santuario-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mul...@apache.org
Subject svn commit: r820791 - in /xml/security/trunk: CHANGELOG.txt data/javax/xml/crypto/dsig/demo.signed.xml src/org/apache/xml/security/c14n/implementations/Canonicalizer20010315Excl.java src_unitTests/javax/xml/crypto/test/dsig/ValidateSignatureTest.java
Date Thu, 01 Oct 2009 21:10:22 GMT
Author: mullan
Date: Thu Oct  1 21:10:22 2009
New Revision: 820791

URL: http://svn.apache.org/viewvc?rev=820791&view=rev
Log:
Fixed Bug 47761: xmlns:xml namespace improperly emitted during excl c14n

Added:
    xml/security/trunk/data/javax/xml/crypto/dsig/demo.signed.xml
Modified:
    xml/security/trunk/CHANGELOG.txt
    xml/security/trunk/src/org/apache/xml/security/c14n/implementations/Canonicalizer20010315Excl.java
    xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/ValidateSignatureTest.java

Modified: xml/security/trunk/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/xml/security/trunk/CHANGELOG.txt?rev=820791&r1=820790&r2=820791&view=diff
==============================================================================
--- xml/security/trunk/CHANGELOG.txt (original)
+++ xml/security/trunk/CHANGELOG.txt Thu Oct  1 21:10:22 2009
@@ -1,5 +1,6 @@
 Changelog for "Apache xml-security" <http://santuario.apache.org/>
 New in v1.4.4-SNAPSHOT
+    Fixed Bug 47761: xmlns:xml namespace improperly emitted during excl c14n. Thanks to Scott
Cantor.
     Fixed Bug 36526: Out of memory error when signing or verifying big files. Thanks to Agnes
Juhasz.
     Fixed Bug 47784: ClassNotFoundException when init the xml security in OSGi plateform
     Fixed Bug 47762: contextChild parameter of Transform.getInstance may be null 

Added: xml/security/trunk/data/javax/xml/crypto/dsig/demo.signed.xml
URL: http://svn.apache.org/viewvc/xml/security/trunk/data/javax/xml/crypto/dsig/demo.signed.xml?rev=820791&view=auto
==============================================================================
--- xml/security/trunk/data/javax/xml/crypto/dsig/demo.signed.xml (added)
+++ xml/security/trunk/data/javax/xml/crypto/dsig/demo.signed.xml Thu Oct  1 21:10:22 2009
@@ -0,0 +1,144 @@
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" Name="https://example.org/saml2-metadata.xml"
validUntil="2009-08-31T00:00:00Z" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata
saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd
http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd">
+
+<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<ds:Reference URI="">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default
ds shibmd xml xsi"/>
+</ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<ds:DigestValue>c+pz2qmMzCAsjhymWYT8kD8TSVI=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>u5Vehsz4VRNX+0DifiWlB2Eh5ZsPb4CRksNTLhOifIH4oFOaAriCdlJVDG+cDq2P
+q83LhgmDutzYXUxqVwB/XNSYLVQSkwFUgu2NYo/0hsF2TI4vsM5Az4JSDUKF+0ad
+qXxj+Jz04zj4p902pE43KpigoJ1WvqBaD2jLAX0HZOjVcJGRZJeQDI/BsYZ0lf6e
+qk1SLB0XQ6rZA1O1uhSad77vdC4P0CY0w7DMf6HZbpj5SvxK7iu9ePIcYQwflSGg
+dmunfZ75Ue2xv9VhuuJMffcwqr+Kh0gdCMsDnKzD3pK7ZQfh5K3+6PhlMdhBh63j
+l7epO9AitUCgRvM44uccKA==</ds:SignatureValue>
+<ds:KeyInfo><ds:KeyName>signing.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=signing.example.org</ds:X509SubjectName><ds:X509Certificate>MIIDADCCAeigAwIBAgIJAO01RvCjIOi+MA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNV
+BAMTE3NpZ25pbmcuZXhhbXBsZS5vcmcwHhcNMDkwODI4MTYzMTEyWhcNMTkwODI2
+MTYzMTEyWjAeMRwwGgYDVQQDExNzaWduaW5nLmV4YW1wbGUub3JnMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6vsEoTbNJoi75fA3WwE5XkDMVA7cQgs
+aD3em3dfYoGUMRHJbftThhiUo1fhmjVGDVvG/Yb/De9e0ncQ1q/qa7/EJGkQqbuY
+34VmsrLKbjAaPMSDbyjMVnNjC16fbyfVFRLHERqHsfZVf47I/N9WF7+RvTCp8nhO
+b1iKm3/XuAdxfofnNqyPujgYKGlF0ABQRE/UXSaspoR7GU20Mf2j3aQ0HLhFXK+j
+Fq/Q9qKL3x+2tesPFCVdYxtYxFnLQMCq3nSIUKfni3J/fm4TsjcwAs/ogr+zbQeH
+72uSMZZcUMCoHcM4VcKyvqi9xzxRf/NlrHTLN3PRUT+7wTm3ucn+5wIDAQABo0Ew
+PzAeBgNVHREEFzAVghNzaWduaW5nLmV4YW1wbGUub3JnMB0GA1UdDgQWBBR4Nt/W
+PutiGteCwcKvMDDbXGZoAjANBgkqhkiG9w0BAQUFAAOCAQEAACOpFL5P6XnqiiOQ
+9jibQ07dbOjVRaMoQpERs8X30JennVOiuEDAMMYv6rnx/tsc3ecNDiImdFMF/pgH
+nzrU3E+ErgyGoiGOpyE+LrqFw6DRyzxloHqp8YqILA2p7Mdhsad7tMuJZViVpxG+
+UK+sLRkfnPc5nAqUW4mZy9xnNcxdt5qqE7EoJVJYKGDm5DmxtEgDmU9sTb4jcGtr
+NAEg1aEQKCGgPm0eJ2HxklXC1s+04Vo5H/ARchSBxHq+yLVJrQvfEMNyke0Za1Jo
+I7wO/7g5YyoH2QzsMQA/6Q3WCcZj54si0m1ZHDXqzRr9knrxA8quDECWZ0+MS7RL
+IrVtRQ==
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature> 
  
