From 7142a24cac663398f49bc859b553401b889f96e3 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 19 Jan 2010 20:12:47 +0000
Subject: [PATCH] https://issues.shibboleth.net/jira/browse/CPPOST-41

---
 saml/signature/ContentReference.cpp        | 55 +++++++-----------------------
 saml/signature/ContentReference.h          |  7 ----
 samltest/data/signature/SAML1Assertion.xml | 10 +++---
 samltest/data/signature/SAML1Request.xml   | 10 +++---
 samltest/data/signature/SAML1Response.xml  | 22 +++++-------
 samltest/data/signature/SAML2Assertion.xml | 10 +++---
 6 files changed, 34 insertions(+), 80 deletions(-)

diff --git a/saml/signature/ContentReference.cpp b/saml/signature/ContentReference.cpp
index 3f2674f..497f783 100644
--- a/saml/signature/ContentReference.cpp
+++ b/saml/signature/ContentReference.cpp
@@ -66,40 +66,30 @@ void ContentReference::createReferences(DSIGSignature* sig)
     
     ref->appendEnvelopedSignatureTransform();
     DSIGTransformC14n* c14n=ref->appendCanonicalizationTransform(m_c14n ? m_c14n : DSIGConstants::s_unicodeStrURIEXC_C14N_NOC);
+
     if (!m_c14n || m_c14n == DSIGConstants::s_unicodeStrURIEXC_C14N_NOC || m_c14n == DSIGConstants::s_unicodeStrURIEXC_C14N_COM) {
-        addPrefixes(m_signableObject);
-#ifdef HAVE_GOOD_STL
+        // Compute inclusive prefix set.
+        set<xstring> prefix_set;
+        XMLHelper::getNonVisiblyUsedPrefixes(m_signableObject, prefix_set);
+        prefix_set.insert(m_prefixes.begin(), m_prefixes.end());
+
+        // Build up the string of prefixes.
         xstring prefixes;
-        for (set<xstring>::const_iterator p = m_prefixes.begin(); p!=m_prefixes.end(); ++p)
-            prefixes += *p + chSpace;
+        static const XMLCh _default[] = { chPound, chLatin_d, chLatin_e, chLatin_f, chLatin_a, chLatin_u, chLatin_l, chLatin_t, chNull };
+        for (set<xstring>::const_iterator p = prefix_set.begin(); p != prefix_set.end(); ++p) {
+            prefixes += (p->empty() ? _default : p->c_str());
+            prefixes += chSpace;
+        }
         if (!prefixes.empty()) {
             prefixes.erase(prefixes.begin() + prefixes.size() - 1);
             c14n->setInclusiveNamespaces(XMLString::replicate(prefixes.c_str()));
         }
-#else
-        for (set<string>::const_iterator p = m_prefixes.begin(); p!=m_prefixes.end(); ++p)
-            c14n->addInclusiveNamespace(p->c_str());
-#endif
     }
 }
 
 void ContentReference::addInclusivePrefix(const XMLCh* prefix)
 {
-    static const XMLCh _default[] = { chPound, chLatin_d, chLatin_e, chLatin_f, chLatin_a, chLatin_u, chLatin_l, chLatin_t, chNull };
-
-#ifdef HAVE_GOOD_STL
-    if (prefix && *prefix)
-        m_prefixes.insert(prefix);
-    else
-        m_prefixes.insert(_default);
-#else
-    if (prefix && *prefix) {
-        auto_ptr_char p(prefix);
-        m_prefixes.insert(p.get());
-    }
-    else
-        m_prefixes.insert("#default");
-#endif
+    m_prefixes.insert(prefix ? prefix : &chNull);
 }
 
