6469266: Integrate Apache XMLSec 1.4.2 into JDK 7

Reviewed-by: valeriep

src/share/classes/com/sun/org/apache/xml/internal/security/Init.java

@@ -20,12 +20,9 @@
  */
 package com.sun.org.apache.xml.internal.security;
 
-
-
 import java.io.InputStream;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
-
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
@@ -51,7 +48,7 @@ import org.w3c.dom.Node;
  * done by calling {@link Init#init} which should be done in any static block
  * of the files of this library. We ensure that this call is only executed once.
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public final class Init {
 
@@ -113,19 +110,18 @@ public final class Init {
             dbf.setValidating(false);
 
             DocumentBuilder db = dbf.newDocumentBuilder();
-
             // We don't allow users to override the Apache XML Security
             // configuration in the JRE. Users should use the standard security
             // provider mechanism instead if implementing their own
             // transform or canonicalization algorithms.
-            // String cfile = System.getProperty("com.sun.org.apache.xml.internal.security.resource.config");
-            // InputStream is =
-            //     Class.forName("com.sun.org.apache.xml.internal.security.Init")
-            //     .getResourceAsStream(cfile != null ? cfile : "resource/config.xml");
+            // InputStream is = Class.forName("com.sun.org.apache.xml.internal.security.Init").getResourceAsStream("resource/config.xml");
             InputStream is = (InputStream) AccessController.doPrivileged(
                 new PrivilegedAction() {
                     public Object run() {
+//                        String cfile = System.getProperty
+//                            ("com.sun.org.apache.xml.internal.security.resource.config");
                         return getClass().getResourceAsStream
+//                            (cfile != null ? cfile : "resource/config.xml");
                             ("resource/config.xml");
                     }
                 });
@@ -202,11 +198,11 @@ public final class Init {
 
                         if (currMeth.getDeclaringClass().getName()
                                 .equals(JAVACLASS)) {
-                           log.log(java.util.logging.Level.FINE, currMeth.getDeclaringClass().toString());
+                           log.log(java.util.logging.Level.FINE, currMeth.getDe claringClass().toString());
                         }
                      }*/
-                      if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Canonicalizer.register(" + URI + ", "
+                      if (log.isLoggable(java.util.logging.Level.FINE))
+                        log.log(java.util.logging.Level.FINE, "Canonicalizer.register(" + URI + ", "
                             + JAVACLASS + ")");
                      Canonicalizer.register(URI, JAVACLASS);
                   } catch (ClassNotFoundException e) {
@@ -233,9 +229,8 @@ public final class Init {
                         "JAVACLASS");
                   try {
                      Class.forName(JAVACLASS);
-                     if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Transform.register(" + URI + ", " + JAVACLASS
-                            + ")");
+                     if (log.isLoggable(java.util.logging.Level.FINE))
+                        log.log(java.util.logging.Level.FINE, "Transform.register(" + URI + ", " + JAVACLASS + ")");
                      Transform.register(URI, JAVACLASS);
                   } catch (ClassNotFoundException e) {
                      Object exArgs[] = { URI, JAVACLASS };
@@ -284,12 +279,11 @@ public final class Init {
 //
 //                        if (currMeth.getDeclaringClass().getName()
 //                                .equals(JAVACLASS)) {
-//                           log.log(java.util.logging.Level.FINE, currMeth.getDeclaringClass().toString());
+//                           log.log(java.util.logging.Level.FINE, currMeth.getDe claringClass().toString());
 //                        }
 //                     }
-                      if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "SignatureAlgorithm.register(" + URI + ", "
-                            + JAVACLASS + ")");
+                      if (log.isLoggable(java.util.logging.Level.FINE))
+                        log.log(java.util.logging.Level.FINE, "SignatureAlgorithm.register(" + URI + ", " + JAVACLASS + ")");
                      SignatureAlgorithm.register(URI, JAVACLASS);
                   } catch (ClassNotFoundException e) {
                      Object exArgs[] = { URI, JAVACLASS };
@@ -320,13 +314,11 @@ public final class Init {
                         "DESCRIPTION");
 
                   if ((Description != null) && (Description.length() > 0)) {
-                    if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": "
-                               + Description);
+                    if (log.isLoggable(java.util.logging.Level.FINE))
+                        log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": " + Description);
                   } else {
-                    if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS
-                               + ": For unknown purposes");
+                    if (log.isLoggable(java.util.logging.Level.FINE))
+                        log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": For unknown purposes");
                   }
                                   try {
                                           ResourceResolver.register(JAVACLASS);
@@ -359,13 +351,11 @@ public final class Init {
                         "DESCRIPTION");
 
                   if ((Description != null) && (Description.length() > 0)) {
-                    if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": "
-                               + Description);
+                    if (log.isLoggable(java.util.logging.Level.FINE))
+                        log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": " + Description);
                   } else {
-                    if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS
-                               + ": For unknown purposes");
+                    if (log.isLoggable(java.util.logging.Level.FINE))
+                        log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": For unknown purposes");
                   }
 
                   KeyResolver.register(JAVACLASS);
@@ -376,8 +366,8 @@ public final class Init {
 
             if (tag.equals("PrefixMappings")){
                 XX_configure_reg_prefixes_start = System.currentTimeMillis();
-                if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Now I try to bind prefixes:");
+                if (log.isLoggable(java.util.logging.Level.FINE))
+                    log.log(java.util.logging.Level.FINE, "Now I try to bind prefixes:");
 
                Element[] nl = XMLUtils.selectNodes(el.getFirstChild(), CONF_NS,"PrefixMapping");
 
@@ -386,8 +376,8 @@ public final class Init {
                                         "namespace");
                   String prefix = nl[i].getAttributeNS(null,
                                      "prefix");
-                  if (true)
-                        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Now I try to bind " + prefix + " to " + namespace);
+                  if (log.isLoggable(java.util.logging.Level.FINE))
+                      log.log(java.util.logging.Level.FINE, "Now I try to bind " + prefix + " to " + namespace);
                   com.sun.org.apache.xml.internal.security.utils.ElementProxy
                      .setDefaultPrefix(namespace, prefix);
                }
@@ -398,19 +388,19 @@ public final class Init {
             long XX_init_end = System.currentTimeMillis();
 
             //J-
-            if (true) {
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "XX_init                             " + ((int)(XX_init_end - XX_init_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_prng                           " + ((int)(XX_prng_end - XX_prng_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_parsing                        " + ((int)(XX_parsing_end - XX_parsing_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_i18n                 " + ((int)(XX_configure_i18n_end- XX_configure_i18n_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_reg_c14n             " + ((int)(XX_configure_reg_c14n_end- XX_configure_reg_c14n_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_reg_jcemapper        " + ((int)(XX_configure_reg_jcemapper_end- XX_configure_reg_jcemapper_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_reg_keyInfo          " + ((int)(XX_configure_reg_keyInfo_end- XX_configure_reg_keyInfo_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_reg_keyResolver      " + ((int)(XX_configure_reg_keyResolver_end- XX_configure_reg_keyResolver_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_reg_prefixes         " + ((int)(XX_configure_reg_prefixes_end- XX_configure_reg_prefixes_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_reg_resourceresolver " + ((int)(XX_configure_reg_resourceresolver_end- XX_configure_reg_resourceresolver_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_reg_sigalgos         " + ((int)(XX_configure_reg_sigalgos_end- XX_configure_reg_sigalgos_start)) + " ms");
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "  XX_configure_reg_transforms       " + ((int)(XX_configure_reg_transforms_end- XX_configure_reg_transforms_start)) + " ms");
+            if (log.isLoggable(java.util.logging.Level.FINE)) {
+                log.log(java.util.logging.Level.FINE, "XX_init                             " + ((int)(XX_init_end - XX_init_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_prng                           " + ((int)(XX_prng_end - XX_prng_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_parsing                        " + ((int)(XX_parsing_end - XX_parsing_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_i18n                 " + ((int)(XX_configure_i18n_end- XX_configure_i18n_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_reg_c14n             " + ((int)(XX_configure_reg_c14n_end- XX_configure_reg_c14n_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_reg_jcemapper        " + ((int)(XX_configure_reg_jcemapper_end- XX_configure_reg_jcemapper_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_reg_keyInfo          " + ((int)(XX_configure_reg_keyInfo_end- XX_configure_reg_keyInfo_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_reg_keyResolver      " + ((int)(XX_configure_reg_keyResolver_end- XX_configure_reg_keyResolver_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_reg_prefixes         " + ((int)(XX_configure_reg_prefixes_end- XX_configure_reg_prefixes_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_reg_resourceresolver " + ((int)(XX_configure_reg_resourceresolver_end- XX_configure_reg_resourceresolver_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_reg_sigalgos         " + ((int)(XX_configure_reg_sigalgos_end- XX_configure_reg_sigalgos_start)) + " ms");
+                log.log(java.util.logging.Level.FINE, "  XX_configure_reg_transforms       " + ((int)(XX_configure_reg_transforms_end- XX_configure_reg_transforms_start)) + " ms");
             }
          } catch (Exception e) {
             log.log(java.util.logging.Level.SEVERE, "Bad: ", e);

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java

@@ -24,7 +24,7 @@ package com.sun.org.apache.xml.internal.security.algorithms;
 
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
-import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
+import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
@@ -33,11 +33,7 @@ import org.w3c.dom.Element;
  * The Algorithm class which stores the Algorithm URI as a string.
  *
  */
-public abstract class Algorithm extends ElementProxy {
-
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Algorithm.class.getName());
+public abstract class Algorithm extends SignatureElementProxy {
 
    /**
     *
@@ -79,7 +75,7 @@ public abstract class Algorithm extends ElementProxy {
     */
    protected void setAlgorithmURI(String algorithmURI) {
 
-      if ((this._state == MODE_CREATE) && (algorithmURI != null)) {
+      if ( (algorithmURI != null)) {
          this._constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM,
                                                 algorithmURI);
       }

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java

@@ -35,7 +35,7 @@ import org.w3c.dom.Element;
 /**
  * This class maps algorithm identifier URIs to JAVA JCE class names.
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class JCEMapper {
 
@@ -45,9 +45,9 @@ public class JCEMapper {
 
 
 
-   private static Map uriToJCEName = new HashMap();
+   private static Map uriToJCEName;
 
-   private static Map algorithmsMap = new HashMap();
+   private static Map algorithmsMap;
 
    private static String providerName = null;
    /**
@@ -63,6 +63,8 @@ public class JCEMapper {
 
    static void loadAlgorithms( Element algorithmsEl) {
        Element[] algorithms = XMLUtils.selectNodes(algorithmsEl.getFirstChild(),Init.CONF_NS,"Algorithm");
+       uriToJCEName = new HashMap( algorithms.length * 2);
+       algorithmsMap = new HashMap( algorithms.length * 2);
        for (int i = 0 ;i < algorithms.length ;i ++) {
            Element el = algorithms[i];
            String id = el.getAttribute("URI");
@@ -70,6 +72,7 @@ public class JCEMapper {
            uriToJCEName.put(id, jceName);
            algorithmsMap.put(id, new Algorithm(el));
        }
+
    }
 
    static Algorithm getAlgorithmMapping(String algoURI) {
@@ -84,8 +87,8 @@ public class JCEMapper {
     *
     */
    public static String translateURItoJCEID(String AlgorithmURI) {
-      if (true)
-          if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
+      if (log.isLoggable(java.util.logging.Level.FINE))
+          log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
 
       String jceName = (String) uriToJCEName.get(AlgorithmURI);
       return jceName;
@@ -100,8 +103,8 @@ public class JCEMapper {
     *
     */
    public static String getAlgorithmClassFromURI(String AlgorithmURI) {
-       if (true)
-           if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
+       if (log.isLoggable(java.util.logging.Level.FINE))
+           log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
 
        return ((Algorithm) algorithmsMap.get(AlgorithmURI)).algorithmClass;
    }

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java

@@ -20,10 +20,10 @@
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
-
-
 import java.security.MessageDigest;
 import java.security.NoSuchProviderException;
+import java.util.HashMap;
+import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
@@ -41,11 +41,6 @@ import org.w3c.dom.Document;
  */
 public class MessageDigestAlgorithm extends Algorithm {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(
-                    MessageDigestAlgorithm.class.getName());
-
     /** Message Digest - NOT RECOMMENDED MD5*/
    public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 = Constants.MoreAlgorithmsSpecNS + "md5";
    /** Digest - Required SHA1*/
@@ -76,6 +71,12 @@ public class MessageDigestAlgorithm extends Algorithm {
       this.algorithm = messageDigest;
    }
 