+
+<EntityDescriptor entityID="https://idp.example.org/idp/shibboleth" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+    <IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol
urn:oasis:names:tc:SAML:2.0:protocol">
+
+        <Extensions>
+            <shibmd:Scope regexp="false" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">example.org</shibmd:Scope>
+        </Extensions>
+
+        <KeyDescriptor>
+            <ds:KeyInfo>
+                <ds:X509Data>
+                    <ds:X509Certificate>
+MIIC6DCCAdCgAwIBAgIJANA7/GSykN0DMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
+BAMTC2V4YW1wbGUub3JnMB4XDTA5MDgyODE2Mjc1NFoXDTE5MDgyNjE2Mjc1NFow
+FjEUMBIGA1UEAxMLZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC33b4heR6ZO/ig8k+4ein0ql2hs8cPX0iC8GcwM5ewRKc7cWLrmhng
+QKjXZ7qUSPq2kzi3rlHMk0NnFZixhQrhjgEw2rMSfln8Bq2o06xJCUuxidLqypIn
+sAIQIyQGDTHZseT6aElqDlBB9vauvJ3bdCDaL3Eu9qByCclYWaLjjRzv1tv3PMNe
++xlYvoAcVIAxYzSPBtsKlfx5nn9hH/lFXP/LMz7yiBnfl+jvd/swEySZxATAJwb5
+4o0cG76FMJrN2dWH/ad/A0VoAePYNvKY7s4mOfKG/E+2e1h+aYmDwxZedsUXTGex
+KnhpK3fngNGOFEWEzULh+OORMQ0PbDFFAgMBAAGjOTA3MBYGA1UdEQQPMA2CC2V4
+YW1wbGUub3JnMB0GA1UdDgQWBBSaK2Coq3Gpp2cC4QcpsGrLuq4qKzANBgkqhkiG
+9w0BAQUFAAOCAQEAgZjD8nlcnb3sG9FquesN1tSKdN3tI/b9Rs84JUEqlxnX0KHo
+HyxpFcAB6cdFfnAmc6c0wSgZnXYW+jiQdmXHQGHh6GERmZa38swLM8Q/fnrxq6hQ
+Jzxx1pNWZgUDLyM5DeXbIYdcyHYzjaiyMYX7ayrj7WM9dujEZHHwQZ8X/NVDmOl9
+kYV14gpCrlu8jaQHa/mTlqr7Cbz6II49YM5XlNTbgdphx2ONz+P84NI21kf+BAJG
+nHBGqysSXQ9UrKJ1UHhYbVQgY/SJMgG+FIG8zMjQwBigETCKyL58aSANeGFcdCg4
+1q247ZautYYNb6z8bSmREK6GiWHMxePVXWykYQ==
+
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+        </KeyDescriptor>
+        
+        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://idp.example.org:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
+
+        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://idp.example.org:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
+                                   
+        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
+        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+
+        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.example.org/idp/profile/Shibboleth/SSO"/>
+        
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://idp.example.org/idp/profile/SAML2/POST/SSO"/>
+
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="https://idp.example.org/idp/profile/SAML2/POST-SimpleSign/SSO"/>
+        
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://idp.example.org/idp/profile/SAML2/Redirect/SSO"/>
+    </IDPSSODescriptor>
+
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol
urn:oasis:names:tc:SAML:2.0:protocol">
+
+        <Extensions>
+            <shibmd:Scope regexp="false" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">example.org</shibmd:Scope>
+        </Extensions>
+
+        <KeyDescriptor>
+            <ds:KeyInfo>
+                <ds:X509Data>
+                    <ds:X509Certificate>
+MIIC6DCCAdCgAwIBAgIJANA7/GSykN0DMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
+BAMTC2V4YW1wbGUub3JnMB4XDTA5MDgyODE2Mjc1NFoXDTE5MDgyNjE2Mjc1NFow
+FjEUMBIGA1UEAxMLZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC33b4heR6ZO/ig8k+4ein0ql2hs8cPX0iC8GcwM5ewRKc7cWLrmhng
+QKjXZ7qUSPq2kzi3rlHMk0NnFZixhQrhjgEw2rMSfln8Bq2o06xJCUuxidLqypIn
+sAIQIyQGDTHZseT6aElqDlBB9vauvJ3bdCDaL3Eu9qByCclYWaLjjRzv1tv3PMNe
++xlYvoAcVIAxYzSPBtsKlfx5nn9hH/lFXP/LMz7yiBnfl+jvd/swEySZxATAJwb5
+4o0cG76FMJrN2dWH/ad/A0VoAePYNvKY7s4mOfKG/E+2e1h+aYmDwxZedsUXTGex
+KnhpK3fngNGOFEWEzULh+OORMQ0PbDFFAgMBAAGjOTA3MBYGA1UdEQQPMA2CC2V4
+YW1wbGUub3JnMB0GA1UdDgQWBBSaK2Coq3Gpp2cC4QcpsGrLuq4qKzANBgkqhkiG
+9w0BAQUFAAOCAQEAgZjD8nlcnb3sG9FquesN1tSKdN3tI/b9Rs84JUEqlxnX0KHo
+HyxpFcAB6cdFfnAmc6c0wSgZnXYW+jiQdmXHQGHh6GERmZa38swLM8Q/fnrxq6hQ
+Jzxx1pNWZgUDLyM5DeXbIYdcyHYzjaiyMYX7ayrj7WM9dujEZHHwQZ8X/NVDmOl9
+kYV14gpCrlu8jaQHa/mTlqr7Cbz6II49YM5XlNTbgdphx2ONz+P84NI21kf+BAJG
+nHBGqysSXQ9UrKJ1UHhYbVQgY/SJMgG+FIG8zMjQwBigETCKyL58aSANeGFcdCg4
+1q247ZautYYNb6z8bSmREK6GiWHMxePVXWykYQ==
+
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+        </KeyDescriptor>
+
+        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://idp.example.org:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
+        
+        <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.org:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
+        
+        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
+        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+        
+    </AttributeAuthorityDescriptor>
+    <Organization>
+        <OrganizationName xml:lang="en" xmlns:xml="http://www.w3.org/XML/1998/namespace">Example
University Foo</OrganizationName>
+        <OrganizationDisplayName xml:lang="en" xmlns:xml="http://www.w3.org/XML/1998/namespace">Example
University</OrganizationDisplayName>
+        <OrganizationURL xml:lang="en" xmlns:xml="http://www.w3.org/XML/1998/namespace">http://www.example.org/</OrganizationURL>
+    </Organization>
+    <ContactPerson contactType="technical">
+        <SurName>Webmaster</SurName>
+        <EmailAddress>webmaster@example.org</EmailAddress>
+    </ContactPerson>
+</EntityDescriptor></EntitiesDescriptor>
\ No newline at end of file

