You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2010/06/18 13:20:01 UTC
svn commit: r955938 - in /xml/security/trunk: ./
src/org/apache/xml/security/keys/keyresolver/implementations/
src/org/apache/xml/security/keys/storage/
src/org/apache/xml/security/keys/storage/implementations/
src_unitTests/org/apache/xml/security/tes...
Author: coheigea
Date: Fri Jun 18 11:20:00 2010
New Revision: 955938
URL: http://svn.apache.org/viewvc?rev=955938&view=rev
Log:
Bug fixes for 49456 and 49458 applied.
Added:
xml/security/trunk/src_unitTests/org/apache/xml/security/test/keys/storage/StorageResolverTest.java
Modified:
xml/security/trunk/CHANGELOG.txt
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/storage/StorageResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java
xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java
Modified: xml/security/trunk/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/xml/security/trunk/CHANGELOG.txt?rev=955938&r1=955937&r2=955938&view=diff
==============================================================================
--- xml/security/trunk/CHANGELOG.txt (original)
+++ xml/security/trunk/CHANGELOG.txt Fri Jun 18 11:20:00 2010
@@ -1,5 +1,7 @@
Changelog for "Apache xml-security" <http://santuario.apache.org/>
New in v1.4.4-SNAPSHOT
+ Fixed Bug 49458: StorageResolver always exhausted after first use. Thanks to Clement Pellerin.
+ Fixed Bug 49456: StorageResolver.next() gives ClassCastException. Thanks to Clement Pellerin.
Fixed Bug 49450: KeyStoreResolver always exhausted after first use. Thanks to Clement Pellerin.
Fixed Bug 49447: KeyStoreResolver iterator returns null for symmetric keys. Thanks to Clement Pellerin.
Fixed Bug 48368: Digest Value of References inside Manifest - calculation order problem
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java?rev=955938&r1=955937&r2=955938&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java Fri Jun 18 11:20:00 2010
@@ -1,6 +1,6 @@
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ package org.apache.xml.security.keys.key
import java.security.PublicKey;
import java.security.cert.X509Certificate;
+import java.util.Iterator;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.X509Data;
@@ -99,8 +100,9 @@ public class X509IssuerSerialResolver ex
int noOfISS = x509data.lengthIssuerSerial();
- while (storage.hasNext()) {
- X509Certificate cert = storage.next();
+ Iterator storageIterator = storage.getIterator();
+ while (storageIterator.hasNext()) {
+ X509Certificate cert = (X509Certificate)storageIterator.next();
XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
if (log.isDebugEnabled()) {
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java?rev=955938&r1=955937&r2=955938&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java Fri Jun 18 11:20:00 2010
@@ -1,6 +1,6 @@
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ package org.apache.xml.security.keys.key
import java.security.PublicKey;
import java.security.cert.X509Certificate;
+import java.util.Iterator;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -119,8 +120,9 @@ public class X509SKIResolver extends Key
new XMLX509SKI(x509childNodes[i], BaseURI);
}
- while (storage.hasNext()) {
- X509Certificate cert = storage.next();
+ Iterator storageIterator = storage.getIterator();
+ while (storageIterator.hasNext()) {
+ X509Certificate cert = (X509Certificate)storageIterator.next();
XMLX509SKI certSKI = new XMLX509SKI(element.getOwnerDocument(), cert);
for (int i = 0; i < x509childObject.length; i++) {
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java?rev=955938&r1=955937&r2=955938&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java Fri Jun 18 11:20:00 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@ package org.apache.xml.security.keys.key
import java.security.PublicKey;
import java.security.cert.X509Certificate;
+import java.util.Iterator;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -119,8 +120,9 @@ public class X509SubjectNameResolver ext
BaseURI);
}
- while (storage.hasNext()) {
- X509Certificate cert = storage.next();
+ Iterator storageIterator = storage.getIterator();
+ while (storageIterator.hasNext()) {
+ X509Certificate cert = (X509Certificate)storageIterator.next();
XMLX509SubjectName certSN =
new XMLX509SubjectName(element.getOwnerDocument(), cert);
Modified: xml/security/trunk/src/org/apache/xml/security/keys/storage/StorageResolver.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/keys/storage/StorageResolver.java?rev=955938&r1=955937&r2=955938&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/storage/StorageResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/storage/StorageResolver.java Fri Jun 18 11:20:00 2010
@@ -1,6 +1,5 @@
-
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -22,6 +21,7 @@ import java.security.cert.X509Certificat
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
+import java.util.NoSuchElementException;
import org.apache.xml.security.keys.storage.implementations.KeyStoreResolver;
import org.apache.xml.security.keys.storage.implementations.SingleCertificateResolver;
@@ -65,8 +65,8 @@ public class StorageResolver {
* @param resolver
*/
public void add(StorageResolverSpi resolver) {
- if (_storageResolvers==null)
- _storageResolvers=new ArrayList();
+ if (_storageResolvers == null)
+ _storageResolvers = new ArrayList();
this._storageResolvers.add(resolver);
this._iterator = null;
@@ -116,29 +116,22 @@ public class StorageResolver {
/**
* Method getIterator
* @return the iterator for the resolvers.
