From 921f9db82e7e2f6599463c46d4b500a6efee77af Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Apr 2022 23:11:13 +0000
Subject: [PATCH] Bump github.com/russellhaering/goxmldsig from 1.1.0 to 1.2.0

Bumps [github.com/russellhaering/goxmldsig](https://github.com/russellhaering/goxmldsig) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/russellhaering/goxmldsig/releases)
- [Commits](https://github.com/russellhaering/goxmldsig/compare/v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/russellhaering/goxmldsig
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod                                        |   2 +-
 go.sum                                        |   4 +-
 .../russellhaering/goxmldsig/README.md        |   2 +-
 .../russellhaering/goxmldsig/canonicalize.go  | 109 ++++++++++++------
 .../goxmldsig/etreeutils/canonicalize.go      |  19 ++-
 .../russellhaering/goxmldsig/validate.go      |  36 +++---
 .../russellhaering/goxmldsig/xml_constants.go |  11 +-
 vendor/modules.txt                            |   2 +-
 8 files changed, 123 insertions(+), 62 deletions(-)

diff --git a/go.mod b/go.mod
index 8c46b8ab..2792e0f8 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/google/go-cmp v0.5.5
 	github.com/kr/pretty v0.3.0
 	github.com/mattermost/xml-roundtrip-validator v0.1.0
-	github.com/russellhaering/goxmldsig v1.1.1
+	github.com/russellhaering/goxmldsig v1.2.0
 	github.com/zenazn/goji v1.0.1
 	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
 	gotest.tools v2.2.0+incompatible
diff --git a/go.sum b/go.sum
index 600aad56..1bab4d5d 100644
--- a/go.sum
+++ b/go.sum
@@ -33,8 +33,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/russellhaering/goxmldsig v1.1.1 h1:vI0r2osGF1A9PLvsGdPUAGwEIrKa4Pj5sesSBsebIxM=
-github.com/russellhaering/goxmldsig v1.1.1/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
+github.com/russellhaering/goxmldsig v1.2.0 h1:Y6GTTc9Un5hCxSzVz4UIWQ/zuVwDvzJk80guqzwx6Vg=
+github.com/russellhaering/goxmldsig v1.2.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
diff --git a/vendor/github.com/russellhaering/goxmldsig/README.md b/vendor/github.com/russellhaering/goxmldsig/README.md
index 9464e61e..a7758875 100644
--- a/vendor/github.com/russellhaering/goxmldsig/README.md
+++ b/vendor/github.com/russellhaering/goxmldsig/README.md
@@ -1,6 +1,6 @@
 # goxmldsig
 
-[![Build Status](https://travis-ci.org/russellhaering/goxmldsig.svg?branch=master)](https://travis-ci.org/russellhaering/goxmldsig)
+![Build Status](https://github.com/russellhaering/goxmldsig/actions/workflows/test.yml/badge.svg?branch=main)
 [![GoDoc](https://godoc.org/github.com/russellhaering/goxmldsig?status.svg)](https://godoc.org/github.com/russellhaering/goxmldsig)
 
 XML Digital Signatures implemented in pure Go.
diff --git a/vendor/github.com/russellhaering/goxmldsig/canonicalize.go b/vendor/github.com/russellhaering/goxmldsig/canonicalize.go
index 05655ebc..75392d13 100644
--- a/vendor/github.com/russellhaering/goxmldsig/canonicalize.go
+++ b/vendor/github.com/russellhaering/goxmldsig/canonicalize.go
@@ -26,11 +26,12 @@ func (c *NullCanonicalizer) Algorithm() AlgorithmID {
 
 func (c *NullCanonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
 	scope := make(map[string]struct{})
-	return canonicalSerialize(canonicalPrep(el, scope, false))
+	return canonicalSerialize(canonicalPrep(el, scope, false, true))
 }
 
 type c14N10ExclusiveCanonicalizer struct {
 	prefixList string
+	comments   bool
 }
 
