author | weijun |
Thu, 10 Oct 2019 17:36:38 +0300 | |
changeset 59240 | b3116877866f |
parent 54731 | 81de17a33575 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
1337 | 2 |
* reserved comment block |
3 |
* DO NOT REMOVE OR ALTER! |
|
4 |
*/ |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
5 |
/** |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
6 |
* Licensed to the Apache Software Foundation (ASF) under one |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
7 |
* or more contributor license agreements. See the NOTICE file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
8 |
* distributed with this work for additional information |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
9 |
* regarding copyright ownership. The ASF licenses this file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
10 |
* to you under the Apache License, Version 2.0 (the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
11 |
* "License"); you may not use this file except in compliance |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
12 |
* with the License. You may obtain a copy of the License at |
2 | 13 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
14 |
* http://www.apache.org/licenses/LICENSE-2.0 |
2 | 15 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
16 |
* Unless required by applicable law or agreed to in writing, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
17 |
* software distributed under the License is distributed on an |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
18 |
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
19 |
* KIND, either express or implied. See the License for the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
20 |
* specific language governing permissions and limitations |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
21 |
* under the License. |
2 | 22 |
*/ |
1337 | 23 |
/* |
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
24 |
* Portions copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. |
1337 | 25 |
*/ |
2 | 26 |
/* |
27 |
* =========================================================================== |
|
28 |
* |
|
29 |
* (C) Copyright IBM Corp. 2003 All Rights Reserved. |
|
30 |
* |
|
31 |
* =========================================================================== |
|
32 |
*/ |
|
33 |
/* |
|
59240
b3116877866f
8231507: Update Apache Santuario (XML Signature) to version 2.1.4
weijun
parents:
54731
diff
changeset
|
34 |
* $Id: DOMRetrievalMethod.java 1862080 2019-06-25 16:50:17Z coheigea $ |
2 | 35 |
*/ |
36 |
package org.jcp.xml.dsig.internal.dom; |
|
37 |
||
38 |
import java.io.ByteArrayInputStream; |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
39 |
import java.io.InputStream; |
2 | 40 |
import java.net.URI; |
41 |
import java.net.URISyntaxException; |
|
1337 | 42 |
import java.security.Provider; |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
43 |
import java.util.ArrayList; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
44 |
import java.util.Collections; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
45 |
import java.util.Iterator; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
46 |
import java.util.List; |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
47 |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
48 |
import javax.xml.crypto.Data; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
49 |
import javax.xml.crypto.MarshalException; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
50 |
import javax.xml.crypto.NodeSetData; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
51 |
import javax.xml.crypto.URIDereferencer; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
52 |
import javax.xml.crypto.URIReferenceException; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
53 |
import javax.xml.crypto.XMLCryptoContext; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
54 |
import javax.xml.crypto.XMLStructure; |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
55 |
import javax.xml.crypto.dom.DOMCryptoContext; |
2 | 56 |
import javax.xml.crypto.dom.DOMURIReference; |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
57 |
import javax.xml.crypto.dsig.Transform; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
58 |
import javax.xml.crypto.dsig.XMLSignature; |
2 | 59 |
import javax.xml.crypto.dsig.keyinfo.RetrievalMethod; |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
60 |
|
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
61 |
import com.sun.org.apache.xml.internal.security.utils.XMLUtils; |
2 | 62 |
import org.w3c.dom.Attr; |
63 |
import org.w3c.dom.Document; |
|
64 |
import org.w3c.dom.Element; |
|
65 |
import org.w3c.dom.Node; |
|
66 |
||
67 |
/** |
|
68 |
* DOM-based implementation of RetrievalMethod. |
|
69 |
* |
|
70 |
*/ |
|
71 |
public final class DOMRetrievalMethod extends DOMStructure |
|
72 |
implements RetrievalMethod, DOMURIReference { |
|
73 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
74 |
