Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 eae7e7bf 编写于 作者: M mullan
浏览文件
操作

6741606: Integrate Apache Santuario 

Reviewed-by: vinnie, hawtin
上级 35d4f061
展开全部 隐藏空白更改
内联 并排
Showing with 3721 addition and 2989 deletion
src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
浏览文件 @ eae7e7bf
...@@ -2,167 +2,316 @@ ...@@ -2,167 +2,316 @@
* reserved comment block * reserved comment block
* DO NOT REMOVE OR ALTER! * DO NOT REMOVE OR ALTER!
*/ */
/* /**
* Copyright 1999-2004 The Apache Software Foundation. * Licensed to the Apache Software Foundation (ASF) under one
* * or more contributor license agreements. See the NOTICE file
* Licensed under the Apache License, Version 2.0 (the "License"); * distributed with this work for additional information
* you may not use this file except in compliance with the License. * regarding copyright ownership. The ASF licenses this file
* You may obtain a copy of the License at * to you under the Apache License, Version 2.0 (the
* * "License"); you may not use this file except in compliance
* http://www.apache.org/licenses/LICENSE-2.0 * with the License. You may obtain a copy of the License at
* *
* Unless required by applicable law or agreed to in writing, software * http://www.apache.org/licenses/LICENSE-2.0
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/ */
package com.sun.org.apache.xml.internal.security.algorithms; package com.sun.org.apache.xml.internal.security.algorithms;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
import com.sun.org.apache.xml.internal.security.Init; import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;
/** /**
* This class maps algorithm identifier URIs to JAVA JCE class names. * This class maps algorithm identifier URIs to JAVA JCE class names.
*
* @author $Author: mullan $
*/ */
public class JCEMapper { public class JCEMapper {
/** {@link java.util.logging} logging facility */ /** {@link org.apache.commons.logging} logging facility */
static java.util.logging.Logger log = private static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(JCEMapper.class.getName()); java.util.logging.Logger.getLogger(JCEMapper.class.getName());
private static Map<String, Algorithm> algorithmsMap =
new ConcurrentHashMap<String, Algorithm>();
private static String providerName = null;
/**
* Method register
*
* @param id
* @param algorithm
*/
public static void register(String id, Algorithm algorithm) {
algorithmsMap.put(id, algorithm);
}
/**
* This method registers the default algorithms.
*/
public static void registerDefaultAlgorithms() {
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5,
new Algorithm("", "MD5", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_RIPEMD160,
new Algorithm("", "RIPEMD160", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1,
new Algorithm("", "SHA-1", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256,
new Algorithm("", "SHA-256", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA384,
new Algorithm("", "SHA-384", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512,
new Algorithm("", "SHA-512", "MessageDigest")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_DSA,
new Algorithm("", "SHA1withDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5,
new Algorithm("", "MD5withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160,
new Algorithm("", "RIPEMD160withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
new Algorithm("", "SHA1withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256,
new Algorithm("", "SHA256withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384,
new Algorithm("", "SHA384withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512,
new Algorithm("", "SHA512withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1,
new Algorithm("", "SHA1withECDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
new Algorithm("", "HmacMD5", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160,
new Algorithm("", "HMACRIPEMD160", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
new Algorithm("", "HmacSHA1", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_SHA256,
new Algorithm("", "HmacSHA256", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_SHA384,
new Algorithm("", "HmacSHA384", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_SHA512,
new Algorithm("", "HmacSHA512", "Mac")
);
algorithmsMap.put(
XMLCipher.TRIPLEDES,
new Algorithm("DESede", "DESede/CBC/ISO10126Padding", "BlockEncryption", 192)
);
algorithmsMap.put(
XMLCipher.AES_128,
new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 128)
);
algorithmsMap.put(
XMLCipher.AES_192,
new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 192)
);
algorithmsMap.put(
XMLCipher.AES_256,
new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 256)
);
algorithmsMap.put(
XMLCipher.RSA_v1dot5,
new Algorithm("RSA", "RSA/ECB/PKCS1Padding", "KeyTransport")
);
algorithmsMap.put(
XMLCipher.RSA_OAEP,
new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
);
algorithmsMap.put(
XMLCipher.DIFFIE_HELLMAN,
new Algorithm("", "", "KeyAgreement")
);
algorithmsMap.put(
XMLCipher.TRIPLEDES_KeyWrap,
new Algorithm("DESede", "DESedeWrap", "SymmetricKeyWrap", 192)
);
algorithmsMap.put(
XMLCipher.AES_128_KeyWrap,
new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 128)
);
algorithmsMap.put(
XMLCipher.AES_192_KeyWrap,
new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 192)
);
algorithmsMap.put(
XMLCipher.AES_256_KeyWrap,
new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 256)
);
}
/**
* Method translateURItoJCEID
*
* @param algorithmURI
* @return the JCE standard name corresponding to the given URI
*/
public static String translateURItoJCEID(String algorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
}
Algorithm algorithm = algorithmsMap.get(algorithmURI);
if (algorithm != null) {
return algorithm.jceName;
}
return null;
}
/**
* Method getAlgorithmClassFromURI
* @param algorithmURI
* @return the class name that implements this algorithm
*/
public static String getAlgorithmClassFromURI(String algorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
}
Algorithm algorithm = algorithmsMap.get(algorithmURI);
if (algorithm != null) {
return algorithm.algorithmClass;
}
return null;
}
/**
* Returns the keylength in bits for a particular algorithm.
*
* @param algorithmURI
* @return The length of the key used in the algorithm
*/
public static int getKeyLengthFromURI(String algorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
}
Algorithm algorithm = algorithmsMap.get(algorithmURI);
if (algorithm != null) {
return algorithm.keyLength;
}
return 0;
}
/**
* Method getJCEKeyAlgorithmFromURI
*
* @param algorithmURI
* @return The KeyAlgorithm for the given URI.
*/
public static String getJCEKeyAlgorithmFromURI(String algorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
}
Algorithm algorithm = algorithmsMap.get(algorithmURI);
if (algorithm != null) {
return algorithm.requiredKey;
}
return null;
}
/**
* Gets the default Provider for obtaining the security algorithms
* @return the default providerId.
*/
public static String getProviderId() {
return providerName;
}
/**
* Sets the default Provider for obtaining the security algorithms
* @param provider the default providerId.
*/
public static void setProviderId(String provider) {
providerName = provider;
}
/**
* Represents the Algorithm xml element
*/
public static class Algorithm {
final String requiredKey;
final String jceName;
final String algorithmClass;
final int keyLength;
private static Map<String, String> uriToJCEName;
private static Map<String, Algorithm> algorithmsMap;
private static String providerName = null;
/**
* Method init
*
* @param mappingElement
* @throws Exception
*/
public static void init(Element mappingElement) throws Exception {
loadAlgorithms((Element)mappingElement.getElementsByTagName("Algorithms").item(0));
}
static void loadAlgorithms( Element algorithmsEl) {
Element[] algorithms = XMLUtils.selectNodes(algorithmsEl.getFirstChild(),Init.CONF_NS,"Algorithm");
uriToJCEName = new HashMap<String, String>( algorithms.length * 2);
algorithmsMap = new HashMap<String, Algorithm>( algorithms.length * 2);
for (int i = 0 ;i < algorithms.length ;i ++) {
Element el = algorithms[i];
String id = el.getAttribute("URI");
String jceName = el.getAttribute("JCEName");
uriToJCEName.put(id, jceName);
algorithmsMap.put(id, new Algorithm(el));
}
}
static Algorithm getAlgorithmMapping(String algoURI) {
return algorithmsMap.get(algoURI);
}
/**
* Method translateURItoJCEID
*
* @param AlgorithmURI
* @return the JCE standard name corresponding to the given URI
*
*/
public static String translateURItoJCEID(String AlgorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
String jceName = uriToJCEName.get(AlgorithmURI);
return jceName;
}
/**
* Method getAlgorithmClassFromURI
* NOTE(Raul Benito) It seems a buggy function the loop doesn't do
* anything??
