build(deps): bump org.apache.santuario:xmlsec from 2.2.4 to 4.0.1 in …

…/src (#1967) * build(deps): bump org.apache.santuario:xmlsec in /src Bumps org.apache.santuario:xmlsec from 2.2.4 to 4.0.1. --- updated-dependencies: - dependency-name: org.apache.santuario:xmlsec dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): fix compilation issues * chore: bump Apache XML Security for Java version to 4.0.1 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ovidijus Narkevicius <ovidijus.narkevicius@nortal.com> Co-authored-by: Eneli Reimets <eneli.reimets@nortal.com>
nordic-institute · Feb 22, 2024 · 61f3964 · 61f3964
1 parent f8f2c48
commit 61f3964
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 8 deletions.
diff --git a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java
@@ -48,6 +48,7 @@
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.signature.XMLSignatureStreamInput;
 import org.apache.xml.security.utils.resolver.ResourceResolverContext;
 import org.apache.xml.security.utils.resolver.ResourceResolverException;
 import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
@@ -182,7 +183,7 @@ public boolean engineCanResolveURI(ResourceResolverContext context) {
             @Override
             public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
                     throws ResourceResolverException {
-                return new XMLSignatureInput(asic.getEntry(context.attr.getValue()));
+                return new XMLSignatureStreamInput(asic.getEntry(context.attr.getValue()));
             }
         });
 

diff --git a/src/common/common-message/src/main/java/ee/ria/xroad/common/hashchain/HashChainVerifier.java b/src/common/common-message/src/main/java/ee/ria/xroad/common/hashchain/HashChainVerifier.java
@@ -38,6 +38,7 @@
 import org.apache.commons.lang3.tuple.ImmutablePair;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.signature.XMLSignatureStreamInput;
 import org.apache.xml.security.transforms.Transforms;
 import org.w3c.dom.Document;
 import org.xml.sax.InputSource;
@@ -317,11 +318,11 @@ private InputStream performTransforms(String uri, TransformsType transforms) thr
 
         Transforms tr = new Transforms(document.getDocumentElement(), null);
 
-        XMLSignatureInput before = new XMLSignatureInput(referenceResolver.resolve(uri));
+        XMLSignatureInput before = new XMLSignatureStreamInput(referenceResolver.resolve(uri));
 
         XMLSignatureInput after = tr.performTransforms(before);
 
-        return after.getOctetStream();
+        return after.getUnprocessedInput();
     }
 
     /**

diff --git a/src/common/common-message/src/main/java/ee/ria/xroad/common/signature/IdResolver.java b/src/common/common-message/src/main/java/ee/ria/xroad/common/signature/IdResolver.java
@@ -27,6 +27,7 @@
 
 import lombok.RequiredArgsConstructor;
 import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.signature.XMLSignatureNodeInput;
 import org.apache.xml.security.utils.resolver.ResourceResolverContext;
 import org.apache.xml.security.utils.resolver.ResourceResolverException;
 import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
@@ -53,6 +54,6 @@ public boolean engineCanResolveURI(ResourceResolverContext context) {
     public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException {
         Element elem = getElementById(document, context.attr.getValue().substring(1));
 
-        return elem == null ? null : new XMLSignatureInput(elem);
+        return elem == null ? null : new XMLSignatureNodeInput(elem);
     }
 }
diff --git a/src/common/common-util/build.gradle b/src/common/common-util/build.gradle
diff --git a/...common/common-verifier/src/main/java/ee/ria/xroad/common/signature/SignatureVerifier.java b/...common/common-verifier/src/main/java/ee/ria/xroad/common/signature/SignatureVerifier.java
@@ -42,7 +42,9 @@
 import org.apache.xml.security.signature.Manifest;
 import org.apache.xml.security.signature.MissingResourceFailureException;
 import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureByteInput;
 import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.signature.XMLSignatureStreamInput;
 import org.apache.xml.security.utils.resolver.ResourceResolverContext;
 import org.apache.xml.security.utils.resolver.ResourceResolverException;
 import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
@@ -406,12 +408,12 @@ public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throw
                     MessagePart part = getPart(MessageFileNames.MESSAGE);
 
                     if (part != null && part.getMessage() != null) {
-                        return new XMLSignatureInput(part.getMessage());
+                        return new XMLSignatureByteInput(part.getMessage());
                     }
 
                     break;
                 case MessageFileNames.SIG_HASH_CHAIN_RESULT:
-                    return new XMLSignatureInput(is(hashChainResult));
+                    return new XMLSignatureStreamInput(is(hashChainResult));
                 default: // do nothing
             }
 

diff --git a/src/gradle.properties b/src/gradle.properties
@@ -42,7 +42,7 @@ systemRulesVersion=1.19.0
 guavaVersion=32.1.3-jre
 guava.version=${guavaVersion}
 bouncyCastleVersion=1.69
-xmlsecVersion=2.2.6
+xmlsecVersion=4.0.1
 tomcatVersion=10.1.18
 tomcat.version=${tomcatVersion}
 slf4jVersion=2.0.11

diff --git a/src/proxy/src/main/java/ee/ria/xroad/common/signature/SignatureCtx.java b/src/proxy/src/main/java/ee/ria/xroad/common/signature/SignatureCtx.java
@@ -34,6 +34,7 @@
 import lombok.Getter;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.xml.security.signature.XMLSignatureByteInput;
 import org.apache.xml.security.signature.XMLSignatureInput;
 import org.apache.xml.security.utils.resolver.ResourceResolverContext;
 import org.apache.xml.security.utils.resolver.ResourceResolverException;
@@ -176,7 +177,7 @@ public boolean engineCanResolveURI(ResourceResolverContext context) {
             @Override
             public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
                     throws ResourceResolverException {
-                return new XMLSignatureInput(data);
+                return new XMLSignatureByteInput(data);
             }
         };
     }