+   static ThreadLocal instances=new ThreadLocal() {
+           protected Object initialValue() {
+                   return new HashMap();
+           };
+   };
+
    /**
     * Factory method for constructing a message digest algorithm by name.
     *
@@ -86,7 +87,14 @@ public class MessageDigestAlgorithm extends Algorithm {
     */
    public static MessageDigestAlgorithm getInstance(
            Document doc, String algorithmURI) throws XMLSignatureException {
+          MessageDigest md = getDigestInstance(algorithmURI);
+      return new MessageDigestAlgorithm(doc, md, algorithmURI);
+   }
 
+private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
+        MessageDigest result=(MessageDigest) ((Map)instances.get()).get(algorithmURI);
+        if (result!=null)
+                return result;
     String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
 
           if (algorithmID == null) {
@@ -113,8 +121,9 @@ public class MessageDigestAlgorithm extends Algorithm {
 
         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         }
-      return new MessageDigestAlgorithm(doc, md, algorithmURI);
-   }
+      ((Map)instances.get()).put(algorithmURI, md);
+        return md;
+}
 
    /**
     * Returns the actual {@link java.security.MessageDigest} algorithm object

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java

@@ -25,6 +25,7 @@ import java.security.Key;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 import java.util.HashMap;
+import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.algorithms.implementations.IntegrityHmac;
 import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
@@ -52,9 +53,35 @@ public class SignatureAlgorithm extends Algorithm {
    /** All available algorithm classes are registered here */
    static HashMap _algorithmHash = null;
 
+   static ThreadLocal instancesSigning=new ThreadLocal() {
+           protected Object initialValue() {
+                   return new HashMap();
+           };
+   };
+
+   static ThreadLocal instancesVerify=new ThreadLocal() {
+           protected Object initialValue() {
+                   return new HashMap();
+           };
+   };
+
+   static ThreadLocal keysSigning=new ThreadLocal() {
+           protected Object initialValue() {
+                   return new HashMap();
+           };
+   };
+   static ThreadLocal keysVerify=new ThreadLocal() {
+           protected Object initialValue() {
+                   return new HashMap();
+           };
+   };
+//   boolean isForSigning=false;
+
    /** Field _signatureAlgorithm */
    protected SignatureAlgorithmSpi _signatureAlgorithm = null;
 
+   private String algorithmURI;
+
    /**
     * Constructor SignatureAlgorithm
     *
@@ -64,18 +91,49 @@ public class SignatureAlgorithm extends Algorithm {
     */
    public SignatureAlgorithm(Document doc, String algorithmURI)
            throws XMLSecurityException {
-
       super(doc, algorithmURI);
+      this.algorithmURI = algorithmURI;
+   }
+
+
+   private void initializeAlgorithm(boolean isForSigning) throws XMLSignatureException {
+           if (_signatureAlgorithm!=null) {
+                   return;
+           }
+           _signatureAlgorithm=isForSigning ? getInstanceForSigning(algorithmURI) : getInstanceForVerify(algorithmURI);
+                this._signatureAlgorithm
+                      .engineGetContextFromElement(this._constructionElement);
+   }
+   private static SignatureAlgorithmSpi getInstanceForSigning(String algorithmURI) throws XMLSignatureException {
+           SignatureAlgorithmSpi result=(SignatureAlgorithmSpi) ((Map)instancesSigning.get()).get(algorithmURI);
+           if (result!=null) {
+                   result.reset();
+                   return result;
+           }
+           result=buildSigner(algorithmURI, result);
+           ((Map)instancesSigning.get()).put(algorithmURI,result);
+           return result;
+   }
+   private static SignatureAlgorithmSpi getInstanceForVerify(String algorithmURI) throws XMLSignatureException {
+           SignatureAlgorithmSpi result=(SignatureAlgorithmSpi) ((Map)instancesVerify.get()).get(algorithmURI);
+           if (result!=null) {
+                   result.reset();
+                   return result;
+           }
+           result=buildSigner(algorithmURI, result);
+           ((Map)instancesVerify.get()).put(algorithmURI,result);
+           return result;
+   }
 
+   private static SignatureAlgorithmSpi buildSigner(String algorithmURI, SignatureAlgorithmSpi result) throws XMLSignatureException {
         try {
          Class implementingClass =
             SignatureAlgorithm.getImplementingClass(algorithmURI);
-         if (true)
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
+         if (log.isLoggable(java.util.logging.Level.FINE))
+                log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
                    + implementingClass + "\"");
-
-         this._signatureAlgorithm =
-            (SignatureAlgorithmSpi) implementingClass.newInstance();
+         result=(SignatureAlgorithmSpi) implementingClass.newInstance();
+         return   result;
       }  catch (IllegalAccessException ex) {
          Object exArgs[] = { algorithmURI, ex.getMessage() };
 
@@ -92,7 +150,7 @@ public class SignatureAlgorithm extends Algorithm {
          throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs,
                                          ex);
       }
-   }
+}
 
    /**
     * Constructor SignatureAlgorithm
@@ -107,7 +165,8 @@ public class SignatureAlgorithm extends Algorithm {
               throws XMLSecurityException {
 
       this(doc, algorithmURI);
-
+      this.algorithmURI=algorithmURI;
+      initializeAlgorithm(true);
       this._signatureAlgorithm.engineSetHMACOutputLength(HMACOutputLength);
       ((IntegrityHmac)this._signatureAlgorithm)
          .engineAddContextToElement(this._constructionElement);
@@ -124,37 +183,7 @@ public class SignatureAlgorithm extends Algorithm {
            throws XMLSecurityException {
 
       super(element, BaseURI);
-
-      String algorithmURI = this.getURI();
-
-      try {
-         Class implementingClass =
-            SignatureAlgorithm.getImplementingClass(algorithmURI);
-         if (true)
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
-                   + implementingClass + "\"");
-
-         this._signatureAlgorithm =
-            (SignatureAlgorithmSpi) implementingClass.newInstance();
-
-         this._signatureAlgorithm
-            .engineGetContextFromElement(this._constructionElement);
-      }  catch (IllegalAccessException ex) {
-         Object exArgs[] = { algorithmURI, ex.getMessage() };
-
-         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs,
-                                         ex);
-      } catch (InstantiationException ex) {
-         Object exArgs[] = { algorithmURI, ex.getMessage() };
-
-         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs,
-                                         ex);
-      } catch (NullPointerException ex) {
-         Object exArgs[] = { algorithmURI, ex.getMessage() };
-
-         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs,
-                                         ex);
-      }
+      algorithmURI = this.getURI();
    }
 
    /**
@@ -175,7 +204,12 @@ public class SignatureAlgorithm extends Algorithm {
     * @return the result of the {@link java.security.Signature#getAlgorithm} method
     */
    public String getJCEAlgorithmString() {
-      return this._signatureAlgorithm.engineGetJCEAlgorithmString();
+      try {
+                return getInstanceForVerify(algorithmURI).engineGetJCEAlgorithmString();
+        } catch (XMLSignatureException e) {
+                //Ignore.
+                return null;
+        }
    }
 
    /**
@@ -184,7 +218,11 @@ public class SignatureAlgorithm extends Algorithm {
     * @return The Provider of this Signature Alogrithm
     */
    public String getJCEProviderName() {
-      return this._signatureAlgorithm.engineGetJCEProviderName();
+      try {
+                return getInstanceForVerify(algorithmURI).engineGetJCEProviderName();
+        } catch (XMLSignatureException e) {
+                return null;
+        }
    }
 
    /**
@@ -231,6 +269,12 @@ public class SignatureAlgorithm extends Algorithm {
     * @throws XMLSignatureException
     */
    public void initSign(Key signingKey) throws XMLSignatureException {
+           initializeAlgorithm(true);
+           Map map=(Map)keysSigning.get();
+       if (map.get(this.algorithmURI)==signingKey) {
+           return;
+       }
+       map.put(this.algorithmURI,signingKey);
            this._signatureAlgorithm.engineInitSign(signingKey);
    }
 
@@ -244,6 +288,7 @@ public class SignatureAlgorithm extends Algorithm {
     */
    public void initSign(Key signingKey, SecureRandom secureRandom)
            throws XMLSignatureException {
+           initializeAlgorithm(true);
       this._signatureAlgorithm.engineInitSign(signingKey, secureRandom);
    }
 
@@ -258,6 +303,7 @@ public class SignatureAlgorithm extends Algorithm {
    public void initSign(
            Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
               throws XMLSignatureException {
+           initializeAlgorithm(true);
       this._signatureAlgorithm.engineInitSign(signingKey,
                                               algorithmParameterSpec);
    }
@@ -282,6 +328,12 @@ public class SignatureAlgorithm extends Algorithm {
     * @throws XMLSignatureException
     */
    public void initVerify(Key verificationKey) throws XMLSignatureException {
+           initializeAlgorithm(false);
+           Map map=(Map)keysVerify.get();
+           if (map.get(this.algorithmURI)==verificationKey) {
+           return;
+       }
+           map.put(this.algorithmURI,verificationKey);
            this._signatureAlgorithm.engineInitVerify(verificationKey);
    }
 
@@ -320,7 +372,7 @@ public class SignatureAlgorithm extends Algorithm {
                .getLogger(SignatureAlgorithm.class.getName());
       }
 
-      if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Init() called");
+      log.log(java.util.logging.Level.FINE, "Init() called");
 
       if (!SignatureAlgorithm._alreadyInitialized) {
          SignatureAlgorithm._algorithmHash = new HashMap(10);
@@ -340,8 +392,8 @@ public class SignatureAlgorithm extends Algorithm {
            throws AlgorithmAlreadyRegisteredException,XMLSignatureException {
 
       {
-         if (true)
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
+         if (log.isLoggable(java.util.logging.Level.FINE))
+                log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
 
          // are we already registered?
          Class registeredClassClass =

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java

@@ -20,27 +20,20 @@
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
-
-
 import java.security.Key;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public abstract class SignatureAlgorithmSpi {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureAlgorithmSpi.class.getName());
-
    /**
     * Returns the URI representation of <code>Transformation algorithm</code>
     *
@@ -167,20 +160,6 @@ public abstract class SignatureAlgorithmSpi {
    protected abstract void engineSetParameter(AlgorithmParameterSpec params)
       throws XMLSignatureException;
 
-   /** Field _doc */
-   Document _doc = null;
-
-   /**
-    * Method engineSetDocument
-    *
-    * @param doc
-    */
-   protected void engineSetDocument(Document doc) {
-      this._doc = doc;
-   }
-
-   /** Field _constructionElement */
-   Element _constructionElement = null;
 
    /**
     * Method engineGetContextFromElement
@@ -188,7 +167,6 @@ public abstract class SignatureAlgorithmSpi {
     * @param element
     */
    protected void engineGetContextFromElement(Element element) {
-      this._constructionElement = element;
    }
 
    /**
@@ -199,4 +177,7 @@ public abstract class SignatureAlgorithmSpi {
     */
    protected abstract void engineSetHMACOutputLength(int HMACOutputLength)
       throws XMLSignatureException;
+
+    public void reset() {
+        }
 }

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java

@@ -45,7 +45,7 @@ import org.w3c.dom.Text;
 
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
@@ -74,8 +74,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    public IntegrityHmac() throws XMLSignatureException {
 
       String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-      if (true)
-        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
+      if (log.isLoggable(java.util.logging.Level.FINE))
+        log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
 
       try {
          this._macAlgorithm = Mac.getInstance(algorithmID);
@@ -99,6 +99,10 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
       throw new XMLSignatureException("empty");
    }
 
+   public void reset() {
+           _HMACOutputLength=0;
+   }
+
    /**
     * Proxy method for {@link java.security.Signature#verify(byte[])}
     * which is executed on the internal {@link java.security.Signature} object.
@@ -145,6 +149,19 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
       try {
          this._macAlgorithm.init(secretKey);
       } catch (InvalidKeyException ex) {
+            // reinstantiate Mac object to work around bug in JDK
+            // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+            Mac mac = this._macAlgorithm;
+            try {
+                this._macAlgorithm = Mac.getInstance
+                    (_macAlgorithm.getAlgorithm());
+            } catch (Exception e) {
+                // this shouldn't occur, but if it does, restore previous Mac
+                if (log.isLoggable(java.util.logging.Level.FINE)) {
+                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Mac:" + e);
+                }
+                this._macAlgorithm = mac;
+            }
             throw new XMLSignatureException("empty", ex);
       }
    }
@@ -323,7 +340,7 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
     */
    protected String engineGetJCEAlgorithmString() {
 
-      if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
+      log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
 
       return this._macAlgorithm.getAlgorithm();
    }
@@ -397,7 +414,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    /**
     * Class IntegrityHmacSHA1
     *
-    * @author $Author: raul $
+    * @author $Author: mullan $
+    * @version $Revision: 1.5 $
     */
    public static class IntegrityHmacSHA1 extends IntegrityHmac {
 
