SANTUARIO-536 - Deprecated get/setIdToSign in favor of new and more appropriate get/setIdToSecure. Thanks to Peter De Maeyer for the patch. This closes #25.
git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-java/trunk@1876596 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java b/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
index 0e5dce1..6cd5b91 100644
--- a/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
+++ b/src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java
@@ -116,16 +116,16 @@
configureSignatureKeys(outboundSecurityContext);
List<SecurePart> signatureParts = securityProperties.getSignatureSecureParts();
for (SecurePart securePart : signatureParts) {
- if (securePart.getIdToSign() == null && securePart.getName() != null) {
+ if (securePart.getIdToSecure() == null && securePart.getName() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.SIGNATURE_PARTS,
securePart.getName(),
securePart
);
- } else if (securePart.getIdToSign() != null) {
+ } else if (securePart.getIdToSecure() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.SIGNATURE_PARTS,
- securePart.getIdToSign(),
+ securePart.getIdToSecure(),
securePart
);
} else if (securePart.getExternalReference() != null) {
@@ -146,16 +146,16 @@
configureEncryptionKeys(outboundSecurityContext);
List<SecurePart> encryptionParts = securityProperties.getEncryptionSecureParts();
for (SecurePart securePart : encryptionParts) {
- if (securePart.getIdToSign() == null && securePart.getName() != null) {
+ if (securePart.getIdToSecure() == null && securePart.getName() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.ENCRYPTION_PARTS,
securePart.getName(),
securePart
);
- } else if (securePart.getIdToSign() != null) {
+ } else if (securePart.getIdToSecure() != null) {
outputProcessorChain.getSecurityContext().putAsMap(
XMLSecurityConstants.ENCRYPTION_PARTS,
- securePart.getIdToSign(),
+ securePart.getIdToSecure(),
securePart
);
} else if (securePart.isSecureEntireRequest()) {
diff --git a/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java b/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
index 317f528..42586b3 100644
--- a/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
+++ b/src/main/java/org/apache/xml/security/stax/ext/SecurePart.java
@@ -59,13 +59,17 @@
private QName name;
private boolean generateXPointer;
private Modifier modifier;
- private String idToSign;
+ private String idToSecure;
private String externalReference;
private String[] transforms;
private String digestMethod;
private boolean required = true;
private boolean secureEntireRequest;
+ public SecurePart(Modifier modifier) {
+ this(null, false, modifier);
+ }
+
public SecurePart(QName name, Modifier modifier) {
this(name, false, modifier);
}
@@ -125,16 +129,35 @@
}
/**
- * The id of the Element
+ * The ID of the element to secure (encrypt or sign), possibly {@code null}.
+ * This matches the attribute value of an element that has an attribute with a name given by
+ * {@link XMLSecurityProperties#getIdAttributeNS()}.
*
- * @return The id
+ * @return The ID of the element to secure, possibly {@code null}.
*/
- public String getIdToSign() {
- return idToSign;
+ public String getIdToSecure() {
+ return idToSecure;
}
+ public void setIdToSecure(String idToSecure) {
+ this.idToSecure = idToSecure;
+ }
+
+ /**
+ * Use {@link #getIdToSecure()} instead.
+ */
+ @Deprecated
+ public String getIdToSign() {
+ return getIdToSecure();
+ }
+
+ /**
+ * Use {@link #setIdToSecure(String)} instead.
