author | mullan |
Thu, 25 Aug 2016 15:06:26 -0400 | |
changeset 40551 | 05eba5515cbb |
parent 27747 | 3a271dc8b758 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
1337 | 2 |
* reserved comment block |
3 |
* DO NOT REMOVE OR ALTER! |
|
2 | 4 |
*/ |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
5 |
/** |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
6 |
* Licensed to the Apache Software Foundation (ASF) under one |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
7 |
* or more contributor license agreements. See the NOTICE file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
8 |
* distributed with this work for additional information |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
9 |
* regarding copyright ownership. The ASF licenses this file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
10 |
* to you under the Apache License, Version 2.0 (the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
11 |
* "License"); you may not use this file except in compliance |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
12 |
* with the License. You may obtain a copy of the License at |
1337 | 13 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
14 |
* http://www.apache.org/licenses/LICENSE-2.0 |
1337 | 15 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
16 |
* Unless required by applicable law or agreed to in writing, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
17 |
* software distributed under the License is distributed on an |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
18 |
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
19 |
* KIND, either express or implied. See the License for the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
20 |
* specific language governing permissions and limitations |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
21 |
* under the License. |
1337 | 22 |
*/ |
23 |
/* |
|
40551
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
27747
diff
changeset
|
24 |
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. |
1337 | 25 |
*/ |
26 |
/* |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
27 |
* $Id: DOMManifest.java 1333415 2012-05-03 12:03:51Z coheigea $ |
2 | 28 |
*/ |
29 |
package org.jcp.xml.dsig.internal.dom; |
|
30 |
||
31 |
import javax.xml.crypto.*; |
|
32 |
import javax.xml.crypto.dom.DOMCryptoContext; |
|
33 |
import javax.xml.crypto.dsig.*; |
|
34 |
||
1337 | 35 |
import java.security.Provider; |
2 | 36 |
import java.util.*; |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
37 |
|
18240 | 38 |
import org.w3c.dom.Attr; |
2 | 39 |
import org.w3c.dom.Document; |
40 |
import org.w3c.dom.Element; |
|
41 |
import org.w3c.dom.Node; |
|
42 |
||
43 |
/** |
|
44 |
* DOM-based implementation of Manifest. |
|
45 |
* |
|
46 |
* @author Sean Mullan |
|
47 |
*/ |
|
48 |
public final class DOMManifest extends DOMStructure implements Manifest { |
|
49 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
50 |
private final List<Reference> references; |
2 | 51 |
private final String id; |
52 |
||
53 |
/** |
|
54 |
* Creates a <code>DOMManifest</code> containing the specified |
|
55 |
* list of {@link Reference}s and optional id. |
|
56 |
* |
|
57 |
* @param references a list of one or more <code>Reference</code>s. The list |
|
58 |
* is defensively copied to protect against subsequent modification. |
|
59 |
* @param id the id (may be <code>null</code> |
|
60 |
* @throws NullPointerException if <code>references</code> is |
|
61 |
* <code>null</code> |
|
62 |
* @throws IllegalArgumentException if <code>references</code> is empty |
|
63 |
* @throws ClassCastException if <code>references</code> contains any |
|
64 |
* entries that are not of type {@link Reference} |
|
65 |
*/ |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
66 |
public DOMManifest(List<? extends Reference> references, String id) { |
2 | 67 |
if (references == null) { |
68 |
throw new NullPointerException("references cannot be null"); |
|
69 |
} |
|
27747 | 70 |
List<Reference> tempList = |
71 |
Collections.checkedList(new ArrayList<Reference>(), |
|
72 |
Reference.class); |
|
73 |
tempList.addAll(references); |
|
74 |
this.references = Collections.unmodifiableList(tempList); |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
75 |
if (this.references.isEmpty()) { |
2 | 76 |
throw new IllegalArgumentException("list of references must " + |
77 |
"contain at least one entry"); |
|
78 |
} |
|
79 |
this.id = id; |
|
80 |
} |
|
81 |
||
82 |
/** |
|
83 |
* Creates a <code>DOMManifest</code> from an element. |
|
84 |
* |
|
85 |
* @param manElem a Manifest element |
|
86 |
*/ |
|
1337 | 87 |
public DOMManifest(Element manElem, XMLCryptoContext context, |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
88 |
Provider provider) |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
89 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
90 |
{ |
18240 | 91 |
Attr attr = manElem.getAttributeNodeNS(null, "Id"); |
92 |
if (attr != null) { |
|
93 |