@@ -423,7 +441,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    /**
     * Class IntegrityHmacSHA256
     *
-    * @author $Author: raul $
+    * @author $Author: mullan $
+    * @version $Revision: 1.5 $
     */
    public static class IntegrityHmacSHA256 extends IntegrityHmac {
 
@@ -449,7 +468,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    /**
     * Class IntegrityHmacSHA384
     *
-    * @author $Author: raul $
+    * @author $Author: mullan $
+    * @version $Revision: 1.5 $
     */
    public static class IntegrityHmacSHA384 extends IntegrityHmac {
 
@@ -475,7 +495,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    /**
     * Class IntegrityHmacSHA512
     *
-    * @author $Author: raul $
+    * @author $Author: mullan $
+    * @version $Revision: 1.5 $
     */
    public static class IntegrityHmacSHA512 extends IntegrityHmac {
 
@@ -501,7 +522,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    /**
     * Class IntegrityHmacRIPEMD160
     *
-    * @author $Author: raul $
+    * @author $Author: mullan $
+    * @version $Revision: 1.5 $
     */
    public static class IntegrityHmacRIPEMD160 extends IntegrityHmac {
 
@@ -527,7 +549,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    /**
     * Class IntegrityHmacMD5
     *
-    * @author $Author: raul $
+    * @author $Author: mullan $
+    * @version $Revision: 1.5 $
     */
    public static class IntegrityHmacMD5 extends IntegrityHmac {
 

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java

@@ -3,7 +3,7 @@
  * DO NOT REMOVE OR ALTER!
  */
 /*
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Copyright  1999-2007 The Apache Software Foundation.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -20,8 +20,6 @@
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
-
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
@@ -38,16 +36,16 @@ import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** {@link java.util.logging} logging facility */
     static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureBaseRSA.class.getName());
+        java.util.logging.Logger.getLogger
+        (SignatureBaseRSA.class.getName());
 
     /** @inheritDoc */
     public abstract String engineGetURI();
@@ -64,8 +62,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-      if (true)
-        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
+        if (log.isLoggable(java.util.logging.Level.FINE))
+            log.log(java.util.logging.Level.FINE, "Created SignatureRSA using " + algorithmID);
         String provider=JCEMapper.getProviderId();
         try {
             if (provider==null) {
@@ -74,13 +72,11 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
                 this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
-                             ex.getLocalizedMessage() };
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
 
             throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         } catch (NoSuchProviderException ex) {
-         Object[] exArgs = { algorithmID,
-                                                 ex.getLocalizedMessage() };
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
 
             throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         }
@@ -116,20 +112,33 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
+            throw new XMLSignatureException
+                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
             this._signatureAlgorithm.initVerify((PublicKey) publicKey);
         } catch (InvalidKeyException ex) {
+            // reinstantiate Signature object to work around bug in JDK
+            // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+            Signature sig = this._signatureAlgorithm;
+            try {
+                this._signatureAlgorithm = Signature.getInstance
+                    (_signatureAlgorithm.getAlgorithm());
+            } catch (Exception e) {
+                // this shouldn't occur, but if it does, restore previous
+                // Signature
+                if (log.isLoggable(java.util.logging.Level.FINE)) {
+                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+                }
+                this._signatureAlgorithm = sig;
+            }
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
     protected byte[] engineSign() throws XMLSignatureException {
-
         try {
             return this._signatureAlgorithm.sign();
         } catch (SignatureException ex) {
@@ -146,13 +155,13 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
+            throw new XMLSignatureException
+                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-         this._signatureAlgorithm.initSign((PrivateKey) privateKey,
-                                           secureRandom);
+            this._signatureAlgorithm.initSign
+                ((PrivateKey) privateKey, secureRandom);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -166,8 +175,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
+            throw new XMLSignatureException
+                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
@@ -179,7 +188,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
-
         try {
             this._signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
@@ -189,7 +197,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineUpdate(byte input) throws XMLSignatureException {
-
         try {
             this._signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
@@ -200,7 +207,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineUpdate(byte buf[], int offset, int len)
         throws XMLSignatureException {
-
         try {
             this._signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
@@ -221,7 +227,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
         throws XMLSignatureException {
-      throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
+        throw new XMLSignatureException
+            ("algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
     /** @inheritDoc */
@@ -235,7 +242,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /**
      * Class SignatureRSASHA1
      *
-    * @author $Author: raul $
+     * @author $Author: mullan $
+     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA1 extends SignatureBaseRSA {
 
@@ -257,7 +265,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /**
      * Class SignatureRSASHA256
      *
-    * @author $Author: raul $
+     * @author $Author: mullan $
+     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA256 extends SignatureBaseRSA {
 
@@ -279,7 +288,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /**
      * Class SignatureRSASHA384
      *
-    * @author $Author: raul $
+     * @author $Author: mullan $
+     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA384 extends SignatureBaseRSA {
 
@@ -301,7 +311,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /**
      * Class SignatureRSASHA512
      *
-    * @author $Author: raul $
+     * @author $Author: mullan $
+     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA512 extends SignatureBaseRSA {
 
@@ -323,7 +334,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /**
      * Class SignatureRSARIPEMD160
      *
-    * @author $Author: raul $
+     * @author $Author: mullan $
+     * @version $Revision: 1.5 $
      */
     public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
 
@@ -345,7 +357,8 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /**
      * Class SignatureRSAMD5
      *
-    * @author $Author: raul $
+     * @author $Author: mullan $
+     * @version $Revision: 1.5 $
      */
     public static class SignatureRSAMD5 extends SignatureBaseRSA {
 

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java

@@ -20,8 +20,6 @@
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
-
-
 import java.io.IOException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -39,10 +37,9 @@ import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 
-
 /**
  *
- * @author $Author: vishal $
+ * @author $Author: mullan $
  */
 public class SignatureDSA extends SignatureAlgorithmSpi {
 
@@ -73,15 +70,22 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
     public SignatureDSA() throws XMLSignatureException {
 
         String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA._URI);
-      if (true)
-        if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
+        if (log.isLoggable(java.util.logging.Level.FINE))
+            log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
 
+        String provider = JCEMapper.getProviderId();
         try {
+            if (provider == null) {
                 this._signatureAlgorithm = Signature.getInstance(algorithmID);
+            } else {
+                this._signatureAlgorithm =
+                    Signature.getInstance(algorithmID, provider);
+            }
         } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
-                             ex.getLocalizedMessage() };
-
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        } catch (java.security.NoSuchProviderException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
             throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         }
     }
@@ -106,8 +110,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
            throws XMLSignatureException {
 
         try {
-         if (true)
-                if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
+            if (log.isLoggable(java.util.logging.Level.FINE))
+                log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
 
             byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
 
@@ -129,13 +133,27 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
+            throw new XMLSignatureException
+                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
             this._signatureAlgorithm.initVerify((PublicKey) publicKey);
         } catch (InvalidKeyException ex) {
+            // reinstantiate Signature object to work around bug in JDK
+            // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+            Signature sig = this._signatureAlgorithm;
+            try {
+                this._signatureAlgorithm = Signature.getInstance
+                    (_signatureAlgorithm.getAlgorithm());
+            } catch (Exception e) {
+                // this shouldn't occur, but if it does, restore previous
+                // Signature
+                if (log.isLoggable(java.util.logging.Level.FINE)) {
+                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+                }
+                this._signatureAlgorithm = sig;
+            }
             throw new XMLSignatureException("empty", ex);
         }
     }
@@ -167,8 +185,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
+            throw new XMLSignatureException
+                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
@@ -189,8 +207,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
+            throw new XMLSignatureException
+                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
@@ -204,7 +222,6 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
-
         try {
             this._signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
@@ -216,7 +233,6 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected void engineUpdate(byte input) throws XMLSignatureException {
-
         try {
             this._signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
@@ -229,7 +245,6 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineUpdate(byte buf[], int offset, int len)
         throws XMLSignatureException {
-
         try {
             this._signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
@@ -255,7 +270,6 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
         return this._signatureAlgorithm.getProvider().getName();
     }
 
-
     /**
      * Converts an ASN.1 DSA value to a XML Signature DSA Value.
      *
@@ -361,7 +375,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
             throws XMLSignatureException {
-      throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
+        throw new XMLSignatureException(
+            "algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
     /**

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java

+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/*
+ * Copyright  1999-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+package com.sun.org.apache.xml.internal.security.algorithms.implementations;
+
+
+
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.AlgorithmParameterSpec;
+
+import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
+import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
+import com.sun.org.apache.xml.internal.security.utils.Base64;
+
+
+/**
+ *
+ * @author $Author: mullan $
+ */
+public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
+
+   /** {@link java.util.logging} logging facility */
+    static java.util.logging.Logger log =
+        java.util.logging.Logger.getLogger(SignatureECDSA.class.getName());
+
+    /** @inheritDoc */
+   public abstract String engineGetURI();
+
+   /** Field algorithm */
+   private java.security.Signature _signatureAlgorithm = null;
+
+   /**
+    * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
+    *
+    * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+    * pairs; the XML Signature requires the core BigInteger values.
+    *
+    * @param asn1Bytes
+    * @return the decode bytes
+    *
+    * @throws IOException
+    * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
+    * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
+    */
+   private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+           throws IOException {
+
+      byte rLength = asn1Bytes[3];
+      int i;
+
+      for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
+
+      byte sLength = asn1Bytes[5 + rLength];
+      int j;
+
+      for (j = sLength;
+              (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
+
+      if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
+              || (asn1Bytes[2] != 2) || (i > 24)
+              || (asn1Bytes[4 + rLength] != 2) || (j > 24)) {
+         throw new IOException("Invalid ASN.1 format of ECDSA signature");
+      }
+      byte xmldsigBytes[] = new byte[48];
+
+      System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 24 - i,
+                          i);
+      System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
+                          48 - j, j);
+
+       return xmldsigBytes;
+   }
+
+   /**
+    * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
+    *
+    * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+    * pairs; the XML Signature requires the core BigInteger values.
+    *
+    * @param xmldsigBytes
+    * @return the encoded ASN.1 bytes
+    *
+    * @throws IOException
+    * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
+    * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
+    */
+   private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+           throws IOException {
+
+      if (xmldsigBytes.length != 48) {
+         throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+      }
+
+      int i;
+
+      for (i = 24; (i > 0) && (xmldsigBytes[24 - i] == 0); i--);
+
+      int j = i;
+
+      if (xmldsigBytes[24 - i] < 0) {
+         j += 1;
+      }
+
+      int k;
+
+      for (k = 24; (k > 0) && (xmldsigBytes[48 - k] == 0); k--);
+
+      int l = k;
+
+      if (xmldsigBytes[48 - k] < 0) {
+         l += 1;
+      }
+
+      byte asn1Bytes[] = new byte[6 + j + l];
+
+      asn1Bytes[0] = 48;
+      asn1Bytes[1] = (byte) (4 + j + l);
+      asn1Bytes[2] = 2;
+      asn1Bytes[3] = (byte) j;
+
+      System.arraycopy(xmldsigBytes, 24 - i, asn1Bytes, (4 + j) - i, i);
+
+      asn1Bytes[4 + j] = 2;
+      asn1Bytes[5 + j] = (byte) l;
+
+      System.arraycopy(xmldsigBytes, 48 - k, asn1Bytes, (6 + j + l) - k, k);
+
+      return asn1Bytes;
+   }
+
+   /**
+    * Constructor SignatureRSA
+    *
+    * @throws XMLSignatureException
+    */
+   public SignatureECDSA() throws XMLSignatureException {
+
+      String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
+
+      if (log.isLoggable(java.util.logging.Level.FINE))
+        log.log(java.util.logging.Level.FINE, "Created SignatureECDSA using " + algorithmID);
+      String provider=JCEMapper.getProviderId();
+      try {
+         if (provider==null) {
+                this._signatureAlgorithm = Signature.getInstance(algorithmID);
+         } else {
+                this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+         }
+      } catch (java.security.NoSuchAlgorithmException ex) {
+         Object[] exArgs = { algorithmID,
+                             ex.getLocalizedMessage() };
+
+         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+      } catch (NoSuchProviderException ex) {
+         Object[] exArgs = { algorithmID,
+                                                 ex.getLocalizedMessage() };
+
+         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        }
+   }
+
+   /** @inheritDoc */
+   protected void engineSetParameter(AlgorithmParameterSpec params)
+           throws XMLSignatureException {
+
+      try {
+         this._signatureAlgorithm.setParameter(params);
+      } catch (InvalidAlgorithmParameterException ex) {
+         throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected boolean engineVerify(byte[] signature)
+           throws XMLSignatureException {
+
+      try {
+         byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
+
+         if (log.isLoggable(java.util.logging.Level.FINE))
+            log.log(java.util.logging.Level.FINE, "Called ECDSA.verify() on " + Base64.encode(signature));
+
+         return this._signatureAlgorithm.verify(jcebytes);
+      } catch (SignatureException ex) {
+         throw new XMLSignatureException("empty", ex);
+      } catch (IOException ex) {
+         throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+
+      if (!(publicKey instanceof PublicKey)) {
+         String supplied = publicKey.getClass().getName();
+         String needed = PublicKey.class.getName();
+         Object exArgs[] = { supplied, needed };
+
+         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+                                         exArgs);
+      }
+
+      try {
+         this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+      } catch (InvalidKeyException ex) {
+            // reinstantiate Signature object to work around bug in JDK
+            // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+            Signature sig = this._signatureAlgorithm;
+            try {
+                this._signatureAlgorithm = Signature.getInstance
+                    (_signatureAlgorithm.getAlgorithm());
+            } catch (Exception e) {
+                // this shouldn't occur, but if it does, restore previous
+                // Signature
+                if (log.isLoggable(java.util.logging.Level.FINE)) {
+                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+                }
+                this._signatureAlgorithm = sig;
+            }
+            throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected byte[] engineSign() throws XMLSignatureException {
+
+      try {
+         byte jcebytes[] = this._signatureAlgorithm.sign();
+
+         return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
+      } catch (SignatureException ex) {
+         throw new XMLSignatureException("empty", ex);
+      } catch (IOException ex) {
+          throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+           throws XMLSignatureException {
+
+      if (!(privateKey instanceof PrivateKey)) {
+         String supplied = privateKey.getClass().getName();
+         String needed = PrivateKey.class.getName();
+         Object exArgs[] = { supplied, needed };
+
+         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+                                         exArgs);
+      }
+
+      try {
+         this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+                                           secureRandom);
+      } catch (InvalidKeyException ex) {
+         throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+
+      if (!(privateKey instanceof PrivateKey)) {
+         String supplied = privateKey.getClass().getName();
+         String needed = PrivateKey.class.getName();
+         Object exArgs[] = { supplied, needed };
+
+         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+                                         exArgs);
+      }
+
+      try {
+         this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+      } catch (InvalidKeyException ex) {
+         throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected void engineUpdate(byte[] input) throws XMLSignatureException {
+
+      try {
+         this._signatureAlgorithm.update(input);
+      } catch (SignatureException ex) {
+         throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected void engineUpdate(byte input) throws XMLSignatureException {
+
+      try {
+         this._signatureAlgorithm.update(input);
+      } catch (SignatureException ex) {
+         throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected void engineUpdate(byte buf[], int offset, int len)
+           throws XMLSignatureException {
+
+      try {
+         this._signatureAlgorithm.update(buf, offset, len);
+      } catch (SignatureException ex) {
+         throw new XMLSignatureException("empty", ex);
+      }
+   }
+
+   /** @inheritDoc */
+   protected String engineGetJCEAlgorithmString() {
+      return this._signatureAlgorithm.getAlgorithm();
+   }
+
+   /** @inheritDoc */
+   protected String engineGetJCEProviderName() {
+      return this._signatureAlgorithm.getProvider().getName();
+   }
+
+   /** @inheritDoc */
+   protected void engineSetHMACOutputLength(int HMACOutputLength)
+           throws XMLSignatureException {
+      throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
+   }
+
+   /** @inheritDoc */
+   protected void engineInitSign(
+           Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+              throws XMLSignatureException {
+      throw new XMLSignatureException(
+         "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
+   }
+
+   /**
+    * Class SignatureRSASHA1
+    *
+    * @author $Author: mullan $
+    * @version $Revision: 1.2 $
+    */
+   public static class SignatureECDSASHA1 extends SignatureECDSA {
+
+      /**
+       * Constructor SignatureRSASHA1
+       *
+       * @throws XMLSignatureException
+       */
+      public SignatureECDSASHA1() throws XMLSignatureException {
+         super();
+      }
+
+      /** @inheritDoc */
+      public String engineGetURI() {
+         return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
+      }
+   }
+
+}

