Transformation algorithm
*
@@ -167,20 +160,6 @@ public abstract class SignatureAlgorithmSpi {
protected abstract void engineSetParameter(AlgorithmParameterSpec params)
throws XMLSignatureException;
- /** Field _doc */
- Document _doc = null;
-
- /**
- * Method engineSetDocument
- *
- * @param doc
- */
- protected void engineSetDocument(Document doc) {
- this._doc = doc;
- }
-
- /** Field _constructionElement */
- Element _constructionElement = null;
/**
* Method engineGetContextFromElement
@@ -188,7 +167,6 @@ public abstract class SignatureAlgorithmSpi {
* @param element
*/
protected void engineGetContextFromElement(Element element) {
- this._constructionElement = element;
}
/**
@@ -199,4 +177,7 @@ public abstract class SignatureAlgorithmSpi {
*/
protected abstract void engineSetHMACOutputLength(int HMACOutputLength)
throws XMLSignatureException;
+
+ public void reset() {
+ }
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
index 0e89024bf265d7c1e302af34ef0777edc41cf88f..d3495bb567f4ed2402a7876e0ee91b4a22e12f2d 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
@@ -45,7 +45,7 @@ import org.w3c.dom.Text;
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
@@ -74,8 +74,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
public IntegrityHmac() throws XMLSignatureException {
String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
try {
this._macAlgorithm = Mac.getInstance(algorithmID);
@@ -99,6 +99,10 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
throw new XMLSignatureException("empty");
}
+ public void reset() {
+ _HMACOutputLength=0;
+ }
+
/**
* Proxy method for {@link java.security.Signature#verify(byte[])}
* which is executed on the internal {@link java.security.Signature} object.
@@ -145,7 +149,20 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
try {
this._macAlgorithm.init(secretKey);
} catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
+ // reinstantiate Mac object to work around bug in JDK
+ // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+ Mac mac = this._macAlgorithm;
+ try {
+ this._macAlgorithm = Mac.getInstance
+ (_macAlgorithm.getAlgorithm());
+ } catch (Exception e) {
+ // this shouldn't occur, but if it does, restore previous Mac
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Mac:" + e);
+ }
+ this._macAlgorithm = mac;
+ }
+ throw new XMLSignatureException("empty", ex);
}
}
@@ -323,7 +340,7 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
*/
protected String engineGetJCEAlgorithmString() {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
+ log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
return this._macAlgorithm.getAlgorithm();
}
@@ -397,7 +414,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
/**
* Class IntegrityHmacSHA1
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacSHA1 extends IntegrityHmac {
@@ -423,7 +441,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
/**
* Class IntegrityHmacSHA256
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacSHA256 extends IntegrityHmac {
@@ -449,7 +468,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
/**
* Class IntegrityHmacSHA384
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacSHA384 extends IntegrityHmac {
@@ -475,7 +495,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
/**
* Class IntegrityHmacSHA512
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacSHA512 extends IntegrityHmac {
@@ -501,7 +522,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
/**
* Class IntegrityHmacRIPEMD160
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacRIPEMD160 extends IntegrityHmac {
@@ -527,7 +549,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
/**
* Class IntegrityHmacMD5
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacMD5 extends IntegrityHmac {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
index fde23e8fc880ea4014abcc069c4e7304a3962005..ccc01b01c58e644461f42d9b69c2878de613f417 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
@@ -3,7 +3,7 @@
* DO NOT REMOVE OR ALTER!
*/
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2007 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.algorithms.implementations;
-
-
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
@@ -38,329 +36,344 @@ import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi
import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
- /** {@link java.util.logging} logging facility */
+ /** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(SignatureBaseRSA.class.getName());
+ java.util.logging.Logger.getLogger
+ (SignatureBaseRSA.class.getName());
/** @inheritDoc */
- public abstract String engineGetURI();
+ public abstract String engineGetURI();
- /** Field algorithm */
- private java.security.Signature _signatureAlgorithm = null;
+ /** Field algorithm */
+ private java.security.Signature _signatureAlgorithm = null;
- /**
- * Constructor SignatureRSA
- *
- * @throws XMLSignatureException
- */
- public SignatureBaseRSA() throws XMLSignatureException {
+ /**
+ * Constructor SignatureRSA
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureBaseRSA() throws XMLSignatureException {
- String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
+ String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
- String provider=JCEMapper.getProviderId();
- try {
- if (provider==null) {
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Created SignatureRSA using " + algorithmID);
+ String provider=JCEMapper.getProviderId();
+ try {
+ if (provider==null) {
this._signatureAlgorithm = Signature.getInstance(algorithmID);
- } else {
+ } else {
this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
- }
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID,
- ex.getLocalizedMessage() };
+ }
+ } catch (java.security.NoSuchAlgorithmException ex) {
+ Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ } catch (NoSuchProviderException ex) {
+ Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.setParameter(params);
+ } catch (InvalidAlgorithmParameterException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected boolean engineVerify(byte[] signature)
+ throws XMLSignatureException {
+
+ try {
+ return this._signatureAlgorithm.verify(signature);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+
+ if (!(publicKey instanceof PublicKey)) {
+ String supplied = publicKey.getClass().getName();
+ String needed = PublicKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+ } catch (InvalidKeyException ex) {
+ // reinstantiate Signature object to work around bug in JDK
+ // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+ Signature sig = this._signatureAlgorithm;
+ try {
+ this._signatureAlgorithm = Signature.getInstance
+ (_signatureAlgorithm.getAlgorithm());
+ } catch (Exception e) {
+ // this shouldn't occur, but if it does, restore previous
+ // Signature
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+ }
+ this._signatureAlgorithm = sig;
+ }
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected byte[] engineSign() throws XMLSignatureException {
+ try {
+ return this._signatureAlgorithm.sign();
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+ throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign
+ ((PrivateKey) privateKey, secureRandom);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte[] input) throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte input) throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte buf[], int offset, int len)
+ throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(buf, offset, len);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected String engineGetJCEAlgorithmString() {
+ return this._signatureAlgorithm.getAlgorithm();
+ }
+
+ /** @inheritDoc */
+ protected String engineGetJCEProviderName() {
+ return this._signatureAlgorithm.getProvider().getName();
+ }
+
+ /** @inheritDoc */
+ protected void engineSetHMACOutputLength(int HMACOutputLength)
+ throws XMLSignatureException {
+ throw new XMLSignatureException
+ ("algorithms.HMACOutputLengthOnlyForHMAC");
+ }
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- } catch (NoSuchProviderException ex) {
- Object[] exArgs = { algorithmID,
- ex.getLocalizedMessage() };
+ /** @inheritDoc */
+ protected void engineInitSign(
+ Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+ throws XMLSignatureException {
+ throw new XMLSignatureException(
+ "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
+ }
+
+ /**
+ * Class SignatureRSASHA1
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSASHA1 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSASHA1
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA1() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
+ }
+ }
+
+ /**
+ * Class SignatureRSASHA256
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSASHA256 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSASHA256
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA256() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;
+ }
+ }
+
+ /**
+ * Class SignatureRSASHA384
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSASHA384 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSASHA384
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA384() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;
+ }
+ }
+
+ /**
+ * Class SignatureRSASHA512
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSASHA512 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSASHA512
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA512() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;
+ }
+ }
+
+ /**
+ * Class SignatureRSARIPEMD160
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSARIPEMD160
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSARIPEMD160() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160;
+ }
+ }
+
+ /**
+ * Class SignatureRSAMD5
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSAMD5 extends SignatureBaseRSA {
+
+ /**
+ * Constructor SignatureRSAMD5
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSAMD5() throws XMLSignatureException {
+ super();
+ }
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5;
}
- }
-
- /** @inheritDoc */
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.setParameter(params);
- } catch (InvalidAlgorithmParameterException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected boolean engineVerify(byte[] signature)
- throws XMLSignatureException {
-
- try {
- return this._signatureAlgorithm.verify(signature);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
- if (!(publicKey instanceof PublicKey)) {
- String supplied = publicKey.getClass().getName();
- String needed = PublicKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
-
- try {
- this._signatureAlgorithm.initVerify((PublicKey) publicKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected byte[] engineSign() throws XMLSignatureException {
-
- try {
- return this._signatureAlgorithm.sign();
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
- throws XMLSignatureException {
-
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
-
- try {
- this._signatureAlgorithm.initSign((PrivateKey) privateKey,
- secureRandom);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
-
- try {
- this._signatureAlgorithm.initSign((PrivateKey) privateKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte[] input) throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte input) throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte buf[], int offset, int len)
- throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(buf, offset, len);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected String engineGetJCEAlgorithmString() {
- return this._signatureAlgorithm.getAlgorithm();
- }
-
- /** @inheritDoc */
- protected String engineGetJCEProviderName() {
- return this._signatureAlgorithm.getProvider().getName();
- }
-
- /** @inheritDoc */
- protected void engineSetHMACOutputLength(int HMACOutputLength)
- throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
- }
-
- /** @inheritDoc */
- protected void engineInitSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
- throws XMLSignatureException {
- throw new XMLSignatureException(
- "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
- }
-
- /**
- * Class SignatureRSASHA1
- *
- * @author $Author: raul $
- */
- public static class SignatureRSASHA1 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSASHA1
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA1() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
- }
- }
-
- /**
- * Class SignatureRSASHA256
- *
- * @author $Author: raul $
- */
- public static class SignatureRSASHA256 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSASHA256
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA256() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;
- }
- }
-
- /**
- * Class SignatureRSASHA384
- *
- * @author $Author: raul $
- */
- public static class SignatureRSASHA384 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSASHA384
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA384() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;
- }
- }
-
- /**
- * Class SignatureRSASHA512
- *
- * @author $Author: raul $
- */
- public static class SignatureRSASHA512 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSASHA512
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA512() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;
- }
- }
-
- /**
- * Class SignatureRSARIPEMD160
- *
- * @author $Author: raul $
- */
- public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSARIPEMD160
- *
- * @throws XMLSignatureException
- */
- public SignatureRSARIPEMD160() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160;
- }
- }
-
- /**
- * Class SignatureRSAMD5
- *
- * @author $Author: raul $
- */
- public static class SignatureRSAMD5 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSAMD5
- *
- * @throws XMLSignatureException
- */
- public SignatureRSAMD5() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5;
- }
- }
+ }
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java
index 355579b7e5385ee4a97f324d0a8d1436436a4987..615aa436e462358b457b5d002ba8e52f8b4aa096 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.algorithms.implementations;
-
-
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
@@ -39,342 +37,359 @@ import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import com.sun.org.apache.xml.internal.security.utils.Constants;
-
/**
*
- * @author $Author: vishal $
+ * @author $Author: mullan $
*/
public class SignatureDSA extends SignatureAlgorithmSpi {
- /** {@link java.util.logging} logging facility */
+ /** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(SignatureDSA.class.getName());
- /** Field _URI */
- public static final String _URI = Constants.SignatureSpecNS + "dsa-sha1";
-
- /** Field algorithm */
- private java.security.Signature _signatureAlgorithm = null;
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return SignatureDSA._URI;
- }
-
- /**
- * Constructor SignatureDSA
- *
- * @throws XMLSignatureException
- */
- public SignatureDSA() throws XMLSignatureException {
-
- String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA._URI);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
-
- try {
- this._signatureAlgorithm = Signature.getInstance(algorithmID);
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID,
- ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.setParameter(params);
- } catch (InvalidAlgorithmParameterException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected boolean engineVerify(byte[] signature)
+ /** Field _URI */
+ public static final String _URI = Constants.SignatureSpecNS + "dsa-sha1";
+
+ /** Field algorithm */
+ private java.security.Signature _signatureAlgorithm = null;
+
+ /**
+ * Method engineGetURI
+ *
+ * @inheritDoc
+ */
+ protected String engineGetURI() {
+ return SignatureDSA._URI;
+ }
+
+ /**
+ * Constructor SignatureDSA
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureDSA() throws XMLSignatureException {
+
+ String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA._URI);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
+
+ String provider = JCEMapper.getProviderId();
+ try {
+ if (provider == null) {
+ this._signatureAlgorithm = Signature.getInstance(algorithmID);
+ } else {
+ this._signatureAlgorithm =
+ Signature.getInstance(algorithmID, provider);
+ }
+ } catch (java.security.NoSuchAlgorithmException ex) {
+ Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ } catch (java.security.NoSuchProviderException ex) {
+ Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.setParameter(params);
+ } catch (InvalidAlgorithmParameterException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected boolean engineVerify(byte[] signature)
throws XMLSignatureException {
- try {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
-
- byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
-
- return this._signatureAlgorithm.verify(jcebytes);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
- if (!(publicKey instanceof PublicKey)) {
- String supplied = publicKey.getClass().getName();
- String needed = PublicKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
-
- try {
- this._signatureAlgorithm.initVerify((PublicKey) publicKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected byte[] engineSign() throws XMLSignatureException {
-
- try {
- byte jcebytes[] = this._signatureAlgorithm.sign();
-
- return SignatureDSA.convertASN1toXMLDSIG(jcebytes);
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+ try {
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
+
+ byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
+
+ return this._signatureAlgorithm.verify(jcebytes);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (IOException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+
+ if (!(publicKey instanceof PublicKey)) {
+ String supplied = publicKey.getClass().getName();
+ String needed = PublicKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+ } catch (InvalidKeyException ex) {
+ // reinstantiate Signature object to work around bug in JDK
+ // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+ Signature sig = this._signatureAlgorithm;
+ try {
+ this._signatureAlgorithm = Signature.getInstance
+ (_signatureAlgorithm.getAlgorithm());
+ } catch (Exception e) {
+ // this shouldn't occur, but if it does, restore previous
+ // Signature
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+ }
+ this._signatureAlgorithm = sig;
+ }
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected byte[] engineSign() throws XMLSignatureException {
+
+ try {
+ byte jcebytes[] = this._signatureAlgorithm.sign();
+
+ return SignatureDSA.convertASN1toXMLDSIG(jcebytes);
+ } catch (IOException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
- try {
- this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey,
secureRandom);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
-
- try {
- this._signatureAlgorithm.initSign((PrivateKey) privateKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte[] input) throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte input) throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte buf[], int offset, int len)
- throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(buf, offset, len);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Method engineGetJCEAlgorithmString
- *
- * @inheritDoc
- */
- protected String engineGetJCEAlgorithmString() {
- return this._signatureAlgorithm.getAlgorithm();
- }
-
- /**
- * Method engineGetJCEProviderName
- *
- * @inheritDoc
- */
- protected String engineGetJCEProviderName() {
- return this._signatureAlgorithm.getProvider().getName();
- }
-
-
- /**
- * Converts an ASN.1 DSA value to a XML Signature DSA Value.
- *
- * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param asn1Bytes
- * @return the decode bytes
- *
- * @throws IOException
- * @see 6.4.1 DSA
- */
- private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected void engineUpdate(byte[] input) throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected void engineUpdate(byte input) throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * @inheritDoc
+ */
+ protected void engineUpdate(byte buf[], int offset, int len)
+ throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(buf, offset, len);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /**
+ * Method engineGetJCEAlgorithmString
+ *
+ * @inheritDoc
+ */
+ protected String engineGetJCEAlgorithmString() {
+ return this._signatureAlgorithm.getAlgorithm();
+ }
+
+ /**
+ * Method engineGetJCEProviderName
+ *
+ * @inheritDoc
+ */
+ protected String engineGetJCEProviderName() {
+ return this._signatureAlgorithm.getProvider().getName();
+ }
+
+ /**
+ * Converts an ASN.1 DSA value to a XML Signature DSA Value.
+ *
+ * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
+ * pairs; the XML Signature requires the core BigInteger values.
+ *
+ * @param asn1Bytes
+ * @return the decode bytes
+ *
+ * @throws IOException
+ * @see 6.4.1 DSA
+ */
+ private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
throws IOException {
- byte rLength = asn1Bytes[3];
- int i;
+ byte rLength = asn1Bytes[3];
+ int i;
- for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
+ for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
- byte sLength = asn1Bytes[5 + rLength];
- int j;
+ byte sLength = asn1Bytes[5 + rLength];
+ int j;
- for (j = sLength;
+ for (j = sLength;
(j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
- if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
+ if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
|| (asn1Bytes[2] != 2) || (i > 20)
|| (asn1Bytes[4 + rLength] != 2) || (j > 20)) {
- throw new IOException("Invalid ASN.1 format of DSA signature");
- }
- byte xmldsigBytes[] = new byte[40];
+ throw new IOException("Invalid ASN.1 format of DSA signature");
+ }
+ byte xmldsigBytes[] = new byte[40];
- System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i,
+ System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i,
i);
- System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
+ System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
40 - j, j);
- return xmldsigBytes;
- }
-
- /**
- * Converts a XML Signature DSA Value to an ASN.1 DSA value.
