Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 eae7e7bf 编写于 作者: M mullan
浏览文件
操作

6741606: Integrate Apache Santuario 

Reviewed-by: vinnie, hawtin
上级 35d4f061
展开全部 显示空白变更内容
内联 并排
Showing with 3721 addition and 2989 deletion
src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
浏览文件 @ eae7e7bf
...@@ -2,134 +2,255 @@ ...@@ -2,134 +2,255 @@
* reserved comment block * reserved comment block
* DO NOT REMOVE OR ALTER! * DO NOT REMOVE OR ALTER!
*/ */
/* /**
* Copyright 1999-2004 The Apache Software Foundation. * Licensed to the Apache Software Foundation (ASF) under one
* * or more contributor license agreements. See the NOTICE file
* Licensed under the Apache License, Version 2.0 (the "License"); * distributed with this work for additional information
* you may not use this file except in compliance with the License. * regarding copyright ownership. The ASF licenses this file
* You may obtain a copy of the License at * to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* *
* http://www.apache.org/licenses/LICENSE-2.0 * http://www.apache.org/licenses/LICENSE-2.0
* *
* Unless required by applicable law or agreed to in writing, software * Unless required by applicable law or agreed to in writing,
* distributed under the License is distributed on an "AS IS" BASIS, * software distributed under the License is distributed on an
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* See the License for the specific language governing permissions and * KIND, either express or implied. See the License for the
* limitations under the License. * specific language governing permissions and limitations
* * under the License.
*/ */
package com.sun.org.apache.xml.internal.security.algorithms; package com.sun.org.apache.xml.internal.security.algorithms;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
import com.sun.org.apache.xml.internal.security.Init; import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Element; import org.w3c.dom.Element;
/** /**
* This class maps algorithm identifier URIs to JAVA JCE class names. * This class maps algorithm identifier URIs to JAVA JCE class names.
*
* @author $Author: mullan $
*/ */
public class JCEMapper { public class JCEMapper {
/** {@link java.util.logging} logging facility */ /** {@link org.apache.commons.logging} logging facility */
static java.util.logging.Logger log = private static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(JCEMapper.class.getName()); java.util.logging.Logger.getLogger(JCEMapper.class.getName());
private static Map<String, Algorithm> algorithmsMap =
new ConcurrentHashMap<String, Algorithm>();
private static Map<String, String> uriToJCEName;
private static Map<String, Algorithm> algorithmsMap;
private static String providerName = null; private static String providerName = null;
/** /**
* Method init * Method register
* *
* @param mappingElement * @param id
* @throws Exception * @param algorithm
*/ */
public static void init(Element mappingElement) throws Exception { public static void register(String id, Algorithm algorithm) {
algorithmsMap.put(id, algorithm);
loadAlgorithms((Element)mappingElement.getElementsByTagName("Algorithms").item(0));
}
static void loadAlgorithms( Element algorithmsEl) {
Element[] algorithms = XMLUtils.selectNodes(algorithmsEl.getFirstChild(),Init.CONF_NS,"Algorithm");
uriToJCEName = new HashMap<String, String>( algorithms.length * 2);
algorithmsMap = new HashMap<String, Algorithm>( algorithms.length * 2);
for (int i = 0 ;i < algorithms.length ;i ++) {
Element el = algorithms[i];
String id = el.getAttribute("URI");
String jceName = el.getAttribute("JCEName");
uriToJCEName.put(id, jceName);
algorithmsMap.put(id, new Algorithm(el));
}
} }
static Algorithm getAlgorithmMapping(String algoURI) { /**
return algorithmsMap.get(algoURI); * This method registers the default algorithms.
*/
public static void registerDefaultAlgorithms() {
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5,
new Algorithm("", "MD5", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_RIPEMD160,
new Algorithm("", "RIPEMD160", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1,
new Algorithm("", "SHA-1", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256,
new Algorithm("", "SHA-256", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA384,
new Algorithm("", "SHA-384", "MessageDigest")
);
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512,
new Algorithm("", "SHA-512", "MessageDigest")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_DSA,
new Algorithm("", "SHA1withDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5,
new Algorithm("", "MD5withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160,
new Algorithm("", "RIPEMD160withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
new Algorithm("", "SHA1withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256,
new Algorithm("", "SHA256withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384,
new Algorithm("", "SHA384withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512,
new Algorithm("", "SHA512withRSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1,
new Algorithm("", "SHA1withECDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
new Algorithm("", "HmacMD5", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160,
new Algorithm("", "HMACRIPEMD160", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
new Algorithm("", "HmacSHA1", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_SHA256,
new Algorithm("", "HmacSHA256", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_SHA384,
new Algorithm("", "HmacSHA384", "Mac")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_SHA512,
new Algorithm("", "HmacSHA512", "Mac")
);
algorithmsMap.put(
XMLCipher.TRIPLEDES,
new Algorithm("DESede", "DESede/CBC/ISO10126Padding", "BlockEncryption", 192)
);
algorithmsMap.put(
XMLCipher.AES_128,
new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 128)
);
algorithmsMap.put(
XMLCipher.AES_192,
new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 192)
);
algorithmsMap.put(
XMLCipher.AES_256,
new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 256)
);
algorithmsMap.put(
XMLCipher.RSA_v1dot5,
new Algorithm("RSA", "RSA/ECB/PKCS1Padding", "KeyTransport")
);
algorithmsMap.put(
XMLCipher.RSA_OAEP,
new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
);
algorithmsMap.put(
XMLCipher.DIFFIE_HELLMAN,
new Algorithm("", "", "KeyAgreement")
);
algorithmsMap.put(
XMLCipher.TRIPLEDES_KeyWrap,
new Algorithm("DESede", "DESedeWrap", "SymmetricKeyWrap", 192)
);
algorithmsMap.put(
XMLCipher.AES_128_KeyWrap,
new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 128)
);
algorithmsMap.put(
XMLCipher.AES_192_KeyWrap,
new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 192)
);
algorithmsMap.put(
XMLCipher.AES_256_KeyWrap,
new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 256)
);
} }
/** /**
* Method translateURItoJCEID * Method translateURItoJCEID
* *
* @param AlgorithmURI * @param algorithmURI
* @return the JCE standard name corresponding to the given URI * @return the JCE standard name corresponding to the given URI
*
*/ */
public static String translateURItoJCEID(String AlgorithmURI) { public static String translateURItoJCEID(String algorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI); log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
}
String jceName = uriToJCEName.get(AlgorithmURI); Algorithm algorithm = algorithmsMap.get(algorithmURI);
return jceName; if (algorithm != null) {
return algorithm.jceName;
}
return null;
} }
/** /**
* Method getAlgorithmClassFromURI * Method getAlgorithmClassFromURI
* NOTE(Raul Benito) It seems a buggy function the loop doesn't do * @param algorithmURI
* anything??
* @param AlgorithmURI
* @return the class name that implements this algorithm * @return the class name that implements this algorithm
*
*/ */
public static String getAlgorithmClassFromURI(String AlgorithmURI) { public static String getAlgorithmClassFromURI(String algorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI); log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
}
return (algorithmsMap.get(AlgorithmURI)).algorithmClass; Algorithm algorithm = algorithmsMap.get(algorithmURI);
if (algorithm != null) {
return algorithm.algorithmClass;
}
return null;
} }
/** /**
* Returns the keylength in bit for a particular algorithm. * Returns the keylength in bits for a particular algorithm.
* *
* @param AlgorithmURI * @param algorithmURI
* @return The length of the key used in the alogrithm * @return The length of the key used in the algorithm
*/ */
public static int getKeyLengthFromURI(String AlgorithmURI) { public static int getKeyLengthFromURI(String algorithmURI) {
return Integer.parseInt((algorithmsMap.get(AlgorithmURI)).keyLength); if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
}
Algorithm algorithm = algorithmsMap.get(algorithmURI);
if (algorithm != null) {
return algorithm.keyLength;
}
return 0;
} }
/** /**
* Method getJCEKeyAlgorithmFromURI * Method getJCEKeyAlgorithmFromURI
* *
* @param AlgorithmURI * @param algorithmURI
* @return The KeyAlgorithm for the given URI. * @return The KeyAlgorithm for the given URI.
*
*/ */
public static String getJCEKeyAlgorithmFromURI(String AlgorithmURI) { public static String getJCEKeyAlgorithmFromURI(String algorithmURI) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
return (algorithmsMap.get(AlgorithmURI)).requiredKey; log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
}
Algorithm algorithm = algorithmsMap.get(algorithmURI);
if (algorithm != null) {
return algorithm.requiredKey;
}
return null;
} }
/** /**
...@@ -145,24 +266,52 @@ public class JCEMapper { ...@@ -145,24 +266,52 @@ public class JCEMapper {
* @param provider the default providerId. * @param provider the default providerId.
*/ */
public static void setProviderId(String provider) { public static void setProviderId(String provider) {
providerName=provider; providerName = provider;
} }
/** /**
* Represents the Algorithm xml element * Represents the Algorithm xml element
*/ */
public static class Algorithm { public static class Algorithm {
String algorithmClass;
String keyLength; final String requiredKey;
String requiredKey; final String jceName;
final String algorithmClass;
final int keyLength;
/** /**
* Gets data from element * Gets data from element
* @param el * @param el
*/ */
public Algorithm(Element el) { public Algorithm(Element el) {
algorithmClass=el.getAttribute("AlgorithmClass"); requiredKey = el.getAttribute("RequiredKey");
keyLength=el.getAttribute("KeyLength"); jceName = el.getAttribute("JCEName");
requiredKey=el.getAttribute("RequiredKey"); algorithmClass = el.getAttribute("AlgorithmClass");
if (el.hasAttribute("KeyLength")) {
keyLength = Integer.parseInt(el.getAttribute("KeyLength"));
} else {
keyLength = 0;
}
}
public Algorithm(String requiredKey, String jceName) {
this(requiredKey, jceName, null, 0);
} }
public Algorithm(String requiredKey, String jceName, String algorithmClass) {
this(requiredKey, jceName, algorithmClass, 0);
} }
public Algorithm(String requiredKey, String jceName, int keyLength) {
this(requiredKey, jceName, null, keyLength);
}
public Algorithm(String requiredKey, String jceName, String algorithmClass, int keyLength) {
this.requiredKey = requiredKey;
this.jceName = jceName;
this.algorithmClass = algorithmClass;
this.keyLength = keyLength;
}
}
} }
src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
浏览文件 @ eae7e7bf
...@@ -2,34 +2,43 @@ ...@@ -2,34 +2,43 @@
* reserved comment block * reserved comment block
* DO NOT REMOVE OR ALTER! * DO NOT REMOVE OR ALTER!
*/ */
/* /**
* Copyright 1999-2008 The Apache Software Foundation. * Licensed to the Apache Software Foundation (ASF) under one
* * or more contributor license agreements. See the NOTICE file
* Licensed under the Apache License, Version 2.0 (the "License"); * distributed with this work for additional information
* you may not use this file except in compliance with the License. * regarding copyright ownership. The ASF licenses this file
* You may obtain a copy of the License at * to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* *
* http://www.apache.org/licenses/LICENSE-2.0 * http://www.apache.org/licenses/LICENSE-2.0
* *
* Unless required by applicable law or agreed to in writing, software * Unless required by applicable law or agreed to in writing,
* distributed under the License is distributed on an "AS IS" BASIS, * software distributed under the License is distributed on an
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* See the License for the specific language governing permissions and * KIND, either express or implied. See the License for the
* limitations under the License. * specific language governing permissions and limitations
* * under the License.