this.id = attr.getValue(); |
|
94 |
manElem.setIdAttributeNode(attr, true); |
|
95 |
} else { |
|
96 |
this.id = null; |
|
97 |
} |
|
98 |
||
99 |
boolean secVal = Utils.secureValidation(context); |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
100 |
|
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
101 |
Element refElem = DOMUtils.getFirstChildElement(manElem, "Reference"); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
102 |
List<Reference> refs = new ArrayList<Reference>(); |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
103 |
refs.add(new DOMReference(refElem, context, provider)); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
104 |
|
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
105 |
refElem = DOMUtils.getNextSiblingElement(refElem); |
2 | 106 |
while (refElem != null) { |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
107 |
String localName = refElem.getLocalName(); |
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
108 |
if (!localName.equals("Reference")) { |
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
109 |
throw new MarshalException("Invalid element name: " + |
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
110 |
localName + ", expected Reference"); |
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
111 |
} |
1337 | 112 |
refs.add(new DOMReference(refElem, context, provider)); |
40551
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
27747
diff
changeset
|
113 |
if (secVal && Policy.restrictNumReferences(refs.size())) { |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
27747
diff
changeset
|
114 |
String error = "A maximum of " + Policy.maxReferences() |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
27747
diff
changeset
|
115 |
+ " references per Manifest are allowed when" |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
27747
diff
changeset
|
116 |
+ " secure validation is enabled"; |
18240 | 117 |
throw new MarshalException(error); |
118 |
} |
|
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
119 |
refElem = DOMUtils.getNextSiblingElement(refElem); |
2 | 120 |
} |
121 |
this.references = Collections.unmodifiableList(refs); |
|
122 |
} |
|
123 |
||
124 |
public String getId() { |
|
125 |
return id; |
|
126 |
} |
|
127 |
||
24970
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
128 |
static List<Reference> getManifestReferences(Manifest mf) { |
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
129 |
return mf.getReferences(); |
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
130 |
} |
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
131 |
|
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
132 |
public List<Reference> getReferences() { |
2 | 133 |
return references; |
134 |
} |
|
135 |
||
136 |
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
137 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
138 |
{ |
2 | 139 |
Document ownerDoc = DOMUtils.getOwnerDocument(parent); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
140 |
Element manElem = DOMUtils.createElement(ownerDoc, "Manifest", |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
141 |
XMLSignature.XMLNS, dsPrefix); |
2 | 142 |
|
143 |
DOMUtils.setAttributeID(manElem, "Id", id); |
|
144 |
||
145 |
// add references |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
146 |
for (Reference ref : references) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
147 |
((DOMReference)ref).marshal(manElem, dsPrefix, context); |
2 | 148 |
} |
149 |
parent.appendChild(manElem); |
|
150 |
} |
|
151 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
152 |
@Override |
2 | 153 |
public boolean equals(Object o) { |
154 |
if (this == o) { |
|
155 |
return true; |
|
156 |
} |
|
157 |
||
158 |
if (!(o instanceof Manifest)) { |
|
159 |
return false; |
|
160 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
161 |
Manifest oman = (Manifest)o; |
2 | 162 |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
163 |
boolean idsEqual = (id == null ? oman.getId() == null |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
164 |
: id.equals(oman.getId())); |
2 | 165 |
|
166 |
return (idsEqual && references.equals(oman.getReferences())); |
|
167 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
168 |
|
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
169 |
@Override |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
170 |
public int hashCode() { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
171 |
int result = 17; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
172 |
if (id != null) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
173 |
result = 31 * result + id.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
174 |
} |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
175 |
result = 31 * result + references.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
176 |
|
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
177 |
return result; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
178 |
} |
2 | 179 |
} |