Merge pull request #262 from luisgoncalves/upgrade-xmlsec

Upgrade Apache Santuario to 2.3.0 (#261)

pom.xml

@@ -59,7 +59,7 @@
         <dependency>
             <groupId>org.apache.santuario</groupId>
             <artifactId>xmlsec</artifactId>
-            <version>2.2.3</version>
+            <version>2.3.0</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>

src/test/java/xades4j/production/SignerBESTest.java

@@ -16,6 +16,9 @@
  */
 package xades4j.production;
 
+import org.apache.xml.security.stax.impl.resourceResolvers.ResolverHttp;
+import org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
 import org.junit.Test;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -37,15 +40,14 @@
 import java.io.File;
 
 /**
- *
  * @author Luís
  */
 public class SignerBESTest extends SignerTestBase
 {
     public SignerBESTest()
     {
     }
-    
+
     @Test
     public void testSignBES() throws Exception
     {
@@ -59,7 +61,7 @@ public void testSignBES() throws Exception
 
         IndividualDataObjsTimeStampProperty dataObjsTimeStamp = new IndividualDataObjsTimeStampProperty();
         AllDataObjsCommitmentTypeProperty globalCommitment = AllDataObjsCommitmentTypeProperty.proofOfApproval();
-        CommitmentTypeProperty commitment = (CommitmentTypeProperty)CommitmentTypeProperty.proofOfCreation().withQualifier("MyQualifier");
+        CommitmentTypeProperty commitment = (CommitmentTypeProperty) CommitmentTypeProperty.proofOfCreation().withQualifier("MyQualifier");
         DataObjectDesc obj1 = new DataObjectReference('#' + elemToSign.getAttribute("Id")).withTransform(new EnvelopedSignatureTransform()).withDataObjectFormat(new DataObjectFormatProperty("text/xml", "MyEncoding").withDescription("Isto é uma descrição do elemento raiz").withDocumentationUri("http://doc1.txt").withDocumentationUri("http://doc2.txt").withIdentifier("http://elem.root")).withCommitmentType(commitment).withDataObjectTimeStamp(dataObjsTimeStamp);
         DataObjectDesc obj2 = new EnvelopedXmlObject(objectContent, "text/xml", null).withDataObjectFormat(new DataObjectFormatProperty("text/xml", "MyEncoding").withDescription("Isto é uma descrição do elemento dentro do object").withDocumentationUri("http://doc3.txt").withDocumentationUri("http://doc4.txt").withIdentifier("http://elem.in.object")).withCommitmentType(commitment).withDataObjectTimeStamp(dataObjsTimeStamp);
         SignedDataObjects dataObjs = new SignedDataObjects(obj1, obj2).withCommitmentType(globalCommitment).withDataObjectsTimeStamp();
@@ -96,7 +98,10 @@ public void testSignBESExternalRes() throws Exception
         DataObjectDesc obj1 = new DataObjectReference("logo-01.png")
                 .withDataObjectFormat(new DataObjectFormatProperty("image/png").withDescription("XAdES4j logo"))
                 .withDataObjectTimeStamp(new IndividualDataObjsTimeStampProperty());
-        signer.sign(new SignedDataObjects(obj1).withBaseUri("http://luisgoncalves.github.io/xades4j/images/"), doc);
+        signer.sign(new SignedDataObjects(obj1)
+                        .withBaseUri("http://luisgoncalves.github.io/xades4j/images/")
+                        .withResourceResolver(new ResolverDirectHTTP()),
+                doc);
 
         outputDocument(doc, "document.signed.bes.extres.xml");
     }
@@ -135,31 +140,33 @@ public void provideProperties(
     public void testSignBESDetachedWithXPathAndNamespaces() throws Exception
     {
         System.out.println("signBESDetachedWithXPathAndNamespaces");
-        
+
         Document doc = getNewDocument();
-        
+
         XadesSigner signer = new XadesBesSigningProfile(keyingProviderMy)
                 .withBasicSignatureOptions(new BasicSignatureOptions()
-                    .includeSigningCertificate(SigningCertificateMode.SIGNING_CERTIFICATE)
-                    .includeIssuerSerial(true)
-                    .includeSubjectName(true)
-                    .signKeyInfo(true))
+                        .includeSigningCertificate(SigningCertificateMode.SIGNING_CERTIFICATE)
+                        .includeIssuerSerial(true)
+                        .includeSubjectName(true)
+                        .signKeyInfo(true))
                 .newSigner();
-        
+
         DataObjectDesc obj1 = new DataObjectReference("document.xml")
                 .withTransform(
-                    new XPathTransform("/collection/album/foo:tracks")
-                        .withNamespace("foo", "http://test.xades4j/tracks"))
+                        new XPathTransform("/collection/album/foo:tracks")
+                                .withNamespace("foo", "http://test.xades4j/tracks"))
                 .withDataObjectFormat(new DataObjectFormatProperty("text/xml"));
-        
+
         DataObjectDesc obj2 = new DataObjectReference("document.xml")
                 .withTransform(
-                    XPath2Filter.intersect("/collection/album/bar:tracks/bar:song[@tracknumber = 1]")
-                        .withNamespace("bar", "http://test.xades4j/tracks"));
-
-        SignedDataObjects objs = new SignedDataObjects(obj1, obj2).withBaseUri(new File("src/test/xml/").toURI().toString());
+                        XPath2Filter.intersect("/collection/album/bar:tracks/bar:song[@tracknumber = 1]")
+                                .withNamespace("bar", "http://test.xades4j/tracks"));
+
+        SignedDataObjects objs = new SignedDataObjects(obj1, obj2)
+                .withBaseUri(new File("src/test/xml/").toURI().toString())
+                .withResourceResolver(new ResolverLocalFilesystem());
         signer.sign(objs, doc);
-        
+
         outputDocument(doc, "detached.bes.xml");
     }
 }

src/test/java/xades4j/verification/XadesVerifierImplTest.java

@@ -30,6 +30,8 @@
 import java.util.stream.Collectors;
 
 import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP;
+import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
 import org.junit.Before;
 import org.junit.Test;
 import org.w3c.dom.Document;
@@ -171,7 +173,9 @@ public void testVerifyDetachedBES() throws Exception
     {
         var result = verifySignature(
                 "detached.bes.xml",
-                new SignatureSpecificVerificationOptions().useBaseUri(new File("src/test/xml/").toURI().toString()));
+                new SignatureSpecificVerificationOptions()
+                        .useBaseUri(new File("src/test/xml/").toURI().toString())
+                        .useResourceResolver(new ResolverLocalFilesystem()));
 
         assertEquals(XAdESForm.BES, result.getSignatureForm());
 
@@ -229,7 +233,9 @@ public void testVerifyBESExtrnlResEnrichC() throws Exception
 
         Document doc = getDocument("document.signed.bes.extres.xml");
         Element signatureNode = getSigElement(doc);
-        SignatureSpecificVerificationOptions options = new SignatureSpecificVerificationOptions().useBaseUri("http://luisgoncalves.github.io/xades4j/images/");
+        SignatureSpecificVerificationOptions options = new SignatureSpecificVerificationOptions()
+                .useBaseUri("http://luisgoncalves.github.io/xades4j/images/")
+                .useResourceResolver(new ResolverDirectHTTP());
 
         XadesSignatureFormatExtender formExt = new XadesFormatExtenderProfile().with(DEFAULT_TEST_TSA).getFormatExtender();