- *
- * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param xmldsigBytes
- * @return the encoded ASN.1 bytes
- *
- * @throws IOException
- * @see 6.4.1 DSA
- */
- private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+ return xmldsigBytes;
+ }
+
+ /**
+ * Converts a XML Signature DSA Value to an ASN.1 DSA value.
+ *
+ * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
+ * pairs; the XML Signature requires the core BigInteger values.
+ *
+ * @param xmldsigBytes
+ * @return the encoded ASN.1 bytes
+ *
+ * @throws IOException
+ * @see 6.4.1 DSA
+ */
+ private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
throws IOException {
- if (xmldsigBytes.length != 40) {
- throw new IOException("Invalid XMLDSIG format of DSA signature");
- }
+ if (xmldsigBytes.length != 40) {
+ throw new IOException("Invalid XMLDSIG format of DSA signature");
+ }
- int i;
+ int i;
- for (i = 20; (i > 0) && (xmldsigBytes[20 - i] == 0); i--);
+ for (i = 20; (i > 0) && (xmldsigBytes[20 - i] == 0); i--);
- int j = i;
+ int j = i;
- if (xmldsigBytes[20 - i] < 0) {
+ if (xmldsigBytes[20 - i] < 0) {
j += 1;
- }
-
- int k;
-
- for (k = 20; (k > 0) && (xmldsigBytes[40 - k] == 0); k--);
-
- int l = k;
-
- if (xmldsigBytes[40 - k] < 0) {
- l += 1;
- }
-
- byte asn1Bytes[] = new byte[6 + j + l];
-
- asn1Bytes[0] = 48;
- asn1Bytes[1] = (byte) (4 + j + l);
- asn1Bytes[2] = 2;
- asn1Bytes[3] = (byte) j;
-
- System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
-
- asn1Bytes[4 + j] = 2;
- asn1Bytes[5 + j] = (byte) l;
-
- System.arraycopy(xmldsigBytes, 40 - k, asn1Bytes, (6 + j + l) - k, k);
-
- return asn1Bytes;
- }
-
- /**
- * Method engineSetHMACOutputLength
- *
- * @param HMACOutputLength
- * @throws XMLSignatureException
- */
- protected void engineSetHMACOutputLength(int HMACOutputLength)
- throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
- }
-
- /**
- * Method engineInitSign
- *
- * @param signingKey
- * @param algorithmParameterSpec
- * @throws XMLSignatureException
- */
- protected void engineInitSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
- throws XMLSignatureException {
- throw new XMLSignatureException(
- "algorithms.CannotUseAlgorithmParameterSpecOnDSA");
- }
+ }
+
+ int k;
+
+ for (k = 20; (k > 0) && (xmldsigBytes[40 - k] == 0); k--);
+
+ int l = k;
+
+ if (xmldsigBytes[40 - k] < 0) {
+ l += 1;
+ }
+
+ byte asn1Bytes[] = new byte[6 + j + l];
+
+ asn1Bytes[0] = 48;
+ asn1Bytes[1] = (byte) (4 + j + l);
+ asn1Bytes[2] = 2;
+ asn1Bytes[3] = (byte) j;
+
+ System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
+
+ asn1Bytes[4 + j] = 2;
+ asn1Bytes[5 + j] = (byte) l;
+
+ System.arraycopy(xmldsigBytes, 40 - k, asn1Bytes, (6 + j + l) - k, k);
+
+ return asn1Bytes;
+ }
+
+ /**
+ * Method engineSetHMACOutputLength
+ *
+ * @param HMACOutputLength
+ * @throws XMLSignatureException
+ */
+ protected void engineSetHMACOutputLength(int HMACOutputLength)
+ throws XMLSignatureException {
+ throw new XMLSignatureException(
+ "algorithms.HMACOutputLengthOnlyForHMAC");
+ }
+
+ /**
+ * Method engineInitSign
+ *
+ * @param signingKey
+ * @param algorithmParameterSpec
+ * @throws XMLSignatureException
+ */
+ protected void engineInitSign(
+ Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+ throws XMLSignatureException {
+ throw new XMLSignatureException(
+ "algorithms.CannotUseAlgorithmParameterSpecOnDSA");
+ }
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
new file mode 100644
index 0000000000000000000000000000000000000000..18fdffe28fb5533db2fbef538505501d98983141
--- /dev/null
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
@@ -0,0 +1,384 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/*
+ * Copyright 1999-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package com.sun.org.apache.xml.internal.security.algorithms.implementations;
+
+
+
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.AlgorithmParameterSpec;
+
+import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
+import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
+import com.sun.org.apache.xml.internal.security.utils.Base64;
+
+
+/**
+ *
+ * @author $Author: mullan $
+ */
+public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
+
+ /** {@link java.util.logging} logging facility */
+ static java.util.logging.Logger log =
+ java.util.logging.Logger.getLogger(SignatureECDSA.class.getName());
+
+ /** @inheritDoc */
+ public abstract String engineGetURI();
+
+ /** Field algorithm */
+ private java.security.Signature _signatureAlgorithm = null;
+
+ /**
+ * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
+ *
+ * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+ * pairs; the XML Signature requires the core BigInteger values.
+ *
+ * @param asn1Bytes
+ * @return the decode bytes
+ *
+ * @throws IOException
+ * @see 6.4.1 DSA
+ * @see 3.3. ECDSA Signatures
+ */
+ private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+ throws IOException {
+
+ byte rLength = asn1Bytes[3];
+ int i;
+
+ for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
+
+ byte sLength = asn1Bytes[5 + rLength];
+ int j;
+
+ for (j = sLength;
+ (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
+
+ if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
+ || (asn1Bytes[2] != 2) || (i > 24)
+ || (asn1Bytes[4 + rLength] != 2) || (j > 24)) {
+ throw new IOException("Invalid ASN.1 format of ECDSA signature");
+ }
+ byte xmldsigBytes[] = new byte[48];
+
+ System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 24 - i,
+ i);
+ System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
+ 48 - j, j);
+
+ return xmldsigBytes;
+ }
+
+ /**
+ * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
+ *
+ * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+ * pairs; the XML Signature requires the core BigInteger values.
+ *
+ * @param xmldsigBytes
+ * @return the encoded ASN.1 bytes
+ *
+ * @throws IOException
+ * @see 6.4.1 DSA
+ * @see 3.3. ECDSA Signatures
+ */
+ private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+ throws IOException {
+
+ if (xmldsigBytes.length != 48) {
+ throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+ }
+
+ int i;
+
+ for (i = 24; (i > 0) && (xmldsigBytes[24 - i] == 0); i--);
+
+ int j = i;
+
+ if (xmldsigBytes[24 - i] < 0) {
+ j += 1;
+ }
+
+ int k;
+
+ for (k = 24; (k > 0) && (xmldsigBytes[48 - k] == 0); k--);
+
+ int l = k;
+
+ if (xmldsigBytes[48 - k] < 0) {
+ l += 1;
+ }
+
+ byte asn1Bytes[] = new byte[6 + j + l];
+
+ asn1Bytes[0] = 48;
+ asn1Bytes[1] = (byte) (4 + j + l);
+ asn1Bytes[2] = 2;
+ asn1Bytes[3] = (byte) j;
+
+ System.arraycopy(xmldsigBytes, 24 - i, asn1Bytes, (4 + j) - i, i);
+
+ asn1Bytes[4 + j] = 2;
+ asn1Bytes[5 + j] = (byte) l;
+
+ System.arraycopy(xmldsigBytes, 48 - k, asn1Bytes, (6 + j + l) - k, k);
+
+ return asn1Bytes;
+ }
+
+ /**
+ * Constructor SignatureRSA
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSA() throws XMLSignatureException {
+
+ String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
+
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Created SignatureECDSA using " + algorithmID);
+ String provider=JCEMapper.getProviderId();
+ try {
+ if (provider==null) {
+ this._signatureAlgorithm = Signature.getInstance(algorithmID);
+ } else {
+ this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+ }
+ } catch (java.security.NoSuchAlgorithmException ex) {
+ Object[] exArgs = { algorithmID,
+ ex.getLocalizedMessage() };
+
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ } catch (NoSuchProviderException ex) {
+ Object[] exArgs = { algorithmID,
+ ex.getLocalizedMessage() };
+
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.setParameter(params);
+ } catch (InvalidAlgorithmParameterException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected boolean engineVerify(byte[] signature)
+ throws XMLSignatureException {
+
+ try {
+ byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
+
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Called ECDSA.verify() on " + Base64.encode(signature));
+
+ return this._signatureAlgorithm.verify(jcebytes);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (IOException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+
+ if (!(publicKey instanceof PublicKey)) {
+ String supplied = publicKey.getClass().getName();
+ String needed = PublicKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+ exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+ } catch (InvalidKeyException ex) {
+ // reinstantiate Signature object to work around bug in JDK
+ // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+ Signature sig = this._signatureAlgorithm;
+ try {
+ this._signatureAlgorithm = Signature.getInstance
+ (_signatureAlgorithm.getAlgorithm());
+ } catch (Exception e) {
+ // this shouldn't occur, but if it does, restore previous
+ // Signature
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+ }
+ this._signatureAlgorithm = sig;
+ }
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected byte[] engineSign() throws XMLSignatureException {
+
+ try {
+ byte jcebytes[] = this._signatureAlgorithm.sign();
+
+ return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (IOException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+ throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+ exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+ secureRandom);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+ exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte[] input) throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte input) throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte buf[], int offset, int len)
+ throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.update(buf, offset, len);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected String engineGetJCEAlgorithmString() {
+ return this._signatureAlgorithm.getAlgorithm();
+ }
+
+ /** @inheritDoc */
+ protected String engineGetJCEProviderName() {
+ return this._signatureAlgorithm.getProvider().getName();
+ }
+
+ /** @inheritDoc */
+ protected void engineSetHMACOutputLength(int HMACOutputLength)
+ throws XMLSignatureException {
+ throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(
+ Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+ throws XMLSignatureException {
+ throw new XMLSignatureException(
+ "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
+ }
+
+ /**
+ * Class SignatureRSASHA1
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.2 $
+ */
+ public static class SignatureECDSASHA1 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureRSASHA1
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA1() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
+ }
+ }
+
+}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java
index 732334c36562e12bd133eb2c1ed50e972a1f8e8e..36c98cfe7900fa70a430ac01ca123e17f6962610 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
index eb7cb6cad0103150cfa2382588a2ffc6da1f556b..a4181233d6029ceaa3fb52b84574be5d5535b274 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
@@ -3,7 +3,7 @@
* DO NOT REMOVE OR ALTER!
*/
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2008 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.c14n;
-
-
import java.io.ByteArrayInputStream;
import java.io.OutputStream;
import java.util.HashMap;
@@ -37,318 +35,326 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
-
/**
- *
*
* @author Christian Geuer-Pollmann
*/
public class Canonicalizer {
- //J-
- /** The output encoding of canonicalized data */
- public static final String ENCODING = "UTF8";
+ /** The output encoding of canonicalized data */
+ public static final String ENCODING = "UTF8";
+
+ /**
+ * XPath Expresion for selecting every node and continuous comments joined
+ * in only one node
+ */
+ public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE =
+ "(.//. | .//@* | .//namespace::*)";
+
+ /**
+ * The URL defined in XML-SEC Rec for inclusive c14n without comments.
+ */
+ public static final String ALGO_ID_C14N_OMIT_COMMENTS =
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+ /**
+ * The URL defined in XML-SEC Rec for inclusive c14n with comments.
+ */
+ public static final String ALGO_ID_C14N_WITH_COMMENTS =
+ ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
+ /**
+ * The URL defined in XML-SEC Rec for exclusive c14n without comments.
+ */
+ public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS =
+ "http://www.w3.org/2001/10/xml-exc-c14n#";
+ /**
+ * The URL defined in XML-SEC Rec for exclusive c14n with comments.
+ */
+ public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS =
+ ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
+ /**
+ * The URI for inclusive c14n 1.1 without comments.
+ */
+ public static final String ALGO_ID_C14N11_OMIT_COMMENTS =
+ "http://www.w3.org/2006/12/xml-c14n11";
+ /**
+ * The URI for inclusive c14n 1.1 with comments.
+ */
+ public static final String ALGO_ID_C14N11_WITH_COMMENTS =
+ ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments";
+
+ static boolean _alreadyInitialized = false;
+ static Map _canonicalizerHash = null;
+ protected CanonicalizerSpi canonicalizerSpi = null;
- /**
- * XPath Expresion for selecting every node and continuos comments joined in only one node
+ /**
+ * Method init
+ *
*/
- public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE = "(.//. | .//@* | .//namespace::*)";
+ public static void init() {
+ if (!Canonicalizer._alreadyInitialized) {
+ Canonicalizer._canonicalizerHash = new HashMap(10);
+ Canonicalizer._alreadyInitialized = true;
+ }
+ }
- /**
- * The URL defined in XML-SEC Rec for inclusive c14n without comments.
+ /**
+ * Constructor Canonicalizer
+ *
+ * @param algorithmURI
+ * @throws InvalidCanonicalizerException
*/
- public static final String ALGO_ID_C14N_OMIT_COMMENTS = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
- /**
- * The URL defined in XML-SEC Rec for inclusive c14n with comments.
- */
- public static final String ALGO_ID_C14N_WITH_COMMENTS = ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
- /**
- * The URL defined in XML-SEC Rec for exclusive c14n without comments.
- */
- public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS = "http://www.w3.org/2001/10/xml-exc-c14n#";
- /**
- * The URL defined in XML-SEC Rec for exclusive c14n with comments.
- */
- public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS = ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
-
- static boolean _alreadyInitialized = false;
- static Map _canonicalizerHash = null;
-
- protected CanonicalizerSpi canonicalizerSpi = null;
- //J+
-
- /**
- * Method init
- *
- */
- public static void init() {
-
- if (!Canonicalizer._alreadyInitialized) {
- Canonicalizer._canonicalizerHash = new HashMap(10);
- Canonicalizer._alreadyInitialized = true;
- }
- }
-
- /**
- * Constructor Canonicalizer
- *
- * @param algorithmURI
- * @throws InvalidCanonicalizerException
- */
- private Canonicalizer(String algorithmURI)
+ private Canonicalizer(String algorithmURI)
throws InvalidCanonicalizerException {
- try {
- Class implementingClass = getImplementingClass(algorithmURI);
-
- this.canonicalizerSpi =
- (CanonicalizerSpi) implementingClass.newInstance();
- this.canonicalizerSpi.reset=true;
- } catch (Exception e) {
- Object exArgs[] = { algorithmURI };
-
- throw new InvalidCanonicalizerException(
- "signature.Canonicalizer.UnknownCanonicalizer", exArgs);
- }
- }
-
- /**
- * Method getInstance
- *
- * @param algorithmURI
- * @return a Conicicalizer instance ready for the job
- * @throws InvalidCanonicalizerException
- */
- public static final Canonicalizer getInstance(String algorithmURI)
+ try {
+ Class implementingClass = getImplementingClass(algorithmURI);
+
+ this.canonicalizerSpi =
+ (CanonicalizerSpi) implementingClass.newInstance();
+ this.canonicalizerSpi.reset=true;
+ } catch (Exception e) {
+ Object exArgs[] = { algorithmURI };
+
+ throw new InvalidCanonicalizerException(
+ "signature.Canonicalizer.UnknownCanonicalizer", exArgs);
+ }
+ }
+
+ /**
+ * Method getInstance
+ *
+ * @param algorithmURI
+ * @return a Conicicalizer instance ready for the job
+ * @throws InvalidCanonicalizerException
+ */
+ public static final Canonicalizer getInstance(String algorithmURI)
throws InvalidCanonicalizerException {
- Canonicalizer c14nizer = new Canonicalizer(algorithmURI);
+ Canonicalizer c14nizer = new Canonicalizer(algorithmURI);
- return c14nizer;
- }
+ return c14nizer;
+ }
- /**
- * Method register
- *
- * @param algorithmURI
- * @param implementingClass
- * @throws AlgorithmAlreadyRegisteredException
- */
- public static void register(String algorithmURI, String implementingClass)
+ /**
+ * Method register
+ *
+ * @param algorithmURI
+ * @param implementingClass
+ * @throws AlgorithmAlreadyRegisteredException
+ */
+ public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException {
- // check whether URI is already registered
- Class registeredClass = getImplementingClass(algorithmURI);
+ // check whether URI is already registered
+ Class registeredClass = getImplementingClass(algorithmURI);
- if (registeredClass != null) {
- Object exArgs[] = { algorithmURI, registeredClass };
+ if (registeredClass != null) {
+ Object exArgs[] = { algorithmURI, registeredClass };
- throw new AlgorithmAlreadyRegisteredException(
- "algorithm.alreadyRegistered", exArgs);
- }
+ throw new AlgorithmAlreadyRegisteredException(
+ "algorithm.alreadyRegistered", exArgs);
+ }
- try {
- _canonicalizerHash.put(algorithmURI, Class.forName(implementingClass));
+ try {
+ _canonicalizerHash.put(algorithmURI, Class.forName(implementingClass));
} catch (ClassNotFoundException e) {
- throw new RuntimeException("c14n class not found");
+ throw new RuntimeException("c14n class not found");
}
- }
-
- /**
- * Method getURI
- *
- * @return the URI defined for this c14n instance.
