From 9da1bf3be41eaa81dbfec4a749bc06076fddd8b4 Mon Sep 17 00:00:00 2001 From: Mirko <79272490+mjechow@users.noreply.github.com> Date: Tue, 21 Nov 2023 15:33:13 +0100 Subject: [PATCH] Upgrade Apache Santuario to version 4.0.0 - resolves #277 --- pom.xml | 2 +- .../java/xades4j/utils/ResolverAnonymous.java | 6 ++-- .../utils/TimeStampDigestInputImpl.java | 14 +++----- .../xades4j/production/OtherSignerTests.java | 32 +++++++++---------- .../SignedDataObjectsProcessorTest.java | 15 +++++---- 5 files changed, 32 insertions(+), 37 deletions(-) diff --git a/pom.xml b/pom.xml index b8bac75c..66a3c467 100644 --- a/pom.xml +++ b/pom.xml @@ -74,7 +74,7 @@ org.apache.santuario xmlsec - 3.0.3 + 4.0.0 org.bouncycastle diff --git a/src/main/java/xades4j/utils/ResolverAnonymous.java b/src/main/java/xades4j/utils/ResolverAnonymous.java index 5115a0cd..3e480ca5 100644 --- a/src/main/java/xades4j/utils/ResolverAnonymous.java +++ b/src/main/java/xades4j/utils/ResolverAnonymous.java @@ -16,12 +16,12 @@ */ package xades4j.utils; +import java.io.InputStream; import org.apache.xml.security.signature.XMLSignatureInput; +import org.apache.xml.security.signature.XMLSignatureStreamInput; import org.apache.xml.security.utils.resolver.ResourceResolverContext; import org.apache.xml.security.utils.resolver.ResourceResolverSpi; -import java.io.InputStream; - /** * Resource resolver for References without a URI attribute. * @@ -40,7 +40,7 @@ public ResolverAnonymous(InputStream data) @Override public XMLSignatureInput engineResolveURI(ResourceResolverContext context) { - return new XMLSignatureInput(this.data); + return new XMLSignatureStreamInput(this.data); } @Override diff --git a/src/main/java/xades4j/utils/TimeStampDigestInputImpl.java b/src/main/java/xades4j/utils/TimeStampDigestInputImpl.java index fc35eedb..529c6047 100644 --- a/src/main/java/xades4j/utils/TimeStampDigestInputImpl.java +++ b/src/main/java/xades4j/utils/TimeStampDigestInputImpl.java @@ -20,6 +20,7 @@ import org.apache.xml.security.signature.Reference; import org.apache.xml.security.signature.XMLSignatureException; import org.apache.xml.security.signature.XMLSignatureInput; +import org.apache.xml.security.signature.XMLSignatureNodeInput; import org.apache.xml.security.transforms.Transform; import org.w3c.dom.Document; import org.w3c.dom.Node; @@ -39,7 +40,7 @@ class TimeStampDigestInputImpl implements TimeStampDigestInput TimeStampDigestInputImpl(Algorithm c14n, AlgorithmsParametersMarshallingProvider parametersMarshallingProvider) { - // It would be better to have a Canonicalizer passed on the constructor + // It would be better to have a Canonicalizer passed on the constructor, // but it doesn't have a method that receives a XMlSignatureInput. Apache's // C14N transforms have some bug circumvent checks when mapping XMLSignatureInput // to the Canonicalizer methods, so it's better to keep using C14N via Transform. @@ -76,7 +77,7 @@ public void addNode(Node n) throws CannotAddDataToDigestInputException throw new NullPointerException(); } - addToDigestInput(new XMLSignatureInput(n), n.getOwnerDocument()); + addToDigestInput(new XMLSignatureNodeInput(n), n.getOwnerDocument()); } private void addToDigestInput(XMLSignatureInput refData, Document doc) throws CannotAddDataToDigestInputException @@ -89,14 +90,7 @@ private void addToDigestInput(XMLSignatureInput refData, Document doc) throws Ca refData = c14nTransform.performTransform(refData, true); // Fall through to add the bytes resulting from the canonicalization. } - - if (refData.isByteArray()) - { - digestInput.write(refData.getBytes()); - } else if (refData.isOctetStream()) - { - StreamUtils.readWrite(refData.getOctetStream(), digestInput); - } + refData.write(digestInput); } catch (Exception ex) { diff --git a/src/test/java/xades4j/production/OtherSignerTests.java b/src/test/java/xades4j/production/OtherSignerTests.java index 4231bd92..69e655ac 100644 --- a/src/test/java/xades4j/production/OtherSignerTests.java +++ b/src/test/java/xades4j/production/OtherSignerTests.java @@ -16,6 +16,21 @@ */ package xades4j.production; +import static org.apache.xml.security.algorithms.MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256; +import static org.apache.xml.security.algorithms.MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512; +import static org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS; +import static org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS; +import static org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512; +import static org.apache.xml.security.utils.Constants.SignatureSpecNS; +import static org.apache.xml.security.utils.Constants._TAG_SIGNATURE; +import static org.junit.jupiter.api.Assertions.assertEquals; + +import java.util.Iterator; +import javax.xml.namespace.NamespaceContext; +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathConstants; +import javax.xml.xpath.XPathFactory; +import org.apache.xml.security.signature.XMLSignatureByteInput; import org.apache.xml.security.signature.XMLSignatureInput; import org.apache.xml.security.utils.resolver.ResourceResolverContext; import org.apache.xml.security.utils.resolver.ResourceResolverException; @@ -32,21 +47,6 @@ import xades4j.providers.impl.ValidationDataFromCertValidationProvider; import xades4j.verification.VerifierTestBase; -import javax.xml.namespace.NamespaceContext; -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathConstants; -import javax.xml.xpath.XPathFactory; -import java.util.Iterator; - -import static org.apache.xml.security.algorithms.MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256; -import static org.apache.xml.security.algorithms.MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512; -import static org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS; -import static org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS; -import static org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512; -import static org.apache.xml.security.utils.Constants.SignatureSpecNS; -import static org.apache.xml.security.utils.Constants._TAG_SIGNATURE; -import static org.junit.jupiter.api.Assertions.assertEquals; - /** * @author Luís */ @@ -108,7 +108,7 @@ static class MyResolverSpi extends ResourceResolverSpi @Override public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException { - XMLSignatureInput input = new XMLSignatureInput(context.attr.getValue().getBytes()); + XMLSignatureByteInput input = new XMLSignatureByteInput(context.attr.getValue().getBytes()); resolveCount++; return input; } diff --git a/src/test/java/xades4j/production/SignedDataObjectsProcessorTest.java b/src/test/java/xades4j/production/SignedDataObjectsProcessorTest.java index 35fad8c4..8fd39a87 100644 --- a/src/test/java/xades4j/production/SignedDataObjectsProcessorTest.java +++ b/src/test/java/xades4j/production/SignedDataObjectsProcessorTest.java @@ -16,10 +16,17 @@ */ package xades4j.production; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + import org.apache.xml.security.signature.Manifest; import org.apache.xml.security.signature.ObjectContainer; import org.apache.xml.security.signature.Reference; import org.apache.xml.security.signature.XMLSignature; +import org.apache.xml.security.signature.XMLSignatureByteInput; import org.apache.xml.security.signature.XMLSignatureInput; import org.apache.xml.security.utils.Constants; import org.apache.xml.security.utils.resolver.ResourceResolverContext; @@ -32,12 +39,6 @@ import xades4j.utils.SignatureServicesTestBase; import xades4j.utils.StringUtils; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotEquals; -import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; - /** * @author Luís */ @@ -117,7 +118,7 @@ void testAddManifest() throws Exception @Override public XMLSignatureInput engineResolveURI(ResourceResolverContext context) { - return new XMLSignatureInput(context.uriToResolve.getBytes()); + return new XMLSignatureByteInput(context.uriToResolve.getBytes()); } @Override