*/ */
package com.sun.org.apache.xml.internal.security.c14n; package com.sun.org.apache.xml.internal.security.c14n;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_OmitComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_WithComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315ExclOmitComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315ExclWithComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315OmitComments;
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315WithComments;
import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException; import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Node; import org.w3c.dom.Node;
...@@ -46,7 +55,7 @@ public class Canonicalizer { ...@@ -46,7 +55,7 @@ public class Canonicalizer {
public static final String ENCODING = "UTF8"; public static final String ENCODING = "UTF8";
/** /**
* XPath Expresion for selecting every node and continuous comments joined * XPath Expression for selecting every node and continuous comments joined
* in only one node * in only one node
*/ */
public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE = public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE =
...@@ -83,22 +92,10 @@ public class Canonicalizer { ...@@ -83,22 +92,10 @@ public class Canonicalizer {
public static final String ALGO_ID_C14N11_WITH_COMMENTS = public static final String ALGO_ID_C14N11_WITH_COMMENTS =
ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments"; ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments";
static boolean _alreadyInitialized = false; private static Map<String, Class<? extends CanonicalizerSpi>> canonicalizerHash =
static Map<String,Class<? extends CanonicalizerSpi>> _canonicalizerHash = null; new ConcurrentHashMap<String, Class<? extends CanonicalizerSpi>>();
protected CanonicalizerSpi canonicalizerSpi = null;
/**
* Method init
*
*/
public static void init() {
if (!Canonicalizer._alreadyInitialized) { private final CanonicalizerSpi canonicalizerSpi;
Canonicalizer._canonicalizerHash = new HashMap<String, Class<? extends CanonicalizerSpi>>(10);
Canonicalizer._alreadyInitialized = true;
}
}
/** /**
* Constructor Canonicalizer * Constructor Canonicalizer
...@@ -106,21 +103,18 @@ public class Canonicalizer { ...@@ -106,21 +103,18 @@ public class Canonicalizer {
* @param algorithmURI * @param algorithmURI
* @throws InvalidCanonicalizerException * @throws InvalidCanonicalizerException
*/ */
private Canonicalizer(String algorithmURI) private Canonicalizer(String algorithmURI) throws InvalidCanonicalizerException {
throws InvalidCanonicalizerException {
try { try {
Class<? extends CanonicalizerSpi> implementingClass = Class<? extends CanonicalizerSpi> implementingClass =
getImplementingClass(algorithmURI); canonicalizerHash.get(algorithmURI);
this.canonicalizerSpi = canonicalizerSpi = implementingClass.newInstance();
implementingClass.newInstance(); canonicalizerSpi.reset = true;
this.canonicalizerSpi.reset=true;
} catch (Exception e) { } catch (Exception e) {
Object exArgs[] = { algorithmURI }; Object exArgs[] = { algorithmURI };
throw new InvalidCanonicalizerException( throw new InvalidCanonicalizerException(
"signature.Canonicalizer.UnknownCanonicalizer", exArgs); "signature.Canonicalizer.UnknownCanonicalizer", exArgs, e
);
} }
} }
...@@ -128,15 +122,12 @@ public class Canonicalizer { ...@@ -128,15 +122,12 @@ public class Canonicalizer {
* Method getInstance * Method getInstance
* *
* @param algorithmURI * @param algorithmURI
* @return a Conicicalizer instance ready for the job * @return a Canonicalizer instance ready for the job
* @throws InvalidCanonicalizerException * @throws InvalidCanonicalizerException
*/ */
public static final Canonicalizer getInstance(String algorithmURI) public static final Canonicalizer getInstance(String algorithmURI)
throws InvalidCanonicalizerException { throws InvalidCanonicalizerException {
return new Canonicalizer(algorithmURI);
Canonicalizer c14nizer = new Canonicalizer(algorithmURI);
return c14nizer;
} }
/** /**
...@@ -148,23 +139,69 @@ public class Canonicalizer { ...@@ -148,23 +139,69 @@ public class Canonicalizer {
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public static void register(String algorithmURI, String implementingClass) public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException { throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
// check whether URI is already registered // check whether URI is already registered
Class<? extends CanonicalizerSpi> registeredClass = getImplementingClass(algorithmURI); Class<? extends CanonicalizerSpi> registeredClass =
canonicalizerHash.get(algorithmURI);
if (registeredClass != null) { if (registeredClass != null) {
Object exArgs[] = { algorithmURI, registeredClass }; Object exArgs[] = { algorithmURI, registeredClass };
throw new AlgorithmAlreadyRegisteredException("algorithm.alreadyRegistered", exArgs);
}
throw new AlgorithmAlreadyRegisteredException( canonicalizerHash.put(
"algorithm.alreadyRegistered", exArgs); algorithmURI, (Class<? extends CanonicalizerSpi>)Class.forName(implementingClass)
);
} }
try { /**
_canonicalizerHash.put(algorithmURI, (Class<? extends CanonicalizerSpi>) Class.forName(implementingClass)); * Method register
} catch (ClassNotFoundException e) { *
throw new RuntimeException("c14n class not found"); * @param algorithmURI
* @param implementingClass
* @throws AlgorithmAlreadyRegisteredException
*/
public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
// check whether URI is already registered
Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
if (registeredClass != null) {
Object exArgs[] = { algorithmURI, registeredClass };
throw new AlgorithmAlreadyRegisteredException("algorithm.alreadyRegistered", exArgs);
} }
canonicalizerHash.put(algorithmURI, implementingClass);
}
/**
* This method registers the default algorithms.
*/
public static void registerDefaultAlgorithms() {
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS,
Canonicalizer20010315OmitComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS,
Canonicalizer20010315WithComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS,
Canonicalizer20010315ExclOmitComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS,
Canonicalizer20010315ExclWithComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS,
Canonicalizer11_OmitComments.class
);
canonicalizerHash.put(
Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS,
Canonicalizer11_WithComments.class
);
} }
/** /**
...@@ -173,7 +210,7 @@ public class Canonicalizer { ...@@ -173,7 +210,7 @@ public class Canonicalizer {
* @return the URI defined for this c14n instance. * @return the URI defined for this c14n instance.
*/ */
public final String getURI() { public final String getURI() {
return this.canonicalizerSpi.engineGetURI(); return canonicalizerSpi.engineGetURI();
} }
/** /**
...@@ -182,7 +219,7 @@ public class Canonicalizer { ...@@ -182,7 +219,7 @@ public class Canonicalizer {
* @return true if the c14n respect the comments. * @return true if the c14n respect the comments.
*/ */
public boolean getIncludeComments() { public boolean getIncludeComments() {
return this.canonicalizerSpi.engineGetIncludeComments(); return canonicalizerSpi.engineGetIncludeComments();
} }
/** /**
...@@ -191,7 +228,7 @@ public class Canonicalizer { ...@@ -191,7 +228,7 @@ public class Canonicalizer {
* wrapped with a <CODE>&gt;a&lt;...&gt;/a&lt;</CODE>. * wrapped with a <CODE>&gt;a&lt;...&gt;/a&lt;</CODE>.
* *
* @param inputBytes * @param inputBytes
* @return the result of the conicalization. * @return the result of the canonicalization.
* @throws CanonicalizationException * @throws CanonicalizationException
* @throws java.io.IOException * @throws java.io.IOException
* @throws javax.xml.parsers.ParserConfigurationException * @throws javax.xml.parsers.ParserConfigurationException
...@@ -199,25 +236,24 @@ public class Canonicalizer { ...@@ -199,25 +236,24 @@ public class Canonicalizer {
*/ */
public byte[] canonicalize(byte[] inputBytes) public byte[] canonicalize(byte[] inputBytes)
throws javax.xml.parsers.ParserConfigurationException, throws javax.xml.parsers.ParserConfigurationException,
java.io.IOException, org.xml.sax.SAXException, java.io.IOException, org.xml.sax.SAXException, CanonicalizationException {
CanonicalizationException { InputStream bais = new ByteArrayInputStream(inputBytes);
ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
InputSource in = new InputSource(bais); InputSource in = new InputSource(bais);
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
dfactory.setNamespaceAware(true); dfactory.setNamespaceAware(true);
// needs to validate for ID attribute nomalization // needs to validate for ID attribute normalization
dfactory.setValidating(true); dfactory.setValidating(true);
DocumentBuilder db = dfactory.newDocumentBuilder(); DocumentBuilder db = dfactory.newDocumentBuilder();
/* /*
* for some of the test vectors from the specification, * for some of the test vectors from the specification,
* there has to be a validatin parser for ID attributes, default * there has to be a validating parser for ID attributes, default
* attribute values, NMTOKENS, etc. * attribute values, NMTOKENS, etc.
* Unfortunaltely, the test vectors do use different DTDs or * Unfortunately, the test vectors do use different DTDs or
* even no DTD. So Xerces 1.3.1 fires many warnings about using * even no DTD. So Xerces 1.3.1 fires many warnings about using
* ErrorHandlers. * ErrorHandlers.
* *
...@@ -233,28 +269,23 @@ public class Canonicalizer { ...@@ -233,28 +269,23 @@ public class Canonicalizer {
* declaration are used to help create the canonical form, even * declaration are used to help create the canonical form, even
* though the document type declaration is not retained in the * though the document type declaration is not retained in the
* canonical form. * canonical form.
*
*/ */
db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler());
.IgnoreAllErrorHandler());
Document document = db.parse(in); Document document = db.parse(in);
byte result[] = this.canonicalizeSubtree(document); return this.canonicalizeSubtree(document);
return result;
} }
/** /**
* Canonicalizes the subtree rooted by <CODE>node</CODE>. * Canonicalizes the subtree rooted by <CODE>node</CODE>.
* *
* @param node The node to canicalize * @param node The node to canonicalize
* @return the result of the c14n. * @return the result of the c14n.
* *
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeSubtree(Node node) public byte[] canonicalizeSubtree(Node node) throws CanonicalizationException {
throws CanonicalizationException { return canonicalizerSpi.engineCanonicalizeSubTree(node);
return this.canonicalizerSpi.engineCanonicalizeSubTree(node);
} }
/** /**
...@@ -267,8 +298,7 @@ public class Canonicalizer { ...@@ -267,8 +298,7 @@ public class Canonicalizer {
*/ */
public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces) public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
throws CanonicalizationException { throws CanonicalizationException {
return this.canonicalizerSpi.engineCanonicalizeSubTree(node, return canonicalizerSpi.engineCanonicalizeSubTree(node, inclusiveNamespaces);
inclusiveNamespaces);
} }
/** /**
...@@ -281,7 +311,7 @@ public class Canonicalizer { ...@@ -281,7 +311,7 @@ public class Canonicalizer {
*/ */
public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet) public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
throws CanonicalizationException { throws CanonicalizationException {
return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet); return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
} }
/** /**
...@@ -294,10 +324,10 @@ public class Canonicalizer { ...@@ -294,10 +324,10 @@ public class Canonicalizer {
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeXPathNodeSet( public byte[] canonicalizeXPathNodeSet(
NodeList xpathNodeSet, String inclusiveNamespaces) NodeList xpathNodeSet, String inclusiveNamespaces
throws CanonicalizationException { ) throws CanonicalizationException {
return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, return
inclusiveNamespaces); canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
} }
/** /**
...@@ -309,7 +339,7 @@ public class Canonicalizer { ...@@ -309,7 +339,7 @@ public class Canonicalizer {
*/ */
public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet) public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
throws CanonicalizationException { throws CanonicalizationException {
return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet); return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
} }
/** /**
...@@ -320,10 +350,11 @@ public class Canonicalizer { ...@@ -320,10 +350,11 @@ public class Canonicalizer {
* @return the result of the c14n. * @return the result of the c14n.
* @throws CanonicalizationException * @throws CanonicalizationException
*/ */
public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet, public byte[] canonicalizeXPathNodeSet(
String inclusiveNamespaces) throws CanonicalizationException { Set<Node> xpathNodeSet, String inclusiveNamespaces
return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, ) throws CanonicalizationException {
inclusiveNamespaces); return
canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
} }
/** /**
...@@ -332,7 +363,7 @@ public class Canonicalizer { ...@@ -332,7 +363,7 @@ public class Canonicalizer {
* @param os * @param os
*/ */
public void setWriter(OutputStream os) { public void setWriter(OutputStream os) {
this.canonicalizerSpi.setWriter(os); canonicalizerSpi.setWriter(os);
} }
/** /**
...@@ -341,23 +372,14 @@ public class Canonicalizer { ...@@ -341,23 +372,14 @@ public class Canonicalizer {
* @return the name of the implementing {@link CanonicalizerSpi} class * @return the name of the implementing {@link CanonicalizerSpi} class
*/ */
public String getImplementingCanonicalizerClass() { public String getImplementingCanonicalizerClass() {
return this.canonicalizerSpi.getClass().getName(); return canonicalizerSpi.getClass().getName();
}
/**
* Method getImplementingClass
*
* @param URI
* @return the name of the class that implements the given URI
*/
private static Class<? extends CanonicalizerSpi> getImplementingClass(String URI) {
return _canonicalizerHash.get(URI);
} }
/** /**
* Set the canonicalizer behaviour to not reset. * Set the canonicalizer behaviour to not reset.