Modified: xml/security/trunk/src/org/apache/xml/security/c14n/implementations/Canonicalizer20010315Excl.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/c14n/implementations/Canonicalizer20010315Excl.java?rev=820791&r1=820790&r2=820791&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/c14n/implementations/Canonicalizer20010315Excl.java
(original)
+++ xml/security/trunk/src/org/apache/xml/security/c14n/implementations/Canonicalizer20010315Excl.java
Thu Oct  1 21:10:22 2009
@@ -1,6 +1,5 @@
-
 /*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2009 The Apache Software Foundation.
  * 
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License. You may obtain a copy of
@@ -22,7 +21,6 @@
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
-
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.xml.security.c14n.CanonicalizationException;
@@ -37,6 +35,7 @@
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;
+
 /**
  * Implements &quot; <A
  * HREF="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">Exclusive XML
@@ -54,6 +53,9 @@
  *          XML Canonicalization, Version 1.0</a>
  */
 public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
+
+    private static final String XML_LANG_URI=Constants.XML_LANG_SPACE_SpecNS;
+
     /**
       * This Set contains the names (Strings like "xmlns" or "xmlns:foo") of
       * the inclusive namespaces.
@@ -61,280 +63,293 @@
     TreeSet _inclusiveNSSet = new TreeSet();
     static final String XMLNS_URI=Constants.NamespaceSpecNS;
     final SortedSet result = new TreeSet(COMPARE);
-	/**
-	 * Constructor Canonicalizer20010315Excl
-	 * 
-	 * @param includeComments
-	 */
-	public Canonicalizer20010315Excl(boolean includeComments) {
-		super(includeComments);
-	}
 