private final List<Transform> transforms; |
2 | 75 |
private String uri; |
76 |
private String type; |
|
77 |
private Attr here; |
|
78 |
||
79 |
/** |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
80 |
* Creates a {@code DOMRetrievalMethod} containing the specified |
2 | 81 |
* URIReference and List of Transforms. |
82 |
* |
|
83 |
* @param uri the URI |
|
84 |
* @param type the type |
|
85 |
* @param transforms a list of {@link Transform}s. The list is defensively |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
86 |
* copied to prevent subsequent modification. May be {@code null} |
2 | 87 |
* or empty. |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
88 |
* @throws IllegalArgumentException if the format of {@code uri} is |
2 | 89 |
* invalid, as specified by Reference's URI attribute in the W3C |
90 |
* specification for XML-Signature Syntax and Processing |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
91 |
* @throws NullPointerException if {@code uriReference} |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
92 |
* is {@code null} |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
93 |
* @throws ClassCastException if {@code transforms} contains any |
2 | 94 |
* entries that are not of type {@link Transform} |
95 |
*/ |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
96 |
public DOMRetrievalMethod(String uri, String type, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
97 |
List<? extends Transform> transforms) |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
98 |
{ |
2 | 99 |
if (uri == null) { |
100 |
throw new NullPointerException("uri cannot be null"); |
|
101 |
} |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
102 |
if (transforms == null || transforms.isEmpty()) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
103 |
this.transforms = Collections.emptyList(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
104 |
} else { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
105 |
this.transforms = Collections.unmodifiableList( |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
106 |
new ArrayList<>(transforms)); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
107 |
for (int i = 0, size = this.transforms.size(); i < size; i++) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
108 |
if (!(this.transforms.get(i) instanceof Transform)) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
109 |
throw new ClassCastException |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
110 |
("transforms["+i+"] is not a valid type"); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
111 |
} |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
112 |
} |
2 | 113 |
} |
114 |
this.uri = uri; |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
115 |
if (!uri.equals("")) { |
2 | 116 |
try { |
117 |
new URI(uri); |
|
118 |
} catch (URISyntaxException e) { |
|
119 |
throw new IllegalArgumentException(e.getMessage()); |
|
120 |
} |
|
121 |
} |
|
122 |
||
123 |
this.type = type; |
|
124 |
} |
|
125 |
||
126 |
/** |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
127 |
* Creates a {@code DOMRetrievalMethod} from an element. |
2 | 128 |
* |
129 |
* @param rmElem a RetrievalMethod element |
|
130 |
*/ |
|
1337 | 131 |
public DOMRetrievalMethod(Element rmElem, XMLCryptoContext context, |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
132 |
Provider provider) |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
133 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
134 |
{ |
2 | 135 |
// get URI and Type attributes |
136 |
uri = DOMUtils.getAttributeValue(rmElem, "URI"); |
|
137 |
type = DOMUtils.getAttributeValue(rmElem, "Type"); |
|
138 |
||
139 |
// get here node |
|
140 |
here = rmElem.getAttributeNodeNS(null, "URI"); |
|
141 |
||
18240 | 142 |
boolean secVal = Utils.secureValidation(context); |
143 |
||
2 | 144 |
// get Transforms, if specified |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
145 |
List<Transform> newTransforms = new ArrayList<>(); |
2 | 146 |
Element transformsElem = DOMUtils.getFirstChildElement(rmElem); |
18240 | 147 |
|
2 | 148 |
if (transformsElem != null) { |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
149 |
String localName = transformsElem.getLocalName(); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
150 |
String namespace = transformsElem.getNamespaceURI(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
151 |
if (!"Transforms".equals(localName) || !XMLSignature.XMLNS.equals(namespace)) { |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
152 |
throw new MarshalException("Invalid element name: " + |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
153 |
namespace + ":" + localName + ", expected Transforms"); |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
154 |
} |
2 | 155 |
Element transformElem = |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
156 |
DOMUtils.getFirstChildElement(transformsElem, "Transform", XMLSignature.XMLNS); |
2 | 157 |