- *
*/
public Iterator getIterator() {
-
- if (this._iterator == null) {
- if (_storageResolvers==null)
- _storageResolvers=new ArrayList();
- this._iterator = new StorageResolverIterator(this._storageResolvers.iterator());
- }
-
- return this._iterator;
+ return new StorageResolverIterator(this._storageResolvers.iterator());
}
/**
* Method hasNext
*
- * @return true if there is more elements.
+ * @return true if there are more elements.
+ * @deprecated no way to restart the iteration, use {@link #getIterator() getIterator()} instead
*/
public boolean hasNext() {
if (this._iterator == null) {
- if (_storageResolvers==null)
- _storageResolvers=new ArrayList();
+ if (_storageResolvers == null)
+ _storageResolvers = new ArrayList();
this._iterator = new StorageResolverIterator(this._storageResolvers.iterator());
}
@@ -149,13 +142,22 @@ public class StorageResolver {
* Method next
*
* @return the next element
+ * @deprecated no way to restart the iteration, use {@link #getIterator() getIterator()} instead
*/
public X509Certificate next() {
+
+ if (this._iterator == null) {
+ if (_storageResolvers == null)
+ _storageResolvers = new ArrayList();
+ this._iterator = new StorageResolverIterator(this._storageResolvers.iterator());
+ }
+
return (X509Certificate) this._iterator.next();
}
/**
* Class StorageResolverIterator
+ * This iterates over all the Certificates found in all the resolvers.
*
* @author $Author$
* @version $Revision$
@@ -165,23 +167,40 @@ public class StorageResolver {
/** Field _resolvers */
Iterator _resolvers = null;
+ /** Field _currentResolver */
+ Iterator _currentResolver = null;
+
/**
- * Constructor FilesystemIterator
+ * Constructor StorageResolverIterator
*
* @param resolvers
*/
public StorageResolverIterator(Iterator resolvers) {
this._resolvers = resolvers;
+ _currentResolver = findNextResolver();
}
/** @inheritDoc */
public boolean hasNext() {
- return _resolvers.hasNext();
+ if (_currentResolver == null) {
+ return false;
+ }
+
+ if (_currentResolver.hasNext()) {
+ return true;
+ }
+
+ _currentResolver = findNextResolver();
+ return (_currentResolver != null);
}
/** @inheritDoc */
public Object next() {
- return _resolvers.next();
+ if (hasNext()) {
+ return _currentResolver.next();
+ }
+
+ throw new NoSuchElementException();
}
/**
@@ -191,5 +210,19 @@ public class StorageResolver {
throw new UnsupportedOperationException(
"Can't remove keys from KeyStore");
}
+
+ // Find the next storage with at least one element and return its Iterator
+ private Iterator findNextResolver() {
+
+ while (_resolvers.hasNext()) {
+ StorageResolverSpi resolverSpi = (StorageResolverSpi)_resolvers.next();
+ Iterator iter = resolverSpi.getIterator();
+ if (iter.hasNext()) {
+ return iter;
+ }
+ }
+
+ return null;
+ }
}
}
Modified: xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java?rev=955938&r1=955937&r2=955938&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java Fri Jun 18 11:20:00 2010
@@ -1,6 +1,6 @@
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -53,9 +53,6 @@ public class CertsInFilesystemDirectoryR
/** Field _certs */
private List _certs = new ArrayList();
- /** Field _iterator */
- Iterator _iterator = null;
-
/**
*
*
@@ -68,8 +65,6 @@ public class CertsInFilesystemDirectoryR
this._merlinsCertificatesDir = directoryName;
this.readCertsFromHarddrive();
-
- this._iterator = new FilesystemIterator(this._certs);
}
/**
@@ -144,7 +139,7 @@ public class CertsInFilesystemDirectoryR
/** @inheritDoc */
public Iterator getIterator() {
- return this._iterator;
+ return new FilesystemIterator(this._certs);
}
/**
Modified: xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java?rev=955938&r1=955937&r2=955938&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java Fri Jun 18 11:20:00 2010
@@ -1,6 +1,6 @@
/*
- * Copyright 1999-2009 The Apache Software Foundation.