-	/**
-	 * Method engineCanonicalizeSubTree
-	 * @inheritDoc
-	 * @param rootNode
-	 * 
-	 * @throws CanonicalizationException
-	 */
-	public byte[] engineCanonicalizeSubTree(Node rootNode)
-			throws CanonicalizationException {
-		return this.engineCanonicalizeSubTree(rootNode, "",null);
-	}
-	/**
-	 * Method engineCanonicalizeSubTree
-	 *  @inheritDoc
-	 * @param rootNode
-	 * @param inclusiveNamespaces
-	 * 
-	 * @throws CanonicalizationException
-	 */
-	public byte[] engineCanonicalizeSubTree(Node rootNode,
-			String inclusiveNamespaces) throws CanonicalizationException {
-		return this.engineCanonicalizeSubTree(rootNode, inclusiveNamespaces,null);
-	}
-	/**
-	 * Method engineCanonicalizeSubTree  
-	 * @param rootNode
+    /**
+     * Constructor Canonicalizer20010315Excl
+     * 
+     * @param includeComments
+     */
+    public Canonicalizer20010315Excl(boolean includeComments) {
+	super(includeComments);
+    }
+
+    /**
+     * Method engineCanonicalizeSubTree
+     * @inheritDoc
+     * @param rootNode
+     * 
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(Node rootNode)
+	throws CanonicalizationException {
+	return engineCanonicalizeSubTree(rootNode, "", null);
+    }
+
+    /**
+     * Method engineCanonicalizeSubTree
+     *  @inheritDoc
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * 
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(Node rootNode,
+	String inclusiveNamespaces) throws CanonicalizationException {
+	return engineCanonicalizeSubTree(rootNode, inclusiveNamespaces, null);
+    }
+
+    /**
+     * Method engineCanonicalizeSubTree  
+     * @param rootNode
      * @param inclusiveNamespaces   
      * @param excl A element to exclude from the c14n process. 
-	 * @return the rootNode c14n.
-	 * @throws CanonicalizationException
-	 */
-	public byte[] engineCanonicalizeSubTree(Node rootNode,
-			String inclusiveNamespaces,Node excl) throws CanonicalizationException {
-			this._inclusiveNSSet = (TreeSet)InclusiveNamespaces
-					.prefixStr2Set(inclusiveNamespaces);			
-			return super.engineCanonicalizeSubTree(rootNode,excl);
-	}
-	/**
-	 * 
-	 * @param rootNode
-	 * @param inclusiveNamespaces
-	 * @return the rootNode c14n.
-	 * @throws CanonicalizationException
-	 */
-	public byte[] engineCanonicalize(XMLSignatureInput rootNode,
-			String inclusiveNamespaces) throws CanonicalizationException {
-			this._inclusiveNSSet = (TreeSet)InclusiveNamespaces
-					.prefixStr2Set(inclusiveNamespaces);			
-			return super.engineCanonicalize(rootNode);
-	}
+     * @return the rootNode c14n.
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(Node rootNode,
+	String inclusiveNamespaces, Node excl) throws CanonicalizationException{
+	this._inclusiveNSSet = 
+            (TreeSet) InclusiveNamespaces.prefixStr2Set(inclusiveNamespaces);
+	return super.engineCanonicalizeSubTree(rootNode, excl);
+    }
+
+    /**
+     * 
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @return the rootNode c14n.
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalize(XMLSignatureInput rootNode,
+	String inclusiveNamespaces) throws CanonicalizationException {
+	this._inclusiveNSSet = 
+            (TreeSet) InclusiveNamespaces.prefixStr2Set(inclusiveNamespaces);
+	return super.engineCanonicalize(rootNode);
+    }
  