*/ */
public void notReset() { public void notReset() {
this.canonicalizerSpi.reset = false; canonicalizerSpi.reset = false;
} }
} }
src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java
浏览文件 @ eae7e7bf
...@@ -26,6 +26,7 @@ import java.io.ByteArrayInputStream; ...@@ -26,6 +26,7 @@ import java.io.ByteArrayInputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.Set; import java.util.Set;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath; import javax.xml.xpath.XPath;
...@@ -67,6 +68,7 @@ public abstract class CanonicalizerSpi { ...@@ -67,6 +68,7 @@ public abstract class CanonicalizerSpi {
java.io.ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes); java.io.ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
InputSource in = new InputSource(bais); InputSource in = new InputSource(bais);
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
// needs to validate for ID attribute nomalization // needs to validate for ID attribute nomalization
dfactory.setNamespaceAware(true); dfactory.setNamespaceAware(true);
......
src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java
浏览文件 @ eae7e7bf
...@@ -41,6 +41,7 @@ import javax.crypto.Cipher; ...@@ -41,6 +41,7 @@ import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException; import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException; import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.IvParameterSpec;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
...@@ -1982,6 +1983,7 @@ public class XMLCipher { ...@@ -1982,6 +1983,7 @@ public class XMLCipher {
DocumentBuilderFactory dbf = DocumentBuilderFactory dbf =
DocumentBuilderFactory.newInstance(); DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true); dbf.setNamespaceAware(true);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
DocumentBuilder db = dbf.newDocumentBuilder(); DocumentBuilder db = dbf.newDocumentBuilder();
Document d = db.parse( Document d = db.parse(
......
src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
浏览文件 @ eae7e7bf
...@@ -722,35 +722,29 @@ public class KeyInfo extends SignatureElementProxy { ...@@ -722,35 +722,29 @@ public class KeyInfo extends SignatureElementProxy {
/** /**
* Searches the library wide keyresolvers for public keys * Searches the library wide keyresolvers for public keys
* *
* @return The publick contained in this Node. * @return The public key contained in this Node.
* @throws KeyResolverException * @throws KeyResolverException
*/ */
PublicKey getPublicKeyFromStaticResolvers() throws KeyResolverException { PublicKey getPublicKeyFromStaticResolvers() throws KeyResolverException {
int length=KeyResolver.length(); Iterator<KeyResolverSpi> it = KeyResolver.iterator();
int storageLength=this._storageResolvers.size(); while (it.hasNext()) {
Iterator<KeyResolverSpi> it= KeyResolver.iterator();
for (int i = 0; i < length; i++) {
KeyResolverSpi keyResolver = it.next(); KeyResolverSpi keyResolver = it.next();
Node currentChild=this._constructionElement.getFirstChild(); Node currentChild = this._constructionElement.getFirstChild();
String uri= this.getBaseURI(); String uri = this.getBaseURI();
while (currentChild!=null) { while (currentChild != null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) { if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
for (int k = 0; k < storageLength; k++) { for (StorageResolver storage : _storageResolvers) {
StorageResolver storage =
this._storageResolvers.get(k);
PublicKey pk = PublicKey pk =
keyResolver.engineLookupAndResolvePublicKey((Element) currentChild, keyResolver.engineLookupAndResolvePublicKey(
uri, (Element) currentChild, uri, storage
storage); );
if (pk != null) { if (pk != null) {
KeyResolver.hit(it);
return pk; return pk;
} }
} }
} }
currentChild=currentChild.getNextSibling(); currentChild = currentChild.getNextSibling();
} }
} }
return null; return null;
...@@ -834,47 +828,47 @@ public class KeyInfo extends SignatureElementProxy { ...@@ -834,47 +828,47 @@ public class KeyInfo extends SignatureElementProxy {
* child elements. Each combination of {@link KeyResolver} and child element * child elements. Each combination of {@link KeyResolver} and child element
* is checked against all {@link StorageResolver}s. * is checked against all {@link StorageResolver}s.
* *
* @return The certificate contined in this KeyInfo * @return The certificate contained in this KeyInfo
* @throws KeyResolverException * @throws KeyResolverException
*/ */
X509Certificate getX509CertificateFromStaticResolvers() X509Certificate getX509CertificateFromStaticResolvers()
throws KeyResolverException { throws KeyResolverException {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Start getX509CertificateFromStaticResolvers() with " log.log(java.util.logging.Level.FINE,
+ KeyResolver.length() + " resolvers"); "Start getX509CertificateFromStaticResolvers() with " + KeyResolver.length()
String uri=this.getBaseURI(); + " resolvers"
int length= KeyResolver.length(); );
int storageLength=this._storageResolvers.size(); }
String uri = this.getBaseURI();
Iterator<KeyResolverSpi> it = KeyResolver.iterator(); Iterator<KeyResolverSpi> it = KeyResolver.iterator();
for (int i = 0; i <length; i++) { while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next(); KeyResolverSpi keyResolver = it.next();
X509Certificate cert= applyCurrentResolver(uri, storageLength, keyResolver); X509Certificate cert = applyCurrentResolver(uri, keyResolver);
if (cert!=null) { if (cert != null) {
KeyResolver.hit(it);
return cert; return cert;
} }
} }
return null; return null;
} }
private X509Certificate applyCurrentResolver(String uri, int storageLength, KeyResolverSpi keyResolver) throws KeyResolverException { private X509Certificate applyCurrentResolver(
Node currentChild=this._constructionElement.getFirstChild(); String uri, KeyResolverSpi keyResolver
while (currentChild!=null) { ) throws KeyResolverException {
Node currentChild = this._constructionElement.getFirstChild();
while (currentChild != null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) { if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
for (int k = 0; k < storageLength; k++) { for (StorageResolver storage : _storageResolvers) {
StorageResolver storage = X509Certificate cert =
this._storageResolvers.get(k); keyResolver.engineLookupResolveX509Certificate(
(Element) currentChild, uri, storage
X509Certificate cert = keyResolver );
.engineLookupResolveX509Certificate((Element) currentChild, uri,
storage);
if (cert != null) { if (cert != null) {
return cert; return cert;
} }
} }
} }
currentChild=currentChild.getNextSibling(); currentChild = currentChild.getNextSibling();
} }
return null; return null;
} }
...@@ -887,17 +881,19 @@ public class KeyInfo extends SignatureElementProxy { ...@@ -887,17 +881,19 @@ public class KeyInfo extends SignatureElementProxy {
*/ */
X509Certificate getX509CertificateFromInternalResolvers() X509Certificate getX509CertificateFromInternalResolvers()
throws KeyResolverException { throws KeyResolverException {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Start getX509CertificateFromInternalResolvers() with " log.log(java.util.logging.Level.FINE,
+ this.lengthInternalKeyResolver() + " resolvers"); "Start getX509CertificateFromInternalResolvers() with "
String uri=this.getBaseURI(); + this.lengthInternalKeyResolver() + " resolvers"
int storageLength=this._storageResolvers.size(); );
for (int i = 0; i < this.lengthInternalKeyResolver(); i++) { }
KeyResolverSpi keyResolver = this.itemInternalKeyResolver(i); String uri = this.getBaseURI();
if (log.isLoggable(java.util.logging.Level.FINE)) for (KeyResolverSpi keyResolver : _internalKeyResolvers) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName()); log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
X509Certificate cert= applyCurrentResolver(uri, storageLength, keyResolver); }
if (cert!=null) { X509Certificate cert = applyCurrentResolver(uri, keyResolver);
if (cert != null) {
return cert; return cert;
} }
} }
...@@ -1048,7 +1044,7 @@ public class KeyInfo extends SignatureElementProxy { ...@@ -1048,7 +1044,7 @@ public class KeyInfo extends SignatureElementProxy {
} }
/** Field _storageResolvers */ /** Field _storageResolvers */
List<StorageResolver> _storageResolvers = nullList; private List<StorageResolver> _storageResolvers = nullList;
/** /**
* Method addStorageResolver * Method addStorageResolver
......
src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
浏览文件 @ eae7e7bf
...@@ -34,6 +34,7 @@ import java.util.List; ...@@ -34,6 +34,7 @@ import java.util.List;
import java.util.ListIterator; import java.util.ListIterator;
import java.util.Set; import java.util.Set;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException; import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
...@@ -251,6 +252,7 @@ public class RetrievalMethodResolver extends KeyResolverSpi { ...@@ -251,6 +252,7 @@ public class RetrievalMethodResolver extends KeyResolverSpi {
try { try {
javax.xml.parsers.DocumentBuilderFactory dbf =javax.xml.parsers.DocumentBuilderFactory.newInstance(); javax.xml.parsers.DocumentBuilderFactory dbf =javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true); dbf.setNamespaceAware(true);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document doc = org.w3c.dom.Document doc =
db.parse(new java.io.ByteArrayInputStream(bytes)); db.parse(new java.io.ByteArrayInputStream(bytes));
......
src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_en.properties
浏览文件 @ eae7e7bf
...@@ -88,6 +88,8 @@ prefix.AlreadyAssigned = You want to assign {0} as prefix for namespace {1} but ...@@ -88,6 +88,8 @@ prefix.AlreadyAssigned = You want to assign {0} as prefix for namespace {1} but
signature.Canonicalizer.UnknownCanonicalizer = Unknown canonicalizer. No handler installed for URI {0} signature.Canonicalizer.UnknownCanonicalizer = Unknown canonicalizer. No handler installed for URI {0}
signature.DSA.invalidFormat = Invalid ASN.1 encoding of the DSA signature signature.DSA.invalidFormat = Invalid ASN.1 encoding of the DSA signature
signature.Generation.signBeforeGetValue = You have to XMLSignature.sign(java.security.PrivateKey) first signature.Generation.signBeforeGetValue = You have to XMLSignature.sign(java.security.PrivateKey) first
signature.Reference.ForbiddenResolver = It is forbidden to access resolver {0} when secure validation is enabled
signature.signatureAlgorithm = It is forbidden to use algorithm {0} when secure validation is enabled
signature.signaturePropertyHasNoTarget = The Target attribute of the SignatureProperty must be set signature.signaturePropertyHasNoTarget = The Target attribute of the SignatureProperty must be set
signature.Transform.ErrorDuringTransform = A {1} was thrown during the {0} transform signature.Transform.ErrorDuringTransform = A {1} was thrown during the {0} transform
signature.Transform.NotYetImplemented = Transform {0} not yet implemented signature.Transform.NotYetImplemented = Transform {0} not yet implemented
...@@ -105,6 +107,7 @@ signature.Verification.InvalidDigestOrReference = Invalid digest of reference {0 ...@@ -105,6 +107,7 @@ signature.Verification.InvalidDigestOrReference = Invalid digest of reference {0
signature.Verification.keyStore = KeyStore error signature.Verification.keyStore = KeyStore error
signature.Verification.MissingID = Cannot resolve element with ID {0} signature.Verification.MissingID = Cannot resolve element with ID {0}
signature.Verification.MissingResources = Cannot resolve external resource {0} signature.Verification.MissingResources = Cannot resolve external resource {0}
signature.Verification.MultipleIDs = Multiple Elements with the same ID {0} were detected
signature.Verification.NoSignatureElement = Input document contains no {0} Element in namespace {1} signature.Verification.NoSignatureElement = Input document contains no {0} Element in namespace {1}
signature.Verification.Reference.NoInput = The Reference for URI {0} has no XMLSignatureInput signature.Verification.Reference.NoInput = The Reference for URI {0} has no XMLSignatureInput
signature.Verification.SignatureError = Signature error signature.Verification.SignatureError = Signature error
......
src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java
浏览文件 @ eae7e7bf
...@@ -25,6 +25,7 @@ import java.io.IOException; ...@@ -25,6 +25,7 @@ import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm; import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
...@@ -186,8 +187,10 @@ public class SignedInfo extends Manifest { ...@@ -186,8 +187,10 @@ public class SignedInfo extends Manifest {
javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory dbf =
javax.xml.parsers.DocumentBuilderFactory.newInstance(); javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true); dbf.setNamespaceAware(true);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document newdoc = Document newdoc =
db.parse(new ByteArrayInputStream(this._c14nizedBytes)); db.parse(new ByteArrayInputStream(this._c14nizedBytes));
Node imported = Node imported =
this._doc.importNode(newdoc.getDocumentElement(), true); this._doc.importNode(newdoc.getDocumentElement(), true);
......
src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
浏览文件 @ eae7e7bf
...@@ -201,14 +201,13 @@ private Element signatureValueElement; ...@@ -201,14 +201,13 @@ private Element signatureValueElement;
super(doc); super(doc);
String xmlnsDsPrefix = String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
getDefaultPrefixBindings(Constants.SignatureSpecNS);
if (xmlnsDsPrefix == null) { if (xmlnsDsPrefix == null) {
this._constructionElement.setAttributeNS this._constructionElement.setAttributeNS
(Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS); (Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS);
} else { } else {
this._constructionElement.setAttributeNS this._constructionElement.setAttributeNS
(Constants.NamespaceSpecNS, xmlnsDsPrefix, Constants.SignatureSpecNS); (Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS);
} }
XMLUtils.addReturnToElement(this._constructionElement); XMLUtils.addReturnToElement(this._constructionElement);
...@@ -242,14 +241,13 @@ private Element signatureValueElement; ...@@ -242,14 +241,13 @@ private Element signatureValueElement;
super(doc); super(doc);
String xmlnsDsPrefix = String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
getDefaultPrefixBindings(Constants.SignatureSpecNS);
if (xmlnsDsPrefix == null) { if (xmlnsDsPrefix == null) {
this._constructionElement.setAttributeNS this._constructionElement.setAttributeNS
(Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS); (Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS);
} else { } else {
this._constructionElement.setAttributeNS this._constructionElement.setAttributeNS
(Constants.NamespaceSpecNS, xmlnsDsPrefix, Constants.SignatureSpecNS); (Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS);
} }
XMLUtils.addReturnToElement(this._constructionElement); XMLUtils.addReturnToElement(this._constructionElement);
......