* @param AlgorithmURI
* @return the class name that implements this algorithm
*
*/
public static String getAlgorithmClassFromURI(String AlgorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
return (algorithmsMap.get(AlgorithmURI)).algorithmClass;
}
/**
* Returns the keylength in bit for a particular algorithm.
*
* @param AlgorithmURI
* @return The length of the key used in the alogrithm
*/
public static int getKeyLengthFromURI(String AlgorithmURI) {
return Integer.parseInt((algorithmsMap.get(AlgorithmURI)).keyLength);
}
/**
* Method getJCEKeyAlgorithmFromURI
*
* @param AlgorithmURI
* @return The KeyAlgorithm for the given URI.
*
*/
public static String getJCEKeyAlgorithmFromURI(String AlgorithmURI) {
return (algorithmsMap.get(AlgorithmURI)).requiredKey;
}
/**
* Gets the default Provider for obtaining the security algorithms
* @return the default providerId.
*/
public static String getProviderId() {
return providerName;
}
/**
* Sets the default Provider for obtaining the security algorithms
* @param provider the default providerId.
*/
public static void setProviderId(String provider) {
providerName=provider;
}
/**
* Represents the Algorithm xml element
*/
public static class Algorithm {
String algorithmClass;
String keyLength;
String requiredKey;
/** /**
* Gets data from element * Gets data from element
* @param el * @param el
*/ */
public Algorithm(Element el) { public Algorithm(Element el) {
algorithmClass=el.getAttribute("AlgorithmClass"); requiredKey = el.getAttribute("RequiredKey");
keyLength=el.getAttribute("KeyLength"); jceName = el.getAttribute("JCEName");
requiredKey=el.getAttribute("RequiredKey"); algorithmClass = el.getAttribute("AlgorithmClass");
if (el.hasAttribute("KeyLength")) {
keyLength = Integer.parseInt(el.getAttribute("KeyLength"));
} else {
keyLength = 0;
}
} }
}
public Algorithm(String requiredKey, String jceName) {
this(requiredKey, jceName, null, 0);
}
public Algorithm(String requiredKey, String jceName, String algorithmClass) {
this(requiredKey, jceName, algorithmClass, 0);
}
public Algorithm(String requiredKey, String jceName, int keyLength) {
this(requiredKey, jceName, null, keyLength);
}
public Algorithm(String requiredKey, String jceName, String algorithmClass, int keyLength) {
this.requiredKey = requiredKey;
this.jceName = jceName;
this.algorithmClass = algorithmClass;
this.keyLength = keyLength;
}
}
} }
src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
浏览文件 @ eae7e7bf
...@@ -2,34 +2,43 @@ ...@@ -2,34 +2,43 @@
* reserved comment block * reserved comment block
* DO NOT REMOVE OR ALTER! * DO NOT REMOVE OR ALTER!
*/ */
/* /**
* Copyright 1999-2008 The Apache Software Foundation. * Licensed to the Apache Software Foundation (ASF) under one
* * or more contributor license agreements. See the NOTICE file
* Licensed under the Apache License, Version 2.0 (the "License"); * distributed with this work for additional information
* you may not use this file except in compliance with the License. * regarding copyright ownership. The ASF licenses this file
* You may obtain a copy of the License at * to you under the Apache License, Version 2.0 (the
* * "License"); you may not use this file except in compliance
* http://www.apache.org/licenses/LICENSE-2.0 * with the License. You may obtain a copy of the License at
* *
* Unless required by applicable law or agreed to in writing, software * http://www.apache.org/licenses/LICENSE-2.0
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/ */
package com.sun.org.apache.xml.internal.security.c14n; package com.sun.org.apache.xml.internal.security.c14n;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_OmitComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_WithComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315ExclOmitComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315ExclWithComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315OmitComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315WithComments;
import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException; import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Node; import org.w3c.dom.Node;
...@@ -46,7 +55,7 @@ public class Canonicalizer { ...@@ -46,7 +55,7 @@ public class Canonicalizer {
public static final String ENCODING = "UTF8"; public static final String ENCODING = "UTF8";
/** /**
* XPath Expresion for selecting every node and continuous comments joined * XPath Expression for selecting every node and continuous comments joined
* in only one node * in only one node
*/ */
public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE = public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE =
...@@ -83,22 +92,10 @@ public class Canonicalizer { ...@@ -83,22 +92,10 @@ public class Canonicalizer {
public static final String ALGO_ID_C14N11_WITH_COMMENTS = public static final String ALGO_ID_C14N11_WITH_COMMENTS =
ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments"; ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments";
static boolean _alreadyInitialized = false; private static Map<String, Class<? extends CanonicalizerSpi>> canonicalizerHash =
static Map<String,Class<? extends CanonicalizerSpi>> _canonicalizerHash = null; new ConcurrentHashMap<String, Class<? extends CanonicalizerSpi>>();
protected CanonicalizerSpi canonicalizerSpi = null;
/**
* Method init
*
*/
public static void init() {
if (!Canonicalizer._alreadyInitialized) { private final CanonicalizerSpi canonicalizerSpi;
Canonicalizer._canonicalizerHash = new HashMap<String, Class<? extends CanonicalizerSpi>>(10);
Canonicalizer._alreadyInitialized = true;
}
}
/** /**
* Constructor Canonicalizer * Constructor Canonicalizer
...@@ -106,21 +103,18 @@ public class Canonicalizer { ...@@ -106,21 +103,18 @@ public class Canonicalizer {
* @param algorithmURI * @param algorithmURI
* @throws InvalidCanonicalizerException * @throws InvalidCanonicalizerException
*/ */
private Canonicalizer(String algorithmURI) private Canonicalizer(String algorithmURI) throws InvalidCanonicalizerException {
throws InvalidCanonicalizerException {
try { try {
Class<? extends CanonicalizerSpi> implementingClass = Class<? extends CanonicalizerSpi> implementingClass =
getImplementingClass(algorithmURI); canonicalizerHash.get(algorithmURI);
this.canonicalizerSpi = canonicalizerSpi = implementingClass.newInstance();
implementingClass.newInstance(); canonicalizerSpi.reset = true;
this.canonicalizerSpi.reset=true;
} catch (Exception e) { } catch (Exception e) {
Object exArgs[] = { algorithmURI }; Object exArgs[] = { algorithmURI };
throw new InvalidCanonicalizerException( throw new InvalidCanonicalizerException(
"signature.Canonicalizer.UnknownCanonicalizer", exArgs); "signature.Canonicalizer.UnknownCanonicalizer", exArgs, e
);
} }
} }
...@@ -128,15 +122,12 @@ public class Canonicalizer { ...@@ -128,15 +122,12 @@ public class Canonicalizer {
* Method getInstance * Method getInstance
* *
* @param algorithmURI * @param algorithmURI
* @return a Conicicalizer instance ready for the job * @return a Canonicalizer instance ready for the job
* @throws InvalidCanonicalizerException * @throws InvalidCanonicalizerException
*/ */
public static final Canonicalizer getInstance(String algorithmURI) public static final Canonicalizer getInstance(String algorithmURI)
throws InvalidCanonicalizerException { throws InvalidCanonicalizerException {
return new Canonicalizer(algorithmURI);
Canonicalizer c14nizer = new Canonicalizer(algorithmURI);
return c14nizer;
} }
/** /**
...@@ -148,23 +139,69 @@ public class Canonicalizer { ...@@ -148,23 +139,69 @@ public class Canonicalizer {
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public static void register(String algorithmURI, String implementingClass) public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException { throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
// check whether URI is already registered // check whether URI is already registered
Class<? extends CanonicalizerSpi> registeredClass = getImplementingClass(algorithmURI); Class<? extends CanonicalizerSpi> registeredClass =
canonicalizerHash.get(algorithmURI);
if (registeredClass != null) { if (registeredClass != null) {
Object exArgs[] = { algorithmURI, registeredClass }; Object exArgs[] = { algorithmURI, registeredClass };
throw new AlgorithmAlreadyRegisteredException("algorithm.alreadyRegistered", exArgs);
throw new AlgorithmAlreadyRegisteredException(
"algorithm.alreadyRegistered", exArgs);
} }
try { canonicalizerHash.put(
_canonicalizerHash.put(algorithmURI, (Class<? extends CanonicalizerSpi>) Class.forName(implementingClass)); algorithmURI, (Class<? extends CanonicalizerSpi>)Class.forName(implementingClass)
} catch (ClassNotFoundException e) { );
throw new RuntimeException("c14n class not found"); }
/**
* Method register
*
* @param algorithmURI
* @param implementingClass
* @throws AlgorithmAlreadyRegisteredException
*/
public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
// check whether URI is already registered
Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
if (registeredClass != null) {
Object exArgs[] = { algorithmURI, registeredClass };
throw new AlgorithmAlreadyRegisteredException("algorithm.alreadyRegistered", exArgs);
} }
canonicalizerHash.put(algorithmURI, implementingClass);
}
/**
* This method registers the default algorithms.