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java

@@ -3,7 +3,7 @@
  * DO NOT REMOVE OR ALTER!
  */
 /*
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Copyright  1999-2008 The Apache Software Foundation.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -20,8 +20,6 @@
  */
 package com.sun.org.apache.xml.internal.security.c14n;
 
-
-
 import java.io.ByteArrayInputStream;
 import java.io.OutputStream;
 import java.util.HashMap;
@@ -37,47 +35,57 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.InputSource;
 
-
 /**
- *
  *
  * @author Christian Geuer-Pollmann
  */
 public class Canonicalizer {
 
-   //J-
     /** The output encoding of canonicalized data */
     public static final String ENCODING = "UTF8";
 
-
     /**
-     * XPath Expresion for selecting every node and continuos comments joined in only one node
+     * XPath Expresion for selecting every node and continuous comments joined
+     * in only one node
      */
-    public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE = "(.//. | .//@* | .//namespace::*)";
-
+    public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE =
+        "(.//. | .//@* | .//namespace::*)";
 
     /**
      * The URL defined in XML-SEC Rec for inclusive c14n <b>without</b> comments.
      */
-   public static final String ALGO_ID_C14N_OMIT_COMMENTS = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+    public static final String ALGO_ID_C14N_OMIT_COMMENTS =
+        "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
     /**
      * The URL defined in XML-SEC Rec for inclusive c14n <b>with</b> comments.
      */
-   public static final String ALGO_ID_C14N_WITH_COMMENTS = ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
+    public static final String ALGO_ID_C14N_WITH_COMMENTS =
+        ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
     /**
      * The URL defined in XML-SEC Rec for exclusive c14n <b>without</b> comments.
      */
-   public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS = "http://www.w3.org/2001/10/xml-exc-c14n#";
+    public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS =
+        "http://www.w3.org/2001/10/xml-exc-c14n#";
     /**
      * The URL defined in XML-SEC Rec for exclusive c14n <b>with</b> comments.
      */
-   public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS = ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
+    public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS =
+        ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
+    /**
+     * The URI for inclusive c14n 1.1 <b>without</b> comments.
+     */
+    public static final String ALGO_ID_C14N11_OMIT_COMMENTS =
+        "http://www.w3.org/2006/12/xml-c14n11";
+    /**
+     * The URI for inclusive c14n 1.1 <b>with</b> comments.
+     */
+    public static final String ALGO_ID_C14N11_WITH_COMMENTS =
+        ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments";
 
     static boolean _alreadyInitialized = false;
     static Map _canonicalizerHash = null;
 
     protected CanonicalizerSpi canonicalizerSpi = null;
-   //J+
 
     /**
      * Method init
@@ -309,16 +317,15 @@ public class Canonicalizer {
      * @return the result of the c14n.
      * @throws CanonicalizationException
      */
-   public byte[] canonicalizeXPathNodeSet(
-           Set xpathNodeSet, String inclusiveNamespaces)
-              throws CanonicalizationException {
+    public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet,
+        String inclusiveNamespaces) throws CanonicalizationException {
         return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
             inclusiveNamespaces);
     }
 
     /**
-    * Sets the writter where the cannocalization ends. ByteArrayOutputStream if
-    * none is setted.
+     * Sets the writer where the canonicalization ends.  ByteArrayOutputStream
+     * if none is set.
      * @param os
      */
     public void setWriter(OutputStream os) {
@@ -338,17 +345,16 @@ public class Canonicalizer {
      * Method getImplementingClass
      *
      * @param URI
-    * @return the name of the class that implements the give URI
+     * @return the name of the class that implements the given URI
      */
     private static Class getImplementingClass(String URI) {
         return (Class) _canonicalizerHash.get(URI);
     }
 
     /**
-    * Set the canonicalizator behaviour to not reset.
-    *
+     * Set the canonicalizer behaviour to not reset.
      */
     public void notReset() {
-            this.canonicalizerSpi.reset=false;
+        this.canonicalizerSpi.reset = false;
     }
 }

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -21,17 +20,17 @@
  */
 package com.sun.org.apache.xml.internal.security.c14n.helper;
 
-
-
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import org.w3c.dom.Attr;
-
+import java.io.Serializable;
+import java.util.Comparator;
 
 /**
  * Compares two attributes based on the C14n specification.
  *
  * <UL>
- * <LI>Namespace nodes have a lesser document order position than attribute nodes.
+ * <LI>Namespace nodes have a lesser document order position than attribute
+ *   nodes.
  * <LI> An element's namespace nodes are sorted lexicographically by
  *   local name (the default namespace node, if one exists, has no
  *   local name and is therefore lexicographically least).
@@ -40,20 +39,21 @@ import org.w3c.dom.Attr;
  *   key (an empty namespace URI is lexicographically least).
  * </UL>
  *
- * $todo$ Should we implement java.util.Comparator and import java.util.Arrays to use Arrays.sort(intarray);
  * @author Christian Geuer-Pollmann
  */
-public class AttrCompare implements java.util.Comparator {
-
-   private final int ATTR0_BEFORE_ATTR1 = -1;
-   private final int ATTR1_BEFORE_ATTR0 = 1;
+public class AttrCompare implements Comparator, Serializable {
 
+    private final static long serialVersionUID = -7113259629930576230L;
+    private final static int ATTR0_BEFORE_ATTR1 = -1;
+    private final static int ATTR1_BEFORE_ATTR0 = 1;
     private final static String XMLNS=Constants.NamespaceSpecNS;
+
     /**
      * Compares two attributes based on the C14n specification.
      *
      * <UL>
-    * <LI>Namespace nodes have a lesser document order position than attribute nodes.
+     * <LI>Namespace nodes have a lesser document order position than
+     *   attribute nodes.
      * <LI> An element's namespace nodes are sorted lexicographically by
      *   local name (the default namespace node, if one exists, has no
      *   local name and is therefore lexicographically least).
@@ -64,7 +64,8 @@ public class AttrCompare implements java.util.Comparator {
      *
      * @param obj0 casted Attr
      * @param obj1 casted Attr
-    * @return returns a negative integer, zero, or a positive integer as obj0 is less than, equal to, or greater than obj1
+     * @return returns a negative integer, zero, or a positive integer as
+     *   obj0 is less than, equal to, or greater than obj1
      *
      */
     public int compare(Object obj0, Object obj1) {
@@ -74,14 +75,11 @@ public class AttrCompare implements java.util.Comparator {
         String namespaceURI0 = attr0.getNamespaceURI();
         String namespaceURI1 = attr1.getNamespaceURI();
 
-      boolean isNamespaceAttr0 =
-        XMLNS.equals(namespaceURI0);
-      boolean isNamespaceAttr1 =
-        XMLNS.equals(namespaceURI1);
+        boolean isNamespaceAttr0 = XMLNS==namespaceURI0;
+        boolean isNamespaceAttr1 = XMLNS==namespaceURI1;
 
         if (isNamespaceAttr0) {
             if (isNamespaceAttr1) {
-
                 // both are namespaces
                 String localname0 = attr0.getLocalName();
                 String localname1 = attr1.getLocalName();
@@ -98,46 +96,32 @@ public class AttrCompare implements java.util.Comparator {
             }
             // attr0 is a namespace, attr1 is not
             return ATTR0_BEFORE_ATTR1;
-
         }
-      if (isNamespaceAttr1) {
 
+        if (isNamespaceAttr1) {
             // attr1 is a namespace, attr0 is not
             return ATTR1_BEFORE_ATTR0;
         }
 
-      // none is a namespae
-
+        // none is a namespace
         if (namespaceURI0 == null) {
             if (namespaceURI1 == null) {
-                /*
-                 String localName0 = attr0.getLocalName();
-                 String localName1 = attr1.getLocalName();
-                 return localName0.compareTo(localName1);
-                 */
-
                 String name0 = attr0.getName();
                 String name1 = attr1.getName();
                 return name0.compareTo(name1);
             }
             return ATTR0_BEFORE_ATTR1;
-
         }
+
         if (namespaceURI1 == null) {
             return ATTR1_BEFORE_ATTR0;
         }
-      int a = namespaceURI0.compareTo(namespaceURI1);
 
+        int a = namespaceURI0.compareTo(namespaceURI1);
         if (a != 0) {
             return a;
         }
-      /*
-      String localName0 = ;
-      String localName1 =;*/
-
-      return (attr0.getLocalName())
-                                .compareTo( attr1.getLocalName());
 
+        return (attr0.getLocalName()).compareTo(attr1.getLocalName());
     }
-
 }

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java

+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/*
+ * Copyright 2008 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
+
+/**
+ * @author Sean Mullan
+ */
+public class Canonicalizer11_OmitComments extends Canonicalizer11 {
+
+    public Canonicalizer11_OmitComments() {
+        super(false);
+    }
+
+    public final String engineGetURI() {
+        return Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS;
+    }
+
+    public final boolean engineGetIncludeComments() {
+        return false;
+    }
+}