src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java
浏览文件 @ eae7e7bf
...@@ -31,6 +31,7 @@ import java.util.HashSet; ...@@ -31,6 +31,7 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
...@@ -603,6 +604,8 @@ public class XMLSignatureInput implements Cloneable { ...@@ -603,6 +604,8 @@ public class XMLSignatureInput implements Cloneable {
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setValidating(false); dfactory.setValidating(false);
dfactory.setNamespaceAware(true); dfactory.setNamespaceAware(true);
dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
DocumentBuilder db = dfactory.newDocumentBuilder(); DocumentBuilder db = dfactory.newDocumentBuilder();
// select all nodes, also the comments. // select all nodes, also the comments.
try { try {
......
src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java
浏览文件 @ eae7e7bf
...@@ -158,8 +158,7 @@ public class Transforms extends SignatureElementProxy { ...@@ -158,8 +158,7 @@ public class Transforms extends SignatureElementProxy {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")"); log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")");
Transform transform = Transform transform = new Transform(this._doc, transformURI);
Transform.getInstance(this._doc, transformURI);
this.addTransform(transform); this.addTransform(transform);
} catch (InvalidTransformException ex) { } catch (InvalidTransformException ex) {
...@@ -184,8 +183,7 @@ public class Transforms extends SignatureElementProxy { ...@@ -184,8 +183,7 @@ public class Transforms extends SignatureElementProxy {
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")"); log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")");
Transform transform = Transform transform = new Transform(this._doc, transformURI, contextElement);
Transform.getInstance(this._doc, transformURI, contextElement);
this.addTransform(transform); this.addTransform(transform);
} catch (InvalidTransformException ex) { } catch (InvalidTransformException ex) {
...@@ -207,8 +205,7 @@ public class Transforms extends SignatureElementProxy { ...@@ -207,8 +205,7 @@ public class Transforms extends SignatureElementProxy {
throws TransformationException { throws TransformationException {
try { try {
Transform transform = Transform transform = new Transform(this._doc, transformURI, contextNodes);
Transform.getInstance(this._doc, transformURI, contextNodes);
this.addTransform(transform); this.addTransform(transform);
} catch (InvalidTransformException ex) { } catch (InvalidTransformException ex) {
throw new TransformationException("empty", ex); throw new TransformationException("empty", ex);
......
src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java
浏览文件 @ eae7e7bf
...@@ -26,6 +26,7 @@ import java.io.BufferedInputStream; ...@@ -26,6 +26,7 @@ import java.io.BufferedInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
...@@ -145,11 +146,13 @@ public class TransformBase64Decode extends TransformSpi { ...@@ -145,11 +146,13 @@ public class TransformBase64Decode extends TransformSpi {
} }
try { try {
//Exceptional case there is current not text case testing this(Before it was a // Exceptional case there is current not text case testing this
//a common case). // (before it was a a common case).
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
Document doc = Document doc =
DocumentBuilderFactory.newInstance().newDocumentBuilder().parse( dbf.newDocumentBuilder().parse(input.getOctetStream());
input.getOctetStream());
Element rootNode = doc.getDocumentElement(); Element rootNode = doc.getDocumentElement();
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
......
src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java
浏览文件 @ eae7e7bf
...@@ -26,6 +26,7 @@ import java.io.IOException; ...@@ -26,6 +26,7 @@ import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import javax.xml.XMLConstants;
import javax.xml.transform.Source; import javax.xml.transform.Source;
import javax.xml.transform.Transformer; import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerConfigurationException;
...@@ -109,7 +110,8 @@ public class TransformXSLT extends TransformSpi { ...@@ -109,7 +110,8 @@ public class TransformXSLT extends TransformSpi {
TransformerFactory tFactory = TransformerFactory.newInstance(); TransformerFactory tFactory = TransformerFactory.newInstance();
// Process XSLT stylesheets in a secure manner // Process XSLT stylesheets in a secure manner
tFactory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE); tFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
/* /*
* This transform requires an octet stream as input. If the actual * This transform requires an octet stream as input. If the actual
* input is an XPath node-set, then the signature application should * input is an XPath node-set, then the signature application should
......
src/share/classes/com/sun/org/apache/xml/internal/security/utils/ClassLoaderUtils.java 0 → 100644
浏览文件 @ eae7e7bf
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package com.sun.org.apache.xml.internal.security.utils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
/**
* This class is extremely useful for loading resources and classes in a fault
* tolerant manner that works across different applications servers. Do not
* touch this unless you're a grizzled classloading guru veteran who is going to
* verify any change on 6 different application servers.
*/
public final class ClassLoaderUtils {
/** {@link org.apache.commons.logging} logging facility */
private static final java.util.logging.Logger log =
java.util.logging.Logger.getLogger(ClassLoaderUtils.class.getName());
private ClassLoaderUtils() {
}
/**
* Load a given resource. <p/> This method will try to load the resource
* using the following methods (in order):
* <ul>
* <li>From Thread.currentThread().getContextClassLoader()
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>callingClass.getClassLoader()
* </ul>
*
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
public static URL getResource(String resourceName, Class<?> callingClass) {
URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
if (url == null && resourceName.startsWith("/")) {
//certain classloaders need it without the leading /
url =
Thread.currentThread().getContextClassLoader().getResource(
resourceName.substring(1)
);
}
ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
if (cluClassloader == null) {
cluClassloader = ClassLoader.getSystemClassLoader();
}
if (url == null) {
url = cluClassloader.getResource(resourceName);
}
if (url == null && resourceName.startsWith("/")) {
//certain classloaders need it without the leading /
url = cluClassloader.getResource(resourceName.substring(1));
}
if (url == null) {
ClassLoader cl = callingClass.getClassLoader();
if (cl != null) {
url = cl.getResource(resourceName);
}
}
if (url == null) {
url = callingClass.getResource(resourceName);
}
if ((url == null) && (resourceName != null) && (resourceName.charAt(0) != '/')) {
return getResource('/' + resourceName, callingClass);
}
return url;
}
/**
* Load a given resources. <p/> This method will try to load the resources
* using the following methods (in order):
* <ul>
* <li>From Thread.currentThread().getContextClassLoader()
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>callingClass.getClassLoader()
* </ul>
*
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
public static List<URL> getResources(String resourceName, Class<?> callingClass) {
List<URL> ret = new ArrayList<URL>();
Enumeration<URL> urls = new Enumeration<URL>() {
public boolean hasMoreElements() {
return false;
}
public URL nextElement() {
return null;
}
};
try {
urls = Thread.currentThread().getContextClassLoader().getResources(resourceName);
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
//ignore
}
if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
//certain classloaders need it without the leading /
try {
urls =
Thread.currentThread().getContextClassLoader().getResources(
resourceName.substring(1)
);
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
// ignore
}
}
ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
if (cluClassloader == null) {
cluClassloader = ClassLoader.getSystemClassLoader();
}
if (!urls.hasMoreElements()) {
try {
urls = cluClassloader.getResources(resourceName);
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
// ignore
}
}
if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
//certain classloaders need it without the leading /
try {
urls = cluClassloader.getResources(resourceName.substring(1));
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
// ignore
}
}
if (!urls.hasMoreElements()) {
ClassLoader cl = callingClass.getClassLoader();
if (cl != null) {
try {
urls = cl.getResources(resourceName);
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
// ignore
}
}
}
if (!urls.hasMoreElements()) {
URL url = callingClass.getResource(resourceName);
if (url != null) {
ret.add(url);
}
}
while (urls.hasMoreElements()) {
ret.add(urls.nextElement());
}
if (ret.isEmpty() && (resourceName != null) && (resourceName.charAt(0) != '/')) {
return getResources('/' + resourceName, callingClass);
}
return ret;
}
/**
* This is a convenience method to load a resource as a stream. <p/> The
* algorithm used to find the resource is given in getResource()
*
* @param resourceName The name of the resource to load
* @param callingClass The Class object of the calling object
*/
public static InputStream getResourceAsStream(String resourceName, Class<?> callingClass) {
URL url = getResource(resourceName, callingClass);
try {
return (url != null) ? url.openStream() : null;
} catch (IOException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
return null;
}
}
/**
* Load a class with a given name. <p/> It will try to load the class in the
* following order:
* <ul>
* <li>From Thread.currentThread().getContextClassLoader()
* <li>Using the basic Class.forName()
* <li>From ClassLoaderUtil.class.getClassLoader()
* <li>From the callingClass.getClassLoader()
* </ul>
*
* @param className The name of the class to load
* @param callingClass The Class object of the calling object
* @throws ClassNotFoundException If the class cannot be found anywhere.
*/
public static Class<?> loadClass(String className, Class<?> callingClass)
throws ClassNotFoundException {
try {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
if (cl != null) {
return cl.loadClass(className);
}
} catch (ClassNotFoundException e) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, e.getMessage(), e);
}
//ignore
}
return loadClass2(className, callingClass);
}
private static Class<?> loadClass2(String className, Class<?> callingClass)
throws ClassNotFoundException {
try {
return Class.forName(className);
} catch (ClassNotFoundException ex) {
try {
if (ClassLoaderUtils.class.getClassLoader() != null) {
return ClassLoaderUtils.class.getClassLoader().loadClass(className);
}
} catch (ClassNotFoundException exc) {
if (callingClass != null && callingClass.getClassLoader() != null) {
return callingClass.getClassLoader().loadClass(className);
}
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
}
throw ex;
}
}
}
src/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
浏览文件 @ eae7e7bf
...@@ -2,28 +2,28 @@ ...@@ -2,28 +2,28 @@
* reserved comment block * reserved comment block
* DO NOT REMOVE OR ALTER! * DO NOT REMOVE OR ALTER!
*/ */
/* /**
* Copyright 1999-2008 The Apache Software Foundation. * Licensed to the Apache Software Foundation (ASF) under one
* * or more contributor license agreements. See the NOTICE file
* Licensed under the Apache License, Version 2.0 (the "License"); * distributed with this work for additional information
* you may not use this file except in compliance with the License. * regarding copyright ownership. The ASF licenses this file
* You may obtain a copy of the License at * to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* *
* http://www.apache.org/licenses/LICENSE-2.0 * http://www.apache.org/licenses/LICENSE-2.0
* *
* Unless required by applicable law or agreed to in writing, software * Unless required by applicable law or agreed to in writing,
* distributed under the License is distributed on an "AS IS" BASIS, * software distributed under the License is distributed on an
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* See the License for the specific language governing permissions and * KIND, either express or implied. See the License for the
* limitations under the License. * specific language governing permissions and limitations
* * under the License.
*/ */
package com.sun.org.apache.xml.internal.security.utils; package com.sun.org.apache.xml.internal.security.utils;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.HashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.Map; import java.util.Map;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException; import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
...@@ -35,42 +35,27 @@ import org.w3c.dom.Node; ...@@ -35,42 +35,27 @@ import org.w3c.dom.Node;
import org.w3c.dom.NodeList; import org.w3c.dom.NodeList;
import org.w3c.dom.Text; import org.w3c.dom.Text;
/** /**
* This is the base class to all Objects which have a direct 1:1 mapping to an * This is the base class to all Objects which have a direct 1:1 mapping to an
* Element in a particular namespace. * Element in a particular namespace.
*
* @author $Author: mullan $
*/ */
public abstract class ElementProxy { public abstract class ElementProxy {
/** {@link java.util.logging} logging facility */ protected static final java.util.logging.Logger log =
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(ElementProxy.class.getName()); java.util.logging.Logger.getLogger(ElementProxy.class.getName());
/** /** Field constructionElement */
* Returns the namespace of the Elements of the sub-class.
*
* @return the namespace of the Elements of the sub-class.
*/
public abstract String getBaseNamespace();
/**
* Returns the localname of the Elements of the sub-class.
*
* @return the localname of the Elements of the sub-class.
