8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String

Reviewed-by: xuelei

8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
Reviewed-by: xuelei
6cfe48a5 · mullan · 6193af7a · 6cfe48a5 · 6cfe48a5
2 changed file
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
@@ -934,7 +934,7 @@ public class XMLUtils {
        Element foundElement = null;
        String id = value.trim();
-        if (id.charAt(0) == '#') {
+        if (!id.isEmpty() && id.charAt(0) == '#') {
            id = id.substring(1);
        }
@@ -994,7 +994,7 @@ public class XMLUtils {
        Node processedNode = null;
        String id = value.trim();
-        if (id.charAt(0) == '#') {
+        if (!id.isEmpty() && id.charAt(0) == '#') {
            id = id.substring(1);
        }

--- a/test/javax/xml/crypto/dsig/GenerationTests.java
+++ b/test/javax/xml/crypto/dsig/GenerationTests.java
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 /**
 * @test
- * @bug 4635230 6283345 6303830 6824440 6867348 7094155
+ * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184
 * @summary Basic unit tests for generating XML Signatures with JSR 105
 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java
 *     X509KeySelector.java GenerationTests.java
@@ -135,6 +135,7 @@ public class GenerationTests {
        test_create_signature_enveloping_sha512_rsa_sha512();
        test_create_signature_reference_dependency();
        test_create_signature_with_attr_in_no_namespace();
+        test_create_signature_with_empty_id();
    }
    private static void setup() throws Exception {
@@ -509,6 +510,30 @@ public class GenerationTests {
        System.out.println();
    }
+    static void test_create_signature_with_empty_id() throws Exception {
+        System.out.println("* Generating signature-with-empty-id.xml");
+        // create references
+        List<Reference> refs = Collections.singletonList
+            (fac.newReference("#", sha1));
+        // create SignedInfo
+        SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
+        // create object with empty id
+        Document doc = db.newDocument();
+        XMLObject obj = fac.newXMLObject(Collections.singletonList
+            (new DOMStructure(doc.createTextNode("I am the text."))),
+            "", "text/plain", null);
+        // create XMLSignature
+        XMLSignature sig = fac.newXMLSignature(si, rsa,
+                                               Collections.singletonList(obj),
+                                               "signature", null);
+        DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc);
+        sig.sign(dsc);
+    }
    static void test_create_signature() throws Exception {
        System.out.println("* Generating signature.xml");