*/
public static void registerDefaultAlgorithms() {
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS,
Canonicalizer20010315OmitComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS,
Canonicalizer20010315WithComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS,
Canonicalizer20010315ExclOmitComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS,
Canonicalizer20010315ExclWithComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS,
Canonicalizer11_OmitComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS,
Canonicalizer11_WithComments.class
);
} }
/** /**
...@@ -173,7 +210,7 @@ public class Canonicalizer { ...@@ -173,7 +210,7 @@ public class Canonicalizer {
* @return the URI defined for this c14n instance. * @return the URI defined for this c14n instance.
*/ */
public final String getURI() { public final String getURI() {
return this.canonicalizerSpi.engineGetURI(); return canonicalizerSpi.engineGetURI();
} }
/** /**
...@@ -182,7 +219,7 @@ public class Canonicalizer { ...@@ -182,7 +219,7 @@ public class Canonicalizer {
* @return true if the c14n respect the comments. * @return true if the c14n respect the comments.
*/ */
public boolean getIncludeComments() { public boolean getIncludeComments() {
return this.canonicalizerSpi.engineGetIncludeComments(); return canonicalizerSpi.engineGetIncludeComments();
} }
/** /**
...@@ -191,33 +228,32 @@ public class Canonicalizer { ...@@ -191,33 +228,32 @@ public class Canonicalizer {
* wrapped with a <CODE>&gt;a&lt;...&gt;/a&lt;</CODE>. * wrapped with a <CODE>&gt;a&lt;...&gt;/a&lt;</CODE>.
* *
* @param inputBytes * @param inputBytes
* @return the result of the conicalization. * @return the result of the canonicalization.
* @throws CanonicalizationException * @throws CanonicalizationException
* @throws java.io.IOException * @throws java.io.IOException
* @throws javax.xml.parsers.ParserConfigurationException * @throws javax.xml.parsers.ParserConfigurationException
* @throws org.xml.sax.SAXException * @throws org.xml.sax.SAXException
*/ */
public byte[] canonicalize(byte[] inputBytes) public byte[] canonicalize(byte[] inputBytes)
throws javax.xml.parsers.ParserConfigurationException, throws javax.xml.parsers.ParserConfigurationException,
java.io.IOException, org.xml.sax.SAXException, java.io.IOException, org.xml.sax.SAXException, CanonicalizationException {
CanonicalizationException { InputStream bais = new ByteArrayInputStream(inputBytes);
ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
InputSource in = new InputSource(bais); InputSource in = new InputSource(bais);
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
dfactory.setNamespaceAware(true); dfactory.setNamespaceAware(true);
// needs to validate for ID attribute nomalization // needs to validate for ID attribute normalization
dfactory.setValidating(true); dfactory.setValidating(true);
DocumentBuilder db = dfactory.newDocumentBuilder(); DocumentBuilder db = dfactory.newDocumentBuilder();
/* /*
* for some of the test vectors from the specification, * for some of the test vectors from the specification,
* there has to be a validatin parser for ID attributes, default * there has to be a validating parser for ID attributes, default
* attribute values, NMTOKENS, etc. * attribute values, NMTOKENS, etc.
* Unfortunaltely, the test vectors do use different DTDs or * Unfortunately, the test vectors do use different DTDs or
* even no DTD. So Xerces 1.3.1 fires many warnings about using * even no DTD. So Xerces 1.3.1 fires many warnings about using
* ErrorHandlers. * ErrorHandlers.
* *
...@@ -233,28 +269,23 @@ public class Canonicalizer { ...@@ -233,28 +269,23 @@ public class Canonicalizer {
* declaration are used to help create the canonical form, even * declaration are used to help create the canonical form, even
* though the document type declaration is not retained in the * though the document type declaration is not retained in the
* canonical form. * canonical form.
*
*/ */
db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler());
.IgnoreAllErrorHandler());
Document document = db.parse(in); Document document = db.parse(in);
byte result[] = this.canonicalizeSubtree(document); return this.canonicalizeSubtree(document);
return result;
} }
/** /**
* Canonicalizes the subtree rooted by <CODE>node</CODE>. * Canonicalizes the subtree rooted by <CODE>node</CODE>.
* *
* @param node The node to canicalize * @param node The node to canonicalize
* @return the result of the c14n. * @return the result of the c14n.
* *
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeSubtree(Node node) public byte[] canonicalizeSubtree(Node node) throws CanonicalizationException {
throws CanonicalizationException { return canonicalizerSpi.engineCanonicalizeSubTree(node);
return this.canonicalizerSpi.engineCanonicalizeSubTree(node);
} }
/** /**
...@@ -266,9 +297,8 @@ public class Canonicalizer { ...@@ -266,9 +297,8 @@ public class Canonicalizer {
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces) public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
throws CanonicalizationException { throws CanonicalizationException {
return this.canonicalizerSpi.engineCanonicalizeSubTree(node, return canonicalizerSpi.engineCanonicalizeSubTree(node, inclusiveNamespaces);
inclusiveNamespaces);
} }
/** /**
...@@ -280,8 +310,8 @@ public class Canonicalizer { ...@@ -280,8 +310,8 @@ public class Canonicalizer {
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet) public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
throws CanonicalizationException { throws CanonicalizationException {
return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet); return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
} }
/** /**
...@@ -294,10 +324,10 @@ public class Canonicalizer { ...@@ -294,10 +324,10 @@ public class Canonicalizer {
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeXPathNodeSet( public byte[] canonicalizeXPathNodeSet(
NodeList xpathNodeSet, String inclusiveNamespaces) NodeList xpathNodeSet, String inclusiveNamespaces
throws CanonicalizationException { ) throws CanonicalizationException {
return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, return
inclusiveNamespaces); canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
} }
/** /**
...@@ -308,8 +338,8 @@ public class Canonicalizer { ...@@ -308,8 +338,8 @@ public class Canonicalizer {
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet) public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
throws CanonicalizationException { throws CanonicalizationException {
return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet); return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
} }
/** /**
...@@ -320,10 +350,11 @@ public class Canonicalizer { ...@@ -320,10 +350,11 @@ public class Canonicalizer {
* @return the result of the c14n. * @return the result of the c14n.