+ * Copyright 1999-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -34,20 +34,16 @@ public class SingleCertificateResolver e
/** Field _certificate */
X509Certificate _certificate = null;
- /** Field _iterator */
- Iterator _iterator = null;
-
/**
* @param x509cert the single {@link X509Certificate}
*/
public SingleCertificateResolver(X509Certificate x509cert) {
this._certificate = x509cert;
- this._iterator = new InternalIterator(this._certificate);
}
/** @inheritDoc */
public Iterator getIterator() {
- return this._iterator;
+ return new InternalIterator(this._certificate);
}
/**
Modified: xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java?rev=955938&r1=955937&r2=955938&view=diff
==============================================================================
--- xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java (original)
+++ xml/security/trunk/src_unitTests/org/apache/xml/security/test/ModuleTest.java Fri Jun 18 11:20:00 2010
@@ -61,6 +61,7 @@ public class ModuleTest extends TestCase
suite.addTest(org.apache.xml.security.test.keys.content.x509.XMLX509IssuerSerialTest.suite());
suite.addTest(org.apache.xml.security.test.keys.content.x509.XMLX509CertificateTest.suite());
suite.addTest(org.apache.xml.security.test.keys.storage.KeyStoreResolverTest.suite());
+ suite.addTest(org.apache.xml.security.test.keys.storage.StorageResolverTest.suite());
// suite.addTest(org.apache.xml.security.test.algorithms.implementations.KeyWrapTest.suite());
// suite.addTest(org.apache.xml.security.test.algorithms.implementations.BlockEncryptionTest.suite());
//J+
Added: xml/security/trunk/src_unitTests/org/apache/xml/security/test/keys/storage/StorageResolverTest.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/org/apache/xml/security/test/keys/storage/StorageResolverTest.java?rev=955938&view=auto
==============================================================================
--- xml/security/trunk/src_unitTests/org/apache/xml/security/test/keys/storage/StorageResolverTest.java (added)
+++ xml/security/trunk/src_unitTests/org/apache/xml/security/test/keys/storage/StorageResolverTest.java Fri Jun 18 11:20:00 2010
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2008-2010 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.xml.security.test.keys.storage;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.apache.xml.security.keys.storage.StorageResolver;
+
+/**
+ * KeyStore StorageResolver test.
+ */
+public class StorageResolverTest extends TestCase {
+
+ private static final String BASEDIR = System.getProperty("basedir");
+ private static final String SEP = System.getProperty("file.separator");
+
+ public StorageResolverTest() {
+ super("KeyStoreResolverTest");
+ }
+
+ public StorageResolverTest(String name) {
+ super(name);
+ }
+
+ public static Test suite() {
+ return new TestSuite(StorageResolverTest.class);
+ }
+
+ public void testStorageResolver() throws Exception {
+
+ String inputDir = BASEDIR + SEP + "data" + SEP
+ + "org" + SEP + "apache" + SEP + "xml" + SEP + "security" + SEP
+ + "samples" + SEP + "input";
+
+ FileInputStream inStream = new FileInputStream(inputDir + SEP + "keystore.jks");
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(inStream, "xmlsecurity".toCharArray());
+
+ FileInputStream inStream2 = new FileInputStream(inputDir + SEP + "keystore2.jks");
+ KeyStore ks2 = KeyStore.getInstance("JCEKS");
+ ks2.load(inStream2, "xmlsecurity".toCharArray());
+
+ StorageResolver storage = new StorageResolver(ks);
+ storage.add(ks2);
+
+ // iterate directly on the storage
+ int count = 0;
+ while (storage.hasNext()) {
+ X509Certificate cert = storage.next();
+ assertNotNull(cert);
+ count++;
+ }
+
+ assertEquals(4, count);
+
+ try {
+ storage.next();
+ fail("Expecting NoSuchElementException");
+ } catch (NoSuchElementException e) {
+ }
+
+ Iterator iter = storage.getIterator();
+ checkIterator(iter);
+
+ // check new iterator starts from the beginning
+ Iterator iter2 = storage.getIterator();
+ checkIterator(iter2);
+
+ // check the iterators are independent
+ // check calling next() without calling hasNext()
+ iter = storage.getIterator();
+ iter2 = storage.getIterator();
+
+ while (iter.hasNext()) {
+ X509Certificate cert = (X509Certificate) iter.next();
+ X509Certificate cert2 = (X509Certificate) iter2.next();
+ if (!cert.equals(cert2)) {
+ fail("StorageResolver iterators are not independent");
+ }
+ }
+ assertFalse(iter2.hasNext());
+ }
+
+ private void checkIterator(Iterator iter) {
+ int count = 0;
+ iter.hasNext(); // hasNext() is idempotent
+
+ while (iter.hasNext()) {
+ X509Certificate cert = (X509Certificate) iter.next();
+ cert.getSubjectDN().getName();
+ count++;
+ }
+
+ // The iterator skipped over symmetric keys
+ assertEquals(4, count);
+
+ // Cannot go beyond last element
+ try {
+ iter.next();
+ fail("Expecting NoSuchElementException");
+ } catch (NoSuchElementException e) {
+ }
+ }
+}
+