-	/**
-	 * Method handleAttributesSubtree
-	 * @inheritDoc
-	 * @param E
-	 * @throws CanonicalizationException
-	 */
-	Iterator handleAttributesSubtree(Element E,NameSpaceSymbTable ns)
-			throws CanonicalizationException {
-		// System.out.println("During the traversal, I encountered " +
-		// XMLUtils.getXPath(E));
-		// result will contain the attrs which have to be outputted
-		SortedSet result = this.result;       
-	    result.clear();
-		NamedNodeMap attrs=null;
-        
-		int attrsLength = 0;
+    /**
+     * Method handleAttributesSubtree
+     * @inheritDoc
+     * @param E
+     * @throws CanonicalizationException
+     */
+    Iterator handleAttributesSubtree(Element E, NameSpaceSymbTable ns)
+        throws CanonicalizationException {
+	// System.out.println("During the traversal, I encountered " +
+	// XMLUtils.getXPath(E));
+	// result will contain the attrs which have to be outputted
+	SortedSet result = this.result;       
+        result.clear();
+	NamedNodeMap attrs = null;
+
+	int attrsLength = 0;
         if (E.hasAttributes()) {
             attrs = E.getAttributes();
-        	attrsLength = attrs.getLength();
+       	    attrsLength = attrs.getLength();
         }
-		//The prefix visibly utilized(in the attribute or in the name) in the element
-		SortedSet visiblyUtilized =(SortedSet) _inclusiveNSSet.clone();
-					
-		for (int i = 0; i < attrsLength; i++) {
-			Attr N = (Attr) attrs.item(i);
-					
-			if (XMLNS_URI!=N.getNamespaceURI()) {
-				//Not a namespace definition.
-				//The Element is output element, add his prefix(if used) to visibyUtilized
-				String prefix = N.getPrefix();
-				if ( (prefix != null) && (!prefix.equals(XML) && !prefix.equals(XMLNS))
) {
-						visiblyUtilized.add(prefix);
-				}					
-				//Add to the result.
-				 result.add(N);				
-				continue;
-			}
-			String NName=N.getLocalName();
-			String NNodeValue=N.getNodeValue();
-		
-			if (ns.addMapping(NName, NNodeValue,N)) {
-				//New definition check if it is relative.
+	// The prefix visibly utilized(in the attribute or in the name) in 
+        // the element
+	SortedSet visiblyUtilized = (SortedSet) _inclusiveNSSet.clone();
+
+	for (int i = 0; i < attrsLength; i++) {
+	    Attr N = (Attr) attrs.item(i);
+
+	    if (XMLNS_URI != N.getNamespaceURI()) {
+		// Not a namespace definition.
+		// The Element is output element, add the prefix (if used) to 
+                // visibyUtilized
+		String prefix = N.getPrefix();
+		if (prefix != null && (!prefix.equals(XML) 
+                    && !prefix.equals(XMLNS))) {
+		    visiblyUtilized.add(prefix);
+		}					
+		// Add to the result.
+		result.add(N);				
+		continue;
+	    }
+	    String NName = N.getLocalName();
+	    String NNodeValue = N.getNodeValue();
+            if (XML.equals(NName) && XML_LANG_URI.equals(NNodeValue)) {
+                // The default mapping for xml must not be output.
+                continue;
+            }
+
+	    if (ns.addMapping(NName, NNodeValue, N)) {
+	        // New definition check if it is relative.
                 if (C14nHelper.namespaceIsRelative(NNodeValue)) {
-                    Object exArgs[] = {E.getTagName(), NName,
-                            N.getNodeValue()};
+                    Object exArgs[] = {E.getTagName(), NName, N.getNodeValue()};
                     throw new CanonicalizationException(
-                            "c14n.Canonicalizer.RelativeNamespace", exArgs);
+                        "c14n.Canonicalizer.RelativeNamespace", exArgs);
                 }
             }
-		}		
-		String prefix;
-		if (E.getNamespaceURI() != null) {
-			prefix = E.getPrefix();
-			if ((prefix == null) || (prefix.length() == 0)) {
-				prefix=XMLNS;
-			}
-						
-		} else {
-			prefix=XMLNS;
-		}
-		visiblyUtilized.add(prefix);
-									
-		//This can be optimezed by I don't have time
-		Iterator it=visiblyUtilized.iterator();
-		while (it.hasNext()) {
-			String s=(String)it.next();									
-			Attr key=ns.getMapping(s);
-			if (key==null) {
-				continue;
-			}
-			result.add(key);
-		}
-		
-		return result.iterator(); 		
+	}		
+	String prefix;
+	if (E.getNamespaceURI() != null) {
+	    prefix = E.getPrefix();
+	    if (prefix == null || prefix.length() == 0) {
+		prefix = XMLNS;
+	    }
+	} else {
+	    prefix = XMLNS;
 	}
+	visiblyUtilized.add(prefix);
 