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet, public byte[] canonicalizeXPathNodeSet(
String inclusiveNamespaces) throws CanonicalizationException { Set<Node> xpathNodeSet, String inclusiveNamespaces
return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, ) throws CanonicalizationException {
inclusiveNamespaces); return
canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
} }
/** /**
...@@ -332,7 +363,7 @@ public class Canonicalizer { ...@@ -332,7 +363,7 @@ public class Canonicalizer {
* @param os * @param os
*/ */
public void setWriter(OutputStream os) { public void setWriter(OutputStream os) {
this.canonicalizerSpi.setWriter(os); canonicalizerSpi.setWriter(os);
} }
/** /**
...@@ -341,23 +372,14 @@ public class Canonicalizer { ...@@ -341,23 +372,14 @@ public class Canonicalizer {
* @return the name of the implementing {@link CanonicalizerSpi} class * @return the name of the implementing {@link CanonicalizerSpi} class
*/ */
public String getImplementingCanonicalizerClass() { public String getImplementingCanonicalizerClass() {
return this.canonicalizerSpi.getClass().getName(); return canonicalizerSpi.getClass().getName();
}
/**
* Method getImplementingClass
*
* @param URI
* @return the name of the class that implements the given URI
*/
private static Class<? extends CanonicalizerSpi> getImplementingClass(String URI) {
return _canonicalizerHash.get(URI);
} }
/** /**
* Set the canonicalizer behaviour to not reset. * Set the canonicalizer behaviour to not reset.
*/ */
public void notReset() { public void notReset() {
this.canonicalizerSpi.reset = false; canonicalizerSpi.reset = false;
} }
} }
src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java
浏览文件 @ eae7e7bf
...@@ -26,6 +26,7 @@ import java.io.ByteArrayInputStream; ...@@ -26,6 +26,7 @@ import java.io.ByteArrayInputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.Set; import java.util.Set;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath; import javax.xml.xpath.XPath;
...@@ -67,6 +68,7 @@ public abstract class CanonicalizerSpi { ...@@ -67,6 +68,7 @@ public abstract class CanonicalizerSpi {
java.io.ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes); java.io.ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
InputSource in = new InputSource(bais); InputSource in = new InputSource(bais);
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
// needs to validate for ID attribute nomalization // needs to validate for ID attribute nomalization
dfactory.setNamespaceAware(true); dfactory.setNamespaceAware(true);
......
src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java
浏览文件 @ eae7e7bf
...@@ -41,6 +41,7 @@ import javax.crypto.Cipher; ...@@ -41,6 +41,7 @@ import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException; import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException; import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.IvParameterSpec;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
...@@ -1981,22 +1982,23 @@ public class XMLCipher { ...@@ -1981,22 +1982,23 @@ public class XMLCipher {
try { try {
DocumentBuilderFactory dbf = DocumentBuilderFactory dbf =
DocumentBuilderFactory.newInstance(); DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true); dbf.setNamespaceAware(true);
dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
DocumentBuilder db = dbf.newDocumentBuilder(); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
Document d = db.parse( DocumentBuilder db = dbf.newDocumentBuilder();
new InputSource(new StringReader(fragment))); Document d = db.parse(
new InputSource(new StringReader(fragment)));
Element fragElt = (Element) _contextDocument.importNode(
Element fragElt = (Element) _contextDocument.importNode(
d.getDocumentElement(), true); d.getDocumentElement(), true);
result = _contextDocument.createDocumentFragment(); result = _contextDocument.createDocumentFragment();
Node child = fragElt.getFirstChild(); Node child = fragElt.getFirstChild();
while (child != null) { while (child != null) {
fragElt.removeChild(child); fragElt.removeChild(child);
result.appendChild(child); result.appendChild(child);
child = fragElt.getFirstChild(); child = fragElt.getFirstChild();
} }
// String outp = serialize(d); // String outp = serialize(d);
} catch (SAXException se) { } catch (SAXException se) {
throw new XMLEncryptionException("empty", se); throw new XMLEncryptionException("empty", se);
......
src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
浏览文件 @ eae7e7bf
...@@ -719,42 +719,36 @@ public class KeyInfo extends SignatureElementProxy { ...@@ -719,42 +719,36 @@ public class KeyInfo extends SignatureElementProxy {
return null; return null;
} }
/** /**
* Searches the library wide keyresolvers for public keys * Searches the library wide keyresolvers for public keys
* *
* @return The publick contained in this Node. * @return The public key contained in this Node.
* @throws KeyResolverException * @throws KeyResolverException
*/ */
PublicKey getPublicKeyFromStaticResolvers() throws KeyResolverException { PublicKey getPublicKeyFromStaticResolvers() throws KeyResolverException {
int length=KeyResolver.length(); Iterator<KeyResolverSpi> it = KeyResolver.iterator();
int storageLength=this._storageResolvers.size(); while (it.hasNext()) {
Iterator<KeyResolverSpi> it= KeyResolver.iterator(); KeyResolverSpi keyResolver = it.next();
for (int i = 0; i < length; i++) { Node currentChild = this._constructionElement.getFirstChild();
KeyResolverSpi keyResolver = it.next(); String uri = this.getBaseURI();
Node currentChild=this._constructionElement.getFirstChild(); while (currentChild != null) {
String uri= this.getBaseURI(); if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
while (currentChild!=null) { for (StorageResolver storage : _storageResolvers) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) { PublicKey pk =
for (int k = 0; k < storageLength; k++) { keyResolver.engineLookupAndResolvePublicKey(
StorageResolver storage = (Element) currentChild, uri, storage
this._storageResolvers.get(k); );
PublicKey pk = if (pk != null) {
keyResolver.engineLookupAndResolvePublicKey((Element) currentChild, return pk;
uri, }
storage); }
}
if (pk != null) { currentChild = currentChild.getNextSibling();
KeyResolver.hit(it);
return pk;
}
}
} }
currentChild=currentChild.getNextSibling(); }
} return null;
} }
return null;
}
/** /**
* Searches the per-KeyInfo keyresolvers for public keys * Searches the per-KeyInfo keyresolvers for public keys
...@@ -829,81 +823,83 @@ public class KeyInfo extends SignatureElementProxy { ...@@ -829,81 +823,83 @@ public class KeyInfo extends SignatureElementProxy {
return null; return null;
} }
/** /**
* This method uses each System-wide {@link KeyResolver} to search the * This method uses each System-wide {@link KeyResolver} to search the
* child elements. Each combination of {@link KeyResolver} and child element * child elements. Each combination of {@link KeyResolver} and child element
* is checked against all {@link StorageResolver}s. * is checked against all {@link StorageResolver}s.
