diff --git a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java index a758486e0cb..092681bd92d 100644 --- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java +++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java @@ -326,7 +326,7 @@ public final class DOMXMLSignature extends DOMStructure } // generate references and signature value - List allReferences = new ArrayList(si.getReferences()); + List allReferences = new ArrayList(); // traverse the Signature and register all objects with IDs that // may contain References @@ -356,6 +356,9 @@ public final class DOMXMLSignature extends DOMStructure } } } + // always add SignedInfo references after Manifest references so + // that Manifest reference are digested first + allReferences.addAll(si.getReferences()); // generate/digest each reference for (int i = 0, size = allReferences.size(); i < size; i++) { diff --git a/jdk/test/javax/xml/crypto/dsig/GenerationTests.java b/jdk/test/javax/xml/crypto/dsig/GenerationTests.java index 13881966d32..1ed649cd83a 100644 --- a/jdk/test/javax/xml/crypto/dsig/GenerationTests.java +++ b/jdk/test/javax/xml/crypto/dsig/GenerationTests.java @@ -23,7 +23,7 @@ /** * @test - * @bug 4635230 6283345 6303830 6824440 + * @bug 4635230 6283345 6303830 6824440 6867348 * @summary Basic unit tests for generating XML Signatures with JSR 105 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java * X509KeySelector.java GenerationTests.java @@ -126,13 +126,14 @@ public class GenerationTests { test_create_signature_x509_is(); test_create_signature_x509_ski(); test_create_signature_x509_sn(); -// test_create_signature(); + test_create_signature(); test_create_exc_signature(); test_create_sign_spec(); test_create_signature_enveloping_sha256_dsa(); test_create_signature_enveloping_sha384_rsa_sha256(); test_create_signature_enveloping_sha512_rsa_sha384(); test_create_signature_enveloping_sha512_rsa_sha512(); + test_create_signature_reference_dependency(); } private static void setup() throws Exception { @@ -410,6 +411,55 @@ public class GenerationTests { System.out.println(); } + static void test_create_signature_reference_dependency() throws Exception { + System.out.println("* Generating signature-reference-dependency.xml"); + // create references + List refs = Collections.singletonList + (fac.newReference("#object-1", sha1)); + + // create SignedInfo + SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs); + + // create objects + List objs = new ArrayList(); + + // Object 1 + List manRefs = Collections.singletonList + (fac.newReference("#object-2", sha1)); + objs.add(fac.newXMLObject(Collections.singletonList + (fac.newManifest(manRefs, "manifest-1")), "object-1", null, null)); + + // Object 2 + Document doc = db.newDocument(); + Element nc = doc.createElementNS(null, "NonCommentandus"); + nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", ""); + nc.appendChild(doc.createComment(" Commentandum ")); + objs.add(fac.newXMLObject(Collections.singletonList + (new DOMStructure(nc)), "object-2", null, null)); + + // create XMLSignature + XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null); + DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc); + + sig.sign(dsc); + +// dumpDocument(doc, new PrintWriter(System.out)); + + DOMValidateContext dvc = new DOMValidateContext + (kvks, doc.getDocumentElement()); + XMLSignature sig2 = fac.unmarshalXMLSignature(dvc); + + if (sig.equals(sig2) == false) { + throw new Exception + ("Unmarshalled signature is not equal to generated signature"); + } + if (sig2.validate(dvc) == false) { + throw new Exception("Validation of generated signature failed"); + } + + System.out.println(); + } + static void test_create_signature() throws Exception { System.out.println("* Generating signature.xml"); @@ -645,6 +695,7 @@ public class GenerationTests { envDoc.getElementsByTagName("YoursSincerely").item(0); DOMSignContext dsc = new DOMSignContext(signingKey, ys); + dsc.setURIDereferencer(httpUd); sig.sign(dsc); @@ -660,6 +711,7 @@ public class GenerationTests { DOMValidateContext dvc = new DOMValidateContext (new X509KeySelector(ks), sigElement); + dvc.setURIDereferencer(httpUd); File f = new File( System.getProperty("dir.test.vector.baltimore") + System.getProperty("file.separator") +