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java

+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/*
+ * Copyright 2008 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
+
+/**
+ * @author Sean Mullan
+ */
+public class Canonicalizer11_WithComments extends Canonicalizer11 {
+
+    public Canonicalizer11_WithComments() {
+        super(true);
+    }
+
+    public final String engineGetURI() {
+        return Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS;
+    }
+
+    public final boolean engineGetIncludeComments() {
+        return true;
+    }
+}

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -23,20 +22,30 @@ package com.sun.org.apache.xml.internal.security.c14n.implementations;
 
 
 
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
+import javax.xml.parsers.ParserConfigurationException;
+
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
 
 
 /**
@@ -44,12 +53,91 @@ import org.w3c.dom.Node;
  * XML Version 1.0</A>, a W3C Recommendation from 15 March 2001.
  *
  * @author Christian Geuer-Pollmann <geuerp@apache.org>
+ * @version $Revision: 1.5 $
  */
 public abstract class Canonicalizer20010315 extends CanonicalizerBase {
         boolean firstCall=true;
         final SortedSet result= new TreeSet(COMPARE);
     static final String XMLNS_URI=Constants.NamespaceSpecNS;
     static final String XML_LANG_URI=Constants.XML_LANG_SPACE_SpecNS;
+    static class XmlAttrStack {
+        int currentLevel=0;
+        int lastlevel=0;
+        XmlsStackElement cur;
+        static class XmlsStackElement {
+                int level;
+                boolean rendered=false;
+                List nodes=new ArrayList();
+        };
+        List levels=new ArrayList();
+        void push(int level) {
+                currentLevel=level;
+                if (currentLevel==-1)
+                        return;
+                cur=null;
+                while (lastlevel>=currentLevel) {
+                        levels.remove(levels.size()-1);
+                        if (levels.size()==0) {
+                                lastlevel=0;
+                                return;
+                        }
+                        lastlevel=((XmlsStackElement)levels.get(levels.size()-1)).level;
+                }
+        }
+        void addXmlnsAttr(Attr n) {
+                if (cur==null) {
+                        cur=new XmlsStackElement();
+                        cur.level=currentLevel;
+                        levels.add(cur);
+                        lastlevel=currentLevel;
+                }
+                cur.nodes.add(n);
+        }
+        void getXmlnsAttr(Collection col) {
+                int size=levels.size()-1;
+                if (cur==null) {
+                        cur=new XmlsStackElement();
+                        cur.level=currentLevel;
+                        lastlevel=currentLevel;
+                        levels.add(cur);
+                }
+                boolean parentRendered=false;
+                XmlsStackElement e=null;
+                if (size==-1) {
+                        parentRendered=true;
+                } else {
+                        e=(XmlsStackElement)levels.get(size);
+                        if (e.rendered && e.level+1==currentLevel)
+                                parentRendered=true;
+
+                }
+                if (parentRendered) {
+                                col.addAll(cur.nodes);
+                                cur.rendered=true;
+                                return;
+                        }
+
+                        Map loa = new HashMap();
+                for (;size>=0;size--) {
+                        e=(XmlsStackElement)levels.get(size);
+                        Iterator it=e.nodes.iterator();
+                        while (it.hasNext()) {
+                                Attr n=(Attr)it.next();
+                                if (!loa.containsKey(n.getName()))
+                                        loa.put(n.getName(),n);
+                        }
+                        //if (e.rendered)
+                                //break;
+
+                };
+                //cur.nodes.clear();
+                //cur.nodes.addAll(loa.values());
+                        cur.rendered=true;
+                col.addAll(loa.values());
+        }
+
+    }
+    XmlAttrStack xmlattrStack=new XmlAttrStack();
     /**
     * Constructor Canonicalizer20010315
     *
@@ -86,16 +174,16 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
 
       for (int i = 0; i < attrsLength; i++) {
          Attr N = (Attr) attrs.item(i);
-         String NName=N.getLocalName();
-         String NValue=N.getValue();
          String NUri =N.getNamespaceURI();
 
-         if (!XMLNS_URI.equals(NUri)) {
+         if (XMLNS_URI!=NUri) {
                 //It's not a namespace attr node. Add to the result and continue.
             result.add(N);
             continue;
          }
 
+         String NName=N.getLocalName();
+         String NValue=N.getValue();
          if (XML.equals(NName)
                  && XML_LANG_URI.equals(NValue)) {
                 //The default mapping for xml must not be output.
@@ -120,64 +208,13 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
         //Obtain all the namespaces defined in the parents, and added to the output.
         ns.getUnrenderedNodes(result);
         //output the attributes in the xml namespace.
-                addXmlAttributesSubtree(E, result);
+        xmlattrStack.getXmlnsAttr(result);
                 firstCall=false;
       }
 
       return result.iterator();
    }
 
-   /**
-    * Float the xml:* attributes of the parent nodes to the root node of c14n
-    * @param E the root node.
-    * @param result the xml:* attributes  to output.
-    */
-   private void addXmlAttributesSubtree(Element E, SortedSet result) {
-         // E is in the node-set
-         Node parent = E.getParentNode();
-         Map loa = new HashMap();
-
-         if ((parent != null) && (parent.getNodeType() == Node.ELEMENT_NODE)) {
-
-            // parent element is not in node set
-            for (Node ancestor = parent;
-                    (ancestor != null)
-                    && (ancestor.getNodeType() == Node.ELEMENT_NODE);
-                    ancestor = ancestor.getParentNode()) {
-               Element el=((Element) ancestor);
-               if (!el.hasAttributes()) {
-                    continue;
-               }
-               // for all ancestor elements
-               NamedNodeMap ancestorAttrs = el.getAttributes();
-
-               for (int i = 0; i < ancestorAttrs.getLength(); i++) {
-                  // for all attributes in the ancestor element
-                  Attr currentAncestorAttr = (Attr) ancestorAttrs.item(i);
-
-                  if (XML_LANG_URI.equals(
-                          currentAncestorAttr.getNamespaceURI())) {
-
-                     // do we have an xml:* ?
-                     if (!E.hasAttributeNS(
-                             XML_LANG_URI,
-                             currentAncestorAttr.getLocalName())) {
-
-                        // the xml:* attr is not in E
-                        if (!loa.containsKey(currentAncestorAttr.getName())) {
-                           loa.put(currentAncestorAttr.getName(),
-                                   currentAncestorAttr);
-                        }
-                     }
-                  }
-               }
-            }
-         }
-
-         result.addAll( loa.values());
-
-      }
-
    /**
     * Returns the Attr[]s to be outputted for the given element.
     * <br>
@@ -192,7 +229,8 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
     */
    Iterator handleAttributes(Element E,  NameSpaceSymbTable ns ) throws CanonicalizationException {
     // result will contain the attrs which have to be outputted
-    boolean isRealVisible=isVisible(E);
+        xmlattrStack.push(ns.getLevel());
+    boolean isRealVisible=isVisibleDO(E,ns.getLevel())==1;
     NamedNodeMap attrs = null;
     int attrsLength = 0;
     if (E.hasAttributes()) {
@@ -204,16 +242,15 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
     SortedSet result = this.result;
     result.clear();
 
-
     for (int i = 0; i < attrsLength; i++) {
        Attr N = (Attr) attrs.item(i);
-       String NName=N.getLocalName();
-       String NValue=N.getValue();
        String NUri =N.getNamespaceURI();
 
-       if (!XMLNS_URI.equals(NUri)) {
+       if (XMLNS_URI!=NUri) {
           //A non namespace definition node.
-          if (isRealVisible){
+           if (XML_LANG_URI==NUri) {
+                          xmlattrStack.addXmlnsAttr(N);
+           } else if (isRealVisible){
                 //The node is visible add the attribute to the list of output attributes.
                 result.add(N);
           }
@@ -221,7 +258,8 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
           continue;
        }
 
-
+       String NName=N.getLocalName();
+       String NValue=N.getValue();
        if ("xml".equals(NName)
                && XML_LANG_URI.equals(NValue)) {
           /* except omit namespace node with local name xml, which defines
@@ -232,8 +270,12 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
        //add the prefix binding to the ns symb table.
        //ns.addInclusiveMapping(NName,NValue,N,isRealVisible);
             if  (isVisible(N))  {
+                if (!isRealVisible && ns.removeMappingIfRender(NName)) {
+                        continue;
+                }
                         //The xpath select this node output it if needed.
-                        Node n=ns.addMappingAndRenderXNodeSet(NName,NValue,N,isRealVisible);
+                //Node n=ns.addMappingAndRenderXNodeSet(NName,NValue,N,isRealVisible);
+                Node n=ns.addMappingAndRender(NName,NValue,N);
                         if (n!=null) {
                                         result.add(n);
                     if (C14nHelper.namespaceIsRelative(N)) {
@@ -242,6 +284,12 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
                           "c14n.Canonicalizer.RelativeNamespace", exArgs);
                    }
                          }
+        } else {
+                if (isRealVisible && NName!=XMLNS) {
+                        ns.removeMapping(NName);
+                } else {
+                        ns.addMapping(NName,NValue,N);
+                }
         }
     }
     if (isRealVisible) {
@@ -254,84 +302,21 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
         } else if ( !isVisible(xmlns)) {
                 //There is a definition but the xmlns is not selected by the xpath.
                 //then xmlns=""
-                n=ns.addMappingAndRenderXNodeSet(XMLNS,"",nullNode,true);
+                n=ns.addMappingAndRender(XMLNS,"",nullNode);
         }
         //output the xmlns def if needed.
         if (n!=null) {
                         result.add(n);
         }
         //Float all xml:* attributes of the unselected parent elements to this one.
-        addXmlAttributes(E,result);
-    }
-
-    return result.iterator();
-   }
-   /**
-    *  Float the xml:* attributes of the unselected parent nodes to the ciurrent node.
-    * @param E
-    * @param result
-    */
-   private void addXmlAttributes(Element E, SortedSet result) {
-        /* The processing of an element node E MUST be modified slightly when an
-       * XPath node-set is given as input and the element's parent is omitted
-       * from the node-set. The method for processing the attribute axis of an
-       * element E in the node-set is enhanced. All element nodes along E's
-       * ancestor axis are examined for nearest occurrences of attributes in
-       * the xml namespace, such as xml:lang and xml:space (whether or not they
-       * are in the node-set). From this list of attributes, remove any that are
-       * in E's attribute axis (whether or not they are in the node-set). Then,
-       * lexicographically merge this attribute list with the nodes of E's
-       * attribute axis that are in the node-set. The result of visiting the
-       * attribute axis is computed by processing the attribute nodes in this
-       * merged attribute list.
-       */
-
-         // E is in the node-set
-         Node parent = E.getParentNode();
-         Map loa = new HashMap();
-
-         if ((parent != null) && (parent.getNodeType() == Node.ELEMENT_NODE)
-                 &&!isVisible(parent)) {
+        //addXmlAttributes(E,result);
+        xmlattrStack.getXmlnsAttr(result);
+        ns.getUnrenderedNodes(result);
 
-            // parent element is not in node set
-            for (Node ancestor = parent;
-                    (ancestor != null)
-                    && (ancestor.getNodeType() == Node.ELEMENT_NODE);
-                    ancestor = ancestor.getParentNode()) {
-                Element el=((Element) ancestor);
-                if (!el.hasAttributes()) {
-                        continue;
     }
-               // for all ancestor elements
-               NamedNodeMap ancestorAttrs =el.getAttributes();
-
-               for (int i = 0; i < ancestorAttrs.getLength(); i++) {
-
-                  // for all attributes in the ancestor element
-                  Attr currentAncestorAttr = (Attr) ancestorAttrs.item(i);
-
-                  if (XML_LANG_URI.equals(
-                          currentAncestorAttr.getNamespaceURI())) {
-
-                     // do we have an xml:* ?
-                     if (!E.hasAttributeNS(
-                             XML_LANG_URI,
-                             currentAncestorAttr.getLocalName())) {
 
