author | mullan |
Mon, 26 Sep 2011 17:20:45 -0700 | |
changeset 10694 | cf59e2badd14 |
parent 1337 | e8d6cef36199 |
child 18780 | f47b920867e7 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
2 |
* reserved comment block |
|
3 |
* DO NOT REMOVE OR ALTER! |
|
4 |
*/ |
|
5 |
/* |
|
6 |
* Copyright 1999-2004 The Apache Software Foundation. |
|
7 |
* |
|
8 |
* Licensed under the Apache License, Version 2.0 (the "License"); you may not |
|
9 |
* use this file except in compliance with the License. You may obtain a copy of |
|
10 |
* the License at |
|
11 |
* |
|
12 |
* http://www.apache.org/licenses/LICENSE-2.0 |
|
13 |
* |
|
14 |
* Unless required by applicable law or agreed to in writing, software |
|
15 |
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
|
16 |
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
|
17 |
* License for the specific language governing permissions and limitations under |
|
18 |
* the License. |
|
19 |
* |
|
20 |
*/ |
|
21 |
package com.sun.org.apache.xml.internal.security.c14n.implementations; |
|
22 |
||
1337 | 23 |
import java.io.IOException; |
2 | 24 |
import java.util.Iterator; |
25 |
import java.util.Set; |
|
26 |
import java.util.SortedSet; |
|
27 |
import java.util.TreeSet; |
|
28 |
||
1337 | 29 |
import javax.xml.parsers.ParserConfigurationException; |
30 |
||
2 | 31 |
import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException; |
32 |
import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper; |
|
33 |
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; |
|
34 |
import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces; |
|
35 |
import com.sun.org.apache.xml.internal.security.utils.Constants; |
|
1337 | 36 |
import com.sun.org.apache.xml.internal.security.utils.XMLUtils; |
2 | 37 |
import org.w3c.dom.Attr; |
1337 | 38 |
import org.w3c.dom.Document; |
2 | 39 |
import org.w3c.dom.Element; |
40 |
import org.w3c.dom.NamedNodeMap; |
|
41 |
import org.w3c.dom.Node; |
|
1337 | 42 |
import org.xml.sax.SAXException; |
2 | 43 |
/** |
44 |
* Implements " <A |
|
45 |
* HREF="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">Exclusive XML |
|
46 |
* Canonicalization, Version 1.0 </A>" <BR /> |
|
47 |
* Credits: During restructuring of the Canonicalizer framework, Ren?? |
|
48 |
* Kollmorgen from Software AG submitted an implementation of ExclC14n which |
|
49 |
* fitted into the old architecture and which based heavily on my old (and slow) |
|
50 |
* implementation of "Canonical XML". A big "thank you" to Ren?? for this. |
|
51 |
* <BR /> |
|
52 |
* <i>THIS </i> implementation is a complete rewrite of the algorithm. |
|
53 |
* |
|
54 |
* @author Christian Geuer-Pollmann <geuerp@apache.org> |
|
1337 | 55 |
* @version $Revision: 1.5 $ |
2 | 56 |
* @see <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/ Exclusive#"> |
57 |
* XML Canonicalization, Version 1.0</a> |
|
58 |
*/ |
|
59 |
public abstract class Canonicalizer20010315Excl extends CanonicalizerBase { |
|
60 |
/** |
|
61 |
* This Set contains the names (Strings like "xmlns" or "xmlns:foo") of |
|
62 |
* the inclusive namespaces. |
|
63 |
*/ |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
64 |
TreeSet<String> _inclusiveNSSet = new TreeSet<String>(); |
2 | 65 |
static final String XMLNS_URI=Constants.NamespaceSpecNS; |
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
66 |
final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE); |
2 | 67 |
/** |
68 |
* Constructor Canonicalizer20010315Excl |
|
69 |
* |
|
70 |
* @param includeComments |
|
71 |
*/ |
|
72 |
public Canonicalizer20010315Excl(boolean includeComments) { |
|
73 |
super(includeComments); |
|
74 |
} |
|
75 |
||
76 |
/** |
|
77 |
* Method engineCanonicalizeSubTree |
|
78 |
* @inheritDoc |
|
79 |
* @param rootNode |
|
80 |
* |
|
81 |
* @throws CanonicalizationException |
|
82 |
*/ |