 // MakeC14N10ExclusiveCanonicalizerWithPrefixList constructs an exclusive Canonicalizer
@@ -38,12 +39,22 @@ type c14N10ExclusiveCanonicalizer struct {
 func MakeC14N10ExclusiveCanonicalizerWithPrefixList(prefixList string) Canonicalizer {
 	return &c14N10ExclusiveCanonicalizer{
 		prefixList: prefixList,
+		comments:   false,
+	}
+}
+
+// MakeC14N10ExclusiveWithCommentsCanonicalizerWithPrefixList constructs an exclusive Canonicalizer
+// from a PrefixList in NMTOKENS format (a white space separated list).
+func MakeC14N10ExclusiveWithCommentsCanonicalizerWithPrefixList(prefixList string) Canonicalizer {
+	return &c14N10ExclusiveCanonicalizer{
+		prefixList: prefixList,
+		comments:   true,
 	}
 }
 
 // Canonicalize transforms the input Element into a serialized XML document in canonical form.
 func (c *c14N10ExclusiveCanonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
-	err := etreeutils.TransformExcC14n(el, c.prefixList)
+	err := etreeutils.TransformExcC14n(el, c.prefixList, c.comments)
 	if err != nil {
 		return nil, err
 	}
@@ -52,58 +63,73 @@ func (c *c14N10ExclusiveCanonicalizer) Canonicalize(el *etree.Element) ([]byte,
 }
 
 func (c *c14N10ExclusiveCanonicalizer) Algorithm() AlgorithmID {
+	if c.comments {
+		return CanonicalXML10ExclusiveWithCommentsAlgorithmId
+	}
 	return CanonicalXML10ExclusiveAlgorithmId
 }
 
-type c14N11Canonicalizer struct{}
+type c14N11Canonicalizer struct {
+	comments bool
+}
 
 // MakeC14N11Canonicalizer constructs an inclusive canonicalizer.
 func MakeC14N11Canonicalizer() Canonicalizer {
-	return &c14N11Canonicalizer{}
+	return &c14N11Canonicalizer{
+		comments: false,
+	}
+}
+
+// MakeC14N11WithCommentsCanonicalizer constructs an inclusive canonicalizer.
+func MakeC14N11WithCommentsCanonicalizer() Canonicalizer {
+	return &c14N11Canonicalizer{
+		comments: true,
+	}
 }
 
 // Canonicalize transforms the input Element into a serialized XML document in canonical form.
 func (c *c14N11Canonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
 	scope := make(map[string]struct{})
-	return canonicalSerialize(canonicalPrep(el, scope, true))
+	return canonicalSerialize(canonicalPrep(el, scope, true, c.comments))
 }
 
 func (c *c14N11Canonicalizer) Algorithm() AlgorithmID {
+	if c.comments {
+		return CanonicalXML11WithCommentsAlgorithmId
+	}
 	return CanonicalXML11AlgorithmId
 }
 
-type c14N10RecCanonicalizer struct{}
+type c14N10RecCanonicalizer struct {
+	comments bool
+}
 
 // MakeC14N10RecCanonicalizer constructs an inclusive canonicalizer.
 func MakeC14N10RecCanonicalizer() Canonicalizer {
-	return &c14N10RecCanonicalizer{}
+	return &c14N10RecCanonicalizer{
+		comments: false,
+	}
+}
+
+// MakeC14N10WithCommentsCanonicalizer constructs an inclusive canonicalizer.
+func MakeC14N10WithCommentsCanonicalizer() Canonicalizer {
+	return &c14N10RecCanonicalizer{
+		comments: true,
+	}
 }
 
 // Canonicalize transforms the input Element into a serialized XML document in canonical form.
 func (c *c14N10RecCanonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
 	scope := make(map[string]struct{})
-	return canonicalSerialize(canonicalPrep(el, scope, true))
+	return canonicalSerialize(canonicalPrep(el, scope, true, c.comments))
 }
 
 func (c *c14N10RecCanonicalizer) Algorithm() AlgorithmID {
+	if c.comments {
+		return CanonicalXML10WithCommentsAlgorithmId
+	}
 	return CanonicalXML10RecAlgorithmId
-}
-
-type c14N10CommentCanonicalizer struct{}
-
-// MakeC14N10CommentCanonicalizer constructs an inclusive canonicalizer.
-func MakeC14N10CommentCanonicalizer() Canonicalizer {
-	return &c14N10CommentCanonicalizer{}
-}
-
-// Canonicalize transforms the input Element into a serialized XML document in canonical form.
-func (c *c14N10CommentCanonicalizer) Canonicalize(el *etree.Element) ([]byte, error) {
-	scope := make(map[string]struct{})
-	return canonicalSerialize(canonicalPrep(el, scope, true))
-}
 