-                        // the xml:* attr is not in E
-                        if (!loa.containsKey(currentAncestorAttr.getName())) {
-                           loa.put(currentAncestorAttr.getName(),
-                                   currentAncestorAttr);
-                        }
-                     }
-                  }
-               }
-            }
+    return result.iterator();
    }
-         result.addAll(loa.values());
-
-}
-
    /**
     * Always throws a CanonicalizationException because this is inclusive c14n.
     *
@@ -363,4 +348,43 @@ public abstract class Canonicalizer20010315 extends CanonicalizerBase {
       throw new CanonicalizationException(
          "c14n.Canonicalizer.UnsupportedOperation");
    }
+   void circumventBugIfNeeded(XMLSignatureInput input) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException {
+           if (!input.isNeedsToBeExpanded())
+                   return;
+           Document doc = null;
+       if (input.getSubNode() != null) {
+           doc=XMLUtils.getOwnerDocument(input.getSubNode());
+       } else {
+           doc=XMLUtils.getOwnerDocument(input.getNodeSet());
+       }
+           XMLUtils.circumventBug2650(doc);
+
+   }
+
+   void handleParent(Element e, NameSpaceSymbTable ns) {
+           if (!e.hasAttributes()) {
+                        return;
+           }
+           xmlattrStack.push(-1);
+           NamedNodeMap attrs = e.getAttributes();
+           int attrsLength = attrs.getLength();
+           for (int i = 0; i < attrsLength; i++) {
+                   Attr N = (Attr) attrs.item(i);
+                   if (Constants.NamespaceSpecNS!=N.getNamespaceURI()) {
+                           //Not a namespace definition, ignore.
+                           if (XML_LANG_URI==N.getNamespaceURI()) {
+                                   xmlattrStack.addXmlnsAttr(N);
+                           }
+                           continue;
+                   }
+
+                   String NName=N.getLocalName();
+                   String NValue=N.getNodeValue();
+                   if (XML.equals(NName)
+                                   && Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
+                                continue;
+                   }
+                   ns.addMapping(NName,NValue,N);
+           }
+   }
 }

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright 1999-2004 The Apache Software Foundation.
  *
@@ -21,20 +20,26 @@
  */
 package com.sun.org.apache.xml.internal.security.c14n.implementations;
 
+import java.io.IOException;
 import java.util.Iterator;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
+import javax.xml.parsers.ParserConfigurationException;
+
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
 /**
  * Implements &quot; <A
  * HREF="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">Exclusive XML
@@ -47,6 +52,7 @@ import org.w3c.dom.Node;
  * <i>THIS </i> implementation is a complete rewrite of the algorithm.
  *
  * @author Christian Geuer-Pollmann <geuerp@apache.org>
+ * @version $Revision: 1.5 $
  * @see <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/ Exclusive#">
  *          XML Canonicalization, Version 1.0</a>
  */
@@ -55,7 +61,7 @@ public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
       * This Set contains the names (Strings like "xmlns" or "xmlns:foo") of
       * the inclusive namespaces.
       */
-    TreeSet _inclusiveNSSet = null;
+    TreeSet _inclusiveNSSet = new TreeSet();
     static final String XMLNS_URI=Constants.NamespaceSpecNS;
     final SortedSet result = new TreeSet(COMPARE);
         /**
@@ -143,10 +149,8 @@ public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
 
                 for (int i = 0; i < attrsLength; i++) {
                         Attr N = (Attr) attrs.item(i);
-                        String NName=N.getLocalName();
-                        String NNodeValue=N.getNodeValue();
 
-                        if (!XMLNS_URI.equals(N.getNamespaceURI())) {
+                        if (XMLNS_URI!=N.getNamespaceURI()) {
                                 //Not a namespace definition.
                                 //The Element is output element, add his prefix(if used) to visibyUtilized
                                 String prefix = N.getPrefix();
@@ -157,6 +161,8 @@ public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
                                  result.add(N);
                                 continue;
                         }
+                        String NName=N.getLocalName();
+                        String NNodeValue=N.getNodeValue();
 
                         if (ns.addMapping(NName, NNodeValue,N)) {
                                 //New definition check if it is relative.
@@ -168,17 +174,17 @@ public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
                 }
             }
                 }
-
+                String prefix;
                 if (E.getNamespaceURI() != null) {
-                        String prefix = E.getPrefix();
+                        prefix = E.getPrefix();
                         if ((prefix == null) || (prefix.length() == 0)) {
-                                visiblyUtilized.add(XMLNS);
-                        } else {
-                                visiblyUtilized.add(prefix);
+                                prefix=XMLNS;
                         }
+
                 } else {
-                        visiblyUtilized.add(XMLNS);
+                        prefix=XMLNS;
                 }
+                visiblyUtilized.add(prefix);
 
                 //This can be optimezed by I don't have time
                 Iterator it=visiblyUtilized.iterator();
@@ -211,12 +217,6 @@ public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
 
         }
 
-    /** @inheritDoc */
-    public byte[] engineCanonicalizeXPathNodeSet(Set xpathNodeSet
-            ) throws CanonicalizationException {
-        return engineCanonicalizeXPathNodeSet(xpathNodeSet,"");
-    }
-
         /**
      * @inheritDoc
          * @param E
@@ -236,21 +236,20 @@ public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
                 //The prefix visibly utilized(in the attribute or in the name) in the element
                 Set visiblyUtilized =null;
                 //It's the output selected.
-                boolean isOutputElement = isVisible(E);
+                boolean isOutputElement=isVisibleDO(E,ns.getLevel())==1;
                 if (isOutputElement) {
                         visiblyUtilized =  (Set) this._inclusiveNSSet.clone();
                 }
 
                 for (int i = 0; i < attrsLength; i++) {
                         Attr N = (Attr) attrs.item(i);
-                        String NName=N.getLocalName();
-                        String NNodeValue=N.getNodeValue();
+
+
+                        if (XMLNS_URI!=N.getNamespaceURI()) {
                                 if ( !isVisible(N) )  {
                                         //The node is not in the nodeset(if there is a nodeset)
                                         continue;
                                 }
-
-                        if (!XMLNS_URI.equals(N.getNamespaceURI())) {
                                 //Not a namespace definition.
                                 if (isOutputElement) {
                                         //The Element is output element, add his prefix(if used) to visibyUtilized
@@ -263,6 +262,25 @@ public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
                                 }
                                 continue;
                         }
+                        String NName=N.getLocalName();
+                        if (isOutputElement && !isVisible(N) && NName!=XMLNS) {
+                        ns.removeMappingIfNotRender(NName);
+                        continue;
+                }
+                        String NNodeValue=N.getNodeValue();
+
+                        if (!isOutputElement && isVisible(N) && _inclusiveNSSet.contains(NName) && !ns.removeMappingIfRender(NName)) {
+                                Node n=ns.addMappingAndRender(NName,NNodeValue,N);
+                                if (n!=null) {
+                                                result.add(n);
+                            if (C14nHelper.namespaceIsRelative(N)) {
+                               Object exArgs[] = { E.getTagName(), NName, N.getNodeValue() };
+                               throw new CanonicalizationException(
+                                  "c14n.Canonicalizer.RelativeNamespace", exArgs);
+                           }
+                                 }
+                        }
+
 
 
                         if (ns.addMapping(NName, NNodeValue,N)) {
@@ -306,18 +324,20 @@ public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
                                 }
                                 result.add(key);
                         }
-                } else /*if (_circunvented)*/ {
-                        Iterator it=this._inclusiveNSSet.iterator();
-                        while (it.hasNext()) {
-                                String s=(String)it.next();
-                                Attr key=ns.getMappingWithoutRendered(s);
-                                if (key==null) {
-                                        continue;
                 }
-                                result.add(key);
+
+                return result.iterator();
         }
+        void circumventBugIfNeeded(XMLSignatureInput input) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException {
+                if (!input.isNeedsToBeExpanded() || _inclusiveNSSet.isEmpty())
+                        return;
+                Document doc = null;
+               if (input.getSubNode() != null) {
+                   doc=XMLUtils.getOwnerDocument(input.getSubNode());
+               } else {
+                   doc=XMLUtils.getOwnerDocument(input.getNodeSet());
                }
 
-                return result.iterator();
+                XMLUtils.circumventBug2650(doc);
            }
 }

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java

@@ -28,6 +28,7 @@ import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 /**
  * Class Canonicalizer20010315ExclWithComments
  *
+ * @version $Revision: 1.5 $
  */
 public class Canonicalizer20010315ExclWithComments
         extends Canonicalizer20010315Excl {

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java

@@ -20,16 +20,10 @@
  */
 package com.sun.org.apache.xml.internal.security.c14n.implementations;
 
-import java.lang.reflect.Array;
-import java.util.AbstractList;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collection;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
-
 
 
 import org.w3c.dom.Attr;
@@ -46,21 +40,26 @@ import org.w3c.dom.Node;
 public class NameSpaceSymbTable {
 
         /**The map betwen prefix-> entry table. */
-        SymbMap symb = new SymbMap();
+        SymbMap symb;
         /**The level of nameSpaces (for Inclusive visibility).*/
         int nameSpaces=0;
         /**The stacks for removing the definitions when doing pop.*/
-        List level = new ArrayList();
+        List level;
     boolean cloned=true;
         static final String XMLNS="xmlns";
+        final static SymbMap initialMap=new SymbMap();
+        static {
+                NameSpaceSymbEntry ne=new NameSpaceSymbEntry("",null,true,XMLNS);
+                ne.lastrendered="";
+                initialMap.put(XMLNS,ne);
+        }
     /**
      * Default constractor
      **/
     public NameSpaceSymbTable() {
+        level = new ArrayList(10);
         //Insert the default binding for xmlns.
-        NameSpaceSymbEntry ne=new NameSpaceSymbEntry("",null,true);
-                ne.lastrendered="";
-        symb.put(XMLNS,ne);
+        symb=(SymbMap) initialMap.clone();
     }
 
     /**
@@ -75,8 +74,14 @@ public class NameSpaceSymbTable {
                         NameSpaceSymbEntry n=(NameSpaceSymbEntry)(it.next());
                         //put them rendered?
                         if ((!n.rendered) && (n.n!=null)) {
-                                result.add(n.n);
+                                n=(NameSpaceSymbEntry) n.clone();
+                needsClone();
+                symb.put(n.prefix,n);
+                n.lastrendered=n.uri;
                 n.rendered=true;
+
+                                result.add(n.n);
+
                         }
            }
         }
@@ -104,10 +109,6 @@ public class NameSpaceSymbTable {
      **/
         public void push() {
                 //Put the number of namespace definitions in the stack.
-        /**if (cloned) {
-                Object ob[]= {symb,cloned ? symb : null};
-                level.add(ob);
-        } **/
         level.add(null);
         cloned=false;
         }
@@ -134,8 +135,7 @@ public class NameSpaceSymbTable {
 
         final void needsClone() {
                 if (!cloned) {
-            level.remove(level.size()-1);
-            level.add(symb);
+            level.set(level.size()-1,symb);
                         symb=(SymbMap) symb.clone();
             cloned=true;
         }
@@ -200,7 +200,7 @@ public class NameSpaceSymbTable {
                         return false;
                 }
                 //Creates and entry in the table for this new definition.
-                NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,false);
+                NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,false,prefix);
         needsClone();
                 symb.put(prefix, ne);
                 if (ob != null) {
@@ -238,7 +238,7 @@ public class NameSpaceSymbTable {
             return null;
         }
 
-        NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,true);
+        NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,true,prefix);
         ne.lastrendered=uri;
         needsClone();
         symb.put(prefix, ne);
@@ -251,53 +251,38 @@ public class NameSpaceSymbTable {
         }
         return ne.n;
     }
-        /**
-     * Adds & gets(if needed) the attribute node that defines the binding for the prefix.
-     * Take on account if the rules of rendering in the inclusive c14n.
-     * For inclusive c14n.
-     * @param prefix the prefix to obtain the attribute.
-     * @param outputNode the container element is an output element.
-     * @param uri the Uri of the definition
-     * @param n the attribute that have the definition
-     * @return null if there is no need to render the prefix. Otherwise the node of
-     * definition.
-     **/
-        public Node addMappingAndRenderXNodeSet(String prefix, String uri,Attr n,boolean outputNode) {
+
+        public int getLevel() {
+                // TODO Auto-generated method stub
+                return level.size();
+        }
+
+        public void removeMapping(String prefix) {
                 NameSpaceSymbEntry ob = symb.get(prefix);
-                int visibleNameSpaces=nameSpaces;
-                if ((ob!=null) && uri.equals(ob.uri)) {
-                        if (!ob.rendered) {
-                                ob=(NameSpaceSymbEntry)ob.clone();
+
+        if (ob!=null) {
             needsClone();
-                symb.put(prefix,ob);
-                                ob.rendered=true;
-                                ob.level=visibleNameSpaces;
-                                return ob.n;
+            symb.put(prefix,null);
+        }
         }
-            ob=(NameSpaceSymbEntry)ob.clone();
+
+        public void removeMappingIfNotRender(String prefix) {
+                NameSpaceSymbEntry ob = symb.get(prefix);
+
+        if (ob!=null && !ob.rendered) {
             needsClone();
-            symb.put(prefix,ob);
-                        if (outputNode && (((visibleNameSpaces-ob.level)<2) || XMLNS.equals(prefix)) ) {
-                                ob.level=visibleNameSpaces;
-                                return null; //Already rendered, just return nulll
+            symb.put(prefix,null);
         }
-                        ob.level=visibleNameSpaces;
-                        return ob.n;
         }
 