* *
* @return The certificate contined in this KeyInfo * @return The certificate contained in this KeyInfo
* @throws KeyResolverException * @throws KeyResolverException
*/ */
X509Certificate getX509CertificateFromStaticResolvers() X509Certificate getX509CertificateFromStaticResolvers()
throws KeyResolverException { throws KeyResolverException {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Start getX509CertificateFromStaticResolvers() with " log.log(java.util.logging.Level.FINE,
+ KeyResolver.length() + " resolvers"); "Start getX509CertificateFromStaticResolvers() with " + KeyResolver.length()
String uri=this.getBaseURI(); + " resolvers"
int length= KeyResolver.length(); );
int storageLength=this._storageResolvers.size(); }
Iterator<KeyResolverSpi> it = KeyResolver.iterator(); String uri = this.getBaseURI();
for (int i = 0; i <length; i++) { Iterator<KeyResolverSpi> it = KeyResolver.iterator();
KeyResolverSpi keyResolver = it.next(); while (it.hasNext()) {
X509Certificate cert= applyCurrentResolver(uri, storageLength, keyResolver); KeyResolverSpi keyResolver = it.next();
if (cert!=null) { X509Certificate cert = applyCurrentResolver(uri, keyResolver);
KeyResolver.hit(it); if (cert != null) {
return cert; return cert;
} }
} }
return null; return null;
} }
private X509Certificate applyCurrentResolver(String uri, int storageLength, KeyResolverSpi keyResolver) throws KeyResolverException {
Node currentChild=this._constructionElement.getFirstChild();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
for (int k = 0; k < storageLength; k++) {
StorageResolver storage =
this._storageResolvers.get(k);
X509Certificate cert = keyResolver
.engineLookupResolveX509Certificate((Element) currentChild, uri,
storage);
if (cert != null) { private X509Certificate applyCurrentResolver(
return cert; String uri, KeyResolverSpi keyResolver
} ) throws KeyResolverException {
} Node currentChild = this._constructionElement.getFirstChild();
while (currentChild != null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
for (StorageResolver storage : _storageResolvers) {
X509Certificate cert =
keyResolver.engineLookupResolveX509Certificate(
(Element) currentChild, uri, storage
);
if (cert != null) {
return cert;
}
}
} }
currentChild=currentChild.getNextSibling(); currentChild = currentChild.getNextSibling();
} }
return null; return null;
} }
/** /**
* Method getX509CertificateFromInternalResolvers * Method getX509CertificateFromInternalResolvers
* *
* @return The certificate contined in this KeyInfo * @return The certificate contined in this KeyInfo
* @throws KeyResolverException * @throws KeyResolverException
*/ */
X509Certificate getX509CertificateFromInternalResolvers() X509Certificate getX509CertificateFromInternalResolvers()
throws KeyResolverException { throws KeyResolverException {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Start getX509CertificateFromInternalResolvers() with " log.log(java.util.logging.Level.FINE,
+ this.lengthInternalKeyResolver() + " resolvers"); "Start getX509CertificateFromInternalResolvers() with "
String uri=this.getBaseURI(); + this.lengthInternalKeyResolver() + " resolvers"
int storageLength=this._storageResolvers.size(); );
for (int i = 0; i < this.lengthInternalKeyResolver(); i++) { }
KeyResolverSpi keyResolver = this.itemInternalKeyResolver(i); String uri = this.getBaseURI();
if (log.isLoggable(java.util.logging.Level.FINE)) for (KeyResolverSpi keyResolver : _internalKeyResolvers) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName()); log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
X509Certificate cert= applyCurrentResolver(uri, storageLength, keyResolver); }
if (cert!=null) { X509Certificate cert = applyCurrentResolver(uri, keyResolver);
return cert; if (cert != null) {
} return cert;
} }
}
return null; return null;
} }
/** /**
* This method returns a secret (symmetric) key. This is for XML Encryption. * This method returns a secret (symmetric) key. This is for XML Encryption.
...@@ -1048,7 +1044,7 @@ public class KeyInfo extends SignatureElementProxy { ...@@ -1048,7 +1044,7 @@ public class KeyInfo extends SignatureElementProxy {
} }
/** Field _storageResolvers */ /** Field _storageResolvers */
List<StorageResolver> _storageResolvers = nullList; private List<StorageResolver> _storageResolvers = nullList;
/** /**
* Method addStorageResolver * Method addStorageResolver
......
src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
浏览文件 @ eae7e7bf
...@@ -34,6 +34,7 @@ import java.util.List; ...@@ -34,6 +34,7 @@ import java.util.List;
import java.util.ListIterator; import java.util.ListIterator;
import java.util.Set; import java.util.Set;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException; import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
...@@ -251,6 +252,7 @@ public class RetrievalMethodResolver extends KeyResolverSpi { ...@@ -251,6 +252,7 @@ public class RetrievalMethodResolver extends KeyResolverSpi {
try { try {
javax.xml.parsers.DocumentBuilderFactory dbf =javax.xml.parsers.DocumentBuilderFactory.newInstance(); javax.xml.parsers.DocumentBuilderFactory dbf =javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true); dbf.setNamespaceAware(true);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document doc = org.w3c.dom.Document doc =
db.parse(new java.io.ByteArrayInputStream(bytes)); db.parse(new java.io.ByteArrayInputStream(bytes));
......
src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java
浏览文件 @ eae7e7bf
...@@ -25,6 +25,7 @@ import java.io.IOException; ...@@ -25,6 +25,7 @@ import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm; import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
...@@ -186,8 +187,10 @@ public class SignedInfo extends Manifest { ...@@ -186,8 +187,10 @@ public class SignedInfo extends Manifest {
javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory dbf =
javax.xml.parsers.DocumentBuilderFactory.newInstance(); javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true); dbf.setNamespaceAware(true);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document newdoc = Document newdoc =
db.parse(new ByteArrayInputStream(this._c14nizedBytes)); db.parse(new ByteArrayInputStream(this._c14nizedBytes));
Node imported = Node imported =
this._doc.importNode(newdoc.getDocumentElement(), true); this._doc.importNode(newdoc.getDocumentElement(), true);
......
src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
浏览文件 @ eae7e7bf
...@@ -201,14 +201,13 @@ private Element signatureValueElement; ...@@ -201,14 +201,13 @@ private Element signatureValueElement;
super(doc); super(doc);
String xmlnsDsPrefix = String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
getDefaultPrefixBindings(Constants.SignatureSpecNS);
if (xmlnsDsPrefix == null) { if (xmlnsDsPrefix == null) {
this._constructionElement.setAttributeNS this._constructionElement.setAttributeNS
(Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS); (Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS);
} else { } else {
this._constructionElement.setAttributeNS this._constructionElement.setAttributeNS
(Constants.NamespaceSpecNS, xmlnsDsPrefix, Constants.SignatureSpecNS); (Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS);
} }
XMLUtils.addReturnToElement(this._constructionElement); XMLUtils.addReturnToElement(this._constructionElement);
...@@ -242,14 +241,13 @@ private Element signatureValueElement; ...@@ -242,14 +241,13 @@ private Element signatureValueElement;
super(doc); super(doc);
String xmlnsDsPrefix = String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
getDefaultPrefixBindings(Constants.SignatureSpecNS);
if (xmlnsDsPrefix == null) { if (xmlnsDsPrefix == null) {
this._constructionElement.setAttributeNS this._constructionElement.setAttributeNS
(Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS); (Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS);
} else { } else {
this._constructionElement.setAttributeNS this._constructionElement.setAttributeNS
(Constants.NamespaceSpecNS, xmlnsDsPrefix, Constants.SignatureSpecNS); (Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS);
} }
XMLUtils.addReturnToElement(this._constructionElement); XMLUtils.addReturnToElement(this._constructionElement);
......
src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java
浏览文件 @ eae7e7bf
...@@ -31,6 +31,7 @@ import java.util.HashSet; ...@@ -31,6 +31,7 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
...@@ -603,6 +604,8 @@ public class XMLSignatureInput implements Cloneable { ...@@ -603,6 +604,8 @@ public class XMLSignatureInput implements Cloneable {
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setValidating(false); dfactory.setValidating(false);
dfactory.setNamespaceAware(true); dfactory.setNamespaceAware(true);
dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
DocumentBuilder db = dfactory.newDocumentBuilder(); DocumentBuilder db = dfactory.newDocumentBuilder();
// select all nodes, also the comments. // select all nodes, also the comments.
try { try {
......