- */
- public final String getURI() {
- return this.canonicalizerSpi.engineGetURI();
- }
-
- /**
- * Method getIncludeComments
- *
- * @return true if the c14n respect the comments.
- */
- public boolean getIncludeComments() {
- return this.canonicalizerSpi.engineGetIncludeComments();
- }
-
- /**
- * This method tries to canonicalize the given bytes. It's possible to even
- * canonicalize non-wellformed sequences if they are well-formed after being
- * wrapped with a >a<...>/a<.
- *
- * @param inputBytes
- * @return the result of the conicalization.
- * @throws CanonicalizationException
- * @throws java.io.IOException
- * @throws javax.xml.parsers.ParserConfigurationException
- * @throws org.xml.sax.SAXException
- */
- public byte[] canonicalize(byte[] inputBytes)
+ }
+
+ /**
+ * Method getURI
+ *
+ * @return the URI defined for this c14n instance.
+ */
+ public final String getURI() {
+ return this.canonicalizerSpi.engineGetURI();
+ }
+
+ /**
+ * Method getIncludeComments
+ *
+ * @return true if the c14n respect the comments.
+ */
+ public boolean getIncludeComments() {
+ return this.canonicalizerSpi.engineGetIncludeComments();
+ }
+
+ /**
+ * This method tries to canonicalize the given bytes. It's possible to even
+ * canonicalize non-wellformed sequences if they are well-formed after being
+ * wrapped with a >a<...>/a<.
+ *
+ * @param inputBytes
+ * @return the result of the conicalization.
+ * @throws CanonicalizationException
+ * @throws java.io.IOException
+ * @throws javax.xml.parsers.ParserConfigurationException
+ * @throws org.xml.sax.SAXException
+ */
+ public byte[] canonicalize(byte[] inputBytes)
throws javax.xml.parsers.ParserConfigurationException,
java.io.IOException, org.xml.sax.SAXException,
CanonicalizationException {
- ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
- InputSource in = new InputSource(bais);
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
-
- dfactory.setNamespaceAware(true);
-
- // needs to validate for ID attribute nomalization
- dfactory.setValidating(true);
-
- DocumentBuilder db = dfactory.newDocumentBuilder();
-
- /*
- * for some of the test vectors from the specification,
- * there has to be a validatin parser for ID attributes, default
- * attribute values, NMTOKENS, etc.
- * Unfortunaltely, the test vectors do use different DTDs or
- * even no DTD. So Xerces 1.3.1 fires many warnings about using
- * ErrorHandlers.
- *
- * Text from the spec:
- *
- * The input octet stream MUST contain a well-formed XML document,
- * but the input need not be validated. However, the attribute
- * value normalization and entity reference resolution MUST be
- * performed in accordance with the behaviors of a validating
- * XML processor. As well, nodes for default attributes (declared
- * in the ATTLIST with an AttValue but not specified) are created
- * in each element. Thus, the declarations in the document type
- * declaration are used to help create the canonical form, even
- * though the document type declaration is not retained in the
- * canonical form.
- *
- */
- db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils
- .IgnoreAllErrorHandler());
-
- Document document = db.parse(in);
- byte result[] = this.canonicalizeSubtree(document);
-
- return result;
- }
-
- /**
- * Canonicalizes the subtree rooted by node.
- *
- * @param node The node to canicalize
- * @return the result of the c14n.
- *
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeSubtree(Node node)
+ ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
+ InputSource in = new InputSource(bais);
+ DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
+
+ dfactory.setNamespaceAware(true);
+
+ // needs to validate for ID attribute nomalization
+ dfactory.setValidating(true);
+
+ DocumentBuilder db = dfactory.newDocumentBuilder();
+
+ /*
+ * for some of the test vectors from the specification,
+ * there has to be a validatin parser for ID attributes, default
+ * attribute values, NMTOKENS, etc.
+ * Unfortunaltely, the test vectors do use different DTDs or
+ * even no DTD. So Xerces 1.3.1 fires many warnings about using
+ * ErrorHandlers.
+ *
+ * Text from the spec:
+ *
+ * The input octet stream MUST contain a well-formed XML document,
+ * but the input need not be validated. However, the attribute
+ * value normalization and entity reference resolution MUST be
+ * performed in accordance with the behaviors of a validating
+ * XML processor. As well, nodes for default attributes (declared
+ * in the ATTLIST with an AttValue but not specified) are created
+ * in each element. Thus, the declarations in the document type
+ * declaration are used to help create the canonical form, even
+ * though the document type declaration is not retained in the
+ * canonical form.
+ *
+ */
+ db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils
+ .IgnoreAllErrorHandler());
+
+ Document document = db.parse(in);
+ byte result[] = this.canonicalizeSubtree(document);
+
+ return result;
+ }
+
+ /**
+ * Canonicalizes the subtree rooted by node.
+ *
+ * @param node The node to canicalize
+ * @return the result of the c14n.
+ *
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeSubtree(Node node)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeSubTree(node);
- }
-
- /**
- * Canonicalizes the subtree rooted by node.
- *
- * @param node
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
+ return this.canonicalizerSpi.engineCanonicalizeSubTree(node);
+ }
+
+ /**
+ * Canonicalizes the subtree rooted by node.
+ *
+ * @param node
+ * @param inclusiveNamespaces
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeSubTree(node,
+ return this.canonicalizerSpi.engineCanonicalizeSubTree(node,
inclusiveNamespaces);
- }
-
- /**
- * Canonicalizes an XPath node set. The xpathNodeSet is treated
- * as a list of XPath nodes, not as a list of subtrees.
- *
- * @param xpathNodeSet
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
+ }
+
+ /**
+ * Canonicalizes an XPath node set. The xpathNodeSet is treated
+ * as a list of XPath nodes, not as a list of subtrees.
+ *
+ * @param xpathNodeSet
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
- }
-
- /**
- * Canonicalizes an XPath node set. The xpathNodeSet is treated
- * as a list of XPath nodes, not as a list of subtrees.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(
+ return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
+ }
+
+ /**
+ * Canonicalizes an XPath node set. The xpathNodeSet is treated
+ * as a list of XPath nodes, not as a list of subtrees.
+ *
+ * @param xpathNodeSet
+ * @param inclusiveNamespaces
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeXPathNodeSet(
NodeList xpathNodeSet, String inclusiveNamespaces)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
+ return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
inclusiveNamespaces);
- }
-
- /**
- * Canonicalizes an XPath node set.
- *
- * @param xpathNodeSet
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet)
+ }
+
+ /**
+ * Canonicalizes an XPath node set.
+ *
+ * @param xpathNodeSet
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
- }
-
- /**
- * Canonicalizes an XPath node set.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(
- Set xpathNodeSet, String inclusiveNamespaces)
- throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
- inclusiveNamespaces);
- }
-
- /**
- * Sets the writter where the cannocalization ends. ByteArrayOutputStream if
- * none is setted.
- * @param os
- */
- public void setWriter(OutputStream os) {
- this.canonicalizerSpi.setWriter(os);
- }
-
- /**
- * Returns the name of the implementing {@link CanonicalizerSpi} class
- *
- * @return the name of the implementing {@link CanonicalizerSpi} class
- */
- public String getImplementingCanonicalizerClass() {
- return this.canonicalizerSpi.getClass().getName();
- }
-
- /**
- * Method getImplementingClass
- *
- * @param URI
- * @return the name of the class that implements the give URI
- */
- private static Class getImplementingClass(String URI) {
- return (Class) _canonicalizerHash.get(URI);
- }
-
- /**
- * Set the canonicalizator behaviour to not reset.
- *
- */
- public void notReset() {
- this.canonicalizerSpi.reset=false;
- }
+ return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
+ }
+
+ /**
+ * Canonicalizes an XPath node set.
+ *
+ * @param xpathNodeSet
+ * @param inclusiveNamespaces
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet,
+ String inclusiveNamespaces) throws CanonicalizationException {
+ return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
+ inclusiveNamespaces);
+ }
+
+ /**
+ * Sets the writer where the canonicalization ends. ByteArrayOutputStream
+ * if none is set.
+ * @param os
+ */
+ public void setWriter(OutputStream os) {
+ this.canonicalizerSpi.setWriter(os);
+ }
+
+ /**
+ * Returns the name of the implementing {@link CanonicalizerSpi} class
+ *
+ * @return the name of the implementing {@link CanonicalizerSpi} class
+ */
+ public String getImplementingCanonicalizerClass() {
+ return this.canonicalizerSpi.getClass().getName();
+ }
+
+ /**
+ * Method getImplementingClass
+ *
+ * @param URI
+ * @return the name of the class that implements the given URI
+ */
+ private static Class getImplementingClass(String URI) {
+ return (Class) _canonicalizerHash.get(URI);
+ }
+
+ /**
+ * Set the canonicalizer behaviour to not reset.
+ */
+ public void notReset() {
+ this.canonicalizerSpi.reset = false;
+ }
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java
index 8af3ed88050382964bdf23e08cb4b091549a9d8f..9fb1531b7e910fa002e3373c8aec289c38d4df35 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java
index 46fdc660338e01752ad1fbe93dbe5b147298e0e7..802abda2862d10a033e43d2541c4f123ad623693 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -21,17 +20,17 @@
*/
package com.sun.org.apache.xml.internal.security.c14n.helper;
-
-
import com.sun.org.apache.xml.internal.security.utils.Constants;
import org.w3c.dom.Attr;
-
+import java.io.Serializable;
+import java.util.Comparator;
/**
* Compares two attributes based on the C14n specification.
*
* &<"#x9, #xA, and #xD, with character
- * references. The character references are written in uppercase
- * hexadecimal with no leading zeroes (for example, #xD is represented
- * by the character reference 
)&<"#x9, #xA, and #xD, with character
+ * references. The character references are written in uppercase
+ * hexadecimal with no leading zeroes (for example, #xD is represented
+ * by the character reference 
)XMLCipher that implements the specified
+ * transformation, operates on the specified context document and serializes
+ * the document with the specified canonicalization algorithm before it
+ * encrypts the document.
+ *
+ *
+ * @param transformation the name of the transformation, e.g.,
+ * XMLCipher.TRIPLEDES which is
+ * shorthand for
+ * "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
+ * @param canon the name of the c14n algorithm, if
+ * null use standard serializer
+ * @return
+ * @throws XMLEncryptionException
+ */
+
+ public static XMLCipher getInstance(String transformation, String canon)
+ throws XMLEncryptionException {
+ XMLCipher instance = XMLCipher.getInstance(transformation);
+
+ if (canon != null) {
+ try {
+ instance._canon = Canonicalizer.getInstance(canon);
+ } catch (InvalidCanonicalizerException ice) {
+ throw new XMLEncryptionException("empty", ice);
+ }
+ }
+
+ return instance;
+ }
+
+ public static XMLCipher getInstance(String transformation,Cipher cipher) throws XMLEncryptionException {
// sanity checks
logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
if (null == transformation)
@@ -321,8 +354,8 @@ public class XMLCipher {
instance._kek = null;
- /* Create a canonicaliser - used when serialising DOM to octets
- * prior to encryption (and for the reverse) */
+ /* Create a canonicaliser - used when serialising DOM to octets
+ * prior to encryption (and for the reverse) */
try {
instance._canon = Canonicalizer.getInstance
@@ -346,41 +379,6 @@ public class XMLCipher {
return (instance);
}
-
-
- /**
- * Returns an XMLCipher that implements the specified
- * transformation, operates on the specified context document and serializes
- * the document with the specified canonicalization algorithm before it
- * encrypts the document.
- *
- *
- * @param transformation the name of the transformation, e.g.,
- * XMLCipher.TRIPLEDES which is
- * shorthand for
- * "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
- * @param canon the name of the c14n algorithm, if
- * null use standard serializer
- * @return
- * @throws XMLEncryptionException
- */
-
- public static XMLCipher getInstance(String transformation, String canon)
- throws XMLEncryptionException {
- XMLCipher instance = XMLCipher.getInstance(transformation);
-
- if (canon != null) {
- try {
- instance._canon = Canonicalizer.getInstance(canon);
- } catch (InvalidCanonicalizerException ice) {
- throw new XMLEncryptionException("empty", ice);
- }
- }
-
- return instance;
- }
-
-
/**
* Returns an XMLCipher that implements the specified
* transformation and operates on the specified context document.
