38444 – Transform TRANSFORM_XPATH2FILTER subtract filter bug in 1.3 release

Bug 38444 - Transform TRANSFORM_XPATH2FILTER subtract filter bug in 1.3 release

Summary: Transform TRANSFORM_XPATH2FILTER subtract filter bug in 1.3 release

Status:	CLOSED FIXED

Alias:	None

Product:	Security - Now in JIRA
Classification:	Unclassified
Component:	Signature (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal
Target Milestone:	---
Assignee:	XML Security Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-01-30 10:48 UTC by Stefano Del Sal
Modified:	2006-08-06 11:03 UTC (History)
CC List:	0 users

Attachments
Test case (3.20 KB, text/plain) 2006-01-30 10:58 UTC, Stefano Del Sal	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefano Del Sal 2006-01-30 10:48:14 UTC

I'm trying to sign a document using the transform TRANSFORM_XPATH2FILTER, 
but I get a bad signature if I try to use ONLY the filter
XPath2FilterContainer.SUBTRACT

1) Ex: 
String filters[][] = { 
   {XPath2FilterContainer.SUBTRACT, "//NotToBeSigned"} 
   };
transforms.addTransform(
   Transforms.TRANSFORM_XPATH2FILTER,     
   XPath2FilterContainer.newInstances(doc, filters)
);

With this filter I always get the same DigestValue element inside SignedInfo,
even with different xml sources.
But, if I try to add the filter XPath2FilterContainer.INTERSECT 
including all nodes, then I get the right DigestValue and signature

2) Ex: 
String filters[][] = { { XPath2FilterContainer.INTERSECT, "*" },{
XPath2FilterContainer.SUBTRACT,  "//NotToBeSigned"} };                         
transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
XPath2FilterContainer.newInstances(doc, filters));

The second example works both with the 1.3 and  1.2 releases, while the first
one does not work with 1.3 release.

Comment 1 Stefano Del Sal 2006-01-30 10:58:28 UTC

Created attachment 17534 [details]
Test case

Trying to sign 2 different docs, you have to get 2 different digest value.
In 1.3 version ,if you use Filters OK (row 57) it works, but if you use Filters
KO (row 60)  it doensn't work.
In 1.2.1 version it works also with Filters KO.

Comment 2 Stefano Del Sal 2006-01-30 18:58:29 UTC

I modify the source file
org.apache.xml.security.transforms.implementations.TransformXPath2Filter
inner class XPath2NodeFilter, method isNodeInclude :

public boolean isNodeInclude(Node currentNode) {
   boolean notIncluded = false;	
   if (!substractNodes.isEmpty() && rooted(currentNode, substractNodes)) {
      notIncluded = true;
   } else 
   if (!intersectNodes.isEmpty() && !rooted(currentNode, intersectNodes)) {
      notIncluded = true;
   }
   if (!unionNodes.isEmpty() && notIncluded && rooted(currentNode, unionNodes))
      {
   notIncluded = false;
}
 return !notIncluded;
}

I add the 3 checks !isEmpty() for each ArrayList and now it seems to work.

Comment 3 Raul Benito 2006-03-15 14:00:02 UTC

Incorpareted fix in SVN, thanks for your findings.

Comment 4 Raul Benito 2006-08-06 18:03:04 UTC

Closing old bugs.