 void ContentReference::setDigestAlgorithm(const XMLCh* digest)
@@ -111,22 +101,3 @@ void ContentReference::setCanonicalizationMethod(const XMLCh* c14n)
 {
     m_c14n = c14n;
 }
-
-void ContentReference::addPrefixes(const std::set<Namespace>& namespaces)
-{
-    for (set<Namespace>::const_iterator n = namespaces.begin(); n!=namespaces.end(); ++n) {
-        // Check for xmlns:xml.
-        if (!XMLString::equals(n->getNamespacePrefix(), xmlconstants::XML_PREFIX) || !XMLString::equals(n->getNamespaceURI(), xmlconstants::XML_NS))
-            addInclusivePrefix(n->getNamespacePrefix());
-    }
-}
-
-void ContentReference::addPrefixes(const XMLObject& xmlObject)
-{
-    addPrefixes(xmlObject.getNamespaces());
-    const list<XMLObject*>& children = xmlObject.getOrderedChildren();
-    for (list<XMLObject*>::const_iterator child = children.begin(); child!=children.end(); ++child) {
-        if (*child)
-            addPrefixes(*(*child));
-    }
-}
diff --git a/saml/signature/ContentReference.h b/saml/signature/ContentReference.h
index 283267a..6ff8f3d 100644
--- a/saml/signature/ContentReference.h
+++ b/saml/signature/ContentReference.h
@@ -95,15 +95,8 @@ namespace opensaml {
         void setCanonicalizationMethod(const XMLCh* c14n);
         