@@ -396,7 +394,7 @@ public class XMLCipher {
public static XMLCipher getProviderInstance(String transformation, String provider)
throws XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
+ logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
if (null == transformation)
logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
if(null == provider)
@@ -429,9 +427,9 @@ public class XMLCipher {
instance._contextCipher = Cipher.getInstance(jceAlgorithm, provider);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "cipher._algorithm = " +
+ logger.log(java.util.logging.Level.FINE, "cipher._algorithm = " +
instance._contextCipher.getAlgorithm());
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "provider.name = " + provider);
+ logger.log(java.util.logging.Level.FINE, "provider.name = " + provider);
} catch (NoSuchAlgorithmException nsae) {
throw new XMLEncryptionException("empty", nsae);
} catch (NoSuchProviderException nspre) {
@@ -490,7 +488,7 @@ public class XMLCipher {
public static XMLCipher getInstance()
throws XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Getting XMLCipher for no transformation...");
+ logger.log(java.util.logging.Level.FINE, "Getting XMLCipher for no transformation...");
XMLCipher instance = new XMLCipher();
@@ -532,7 +530,7 @@ public class XMLCipher {
throws XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Getting XMLCipher, provider but no transformation");
+ logger.log(java.util.logging.Level.FINE, "Getting XMLCipher, provider but no transformation");
if(null == provider)
logger.log(java.util.logging.Level.SEVERE, "Provider unexpectedly null..");
if("" == provider)
@@ -578,7 +576,7 @@ public class XMLCipher {
*/
public void init(int opmode, Key key) throws XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Initializing XMLCipher...");
+ logger.log(java.util.logging.Level.FINE, "Initializing XMLCipher...");
_ek = null;
_ed = null;
@@ -586,18 +584,18 @@ public class XMLCipher {
switch (opmode) {
case ENCRYPT_MODE :
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "opmode = ENCRYPT_MODE");
+ logger.log(java.util.logging.Level.FINE, "opmode = ENCRYPT_MODE");
_ed = createEncryptedData(CipherData.VALUE_TYPE, "NO VALUE YET");
break;
case DECRYPT_MODE :
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "opmode = DECRYPT_MODE");
+ logger.log(java.util.logging.Level.FINE, "opmode = DECRYPT_MODE");
break;
case WRAP_MODE :
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "opmode = WRAP_MODE");
+ logger.log(java.util.logging.Level.FINE, "opmode = WRAP_MODE");
_ek = createEncryptedKey(CipherData.VALUE_TYPE, "NO VALUE YET");
break;
case UNWRAP_MODE :
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "opmode = UNWRAP_MODE");
+ logger.log(java.util.logging.Level.FINE, "opmode = UNWRAP_MODE");
break;
default :
logger.log(java.util.logging.Level.SEVERE, "Mode unexpectedly invalid");
@@ -622,7 +620,7 @@ public class XMLCipher {
public EncryptedData getEncryptedData() {
// Sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Returning EncryptedData");
+ logger.log(java.util.logging.Level.FINE, "Returning EncryptedData");
return _ed;
}
@@ -640,7 +638,7 @@ public class XMLCipher {
public EncryptedKey getEncryptedKey() {
// Sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Returning EncryptedKey");
+ logger.log(java.util.logging.Level.FINE, "Returning EncryptedKey");
return _ek;
}
@@ -750,11 +748,11 @@ public class XMLCipher {
*/
private Document encryptElement(Element element) throws Exception{
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypting element...");
+ logger.log(java.util.logging.Level.FINE, "Encrypting element...");
if(null == element)
logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
if(_cipherMode != ENCRYPT_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
if (_algorithm == null) {
throw new XMLEncryptionException("XMLCipher instance without transformation specified");
@@ -785,11 +783,11 @@ public class XMLCipher {
*/
private Document encryptElementContent(Element element) throws
/* XMLEncryption */Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypting element content...");
+ logger.log(java.util.logging.Level.FINE, "Encrypting element content...");
if(null == element)
logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
if(_cipherMode != ENCRYPT_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
if (_algorithm == null) {
throw new XMLEncryptionException("XMLCipher instance without transformation specified");
@@ -815,7 +813,7 @@ public class XMLCipher {
*/
public Document doFinal(Document context, Document source) throws
/* XMLEncryption */Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Processing source document...");
+ logger.log(java.util.logging.Level.FINE, "Processing source document...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == source)
@@ -855,7 +853,7 @@ public class XMLCipher {
*/
public Document doFinal(Document context, Element element) throws
/* XMLEncryption */Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Processing source element...");
+ logger.log(java.util.logging.Level.FINE, "Processing source element...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == element)
@@ -898,7 +896,7 @@ public class XMLCipher {
*/
public Document doFinal(Document context, Element element, boolean content)
throws /* XMLEncryption*/ Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Processing source element...");
+ logger.log(java.util.logging.Level.FINE, "Processing source element...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == element)
@@ -952,6 +950,34 @@ public class XMLCipher {
return encryptData(context, element, false);
}
+ /**
+ * Returns an EncryptedData interface. Use this operation if
+ * you want to have full control over the serialization of the element
+ * or element content.
+ *
+ * This does not change the source document in any way.
+ *
+ * @param context the context Document.
+ * @param type a URI identifying type information about the plaintext form
+ * of the encrypted content (may be null)
+ * @param serializedData the serialized data
+ * @return the EncryptedData
+ * @throws Exception
+ */
+ public EncryptedData encryptData(Document context, String type,
+ InputStream serializedData) throws Exception {
+
+ logger.log(java.util.logging.Level.FINE, "Encrypting element...");
+ if (null == context)
+ logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
+ if (null == serializedData)
+ logger.log(java.util.logging.Level.SEVERE, "Serialized data unexpectedly null...");
+ if (_cipherMode != ENCRYPT_MODE)
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+
+ return encryptData(context, null, type, serializedData);
+ }
+
/**
* Returns an EncryptedData interface. Use this operation if
* you want to have full control over the contents of the
@@ -966,160 +992,60 @@ public class XMLCipher {
* @return the EncryptedData
* @throws Exception
*/
- public EncryptedData encryptData(Document context, Element element, boolean contentMode) throws
- /* XMLEncryption */ Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypting element...");
- if (null == context)
- logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
- if (null == element)
- logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
- if (_cipherMode != ENCRYPT_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+ public EncryptedData encryptData(
+ Document context, Element element, boolean contentMode)
+ throws /* XMLEncryption */ Exception {
- _contextDocument = context;
-
- if (_algorithm == null) {
- throw new XMLEncryptionException("XMLCipher instance without transformation specified");
- }
-
- String serializedOctets = null;
- if (contentMode) {
- NodeList children = element.getChildNodes();
- if ((null != children)) {
- serializedOctets = _serializer.serialize(children);
- } else {
- Object exArgs[] = { "Element has no content." };
- throw new XMLEncryptionException("empty", exArgs);
- }
- } else {
- serializedOctets = _serializer.serialize(element);
- }
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Serialized octets:\n" + serializedOctets);
-
- byte[] encryptedBytes = null;
-
- // Now create the working cipher if none was created already
- Cipher c;
- if (_contextCipher == null) {
- String jceAlgorithm =
- JCEMapper.translateURItoJCEID(_algorithm);
-
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
-
- try {
- if (_requestedJCEProvider == null)
- c = Cipher.getInstance(jceAlgorithm);
- else
- c = Cipher.getInstance(jceAlgorithm, _requestedJCEProvider);
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLEncryptionException("empty", nsae);
- } catch (NoSuchProviderException nspre) {
- throw new XMLEncryptionException("empty", nspre);
- } catch (NoSuchPaddingException nspae) {
- throw new XMLEncryptionException("empty", nspae);
- }
- }
- else {
- c = _contextCipher;
- }
- // Now perform the encryption
-
- try {
- // Should internally generate an IV
- // todo - allow user to set an IV
- c.init(_cipherMode, _key);
- } catch (InvalidKeyException ike) {
- throw new XMLEncryptionException("empty", ike);
- }
-
- try {
- encryptedBytes =
- c.doFinal(serializedOctets.getBytes("UTF-8"));
-
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
- Integer.toString(c.getOutputSize(
- serializedOctets.getBytes().length)));
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Actual cipher.outputSize = " +
- Integer.toString(encryptedBytes.length));
- } catch (IllegalStateException ise) {
- throw new XMLEncryptionException("empty", ise);
- } catch (IllegalBlockSizeException ibse) {
- throw new XMLEncryptionException("empty", ibse);
- } catch (BadPaddingException bpe) {
- throw new XMLEncryptionException("empty", bpe);
- } catch (UnsupportedEncodingException uee) {
- throw new XMLEncryptionException("empty", uee);
- }
-
- // Now build up to a properly XML Encryption encoded octet stream
- // IvParameterSpec iv;
-
- byte[] iv = c.getIV();
- byte[] finalEncryptedBytes =
- new byte[iv.length + encryptedBytes.length];
- System.arraycopy(iv, 0, finalEncryptedBytes, 0,
- iv.length);
- System.arraycopy(encryptedBytes, 0, finalEncryptedBytes,
- iv.length,
- encryptedBytes.length);
-
- String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);
-
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted octets length = " +
- base64EncodedEncryptedOctets.length());
-
- try {
- CipherData cd = _ed.getCipherData();
- CipherValue cv = cd.getCipherValue();
- // cv.setValue(base64EncodedEncryptedOctets.getBytes());
- cv.setValue(base64EncodedEncryptedOctets);
-
- if (contentMode) {
- _ed.setType(
- new URI(EncryptionConstants.TYPE_CONTENT).toString());
- } else {
- _ed.setType(
- new URI(EncryptionConstants.TYPE_ELEMENT).toString());
- }
- EncryptionMethod method =
- _factory.newEncryptionMethod(new URI(_algorithm).toString());
- _ed.setEncryptionMethod(method);
- } catch (URI.MalformedURIException mfue) {
- throw new XMLEncryptionException("empty", mfue);
- }
- return (_ed);
- }
-
-
-
- public EncryptedData encryptData(Document context, byte [] serializedOctets, boolean contentMode) throws
- /* XMLEncryption */ Exception {
logger.log(java.util.logging.Level.FINE, "Encrypting element...");
if (null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
- if (null == serializedOctets)
- logger.log(java.util.logging.Level.SEVERE, "Canonicalized Data is unexpectedly null...");
+ if (null == element)
+ logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
if (_cipherMode != ENCRYPT_MODE)
logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+ if (contentMode) {
+ return encryptData
+ (context, element, EncryptionConstants.TYPE_CONTENT, null);
+ } else {
+ return encryptData
+ (context, element, EncryptionConstants.TYPE_ELEMENT, null);
+ }
+ }
+
+ private EncryptedData encryptData(
+ Document context, Element element, String type,
+ InputStream serializedData) throws /* XMLEncryption */ Exception {
+
_contextDocument = context;
if (_algorithm == null) {
- throw new XMLEncryptionException("XMLCipher instance without transformation specified");
+ throw new XMLEncryptionException
+ ("XMLCipher instance without transformation specified");
}
-
- logger.log(java.util.logging.Level.FINE, "Serialized octets:\n" + serializedOctets);
+ String serializedOctets = null;
+ if (serializedData == null) {
+ if (type == EncryptionConstants.TYPE_CONTENT) {
+ NodeList children = element.getChildNodes();
+ if (null != children) {
+ serializedOctets = _serializer.serialize(children);
+ } else {
+ Object exArgs[] = { "Element has no content." };
+ throw new XMLEncryptionException("empty", exArgs);
+ }
+ } else {
+ serializedOctets = _serializer.serialize(element);
+ }
+ logger.log(java.util.logging.Level.FINE, "Serialized octets:\n" + serializedOctets);
+ }
byte[] encryptedBytes = null;
// Now create the working cipher if none was created already
Cipher c;
if (_contextCipher == null) {
- String jceAlgorithm =
- JCEMapper.translateURItoJCEID(_algorithm);
-
+ String jceAlgorithm = JCEMapper.translateURItoJCEID(_algorithm);
logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
try {
@@ -1148,41 +1074,47 @@ public class XMLCipher {
}
try {
- encryptedBytes =
- c.doFinal(serializedOctets);
-
- logger.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
+ if (serializedData != null) {
+ int numBytes;
+ byte[] buf = new byte[8192];
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ while ((numBytes = serializedData.read(buf)) != -1) {
+ byte[] data = c.update(buf, 0, numBytes);
+ baos.write(data);
+ }
+ baos.write(c.doFinal());
+ encryptedBytes = baos.toByteArray();
+ } else {
+ encryptedBytes = c.doFinal(serializedOctets.getBytes("UTF-8"));
+ logger.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
Integer.toString(c.getOutputSize(
- serializedOctets.length)));
+ serializedOctets.getBytes().length)));
+ }
logger.log(java.util.logging.Level.FINE, "Actual cipher.outputSize = " +
- Integer.toString(encryptedBytes.length));
+ Integer.toString(encryptedBytes.length));
} catch (IllegalStateException ise) {
throw new XMLEncryptionException("empty", ise);
} catch (IllegalBlockSizeException ibse) {
throw new XMLEncryptionException("empty", ibse);
} catch (BadPaddingException bpe) {
throw new XMLEncryptionException("empty", bpe);
- } catch (Exception uee) {
+ } catch (UnsupportedEncodingException uee) {
throw new XMLEncryptionException("empty", uee);
}
// Now build up to a properly XML Encryption encoded octet stream
// IvParameterSpec iv;
-
byte[] iv = c.getIV();
byte[] finalEncryptedBytes =
new byte[iv.length + encryptedBytes.length];
- System.arraycopy(iv, 0, finalEncryptedBytes, 0,
- iv.length);
- System.arraycopy(encryptedBytes, 0, finalEncryptedBytes,
- iv.length,
- encryptedBytes.length);
-
+ System.arraycopy(iv, 0, finalEncryptedBytes, 0, iv.length);
+ System.arraycopy(encryptedBytes, 0, finalEncryptedBytes, iv.length,
+ encryptedBytes.length);
String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);
logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
logger.log(java.util.logging.Level.FINE, "Encrypted octets length = " +
- base64EncodedEncryptedOctets.length());
+ base64EncodedEncryptedOctets.length());
try {
CipherData cd = _ed.getCipherData();
@@ -1190,15 +1122,11 @@ public class XMLCipher {
// cv.setValue(base64EncodedEncryptedOctets.getBytes());
cv.setValue(base64EncodedEncryptedOctets);
- if (contentMode) {
- _ed.setType(
- new URI(EncryptionConstants.TYPE_CONTENT).toString());
- } else {
- _ed.setType(
- new URI(EncryptionConstants.TYPE_ELEMENT).toString());
+ if (type != null) {
+ _ed.setType(new URI(type).toString());
}
EncryptionMethod method =
- _factory.newEncryptionMethod(new URI(_algorithm).toString());
+ _factory.newEncryptionMethod(new URI(_algorithm).toString());
_ed.setEncryptionMethod(method);
} catch (URI.MalformedURIException mfue) {
throw new XMLEncryptionException("empty", mfue);
@@ -1206,7 +1134,6 @@ public class XMLCipher {
return (_ed);
}
-
/**
* Returns an EncryptedData interface. Use this operation if
* you want to load an EncryptedData structure from a DOM
@@ -1219,7 +1146,7 @@ public class XMLCipher {
*/
public EncryptedData loadEncryptedData(Document context, Element element)
throws XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Loading encrypted element...");
+ logger.log(java.util.logging.Level.FINE, "Loading encrypted element...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == element)
@@ -1246,13 +1173,13 @@ public class XMLCipher {
public EncryptedKey loadEncryptedKey(Document context, Element element)
throws XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Loading encrypted key...");
+ logger.log(java.util.logging.Level.FINE, "Loading encrypted key...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == element)
logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
if(_cipherMode != UNWRAP_MODE && _cipherMode != DECRYPT_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE or DECRYPT_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE or DECRYPT_MODE...");
_contextDocument = context;
_ek = _factory.newEncryptedKey(element);
@@ -1290,12 +1217,12 @@ public class XMLCipher {
public EncryptedKey encryptKey(Document doc, Key key) throws
XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypting key ...");
+ logger.log(java.util.logging.Level.FINE, "Encrypting key ...");
if(null == key)
logger.log(java.util.logging.Level.SEVERE, "Key unexpectedly null...");
if(_cipherMode != WRAP_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in WRAP_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in WRAP_MODE...");
if (_algorithm == null) {
@@ -1313,7 +1240,7 @@ public class XMLCipher {
String jceAlgorithm =
JCEMapper.translateURItoJCEID(_algorithm);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
+ logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
try {
if (_requestedJCEProvider == null)
@@ -1345,8 +1272,8 @@ public class XMLCipher {
String base64EncodedEncryptedOctets = Base64.encode(encryptedBytes);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted key octets:\n" + base64EncodedEncryptedOctets);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted key octets length = " +
+ logger.log(java.util.logging.Level.FINE, "Encrypted key octets:\n" + base64EncodedEncryptedOctets);
+ logger.log(java.util.logging.Level.FINE, "Encrypted key octets length = " +
base64EncodedEncryptedOctets.length());
CipherValue cv = _ek.getCipherData().getCipherValue();
@@ -1376,10 +1303,10 @@ public class XMLCipher {
public Key decryptKey(EncryptedKey encryptedKey, String algorithm) throws
XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
+ logger.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
if(_cipherMode != UNWRAP_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
if (algorithm == null) {
throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
@@ -1387,7 +1314,7 @@ public class XMLCipher {
if (_key == null) {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
+ logger.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
KeyInfo ki = encryptedKey.getKeyInfo();
if (ki != null) {
@@ -1418,7 +1345,7 @@ public class XMLCipher {
JCEMapper.translateURItoJCEID(
encryptedKey.getEncryptionMethod().getAlgorithm());
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
+ logger.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
try {
if (_requestedJCEProvider == null)
@@ -1448,7 +1375,7 @@ public class XMLCipher {
throw new XMLEncryptionException("empty", nsae);
}
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
+ logger.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
return ret;
@@ -1478,14 +1405,9 @@ public class XMLCipher {
*
* @param node the Node to clear.