|
83 |
public byte[] engineCanonicalizeSubTree(Node rootNode) |
|
84 |
throws CanonicalizationException { |
|
85 |
return this.engineCanonicalizeSubTree(rootNode, "",null); |
|
86 |
} |
|
87 |
/** |
|
88 |
* Method engineCanonicalizeSubTree |
|
89 |
* @inheritDoc |
|
90 |
* @param rootNode |
|
91 |
* @param inclusiveNamespaces |
|
92 |
* |
|
93 |
* @throws CanonicalizationException |
|
94 |
*/ |
|
95 |
public byte[] engineCanonicalizeSubTree(Node rootNode, |
|
96 |
String inclusiveNamespaces) throws CanonicalizationException { |
|
97 |
return this.engineCanonicalizeSubTree(rootNode, inclusiveNamespaces,null); |
|
98 |
} |
|
99 |
/** |
|
100 |
* Method engineCanonicalizeSubTree |
|
101 |
* @param rootNode |
|
102 |
* @param inclusiveNamespaces |
|
103 |
* @param excl A element to exclude from the c14n process. |
|
104 |
* @return the rootNode c14n. |
|
105 |
* @throws CanonicalizationException |
|
106 |
*/ |
|
107 |
public byte[] engineCanonicalizeSubTree(Node rootNode, |
|
108 |
String inclusiveNamespaces,Node excl) throws CanonicalizationException { |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
109 |
this._inclusiveNSSet = getInclusiveNameSpace(inclusiveNamespaces); |
2 | 110 |
return super.engineCanonicalizeSubTree(rootNode,excl); |
111 |
} |
|
112 |
/** |
|
113 |
* |
|
114 |
* @param rootNode |
|
115 |
* @param inclusiveNamespaces |
|
116 |
* @return the rootNode c14n. |
|
117 |
* @throws CanonicalizationException |
|
118 |
*/ |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
119 |
@SuppressWarnings("unchecked") |
2 | 120 |
public byte[] engineCanonicalize(XMLSignatureInput rootNode, |
121 |
String inclusiveNamespaces) throws CanonicalizationException { |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
122 |
this._inclusiveNSSet = getInclusiveNameSpace(inclusiveNamespaces); |
2 | 123 |
return super.engineCanonicalize(rootNode); |
124 |
} |
|
125 |
||
126 |
/** |
|
127 |
* Method handleAttributesSubtree |
|
128 |
* @inheritDoc |
|
129 |
* @param E |
|
130 |
* @throws CanonicalizationException |
|
131 |
*/ |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
132 |
Iterator<Attr> handleAttributesSubtree(Element E,NameSpaceSymbTable ns) |
2 | 133 |
throws CanonicalizationException { |
134 |
// System.out.println("During the traversal, I encountered " + |
|
135 |
// XMLUtils.getXPath(E)); |
|
136 |
// result will contain the attrs which have to be outputted |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
137 |
SortedSet<Attr> result = this.result; |
2 | 138 |
result.clear(); |
139 |
NamedNodeMap attrs=null; |
|
140 |
||
141 |
int attrsLength = 0; |
|
142 |
if (E.hasAttributes()) { |
|
143 |
attrs = E.getAttributes(); |
|
144 |
attrsLength = attrs.getLength(); |
|
145 |
} |
|
146 |
//The prefix visibly utilized(in the attribute or in the name) in the element |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
147 |
SortedSet<String> visiblyUtilized = getNSSetClone(); |
2 | 148 |
|
149 |
for (int i = 0; i < attrsLength; i++) { |
|
150 |
Attr N = (Attr) attrs.item(i); |
|
151 |
||
1337 | 152 |
if (XMLNS_URI!=N.getNamespaceURI()) { |
2 | 153 |
//Not a namespace definition. |
154 |
//The Element is output element, add his prefix(if used) to visibyUtilized |
|
155 |
String prefix = N.getPrefix(); |
|
156 |
if ( (prefix != null) && (!prefix.equals(XML) && !prefix.equals(XMLNS)) ) { |
|
157 |
visiblyUtilized.add(prefix); |
|
158 |
} |
|
159 |
//Add to the result. |
|
160 |
result.add(N); |
|
161 |
continue; |
|
162 |
} |
|
1337 | 163 |
String NName=N.getLocalName(); |
164 |
String NNodeValue=N.getNodeValue(); |
|
2 | 165 |
|
166 |
if (ns.addMapping(NName, NNodeValue,N)) { |
|
167 |
//New definition check if it is relative. |
|
168 |
if (C14nHelper.namespaceIsRelative(NNodeValue)) { |
|
169 |
Object exArgs[] = {E.getTagName(), NName, |
|
170 |