*/
public abstract String getBaseLocalName();
/** Field _constructionElement */
protected Element _constructionElement = null; protected Element _constructionElement = null;
/** Field _baseURI */ /** Field baseURI */
protected String _baseURI = null; protected String _baseURI = null;
/** Field _doc */ /** Field doc */
protected Document _doc = null; protected Document _doc = null;
/** Field prefixMappings */
private static Map<String, String> prefixMappings = new ConcurrentHashMap<String, String>();
/** /**
* Constructor ElementProxy * Constructor ElementProxy
* *
...@@ -89,37 +74,67 @@ public abstract class ElementProxy { ...@@ -89,37 +74,67 @@ public abstract class ElementProxy {
} }
this._doc = doc; this._doc = doc;
this._constructionElement = createElementForFamilyLocal(this._doc, this._constructionElement =
this.getBaseNamespace(), this.getBaseLocalName()); createElementForFamilyLocal(this._doc, this.getBaseNamespace(), this.getBaseLocalName());
} }
protected Element createElementForFamilyLocal(Document doc, String namespace,
String localName) { /**
* Constructor ElementProxy
*
* @param element
* @param BaseURI
* @throws XMLSecurityException
*/
public ElementProxy(Element element, String BaseURI) throws XMLSecurityException {
if (element == null) {
throw new XMLSecurityException("ElementProxy.nullElement");
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "setElement(\"" + element.getTagName() + "\", \"" + BaseURI + "\")");
}
this._doc = element.getOwnerDocument();
this._constructionElement = element;
this._baseURI = BaseURI;
this.guaranteeThatElementInCorrectSpace();
}
/**
* Returns the namespace of the Elements of the sub-class.
*
* @return the namespace of the Elements of the sub-class.
*/
public abstract String getBaseNamespace();
/**
* Returns the localname of the Elements of the sub-class.
*
* @return the localname of the Elements of the sub-class.
*/
public abstract String getBaseLocalName();
protected Element createElementForFamilyLocal(
Document doc, String namespace, String localName
) {
Element result = null; Element result = null;
if (namespace == null) { if (namespace == null) {
result = doc.createElementNS(null, localName); result = doc.createElementNS(null, localName);
} else { } else {
String baseName=this.getBaseNamespace(); String baseName = this.getBaseNamespace();
String prefix=ElementProxy.getDefaultPrefix(baseName); String prefix = ElementProxy.getDefaultPrefix(baseName);
if ((prefix == null) || (prefix.length() == 0)) { if ((prefix == null) || (prefix.length() == 0)) {
result = doc.createElementNS(namespace, localName); result = doc.createElementNS(namespace, localName);
result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", namespace);
result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns",
namespace);
} else { } else {
String tagName=null; result = doc.createElementNS(namespace, prefix + ":" + localName);
String defaultPrefixNaming=ElementProxy.getDefaultPrefixBindings(baseName); result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix, namespace);
StringBuffer sb=new StringBuffer(prefix);
sb.append(':');
sb.append(localName);
tagName=sb.toString();
result = doc.createElementNS(namespace, tagName );
result.setAttributeNS(Constants.NamespaceSpecNS, defaultPrefixNaming,
namespace);
} }
} }
return result; return result;
} }
/** /**
...@@ -134,9 +149,7 @@ public abstract class ElementProxy { ...@@ -134,9 +149,7 @@ public abstract class ElementProxy {
* @param localName * @param localName
* @return The element created. * @return The element created.
*/ */
public static Element createElementForFamily(Document doc, String namespace, public static Element createElementForFamily(Document doc, String namespace, String localName) {
String localName) {
//Element nscontext = XMLUtils.createDSctx(doc, "x", namespace);
Element result = null; Element result = null;
String prefix = ElementProxy.getDefaultPrefix(namespace); String prefix = ElementProxy.getDefaultPrefix(namespace);
...@@ -145,14 +158,10 @@ public abstract class ElementProxy { ...@@ -145,14 +158,10 @@ public abstract class ElementProxy {
} else { } else {
if ((prefix == null) || (prefix.length() == 0)) { if ((prefix == null) || (prefix.length() == 0)) {
result = doc.createElementNS(namespace, localName); result = doc.createElementNS(namespace, localName);
result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", namespace);
result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns",
namespace);
} else { } else {
result = doc.createElementNS(namespace, prefix + ":" + localName); result = doc.createElementNS(namespace, prefix + ":" + localName);
result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix, namespace);
result.setAttributeNS(Constants.NamespaceSpecNS, ElementProxy.getDefaultPrefixBindings(namespace),
namespace);
} }
} }
...@@ -166,9 +175,7 @@ public abstract class ElementProxy { ...@@ -166,9 +175,7 @@ public abstract class ElementProxy {
* @param BaseURI * @param BaseURI
* @throws XMLSecurityException * @throws XMLSecurityException
*/ */
public void setElement(Element element, String BaseURI) public void setElement(Element element, String BaseURI) throws XMLSecurityException {
throws XMLSecurityException {
if (element == null) { if (element == null) {
throw new XMLSecurityException("ElementProxy.nullElement"); throw new XMLSecurityException("ElementProxy.nullElement");
} }
...@@ -182,30 +189,6 @@ public abstract class ElementProxy { ...@@ -182,30 +189,6 @@ public abstract class ElementProxy {
this._baseURI = BaseURI; this._baseURI = BaseURI;
} }
/**
* Constructor ElementProxy
*
* @param element
* @param BaseURI
* @throws XMLSecurityException
*/
public ElementProxy(Element element, String BaseURI)
throws XMLSecurityException {
if (element == null) {
throw new XMLSecurityException("ElementProxy.nullElement");
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "setElement(\"" + element.getTagName() + "\", \"" + BaseURI
+ "\")");
}
this._doc = element.getOwnerDocument();
this._constructionElement = element;
this._baseURI = BaseURI;
this.guaranteeThatElementInCorrectSpace();
}
/** /**
* Returns the Element which was constructed by the Object. * Returns the Element which was constructed by the Object.
...@@ -250,31 +233,36 @@ public abstract class ElementProxy { ...@@ -250,31 +233,36 @@ public abstract class ElementProxy {
return this._baseURI; return this._baseURI;
} }
static ElementChecker checker = new ElementCheckerImpl.InternedNsChecker();
/** /**
* Method guaranteeThatElementInCorrectSpace * Method guaranteeThatElementInCorrectSpace
* *
* @throws XMLSecurityException * @throws XMLSecurityException
*/ */
void guaranteeThatElementInCorrectSpace() void guaranteeThatElementInCorrectSpace() throws XMLSecurityException {
throws XMLSecurityException {
checker.guaranteeThatElementInCorrectSpace(this,this._constructionElement); String expectedLocalName = this.getBaseLocalName();
String expectedNamespaceUri = this.getBaseNamespace();
String actualLocalName = this._constructionElement.getLocalName();
String actualNamespaceUri = this._constructionElement.getNamespaceURI();
if(!expectedNamespaceUri.equals(actualNamespaceUri)
&& !expectedLocalName.equals(actualLocalName)) {
Object exArgs[] = { actualNamespaceUri + ":" + actualLocalName,
expectedNamespaceUri + ":" + expectedLocalName};
throw new XMLSecurityException("xml.WrongElement", exArgs);
}
} }
/** /**
* Method setVal * Method addBigIntegerElement
* *
* @param bi * @param bi
* @param localname * @param localname
*/ */
public void addBigIntegerElement(BigInteger bi, String localname) { public void addBigIntegerElement(BigInteger bi, String localname) {
if (bi != null) { if (bi != null) {
Element e = XMLUtils.createElementInSignatureSpace(this._doc, Element e = XMLUtils.createElementInSignatureSpace(this._doc, localname);
localname);
Base64.fillElementWithBigInteger(e, bi); Base64.fillElementWithBigInteger(e, bi);
this._constructionElement.appendChild(e); this._constructionElement.appendChild(e);
...@@ -289,9 +277,7 @@ public abstract class ElementProxy { ...@@ -289,9 +277,7 @@ public abstract class ElementProxy {
* @param localname * @param localname
*/ */
public void addBase64Element(byte[] bytes, String localname) { public void addBase64Element(byte[] bytes, String localname) {
if (bytes != null) { if (bytes != null) {
Element e = Base64.encodeToElement(this._doc, localname, bytes); Element e = Base64.encodeToElement(this._doc, localname, bytes);
this._constructionElement.appendChild(e); this._constructionElement.appendChild(e);
...@@ -308,7 +294,6 @@ public abstract class ElementProxy { ...@@ -308,7 +294,6 @@ public abstract class ElementProxy {
* @param localname * @param localname
*/ */
public void addTextElement(String text, String localname) { public void addTextElement(String text, String localname) {
Element e = XMLUtils.createElementInSignatureSpace(this._doc, localname); Element e = XMLUtils.createElementInSignatureSpace(this._doc, localname);
Text t = this._doc.createTextNode(text); Text t = this._doc.createTextNode(text);
...@@ -323,7 +308,6 @@ public abstract class ElementProxy { ...@@ -323,7 +308,6 @@ public abstract class ElementProxy {
* @param bytes * @param bytes
*/ */
public void addBase64Text(byte[] bytes) { public void addBase64Text(byte[] bytes) {
if (bytes != null) { if (bytes != null) {
Text t = XMLUtils.ignoreLineBreaks() Text t = XMLUtils.ignoreLineBreaks()
? this._doc.createTextNode(Base64.encode(bytes)) ? this._doc.createTextNode(Base64.encode(bytes))
...@@ -338,7 +322,6 @@ public abstract class ElementProxy { ...@@ -338,7 +322,6 @@ public abstract class ElementProxy {
* @param text * @param text
*/ */
public void addText(String text) { public void addText(String text) {
if (text != null) { if (text != null) {
Text t = this._doc.createTextNode(text); Text t = this._doc.createTextNode(text);
...@@ -351,16 +334,17 @@ public abstract class ElementProxy { ...@@ -351,16 +334,17 @@ public abstract class ElementProxy {
* *
* @param localname * @param localname
* @param namespace * @param namespace
* @return The biginter contained in the given element * @return The biginteger contained in the given element
* @throws Base64DecodingException * @throws Base64DecodingException
*/ */
public BigInteger getBigIntegerFromChildElement( public BigInteger getBigIntegerFromChildElement(
String localname, String namespace) throws Base64DecodingException { String localname, String namespace
) throws Base64DecodingException {
return Base64.decodeBigIntegerFromText( return Base64.decodeBigIntegerFromText(
XMLUtils.selectNodeText(this._constructionElement.getFirstChild(), XMLUtils.selectNodeText(
namespace,localname,0)); this._constructionElement.getFirstChild(), namespace, localname, 0
)
);
} }
/** /**
...@@ -374,13 +358,10 @@ public abstract class ElementProxy { ...@@ -374,13 +358,10 @@ public abstract class ElementProxy {
@Deprecated @Deprecated
public byte[] getBytesFromChildElement(String localname, String namespace) public byte[] getBytesFromChildElement(String localname, String namespace)
throws XMLSecurityException { throws XMLSecurityException {
Element e = Element e =
XMLUtils.selectNode( XMLUtils.selectNode(
this._constructionElement.getFirstChild(), this._constructionElement.getFirstChild(), namespace, localname, 0
namespace, );
localname,
0);
return Base64.decode(e); return Base64.decode(e);
} }
...@@ -393,13 +374,11 @@ public abstract class ElementProxy { ...@@ -393,13 +374,11 @@ public abstract class ElementProxy {
* @return the Text of the textNode * @return the Text of the textNode
*/ */
public String getTextFromChildElement(String localname, String namespace) { public String getTextFromChildElement(String localname, String namespace) {
return XMLUtils.selectNode( return XMLUtils.selectNode(
this._constructionElement.getFirstChild(), this._constructionElement.getFirstChild(),
namespace, namespace,
localname, localname,
0).getFirstChild().getNodeValue(); 0).getTextContent();
} }
/** /**
...@@ -409,8 +388,7 @@ public abstract class ElementProxy { ...@@ -409,8 +388,7 @@ public abstract class ElementProxy {
* @throws XMLSecurityException * @throws XMLSecurityException
*/ */
public byte[] getBytesFromTextChild() throws XMLSecurityException { public byte[] getBytesFromTextChild() throws XMLSecurityException {
return Base64.decode return Base64.decode(XMLUtils.getFullTextChildrenFromElement(this._constructionElement));
(XMLUtils.getFullTextChildrenFromElement(this._constructionElement));
} }
/** /**
...@@ -431,15 +409,14 @@ public abstract class ElementProxy { ...@@ -431,15 +409,14 @@ public abstract class ElementProxy {
* @return the number of elements {namespace}:localname under this element * @return the number of elements {namespace}:localname under this element
*/ */
public int length(String namespace, String localname) { public int length(String namespace, String localname) {
int number=0; int number = 0;
Node sibling=this._constructionElement.getFirstChild(); Node sibling = this._constructionElement.getFirstChild();
while (sibling!=null) { while (sibling != null) {
if (localname.equals(sibling.getLocalName()) if (localname.equals(sibling.getLocalName())
&& && namespace.equals(sibling.getNamespaceURI())) {
namespace==sibling.getNamespaceURI() ) {
number++; number++;
} }
sibling=sibling.getNextSibling(); sibling = sibling.getNextSibling();
} }
return number; return number;
} }
...@@ -459,7 +436,6 @@ public abstract class ElementProxy { ...@@ -459,7 +436,6 @@ public abstract class ElementProxy {
*/ */
public void setXPathNamespaceContext(String prefix, String uri) public void setXPathNamespaceContext(String prefix, String uri)
throws XMLSecurityException { throws XMLSecurityException {
String ns; String ns;
if ((prefix == null) || (prefix.length() == 0)) { if ((prefix == null) || (prefix.length() == 0)) {
...@@ -472,30 +448,20 @@ public abstract class ElementProxy { ...@@ -472,30 +448,20 @@ public abstract class ElementProxy {
ns = "xmlns:" + prefix; ns = "xmlns:" + prefix;
} }