while (transformElem != null) { |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
158 |
String name = transformElem.getLocalName(); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
159 |
namespace = transformElem.getNamespaceURI(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
160 |
if (!"Transform".equals(name) || !XMLSignature.XMLNS.equals(namespace)) { |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
161 |
throw new MarshalException("Invalid element name: " + |
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
162 |
name + ", expected Transform"); |
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
163 |
} |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
164 |
newTransforms.add |
1337 | 165 |
(new DOMTransform(transformElem, context, provider)); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
166 |
if (secVal && Policy.restrictNumTransforms(newTransforms.size())) { |
40551
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
27747
diff
changeset
|
167 |
String error = "A maximum of " + Policy.maxTransforms() |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
27747
diff
changeset
|
168 |
+ " transforms per Reference are allowed when" |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
27747
diff
changeset
|
169 |
+ " secure validation is enabled"; |
18240 | 170 |
throw new MarshalException(error); |
171 |
} |
|
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
172 |
transformElem = DOMUtils.getNextSiblingElement(transformElem); |
2 | 173 |
} |
174 |
} |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
175 |
if (newTransforms.isEmpty()) { |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
176 |
this.transforms = Collections.emptyList(); |
2 | 177 |
} else { |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
178 |
this.transforms = Collections.unmodifiableList(newTransforms); |
2 | 179 |
} |
180 |
} |
|
181 |
||
182 |
public String getURI() { |
|
183 |
return uri; |
|
184 |
} |
|
185 |
||
186 |
public String getType() { |
|
187 |
return type; |
|
188 |
} |
|
189 |
||
24970
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
190 |
public List<Transform> getTransforms() { |
2 | 191 |
return transforms; |
192 |
} |
|
193 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
194 |
@Override |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
195 |
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
196 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
197 |
{ |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
198 |
Document ownerDoc = DOMUtils.getOwnerDocument(parent); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
199 |
Element rmElem = DOMUtils.createElement(ownerDoc, "RetrievalMethod", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
200 |
XMLSignature.XMLNS, dsPrefix); |
2 | 201 |
|
202 |
// add URI and Type attributes |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
203 |
DOMUtils.setAttribute(rmElem, "URI", uri); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
204 |
DOMUtils.setAttribute(rmElem, "Type", type); |
2 | 205 |
|
206 |
// add Transforms elements |
|
207 |
if (!transforms.isEmpty()) { |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
208 |
Element transformsElem = DOMUtils.createElement(ownerDoc, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
209 |
"Transforms", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
210 |
XMLSignature.XMLNS, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
211 |
dsPrefix); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
212 |
rmElem.appendChild(transformsElem); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
213 |
for (Transform transform : transforms) { |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
214 |
((DOMTransform)transform).marshal(transformsElem, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
215 |
dsPrefix, context); |
2 | 216 |
} |
217 |
} |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
218 |
|
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
219 |
parent.appendChild(rmElem); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
220 |
|
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
221 |
// save here node |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
222 |
here = rmElem.getAttributeNodeNS(null, "URI"); |
2 | 223 |
} |
224 |
||
225 |
public Node getHere() { |
|
226 |
return here; |
|
227 |
} |
|
228 |
||
229 |
public Data dereference(XMLCryptoContext context) |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
230 |
throws URIReferenceException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
231 |
{ |
2 | 232 |
if (context == null) { |
233 |
throw new NullPointerException("context cannot be null"); |
|
234 |
} |
|
235 |
||
236 |
/* |
|
237 |
* If URIDereferencer is specified in context; use it, otherwise use |
|
238 |
* built-in. |
|
239 |
*/ |
|
240 |
URIDereferencer deref = context.getURIDereferencer(); |
|
241 |
if (deref == null) { |
|
242 |
deref = DOMURIDereferencer.INSTANCE; |
|
243 |
} |
|
244 |
||
245 |
