ package org.apache.xml.security.test.sta
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.junit.Assert;
 import org.junit.Test;
-
 import org.apache.xml.security.stax.config.Init;
+import org.apache.xml.security.stax.ext.XMLSec;
+import org.apache.xml.security.stax.ext.XMLSecurityConfigurationException;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
 
 import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * @author $Author$
@@ -44,4 +49,25 @@ public class UncategorizedTest extends o
             Assert.assertTrue(e.getMessage().contains("Cannot find the declaration of element 'doc'."));
         }
     }
+    
+    @Test
+    public void testDuplicateActions() throws Exception {
+        XMLSecurityProperties properties = new XMLSecurityProperties();
+        List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+        actions.add(XMLSecurityConstants.SIGNATURE);
+        properties.setActions(actions);
+        
+        // Should work
+        XMLSec.getOutboundXMLSec(properties);
+        
+        // Should throw an error on a duplicate Action
+        actions.add(XMLSecurityConstants.SIGNATURE);
+        properties.setActions(actions);
+        
+        try {
+            XMLSec.getOutboundXMLSec(properties);
+        } catch (XMLSecurityConfigurationException ex) {
+            Assert.assertTrue(ex.getMessage().contains("Duplicate Actions are not allowed"));
+        }
+    }
 }