Attr a = this._constructionElement.getAttributeNodeNS(Constants.NamespaceSpecNS, ns); Attr a = this._constructionElement.getAttributeNodeNS(Constants.NamespaceSpecNS, ns);
if (a != null) { if (a != null) {
if (!a.getNodeValue().equals(uri)) { if (!a.getNodeValue().equals(uri)) {
Object exArgs[] = { ns, Object exArgs[] = { ns, this._constructionElement.getAttributeNS(null, ns) };
this._constructionElement.getAttributeNS(null,
ns) };
throw new XMLSecurityException("namespacePrefixAlreadyUsedByOtherURI", throw new XMLSecurityException("namespacePrefixAlreadyUsedByOtherURI", exArgs);
exArgs);
} }
return; return;
} }
this._constructionElement.setAttributeNS(Constants.NamespaceSpecNS, ns, this._constructionElement.setAttributeNS(Constants.NamespaceSpecNS, ns, uri);
uri);
} }
/** Field _prefixMappings */
static Map<String, String> _prefixMappings = new HashMap<String,String>();
static Map<String, String> _prefixMappingsBindings = new HashMap<String,String>();
/** /**
* Method setDefaultPrefix * Method setDefaultPrefix
* *
...@@ -505,25 +471,38 @@ public abstract class ElementProxy { ...@@ -505,25 +471,38 @@ public abstract class ElementProxy {
*/ */
public static void setDefaultPrefix(String namespace, String prefix) public static void setDefaultPrefix(String namespace, String prefix)
throws XMLSecurityException { throws XMLSecurityException {
if (prefixMappings.containsValue(prefix)) {
if (ElementProxy._prefixMappings.containsValue(prefix)) { String storedPrefix = prefixMappings.get(namespace);
if (!storedPrefix.equals(prefix)) {
Object storedNamespace=ElementProxy._prefixMappings.get(namespace); Object exArgs[] = { prefix, namespace, storedPrefix };
if (!storedNamespace.equals(prefix)) {
Object exArgs[] = { prefix, namespace, storedNamespace };
throw new XMLSecurityException("prefix.AlreadyAssigned", exArgs); throw new XMLSecurityException("prefix.AlreadyAssigned", exArgs);
} }
} }
if (Constants.SignatureSpecNS.equals(namespace)) { if (Constants.SignatureSpecNS.equals(namespace)) {
XMLUtils.dsPrefix=prefix; XMLUtils.setDsPrefix(prefix);
} }
ElementProxy._prefixMappings.put(namespace, prefix.intern()); if (EncryptionConstants.EncryptionSpecNS.equals(namespace)) {
if (prefix.length() == 0) { XMLUtils.setXencPrefix(prefix);
ElementProxy._prefixMappingsBindings.put(namespace, "xmlns");
} else {
ElementProxy._prefixMappingsBindings.put(namespace, ("xmlns:"+prefix).intern());
} }
prefixMappings.put(namespace, prefix);
}
/**
* This method registers the default prefixes.
*/
public static void registerDefaultPrefixes() throws XMLSecurityException {
setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
setDefaultPrefix("http://www.w3.org/2001/04/xmlenc#", "xenc");
setDefaultPrefix("http://www.w3.org/2009/xmlenc11#", "xenc11");
setDefaultPrefix("http://www.xmlsecurity.org/experimental#", "experimental");
setDefaultPrefix("http://www.w3.org/2002/04/xmldsig-filter2", "dsig-xpath-old");
setDefaultPrefix("http://www.w3.org/2002/06/xmldsig-filter2", "dsig-xpath");
setDefaultPrefix("http://www.w3.org/2001/10/xml-exc-c14n#", "ec");
setDefaultPrefix(
"http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter", "xx"
);
} }
/** /**
...@@ -533,10 +512,7 @@ public abstract class ElementProxy { ...@@ -533,10 +512,7 @@ public abstract class ElementProxy {
* @return the default prefix bind to this element. * @return the default prefix bind to this element.
*/ */
public static String getDefaultPrefix(String namespace) { public static String getDefaultPrefix(String namespace) {
return ElementProxy._prefixMappings.get(namespace); return prefixMappings.get(namespace);
} }
public static String getDefaultPrefixBindings(String namespace) {
return ElementProxy._prefixMappingsBindings.get(namespace);
}
} }
src/share/classes/com/sun/org/apache/xml/internal/security/utils/I18n.java
浏览文件 @ eae7e7bf
...@@ -2,21 +2,23 @@ ...@@ -2,21 +2,23 @@
* reserved comment block * reserved comment block
* DO NOT REMOVE OR ALTER! * DO NOT REMOVE OR ALTER!
*/ */
/* /**
* Copyright 1999-2004 The Apache Software Foundation. * Licensed to the Apache Software Foundation (ASF) under one
* * or more contributor license agreements. See the NOTICE file
* Licensed under the Apache License, Version 2.0 (the "License"); * distributed with this work for additional information
* you may not use this file except in compliance with the License. * regarding copyright ownership. The ASF licenses this file
* You may obtain a copy of the License at * to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* *
* http://www.apache.org/licenses/LICENSE-2.0 * http://www.apache.org/licenses/LICENSE-2.0
* *
* Unless required by applicable law or agreed to in writing, software * Unless required by applicable law or agreed to in writing,
* distributed under the License is distributed on an "AS IS" BASIS, * software distributed under the License is distributed on an
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* See the License for the specific language governing permissions and * KIND, either express or implied. See the License for the
* limitations under the License. * specific language governing permissions and limitations
* * under the License.
*/ */
package com.sun.org.apache.xml.internal.security.utils; package com.sun.org.apache.xml.internal.security.utils;
...@@ -37,32 +39,17 @@ public class I18n { ...@@ -37,32 +39,17 @@ public class I18n {
+ "Call the static method \"com.sun.org.apache.xml.internal.security.Init.init();\" to do that " + "Call the static method \"com.sun.org.apache.xml.internal.security.Init.init();\" to do that "
+ "before you use any functionality from that library."; + "before you use any functionality from that library.";
/** Field defaultLanguageCode */
private static String defaultLanguageCode; // will be set in static{} block
/** Field defaultCountryCode */
private static String defaultCountryCode; // will be set in static{} block
/** Field resourceBundle */ /** Field resourceBundle */
private static ResourceBundle resourceBundle = private static ResourceBundle resourceBundle;
ResourceBundle.getBundle
(Constants.exceptionMessagesResourceBundleBase, Locale.US);
/** Field alreadyInitialized */ /** Field alreadyInitialized */
private static boolean alreadyInitialized = false; private static boolean alreadyInitialized = false;
/** Field _languageCode */
private static String _languageCode = null;
/** Field _countryCode */
private static String _countryCode = null;
/** /**
* Constructor I18n * Constructor I18n
* *
*/ */
private I18n() { private I18n() {
// we don't allow instantiation // we don't allow instantiation
} }
...@@ -75,7 +62,8 @@ public class I18n { ...@@ -75,7 +62,8 @@ public class I18n {
* <CODE>exceptionMessagesResourceBundleBase</CODE> * <CODE>exceptionMessagesResourceBundleBase</CODE>
* *
* @param message * @param message
* @param args is an <CODE>Object[]</CODE> array of strings which are inserted into the String which is retrieved from the <CODE>ResouceBundle</CODE> * @param args is an <CODE>Object[]</CODE> array of strings which are inserted into
* the String which is retrieved from the <CODE>ResouceBundle</CODE>
* @return message translated * @return message translated
*/ */
public static String translate(String message, Object[] args) { public static String translate(String message, Object[] args) {
...@@ -85,8 +73,8 @@ public class I18n { ...@@ -85,8 +73,8 @@ public class I18n {
/** /**
* Method translate * Method translate
* *
* translates a message ID into an internationalized String, see alse * translates a message ID into an internationalized String, see also
* <CODE>XMLSecurityException.getExceptionMEssage()</CODE> * <CODE>XMLSecurityException.getExceptionMessage()</CODE>
* *
* @param message * @param message
* @return message translated * @return message translated
...@@ -103,11 +91,8 @@ public class I18n { ...@@ -103,11 +91,8 @@ public class I18n {
* *
*/ */
public static String getExceptionMessage(String msgID) { public static String getExceptionMessage(String msgID) {
try { try {
String s = resourceBundle.getString(msgID); return resourceBundle.getString(msgID);
return s;
} catch (Throwable t) { } catch (Throwable t) {
if (com.sun.org.apache.xml.internal.security.Init.isInitialized()) { if (com.sun.org.apache.xml.internal.security.Init.isInitialized()) {
return "No message with ID \"" + msgID return "No message with ID \"" + msgID
...@@ -125,15 +110,10 @@ public class I18n { ...@@ -125,15 +110,10 @@ public class I18n {
* @param originalException * @param originalException
* @return message translated * @return message translated
*/ */
public static String getExceptionMessage(String msgID, public static String getExceptionMessage(String msgID, Exception originalException) {
Exception originalException) {
try { try {
Object exArgs[] = { originalException.getMessage() }; Object exArgs[] = { originalException.getMessage() };
String s = MessageFormat.format(resourceBundle.getString(msgID), return MessageFormat.format(resourceBundle.getString(msgID), exArgs);
exArgs);
return s;
} catch (Throwable t) { } catch (Throwable t) {
if (com.sun.org.apache.xml.internal.security.Init.isInitialized()) { if (com.sun.org.apache.xml.internal.security.Init.isInitialized()) {
return "No message with ID \"" + msgID return "No message with ID \"" + msgID
...@@ -155,12 +135,8 @@ public class I18n { ...@@ -155,12 +135,8 @@ public class I18n {
* @return message translated * @return message translated
*/ */
public static String getExceptionMessage(String msgID, Object exArgs[]) { public static String getExceptionMessage(String msgID, Object exArgs[]) {
try { try {
String s = MessageFormat.format(resourceBundle.getString(msgID), return MessageFormat.format(resourceBundle.getString(msgID), exArgs);
exArgs);
return s;
} catch (Throwable t) { } catch (Throwable t) {
if (com.sun.org.apache.xml.internal.security.Init.isInitialized()) { if (com.sun.org.apache.xml.internal.security.Init.isInitialized()) {
return "No message with ID \"" + msgID return "No message with ID \"" + msgID
...@@ -171,62 +147,22 @@ public class I18n { ...@@ -171,62 +147,22 @@ public class I18n {
} }
} }
// /**
// Commented out because it modifies shared static * Method init
// state which could be maliciously called by untrusted code *
// * @param languageCode
// /** * @param countryCode
// * Method init */
// * public synchronized static void init(String languageCode, String countryCode) {
// * @param _defaultLanguageCode if (alreadyInitialized) {
// * @param _defaultCountryCode return;
// */ }
// public static void init(String _defaultLanguageCode,
// String _defaultCountryCode) {
//
// I18n.defaultLanguageCode = _defaultLanguageCode;
//
// if (I18n.defaultLanguageCode == null) {
// I18n.defaultLanguageCode = Locale.getDefault().getLanguage();
// }
//
// I18n.defaultCountryCode = _defaultCountryCode;
//
// if (I18n.defaultCountryCode == null) {
// I18n.defaultCountryCode = Locale.getDefault().getCountry();
// }
//
// initLocale(I18n.defaultLanguageCode, I18n.defaultCountryCode);
// }
// I18n.resourceBundle =
// Commented out because it modifies shared static ResourceBundle.getBundle(
// state which could be maliciously called by untrusted code Constants.exceptionMessagesResourceBundleBase,
// new Locale(languageCode, countryCode)
// /** );
// * Method initLocale alreadyInitialized = true;
// * }
// * @param languageCode
// * @param countryCode
// */
// public static void initLocale(String languageCode, String countryCode) {
//
// if (alreadyInitialized && languageCode.equals(_languageCode)
// && countryCode.equals(_countryCode)) {
// return;
// }
//
// if ((languageCode != null) && (countryCode != null)
// && (languageCode.length() > 0) && (countryCode.length() > 0)) {
// _languageCode = languageCode;
// _countryCode = countryCode;
// } else {
// _countryCode = I18n.defaultCountryCode;
// _languageCode = I18n.defaultLanguageCode;
// }
//
// I18n.resourceBundle =
// ResourceBundle.getBundle(Constants.exceptionMessagesResourceBundleBase,
// new Locale(_languageCode, _countryCode));
// }
} }
src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java
浏览文件 @ eae7e7bf
...@@ -21,14 +21,15 @@ ...@@ -21,14 +21,15 @@
package com.sun.org.apache.xml.internal.security.utils; package com.sun.org.apache.xml.internal.security.utils;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.security.AccessController; import java.security.AccessController;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
...@@ -60,6 +61,12 @@ public class XMLUtils { ...@@ -60,6 +61,12 @@ public class XMLUtils {
} }
}); });
private static volatile String dsPrefix = "ds";
private static volatile String xencPrefix = "xenc";
private static final java.util.logging.Logger log =
java.util.logging.Logger.getLogger(XMLUtils.class.getName());
/** /**
* Constructor XMLUtils * Constructor XMLUtils
* *
...@@ -68,6 +75,23 @@ public class XMLUtils { ...@@ -68,6 +75,23 @@ public class XMLUtils {
// we don't allow instantiation // we don't allow instantiation
} }
/**
* Set the prefix for the digital signature namespace
* @param prefix the new prefix for the digital signature namespace
*/
public static void setDsPrefix(String prefix) {
dsPrefix = prefix;
}
/**
* Set the prefix for the encryption namespace
* @param prefix the new prefix for the encryption namespace
*/
public static void setXencPrefix(String prefix) {
xencPrefix = prefix;
}
public static Element getNextElement(Node el) { public static Element getNextElement(Node el) {
while ((el!=null) && (el.getNodeType()!=Node.ELEMENT_NODE)) { while ((el!=null) && (el.getNodeType()!=Node.ELEMENT_NODE)) {
el=el.getNextSibling(); el=el.getNextSibling();
...@@ -230,9 +254,8 @@ public class XMLUtils { ...@@ -230,9 +254,8 @@ public class XMLUtils {
return sb.toString(); return sb.toString();
} }
static String dsPrefix=null;
static Map<String, String> namePrefixes=new HashMap<String, String>(); static Map<String, String> namePrefixes=new HashMap<String, String>();
/** /**
* Creates an Element in the XML Signature specification namespace. * Creates an Element in the XML Signature specification namespace.