-func (c *c14N10CommentCanonicalizer) Algorithm() AlgorithmID {
-	return CanonicalXML10CommentAlgorithmId
 }
 
 func composeAttr(space, key string) string {
@@ -132,7 +158,7 @@ const nsSpace = "xmlns"
 //
 // TODO(russell_h): This is very similar to excCanonicalPrep - perhaps they should
 // be unified into one parameterized function?
-func canonicalPrep(el *etree.Element, seenSoFar map[string]struct{}, strip bool) *etree.Element {
+func canonicalPrep(el *etree.Element, seenSoFar map[string]struct{}, strip bool, comments bool) *etree.Element {
 	_seenSoFar := make(map[string]struct{})
 	for k, v := range seenSoFar {
 		_seenSoFar[k] = v
@@ -140,16 +166,29 @@ func canonicalPrep(el *etree.Element, seenSoFar map[string]struct{}, strip bool)
 
 	ne := el.Copy()
 	sort.Sort(etreeutils.SortedAttrs(ne.Attr))
-	if len(ne.Attr) != 0 {
-		for _, attr := range ne.Attr {
-			if attr.Space != nsSpace {
-				continue
-			}
-			key := attr.Space + ":" + attr.Key
-			if _, seen := _seenSoFar[key]; seen {
-				ne.RemoveAttr(attr.Space + ":" + attr.Key)
+	n := 0
+	for _, attr := range ne.Attr {
+		if attr.Space != nsSpace {
+			ne.Attr[n] = attr
+			n++
+			continue
+		}
+		key := attr.Space + ":" + attr.Key
+		if _, seen := _seenSoFar[key]; !seen {
+			ne.Attr[n] = attr
+			n++
+			_seenSoFar[key] = struct{}{}
+		}
+	}
+	ne.Attr = ne.Attr[:n]
+
+	if !comments {
+		c := 0
+		for c < len(ne.Child) {
+			if _, ok := ne.Child[c].(*etree.Comment); ok {
+				ne.RemoveChildAt(c)
 			} else {
-				_seenSoFar[key] = struct{}{}
+				c++
 			}
 		}
 	}
@@ -157,7 +196,7 @@ func canonicalPrep(el *etree.Element, seenSoFar map[string]struct{}, strip bool)
 	for i, token := range ne.Child {
 		childElement, ok := token.(*etree.Element)
 		if ok {
-			ne.Child[i] = canonicalPrep(childElement, _seenSoFar, strip)
+			ne.Child[i] = canonicalPrep(childElement, _seenSoFar, strip, comments)
 		}
 	}
 
diff --git a/vendor/github.com/russellhaering/goxmldsig/etreeutils/canonicalize.go b/vendor/github.com/russellhaering/goxmldsig/etreeutils/canonicalize.go
index e9f8deb1..8437fe40 100644
--- a/vendor/github.com/russellhaering/goxmldsig/etreeutils/canonicalize.go
+++ b/vendor/github.com/russellhaering/goxmldsig/etreeutils/canonicalize.go
@@ -8,7 +8,7 @@ import (
 )
 
 // TransformExcC14n transforms the passed element into xml-exc-c14n form.
-func TransformExcC14n(el *etree.Element, inclusiveNamespacesPrefixList string) error {
+func TransformExcC14n(el *etree.Element, inclusiveNamespacesPrefixList string, comments bool) error {
 	prefixes := strings.Fields(inclusiveNamespacesPrefixList)
 	prefixSet := make(map[string]struct{}, len(prefixes))
 
