Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
authormullan
Wed, 16 Apr 2014 09:46:49 -0400
changeset 23930 0e5983df5018
parent 23742 c2b6216ef41d
child 23931 7b24912f728f
8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String Reviewed-by: xuelei
jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java file | annotate | diff | comparison | revisions
jdk/test/javax/xml/crypto/dsig/GenerationTests.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java	Thu Apr 10 13:19:29 2014 -0700
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java	Wed Apr 16 09:46:49 2014 -0400
@@ -922,7 +922,7 @@
         Element foundElement = null;
 
         String id = value.trim();
-        if (id.charAt(0) == '#') {
+        if (!id.isEmpty() && id.charAt(0) == '#') {
             id = id.substring(1);
         }
 
@@ -982,7 +982,7 @@
         Node processedNode = null;
 
         String id = value.trim();
-        if (id.charAt(0) == '#') {
+        if (!id.isEmpty() && id.charAt(0) == '#') {
             id = id.substring(1);
         }
 
--- a/jdk/test/javax/xml/crypto/dsig/GenerationTests.java	Thu Apr 10 13:19:29 2014 -0700
+++ b/jdk/test/javax/xml/crypto/dsig/GenerationTests.java	Wed Apr 16 09:46:49 2014 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 4635230 6283345 6303830 6824440 6867348 7094155
+ * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184
  * @summary Basic unit tests for generating XML Signatures with JSR 105
  * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java
  *     X509KeySelector.java GenerationTests.java
@@ -135,6 +135,7 @@
         test_create_signature_enveloping_sha512_rsa_sha512();
         test_create_signature_reference_dependency();
         test_create_signature_with_attr_in_no_namespace();
+        test_create_signature_with_empty_id();
     }
 
     private static void setup() throws Exception {
@@ -509,6 +510,30 @@
         System.out.println();
     }
 
+    static void test_create_signature_with_empty_id() throws Exception {
+        System.out.println("* Generating signature-with-empty-id.xml");
+
+        // create references
+        List<Reference> refs = Collections.singletonList
+            (fac.newReference("#", sha1));
+
+        // create SignedInfo
+        SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
+
+        // create object with empty id
+        Document doc = db.newDocument();
+        XMLObject obj = fac.newXMLObject(Collections.singletonList
+            (new DOMStructure(doc.createTextNode("I am the text."))),
+            "", "text/plain", null);
+
+        // create XMLSignature
+        XMLSignature sig = fac.newXMLSignature(si, rsa,
+                                               Collections.singletonList(obj),
+                                               "signature", null);
+        DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc);
+        sig.sign(dsc);
+    }
+
     static void test_create_signature() throws Exception {
         System.out.println("* Generating signature.xml");
jdk-sandbox