-	/**
-	 * Method engineCanonicalizeXPathNodeSet
-	 * @inheritDoc
-	 * @param xpathNodeSet
-	 * @param inclusiveNamespaces
-	 * @throws CanonicalizationException
-	 */
-	public byte[] engineCanonicalizeXPathNodeSet(Set xpathNodeSet,
-			String inclusiveNamespaces) throws CanonicalizationException {
-		
-		
-			this._inclusiveNSSet = (TreeSet)InclusiveNamespaces
-					.prefixStr2Set(inclusiveNamespaces);
-			return super.engineCanonicalizeXPathNodeSet(xpathNodeSet);
-		
+	// This can be optimezed by I don't have time
+	Iterator it = visiblyUtilized.iterator();
+	while (it.hasNext()) {
+	    String s = (String) it.next();
+	    Attr key = ns.getMapping(s);
+	    if (key == null) {
+		continue;
+	    }
+	    result.add(key);
 	}
+
+	return result.iterator(); 		
+    }
+
+    /**
+     * Method engineCanonicalizeXPathNodeSet
+     * @inheritDoc
+     * @param xpathNodeSet
+     * @param inclusiveNamespaces
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeXPathNodeSet(Set xpathNodeSet,
+	String inclusiveNamespaces) throws CanonicalizationException {
+		
+	this._inclusiveNSSet = 
+            (TreeSet) InclusiveNamespaces.prefixStr2Set(inclusiveNamespaces);
+	return super.engineCanonicalizeXPathNodeSet(xpathNodeSet);
+    }
 	