src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java
浏览文件 @ eae7e7bf
...@@ -158,8 +158,7 @@ public class Transforms extends SignatureElementProxy { ...@@ -158,8 +158,7 @@ public class Transforms extends SignatureElementProxy {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")"); log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")");
Transform transform = Transform transform = new Transform(this._doc, transformURI);
Transform.getInstance(this._doc, transformURI);
this.addTransform(transform); this.addTransform(transform);
} catch (InvalidTransformException ex) { } catch (InvalidTransformException ex) {
...@@ -184,8 +183,7 @@ public class Transforms extends SignatureElementProxy { ...@@ -184,8 +183,7 @@ public class Transforms extends SignatureElementProxy {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")"); log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")");
Transform transform = Transform transform = new Transform(this._doc, transformURI, contextElement);
Transform.getInstance(this._doc, transformURI, contextElement);
this.addTransform(transform); this.addTransform(transform);
} catch (InvalidTransformException ex) { } catch (InvalidTransformException ex) {
...@@ -207,8 +205,7 @@ public class Transforms extends SignatureElementProxy { ...@@ -207,8 +205,7 @@ public class Transforms extends SignatureElementProxy {
throws TransformationException { throws TransformationException {
try { try {
Transform transform = Transform transform = new Transform(this._doc, transformURI, contextNodes);
Transform.getInstance(this._doc, transformURI, contextNodes);
this.addTransform(transform); this.addTransform(transform);
} catch (InvalidTransformException ex) { } catch (InvalidTransformException ex) {
throw new TransformationException("empty", ex); throw new TransformationException("empty", ex);
......
src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java
浏览文件 @ eae7e7bf
...@@ -26,6 +26,7 @@ import java.io.BufferedInputStream; ...@@ -26,6 +26,7 @@ import java.io.BufferedInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
...@@ -145,11 +146,13 @@ public class TransformBase64Decode extends TransformSpi { ...@@ -145,11 +146,13 @@ public class TransformBase64Decode extends TransformSpi {
} }
try { try {
//Exceptional case there is current not text case testing this(Before it was a // Exceptional case there is current not text case testing this
//a common case). // (before it was a a common case).
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
Document doc = Document doc =
DocumentBuilderFactory.newInstance().newDocumentBuilder().parse( dbf.newDocumentBuilder().parse(input.getOctetStream());
input.getOctetStream());
Element rootNode = doc.getDocumentElement(); Element rootNode = doc.getDocumentElement();
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
...@@ -157,13 +160,13 @@ public class TransformBase64Decode extends TransformSpi { ...@@ -157,13 +160,13 @@ public class TransformBase64Decode extends TransformSpi {
byte[] decodedBytes = Base64.decode(sb.toString()); byte[] decodedBytes = Base64.decode(sb.toString());
return new XMLSignatureInput(decodedBytes); return new XMLSignatureInput(decodedBytes);
} catch (ParserConfigurationException e) { } catch (ParserConfigurationException e) {
throw new TransformationException("c14n.Canonicalizer.Exception",e); throw new TransformationException("c14n.Canonicalizer.Exception",e);
} catch (SAXException e) { } catch (SAXException e) {
throw new TransformationException("SAX exception", e); throw new TransformationException("SAX exception", e);
} }
} catch (Base64DecodingException e) { } catch (Base64DecodingException e) {
throw new TransformationException("Base64Decoding", e); throw new TransformationException("Base64Decoding", e);
} }
} }
......
src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java
浏览文件 @ eae7e7bf
...@@ -26,6 +26,7 @@ import java.io.IOException; ...@@ -26,6 +26,7 @@ import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import javax.xml.XMLConstants;
import javax.xml.transform.Source; import javax.xml.transform.Source;
import javax.xml.transform.Transformer; import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerConfigurationException;
...@@ -109,7 +110,8 @@ public class TransformXSLT extends TransformSpi { ...@@ -109,7 +110,8 @@ public class TransformXSLT extends TransformSpi {
TransformerFactory tFactory = TransformerFactory.newInstance(); TransformerFactory tFactory = TransformerFactory.newInstance();
// Process XSLT stylesheets in a secure manner // Process XSLT stylesheets in a secure manner
tFactory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE); tFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
/* /*
* This transform requires an octet stream as input. If the actual * This transform requires an octet stream as input. If the actual
* input is an XPath node-set, then the signature application should * input is an XPath node-set, then the signature application should
......
src/share/classes/com/sun/org/apache/xml/internal/security/utils/ClassLoaderUtils.java 0 → 100644
浏览文件 @ eae7e7bf
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package com.sun.org.apache.xml.internal.security.utils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
/**
* This class is extremely useful for loading resources and classes in a fault
* tolerant manner that works across different applications servers. Do not
* touch this unless you're a grizzled classloading guru veteran who is going to
* verify any change on 6 different application servers.
*/
public final class ClassLoaderUtils {
/** {@link org.apache.commons.logging} logging facility */
private static final java.util.logging.Logger log =
java.util.logging.Logger.getLogger(ClassLoaderUtils.class.getName());
private ClassLoaderUtils() {
}
/**
* Load a given resource. <p/> This method will try to load the resource
* using the following methods (in order):
* <ul>
* <li>From Thread.currentThread().getContextClassLoader()
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>callingClass.getClassLoader()
* </ul>
*
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
public static URL getResource(String resourceName, Class<?> callingClass) {
URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
if (url == null && resourceName.startsWith("/")) {
//certain classloaders need it without the leading /
url =
Thread.currentThread().getContextClassLoader().getResource(
resourceName.substring(1)
);
}
ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
if (cluClassloader == null) {
cluClassloader = ClassLoader.getSystemClassLoader();
}
if (url == null) {
url = cluClassloader.getResource(resourceName);
}
if (url == null && resourceName.startsWith("/")) {
//certain classloaders need it without the leading /
url = cluClassloader.getResource(resourceName.substring(1));
}
if (url == null) {
ClassLoader cl = callingClass.getClassLoader();
if (cl != null) {
url = cl.getResource(resourceName);
}
}
if (url == null) {
url = callingClass.getResource(resourceName);
}
if ((url == null) && (resourceName != null) && (resourceName.charAt(0) != '/')) {
return getResource('/' + resourceName, callingClass);
}
return url;
}
/**
* Load a given resources. <p/> This method will try to load the resources
* using the following methods (in order):
* <ul>
* <li>From Thread.currentThread().getContextClassLoader()
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>callingClass.getClassLoader()
* </ul>
*
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
public static List<URL> getResources(String resourceName, Class<?> callingClass) {
List<URL> ret = new ArrayList<URL>();
Enumeration<URL> urls = new Enumeration<URL>() {
public boolean hasMoreElements() {
return false;
}
public URL nextElement() {
return null;
}
};
try {
urls = Thread.currentThread().getContextClassLoader().getResources(resourceName);
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
//ignore
}
if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
//certain classloaders need it without the leading /
try {
urls =
Thread.currentThread().getContextClassLoader().getResources(
resourceName.substring(1)
);
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
// ignore
}
}
ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
if (cluClassloader == null) {
cluClassloader = ClassLoader.getSystemClassLoader();
}
if (!urls.hasMoreElements()) {
try {
urls = cluClassloader.getResources(resourceName);
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
// ignore
}
}
if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
//certain classloaders need it without the leading /
try {
urls = cluClassloader.getResources(resourceName.substring(1));
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
// ignore
}
}
if (!urls.hasMoreElements()) {
ClassLoader cl = callingClass.getClassLoader();
if (cl != null) {
try {
urls = cl.getResources(resourceName);
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
// ignore
}
}
}
if (!urls.hasMoreElements()) {
URL url = callingClass.getResource(resourceName);
if (url != null) {
ret.add(url);
}
}
while (urls.hasMoreElements()) {
ret.add(urls.nextElement());
}
if (ret.isEmpty() && (resourceName != null) && (resourceName.charAt(0) != '/')) {
return getResources('/' + resourceName, callingClass);
}
return ret;
}
/**
* This is a convenience method to load a resource as a stream. <p/> The
* algorithm used to find the resource is given in getResource()
*
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
public static InputStream getResourceAsStream(String resourceName, Class<?> callingClass) {
URL url = getResource(resourceName, callingClass);
try {
return (url != null) ? url.openStream() : null;
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
return null;
}
}
/**
* Load a class with a given name. <p/> It will try to load the class in the
* following order:
* <ul>
* <li>From Thread.currentThread().getContextClassLoader()
* <li>Using the basic Class.forName()
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>From the callingClass.getClassLoader()
* </ul>
*
* @param className The name of the class to load
* @param callingClass The Class object of the calling object
* @throws ClassNotFoundException If the class cannot be found anywhere.
