author | jlahoda |
Tue, 24 Sep 2019 15:40:26 +0200 | |
branch | JDK-8226585-branch |
changeset 58290 | d885633d9de4 |
parent 54731 | 81de17a33575 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
1337 | 2 |
* reserved comment block |
3 |
* DO NOT REMOVE OR ALTER! |
|
2 | 4 |
*/ |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
5 |
/** |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
6 |
* Licensed to the Apache Software Foundation (ASF) under one |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
7 |
* or more contributor license agreements. See the NOTICE file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
8 |
* distributed with this work for additional information |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
9 |
* regarding copyright ownership. The ASF licenses this file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
10 |
* to you under the Apache License, Version 2.0 (the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
11 |
* "License"); you may not use this file except in compliance |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
12 |
* with the License. You may obtain a copy of the License at |
1337 | 13 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
14 |
* http://www.apache.org/licenses/LICENSE-2.0 |
1337 | 15 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
16 |
* Unless required by applicable law or agreed to in writing, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
17 |
* software distributed under the License is distributed on an |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
18 |
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
19 |
* KIND, either express or implied. See the License for the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
20 |
* specific language governing permissions and limitations |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
21 |
* under the License. |
1337 | 22 |
*/ |
23 |
/* |
|
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
24 |
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. |
1337 | 25 |
*/ |
26 |
/* |
|
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
27 |
* $Id: DOMURIDereferencer.java 1854026 2019-02-21 09:30:01Z coheigea $ |
2 | 28 |
*/ |
29 |
package org.jcp.xml.dsig.internal.dom; |
|
30 |
||
31 |
import org.w3c.dom.Attr; |
|
32 |
import org.w3c.dom.Element; |
|
33 |
import org.w3c.dom.Node; |
|
34 |
||
35 |
import com.sun.org.apache.xml.internal.security.Init; |
|
18240 | 36 |
import com.sun.org.apache.xml.internal.security.utils.XMLUtils; |
2 | 37 |
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver; |
38 |
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; |
|
39 |
||
40 |
import javax.xml.crypto.*; |
|
41 |
import javax.xml.crypto.dom.*; |
|
42 |
||
43 |
/** |
|
44 |
* DOM-based implementation of URIDereferencer. |
|
45 |
* |
|
46 |
*/ |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
47 |
public final class DOMURIDereferencer implements URIDereferencer { |
2 | 48 |
|
49 |
static final URIDereferencer INSTANCE = new DOMURIDereferencer(); |
|
50 |
||
51 |
private DOMURIDereferencer() { |
|
52 |
// need to call com.sun.org.apache.xml.internal.security.Init.init() |
|
53 |
// before calling any apache security code |
|
54 |
Init.init(); |
|
55 |
} |
|
56 |
||
57 |
public Data dereference(URIReference uriRef, XMLCryptoContext context) |
|
58 |
throws URIReferenceException { |
|
59 |
||
60 |
if (uriRef == null) { |
|
61 |
throw new NullPointerException("uriRef cannot be null"); |
|
62 |
} |
|
63 |
if (context == null) { |
|
64 |
throw new NullPointerException("context cannot be null"); |
|
65 |
} |
|
66 |
||
67 |
DOMURIReference domRef = (DOMURIReference) uriRef; |
|
68 |
Attr uriAttr = (Attr) domRef.getHere(); |
|
69 |
String uri = uriRef.getURI(); |
|
70 |
DOMCryptoContext dcc = (DOMCryptoContext) context; |
|
18240 | 71 |
String baseURI = context.getBaseURI(); |
2 | 72 |
|
18240 | 73 |
boolean secVal = Utils.secureValidation(context); |
74 |
||
40551
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
75 |
if (secVal && Policy.restrictReferenceUriScheme(uri)) { |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
76 |
throw new URIReferenceException( |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
77 |
"Uri " + uri + " is forbidden when secure validation is enabled"); |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
78 |
} |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
79 |
|
18240 | 80 |
// Check if same-document URI and already registered on the context |
2 | 81 |
if (uri != null && uri.length() != 0 && uri.charAt(0) == '#') { |
82 |
String id = uri.substring(1); |
|
83 |
||
84 |
if (id.startsWith("xpointer(id(")) { |
|
85 |
int i1 = id.indexOf('\''); |
|
86 |
int i2 = id.indexOf('\'', i1+1); |
|
87 |
id = id.substring(i1+1, i2); |
|
88 |
} |
|
89 |
||
40551
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
90 |
// check if element is registered by Id |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
91 |
Node referencedElem = uriAttr.getOwnerDocument().getElementById(id); |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
92 |
if (referencedElem == null) { |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
93 |
// see if element is registered in DOMCryptoContext |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
94 |
referencedElem = dcc.getElementById(id); |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
95 |
} |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
96 |
if (referencedElem != null) { |
40551
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
97 |
if (secVal && Policy.restrictDuplicateIds()) { |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
98 |
Element start = referencedElem.getOwnerDocument().getDocumentElement(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
99 |
if (!XMLUtils.protectAgainstWrappingAttack(start, (Element)referencedElem, id)) { |
40551
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
100 |
String error = "Multiple Elements with the same ID " |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
101 |
+ id + " detected when secure validation" |
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
102 |
+ " is enabled"; |
18240 | 103 |
throw new URIReferenceException(error); |
104 |
} |
|
105 |
} |
|
106 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
107 |
XMLSignatureInput result = new XMLSignatureInput(referencedElem); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
108 |
result.setSecureValidation(secVal); |
18240 | 109 |
if (!uri.substring(1).startsWith("xpointer(id(")) { |
110 |
result.setExcludeComments(true); |
|
111 |
} |
|
112 |
||
113 |
result.setMIMEType("text/xml"); |
|
114 |
if (baseURI != null && baseURI.length() > 0) { |
|
115 |
result.setSourceURI(baseURI.concat(uriAttr.getNodeValue())); |
|
116 |
} else { |
|
117 |
result.setSourceURI(uriAttr.getNodeValue()); |
|
118 |
} |
|
119 |
return new ApacheNodeSetData(result); |
|
2 | 120 |
} |
121 |
} |
|
122 |
||
123 |
try { |
|
124 |
ResourceResolver apacheResolver = |
|
40551
05eba5515cbb
8151893: Add security property to configure XML Signature secure validation mode
mullan
parents:
25859
diff
changeset
|
125 |
ResourceResolver.getInstance(uriAttr, baseURI, false); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
126 |
XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI, false); |
2 | 127 |
if (in.isOctetStream()) { |
128 |
return new ApacheOctetStreamData(in); |
|
129 |
} else { |
|
130 |
return new ApacheNodeSetData(in); |
|
131 |
} |
|
132 |
} catch (Exception e) { |
|
133 |
throw new URIReferenceException(e); |
|
134 |
} |
|
135 |
} |
|
136 |
} |