-	/**
+    /**
      * @inheritDoc
-	 * @param E
-	 * @throws CanonicalizationException
-	 */
-	final Iterator handleAttributes(Element E, NameSpaceSymbTable ns)
-			throws CanonicalizationException {
-		// result will contain the attrs which have to be outputted
-		SortedSet result = this.result;       
-	    result.clear();
-		NamedNodeMap attrs = null;
-		int attrsLength = 0;
+     * @param E
+     * @throws CanonicalizationException
+     */
+    final Iterator handleAttributes(Element E, NameSpaceSymbTable ns)
+	throws CanonicalizationException {
+	// result will contain the attrs which have to be outputted
+	SortedSet result = this.result;       
+        result.clear();
+	NamedNodeMap attrs = null;
+	int attrsLength = 0;
         if (E.hasAttributes()) {
             attrs = E.getAttributes();           
-        	attrsLength = attrs.getLength();
+       	    attrsLength = attrs.getLength();
         }
-		//The prefix visibly utilized(in the attribute or in the name) in the element
-		Set visiblyUtilized =null;
-		//It's the output selected.
-		boolean isOutputElement=isVisibleDO(E,ns.getLevel())==1;			
+	// The prefix visibly utilized (in the attribute or in the name) in 
+        // the element
+	Set visiblyUtilized = null;
+	// It's the output selected.
+	boolean isOutputElement = isVisibleDO(E, ns.getLevel()) == 1;
+	if (isOutputElement) {
+	    visiblyUtilized = (Set) this._inclusiveNSSet.clone();
+	}
+
+	for (int i = 0; i < attrsLength; i++) {
+	    Attr N = (Attr) attrs.item(i);
+
+	    if (XMLNS_URI != N.getNamespaceURI()) {
+		if (!isVisible(N)) {
+		    // The node is not in the nodeset(if there is a nodeset)
+		    continue;
+		}
+		// Not a namespace definition.
 		if (isOutputElement) {
-			visiblyUtilized =  (Set) this._inclusiveNSSet.clone();
+		    // The Element is output element, add the prefix (if used) 
+                    // to visibyUtilized
+		    String prefix = N.getPrefix();
+		    if (prefix != null && (!prefix.equals(XML) 
+                        && !prefix.equals(XMLNS))) {
+			visiblyUtilized.add(prefix);
+		    }					
+		    // Add to the result.
+		    result.add(N);
 		}
-		
-		for (int i = 0; i < attrsLength; i++) {
-			Attr N = (Attr) attrs.item(i);
-						
-						
-			if (XMLNS_URI!=N.getNamespaceURI()) {
-				if ( !isVisible(N) )  {
-					//The node is not in the nodeset(if there is a nodeset)
-					continue;
-				}
-				//Not a namespace definition.
-				if (isOutputElement) {
-					//The Element is output element, add his prefix(if used) to visibyUtilized
-					String prefix = N.getPrefix();
-					if ((prefix != null) && (!prefix.equals(XML) && !prefix.equals(XMLNS))
){ 
-							visiblyUtilized.add(prefix);
-					}					
-					//Add to the result.
-				    result.add(N);
-				}
-				continue;
-			}
-			String NName=N.getLocalName();
-			if (isOutputElement && !isVisible(N) && NName!=XMLNS) {
-    			ns.removeMappingIfNotRender(NName);
-    			continue;
-    		}
-			String NNodeValue=N.getNodeValue();
-			
-			if (!isOutputElement && isVisible(N) && _inclusiveNSSet.contains(NName)
&& !ns.removeMappingIfRender(NName)) {
-				Node n=ns.addMappingAndRender(NName,NNodeValue,N);
-			 	if (n!=null) {
-			 	 		result.add(n);
-	                    if (C14nHelper.namespaceIsRelative(N)) {
-	                       Object exArgs[] = { E.getTagName(), NName, N.getNodeValue() };
-	                       throw new CanonicalizationException(
-	                          "c14n.Canonicalizer.RelativeNamespace", exArgs);
-	                   }
-			 	 }
-			}
-						
-			
-			
-			if (ns.addMapping(NName, NNodeValue,N)) {
-                //New definiton check if it is relative
+		continue;
+	    }
+	    String NName = N.getLocalName();
+	    if (isOutputElement && !isVisible(N) && NName != XMLNS) {
+		ns.removeMappingIfNotRender(NName);
+    		continue;
+    	    }
+	    String NNodeValue = N.getNodeValue();
+
+	    if (!isOutputElement && isVisible(N) 
+                && _inclusiveNSSet.contains(NName) 
+                && !ns.removeMappingIfRender(NName)) {
+		Node n = ns.addMappingAndRender(NName, NNodeValue, N);
+	 	if (n != null) {
+		    result.add(n);
+	            if (C14nHelper.namespaceIsRelative(N)) {
+	                Object exArgs[] = 
+                            { E.getTagName(), NName, N.getNodeValue() };
+                        throw new CanonicalizationException(
+	                    "c14n.Canonicalizer.RelativeNamespace", exArgs);
+                    }
+		}
+	    }
+
+	    if (ns.addMapping(NName, NNodeValue, N)) {
+                // New definiton check if it is relative
                 if (C14nHelper.namespaceIsRelative(NNodeValue)) {
-                    Object exArgs[] = {E.getTagName(), NName,
-                            N.getNodeValue()};
+                    Object exArgs[] = 
+                        { E.getTagName(), NName, N.getNodeValue() };
                     throw new CanonicalizationException(
-                            "c14n.Canonicalizer.RelativeNamespace", exArgs);
+                        "c14n.Canonicalizer.RelativeNamespace", exArgs);
                 }    
             }
-		}
+	}
 
