X509Certificates duplicated when added to an X509Data's certificate list

Question

I am trying to add a certificate to an X509Data object in OpenSAML. When I do this, however, the certificate appears to get added twice. The code below demonstrates this. Am I doing something silly?

import org.junit.Test;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;

import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;


public class BrokenListAdditionTest {
    @Test
    public void shouldNotFail() throws ConfigurationException {
        DefaultBootstrap.bootstrap();

        XMLObjectBuilderFactory openSamlBuilderFactory = Configuration.getBuilderFactory();
        X509Certificate x509Certificate = (X509Certificate) openSamlBuilderFactory.getBuilder(X509Certificate.DEFAULT_ELEMENT_NAME).buildObject(X509Certificate.DEFAULT_ELEMENT_NAME, X509Certificate.DEFAULT_ELEMENT_NAME);
        x509Certificate.setValue("foo-value");
        X509Data x509Data = (X509Data) openSamlBuilderFactory.getBuilder(X509Data.DEFAULT_ELEMENT_NAME).buildObject(X509Data.DEFAULT_ELEMENT_NAME, X509Data.TYPE_NAME);
        x509Data.getX509Certificates().add(x509Certificate);

        assertThat(x509Data.getX509Certificates().size(), is(1)); // Fails, because size() is 2!?
    }
}

Strange stuff, I'm looking into it. Seems to have something to do with indexing. I'll get back to you — Stefan Rasmusson, Jan 15 '13 at 08:42
@Stefan Thanks Stefan - have you had any luck reproducing/fixing this? — Zoodor, Jan 17 '13 at 09:16

score 1 · Answer 1 · answered Jan 17 '13 at 12:52

It is strange and I have not been able to find a good explanation for it. As i said in the comment it seems to be some kind of indexing being done.

However I have tried marshaling the element into XML and every thing looks fine there. So I think you can use this anyway.

<?xml version="1.0" encoding="UTF-8"?>
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ds:X509DataType">
<ds:X509Certificate xsi:type="ds:X509Certificate">foo-value</ds:X509Certificate>
</ds:X509Data>

Good to know that marshalling is unaffected; just a bit annoying that size() can't be trusted once an item has been added. — Zoodor, Jan 17 '13 at 17:06

X509Certificates duplicated when added to an X509Data's certificate list

1 Answers1