Data data = deref.dereference(this, context); |
|
246 |
||
247 |
// pass dereferenced data through Transforms |
|
248 |
try { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
249 |
for (Transform transform : transforms) { |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
250 |
data = ((DOMTransform)transform).transform(data, context); |
2 | 251 |
} |
252 |
} catch (Exception e) { |
|
253 |
throw new URIReferenceException(e); |
|
254 |
} |
|
18266
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
255 |
|
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
256 |
// guard against RetrievalMethod loops |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
257 |
if (data instanceof NodeSetData && Utils.secureValidation(context) |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
258 |
&& Policy.restrictRetrievalMethodLoops()) { |
27747 | 259 |
NodeSetData<?> nsd = (NodeSetData<?>)data; |
24970
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
260 |
Iterator<?> i = nsd.iterator(); |
18266
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
261 |
if (i.hasNext()) { |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
262 |
Node root = (Node)i.next(); |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
263 |
if ("RetrievalMethod".equals(root.getLocalName())) { |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
264 |
throw new URIReferenceException( |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
265 |
"It is forbidden to have one RetrievalMethod point " + |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
266 |
"to another when secure validation is enabled"); |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
267 |
} |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
268 |
} |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
269 |
} |
26e69da689b9
8010714: XML DSig API allows a RetrievalMethod to reference another RetrievalMethod
mullan
parents:
18240
diff
changeset
|
270 |
|
2 | 271 |
return data; |
272 |
} |
|
273 |
||
274 |
public XMLStructure dereferenceAsXMLStructure(XMLCryptoContext context) |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
275 |
throws URIReferenceException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
276 |
{ |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
277 |
boolean secVal = Utils.secureValidation(context); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
278 |
ApacheData data = (ApacheData)dereference(context); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
279 |
try (InputStream is = new ByteArrayInputStream(data.getXMLSignatureInput().getBytes())) { |
59240
b3116877866f
8231507: Update Apache Santuario (XML Signature) to version 2.1.4
weijun
parents:
54731
diff
changeset
|
280 |
Document doc = XMLUtils.read(is, secVal); |
2 | 281 |
Element kiElem = doc.getDocumentElement(); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
282 |
if (kiElem.getLocalName().equals("X509Data") |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
283 |
&& XMLSignature.XMLNS.equals(kiElem.getNamespaceURI())) { |
2 | 284 |
return new DOMX509Data(kiElem); |
285 |
} else { |
|
286 |
return null; // unsupported |
|
287 |
} |
|
288 |
} catch (Exception e) { |
|
289 |
throw new URIReferenceException(e); |
|
290 |
} |
|
291 |
} |
|
292 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
293 |
@Override |
2 | 294 |
public boolean equals(Object obj) { |
295 |
if (this == obj) { |
|
296 |
return true; |
|
297 |
} |
|
298 |
if (!(obj instanceof RetrievalMethod)) { |
|
299 |
return false; |
|
300 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
301 |
RetrievalMethod orm = (RetrievalMethod)obj; |
2 | 302 |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
303 |
boolean typesEqual = type == null ? orm.getType() == null |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
304 |
: type.equals(orm.getType()); |
2 | 305 |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
306 |
return uri.equals(orm.getURI()) && |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
307 |
transforms.equals(orm.getTransforms()) && typesEqual; |
2 | 308 |
} |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
309 |
|
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
310 |
@Override |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
311 |
public int hashCode() { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
312 |
int result = 17; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
313 |
if (type != null) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
314 |
result = 31 * result + type.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
315 |
} |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
316 |
result = 31 * result + uri.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
317 |
result = 31 * result + transforms.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
318 |
|
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
319 |
return result; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18266
diff
changeset
|
320 |
} |
2 | 321 |
} |