N.getNodeValue()}; |
|
171 |
throw new CanonicalizationException( |
|
172 |
"c14n.Canonicalizer.RelativeNamespace", exArgs); |
|
173 |
} |
|
174 |
} |
|
175 |
} |
|
1337 | 176 |
String prefix; |
2 | 177 |
if (E.getNamespaceURI() != null) { |
1337 | 178 |
prefix = E.getPrefix(); |
2 | 179 |
if ((prefix == null) || (prefix.length() == 0)) { |
1337 | 180 |
prefix=XMLNS; |
2 | 181 |
} |
1337 | 182 |
|
2 | 183 |
} else { |
1337 | 184 |
prefix=XMLNS; |
2 | 185 |
} |
1337 | 186 |
visiblyUtilized.add(prefix); |
2 | 187 |
|
188 |
//This can be optimezed by I don't have time |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
189 |
Iterator<String> it=visiblyUtilized.iterator(); |
2 | 190 |
while (it.hasNext()) { |
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
191 |
String s=it.next(); |
2 | 192 |
Attr key=ns.getMapping(s); |
193 |
if (key==null) { |
|
194 |
continue; |
|
195 |
} |
|
196 |
result.add(key); |
|
197 |
} |
|
198 |
||
199 |
return result.iterator(); |
|
200 |
} |
|
201 |
||
202 |
/** |
|
203 |
* Method engineCanonicalizeXPathNodeSet |
|
204 |
* @inheritDoc |
|
205 |
* @param xpathNodeSet |
|
206 |
* @param inclusiveNamespaces |
|
207 |
* @throws CanonicalizationException |
|
208 |
*/ |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
209 |
public byte[] engineCanonicalizeXPathNodeSet(Set<Node> xpathNodeSet, |
2 | 210 |
String inclusiveNamespaces) throws CanonicalizationException { |
211 |
||
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
212 |
this._inclusiveNSSet = getInclusiveNameSpace(inclusiveNamespaces); |
2 | 213 |
return super.engineCanonicalizeXPathNodeSet(xpathNodeSet); |
214 |
||
215 |
} |
|
216 |
||
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
217 |
@SuppressWarnings("unchecked") |
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
218 |
private TreeSet<String> getInclusiveNameSpace(String inclusiveNameSpaces) { |
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
219 |
return (TreeSet<String>)InclusiveNamespaces.prefixStr2Set(inclusiveNameSpaces); |
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
220 |
} |
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
221 |
|
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
222 |
|
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
223 |
@SuppressWarnings("unchecked") |
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
224 |
private SortedSet<String> getNSSetClone() { |
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
225 |
return (SortedSet<String>) this._inclusiveNSSet.clone(); |
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
226 |
} |
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
227 |
|
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
228 |
|
2 | 229 |
/** |
230 |
* @inheritDoc |
|
231 |
* @param E |
|
232 |
* @throws CanonicalizationException |
|
233 |
*/ |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
234 |
final Iterator<Attr> handleAttributes(Element E, NameSpaceSymbTable ns) |
2 | 235 |
throws CanonicalizationException { |
236 |
// result will contain the attrs which have to be outputted |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
237 |
SortedSet<Attr> result = this.result; |
2 | 238 |
result.clear(); |
239 |
NamedNodeMap attrs = null; |
|
240 |
int attrsLength = 0; |
|
241 |
if (E.hasAttributes()) { |
|
242 |
attrs = E.getAttributes(); |
|
243 |
attrsLength = attrs.getLength(); |
|
244 |
} |
|
245 |
//The prefix visibly utilized(in the attribute or in the name) in the element |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
246 |
Set<String> visiblyUtilized =null; |
2 | 247 |
//It's the output selected. |
1337 | 248 |
boolean isOutputElement=isVisibleDO(E,ns.getLevel())==1; |
2 | 249 |
if (isOutputElement) { |
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
250 |
visiblyUtilized = getNSSetClone(); |