*/
- private void removeContent(Node node) {
- NodeList list = node.getChildNodes();
- if (list.getLength() > 0) {
- Node n = list.item(0);
- if (null != n) {
- n.getParentNode().removeChild(n);
- }
- removeContent(node);
+ private static void removeContent(Node node) {
+ while (node.hasChildNodes()) {
+ node.removeChild(node.getFirstChild());
}
}
@@ -1499,7 +1421,7 @@ public class XMLCipher {
private Document decryptElement(Element element) throws
XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decrypting element...");
+ logger.log(java.util.logging.Level.FINE, "Decrypting element...");
if(_cipherMode != DECRYPT_MODE)
logger.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
@@ -1512,7 +1434,7 @@ public class XMLCipher {
}
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decrypted octets:\n" + octets);
+ logger.log(java.util.logging.Level.FINE, "Decrypted octets:\n" + octets);
Node sourceParent = element.getParentNode();
@@ -1573,7 +1495,7 @@ public class XMLCipher {
public byte[] decryptToByteArray(Element element)
throws XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");
+ logger.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");
if(_cipherMode != DECRYPT_MODE)
logger.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
@@ -2226,7 +2148,7 @@ public class XMLCipher {
AgreementMethod newAgreementMethod(Element element) throws
XMLEncryptionException {
if (null == element) {
- //complain
+ throw new NullPointerException("element is null");
}
String algorithm = element.getAttributeNS(null,
@@ -2292,7 +2214,7 @@ public class XMLCipher {
CipherData newCipherData(Element element) throws
XMLEncryptionException {
if (null == element) {
- // complain
+ throw new NullPointerException("element is null");
}
int type = 0;
@@ -2352,7 +2274,7 @@ public class XMLCipher {
(Element) transformsElements.item(0);
if (transformsElement != null) {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Creating a DSIG based Transforms element");
+ logger.log(java.util.logging.Level.FINE, "Creating a DSIG based Transforms element");
try {
result.setTransforms(new TransformsImpl(transformsElement));
}
@@ -2411,34 +2333,28 @@ public class XMLCipher {
XMLEncryptionException {
EncryptedData result = null;
- NodeList dataElements = element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CIPHERDATA);
+ NodeList dataElements = element.getElementsByTagNameNS(
+ EncryptionConstants.EncryptionSpecNS,
+ EncryptionConstants._TAG_CIPHERDATA);
- // Need to get the last CipherData found, as earlier ones will
- // be for elements in the KeyInfo lists
+ // Need to get the last CipherData found, as earlier ones will
+ // be for elements in the KeyInfo lists
Element dataElement =
- (Element) dataElements.item(dataElements.getLength() - 1);
+ (Element) dataElements.item(dataElements.getLength() - 1);
CipherData data = newCipherData(dataElement);
result = newEncryptedData(data);
- try {
- result.setId(element.getAttributeNS(
- null, EncryptionConstants._ATT_ID));
- result.setType(new URI(
- element.getAttributeNS(
- null, EncryptionConstants._ATT_TYPE)).toString());
- result.setMimeType(element.getAttributeNS(
- null, EncryptionConstants._ATT_MIMETYPE));
- result.setEncoding(new URI(
- element.getAttributeNS(
- null, Constants._ATT_ENCODING)).toString());
- } catch (URI.MalformedURIException mfue) {
- // do nothing
- }
+ result.setId(element.getAttributeNS(
+ null, EncryptionConstants._ATT_ID));
+ result.setType(
+ element.getAttributeNS(null, EncryptionConstants._ATT_TYPE));
+ result.setMimeType(element.getAttributeNS(
+ null, EncryptionConstants._ATT_MIMETYPE));
+ result.setEncoding(
+ element.getAttributeNS(null, Constants._ATT_ENCODING));
Element encryptionMethodElement =
(Element) element.getElementsByTagNameNS(
@@ -2450,18 +2366,18 @@ public class XMLCipher {
}
// BFL 16/7/03 - simple implementation
- // TODO: Work out how to handle relative URI
+ // TODO: Work out how to handle relative URI
Element keyInfoElement =
(Element) element.getElementsByTagNameNS(
Constants.SignatureSpecNS, Constants._TAG_KEYINFO).item(0);
if (null != keyInfoElement) {
- try {
- result.setKeyInfo(new KeyInfo(keyInfoElement, null));
- } catch (XMLSecurityException xse) {
- throw new XMLEncryptionException("Error loading Key Info",
- xse);
- }
+ try {
+ result.setKeyInfo(new KeyInfo(keyInfoElement, null));
+ } catch (XMLSecurityException xse) {
+ throw new XMLEncryptionException("Error loading Key Info",
+ xse);
+ }
}
// TODO: Implement
@@ -2511,31 +2427,25 @@ public class XMLCipher {
EncryptedKey newEncryptedKey(Element element) throws
XMLEncryptionException {
EncryptedKey result = null;
- NodeList dataElements = element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CIPHERDATA);
+ NodeList dataElements = element.getElementsByTagNameNS(
+ EncryptionConstants.EncryptionSpecNS,
+ EncryptionConstants._TAG_CIPHERDATA);
Element dataElement =
- (Element) dataElements.item(dataElements.getLength() - 1);
+ (Element) dataElements.item(dataElements.getLength() - 1);
CipherData data = newCipherData(dataElement);
result = newEncryptedKey(data);
- try {
- result.setId(element.getAttributeNS(
- null, EncryptionConstants._ATT_ID));
- result.setType(new URI(
- element.getAttributeNS(
- null, EncryptionConstants._ATT_TYPE)).toString());
- result.setMimeType(element.getAttributeNS(
- null, EncryptionConstants._ATT_MIMETYPE));
- result.setEncoding(new URI(
- element.getAttributeNS(
- null, Constants._ATT_ENCODING)).toString());
- result.setRecipient(element.getAttributeNS(
- null, EncryptionConstants._ATT_RECIPIENT));
- } catch (URI.MalformedURIException mfue) {
- // do nothing
- }
+ result.setId(element.getAttributeNS(
+ null, EncryptionConstants._ATT_ID));
+ result.setType(
+ element.getAttributeNS(null, EncryptionConstants._ATT_TYPE));
+ result.setMimeType(element.getAttributeNS(
+ null, EncryptionConstants._ATT_MIMETYPE));
+ result.setEncoding(
+ element.getAttributeNS(null, Constants._ATT_ENCODING));
+ result.setRecipient(element.getAttributeNS(
+ null, EncryptionConstants._ATT_RECIPIENT));
Element encryptionMethodElement =
(Element) element.getElementsByTagNameNS(
@@ -2550,12 +2460,12 @@ public class XMLCipher {
(Element) element.getElementsByTagNameNS(
Constants.SignatureSpecNS, Constants._TAG_KEYINFO).item(0);
if (null != keyInfoElement) {
- try {
- result.setKeyInfo(new KeyInfo(keyInfoElement, null));
- } catch (XMLSecurityException xse) {
- throw new XMLEncryptionException("Error loading Key Info",
- xse);
- }
+ try {
+ result.setKeyInfo(new KeyInfo(keyInfoElement, null));
+ } catch (XMLSecurityException xse) {
+ throw new XMLEncryptionException
+ ("Error loading Key Info", xse);
+ }
}
// TODO: Implement
@@ -2581,7 +2491,8 @@ public class XMLCipher {
EncryptionConstants.EncryptionSpecNS,
EncryptionConstants._TAG_CARRIEDKEYNAME).item(0);
if (null != carriedNameElement) {
- result.setCarriedName(carriedNameElement.getNodeValue());
+ result.setCarriedName
+ (carriedNameElement.getFirstChild().getNodeValue());
}
return (result);
@@ -2680,13 +2591,8 @@ public class XMLCipher {
EncryptionProperty newEncryptionProperty(Element element) {
EncryptionProperty result = newEncryptionProperty();
- try {
- result.setTarget(new URI(
- element.getAttributeNS(
- null, EncryptionConstants._ATT_TARGET)).toString());
- } catch (URI.MalformedURIException mfue) {
- // do nothing
- }
+ result.setTarget(
+ element.getAttributeNS(null, EncryptionConstants._ATT_TARGET));
result.setId(element.getAttributeNS(
null, EncryptionConstants._ATT_ID));
// TODO: Make this lot work...
@@ -2943,7 +2849,7 @@ public class XMLCipher {
} catch (URI.MalformedURIException mfue) {
//complain
}
- algorithm = tmpAlgorithm.toString();
+ algorithmURI = tmpAlgorithm.toString();
}
// containsXXX() methods return whether the KeyInfo
* contains the corresponding type.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class KeyInfo extends SignatureElementProxy {
/** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(KeyInfo.class.getName());
+ List x509Datas=null;
+ List encryptedKeys=null;
-
+ static final List nullList;
+ static {
+ List list = new ArrayList();
+ list.add(null);
+ nullList = Collections.unmodifiableList(list);
+ }
/**
* Constructor KeyInfo
@@ -108,7 +117,6 @@ public class KeyInfo extends SignatureElementProxy {
XMLUtils.addReturnToElement(this._constructionElement);
-
}
/**
@@ -119,8 +127,8 @@ public class KeyInfo extends SignatureElementProxy {
* @throws XMLSecurityException
*/
public KeyInfo(Element element, String BaseURI) throws XMLSecurityException {
-
super(element, BaseURI);
+ // _storageResolvers.add(null);
}
@@ -131,7 +139,7 @@ public class KeyInfo extends SignatureElementProxy {
*/
public void setId(String Id) {
- if ((this._state == MODE_SIGN) && (Id != null)) {
+ if ((Id != null)) {
this._constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
IdResolver.registerElementById(this._constructionElement, Id);
}
@@ -162,10 +170,8 @@ public class KeyInfo extends SignatureElementProxy {
*/
public void add(KeyName keyname) {
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(keyname.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -219,11 +225,8 @@ public class KeyInfo extends SignatureElementProxy {
* @param keyvalue
*/
public void add(KeyValue keyvalue) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(keyvalue.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -241,11 +244,8 @@ public class KeyInfo extends SignatureElementProxy {
* @param mgmtdata
*/
public void add(MgmtData mgmtdata) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(mgmtdata.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -254,11 +254,8 @@ public class KeyInfo extends SignatureElementProxy {
* @param pgpdata
*/
public void add(PGPData pgpdata) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(pgpdata.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -279,11 +276,8 @@ public class KeyInfo extends SignatureElementProxy {
* @param retrievalmethod
*/
public void add(RetrievalMethod retrievalmethod) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(retrievalmethod.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -292,11 +286,8 @@ public class KeyInfo extends SignatureElementProxy {
* @param spkidata
*/
public void add(SPKIData spkidata) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(spkidata.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -305,11 +296,11 @@ public class KeyInfo extends SignatureElementProxy {
* @param x509data
*/
public void add(X509Data x509data) {
-
- if (this._state == MODE_SIGN) {
+ if (x509Datas==null)
+ x509Datas=new ArrayList();
+ x509Datas.add(x509data);
this._constructionElement.appendChild(x509data.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -321,12 +312,11 @@ public class KeyInfo extends SignatureElementProxy {
public void add(EncryptedKey encryptedKey)
throws XMLEncryptionException {
-
- if (this._state == MODE_SIGN) {
+ if (encryptedKeys==null)
+ encryptedKeys=new ArrayList();
+ encryptedKeys.add(encryptedKey);
XMLCipher cipher = XMLCipher.getInstance();
this._constructionElement.appendChild(cipher.martial(encryptedKey));
- }
-
}
/**
@@ -335,11 +325,8 @@ public class KeyInfo extends SignatureElementProxy {
* @param element
*/
public void addUnknownElement(Element element) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(element);
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -403,6 +390,9 @@ public class KeyInfo extends SignatureElementProxy {
*@return the number of the X509Data tags
*/
public int lengthX509Data() {
+ if (x509Datas!=null) {
+ return x509Datas.size();
+ }
return this.length(Constants.SignatureSpecNS, Constants._TAG_X509DATA);
}
@@ -550,7 +540,9 @@ public class KeyInfo extends SignatureElementProxy {
* @throws XMLSecurityException
*/
public X509Data itemX509Data(int i) throws XMLSecurityException {
-
+ if (x509Datas!=null) {
+ return (X509Data) x509Datas.get(i);
+ }
Element e = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
Constants._TAG_X509DATA,i);
@@ -569,7 +561,9 @@ public class KeyInfo extends SignatureElementProxy {
*/
public EncryptedKey itemEncryptedKey(int i) throws XMLSecurityException {
-
+ if (encryptedKeys!=null) {
+ return (EncryptedKey) encryptedKeys.get(i);
+ }
Element e =
XMLUtils.selectXencNode(this._constructionElement.getFirstChild(),
EncryptionConstants._TAG_ENCRYPTEDKEY,i);
@@ -707,20 +701,20 @@ public class KeyInfo extends SignatureElementProxy {
PublicKey pk = this.getPublicKeyFromInternalResolvers();
if (pk != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I could find a key using the per-KeyInfo key resolvers");
+ log.log(java.util.logging.Level.FINE, "I could find a key using the per-KeyInfo key resolvers");
return pk;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I couldn't find a key using the per-KeyInfo key resolvers");
+ log.log(java.util.logging.Level.FINE, "I couldn't find a key using the per-KeyInfo key resolvers");
pk = this.getPublicKeyFromStaticResolvers();
if (pk != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I could find a key using the system-wide key resolvers");
+ log.log(java.util.logging.Level.FINE, "I could find a key using the system-wide key resolvers");
return pk;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I couldn't find a key using the system-wide key resolvers");
+ log.log(java.util.logging.Level.FINE, "I couldn't find a key using the system-wide key resolvers");
return null;
}
@@ -732,46 +726,29 @@ public class KeyInfo extends SignatureElementProxy {
* @throws KeyResolverException
*/
PublicKey getPublicKeyFromStaticResolvers() throws KeyResolverException {
-
- for (int i = 0; i < KeyResolver.length(); i++) {
- KeyResolver keyResolver = KeyResolver.item(i);
+ int length=KeyResolver.length();
+ int storageLength=this._storageResolvers.size();
+ Iterator it= KeyResolver.iterator();
+ for (int i = 0; i < length; i++) {
+ KeyResolverSpi keyResolver = (KeyResolverSpi) it.next();
Node currentChild=this._constructionElement.getFirstChild();
+ String uri= this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- if (this._storageResolvers.size() == 0) {
-
- // if we do not have storage resolvers, we verify with null
- StorageResolver storage = null;
-
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- PublicKey pk =
- keyResolver.resolvePublicKey((Element) currentChild,
- this.getBaseURI(),
- storage);
-
- if (pk != null) {
- return pk;
- }
- }
- } else {
- for (int k = 0; k < this._storageResolvers.size(); k++) {
+ for (int k = 0; k < storageLength; k++) {
StorageResolver storage =
(StorageResolver) this._storageResolvers.get(k);
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- PublicKey pk =
- keyResolver.resolvePublicKey((Element) currentChild,
- this.getBaseURI(),
+ PublicKey pk =
+ keyResolver.engineLookupAndResolvePublicKey((Element) currentChild,
+ uri,
storage);
- if (pk != null) {
- return pk;
- }
+ if (pk != null) {
+ KeyResolver.hit(it);
+ return pk;
}
}
- }
}
currentChild=currentChild.getNextSibling();
}
@@ -786,50 +763,27 @@ public class KeyInfo extends SignatureElementProxy {
* @throws KeyResolverException
*/
PublicKey getPublicKeyFromInternalResolvers() throws KeyResolverException {
-
- for (int i = 0; i < this.lengthInternalKeyResolver(); i++) {
+ int length=lengthInternalKeyResolver();
+ int storageLength=this._storageResolvers.size();
+ for (int i = 0; i < length; i++) {
KeyResolverSpi keyResolver = this.itemInternalKeyResolver(i);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
Node currentChild=this._constructionElement.getFirstChild();
+ String uri=this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- if (this._storageResolvers.size() == 0) {
-
- // if we do not have storage resolvers, we verify with null
- StorageResolver storage = null;
-
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- PublicKey pk =
- keyResolver
- .engineResolvePublicKey((Element) currentChild, this
- .getBaseURI(), storage);
+ for (int k = 0; k < storageLength; k++) {
+ StorageResolver storage =
+ (StorageResolver) this._storageResolvers.get(k);
+ PublicKey pk = keyResolver
+ .engineLookupAndResolvePublicKey((Element) currentChild, uri, storage);
if (pk != null) {
- return pk;
+ return pk;
}
}
- } else {
- for (int k = 0; k < this._storageResolvers.size(); k++) {
- StorageResolver storage =
- (StorageResolver) this._storageResolvers.get(k);
-
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- PublicKey pk = keyResolver
- .engineResolvePublicKey((Element) currentChild, this
- .getBaseURI(), storage);
-
- if (pk != null) {
- return pk;
- }
- }
- }
- }
}
currentChild=currentChild.getNextSibling();
}
@@ -850,12 +804,12 @@ public class KeyInfo extends SignatureElementProxy {
X509Certificate cert = this.getX509CertificateFromInternalResolvers();
if (cert != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE,
+ log.log(java.util.logging.Level.FINE,
"I could find a X509Certificate using the per-KeyInfo key resolvers");
return cert;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE,
+ log.log(java.util.logging.Level.FINE,
"I couldn't find a X509Certificate using the per-KeyInfo key resolvers");
@@ -863,12 +817,12 @@ public class KeyInfo extends SignatureElementProxy {
cert = this.getX509CertificateFromStaticResolvers();
if (cert != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE,
+ log.log(java.util.logging.Level.FINE,
"I could find a X509Certificate using the system-wide key resolvers");
return cert;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE,
+ log.log(java.util.logging.Level.FINE,
"I couldn't find a X509Certificate using the system-wide key resolvers");
@@ -885,53 +839,44 @@ public class KeyInfo extends SignatureElementProxy {
*/
X509Certificate getX509CertificateFromStaticResolvers()
throws KeyResolverException {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Start getX509CertificateFromStaticResolvers() with "
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Start getX509CertificateFromStaticResolvers() with "
+ KeyResolver.length() + " resolvers");
+ String uri=this.getBaseURI();
+ int length= KeyResolver.length();
+ int storageLength=this._storageResolvers.size();
+ Iterator it = KeyResolver.iterator();
+ for (int i = 0; i SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14):
- * This extension identifies the public key being certified. It enables
- * distinct keys used by the same subject to be differentiated
- * (e.g., as key updating occurs).