-		if (isOutputElement) {	               
-           //The element is visible, handle the xmlns definition    
-           Attr xmlns = E.getAttributeNodeNS(XMLNS_URI, XMLNS);
-           if ((xmlns!=null) &&  (!isVisible(xmlns))) {
-              //There is a definition but the xmlns is not selected by the xpath.
-              //then xmlns=""
-              ns.addMapping(XMLNS,"",nullNode);                               
+	if (isOutputElement) {	               
+            // The element is visible, handle the xmlns definition    
+            Attr xmlns = E.getAttributeNodeNS(XMLNS_URI, XMLNS);
+            if (xmlns != null && !isVisible(xmlns)) {
+                // There is a definition but the xmlns is not selected by the 
+                // xpath. then xmlns=""
+                ns.addMapping(XMLNS, "", nullNode);
             }
 
-			if (E.getNamespaceURI() != null) {
-				String prefix = E.getPrefix();
-				if ((prefix == null) || (prefix.length() == 0)) {
-					visiblyUtilized.add(XMLNS);
-				} else {
-					visiblyUtilized.add( prefix);
-				}
-			} else {
-				visiblyUtilized.add(XMLNS);
-			}									
-			//This can be optimezed by I don't have time
-			//visiblyUtilized.addAll(this._inclusiveNSSet);
-			Iterator it=visiblyUtilized.iterator();
-			while (it.hasNext()) {
-				String s=(String)it.next();										
-				Attr key=ns.getMapping(s);
-				if (key==null) {
-					continue;
-				}
-				result.add(key);
-			}
-		} 
+	    if (E.getNamespaceURI() != null) {
+		String prefix = E.getPrefix();
+		if (prefix == null || prefix.length() == 0) {
+		    visiblyUtilized.add(XMLNS);
+		} else {
+		    visiblyUtilized.add(prefix);
+		}
+	    } else {
+		visiblyUtilized.add(XMLNS);
+	    }									
+	    // This can be optimezed by I don't have time
+	    // visiblyUtilized.addAll(this._inclusiveNSSet);
+	    Iterator it = visiblyUtilized.iterator();
+	    while (it.hasNext()) {
+		String s = (String) it.next();
+		Attr key = ns.getMapping(s);
+		if (key == null) {
+		    continue;
+		}
+		result.add(key);
+	    }
+	} 
+
+	return result.iterator(); 
+    }
 
-		return result.iterator(); 
+    void circumventBugIfNeeded(XMLSignatureInput input) 
+        throws CanonicalizationException, ParserConfigurationException, 
+               IOException, SAXException {
+        if (!input.isNeedsToBeExpanded() || _inclusiveNSSet.isEmpty()) {
+	    return;
+        }
+	Document doc = null;
+	if (input.getSubNode() != null) {
+	    doc = XMLUtils.getOwnerDocument(input.getSubNode());
+	} else {
+	    doc = XMLUtils.getOwnerDocument(input.getNodeSet());
 	}
-	void circumventBugIfNeeded(XMLSignatureInput input) throws CanonicalizationException, ParserConfigurationException,
IOException, SAXException {
-		if (!input.isNeedsToBeExpanded() || _inclusiveNSSet.isEmpty()) 
-			return;
-		Document doc = null;
-	       if (input.getSubNode() != null) {
-	           doc=XMLUtils.getOwnerDocument(input.getSubNode());
-	       } else {
-	           doc=XMLUtils.getOwnerDocument(input.getNodeSet());
-	       }
-		   
-		XMLUtils.circumventBug2650(doc);
-	   }
+	XMLUtils.circumventBug2650(doc);
+    }
 }

Modified: xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/ValidateSignatureTest.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/ValidateSignatureTest.java?rev=820791&r1=820790&r2=820791&view=diff
==============================================================================
--- xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/ValidateSignatureTest.java
(original)
+++ xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/ValidateSignatureTest.java
Thu Oct  1 21:10:22 2009
@@ -120,6 +120,15 @@
         }
     }
 
+    // Bug 47761: validates an xml signature containing a reference with
+    // xmlns:xml attributes. C14n should not emit these attributes.
+    public void test_signature_exclc14n_xmlnamespace() throws Exception {
+	String file = "demo.signed.xml";
+	boolean coreValidity = validator.validate(file, 
+	    new KeySelectors.RawX509KeySelector());
+	assertTrue("Signature failed core validation", coreValidity);
+    }
+
     /**
      * Set flag if called.
      */



Mime
View raw message