     private:
-        void addPrefixes(const std::set<xmltooling::Namespace>& namespaces);
-        void addPrefixes(const xmltooling::XMLObject& xmlObject);
-
         const SignableObject& m_signableObject;
-#ifdef HAVE_GOOD_STL
         std::set<xmltooling::xstring> m_prefixes;
-#else
-        std::set<std::string> m_prefixes;
-#endif
         const XMLCh* m_digest;
         const XMLCh* m_c14n;
     };
diff --git a/samltest/data/signature/SAML1Assertion.xml b/samltest/data/signature/SAML1Assertion.xml
index a27a820..8e9f950 100644
--- a/samltest/data/signature/SAML1Assertion.xml
+++ b/samltest/data/signature/SAML1Assertion.xml
@@ -9,17 +9,15 @@ AuthenticationMethod="method"
 <ds:Reference URI="#ident">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
-<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml"/>
-</ds:Transform>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
 <ds:DigestValue>j2GRm2UDOBvxwlzvX0fjXYeAGIA=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>noFPfzQYxU1saeMUTiuX0SuMtNfI78cBqrzsxB7SnwJ2ea/DBrG4FnXQ3swQLfsv
-OX1Sy3zvUSWDte91Tr+SAVD0oUsk+wx5dQrDX9aQnYq5b8snbWpJRskiQYKFYfGG
-sIovi2m9YOS7FuyOHemMlDc+AMiLFz+wYL6mNXNKuL8=</ds:SignatureValue>
+<ds:SignatureValue>AA5098JC4gfdAf2bvPQRZ9Ld/VehXAB3uhp0r4js4i6fMB3hGMs4VnE9iEJEsPDD
+0Kj4cfewxHij/kHrWcxpKMMqIgGlqKYZhuQHfFt8GzDeeFIgu1R675jcN4uCOoWl
+3aRVd9hgPRsXzf7/RkMiXHIsU/NjUPRKf7GjNt2jNT0=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
diff --git a/samltest/data/signature/SAML1Request.xml b/samltest/data/signature/SAML1Request.xml
index a33c912..86dfe43 100644
--- a/samltest/data/signature/SAML1Request.xml
+++ b/samltest/data/signature/SAML1Request.xml
@@ -6,17 +6,15 @@ MajorVersion="1" MinorVersion="1" RequestID="ident"><ds:Signature xmlns:ds="http
 <ds:Reference URI="#ident">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
-<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp"/>
-</ds:Transform>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
 <ds:DigestValue>pqhIt8nUldh3KVL6IEewRxKXYhM=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>LZjrLObm21F7WoLEpuzKs9d+R9+qqyh1YOiwc5P1vfFDadrk+bPCQFR/RpkjJpNw
-fnUONvYshTjltqLqHSNCNbBoYdK1AZxP8/ucqIK1jqi88FDao2ZccenEscDnjjrW
-ZwoFCcR5Mx5oie5wmBzKqStjh0aGP5JVXW2gerULpLI=</ds:SignatureValue>
+<ds:SignatureValue>UE5p832pLFYvMloRofN3y0rrFY7B8zOcF7+CHYyxFn6pqgPeEYGqkbUWlV15/tJ5
+wXJ3LiLQroYQI3XHPvKRSV4OtF9ZFm4QDK7RNd6gnUmHed6Zje//e6z2ekA0UzTl
+IeWCuD84mWemMJzRAhSFKcnqJDBHA61Krvg1kf/2c2E=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
diff --git a/samltest/data/signature/SAML1Response.xml b/samltest/data/signature/SAML1Response.xml
index ff2d58c..ef8b263 100644
--- a/samltest/data/signature/SAML1Response.xml
+++ b/samltest/data/signature/SAML1Response.xml
@@ -5,17 +5,15 @@
 <ds:Reference URI="#rident">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
-<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp"/>
-</ds:Transform>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>DZzCmg8AWJp4jG9J7OGIZ72oSlE=</ds:DigestValue>
+<ds:DigestValue>LLd/E9wNLNBk2y3QM5Hnus2bfbU=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>CkkbbVTtfN4Ib5/tydsNYKob2vBM0aPNyVre4iCWaxMpCqeuyLzsBQI+H9a0YfZX
-ykSBgP+mmPku5U1Lu3zn9+X5JK4lztDH4VsQteXJIRUnHipWZQSOeso8Wq5JQ/+0
-Qrp+HPi+9L8K1FGYJ5/Wfl2XlMSET/bM4jk6GiykFiw=</ds:SignatureValue>
+<ds:SignatureValue>sJJgyDky3ddp2PGAgBEHAl3BhPs9uI8gJSeb9NQ3C/frkX8S/maAWaX49nzncX9s
+8npru0M8CvluArgE7EtPAPoSfcT+M1nmpqn5vikkMN1V6rd7ogwTik9A/c7zv+E7
+OZwJtSDDBV7dwB3645iJUHW4SGxRyJUOiaAKHf7thwc=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
@@ -41,17 +39,15 @@ AuthenticationMethod="method"><saml:Subject><saml:NameIdentifier>John Doe</saml:
 <ds:Reference URI="#aident">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
-<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml"/>
-</ds:Transform>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
 <ds:DigestValue>/owFROXYYru5+/j0TpHEz+hjXqY=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>xttzgmYBtjqoxeKRkScW6dIkE5pGyBeTcajAevaquJeAKrRcagu2on/4Apq5xsse
-tgdkQnMUV+yPHKw+t0tXGUJCnL286/ePGdz2TAVIg5idT7H6TxFLgUbCO4xoKH4h
-zGQjxxPZvXbb7z9XTAqIkyW1QbaC20i+IOkk1ZQiBEU=</ds:SignatureValue>
+<ds:SignatureValue>d4SsRgDSjboTRA2YUD68TPp+17AqRmxbY/LrWJhueIC/JY+Ct7+Fd6bugUXliIeD
+NVRDACsEB7PqYWZ99+Ecf8XAmQYCw5elj8mWxPp0o+UVHtBZOR2bC+/YjNitSM+x
+G/F3JgZqfunUcg7mcj6WEAUt4pjKhjaTY8Z7QJltdKc=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
diff --git a/samltest/data/signature/SAML2Assertion.xml b/samltest/data/signature/SAML2Assertion.xml
index 3b5fd21..9f409c3 100644
--- a/samltest/data/signature/SAML2Assertion.xml
+++ b/samltest/data/signature/SAML2Assertion.xml
@@ -6,17 +6,15 @@ Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://ww
 <ds:Reference URI="#ident">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
-<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml"/>
-</ds:Transform>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
 <ds:DigestValue>8DSEsWJl4wOiwY15f7fAurDWpbo=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
-<ds:SignatureValue>rOtKGQFdqy51HXwY20wEPgkITlwllm//yJkIWTQdWbMSA+Eb9B+NWOSj+8MEWe5b
-jaM1lJ8as3hbetUMKNPKO2mX1M08cveth7mPG9VsJVArvLsn8UYyNX7WUDzCUu0G
-aVHlZYCFeixUPS/NaXVWvtb7CUyNV4vPnsPYIEI1+gQ=</ds:SignatureValue>
+<ds:SignatureValue>zgKU42nQKyB9m8RkDz1I2r7h0N9pc5ys9kve7oN9/Dugrn583/3bMgQBfk1rw4Pq
+BfztAZNcf2lstzvgpVB9fVTsTUuEDtT0mhc+f5t8kbCkABGu0SrfCnDjbYpmEeLC
+j8rJO4aSZIV4tN21aAkQyys28l4oB3KGTTDASjEPVgQ=</ds:SignatureValue>
 <ds:KeyInfo><ds:KeyName>sp.example.org</ds:KeyName><ds:X509Data><ds:X509SubjectName>CN=sp.example.org,O=Internet2,C=US</ds:X509SubjectName><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
 BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
 b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
-- 
2.1.4