SANTUARIO-536 - Deprecated get/setIdToSign in favor of new and more appropriate get/setIdToSecure. Thanks to Peter De Maeyer for the patch. This closes #25.

git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-java/trunk@1876596 13f79535-47bb-0310-9956-ffa450edef68

Author: coheigea

src/main/java/org/apache/xml/security/stax/ext/OutboundXMLSec.java

@@ -116,16 +116,16 @@ private XMLStreamWriter processOutMessage(
                 configureSignatureKeys(outboundSecurityContext);
                 List<SecurePart> signatureParts = securityProperties.getSignatureSecureParts();
                 for (SecurePart securePart : signatureParts) {
-                    if (securePart.getIdToSign() == null && securePart.getName() != null) {
+                    if (securePart.getIdToSecure() == null && securePart.getName() != null) {
                         outputProcessorChain.getSecurityContext().putAsMap(
                                 XMLSecurityConstants.SIGNATURE_PARTS,
                                 securePart.getName(),
                                 securePart
                         );
-                    } else if (securePart.getIdToSign() != null) {
+                    } else if (securePart.getIdToSecure() != null) {
                         outputProcessorChain.getSecurityContext().putAsMap(
                                 XMLSecurityConstants.SIGNATURE_PARTS,
-                                securePart.getIdToSign(),
+                                securePart.getIdToSecure(),
                                 securePart
                         );
                     } else if (securePart.getExternalReference() != null) {
@@ -146,16 +146,16 @@ private XMLStreamWriter processOutMessage(
                 configureEncryptionKeys(outboundSecurityContext);
                 List<SecurePart> encryptionParts = securityProperties.getEncryptionSecureParts();
                 for (SecurePart securePart : encryptionParts) {
-                    if (securePart.getIdToSign() == null && securePart.getName() != null) {
+                    if (securePart.getIdToSecure() == null && securePart.getName() != null) {
                         outputProcessorChain.getSecurityContext().putAsMap(
                                 XMLSecurityConstants.ENCRYPTION_PARTS,
                                 securePart.getName(),
                                 securePart
                         );
-                    } else if (securePart.getIdToSign() != null) {
+                    } else if (securePart.getIdToSecure() != null) {
                         outputProcessorChain.getSecurityContext().putAsMap(
                                 XMLSecurityConstants.ENCRYPTION_PARTS,
-                                securePart.getIdToSign(),
+                                securePart.getIdToSecure(),
                                 securePart
                         );
                     } else if (securePart.isSecureEntireRequest()) {

src/main/java/org/apache/xml/security/stax/ext/SecurePart.java

@@ -59,13 +59,17 @@ public static Modifier getModifier(String modifier) {
     private QName name;
     private boolean generateXPointer;
     private Modifier modifier;
-    private String idToSign;
+    private String idToSecure;
     private String externalReference;
     private String[] transforms;
     private String digestMethod;
     private boolean required = true;
     private boolean secureEntireRequest;
 
+    public SecurePart(Modifier modifier) {
+        this(null, false, modifier);
+    }
+
     public SecurePart(QName name, Modifier modifier) {
         this(name, false, modifier);
     }
@@ -125,16 +129,35 @@ public void setModifier(Modifier modifier) {
     }
 
     /**
-     * The id of the Element
+     * The ID of the element to secure (encrypt or sign), possibly {@code null}.
+     * This matches the attribute value of an element that has an attribute with a name given by
+     * {@link XMLSecurityProperties#getIdAttributeNS()}.
      *
-     * @return The id
+     * @return The ID of the element to secure, possibly {@code null}.
+     */
+    public String getIdToSecure() {
+        return idToSecure;
+    }
+
+    public void setIdToSecure(String idToSecure) {
+        this.idToSecure = idToSecure;
+    }
+
+    /**
+     * Use {@link #getIdToSecure()} instead.
      */
+    @Deprecated
     public String getIdToSign() {
-        return idToSign;
+        return getIdToSecure();
     }
 
+    /**
+     * Use {@link #setIdToSecure(String)} instead.
+     * @param idToSign
+     */
+    @Deprecated
     public void setIdToSign(String idToSign) {
-        this.idToSign = idToSign;
+        setIdToSecure(idToSign);
     }
 
     public boolean isGenerateXPointer() {

src/main/java/org/apache/xml/security/stax/impl/processor/output/XMLSignatureOutputProcessor.java

@@ -83,7 +83,7 @@ public void processNextEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outpu
                     }
 
                     if (securityProperties.isSignatureGenerateIds()) {
-                        if (securePart.getIdToSign() == null) {
+                        if (securePart.getIdToSecure() == null) {
                             signaturePartDef.setGenerateXPointer(securePart.isGenerateXPointer());
                             signaturePartDef.setSigRefId(IDGenerator.generateID(null));
 