* *
...@@ -269,9 +292,13 @@ public class XMLUtils { ...@@ -269,9 +292,13 @@ public class XMLUtils {
* @param localName * @param localName
* @return true if the element is in XML Signature namespace and the local name equals the supplied one * @return true if the element is in XML Signature namespace and the local name equals the supplied one
*/ */
public static boolean elementIsInSignatureSpace(Element element, public static boolean elementIsInSignatureSpace(Element element, String localName) {
String localName) { if (element == null) {
return ElementProxy.checker.isNamespaceElement(element, localName, Constants.SignatureSpecNS); return false;
}
return Constants.SignatureSpecNS.equals(element.getNamespaceURI())
&& element.getLocalName().equals(localName);
} }
/** /**
...@@ -282,9 +309,12 @@ public class XMLUtils { ...@@ -282,9 +309,12 @@ public class XMLUtils {
* @param localName * @param localName
* @return true if the element is in XML Encryption namespace and the local name equals the supplied one * @return true if the element is in XML Encryption namespace and the local name equals the supplied one
*/ */
public static boolean elementIsInEncryptionSpace(Element element, public static boolean elementIsInEncryptionSpace(Element element, String localName) {
String localName) { if (element == null) {
return ElementProxy.checker.isNamespaceElement(element, localName, EncryptionConstants.EncryptionSpecNS); return false;
}
return EncryptionConstants.EncryptionSpecNS.equals(element.getNamespaceURI())
&& element.getLocalName().equals(localName);
} }
/** /**
...@@ -511,14 +541,15 @@ public class XMLUtils { ...@@ -511,14 +541,15 @@ public class XMLUtils {
* @return nodes with the constrain * @return nodes with the constrain
*/ */
public static Element selectDsNode(Node sibling, String nodeName, int number) { public static Element selectDsNode(Node sibling, String nodeName, int number) {
while (sibling!=null) { while (sibling != null) {
if (ElementProxy.checker.isNamespaceElement(sibling, nodeName, Constants.SignatureSpecNS )) { if (Constants.SignatureSpecNS.equals(sibling.getNamespaceURI())
if (number==0){ && sibling.getLocalName().equals(nodeName)) {
if (number == 0){
return (Element)sibling; return (Element)sibling;
} }
number--; number--;
} }
sibling=sibling.getNextSibling(); sibling = sibling.getNextSibling();
} }
return null; return null;
} }
...@@ -529,21 +560,20 @@ public class XMLUtils { ...@@ -529,21 +560,20 @@ public class XMLUtils {
* @param number * @param number
* @return nodes with the constrain * @return nodes with the constrain
*/ */
public static Element selectXencNode(Node sibling, String nodeName, int number) { public static Element selectXencNode(Node sibling, String nodeName, int number) {
while (sibling!=null) { while (sibling != null) {
if (ElementProxy.checker.isNamespaceElement(sibling, nodeName, EncryptionConstants.EncryptionSpecNS )) { if (EncryptionConstants.EncryptionSpecNS.equals(sibling.getNamespaceURI())
if (number==0){ && sibling.getLocalName().equals(nodeName)) {
if (number == 0){
return (Element)sibling; return (Element)sibling;
} }
number--; number--;
} }
sibling=sibling.getNextSibling(); sibling = sibling.getNextSibling();
} }
return null; return null;
} }
/** /**
* @param sibling * @param sibling
* @param nodeName * @param nodeName
...@@ -588,15 +618,16 @@ public class XMLUtils { ...@@ -588,15 +618,16 @@ public class XMLUtils {
* @param number * @param number
* @return nodes with the constrain * @return nodes with the constrain
*/ */
public static Element selectNode(Node sibling, String uri,String nodeName, int number) { public static Element selectNode(Node sibling, String uri, String nodeName, int number) {
while (sibling!=null) { while (sibling != null) {
if (ElementProxy.checker.isNamespaceElement(sibling, nodeName, uri)) { if (sibling.getNamespaceURI() != null && sibling.getNamespaceURI().equals(uri)
if (number==0){ && sibling.getLocalName().equals(nodeName)) {
if (number == 0){
return (Element)sibling; return (Element)sibling;
} }
number--; number--;
} }
sibling=sibling.getNextSibling(); sibling = sibling.getNextSibling();
} }
return null; return null;
} }
...@@ -606,36 +637,26 @@ public class XMLUtils { ...@@ -606,36 +637,26 @@ public class XMLUtils {
* @param nodeName * @param nodeName
* @return nodes with the constrain * @return nodes with the constrain
*/ */
public static Element[] selectDsNodes(Node sibling,String nodeName) { public static Element[] selectDsNodes(Node sibling, String nodeName) {
return selectNodes(sibling,Constants.SignatureSpecNS,nodeName); return selectNodes(sibling,Constants.SignatureSpecNS, nodeName);
} }
/** /**
* @param sibling * @param sibling
* @param uri * @param uri
* @param nodeName * @param nodeName
* @return nodes with the constrain * @return nodes with the constrain
*/ */
public static Element[] selectNodes(Node sibling,String uri,String nodeName) { public static Element[] selectNodes(Node sibling, String uri, String nodeName) {
int size=20; List<Element> list = new ArrayList<Element>();
Element[] a= new Element[size]; while (sibling != null) {
int curr=0; if (sibling.getNamespaceURI() != null && sibling.getNamespaceURI().equals(uri)
//List list=new ArrayList(); && sibling.getLocalName().equals(nodeName)) {
while (sibling!=null) { list.add((Element)sibling);
if (ElementProxy.checker.isNamespaceElement(sibling, nodeName, uri)) {
a[curr++]=(Element)sibling;
if (size<=curr) {
int cursize= size<<2;
Element []cp=new Element[cursize];
System.arraycopy(a,0,cp,0,size);
a=cp;
size=cursize;
} }
sibling = sibling.getNextSibling();
} }
sibling=sibling.getNextSibling(); return list.toArray(new Element[list.size()]);
}
Element []af=new Element[curr];
System.arraycopy(a,0,af,0,curr);
return af;
} }
/** /**
...@@ -694,4 +715,127 @@ public class XMLUtils { ...@@ -694,4 +715,127 @@ public class XMLUtils {
public static boolean ignoreLineBreaks() { public static boolean ignoreLineBreaks() {
return ignoreLineBreaks; return ignoreLineBreaks;
} }
/**
* This method is a tree-search to help prevent against wrapping attacks.
* It checks that no two Elements have ID Attributes that match the "value"
* argument, if this is the case then "false" is returned. Note that a
* return value of "true" does not necessarily mean that a matching Element
* has been found, just that no wrapping attack has been detected.
*/
public static boolean protectAgainstWrappingAttack(Node startNode,
String value)
{
Node startParent = startNode.getParentNode();
Node processedNode = null;
Element foundElement = null;
String id = value.trim();
if (id.charAt(0) == '#') {
id = id.substring(1);
}
while (startNode != null) {
if (startNode.getNodeType() == Node.ELEMENT_NODE) {
Element se = (Element) startNode;
NamedNodeMap attributes = se.getAttributes();
if (attributes != null) {
for (int i = 0; i < attributes.getLength(); i++) {
Attr attr = (Attr)attributes.item(i);
if (attr.isId() && id.equals(attr.getValue())) {
if (foundElement == null) {
// Continue searching to find duplicates
foundElement = attr.getOwnerElement();
} else {
log.log(java.util.logging.Level.FINE, "Multiple elements with the same 'Id' attribute value!");
return false;
}
}
}
}
}
processedNode = startNode;
startNode = startNode.getFirstChild();
// no child, this node is done.
if (startNode == null) {
// close node processing, get sibling
startNode = processedNode.getNextSibling();
}
// no more siblings, get parent, all children
// of parent are processed.
while (startNode == null) {
processedNode = processedNode.getParentNode();
if (processedNode == startParent) {
return true;
}
// close parent node processing (processed node now)
startNode = processedNode.getNextSibling();
}
}
return true;
}
/**
* This method is a tree-search to help prevent against wrapping attacks.
* It checks that no other Element than the given "knownElement" argument
* has an ID attribute that matches the "value" argument, which is the ID
* value of "knownElement". If this is the case then "false" is returned.
*/
public static boolean protectAgainstWrappingAttack(Node startNode,
Element knownElement,
String value)
{
Node startParent = startNode.getParentNode();
Node processedNode = null;
String id = value.trim();
if (id.charAt(0) == '#') {
id = id.substring(1);
}
while (startNode != null) {
if (startNode.getNodeType() == Node.ELEMENT_NODE) {
Element se = (Element) startNode;
NamedNodeMap attributes = se.getAttributes();
if (attributes != null) {
for (int i = 0; i < attributes.getLength(); i++) {
Attr attr = (Attr)attributes.item(i);
if (attr.isId() && id.equals(attr.getValue())
&& se != knownElement)
{
log.log(java.util.logging.Level.FINE, "Multiple elements with the same 'Id' attribute value!");
return false;
}
}
}
}
processedNode = startNode;
startNode = startNode.getFirstChild();
// no child, this node is done.
if (startNode == null) {
// close node processing, get sibling
startNode = processedNode.getNextSibling();
}
// no more siblings, get parent, all children
// of parent are processed.
while (startNode == null) {
processedNode = processedNode.getParentNode();
if (processedNode == startParent) {
return true;
}
// close parent node processing (processed node now)
startNode = processedNode.getNextSibling();
}
}
return true;
}
} }
src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverSpi.java
浏览文件 @ eae7e7bf
...@@ -43,6 +43,8 @@ public abstract class ResourceResolverSpi { ...@@ -43,6 +43,8 @@ public abstract class ResourceResolverSpi {
/** Field _properties */ /** Field _properties */
protected java.util.Map<String,String> _properties = null; protected java.util.Map<String,String> _properties = null;
protected boolean secureValidation;
/** /**
* This is the workhorse method used to resolve resources. * This is the workhorse method used to resolve resources.