- *
- * A key identifer shall be unique with respect to all key identifiers
- * for the subject with which it is used. This extension is always non-critical.
- */
- public static final String SKI_OID = "2.5.29.14";
-
- /**
- * Constructor X509SKI
- *
- * @param doc
- * @param skiBytes
- */
- public XMLX509SKI(Document doc, byte[] skiBytes) {
-
- super(doc);
-
- this.addBase64Text(skiBytes);
- }
-
- /**
- * Constructor XMLX509SKI
- *
- * @param doc
- * @param x509certificate
- * @throws XMLSecurityException
- */
- public XMLX509SKI(Document doc, X509Certificate x509certificate)
- throws XMLSecurityException {
-
- super(doc);
-
- this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
- }
-
- /**
- * Constructor XMLX509SKI
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public XMLX509SKI(Element element, String BaseURI)
+ /**
+ * SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14):
+ * This extension identifies the public key being certified. It enables
+ * distinct keys used by the same subject to be differentiated
+ * (e.g., as key updating occurs).
+ *
+ * A key identifer shall be unique with respect to all key identifiers
+ * for the subject with which it is used. This extension is always non-critical.
+ */
+ public static final String SKI_OID = "2.5.29.14";
+
+ /**
+ * Constructor X509SKI
+ *
+ * @param doc
+ * @param skiBytes
+ */
+ public XMLX509SKI(Document doc, byte[] skiBytes) {
+ super(doc);
+ this.addBase64Text(skiBytes);
+ }
+
+ /**
+ * Constructor XMLX509SKI
+ *
+ * @param doc
+ * @param x509certificate
+ * @throws XMLSecurityException
+ */
+ public XMLX509SKI(Document doc, X509Certificate x509certificate)
throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Method getSKIBytes
- *
- * @return the skibytes
- * @throws XMLSecurityException
- */
- public byte[] getSKIBytes() throws XMLSecurityException {
- return this.getBytesFromTextChild();
- }
-
- /**
- * Method getSKIBytesFromCert
- *
- * @param cert
- * @return sky bytes from the given certificate
- *
- * @throws XMLSecurityException
- * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
- */
- public static byte[] getSKIBytesFromCert(X509Certificate cert)
+ super(doc);
+ this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
+ }
+
+ /**
+ * Constructor XMLX509SKI
+ *
+ * @param element
+ * @param BaseURI
+ * @throws XMLSecurityException
+ */
+ public XMLX509SKI(Element element, String BaseURI)
throws XMLSecurityException {
-
- try {
-
- /*
- * Gets the DER-encoded OCTET string for the extension value (extnValue)
- * identified by the passed-in oid String. The oid string is
- * represented by a set of positive whole numbers separated by periods.
- */
- byte[] derEncodedValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
-
- if (cert.getVersion() < 3) {
+ super(element, BaseURI);
+ }
+
+ /**
+ * Method getSKIBytes
+ *
+ * @return the skibytes
+ * @throws XMLSecurityException
+ */
+ public byte[] getSKIBytes() throws XMLSecurityException {
+ return this.getBytesFromTextChild();
+ }
+
+ /**
+ * Method getSKIBytesFromCert
+ *
+ * @param cert
+ * @return ski bytes from the given certificate
+ *
+ * @throws XMLSecurityException
+ * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
+ */
+ public static byte[] getSKIBytesFromCert(X509Certificate cert)
+ throws XMLSecurityException {
+
+ if (cert.getVersion() < 3) {
Object exArgs[] = { new Integer(cert.getVersion()) };
-
throw new XMLSecurityException("certificate.noSki.lowVersion",
exArgs);
- }
-
- byte[] extensionValue = null;
-
- /**
- * Use sun.security.util.DerValue if it is present.
- */
- try {
- DerValue dervalue = new DerValue(derEncodedValue);
- if (dervalue == null) {
- throw new XMLSecurityException("certificate.noSki.null");
- }
- if (dervalue.tag != DerValue.tag_OctetString) {
- throw new XMLSecurityException("certificate.noSki.notOctetString");
- }
- extensionValue = dervalue.getOctetString();
- } catch (NoClassDefFoundError e) {
- }
-
- /**
- * Fall back to org.bouncycastle.asn1.DERInputStream
- */
- if (extensionValue == null) {
- try {
- Class clazz = Class.forName("org.bouncycastle.asn1.DERInputStream");
- if (clazz != null) {
- Constructor constructor = clazz.getConstructor(new Class[]{InputStream.class});
- InputStream is = (InputStream) constructor.newInstance(new Object[]{new ByteArrayInputStream(derEncodedValue)});
- Method method = clazz.getMethod("readObject", new Class[]{});
- Object obj = method.invoke(is, new Object[]{});
- if (obj == null) {
- throw new XMLSecurityException("certificate.noSki.null");
- }
- Class clazz2 = Class.forName("org.bouncycastle.asn1.ASN1OctetString");
- if (!clazz2.isInstance(obj)) {
- throw new XMLSecurityException("certificate.noSki.notOctetString");
- }
- Method method2 = clazz2.getMethod("getOctets", new Class[]{});
- extensionValue = (byte[]) method2.invoke(obj, new Object[]{});
- }
- } catch (Throwable t) {
- }
- }
-
- /**
- * Strip away first two bytes from the DerValue (tag and length)
- */
- byte abyte0[] = new byte[extensionValue.length - 2];
-
- System.arraycopy(extensionValue, 2, abyte0, 0, abyte0.length);
-
- /*
- byte abyte0[] = new byte[derEncodedValue.length - 4];
- System.arraycopy(derEncodedValue, 4, abyte0, 0, abyte0.length);
+ }
+
+ /*
+ * Gets the DER-encoded OCTET string for the extension value
+ * (extnValue) identified by the passed-in oid String. The oid
+ * string is represented by a set of positive whole numbers
+ * separated by periods.
+ */
+ byte[] extensionValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
+ if (extensionValue == null) {
+ throw new XMLSecurityException("certificate.noSki.null");
+ }
+
+ /**
+ * Strip away first four bytes from the extensionValue
+ * The first two bytes are the tag and length of the extensionValue
+ * OCTET STRING, and the next two bytes are the tag and length of
+ * the skid OCTET STRING.
*/
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(abyte0));
+ byte skidValue[] = new byte[extensionValue.length - 4];
+
+ System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
- return abyte0;
- } catch (IOException ex) {
- throw new XMLSecurityException("generic.EmptyMessage", ex);
- }
- }
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(skidValue));
+ }
- /** @inheritDoc */
- public boolean equals(Object obj) {
+ return skidValue;
+ }
- if (!obj.getClass().getName().equals(this.getClass().getName())) {
- return false;
- }
+ /** @inheritDoc */
+ public boolean equals(Object obj) {
+ if (obj == null) {
+ return false;
+ }
+ if (!this.getClass().getName().equals(obj.getClass().getName())) {
+ return false;
+ }
- XMLX509SKI other = (XMLX509SKI) obj;
+ XMLX509SKI other = (XMLX509SKI) obj;
- try {
- return java.security.MessageDigest.isEqual(other.getSKIBytes(),
+ try {
+ return java.security.MessageDigest.isEqual(other.getSKIBytes(),
this.getSKIBytes());
- } catch (XMLSecurityException ex) {
- return false;
- }
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509SKI;
- }
+ } catch (XMLSecurityException ex) {
+ return false;
+ }
+ }
+
+ /** @inheritDoc */
+ public String getBaseLocalName() {
+ return Constants._TAG_X509SKI;
+ }
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java
index 548ec7ba57d1bad16553ffe908677a3e0ffc4603..8d51da2e2fdd29b4a604f9c3bd9a77249a8e5c34 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content.x509;
-
-
import java.security.cert.X509Certificate;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
@@ -33,15 +31,11 @@ import org.w3c.dom.Element;
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class XMLX509SubjectName extends SignatureElementProxy
implements XMLX509DataContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(XMLX509SubjectName.class.getName());
-
/**
* Constructor X509SubjectName
*
@@ -88,23 +82,21 @@ public class XMLX509SubjectName extends SignatureElementProxy
return RFC2253Parser.normalize(this.getTextFromTextChild());
}
- /** @inheritDoc */
- public boolean equals(Object obj) {
-
- if (!obj.getClass().getName().equals(this.getClass().getName())) {
- return false;
- }
-
- XMLX509SubjectName other = (XMLX509SubjectName) obj;
- String otherSubject = other.getSubjectName();
- String thisSubject = this.getSubjectName();
+ /** @inheritDoc */
+ public boolean equals(Object obj) {
+ if (obj == null) {
+ return false;
+ }
- if (otherSubject.equals(thisSubject)) {
- return true;
- }
+ if (!this.getClass().getName().equals(obj.getClass().getName())) {
+ return false;
+ }
- return false;
+ XMLX509SubjectName other = (XMLX509SubjectName) obj;
+ String otherSubject = other.getSubjectName();
+ String thisSubject = this.getSubjectName();
+ return thisSubject.equals(otherSubject);
}
/** @inheritDoc */
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java
index 6e3d408d43de05c4011dc37349b59c18b3763302..3b3508005cbdbb23661f0fb7e31c5a6f76be7fc0 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -29,7 +28,7 @@ import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
/**
*
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class InvalidKeyResolverException extends XMLSecurityException {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
index 488a59731c424cc0d37fff21f0f5dfe2c311c136..1da9dbb362f6926468faa00cc42ccc529d7cfa97 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -26,6 +25,7 @@ package com.sun.org.apache.xml.internal.security.keys.keyresolver;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
@@ -39,7 +39,8 @@ import org.w3c.dom.Node;
* KeyResolver is factory class for subclass of KeyResolverSpi that
* represent child element of KeyInfo.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version %I%, %G%
*/
public class KeyResolver {
@@ -72,6 +73,7 @@ public class KeyResolver {
InstantiationException {
this._resolverSpi =
(KeyResolverSpi) Class.forName(className).newInstance();
+ this._resolverSpi.setGlobalResolver(true);
}
/**
@@ -83,40 +85,82 @@ public class KeyResolver {
return KeyResolver._resolverVector.size();
}
+ public static void hit(Iterator hintI) {
+ ResolverIterator hint = (ResolverIterator) hintI;
+ int i = hint.i;
+ if (i!=1 && hint.res ==_resolverVector) {
+ List resolverVector=(List)((ArrayList)_resolverVector).clone();
+ Object ob=resolverVector.remove(i-1);
+ resolverVector.add(0,ob);
+ _resolverVector=resolverVector;
+ } else {
+ //System.out.println("KeyResolver hitting");
+ }
+ }
+
/**
- * Method item
+ * Method getInstance
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return The certificate represented by the element.
*
- * @param i
- * @return the number i resolver registerd
* @throws KeyResolverException
*/
- public static KeyResolver item(int i) throws KeyResolverException {
+ public static final X509Certificate getX509Certificate(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ // use the old vector to not be hit by updates
+ List resolverVector = KeyResolver._resolverVector;
+ for (int i = 0; i < resolverVector.size(); i++) {
+ KeyResolver resolver=
+ (KeyResolver) resolverVector.get(i);
- KeyResolver resolver = (KeyResolver) KeyResolver._resolverVector.get(i);
- if (resolver==null) {
- throw new KeyResolverException("utils.resolver.noClass");
+ if (resolver==null) {
+ Object exArgs[] = {
+ (((element != null)
+ && (element.getNodeType() == Node.ELEMENT_NODE))
+ ? element.getTagName()
+ : "null") };
+
+ throw new KeyResolverException("utils.resolver.noClass", exArgs);
+ }
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "check resolvability by class " + resolver.getClass());
+
+ X509Certificate cert=resolver.resolveX509Certificate(element, BaseURI, storage);
+ if (cert!=null) {
+ return cert;
+ }
}
- return resolver;
- }
+ Object exArgs[] = {
+ (((element != null) && (element.getNodeType() == Node.ELEMENT_NODE))
+ ? element.getTagName()
+ : "null") };
+ throw new KeyResolverException("utils.resolver.noClass", exArgs);
+ }
/**
* Method getInstance
*
* @param element
* @param BaseURI
* @param storage
- * @return the instance that happends to implement the thing.
+ * @return the public key contained in the element
*
* @throws KeyResolverException
*/
- public static final KeyResolver getInstance(
+ public static final PublicKey getPublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- for (int i = 0; i < KeyResolver._resolverVector.size(); i++) {
+ List resolverVector = KeyResolver._resolverVector;
+ for (int i = 0; i < resolverVector.size(); i++) {
KeyResolver resolver=
- (KeyResolver) KeyResolver._resolverVector.get(i);
+ (KeyResolver) resolverVector.get(i);
if (resolver==null) {
Object exArgs[] = {
@@ -127,11 +171,19 @@ public class KeyResolver {
throw new KeyResolverException("utils.resolver.noClass", exArgs);
}
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "check resolvability by class " + resolver.getClass());
-
- if (resolver.canResolve(element, BaseURI, storage)) {
- return resolver;
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "check resolvability by class " + resolver.getClass());
+
+ PublicKey cert=resolver.resolvePublicKey(element, BaseURI, storage);
+ if (cert!=null) {
+ if (i!=0 && resolverVector==_resolverVector) {
+ //update resolver.