*/
public static Class<?> loadClass(String className, Class<?> callingClass)
throws ClassNotFoundException {
try {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
if (cl != null) {
return cl.loadClass(className);
}
} catch (ClassNotFoundException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
//ignore
}
return loadClass2(className, callingClass);
}
private static Class<?> loadClass2(String className, Class<?> callingClass)
throws ClassNotFoundException {
try {
return Class.forName(className);
} catch (ClassNotFoundException ex) {
try {
if (ClassLoaderUtils.class.getClassLoader() != null) {
return ClassLoaderUtils.class.getClassLoader().loadClass(className);
}
} catch (ClassNotFoundException exc) {
if (callingClass != null && callingClass.getClassLoader() != null) {
return callingClass.getClassLoader().loadClass(className);
}
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
}
throw ex;
}
}
}
src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverSpi.java
浏览文件 @ eae7e7bf
...@@ -43,6 +43,8 @@ public abstract class ResourceResolverSpi { ...@@ -43,6 +43,8 @@ public abstract class ResourceResolverSpi {
/** Field _properties */ /** Field _properties */
protected java.util.Map<String,String> _properties = null; protected java.util.Map<String,String> _properties = null;
protected boolean secureValidation;
/** /**
* This is the workhorse method used to resolve resources. * This is the workhorse method used to resolve resources.
* *
......
src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java
浏览文件 @ eae7e7bf
...@@ -23,11 +23,12 @@ package com.sun.org.apache.xml.internal.security.utils.resolver.implementations; ...@@ -23,11 +23,12 @@ package com.sun.org.apache.xml.internal.security.utils.resolver.implementations;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.utils.IdResolver; import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException; import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi; import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr; import org.w3c.dom.Attr;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node; import org.w3c.dom.Node;
...@@ -51,63 +52,68 @@ public class ResolverFragment extends ResourceResolverSpi { ...@@ -51,63 +52,68 @@ public class ResolverFragment extends ResourceResolverSpi {
/** /**
* Method engineResolve * Method engineResolve
* *
* Wird das gleiche Dokument referenziert?
* Wird ein anderes Dokument referenziert?
* @inheritDoc * @inheritDoc
* @param uri * @param uri
* @param BaseURI * @param baseURI
*
*/ */
public XMLSignatureInput engineResolve(Attr uri, String BaseURI) public XMLSignatureInput engineResolve(Attr uri, String baseURI)
throws ResourceResolverException throws ResourceResolverException
{ {
String uriNodeValue = uri.getNodeValue();
String uriNodeValue = uri.getNodeValue(); Document doc = uri.getOwnerElement().getOwnerDocument();
Document doc = uri.getOwnerElement().getOwnerDocument();
Node selectedElem = null;
if (uriNodeValue.equals("")) {
Node selectedElem = null;
if (uriNodeValue.equals("")) { /*
* Identifies the node-set (minus any comment nodes) of the XML
/* * resource containing the signature
* Identifies the node-set (minus any comment nodes) of the XML */
* resource containing the signature
*/ log.log(java.util.logging.Level.FINE, "ResolverFragment with empty URI (means complete document)");
selectedElem = doc;
log.log(java.util.logging.Level.FINE, "ResolverFragment with empty URI (means complete document)"); } else {
selectedElem = doc;
} else { /*
* URI="#chapter1"
/* * Identifies a node-set containing the element with ID attribute
* URI="#chapter1" * value 'chapter1' of the XML resource containing the signature.
* Identifies a node-set containing the element with ID attribute * XML Signature (and its applications) modify this node-set to
* value 'chapter1' of the XML resource containing the signature. * include the element plus all descendents including namespaces and
* XML Signature (and its applications) modify this node-set to * attributes -- but not comments.
* include the element plus all descendents including namespaces and */
* attributes -- but not comments. String id = uriNodeValue.substring(1);
*/
String id = uriNodeValue.substring(1); selectedElem = doc.getElementById(id);
if (selectedElem == null) {
// Element selectedElem = doc.getElementById(id);
selectedElem = IdResolver.getElementById(doc, id);
if (selectedElem==null) {
Object exArgs[] = { id }; Object exArgs[] = { id };
throw new ResourceResolverException( throw new ResourceResolverException(
"signature.Verification.MissingID", exArgs, uri, BaseURI); "signature.Verification.MissingID", exArgs, uri, baseURI);
} }
if (log.isLoggable(java.util.logging.Level.FINE)) if (secureValidation) {
Element start = uri.getOwnerDocument().getDocumentElement();
if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
Object exArgs[] = { id };
throw new ResourceResolverException(
"signature.Verification.MultipleIDs", exArgs,
uri, baseURI);
}
}
if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "Try to catch an Element with ID " + id + " and Element was " + selectedElem); log.log(java.util.logging.Level.FINE, "Try to catch an Element with ID " + id + " and Element was " + selectedElem);
} }
XMLSignatureInput result = new XMLSignatureInput(selectedElem); XMLSignatureInput result = new XMLSignatureInput(selectedElem);
result.setExcludeComments(true); result.setExcludeComments(true);
//log.log(java.util.logging.Level.FINE, "We return a nodeset with " + resultSet.size() + " nodes"); result.setMIMEType("text/xml");
result.setMIMEType("text/xml"); if (baseURI != null && baseURI.length() > 0) {
result.setSourceURI((BaseURI != null) ? BaseURI.concat(uri.getNodeValue()) : result.setSourceURI(baseURI.concat(uri.getNodeValue()));
uri.getNodeValue()); } else {
return result; result.setSourceURI(uri.getNodeValue());
} }
return result;
}
/** /**
* Method engineCanResolve * Method engineCanResolve
......