* *
......
src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java
浏览文件 @ eae7e7bf
...@@ -23,11 +23,12 @@ package com.sun.org.apache.xml.internal.security.utils.resolver.implementations; ...@@ -23,11 +23,12 @@ package com.sun.org.apache.xml.internal.security.utils.resolver.implementations;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.utils.IdResolver; import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException; import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi; import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr; import org.w3c.dom.Attr;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node; import org.w3c.dom.Node;
...@@ -51,21 +52,16 @@ public class ResolverFragment extends ResourceResolverSpi { ...@@ -51,21 +52,16 @@ public class ResolverFragment extends ResourceResolverSpi {
/** /**
* Method engineResolve * Method engineResolve
* *
* Wird das gleiche Dokument referenziert?
* Wird ein anderes Dokument referenziert?
* @inheritDoc * @inheritDoc
* @param uri * @param uri
* @param BaseURI * @param baseURI
*
*/ */
public XMLSignatureInput engineResolve(Attr uri, String BaseURI) public XMLSignatureInput engineResolve(Attr uri, String baseURI)
throws ResourceResolverException throws ResourceResolverException
{ {
String uriNodeValue = uri.getNodeValue(); String uriNodeValue = uri.getNodeValue();
Document doc = uri.getOwnerElement().getOwnerDocument(); Document doc = uri.getOwnerElement().getOwnerDocument();
Node selectedElem = null; Node selectedElem = null;
if (uriNodeValue.equals("")) { if (uriNodeValue.equals("")) {
...@@ -88,12 +84,20 @@ public class ResolverFragment extends ResourceResolverSpi { ...@@ -88,12 +84,20 @@ public class ResolverFragment extends ResourceResolverSpi {
*/ */
String id = uriNodeValue.substring(1); String id = uriNodeValue.substring(1);
// Element selectedElem = doc.getElementById(id); selectedElem = doc.getElementById(id);
selectedElem = IdResolver.getElementById(doc, id); if (selectedElem == null) {
if (selectedElem==null) { Object exArgs[] = { id };
throw new ResourceResolverException(
"signature.Verification.MissingID", exArgs, uri, baseURI);
}
if (secureValidation) {
Element start = uri.getOwnerDocument().getDocumentElement();
if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
Object exArgs[] = { id }; Object exArgs[] = { id };
throw new ResourceResolverException( throw new ResourceResolverException(
"signature.Verification.MissingID", exArgs, uri, BaseURI); "signature.Verification.MultipleIDs", exArgs,
uri, baseURI);
}
} }
if (log.isLoggable(java.util.logging.Level.FINE)) if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "Try to catch an Element with ID " + id + " and Element was " + selectedElem); log.log(java.util.logging.Level.FINE, "Try to catch an Element with ID " + id + " and Element was " + selectedElem);
...@@ -102,10 +106,12 @@ public class ResolverFragment extends ResourceResolverSpi { ...@@ -102,10 +106,12 @@ public class ResolverFragment extends ResourceResolverSpi {
XMLSignatureInput result = new XMLSignatureInput(selectedElem); XMLSignatureInput result = new XMLSignatureInput(selectedElem);
result.setExcludeComments(true); result.setExcludeComments(true);
//log.log(java.util.logging.Level.FINE, "We return a nodeset with " + resultSet.size() + " nodes");
result.setMIMEType("text/xml"); result.setMIMEType("text/xml");
result.setSourceURI((BaseURI != null) ? BaseURI.concat(uri.getNodeValue()) : if (baseURI != null && baseURI.length() > 0) {
uri.getNodeValue()); result.setSourceURI(baseURI.concat(uri.getNodeValue()));
} else {
result.setSourceURI(uri.getNodeValue());
}
return result; return result;
} }
......
src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverXPointer.java
浏览文件 @ eae7e7bf
...@@ -23,11 +23,12 @@ package com.sun.org.apache.xml.internal.security.utils.resolver.implementations; ...@@ -23,11 +23,12 @@ package com.sun.org.apache.xml.internal.security.utils.resolver.implementations;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.utils.IdResolver; import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException; import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi; import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr; import org.w3c.dom.Attr;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node; import org.w3c.dom.Node;
...@@ -56,44 +57,47 @@ public class ResolverXPointer extends ResourceResolverSpi { ...@@ -56,44 +57,47 @@ public class ResolverXPointer extends ResourceResolverSpi {
public boolean engineIsThreadSafe() { public boolean engineIsThreadSafe() {
return true; return true;
} }
/** /**
* @inheritDoc * @inheritDoc
*/ */
public XMLSignatureInput engineResolve(Attr uri, String BaseURI) public XMLSignatureInput engineResolve(Attr uri, String baseURI)
throws ResourceResolverException { throws ResourceResolverException {
Node resultNode = null; Node resultNode = null;
Document doc = uri.getOwnerElement().getOwnerDocument(); Document doc = uri.getOwnerElement().getOwnerDocument();
String uriStr=uri.getNodeValue(); String uriStr = uri.getNodeValue();
if (isXPointerSlash(uriStr)) { if (isXPointerSlash(uriStr)) {
resultNode = doc; resultNode = doc;
} else if (isXPointerId(uriStr)) { } else if (isXPointerId(uriStr)) {
String id = getXPointerId(uriStr); String id = getXPointerId(uriStr);
resultNode =IdResolver.getElementById(doc, id); resultNode = doc.getElementById(id);
// log.log(java.util.logging.Level.FINE, "Use #xpointer(id('" + id + "')) on element " + selectedElem); if (secureValidation) {
Element start = uri.getOwnerDocument().getDocumentElement();
if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
Object exArgs[] = { id };
throw new ResourceResolverException(
"signature.Verification.MultipleIDs", exArgs,
uri, baseURI);
}
}
if (resultNode == null) { if (resultNode == null) {
Object exArgs[] = { id }; Object exArgs[] = { id };
throw new ResourceResolverException( throw new ResourceResolverException(
"signature.Verification.MissingID", exArgs, uri, BaseURI); "signature.Verification.MissingID", exArgs, uri, baseURI);
} }
/*
resultNodes =
cXPathAPI
.selectNodeList(selectedElem, Canonicalizer
.XPATH_C14N_WITH_COMMENTS_SINGLE_NODE);*/
} }
XMLSignatureInput result = new XMLSignatureInput(resultNode); XMLSignatureInput result = new XMLSignatureInput(resultNode);
result.setMIMEType("text/xml"); result.setMIMEType("text/xml");
if (BaseURI != null && BaseURI.length() > 0) { if (baseURI != null && baseURI.length() > 0) {
result.setSourceURI(BaseURI.concat(uri.getNodeValue())); result.setSourceURI(baseURI.concat(uri.getNodeValue()));
} else { } else {
result.setSourceURI(uri.getNodeValue()); result.setSourceURI(uri.getNodeValue());
} }
......
src/share/classes/javax/xml/crypto/dsig/dom/DOMValidateContext.java
浏览文件 @ eae7e7bf
/* /*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2013 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -74,11 +74,7 @@ public class DOMValidateContext extends DOMCryptoContext ...@@ -74,11 +74,7 @@ public class DOMValidateContext extends DOMCryptoContext
if (ks == null) { if (ks == null) {
throw new NullPointerException("key selector is null"); throw new NullPointerException("key selector is null");
} }
if (node == null) { init(node, ks);
throw new NullPointerException("node is null");
}
setKeySelector(ks);
this.node = node;
} }
/** /**
...@@ -97,11 +93,20 @@ public class DOMValidateContext extends DOMCryptoContext ...@@ -97,11 +93,20 @@ public class DOMValidateContext extends DOMCryptoContext
if (validatingKey == null) { if (validatingKey == null) {
throw new NullPointerException("validatingKey is null"); throw new NullPointerException("validatingKey is null");
} }
init(node, KeySelector.singletonKeySelector(validatingKey));
}
private void init(Node node, KeySelector ks) {
if (node == null) { if (node == null) {
throw new NullPointerException("node is null"); throw new NullPointerException("node is null");
} }
setKeySelector(KeySelector.singletonKeySelector(validatingKey));
this.node = node; this.node = node;
super.setKeySelector(ks);
if (System.getSecurityManager() != null) {
super.setProperty("org.jcp.xml.dsig.secureValidation",
Boolean.TRUE);
}
} }
/** /**
......
src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
浏览文件 @ eae7e7bf
...@@ -193,7 +193,7 @@ public abstract class ApacheCanonicalizer extends TransformService { ...@@ -193,7 +193,7 @@ public abstract class ApacheCanonicalizer extends TransformService {
if (apacheTransform == null) { if (apacheTransform == null) {
try { try {
apacheTransform = Transform.getInstance apacheTransform = new Transform
(ownerDoc, getAlgorithm(), transformElem.getChildNodes()); (ownerDoc, getAlgorithm(), transformElem.getChildNodes());
apacheTransform.setElement(transformElem, xc.getBaseURI()); apacheTransform.setElement(transformElem, xc.getBaseURI());
if (log.isLoggable(Level.FINE)) { if (log.isLoggable(Level.FINE)) {
......
src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
浏览文件 @ eae7e7bf
...@@ -38,6 +38,7 @@ import org.w3c.dom.NodeList; ...@@ -38,6 +38,7 @@ import org.w3c.dom.NodeList;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.transforms.Transform; import com.sun.org.apache.xml.internal.security.transforms.Transform;
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
import javax.xml.crypto.*; import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dom.DOMCryptoContext;
...@@ -117,7 +118,7 @@ public abstract class ApacheTransform extends TransformService { ...@@ -117,7 +118,7 @@ public abstract class ApacheTransform extends TransformService {
if (apacheTransform == null) { if (apacheTransform == null) {
try { try {
apacheTransform = Transform.getInstance apacheTransform = new Transform
(ownerDoc, getAlgorithm(), transformElem.getChildNodes()); (ownerDoc, getAlgorithm(), transformElem.getChildNodes());
apacheTransform.setElement(transformElem, xc.getBaseURI()); apacheTransform.setElement(transformElem, xc.getBaseURI());
if (log.isLoggable(Level.FINE)) { if (log.isLoggable(Level.FINE)) {
...@@ -130,6 +131,15 @@ public abstract class ApacheTransform extends TransformService { ...@@ -130,6 +131,15 @@ public abstract class ApacheTransform extends TransformService {
} }
} }
if (Utils.secureValidation(xc)) {
String algorithm = getAlgorithm();
if (Transforms.TRANSFORM_XSLT.equals(algorithm)) {
throw new TransformException(
"Transform " + algorithm +
" is forbidden when secure validation is enabled");
}
}
XMLSignatureInput in; XMLSignatureInput in;
if (data instanceof ApacheData) { if (data instanceof ApacheData) {
if (log.isLoggable(Level.FINE)) { if (log.isLoggable(Level.FINE)) {
......
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
浏览文件 @ eae7e7bf
...@@ -34,6 +34,7 @@ import javax.xml.crypto.dom.*; ...@@ -34,6 +34,7 @@ import javax.xml.crypto.dom.*;
import java.security.Provider; import java.security.Provider;
import java.util.*; import java.util.*;
import org.w3c.dom.Attr;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.Node; import org.w3c.dom.Node;
...@@ -87,7 +88,13 @@ public final class DOMKeyInfo extends DOMStructure implements KeyInfo { ...@@ -87,7 +88,13 @@ public final class DOMKeyInfo extends DOMStructure implements KeyInfo {
public DOMKeyInfo(Element kiElem, XMLCryptoContext context, public DOMKeyInfo(Element kiElem, XMLCryptoContext context,
Provider provider) throws MarshalException { Provider provider) throws MarshalException {
// get Id attribute, if specified // get Id attribute, if specified
id = DOMUtils.getAttributeValue(kiElem, "Id"); Attr attr = kiElem.getAttributeNodeNS(null, "Id");
if (attr != null) {
id = attr.getValue();
kiElem.setIdAttributeNode(attr, true);
} else {
id = null;
}
// get all children nodes // get all children nodes
NodeList nl = kiElem.getChildNodes(); NodeList nl = kiElem.getChildNodes();
......
src/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java
浏览文件 @ eae7e7bf
...@@ -38,8 +38,6 @@ import javax.xml.crypto.dsig.dom.DOMSignContext; ...@@ -38,8 +38,6 @@ import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.*; import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.spec.*; import javax.xml.crypto.dsig.spec.*;
import com.sun.org.apache.xml.internal.security.utils.IdResolver;
/** /**
* Useful static DOM utility methods. * Useful static DOM utility methods.
* *
...@@ -107,7 +105,7 @@ public class DOMUtils { ...@@ -107,7 +105,7 @@ public class DOMUtils {
public static void setAttributeID(Element elem, String name, String value) { public static void setAttributeID(Element elem, String name, String value) {
if (value == null) return; if (value == null) return;
elem.setAttributeNS(null, name, value); elem.setAttributeNS(null, name, value);
IdResolver.registerElementById(elem, value); elem.setIdAttributeNS(null, name, true);
} }
/** /**
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册