-                NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,true);
-                ne.level=nameSpaces;
-                ne.rendered=true;
-        needsClone();
-                symb.put(prefix, ne);
-                if (ob != null) {
-                        ne.lastrendered=ob.lastrendered;
+        public boolean removeMappingIfRender(String prefix) {
+                NameSpaceSymbEntry ob = symb.get(prefix);
 
-                        if ((ob.lastrendered!=null)&& (ob.lastrendered.equals(uri))) {
-                                ne.rendered=true;
-                        }
+        if (ob!=null && ob.rendered) {
+            needsClone();
+            symb.put(prefix,null);
         }
-                return ne.n;
+        return false;
         }
 }
 
@@ -305,10 +290,11 @@ public class NameSpaceSymbTable {
  * The internal structure of NameSpaceSymbTable.
  **/
 class NameSpaceSymbEntry implements Cloneable {
-    NameSpaceSymbEntry(String name,Attr n,boolean rendered) {
+    NameSpaceSymbEntry(String name,Attr n,boolean rendered,String prefix) {
         this.uri=name;
         this.rendered=rendered;
         this.n=n;
+        this.prefix=prefix;
     }
     /** @inheritDoc */
     public Object clone() {
@@ -320,6 +306,7 @@ class NameSpaceSymbEntry implements Cloneable {
     }
     /** The level where the definition was rendered(Only for inclusive) */
     int level=0;
+    String prefix;
     /**The URI that the prefix defines */
     String uri;
     /**The last output in the URI for this prefix (This for speed reason).*/
@@ -330,11 +317,14 @@ class NameSpaceSymbEntry implements Cloneable {
     Attr n;
 };
 
-class SymbMap implements Cloneable{
+class SymbMap implements Cloneable {
     int free=23;
-        NameSpaceSymbEntry[] entries=new NameSpaceSymbEntry[free];
-        String[] keys=new String[free];
-
+    NameSpaceSymbEntry[] entries;
+    String[] keys;
+        SymbMap() {
+                entries=new NameSpaceSymbEntry[free];
+                keys=new String[free];
+        }
     void put(String key, NameSpaceSymbEntry value) {
         int index = index(key);
         Object oldKey = keys[index];
@@ -352,14 +342,13 @@ class SymbMap implements Cloneable{
     List entrySet() {
         List a=new ArrayList();
         for (int i=0;i<entries.length;i++) {
-                        if ((entries[i]!=null) && !("".equals(entries[i]))) {
+                if ((entries[i]!=null) && !("".equals(entries[i].uri))) {
                         a.add(entries[i]);
             }
         }
         return a;
     }
 
-
     protected int index(Object obj) {
         Object[] set = keys;
         int length = set.length;
@@ -370,12 +359,14 @@ class SymbMap implements Cloneable{
         if (cur == null || (cur.equals( obj))) {
                 return index;
         }
+        length=length-1;
         do {
                 index=index==length? 0:++index;
                 cur = set[index];
         } while (cur != null && (!cur.equals(obj)));
         return index;
     }
+
     /**
      * rehashes the map to the new capacity.
      *
@@ -398,11 +389,12 @@ class SymbMap implements Cloneable{
             }
         }
     }
+
     NameSpaceSymbEntry get(String key) {
         return  entries[index(key)];
     }
+
     protected Object clone()  {
-                // TODO Auto-generated method stub
         try {
                 SymbMap copy=(SymbMap) super.clone();
                 copy.entries=new NameSpaceSymbEntry[entries.length];

src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java

+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+public class UtfHelpper {
+
+        final static void writeByte(final String str,final OutputStream out,Map cache) throws IOException {
+                   byte []result=(byte[]) cache.get(str);
+                   if (result==null) {
+                           result=getStringInUtf8(str);
+                           cache.put(str,result);
+                   }
+
+                   out.write(result);
+
+           }
+
+        final static void writeCharToUtf8(final char c,final OutputStream out) throws IOException{
+                if (c < 0x80) {
+                out.write(c);
+                return;
+            }
+                if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF) ){
+                //No Surrogates in sun java
+                out.write(0x3f);
+                return;
+        }
+            int bias;
+            int write;
+            char ch;
+            if (c > 0x07FF) {
+                ch=(char)(c>>>12);
+                write=0xE0;
+                if (ch>0) {
+                    write |= ( ch & 0x0F);
+                }
+                out.write(write);
+                write=0x80;
+                bias=0x3F;
+            } else {
+                write=0xC0;
+                bias=0x1F;
+            }
+            ch=(char)(c>>>6);
+            if (ch>0) {
+                 write|= (ch & bias);
+            }
+            out.write(write);
+            out.write(0x80 | ((c) & 0x3F));
+
+           }
+
+        final static void writeStringToUtf8(final String str,final OutputStream out) throws IOException{
+                final int length=str.length();
+                int i=0;
+            char c;
+                while (i<length) {
+                        c=str.charAt(i++);
+                if (c < 0x80)  {
+                    out.write(c);
+                    continue;
+                }
+                if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF) ){
+                        //No Surrogates in sun java
+                        out.write(0x3f);
+                        continue;
+                }
+                char ch;
+                int bias;
+                int write;
+                if (c > 0x07FF) {
+                    ch=(char)(c>>>12);
+                    write=0xE0;
+                    if (ch>0) {
+                        write |= ( ch & 0x0F);
+                    }
+                    out.write(write);
+                    write=0x80;
+                    bias=0x3F;
+                } else {
+                        write=0xC0;
+                        bias=0x1F;
+                }
+                ch=(char)(c>>>6);
+                if (ch>0) {
+                     write|= (ch & bias);
+                }
+                out.write(write);
+                out.write(0x80 | ((c) & 0x3F));
+
+                }
+
+           }
+        public final static byte[] getStringInUtf8(final String str) {
+                   final int length=str.length();
+                   boolean expanded=false;
+                   byte []result=new byte[length];
+                        int i=0;
+                        int out=0;
+                    char c;
+                        while (i<length) {
+                                c=str.charAt(i++);
+                        if ( c < 0x80 ) {
+                            result[out++]=(byte)c;
+                            continue;
+                        }
+                        if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF) ){
+                                   //No Surrogates in sun java
+                                   result[out++]=0x3f;
+
+                                continue;
+                        }
+                        if (!expanded) {
+                                byte newResult[]=new byte[3*length];
+                                        System.arraycopy(result, 0, newResult, 0, out);
+                                        result=newResult;
+                                        expanded=true;
+                        }
+                        char ch;
+                        int bias;
+                        byte write;
+                        if (c > 0x07FF) {
+                            ch=(char)(c>>>12);
+                            write=(byte)0xE0;
+                            if (ch>0) {
+                                write |= ( ch & 0x0F);
+                            }
+                            result[out++]=write;
+                            write=(byte)0x80;
+                            bias=0x3F;
+                        } else {
+                                write=(byte)0xC0;
+                                bias=0x1F;
+                        }
+                        ch=(char)(c>>>6);
+                        if (ch>0) {
+                             write|= (ch & bias);
+                        }
+                        result[out++]=write;
+                        result[out++]=(byte)(0x80 | ((c) & 0x3F));/**/
+
+                        }
+                        if (expanded) {
+                                byte newResult[]=new byte[out];
+                                System.arraycopy(result, 0, newResult, 0, out);
+                                result=newResult;
+                        }
+                        return result;
+           }
+
+
+
+}

src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherInput.java

@@ -113,14 +113,13 @@ public class XMLCipherInput {
      * @return the decripted bytes
      * @throws XMLEncryptionException
      */
-
     private byte[] getDecryptBytes() throws XMLEncryptionException {
 
         String base64EncodedEncryptedOctets = null;
 
         if (_cipherData.getDataType() == CipherData.REFERENCE_TYPE) {
             // Fun time!
-                        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Found a reference type CipherData");
+            logger.log(java.util.logging.Level.FINE, "Found a reference type CipherData");
             CipherReference cr = _cipherData.getCipherReference();
 
             // Need to wrap the uri in an Attribute node so that we can
@@ -138,16 +137,15 @@ public class XMLCipherInput {
             }
 
             if (input != null) {
-                                if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Managed to resolve URI \"" + cr.getURI() + "\"");
-                        }
-                        else {
-                                if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Failed to resolve URI \"" + cr.getURI() + "\"");
+                logger.log(java.util.logging.Level.FINE, "Managed to resolve URI \"" + cr.getURI() + "\"");
+            } else {
+                logger.log(java.util.logging.Level.FINE, "Failed to resolve URI \"" + cr.getURI() + "\"");
             }
 
             // Lets see if there are any transforms
             Transforms transforms = cr.getTransforms();
             if (transforms != null) {
-                                if (logger.isLoggable(java.util.logging.Level.FINE))                                  logger.log(java.util.logging.Level.FINE, "Have transforms in cipher reference");
+                logger.log(java.util.logging.Level.FINE, "Have transforms in cipher reference");
                 try {
                     com.sun.org.apache.xml.internal.security.transforms.Transforms dsTransforms =
                         transforms.getDSTransforms();
@@ -159,8 +157,7 @@ public class XMLCipherInput {
 
             try {
                 return input.getBytes();
-                        }
-                        catch (IOException ex) {
+            } catch (IOException ex) {
                 throw new XMLEncryptionException("empty", ex);
             } catch (CanonicalizationException ex) {
                 throw new XMLEncryptionException("empty", ex);
@@ -168,16 +165,15 @@ public class XMLCipherInput {
 
         // retrieve the cipher text
         } else if (_cipherData.getDataType() == CipherData.VALUE_TYPE) {
-            CipherValue cv = _cipherData.getCipherValue();
-            base64EncodedEncryptedOctets = new String(cv.getValue());
+            base64EncodedEncryptedOctets =
+                _cipherData.getCipherValue().getValue();
         } else {
             throw new XMLEncryptionException("CipherData.getDataType() returned unexpected value");
         }
 
-        if (logger.isLoggable(java.util.logging.Level.FINE))                                     logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
+        logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
 
         byte[] encryptedBytes = null;
-
         try {
             encryptedBytes = Base64.decode(base64EncodedEncryptedOctets);
         } catch (Base64DecodingException bde) {
@@ -185,7 +181,5 @@ public class XMLCipherInput {
         }
 
         return (encryptedBytes);
-
     }
-
 }

src/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -28,7 +27,7 @@ import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class ContentHandlerAlreadyRegisteredException
         extends XMLSecurityException {

src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyUtils.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -36,7 +35,7 @@ import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
 /**
  * Utility class for for <CODE>com.sun.org.apache.xml.internal.security.keys</CODE> package.
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class KeyUtils {
 

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -28,7 +27,7 @@ package com.sun.org.apache.xml.internal.security.keys.content;
 /**
  * Empty interface just to identify Elements that can be cildren of ds:KeyInfo.
  *
- * @author $Author: blautenb $
+ * @author $Author: mullan $
  */
 public interface KeyInfoContent {
 }

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java

@@ -20,25 +20,18 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class KeyName extends SignatureElementProxy implements KeyInfoContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(KeyName.class.getName());
-
    /**
     * Constructor KeyName
     *

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java

@@ -20,11 +20,8 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content;
 
-
-
 import java.security.PublicKey;
 
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.DSAKeyValue;
 import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.RSAKeyValue;
@@ -34,22 +31,18 @@ import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  * The KeyValue element contains a single public key that may be useful in
  * validating the signature. Structured formats for defining DSA (REQUIRED)
  * and RSA (RECOMMENDED) public keys are defined in Signature Algorithms
  * (section 6.4). The KeyValue element may include externally defined public
- * keys values represented as PCDATA or element types from an external namespace.
+ * keys values represented as PCDATA or element types from an external
+ * namespace.
  *
- * @author $Author: vishal $
+ * @author $Author: mullan $
  */
 public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(KeyValue.class.getName());
-
     /**
      * Constructor KeyValue
      *
@@ -140,29 +133,24 @@ public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
      */
     public PublicKey getPublicKey() throws XMLSecurityException {
 
-
-         Element rsa = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
+        Element rsa = XMLUtils.selectDsNode
+            (this._constructionElement.getFirstChild(),
              Constants._TAG_RSAKEYVALUE,0);
 
         if (rsa != null) {
-            RSAKeyValue kv = new RSAKeyValue(rsa,
-                                             this._baseURI);
-
+            RSAKeyValue kv = new RSAKeyValue(rsa, this._baseURI);
             return kv.getPublicKey();
         }
 
-         Element dsa = XMLUtils.selectDsNode(this._constructionElement,
+        Element dsa = XMLUtils.selectDsNode
+            (this._constructionElement.getFirstChild(),
              Constants._TAG_DSAKEYVALUE,0);
 
-
         if (dsa != null) {
-            DSAKeyValue kv = new DSAKeyValue(dsa,
-                                             this._baseURI);
-
+            DSAKeyValue kv = new DSAKeyValue(dsa, this._baseURI);
             return kv.getPublicKey();
         }
 