@@ -16,7 +16,7 @@ func TransformExcC14n(el *etree.Element, inclusiveNamespacesPrefixList string) e
 		prefixSet[prefix] = struct{}{}
 	}
 
-	err := transformExcC14n(DefaultNSContext, DefaultNSContext, el, prefixSet)
+	err := transformExcC14n(DefaultNSContext, DefaultNSContext, el, prefixSet, comments)
 	if err != nil {
 		return err
 	}
@@ -24,7 +24,7 @@ func TransformExcC14n(el *etree.Element, inclusiveNamespacesPrefixList string) e
 	return nil
 }
 
-func transformExcC14n(ctx, declared NSContext, el *etree.Element, inclusiveNamespaces map[string]struct{}) error {
+func transformExcC14n(ctx, declared NSContext, el *etree.Element, inclusiveNamespaces map[string]struct{}, comments bool) error {
 	scope, err := ctx.SubContext(el)
 	if err != nil {
 		return err
@@ -86,9 +86,20 @@ func transformExcC14n(ctx, declared NSContext, el *etree.Element, inclusiveNames
 
 	sort.Sort(SortedAttrs(el.Attr))
 
+	if !comments {
+		c := 0
+		for c < len(el.Child) {
+			if _, ok := el.Child[c].(*etree.Comment); ok {
+				el.RemoveChildAt(c)
+			} else {
+				c++
+			}
+		}
+	}
+
 	// Transform child elements
 	for _, child := range el.ChildElements() {
-		err := transformExcC14n(scope, declared, child, inclusiveNamespaces)
+		err := transformExcC14n(scope, declared, child, inclusiveNamespaces, comments)
 		if err != nil {
 			return err
 		}
diff --git a/vendor/github.com/russellhaering/goxmldsig/validate.go b/vendor/github.com/russellhaering/goxmldsig/validate.go
index 84045858..2c65ca1c 100644
--- a/vendor/github.com/russellhaering/goxmldsig/validate.go
+++ b/vendor/github.com/russellhaering/goxmldsig/validate.go
@@ -21,7 +21,7 @@ var (
 	// ErrMissingSignature indicates that no enveloped signature was found referencing
 	// the top level element passed for signature verification.
 	ErrMissingSignature = errors.New("Missing signature referencing the top-level element")
-	ErrInvalidSignature = errors.New( "Invalid Signature")
+	ErrInvalidSignature = errors.New("Invalid Signature")
 )
 
 type ValidationContext struct {
@@ -70,7 +70,7 @@ func mapPathToElement(tree, el *etree.Element) []int {
 	for i, child := range tree.Child {
 		if childElement, ok := child.(*etree.Element); ok {
 			childPath := mapPathToElement(childElement, el)
-			if childElement != nil {
+			if childPath != nil {
 				return append([]int{i}, childPath...)
 			}
 		}
@@ -138,14 +138,25 @@ func (ctx *ValidationContext) transform(
 
 			canonicalizer = MakeC14N10ExclusiveCanonicalizerWithPrefixList(prefixList)
 
+		case CanonicalXML10ExclusiveWithCommentsAlgorithmId:
+			var prefixList string
+			if transform.InclusiveNamespaces != nil {
+				prefixList = transform.InclusiveNamespaces.PrefixList
+			}
+
+			canonicalizer = MakeC14N10ExclusiveWithCommentsCanonicalizerWithPrefixList(prefixList)
+
 		case CanonicalXML11AlgorithmId:
 			canonicalizer = MakeC14N11Canonicalizer()
 
+		case CanonicalXML11WithCommentsAlgorithmId:
+			canonicalizer = MakeC14N11WithCommentsCanonicalizer()
+
 		case CanonicalXML10RecAlgorithmId:
 			canonicalizer = MakeC14N10RecCanonicalizer()
 