src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverXPointer.java
浏览文件 @ eae7e7bf
...@@ -23,11 +23,12 @@ package com.sun.org.apache.xml.internal.security.utils.resolver.implementations; ...@@ -23,11 +23,12 @@ package com.sun.org.apache.xml.internal.security.utils.resolver.implementations;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.utils.IdResolver; import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException; import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi; import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr; import org.w3c.dom.Attr;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node; import org.w3c.dom.Node;
...@@ -54,52 +55,55 @@ public class ResolverXPointer extends ResourceResolverSpi { ...@@ -54,52 +55,55 @@ public class ResolverXPointer extends ResourceResolverSpi {
ResolverXPointer.class.getName()); ResolverXPointer.class.getName());
public boolean engineIsThreadSafe() { public boolean engineIsThreadSafe() {
return true; return true;
} }
/**
* @inheritDoc /**
*/ * @inheritDoc
public XMLSignatureInput engineResolve(Attr uri, String BaseURI) */
public XMLSignatureInput engineResolve(Attr uri, String baseURI)
throws ResourceResolverException { throws ResourceResolverException {
Node resultNode = null; Node resultNode = null;
Document doc = uri.getOwnerElement().getOwnerDocument(); Document doc = uri.getOwnerElement().getOwnerDocument();
String uriStr=uri.getNodeValue(); String uriStr = uri.getNodeValue();
if (isXPointerSlash(uriStr)) { if (isXPointerSlash(uriStr)) {
resultNode = doc; resultNode = doc;
} else if (isXPointerId(uriStr)) { } else if (isXPointerId(uriStr)) {
String id = getXPointerId(uriStr); String id = getXPointerId(uriStr);
resultNode =IdResolver.getElementById(doc, id); resultNode = doc.getElementById(id);
// log.log(java.util.logging.Level.FINE, "Use #xpointer(id('" + id + "')) on element " + selectedElem); if (secureValidation) {
Element start = uri.getOwnerDocument().getDocumentElement();
if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
Object exArgs[] = { id };
throw new ResourceResolverException(
"signature.Verification.MultipleIDs", exArgs,
uri, baseURI);
}
}
if (resultNode == null) { if (resultNode == null) {
Object exArgs[] = { id }; Object exArgs[] = { id };
throw new ResourceResolverException( throw new ResourceResolverException(
"signature.Verification.MissingID", exArgs, uri, BaseURI); "signature.Verification.MissingID", exArgs, uri, baseURI);
} }
/* }
resultNodes =
cXPathAPI
.selectNodeList(selectedElem, Canonicalizer
.XPATH_C14N_WITH_COMMENTS_SINGLE_NODE);*/
}
XMLSignatureInput result = new XMLSignatureInput(resultNode);
XMLSignatureInput result = new XMLSignatureInput(resultNode); result.setMIMEType("text/xml");
if (baseURI != null && baseURI.length() > 0) {
result.setSourceURI(baseURI.concat(uri.getNodeValue()));
} else {
result.setSourceURI(uri.getNodeValue());
}
result.setMIMEType("text/xml"); return result;
if (BaseURI != null && BaseURI.length() > 0) { }
result.setSourceURI(BaseURI.concat(uri.getNodeValue()));
} else {
result.setSourceURI(uri.getNodeValue());
}
return result;
}
/** /**
* @inheritDoc * @inheritDoc
......
src/share/classes/javax/xml/crypto/dsig/dom/DOMValidateContext.java
浏览文件 @ eae7e7bf
/* /*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2013 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -74,11 +74,7 @@ public class DOMValidateContext extends DOMCryptoContext ...@@ -74,11 +74,7 @@ public class DOMValidateContext extends DOMCryptoContext
if (ks == null) { if (ks == null) {
throw new NullPointerException("key selector is null"); throw new NullPointerException("key selector is null");
} }
if (node == null) { init(node, ks);
throw new NullPointerException("node is null");
}
setKeySelector(ks);
this.node = node;
} }
/** /**
...@@ -97,11 +93,20 @@ public class DOMValidateContext extends DOMCryptoContext ...@@ -97,11 +93,20 @@ public class DOMValidateContext extends DOMCryptoContext
if (validatingKey == null) { if (validatingKey == null) {
throw new NullPointerException("validatingKey is null"); throw new NullPointerException("validatingKey is null");
} }
init(node, KeySelector.singletonKeySelector(validatingKey));
}
private void init(Node node, KeySelector ks) {
if (node == null) { if (node == null) {
throw new NullPointerException("node is null"); throw new NullPointerException("node is null");
} }
setKeySelector(KeySelector.singletonKeySelector(validatingKey));
this.node = node; this.node = node;
super.setKeySelector(ks);
if (System.getSecurityManager() != null) {
super.setProperty("org.jcp.xml.dsig.secureValidation",
Boolean.TRUE);
}
} }
/** /**
......
src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
浏览文件 @ eae7e7bf
...@@ -193,7 +193,7 @@ public abstract class ApacheCanonicalizer extends TransformService { ...@@ -193,7 +193,7 @@ public abstract class ApacheCanonicalizer extends TransformService {
if (apacheTransform == null) { if (apacheTransform == null) {
try { try {
apacheTransform = Transform.getInstance apacheTransform = new Transform
(ownerDoc, getAlgorithm(), transformElem.getChildNodes()); (ownerDoc, getAlgorithm(), transformElem.getChildNodes());
apacheTransform.setElement(transformElem, xc.getBaseURI()); apacheTransform.setElement(transformElem, xc.getBaseURI());
if (log.isLoggable(Level.FINE)) { if (log.isLoggable(Level.FINE)) {
......
src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
浏览文件 @ eae7e7bf
...@@ -38,6 +38,7 @@ import org.w3c.dom.NodeList; ...@@ -38,6 +38,7 @@ import org.w3c.dom.NodeList;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.transforms.Transform; import com.sun.org.apache.xml.internal.security.transforms.Transform;
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
import javax.xml.crypto.*; import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dom.DOMCryptoContext;
...@@ -117,7 +118,7 @@ public abstract class ApacheTransform extends TransformService { ...@@ -117,7 +118,7 @@ public abstract class ApacheTransform extends TransformService {
if (apacheTransform == null) { if (apacheTransform == null) {
try { try {
apacheTransform = Transform.getInstance apacheTransform = new Transform
(ownerDoc, getAlgorithm(), transformElem.getChildNodes()); (ownerDoc, getAlgorithm(), transformElem.getChildNodes());
apacheTransform.setElement(transformElem, xc.getBaseURI()); apacheTransform.setElement(transformElem, xc.getBaseURI());
if (log.isLoggable(Level.FINE)) { if (log.isLoggable(Level.FINE)) {
...@@ -130,6 +131,15 @@ public abstract class ApacheTransform extends TransformService { ...@@ -130,6 +131,15 @@ public abstract class ApacheTransform extends TransformService {
} }
} }
if (Utils.secureValidation(xc)) {
String algorithm = getAlgorithm();
if (Transforms.TRANSFORM_XSLT.equals(algorithm)) {
throw new TransformException(
"Transform " + algorithm +
" is forbidden when secure validation is enabled");
}
}
XMLSignatureInput in; XMLSignatureInput in;
if (data instanceof ApacheData) { if (data instanceof ApacheData) {
if (log.isLoggable(Level.FINE)) { if (log.isLoggable(Level.FINE)) {
......
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
浏览文件 @ eae7e7bf
...@@ -34,6 +34,7 @@ import javax.xml.crypto.dom.*; ...@@ -34,6 +34,7 @@ import javax.xml.crypto.dom.*;
import java.security.Provider; import java.security.Provider;
import java.util.*; import java.util.*;
import org.w3c.dom.Attr;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.Node; import org.w3c.dom.Node;
...@@ -87,7 +88,13 @@ public final class DOMKeyInfo extends DOMStructure implements KeyInfo { ...@@ -87,7 +88,13 @@ public final class DOMKeyInfo extends DOMStructure implements KeyInfo {
public DOMKeyInfo(Element kiElem, XMLCryptoContext context, public DOMKeyInfo(Element kiElem, XMLCryptoContext context,
Provider provider) throws MarshalException { Provider provider) throws MarshalException {
// get Id attribute, if specified // get Id attribute, if specified
id = DOMUtils.getAttributeValue(kiElem, "Id"); Attr attr = kiElem.getAttributeNodeNS(null, "Id");
if (attr != null) {
id = attr.getValue();
kiElem.setIdAttributeNode(attr, true);
} else {
id = null;
}
// get all children nodes // get all children nodes
NodeList nl = kiElem.getChildNodes(); NodeList nl = kiElem.getChildNodes();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册