+ * @param idToSign
+ */
+ @Deprecated
public void setIdToSign(String idToSign) {
- this.idToSign = idToSign;
+ setIdToSecure(idToSign);
}
public boolean isGenerateXPointer() {
diff --git a/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java b/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
index b25f8ec..d4a79eb 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java
@@ -83,7 +83,7 @@
}
if (securityProperties.isSignatureGenerateIds()) {
- if (securePart.getIdToSign() == null) {
+ if (securePart.getIdToSecure() == null) {
signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
signaturePartDef.setSigRefId(IDGenerator.generateID(null));
@@ -96,7 +96,7 @@
xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
}
} else {
- signaturePartDef.setSigRefId(securePart.getIdToSign());
+ signaturePartDef.setSigRefId(securePart.getIdToSecure());
}
}
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java b/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
index d757a33..995bce6 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
@@ -30,6 +30,7 @@
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import javax.crypto.KeyGenerator;
@@ -1696,6 +1697,88 @@
return keyFactory.generateSecret(keySpec);
}
+ @Test
+ public void testEncryptionIdToEncrypt() throws Exception {
+ SecurePart securePart = new SecurePart(SecurePart.Modifier.Element);
+ securePart.setIdToSecure("abc");
+ testEncryptionIdToEncrypt(securePart);
+ }
+
+ @Test
+ public void testEncryptionIdToSign() throws Exception {
+ SecurePart securePart = new SecurePart(SecurePart.Modifier.Element);
+ securePart.setIdToSign("abc");
+ testEncryptionIdToEncrypt(securePart);
+ }
+
+ private void testEncryptionIdToEncrypt(SecurePart securePart) throws Exception {
+ String xml = "<?xml version='1.0'?>\n" +
+ "<Root>\n" +
+ " <Branch attr1='abc'/>\n" +
+ "</Root>\n";
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setIdAttributeNS(new QName("attr1"));
+ properties.setActions(Collections.singletonList(XMLSecurityConstants.ENCRYPT));
+ properties.addEncryptionPart(securePart);
+ byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes(StandardCharsets.US_ASCII);
+ SecretKey transportKey = new SecretKeySpec(bits192, "AES");
+ properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#kw-aes192");
+ properties.setEncryptionTransportKey(transportKey);
+ properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream encryptedOut = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(encryptedOut, StandardCharsets.UTF_8.name());
+ InputStream sourceDocument = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+ byte[] encryptedData = encryptedOut.toByteArray();
+// System.out.println(new String(encryptedOut.toByteArray(), StandardCharsets.UTF_8));
+ Document document = XMLUtils.read(new ByteArrayInputStream(encryptedData), false);
+ NodeList encryptedElements = document.getElementsByTagNameNS(
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
+ );
+ assertEquals(encryptedElements.getLength(), 1);
+ }
+
+ @Test
+ public void testEncryptionIdToSecureSupersedesName() throws Exception {
+ String xml = "<?xml version='1.0'?>\n" +
+ "<Root>\n" +
+ " <Branch1 attr1='abc'/>\n" +
+ " <Branch2 attr1='def'/>\n" +
+ "</Root>\n";
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setIdAttributeNS(new QName("attr1"));
+ properties.setActions(Collections.singletonList(XMLSecurityConstants.ENCRYPT));
+ SecurePart securePart = new SecurePart(new QName("Branch1"), SecurePart.Modifier.Element);
+ securePart.setIdToSecure("def");
+ properties.addEncryptionPart(securePart);
+ byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes(StandardCharsets.US_ASCII);
+ SecretKey transportKey = new SecretKeySpec(bits192, "AES");
+ properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#kw-aes192");
+ properties.setEncryptionTransportKey(transportKey);
+ properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream encryptedOut = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(encryptedOut, StandardCharsets.UTF_8.name());
+ InputStream sourceDocument = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+ byte[] encryptedData = encryptedOut.toByteArray();
+// System.out.println(new String(encryptedOut.toByteArray(), StandardCharsets.UTF_8));
+ Document document = XMLUtils.read(new ByteArrayInputStream(encryptedData), false);
+ NodeList encryptedElements = document.getElementsByTagNameNS(
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
+ XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
+ );
+ assertEquals(1, encryptedElements.getLength());
+ assertEquals(1, document.getElementsByTagName("Branch1").getLength());
+ assertEquals(0, document.getElementsByTagName("Branch2").getLength());
+ }
+
/**
* Decrypt the document using DOM API and run some tests on the decrypted Document.
*/