-		case CanonicalXML10CommentAlgorithmId:
-			canonicalizer = MakeC14N10CommentCanonicalizer()
+		case CanonicalXML10WithCommentsAlgorithmId:
+			canonicalizer = MakeC14N10WithCommentsCanonicalizer()
 
 		default:
 			return nil, nil, errors.New("Unknown Transform Algorithm: " + algo)
@@ -353,9 +364,9 @@ func (ctx *ValidationContext) findSignature(root *etree.Element) (*types.Signatu
 
 				var canonicalSignedInfo *etree.Element
 
-				switch AlgorithmID(c14NAlgorithm) {
-				case CanonicalXML10ExclusiveAlgorithmId:
-					err := etreeutils.TransformExcC14n(detachedSignedInfo, "")
+				switch alg := AlgorithmID(c14NAlgorithm); alg {
+				case CanonicalXML10ExclusiveAlgorithmId, CanonicalXML10ExclusiveWithCommentsAlgorithmId:
+					err := etreeutils.TransformExcC14n(detachedSignedInfo, "", alg == CanonicalXML10ExclusiveWithCommentsAlgorithmId)
 					if err != nil {
 						return err
 					}
@@ -366,14 +377,11 @@ func (ctx *ValidationContext) findSignature(root *etree.Element) (*types.Signatu
 					// removing of elements below.
 					canonicalSignedInfo = detachedSignedInfo
 
-				case CanonicalXML11AlgorithmId:
-					canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}, true)
-
-				case CanonicalXML10RecAlgorithmId:
-					canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}, true)
+				case CanonicalXML11AlgorithmId, CanonicalXML10RecAlgorithmId:
+					canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}, true, false)
 
-				case CanonicalXML10CommentAlgorithmId:
-					canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}, true)
+				case CanonicalXML11WithCommentsAlgorithmId, CanonicalXML10WithCommentsAlgorithmId:
+					canonicalSignedInfo = canonicalPrep(detachedSignedInfo, map[string]struct{}{}, true, true)
 
 				default:
 					return fmt.Errorf("invalid CanonicalizationMethod on Signature: %s", c14NAlgorithm)
diff --git a/vendor/github.com/russellhaering/goxmldsig/xml_constants.go b/vendor/github.com/russellhaering/goxmldsig/xml_constants.go
index c4b815b2..d2b98e25 100644
--- a/vendor/github.com/russellhaering/goxmldsig/xml_constants.go
+++ b/vendor/github.com/russellhaering/goxmldsig/xml_constants.go
@@ -47,11 +47,14 @@ const (
 //Well-known signature algorithms
 const (
 	// Supported canonicalization algorithms
-	CanonicalXML10ExclusiveAlgorithmId AlgorithmID = "http://www.w3.org/2001/10/xml-exc-c14n#"
-	CanonicalXML11AlgorithmId          AlgorithmID = "http://www.w3.org/2006/12/xml-c14n11"
+	CanonicalXML10ExclusiveAlgorithmId             AlgorithmID = "http://www.w3.org/2001/10/xml-exc-c14n#"
+	CanonicalXML10ExclusiveWithCommentsAlgorithmId AlgorithmID = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
 
-	CanonicalXML10RecAlgorithmId     AlgorithmID = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
-	CanonicalXML10CommentAlgorithmId AlgorithmID = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+	CanonicalXML11AlgorithmId             AlgorithmID = "http://www.w3.org/2006/12/xml-c14n11"
+	CanonicalXML11WithCommentsAlgorithmId AlgorithmID = "http://www.w3.org/2006/12/xml-c14n11#WithComments"
+
+	CanonicalXML10RecAlgorithmId          AlgorithmID = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
+	CanonicalXML10WithCommentsAlgorithmId AlgorithmID = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
 
 	EnvelopedSignatureAltorithmId AlgorithmID = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
 )
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 3147a2da..1c98756e 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -37,7 +37,7 @@ github.com/pkg/errors
 # github.com/rogpeppe/go-internal v1.8.0
 ## explicit; go 1.11
 github.com/rogpeppe/go-internal/fmtsort
-# github.com/russellhaering/goxmldsig v1.1.1
+# github.com/russellhaering/goxmldsig v1.2.0
 ## explicit; go 1.15
 github.com/russellhaering/goxmldsig
 github.com/russellhaering/goxmldsig/etreeutils