I just ported the changes from Santuario 1.4.5 --> 1.4.6 onto the GenXDM
based port that I've been maintaining.
In the process of doing that, I noticed an oddity with this test case:
Santuario273Test.testC14n11Base()
The problem is that the test case logic verify a side effect of
canonicalization (c14n), not the c14n itself. By which I mean, by my
view of the c14n task, it ought not modify the input document. That an
implementation might do so is a side effect of that implementation, not
a desirable characteristic for which there should be a test.
Verifying the side-effect is obvious if you look at the following lines:
c14n.canonicalizeSubtree(signedInfo);
NamedNodeMap attributes = signedInfo.getAttributes();
boolean foundBase = false;
for (int i = 0; i< attributes.getLength(); i++) {
Node attribute = attributes.item(i);
if ("base".equals(attribute.getLocalName())
&&
"http://www.acme.com/resources/subresources/".equals(attribute.getNodeValue())) {
foundBase = true;
break;
}
}
if (!foundBase) {
fail("The base attribute was not found or was incorrect");
}
Notice that the return result from "canonicalizeSubtree(signedInfo)"
isn't even used!
So I think that this test case should instead be testing that the c14n
output matches:
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#";
xml:base="http://www.acme.com/resources/subresources/";>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></CanonicalizationMethod>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></SignatureMethod>
<Reference URI="http://www.w3.org/TR/xml-stylesheet";>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></DigestMethod>
<DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
</Reference>
</SignedInfo>
... or, alternately, the test could reparse the output byte stream, then
ask the value of the "xml:base" attribute on the reparsed result.
I'm tempted to re-open SANTUARIO-273 with a request to validate the
canonicalization, rather than the modification to the input document.
I stumbled across this issue because the GenXDM-based port of the
Santuario library does leave the original document unmodified for c14n,
so (a) when I ported the test, the converted test makes no sense,
because it is verifying that the original document remains unmodified
via an API that only has an immutable view of the underlying document,
and (b) the unported test using the original API entry point fails,
because the input document isn't being modified.
I've been doing my best to leave the original tests of the santuario
project passing whilst unmodified, but this test seems to be in error.
Please advise.
-Eric.