-
         return null;
     }
 

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java

@@ -20,25 +20,18 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class MgmtData extends SignatureElementProxy implements KeyInfoContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(MgmtData.class.getName());
-
    /**
     * Constructor MgmtData
     *

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java

@@ -20,25 +20,18 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Element;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  * $todo$ Implement
  */
 public class PGPData extends SignatureElementProxy implements KeyInfoContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(PGPData.class.getName());
-
    /**
     * Constructor PGPData
     *

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java

@@ -20,9 +20,6 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content;
 
-
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
@@ -33,17 +30,13 @@ import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class RetrievalMethod extends SignatureElementProxy
         implements KeyInfoContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(RetrievalMethod.class.getName());
    //J-
     /** DSA retrieval */
    public static final String TYPE_DSA     = Constants.SignatureSpecNS + "DSAKeyValue";
@@ -133,7 +126,7 @@ public class RetrievalMethod extends SignatureElementProxy
 
       try {
        Element transformsElem =
-             XMLUtils.selectDsNode(this._constructionElement,
+             XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
                                                 Constants
                                                    ._TAG_TRANSFORMS, 0);
 

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java

@@ -20,25 +20,18 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Element;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  * $todo$ implement
  */
 public class SPKIData extends SignatureElementProxy implements KeyInfoContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SPKIData.class.getName());
-
    /**
     * Constructor SPKIData
     *

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java

@@ -41,7 +41,7 @@ import org.w3c.dom.Node;
 
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class X509Data extends SignatureElementProxy implements KeyInfoContent {
 
@@ -72,62 +72,19 @@ public class X509Data extends SignatureElementProxy implements KeyInfoContent {
            throws XMLSecurityException {
 
       super(element, BaseURI);
-
-      boolean noElements=true;
       Node sibling=this._constructionElement.getFirstChild();
       while (sibling!=null) {
          if (sibling.getNodeType()!=Node.ELEMENT_NODE) {
                 sibling=sibling.getNextSibling();
             continue;
          }
-        noElements=false;
-         Element currentElem = (Element) sibling;
-         sibling=sibling.getNextSibling();
-         String localname = currentElem.getLocalName();
-
-         if (currentElem.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
-            if (localname.equals(Constants._TAG_X509ISSUERSERIAL)) {
-               XMLX509IssuerSerial is = new XMLX509IssuerSerial(currentElem,
-                                           BaseURI);
-
-               this.add(is);
-            } else if (localname.equals(Constants._TAG_X509SKI)) {
-               XMLX509SKI ski = new XMLX509SKI(currentElem, BaseURI);
-
-               this.add(ski);
-            } else if (localname.equals(Constants._TAG_X509SUBJECTNAME)) {
-               XMLX509SubjectName sn = new XMLX509SubjectName(currentElem,
-                                          BaseURI);
-
-               this.add(sn);
-            } else if (localname.equals(Constants._TAG_X509CERTIFICATE)) {
-               XMLX509Certificate cert = new XMLX509Certificate(currentElem,
-                                            BaseURI);
-
-               this.add(cert);
-            } else if (localname.equals(Constants._TAG_X509CRL)) {
-               XMLX509CRL crl = new XMLX509CRL(currentElem, BaseURI);
-
-               this.add(crl);
-            } else {
-               log.log(java.util.logging.Level.WARNING, "Found a " + currentElem.getTagName() + " element in "
-                        + Constants._TAG_X509DATA);
-               this.addUnknownElement(currentElem);
-            }
-         } else {
-            log.log(java.util.logging.Level.WARNING, "Found a " + currentElem.getTagName() + " element in "
-                     + Constants._TAG_X509DATA);
-            this.addUnknownElement(currentElem);
+         return;
       }
-      }
-      if (noElements) {
+      /* No Elements found */
       Object exArgs[] = { "Elements", Constants._TAG_X509DATA };
-
       throw new XMLSecurityException("xml.WrongContent", exArgs);
    }
 
-   }
-
    /**
     * Method addIssuerSerial
     *
@@ -169,12 +126,10 @@ public class X509Data extends SignatureElementProxy implements KeyInfoContent {
     */
    public void add(XMLX509IssuerSerial xmlX509IssuerSerial) {
 
-      if (this._state == MODE_SIGN) {
          this._constructionElement
             .appendChild(xmlX509IssuerSerial.getElement());
          XMLUtils.addReturnToElement(this._constructionElement);
    }
-   }
 
    /**
     * Method addSKI
@@ -202,12 +157,9 @@ public class X509Data extends SignatureElementProxy implements KeyInfoContent {
     * @param xmlX509SKI
     */
    public void add(XMLX509SKI xmlX509SKI) {
-
-      if (this._state == MODE_SIGN) {
          this._constructionElement.appendChild(xmlX509SKI.getElement());
          XMLUtils.addReturnToElement(this._constructionElement);
    }
-   }
 
    /**
     * Method addSubjectName
@@ -233,12 +185,9 @@ public class X509Data extends SignatureElementProxy implements KeyInfoContent {
     * @param xmlX509SubjectName
     */
    public void add(XMLX509SubjectName xmlX509SubjectName) {
-
-      if (this._state == MODE_SIGN) {
          this._constructionElement.appendChild(xmlX509SubjectName.getElement());
          XMLUtils.addReturnToElement(this._constructionElement);
    }
-   }
 
    /**
     * Method addCertificate
@@ -266,12 +215,9 @@ public class X509Data extends SignatureElementProxy implements KeyInfoContent {
     * @param xmlX509Certificate
     */
    public void add(XMLX509Certificate xmlX509Certificate) {
-
-      if (this._state == MODE_SIGN) {
          this._constructionElement.appendChild(xmlX509Certificate.getElement());
          XMLUtils.addReturnToElement(this._constructionElement);
    }
-   }
 
    /**
     * Method addCRL
@@ -288,12 +234,9 @@ public class X509Data extends SignatureElementProxy implements KeyInfoContent {
     * @param xmlX509CRL
     */
    public void add(XMLX509CRL xmlX509CRL) {
-
-      if (this._state == MODE_SIGN) {
          this._constructionElement.appendChild(xmlX509CRL.getElement());
          XMLUtils.addReturnToElement(this._constructionElement);
    }
-   }
 
    /**
     * Method addUnknownElement
@@ -301,12 +244,9 @@ public class X509Data extends SignatureElementProxy implements KeyInfoContent {
     * @param element
     */
    public void addUnknownElement(Element element) {
-
-      if (this._state == MODE_SIGN) {
          this._constructionElement.appendChild(element);
          XMLUtils.addReturnToElement(this._constructionElement);
    }
-   }
 
    /**
     * Method lengthIssuerSerial
@@ -479,7 +419,7 @@ public class X509Data extends SignatureElementProxy implements KeyInfoContent {
     * TODO implement
     **/
    public Element itemUnknownElement(int i) {
-          if (log.isLoggable(java.util.logging.Level.FINE))                                     log.log(java.util.logging.Level.FINE, "itemUnknownElement not implemented:"+i);
+          log.log(java.util.logging.Level.FINE, "itemUnknownElement not implemented:"+i);
       return null;
    }
 

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java

@@ -20,8 +20,6 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content.keyvalues;
 
-
-
 import java.math.BigInteger;
 import java.security.Key;
 import java.security.KeyFactory;
@@ -39,18 +37,13 @@ import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class DSAKeyValue extends SignatureElementProxy
         implements KeyValueContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(DSAKeyValue.class.getName());
-
    /**
     * Constructor DSAKeyValue
     *

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/KeyValueContent.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -32,7 +31,7 @@ import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
  *
  *
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  *
  */
 public interface KeyValueContent {

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java

@@ -20,8 +20,6 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content.keyvalues;
 
-
-
 import java.math.BigInteger;
 import java.security.Key;
 import java.security.KeyFactory;
@@ -39,19 +37,13 @@ import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class RSAKeyValue extends SignatureElementProxy
         implements KeyValueContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(
-                        RSAKeyValue.class.getName());
-
    /**
     * Constructor RSAKeyValue
     *

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java

@@ -20,30 +20,20 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content.x509;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  *
- *
- *
- *
- * @author $Author: raul $
+ * @author $Author: mullan $
  *
  */
 public class XMLX509CRL extends SignatureElementProxy
         implements XMLX509DataContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XMLX509CRL.class.getName());
-
    /**
     * Constructor XMLX509CRL
     *

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java

@@ -20,8 +20,6 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content.x509;
 
-
-
 import java.io.ByteArrayInputStream;
 import java.security.PublicKey;
 import java.security.cert.CertificateException;
@@ -34,18 +32,13 @@ import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class XMLX509Certificate extends SignatureElementProxy
         implements XMLX509DataContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XMLX509Certificate.class.getName());
-
    /** Field JCA_CERT_ID */
    public static final String JCA_CERT_ID = "X.509";
 
@@ -149,16 +142,18 @@ public class XMLX509Certificate extends SignatureElementProxy
     /** @inheritDoc */
     public boolean equals(Object obj) {
 
-      try {
-         if (!obj.getClass().getName().equals(this.getClass().getName())) {
+        if (obj == null) {
+            return false;
+        }
+        if (!this.getClass().getName().equals(obj.getClass().getName())) {
             return false;
         }
-
         XMLX509Certificate other = (XMLX509Certificate) obj;
+        try {
 
             /** $todo$ or should be create X509Certificates and use the equals() from the Certs */
-         return java.security.MessageDigest.isEqual(other.getCertificateBytes(),
-                                        this.getCertificateBytes());
+            return java.security.MessageDigest.isEqual
+                (other.getCertificateBytes(), this.getCertificateBytes());
         } catch (XMLSecurityException ex) {
             return false;
         }

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -28,7 +27,7 @@ package com.sun.org.apache.xml.internal.security.keys.content.x509;
 /**
  * Just used for tagging contents that are allowed inside a ds:X509Data Element.
  *
- * @author $Author: blautenb $
+ * @author $Author: mullan $
  */
 public interface XMLX509DataContent {
 }

src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java

@@ -20,8 +20,6 @@
  */
 package com.sun.org.apache.xml.internal.security.keys.content.x509;
 
-
-
 import java.security.cert.X509Certificate;
 
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
@@ -33,15 +31,11 @@ import org.w3c.dom.Element;
 
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class XMLX509SubjectName extends SignatureElementProxy
         implements XMLX509DataContent {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(XMLX509SubjectName.class.getName());
-
    /**
     * Constructor X509SubjectName
     *
@@ -90,8 +84,11 @@ public class XMLX509SubjectName extends SignatureElementProxy
 
     /** @inheritDoc */
     public boolean equals(Object obj) {
+        if (obj == null) {
+            return false;
+        }
 
-      if (!obj.getClass().getName().equals(this.getClass().getName())) {
+        if (!this.getClass().getName().equals(obj.getClass().getName())) {
             return false;
         }
 
@@ -99,12 +96,7 @@ public class XMLX509SubjectName extends SignatureElementProxy
         String otherSubject = other.getSubjectName();
         String thisSubject = this.getSubjectName();
 
-      if (otherSubject.equals(thisSubject)) {
-            return true;
-      }
-
-       return false;
-
+        return thisSubject.equals(otherSubject);
    }
 
    /** @inheritDoc */

src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -29,7 +28,7 @@ import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 /**
  *
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class InvalidKeyResolverException extends XMLSecurityException {
 

src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -31,7 +30,7 @@ import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
  *
  *
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  *
  */
 public class KeyResolverException extends XMLSecurityException {

src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -28,7 +27,7 @@ import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public class StorageResolverException extends XMLSecurityException {
 

src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverSpi.java

@@ -2,7 +2,6 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-
 /*
  * Copyright  1999-2004 The Apache Software Foundation.
  *
@@ -28,7 +27,7 @@ import java.util.Iterator;
 
 /**
  *
- * @author $Author: raul $
+ * @author $Author: mullan $
  */
 public abstract class StorageResolverSpi {
 

src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.dtd

@@ -3,7 +3,7 @@
     Joseph Reagle $last changed 20001215$
 
     http://www.w3.org/2000/09/xmldsig#
-    $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+    $Revision: 1.6 $ on $Date: 2008/07/24 16:15:03 $ by $Author: mullan $
 
     Copyright 2001 The Internet Society and W3C (Massachusetts Institute
     of Technology, Institut National de Recherche en Informatique et en

src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.xsd

@@ -11,7 +11,7 @@
 
 <!-- Schema for XML Signatures
     http://www.w3.org/2000/09/xmldsig#
-    $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+    $Revision: 1.6 $ on $Date: 2008/07/24 16:15:03 $ by $Author: mullan $
 
     Copyright 2001 The Internet Society and W3C (Massachusetts Institute
     of Technology, Institut National de Recherche en Informatique et en