2 | 251 |
} |
252 |
||
253 |
for (int i = 0; i < attrsLength; i++) { |
|
254 |
Attr N = (Attr) attrs.item(i); |
|
1337 | 255 |
|
2 | 256 |
|
1337 | 257 |
if (XMLNS_URI!=N.getNamespaceURI()) { |
258 |
if ( !isVisible(N) ) { |
|
259 |
//The node is not in the nodeset(if there is a nodeset) |
|
260 |
continue; |
|
261 |
} |
|
2 | 262 |
//Not a namespace definition. |
263 |
if (isOutputElement) { |
|
264 |
//The Element is output element, add his prefix(if used) to visibyUtilized |
|
265 |
String prefix = N.getPrefix(); |
|
266 |
if ((prefix != null) && (!prefix.equals(XML) && !prefix.equals(XMLNS)) ){ |
|
267 |
visiblyUtilized.add(prefix); |
|
268 |
} |
|
269 |
//Add to the result. |
|
270 |
result.add(N); |
|
271 |
} |
|
272 |
continue; |
|
273 |
} |
|
1337 | 274 |
String NName=N.getLocalName(); |
275 |
if (isOutputElement && !isVisible(N) && NName!=XMLNS) { |
|
276 |
ns.removeMappingIfNotRender(NName); |
|
277 |
continue; |
|
278 |
} |
|
279 |
String NNodeValue=N.getNodeValue(); |
|
280 |
||
281 |
if (!isOutputElement && isVisible(N) && _inclusiveNSSet.contains(NName) && !ns.removeMappingIfRender(NName)) { |
|
282 |
Node n=ns.addMappingAndRender(NName,NNodeValue,N); |
|
283 |
if (n!=null) { |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
284 |
result.add((Attr)n); |
1337 | 285 |
if (C14nHelper.namespaceIsRelative(N)) { |
286 |
Object exArgs[] = { E.getTagName(), NName, N.getNodeValue() }; |
|
287 |
throw new CanonicalizationException( |
|
288 |
"c14n.Canonicalizer.RelativeNamespace", exArgs); |
|
289 |
} |
|
290 |
} |
|
291 |
} |
|
292 |
||
2 | 293 |
|
294 |
||
295 |
if (ns.addMapping(NName, NNodeValue,N)) { |
|
296 |
//New definiton check if it is relative |
|
297 |
if (C14nHelper.namespaceIsRelative(NNodeValue)) { |
|
298 |
Object exArgs[] = {E.getTagName(), NName, |
|
299 |
N.getNodeValue()}; |
|
300 |
throw new CanonicalizationException( |
|
301 |
"c14n.Canonicalizer.RelativeNamespace", exArgs); |
|
302 |
} |
|
303 |
} |
|
304 |
} |
|
305 |
||
306 |
if (isOutputElement) { |
|
307 |
//The element is visible, handle the xmlns definition |
|
308 |
Attr xmlns = E.getAttributeNodeNS(XMLNS_URI, XMLNS); |
|
309 |
if ((xmlns!=null) && (!isVisible(xmlns))) { |
|
310 |
//There is a definition but the xmlns is not selected by the xpath. |
|
311 |
//then xmlns="" |
|
312 |
ns.addMapping(XMLNS,"",nullNode); |
|
313 |
} |
|
314 |
||
315 |
if (E.getNamespaceURI() != null) { |
|
316 |
String prefix = E.getPrefix(); |
|
317 |
if ((prefix == null) || (prefix.length() == 0)) { |
|
318 |
visiblyUtilized.add(XMLNS); |
|
319 |
} else { |
|
320 |
visiblyUtilized.add( prefix); |
|
321 |
} |
|
322 |
} else { |
|
323 |
visiblyUtilized.add(XMLNS); |
|
324 |
} |
|
325 |
//This can be optimezed by I don't have time |
|
326 |
//visiblyUtilized.addAll(this._inclusiveNSSet); |
|
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
327 |
Iterator<String> it=visiblyUtilized.iterator(); |
2 | 328 |
while (it.hasNext()) { |
10694
cf59e2badd14
7088502: Security libraries don't build with javac -Werror
mullan
parents:
1337
diff
changeset
|
329 |
String s=it.next(); |
2 | 330 |
Attr key=ns.getMapping(s); |
331 |
if (key==null) { |
|
332 |
continue; |
|
333 |
} |
|
334 |
result.add(key); |
|
335 |
} |
|
336 |
} |
|
337 |
||
338 |
return result.iterator(); |
|
339 |
} |
|
1337 | 340 |
void circumventBugIfNeeded(XMLSignatureInput input) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException { |
341 |
if (!input.isNeedsToBeExpanded() || _inclusiveNSSet.isEmpty()) |
|
342 |
return; |
|
343 |
Document doc = null; |
|
344 |
if (input.getSubNode() != null) { |
|
345 |
doc=XMLUtils.getOwnerDocument(input.getSubNode()); |
|
346 |
} else { |
|
347 |
doc=XMLUtils.getOwnerDocument(input.getNodeSet()); |
|
348 |
} |
|
349 |
||
350 |
XMLUtils.circumventBug2650(doc); |
|
351 |
} |
|
2 | 352 |
} |