You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/01/24 17:03:05 UTC
svn commit: r1561046 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/resource/
main/java/org/apache/xml/security/stax/ext/
test/java/org/apache/xml/security/test/stax/
Author: coheigea
Date: Fri Jan 24 16:03:05 2014
New Revision: 1561046
URL: http://svn.apache.org/r1561046
Log:
Reject duplicate actions
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties?rev=1561046&r1=1561045&r2=1561046&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/xmlsecurity_en.properties [iso-8859-1] Fri Jan 24 16:03:05 2014
@@ -136,6 +136,7 @@ secureProcessing.AllowMD5Algorithm = The
secureProcessing.AllowNotSameDocumentReferences = External references found. Processing of external references is disabled by default. You can enable it via the \"AllowNotSameDocumentReferences\" property in the configuration.
secureProcessing.MaximumAllowedXMLStructureDepth = Maximum depth ({0}) of the XML structure reached. You can raise the maximum via the \"MaximumAllowedXMLStructureDepth\" property in the configuration.
secureProcessing.inputStreamLimitReached = Maximum byte count ({0}) reached.
+stax.duplicateActions = Duplicate Actions are not allowed
stax.missingSecurityProperties = SecurityProperties must not be null!
stax.noOutputAction = No outgoing actions specified.
stax.noKey = Key could not be resolved and no key was loaded for {0}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java?rev=1561046&r1=1561045&r2=1561046&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSec.java Fri Jan 24 16:03:05 2014
@@ -22,6 +22,7 @@ import java.net.URISyntaxException;
import java.net.URL;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
+import java.util.HashSet;
import javax.crypto.SecretKey;
@@ -103,6 +104,12 @@ public class XMLSec {
if (securityProperties.getActions() == null) {
throw new XMLSecurityConfigurationException("stax.noOutputAction");
}
+
+ // Check for duplicate actions
+ if (new HashSet<XMLSecurityConstants.Action>(securityProperties.getActions()).size()
+ != securityProperties.getActions().size()) {
+ throw new XMLSecurityConfigurationException("stax.duplicateActions");
+ }
for (XMLSecurityConstants.Action action : securityProperties.getActions()) {
if (XMLSecurityConstants.SIGNATURE.equals(action)) {
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java?rev=1561046&r1=1561045&r2=1561046&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/UncategorizedTest.java Fri Jan 24 16:03:05 2014
@@ -21,10 +21,15 @@ package org.apache.xml.security.test.sta
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.junit.Assert;
import org.junit.Test;
-
import org.apache.xml.security.stax.config.Init;
+import org.apache.xml.security.stax.ext.XMLSec;
+import org.apache.xml.security.stax.ext.XMLSecurityConfigurationException;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
/**
* @author $Author$
@@ -44,4 +49,25 @@ public class UncategorizedTest extends o
Assert.assertTrue(e.getMessage().contains("Cannot find the declaration of element 'doc'."));
}
}
+
+ @Test
+ public void testDuplicateActions() throws Exception {
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ // Should work
+ XMLSec.getOutboundXMLSec(properties);
+
+ // Should throw an error on a duplicate Action
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ try {
+ XMLSec.getOutboundXMLSec(properties);
+ } catch (XMLSecurityConfigurationException ex) {
+ Assert.assertTrue(ex.getMessage().contains("Duplicate Actions are not allowed"));
+ }
+ }
}