Merge
authorasaha
Wed, 08 Jul 2009 14:27:10 -0700
changeset 3468 2958d09622e1
parent 3467 b9f3a2f34102 (current diff)
parent 3466 2200fa4b79ff (diff)
child 3469 c6a8be477465
Merge
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java	Wed Jul 08 14:24:20 2009 -0700
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java	Wed Jul 08 14:27:10 2009 -0700
@@ -106,7 +106,9 @@
    }
 
    public void reset() {
-           _HMACOutputLength=0;
+       _HMACOutputLength=0;
+       _HMACOutputLengthSet = false;
+       _macAlgorithm.reset();
    }
 
    /**
--- a/jdk/test/com/sun/org/apache/xml/internal/security/TruncateHMAC.java	Wed Jul 08 14:24:20 2009 -0700
+++ b/jdk/test/com/sun/org/apache/xml/internal/security/TruncateHMAC.java	Wed Jul 08 14:27:10 2009 -0700
@@ -23,7 +23,7 @@
 
 /**
  * @test %I% %E%
- * @bug 6824440
+ * @bug 6824440 6858484
  * @summary Check that Apache XMLSec APIs will not accept HMAC truncation
  *    lengths less than minimum bound
  * @compile -XDignore.symbol.file TruncateHMAC.java
@@ -56,8 +56,10 @@
         dbf = DocumentBuilderFactory.newInstance();
         dbf.setNamespaceAware(true);
         dbf.setValidating(false);
-        validate("signature-enveloping-hmac-sha1-trunclen-0-attack.xml");
-        validate("signature-enveloping-hmac-sha1-trunclen-8-attack.xml");
+        validate("signature-enveloping-hmac-sha1-trunclen-0-attack.xml", false);
+        validate("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", false);
+        // this one should pass
+        validate("signature-enveloping-hmac-sha1.xml", true);
         generate_hmac_sha1_40();
 
         if (atLeastOneFailed) {
@@ -66,7 +68,7 @@
         }
     }
 
-    private static void validate(String data) throws Exception {
+    private static void validate(String data, boolean pass) throws Exception {
         System.out.println("Validating " + data);
         File file = new File(DIR, data);
 
@@ -83,11 +85,19 @@
         try {
             System.out.println
                 ("Validation status: " + signature.checkSignatureValue(sk));
-            System.out.println("FAILED");
-            atLeastOneFailed = true;
+            if (!pass) {
+                System.out.println("FAILED");
+                atLeastOneFailed = true;
+            } else {
+                System.out.println("PASSED");
+            }
         } catch (XMLSignatureException xse) {
             System.out.println(xse.getMessage());
-            System.out.println("PASSED");
+            if (!pass) {
+                System.out.println("PASSED");
+            } else {
+                System.out.println("FAILED");
+            }
         }
     }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/org/apache/xml/internal/security/signature-enveloping-hmac-sha1.xml	Wed Jul 08 14:27:10 2009 -0700
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+    <Reference URI="#object">
+      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+      <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue>
+    JElPttIT4Am7Q+MNoMyv+WDfAZw=
+  </SignatureValue>
+  <Object Id="object">some text</Object>
+</Signature>