@@ -96,7 +96,7 @@ public void processNextEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outpu
                                 xmlSecEvent = addAttributes(xmlSecStartElement, attributeList);
                             }
                         } else {
-                            signaturePartDef.setSigRefId(securePart.getIdToSign());
+                            signaturePartDef.setSigRefId(securePart.getIdToSecure());
                         }
                     }
 

src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java

@@ -30,6 +30,7 @@
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 import javax.crypto.KeyGenerator;
@@ -1696,6 +1697,88 @@ private SecretKey generateDESSecretKey() throws Exception {
         return keyFactory.generateSecret(keySpec);
     }
 
+    @Test
+    public void testEncryptionIdToEncrypt() throws Exception {
+        SecurePart securePart = new SecurePart(SecurePart.Modifier.Element);
+        securePart.setIdToSecure("abc");
+        testEncryptionIdToEncrypt(securePart);
+    }
+
+    @Test
+    public void testEncryptionIdToSign() throws Exception {
+        SecurePart securePart = new SecurePart(SecurePart.Modifier.Element);
+        securePart.setIdToSign("abc");
+        testEncryptionIdToEncrypt(securePart);
+    }
+
+    private void testEncryptionIdToEncrypt(SecurePart securePart) throws Exception {
+        String xml = "<?xml version='1.0'?>\n" +
+                "<Root>\n" +
+                "  <Branch attr1='abc'/>\n" +
+                "</Root>\n";
+        XMLSecurityProperties properties = new XMLSecurityProperties();
+        properties.setIdAttributeNS(new QName("attr1"));
+        properties.setActions(Collections.singletonList(XMLSecurityConstants.ENCRYPT));
+        properties.addEncryptionPart(securePart);
+        byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes(StandardCharsets.US_ASCII);
+        SecretKey transportKey = new SecretKeySpec(bits192, "AES");
+        properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#kw-aes192");
+        properties.setEncryptionTransportKey(transportKey);
+        properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+        ByteArrayOutputStream encryptedOut = new ByteArrayOutputStream();
+        XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(encryptedOut, StandardCharsets.UTF_8.name());
+        InputStream sourceDocument = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
+        XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+        XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+        xmlStreamWriter.close();
+        byte[] encryptedData = encryptedOut.toByteArray();
+//        System.out.println(new String(encryptedOut.toByteArray(), StandardCharsets.UTF_8));
+        Document document = XMLUtils.read(new ByteArrayInputStream(encryptedData), false);
+        NodeList encryptedElements = document.getElementsByTagNameNS(
+                XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
+                XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
+        );
+        assertEquals(encryptedElements.getLength(), 1);
+    }
+
+    @Test
+    public void testEncryptionIdToSecureSupersedesName() throws Exception {
+        String xml = "<?xml version='1.0'?>\n" +
+                "<Root>\n" +
+                "  <Branch1 attr1='abc'/>\n" +
+                "  <Branch2 attr1='def'/>\n" +
+                "</Root>\n";
+        XMLSecurityProperties properties = new XMLSecurityProperties();
+        properties.setIdAttributeNS(new QName("attr1"));
+        properties.setActions(Collections.singletonList(XMLSecurityConstants.ENCRYPT));
+        SecurePart securePart = new SecurePart(new QName("Branch1"), SecurePart.Modifier.Element);
+        securePart.setIdToSecure("def");
+        properties.addEncryptionPart(securePart);
+        byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes(StandardCharsets.US_ASCII);
+        SecretKey transportKey = new SecretKeySpec(bits192, "AES");
+        properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#kw-aes192");
+        properties.setEncryptionTransportKey(transportKey);
+        properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+        ByteArrayOutputStream encryptedOut = new ByteArrayOutputStream();
+        XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(encryptedOut, StandardCharsets.UTF_8.name());
+        InputStream sourceDocument = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
+        XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+        XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+        xmlStreamWriter.close();
+        byte[] encryptedData = encryptedOut.toByteArray();
+//        System.out.println(new String(encryptedOut.toByteArray(), StandardCharsets.UTF_8));
+        Document document = XMLUtils.read(new ByteArrayInputStream(encryptedData), false);
+        NodeList encryptedElements = document.getElementsByTagNameNS(
+                XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(),
+                XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()
+        );
+        assertEquals(1, encryptedElements.getLength());
+        assertEquals(1, document.getElementsByTagName("Branch1").getLength());
+        assertEquals(0, document.getElementsByTagName("Branch2").getLength());
+    }
+
     /**
      * Decrypt the document using DOM API and run some tests on the decrypted Document.
      */