+ resolverVector=(List)((ArrayList)_resolverVector).clone();
+ Object ob=resolverVector.remove(i);
+ resolverVector.add(0,ob);
+ _resolverVector=resolverVector;
+ }
+ return cert;
}
}
@@ -182,34 +234,6 @@ public class KeyResolver {
KeyResolver._resolverVector.add(0, className);
}
- /*
- * Method resolve
- *
- * @param element
- *
- * @throws KeyResolverException
- */
-
- /**
- * Method resolveStatic
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return resolve from the static register an element
- *
- * @throws KeyResolverException
- */
- public static PublicKey resolveStatic(
- Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException {
-
- KeyResolver myResolver = KeyResolver.getInstance(element, BaseURI,
- storage);
-
- return myResolver.resolvePublicKey(element, BaseURI, storage);
- }
-
/**
* Method resolve
*
@@ -223,7 +247,7 @@ public class KeyResolver {
public PublicKey resolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- return this._resolverSpi.engineResolvePublicKey(element, BaseURI, storage);
+ return this._resolverSpi.engineLookupAndResolvePublicKey(element, BaseURI, storage);
}
/**
@@ -239,7 +263,7 @@ public class KeyResolver {
public X509Certificate resolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- return this._resolverSpi.engineResolveX509Certificate(element, BaseURI,
+ return this._resolverSpi.engineLookupResolveX509Certificate(element, BaseURI,
storage);
}
@@ -253,7 +277,7 @@ public class KeyResolver {
public SecretKey resolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- return this._resolverSpi.engineResolveSecretKey(element, BaseURI,
+ return this._resolverSpi.engineLookupAndResolveSecretKey(element, BaseURI,
storage);
}
@@ -277,14 +301,6 @@ public class KeyResolver {
return this._resolverSpi.engineGetProperty(key);
}
- /**
- * Method getPropertyKeys
- *
- * @return the properties key registerd in this resolver
- */
- public String[] getPropertyKeys() {
- return this._resolverSpi.engineGetPropertyKeys();
- }
/**
* Method understandsProperty
@@ -296,18 +312,6 @@ public class KeyResolver {
return this._resolverSpi.understandsProperty(propertyToTest);
}
- /**
- * Method canResolve
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return true if can resolve the key in the element
- */
- public boolean canResolve(Element element, String BaseURI,
- StorageResolver storage) {
- return this._resolverSpi.engineCanResolve(element, BaseURI, storage);
- }
/**
* Method resolverClassName
@@ -317,4 +321,37 @@ public class KeyResolver {
public String resolverClassName() {
return this._resolverSpi.getClass().getName();
}
+
+ static class ResolverIterator implements Iterator {
+ List res;
+ Iterator it;
+ int i;
+ public ResolverIterator(List list) {
+ res = list;
+ it = res.iterator();
+ }
+ public boolean hasNext() {
+ // TODO Auto-generated method stub
+ return it.hasNext();
+ }
+
+ public Object next() {
+ i++;
+ KeyResolver resolver = (KeyResolver) it.next();
+ if (resolver==null) {
+ throw new RuntimeException("utils.resolver.noClass");
+ }
+
+ return resolver._resolverSpi;
+ }
+
+ public void remove() {
+ // TODO Auto-generated method stub
+
+ }
+
+ };
+ public static Iterator iterator() {
+ return new ResolverIterator(_resolverVector);
+ }
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java
index 4248c8dfa6b280119a59b98acd6ac82c7261cf78..f0069949b2f804ec02fe458b4179c80ca023a059 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -31,7 +30,7 @@ import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
*
*
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*
*/
public class KeyResolverException extends XMLSecurityException {
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java
index a6b99825ebc5294f67fe34e55e7c8fac7d7f1bad..dc2865bcfc4d67632320bda1a65d2b22e05e18a4 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java
@@ -20,17 +20,15 @@
*/
package com.sun.org.apache.xml.internal.security.keys.keyresolver;
-
-
import java.security.PublicKey;
import java.security.cert.X509Certificate;
+import java.util.HashMap;
import javax.crypto.SecretKey;
import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
import org.w3c.dom.Element;
-
/**
* This class is abstract class for a child KeyInfo Elemnet.
*
@@ -41,14 +39,10 @@ import org.w3c.dom.Element;
* JAVACLASS="MyPackage.MyKeyValueImpl"//gt;
*
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public abstract class KeyResolverSpi {
-
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(KeyResolverSpi.class.getName());
-
/**
* This method helps the {@link com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver} to decide whether a
* {@link com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi} is able to perform the requested action.
@@ -56,10 +50,12 @@ public abstract class KeyResolverSpi {
* @param element
* @param BaseURI
* @param storage
- * @return true if can resolve the key in the element
+ * @return
*/
- abstract public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage);
+ public boolean engineCanResolve(Element element, String BaseURI,
+ StorageResolver storage) {
+ throw new UnsupportedOperationException();
+ }
/**
* Method engineResolvePublicKey
@@ -71,9 +67,60 @@ public abstract class KeyResolverSpi {
*
* @throws KeyResolverException
*/
- abstract public PublicKey engineResolvePublicKey(
+ public PublicKey engineResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException;
+ throws KeyResolverException {
+ throw new UnsupportedOperationException();
+ };
+
+ /**
+ * Method engineResolvePublicKey
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return resolved public key from the registered from the element.
+ *
+ * @throws KeyResolverException
+ */
+ public PublicKey engineLookupAndResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException {
+ KeyResolverSpi tmp = cloneIfNeeded();
+ if (!tmp.engineCanResolve(element, BaseURI, storage))
+ return null;
+ return tmp.engineResolvePublicKey(element, BaseURI, storage);
+ }
+
+ private KeyResolverSpi cloneIfNeeded() throws KeyResolverException {
+ KeyResolverSpi tmp=this;
+ if (globalResolver) {
+ try {
+ tmp = (KeyResolverSpi) getClass().newInstance();
+ } catch (InstantiationException e) {
+ throw new KeyResolverException("",e);
+ } catch (IllegalAccessException e) {
+ throw new KeyResolverException("",e);
+ }
+ }
+ return tmp;
+ }
+
+ /**
+ * Method engineResolveCertificate
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return resolved X509Certificate key from the registered from the elements
+ *
+ * @throws KeyResolverException
+ */
+ public X509Certificate engineResolveX509Certificate(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException{
+ throw new UnsupportedOperationException();
+ };
/**
* Method engineResolveCertificate
@@ -85,9 +132,30 @@ public abstract class KeyResolverSpi {
*
* @throws KeyResolverException
*/
- abstract public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException;
+ throws KeyResolverException {
+ KeyResolverSpi tmp = cloneIfNeeded();
+ if (!tmp.engineCanResolve(element, BaseURI, storage))
+ return null;
+ return tmp.engineResolveX509Certificate(element, BaseURI, storage);
+
+ }
+ /**
+ * Method engineResolveSecretKey
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return resolved SecretKey key from the registered from the elements
+ *
+ * @throws KeyResolverException
+ */
+ public SecretKey engineResolveSecretKey(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException{
+ throw new UnsupportedOperationException();
+ };
/**
* Method engineResolveSecretKey
@@ -99,12 +167,19 @@ public abstract class KeyResolverSpi {
*
* @throws KeyResolverException
*/
- abstract public SecretKey engineResolveSecretKey(
+ public SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException;
+ throws KeyResolverException {
+ KeyResolverSpi tmp = cloneIfNeeded();
+ if (!tmp.engineCanResolve(element, BaseURI, storage))
+ return null;
+ return tmp.engineResolveSecretKey(element, BaseURI, storage);
+ }
/** Field _properties */
- protected java.util.Map _properties = new java.util.HashMap(10);
+ protected java.util.Map _properties = null;
+
+ protected boolean globalResolver=false;
/**
* Method engineSetProperty
@@ -113,19 +188,8 @@ public abstract class KeyResolverSpi {
* @param value
*/
public void engineSetProperty(String key, String value) {
-
- java.util.Iterator i = this._properties.keySet().iterator();
-
- while (i.hasNext()) {
- String c = (String) i.next();
-
- if (c.equals(key)) {
- key = c;
-
- break;
- }
- }
-
+ if (_properties==null)
+ _properties=new HashMap();
this._properties.put(key, value);
}
@@ -136,31 +200,12 @@ public abstract class KeyResolverSpi {
* @return obtain the property appointed by key
*/
public String engineGetProperty(String key) {
-
- java.util.Iterator i = this._properties.keySet().iterator();
-
- while (i.hasNext()) {
- String c = (String) i.next();
-
- if (c.equals(key)) {
- key = c;
-
- break;
- }
- }
+ if (_properties==null)
+ return null;
return (String) this._properties.get(key);
}
- /**
- * Method engineGetPropertyKeys
- *
- * @return the keys of properties known by this resolver
- */
- public String[] engineGetPropertyKeys() {
- return new String[0];
- }
-
/**
* Method understandsProperty
*
@@ -168,17 +213,13 @@ public abstract class KeyResolverSpi {
* @return true if understood the property
*/
public boolean understandsProperty(String propertyToTest) {
+ if (_properties==null)
+ return false;
- String[] understood = this.engineGetPropertyKeys();
-
- if (understood != null) {
- for (int i = 0; i < understood.length; i++) {
- if (understood[i].equals(propertyToTest)) {
- return true;
- }
- }
- }
-
- return false;
+ return this._properties.get(propertyToTest)!=null;
}
+ public void setGlobalResolver(boolean globalResolver) {
+ this.globalResolver = globalResolver;
+ }
+
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
index efda14c1a4a0066417e062dae7100c9e908f5539..20bf7bad777fa08e94f5f79fddb9fcd45646a18e 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
@@ -37,46 +37,10 @@ import org.w3c.dom.Element;
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class DSAKeyValueResolver extends KeyResolverSpi {
- /** Field _dsaKeyElement */
- private Element _dsaKeyElement = null;
-
- /** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
-
- if (element == null) {
- return false;
- }
-
- boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_KEYVALUE);
- boolean isDSAKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_DSAKEYVALUE);
-
- if (isKeyValue) {
-
- this._dsaKeyElement =
- XMLUtils.selectDsNode(element.getFirstChild(),Constants._TAG_DSAKEYVALUE,0);
-
- if (this._dsaKeyElement != null) {
- return true;
- }
- } else if (isDSAKeyValue) {
-
- // this trick is needed to allow the RetrievalMethodResolver to eat a
- // ds:DSAKeyValue directly (without KeyValue)
- this._dsaKeyElement = element;
-
- return true;
- }
-
- return false;
- }
-
/**
* Method engineResolvePublicKey
*
@@ -85,20 +49,30 @@ public class DSAKeyValueResolver extends KeyResolverSpi {
* @param storage
* @return null if no {@link PublicKey} could be obtained
*/
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage) {
+ if (element == null) {
+ return null;
+ }
+ Element dsaKeyElement=null;
+ boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_KEYVALUE);
+ if (isKeyValue) {
+ dsaKeyElement =
+ XMLUtils.selectDsNode(element.getFirstChild(),Constants._TAG_DSAKEYVALUE,0);
+ } else if (XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_DSAKEYVALUE)) {
+ // this trick is needed to allow the RetrievalMethodResolver to eat a
+ // ds:DSAKeyValue directly (without KeyValue)
+ dsaKeyElement = element;
+ }
- if (this._dsaKeyElement == null) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
-
- if (!weCanResolve || (this._dsaKeyElement == null)) {
- return null;
- }
+ if (dsaKeyElement == null) {
+ return null;
}
try {
- DSAKeyValue dsaKeyValue = new DSAKeyValue(this._dsaKeyElement,
+ DSAKeyValue dsaKeyValue = new DSAKeyValue(dsaKeyElement,
BaseURI);
PublicKey pk = dsaKeyValue.getPublicKey();
@@ -112,13 +86,13 @@ public class DSAKeyValueResolver extends KeyResolverSpi {
/** @inheritDoc */
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
/** @inheritDoc */
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage){
return null;
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
index 4b44f1c50d15434bf71c3bf98cf349f4921422bd..6adc050e8935b37d90faa61fe67d373d72353a33 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
@@ -56,7 +56,6 @@ public class EncryptedKeyResolver extends KeyResolverSpi {
RSAKeyValueResolver.class.getName());
- Key _key;
Key _kek;
String _algorithm;
@@ -66,7 +65,6 @@ public class EncryptedKeyResolver extends KeyResolverSpi {
* @param algorithm
*/
public EncryptedKeyResolver(String algorithm) {
- _key = null;
_kek = null;
_algorithm=algorithm;
}
@@ -78,64 +76,49 @@ public class EncryptedKeyResolver extends KeyResolverSpi {
*/
public EncryptedKeyResolver(String algorithm, Key kek) {
- _key = null;
_algorithm = algorithm;
_kek = kek;
}
- /**
- * Method engineCanResolve
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return true if can resolve the key in the element
- *
- */
-
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());
-
- if (element == null) {
- return false;
- }
-
- boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
- EncryptionConstants._TAG_ENCRYPTEDKEY);
-
- if (isEncryptedKey) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");
- try {
- XMLCipher cipher = XMLCipher.getInstance();
- cipher.init(XMLCipher.UNWRAP_MODE, _kek);
- EncryptedKey ek = cipher.loadEncryptedKey(element);
- _key = cipher.decryptKey(ek, _algorithm);
- }
- catch (Exception e) {}
- }
-
- return (_key != null);
- }
-
/** @inheritDoc */
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
/** @inheritDoc */
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
/** @inheritDoc */
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage) {
- return (SecretKey) _key;
+ SecretKey key=null;
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());
+
+ if (element == null) {
+ return null;
+ }
+
+ boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
+ EncryptionConstants._TAG_ENCRYPTEDKEY);
+
+ if (isEncryptedKey) {
+ log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");
+ try {
+ XMLCipher cipher = XMLCipher.getInstance();
+ cipher.init(XMLCipher.UNWRAP_MODE, _kek);
+ EncryptedKey ek = cipher.loadEncryptedKey(element);
+ key = (SecretKey) cipher.decryptKey(ek, _algorithm);
+ }
+ catch (Exception e) {}
+ }
+
+ return key;
}
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
index 541de7307f458702c775dffb48f4e5e648db3fc6..fb38e8725908901a545533d178af3b79ad3ca120 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -38,7 +37,7 @@ import org.w3c.dom.Element;
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class RSAKeyValueResolver extends KeyResolverSpi {
@@ -48,75 +47,55 @@ public class RSAKeyValueResolver extends KeyResolverSpi {
RSAKeyValueResolver.class.getName());
/** Field _rsaKeyElement */
- private Element _rsaKeyElement = null;
- /** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
+ /** @inheritDoc */
+ public PublicKey engineLookupAndResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage) {
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
if (element == null) {
- return false;
+ return null;
}
- boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_KEYVALUE);
- boolean isRSAKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_RSAKEYVALUE);
-
- if (isKeyValue) {
- this._rsaKeyElement = XMLUtils.selectDsNode(element.getFirstChild(),
- Constants._TAG_RSAKEYVALUE, 0);
-
- if (this._rsaKeyElement != null) {
- return true;
- }
- } else if (isRSAKeyValue) {
-
+ boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_KEYVALUE);
+ Element rsaKeyElement=null;
+ if (isKeyValue) {
+ rsaKeyElement = XMLUtils.selectDsNode(element.getFirstChild(),
+ Constants._TAG_RSAKEYVALUE, 0);
+ } else if (XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_RSAKEYVALUE)) {
// this trick is needed to allow the RetrievalMethodResolver to eat a
// ds:RSAKeyValue directly (without KeyValue)
- this._rsaKeyElement = element;
-
- return true;
- }
-
- return false;
- }
-
- /** @inheritDoc */
- public PublicKey engineResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage) {
+ rsaKeyElement = element;
+ }
- if (this._rsaKeyElement == null) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
- if (!weCanResolve || (this._rsaKeyElement == null)) {
- return null;
- }
+ if (rsaKeyElement == null) {
+ return null;
}
try {
- RSAKeyValue rsaKeyValue = new RSAKeyValue(this._rsaKeyElement,
+ RSAKeyValue rsaKeyValue = new RSAKeyValue(rsaKeyElement,
BaseURI);
return rsaKeyValue.getPublicKey();
} catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
}
return null;
}
/** @inheritDoc */
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
/** @inheritDoc */
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
index d8d98bdb9e9651f47049990b377e4a6f7267c344..3dff21824457cf144b05888576feecc1ec74bd4b 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
@@ -28,7 +28,15 @@ import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Set;
+import javax.xml.parsers.ParserConfigurationException;
+
+import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.keys.content.RetrievalMethod;
import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate;
@@ -44,6 +52,7 @@ import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
/**
@@ -55,7 +64,7 @@ import org.w3c.dom.Node;
* RetrievalMethodResolver cannot handle itself, resolving of the extracted
* element is delegated back to the KeyResolver mechanism.
*
- * @author $Author: raul $
+ * @author $Author: mullan $ modified by Dave Garcia
*/
public class RetrievalMethodResolver extends KeyResolverSpi {
@@ -65,198 +74,170 @@ public class RetrievalMethodResolver extends KeyResolverSpi {
RetrievalMethodResolver.class.getName());
/**
- * Method engineCanResolve
+ * Method engineResolvePublicKey
* @inheritDoc
* @param element
* @param BaseURI
* @param storage
*
*/
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
+ public PublicKey engineLookupAndResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage)
+ {
+ if (!XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_RETRIEVALMETHOD)) {
+ return null;
+ }
- if
- (!XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_RETRIEVALMETHOD)) {
- return false;
- }
+ try {
+ //Create a retrieval method over the given element
+ RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
+ String type = rm.getType();
+ XMLSignatureInput resource=resolveInput(rm,BaseURI);
+ if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
+ //a raw certificate, direct parsing is done!
+ X509Certificate cert=getRawCertificate(resource);
+ if (cert != null) {
+ return cert.getPublicKey();
+ }
+ return null;
+ };
+ Element e = obtainRefrenceElement(resource);
+ return resolveKey(e,BaseURI,storage);
+ } catch (XMLSecurityException ex) {
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ } catch (CertificateException ex) {
+ log.log(java.util.logging.Level.FINE, "CertificateException", ex);
+ } catch (IOException ex) {
+ log.log(java.util.logging.Level.FINE, "IOException", ex);
+ } catch (ParserConfigurationException e) {
+ log.log(java.util.logging.Level.FINE, "ParserConfigurationException", e);
+ } catch (SAXException e) {
+ log.log(java.util.logging.Level.FINE, "SAXException", e);
+ }
+ return null;
+ }
- return true;
+ static private Element obtainRefrenceElement(XMLSignatureInput resource) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException, KeyResolverException {
+ Element e;
+ if (resource.isElement()){
+ e=(Element) resource.getSubNode();
+ } else if (resource.isNodeSet()) {
+ //Retrieved resource is a nodeSet
+ e=getDocumentElement(resource.getNodeSet());
+ } else {
+ //Retrieved resource is an inputStream
+ byte inputBytes[] = resource.getBytes();
+ e = getDocFromBytes(inputBytes);
+ //otherwise, we parse the resource, create an Element and delegate
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
+ }
+ return e;
}
/**
- * Method engineResolvePublicKey
+ * Method engineResolveX509Certificate
* @inheritDoc
* @param element
* @param BaseURI
* @param storage
*
*/
- public PublicKey engineResolvePublicKey(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
{
+ if (!XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_RETRIEVALMETHOD)) {
+ return null;
+ }
- try {
+ try {
RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
- Attr uri = rm.getURIAttr();
-
- // type can be null because it's optional
- String type = rm.getType();
- Transforms transforms = rm.getTransforms();
- ResourceResolver resRes = ResourceResolver.getInstance(uri, BaseURI);
-
- if (resRes != null) {
- XMLSignatureInput resource = resRes.resolve(uri, BaseURI);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Before applying Transforms, resource has "
- + resource.getBytes().length + "bytes");
-
- if (transforms != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "We have Transforms");
-
- resource = transforms.performTransforms(resource);
- }
- if (true) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "After applying Transforms, resource has "
- + resource.getBytes().length + "bytes");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Resolved to resource " + resource.getSourceURI());
- }
-
- byte inputBytes[] = resource.getBytes();
-
- if ((type != null) && type.equals(RetrievalMethod.TYPE_RAWX509)) {
-
- // if the resource stores a raw certificate, we have to handle it
- CertificateFactory certFact =
- CertificateFactory
- .getInstance(XMLX509Certificate.JCA_CERT_ID);
- X509Certificate cert =
- (X509Certificate) certFact
- .generateCertificate(new ByteArrayInputStream(inputBytes));
-
- if (cert != null) {
- return cert.getPublicKey();
- }
- } else {
-
- // otherwise, we parse the resource, create an Element and delegate
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
-
- Element e = this.getDocFromBytes(inputBytes);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"
- + e.getLocalName() + " Element");
-
- if (e != null) {
- KeyResolver newKeyResolver = KeyResolver.getInstance(getFirstElementChild(e),
- BaseURI, storage);
-
- if (newKeyResolver != null) {
- return newKeyResolver.resolvePublicKey(getFirstElementChild(e), BaseURI,
- storage);
- }
- }
- }
- }
+ String type = rm.getType();
+ XMLSignatureInput resource=resolveInput(rm,BaseURI);
+ if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
+ X509Certificate cert=getRawCertificate(resource);
+ return cert;
+ }
+ Element e = obtainRefrenceElement(resource);
+ return resolveCertificate(e,BaseURI,storage);
} catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
} catch (CertificateException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "CertificateException", ex);
+ log.log(java.util.logging.Level.FINE, "CertificateException", ex);
} catch (IOException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "IOException", ex);
- }
-
+ log.log(java.util.logging.Level.FINE, "IOException", ex);
+ } catch (ParserConfigurationException e) {
+ log.log(java.util.logging.Level.FINE, "ParserConfigurationException", e);
+ } catch (SAXException e) {
+ log.log(java.util.logging.Level.FINE, "SAXException", e);
+ }
return null;
}
/**
- * Method engineResolveX509Certificate
- * @inheritDoc
- * @param element
+ * Retrieves a x509Certificate from the given information
+ * @param e
* @param BaseURI
* @param storage
- *
+ * @return
+ * @throws KeyResolverException
*/
- public X509Certificate engineResolveX509Certificate(
- Element element, String BaseURI, StorageResolver storage)
- {
-
- try {
- RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
- Attr uri = rm.getURIAttr();
- Transforms transforms = rm.getTransforms();
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Asked to resolve URI " + uri);
-
- ResourceResolver resRes = ResourceResolver.getInstance(uri, BaseURI);
-
- if (resRes != null) {
- XMLSignatureInput resource = resRes.resolve(uri, BaseURI);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Before applying Transforms, resource has "
- + resource.getBytes().length + "bytes");
-
- if (transforms != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "We have Transforms");
-
- resource = transforms.performTransforms(resource);
- }
-
- if (true) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "After applying Transforms, resource has "
- + resource.getBytes().length + "bytes");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Resolved to resource " + resource.getSourceURI());
- }
-
- byte inputBytes[] = resource.getBytes();
-
- if ((rm.getType() != null)
- && rm.getType().equals(RetrievalMethod.TYPE_RAWX509)) {
-
- // if the resource stores a raw certificate, we have to handle it
- CertificateFactory certFact =
- CertificateFactory
- .getInstance(XMLX509Certificate.JCA_CERT_ID);
- X509Certificate cert =
- (X509Certificate) certFact
- .generateCertificate(new ByteArrayInputStream(inputBytes));
-
- if (cert != null) {
- return cert;
- }
- } else {
-
- // otherwise, we parse the resource, create an Element and delegate
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
-
- Element e = this.getDocFromBytes(inputBytes);
-
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"
- + e.getLocalName() + " Element");
-
- if (e != null) {
- KeyResolver newKeyResolver = KeyResolver.getInstance(getFirstElementChild(e),
- BaseURI, storage);
+ static private X509Certificate resolveCertificate(Element e,String BaseURI,StorageResolver storage) throws KeyResolverException{
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"+ e.getLocalName() + " Element");
+ //An element has been provided
+ if (e != null) {
+ return KeyResolver.getX509Certificate(e,BaseURI, storage);
+ }
+ return null;
+ }
- if (newKeyResolver != null) {
- return newKeyResolver.resolveX509Certificate(getFirstElementChild(e), BaseURI,
- storage);
+ /**
+ * Retrieves a x509Certificate from the given information
+ * @param e
+ * @param BaseURI
+ * @param storage
+ * @return
+ * @throws KeyResolverException
+ */
+ static private PublicKey resolveKey(Element e,String BaseURI,StorageResolver storage) throws KeyResolverException{
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"+ e.getLocalName() + " Element");
+ //An element has been provided
+ if (e != null) {
+ return KeyResolver.getPublicKey(e,BaseURI, storage);
}
- }
- }
- }
- } catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
- } catch (CertificateException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "CertificateException", ex);
- } catch (IOException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "IOException", ex);
- }
+ return null;
+ }
- return null;
+ static private X509Certificate getRawCertificate(XMLSignatureInput resource) throws CanonicalizationException, IOException, CertificateException{
+ byte inputBytes[] = resource.getBytes();
+ // if the resource stores a raw certificate, we have to handle it
+ CertificateFactory certFact =CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
+ X509Certificate cert =(X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(inputBytes));
+ return cert;
+ }
+ /**
+ * Resolves the input from the given retrieval method
+ * @return
+ * @throws XMLSecurityException
+ */
+ static private XMLSignatureInput resolveInput(RetrievalMethod rm,String BaseURI) throws XMLSecurityException{
+ Attr uri = rm.getURIAttr();
+ //Apply the trnasforms
+ Transforms transforms = rm.getTransforms();
+ ResourceResolver resRes = ResourceResolver.getInstance(uri, BaseURI);
+ if (resRes != null) {
+ XMLSignatureInput resource = resRes.resolve(uri, BaseURI);
+ if (transforms != null) {
+ log.log(java.util.logging.Level.FINE, "We have Transforms");
+ resource = transforms.performTransforms(resource);
+ }
+ return resource;
+ }
+ return null;
}
/**
@@ -266,18 +247,13 @@ public class RetrievalMethodResolver extends KeyResolverSpi {
* @return the Document Element after parsing bytes
* @throws KeyResolverException if something goes wrong
*/
- Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
-
+ static Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
try {
- javax.xml.parsers.DocumentBuilderFactory dbf =
- javax.xml.parsers.DocumentBuilderFactory.newInstance();
-
+ javax.xml.parsers.DocumentBuilderFactory dbf =javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
-
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document doc =
db.parse(new java.io.ByteArrayInputStream(bytes));
-
return doc.getDocumentElement();
} catch (org.xml.sax.SAXException ex) {
throw new KeyResolverException("empty", ex);
@@ -296,16 +272,43 @@ public class RetrievalMethodResolver extends KeyResolverSpi {
* @param storage
*
*/
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
{
return null;
}
- static Element getFirstElementChild(Element e){
- Node n=e.getFirstChild();
- while (n!=null && n.getNodeType()!=Node.ELEMENT_NODE) {
- n=n.getNextSibling();
- }
- return (Element)n;
+
+ static Element getDocumentElement(Set set) {
+ Iterator it=set.iterator();
+ Element e=null;
+ while (it.hasNext()) {
+ Node currentNode=(Node)it.next();
+ if (currentNode instanceof Element) {
+ e=(Element)currentNode;
+ break;
+ }
+
+ }
+ List parents=new ArrayList(10);
+
+ //Obtain all the parents of the elemnt
+ do {
+ parents.add(e);
+ Node n=e.getParentNode();
+ if (!(n instanceof Element )) {
+ break;
+ }
+ e=(Element)n;
+ } while (e!=null);
+ //Visit them in reverse order.
+ ListIterator it2=parents.listIterator(parents.size()-1);
+ Element ele=null;
+ while (it2.hasPrevious()) {
+ ele=(Element)it2.previous();
+ if (set.contains(ele)) {
+ return ele;
+ }
+ }
+ return null;
}
}
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java
index 16264c998687fce2ae6c3c52c10211462561e0fb..06a49c6708e7c70dfb639bb2d0dffa0bbae7092a 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -41,7 +40,7 @@ import org.w3c.dom.Element;
* Resolves Certificates which are directly contained inside a
* ds:X509Certificate Element.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class X509CertificateResolver extends KeyResolverSpi {
@@ -49,47 +48,7 @@ public class X509CertificateResolver extends KeyResolverSpi {
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(X509CertificateResolver.class.getName());
- /** Field _dsaKeyElement */
- Element[] _x509CertKeyElements = null;
-
- /**
- * Method engineCanResolve
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- *
- */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-
- if (!XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_X509DATA)) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
-
- this._x509CertKeyElements = XMLUtils.selectDsNodes(element.getFirstChild(),
- Constants._TAG_X509CERTIFICATE);
-
- if ((this._x509CertKeyElements != null)
- && (this._x509CertKeyElements.length > 0)) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Yes Sir, I can");
-
- return true;
- }
-
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
-
- /** Field _x509certObject[] */
- XMLX509Certificate _x509certObject[] = null;
/**
* Method engineResolvePublicKey
@@ -100,11 +59,11 @@ public class X509CertificateResolver extends KeyResolverSpi {
*
* @throws KeyResolverException
*/
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- X509Certificate cert = this.engineResolveX509Certificate(element,
+ X509Certificate cert = this.engineLookupResolveX509Certificate(element,
BaseURI, storage);
if (cert != null) {
@@ -123,43 +82,33 @@ public class X509CertificateResolver extends KeyResolverSpi {
*
* @throws KeyResolverException
*/
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
try {
- if ((this._x509CertKeyElements == null)
- || (this._x509CertKeyElements.length == 0)) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
-
- if (!weCanResolve || (this._x509CertKeyElements == null)
- || (this._x509CertKeyElements.length == 0)) {
- return null;
- }
+ Element[] els=XMLUtils.selectDsNodes(element.getFirstChild(),
+ Constants._TAG_X509CERTIFICATE);
+ if ((els == null) || (els.length == 0)) {
+ Element el=XMLUtils.selectDsNode(element.getFirstChild(),
+ Constants._TAG_X509DATA,0);
+ if (el!=null) {
+ return engineLookupResolveX509Certificate(el, BaseURI, storage);
+ }
+ return null;
}
- this._x509certObject =
- new XMLX509Certificate[this._x509CertKeyElements.length];
-
// populate Object array
- for (int i = 0; i < this._x509CertKeyElements.length; i++) {
- this._x509certObject[i] =
- new XMLX509Certificate(this._x509CertKeyElements[i]
- , BaseURI);
- }
-
- for (int i = 0; i < this._x509certObject.length; i++) {
- X509Certificate cert = this._x509certObject[i].getX509Certificate();
-
- if (cert != null) {
- return cert;
+ for (int i = 0; i < els.length; i++) {
+ XMLX509Certificate xmlCert=new XMLX509Certificate(els[i], BaseURI);
+ X509Certificate cert = xmlCert.getX509Certificate();
+ if (cert!=null) {
+ return cert;
}
}
-
return null;
} catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
throw new KeyResolverException("generic.EmptyMessage", ex);
}
@@ -173,7 +122,7 @@ public class X509CertificateResolver extends KeyResolverSpi {
* @param storage
*
*/
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
{
return null;
diff --git a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
index c4e824747ba198707875933156e282f6cbb0aa77..8f717e716897187aaaa2828bb5d6bca6d0ba76de 100644
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
+++ b/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -39,7 +38,7 @@ import org.w3c.dom.Element;
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class X509IssuerSerialResolver extends KeyResolverSpi {
@@ -48,44 +47,13 @@ public class X509IssuerSerialResolver extends KeyResolverSpi {
java.util.logging.Logger.getLogger(
X509IssuerSerialResolver.class.getName());
- /** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-
- X509Data x509data = null;
- try {
- x509data = new X509Data(element, BaseURI);
- } catch (XMLSignatureException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- } catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
-
- if (x509data == null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
- return false;
- }
-
- if (x509data.containsIssuerSerial()) {
- return true;
- }
-
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
- return false;
- }
/** @inheritDoc */
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- X509Certificate cert = this.engineResolveX509Certificate(element,
+ X509Certificate cert = this.engineLookupResolveX509Certificate(element,
BaseURI, storage);
if (cert != null) {
@@ -96,10 +64,31 @@ public class X509IssuerSerialResolver extends KeyResolverSpi {
}
/** @inheritDoc */
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
-
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
+
+ X509Data x509data = null;
+ try {
+ x509data = new X509Data(element, BaseURI);
+ } catch (XMLSignatureException ex) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ } catch (XMLSecurityException ex) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ }
+
+ if (x509data == null) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ }
+
+ if (!x509data.containsIssuerSerial()) {
+ return null;
+ }
try {
if (storage == null) {
Object exArgs[] = { Constants._TAG_X509ISSUERSERIAL };
@@ -107,53 +96,52 @@ public class X509IssuerSerialResolver extends KeyResolverSpi {
new KeyResolverException("KeyResolver.needStorageResolver",
exArgs);
- if (log.isLoggable(java.util.logging.Level.INFO)) log.log(java.util.logging.Level.INFO, "", ex);
+ log.log(java.util.logging.Level.INFO, "", ex);
throw ex;
}
- X509Data x509data = new X509Data(element, BaseURI);
int noOfISS = x509data.lengthIssuerSerial();
while (storage.hasNext()) {
X509Certificate cert = storage.next();
XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
- if (true) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Found Certificate Issuer: "
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Found Certificate Issuer: "
+ certSerial.getIssuerName());
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Found Certificate Serial: "
+ log.log(java.util.logging.Level.FINE, "Found Certificate Serial: "
+ certSerial.getSerialNumber().toString());
}
for (int i=0; i