author | jlahoda |
Tue, 24 Sep 2019 15:40:26 +0200 | |
branch | JDK-8226585-branch |
changeset 58290 | d885633d9de4 |
parent 54731 | 81de17a33575 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
1337 | 2 |
* reserved comment block |
3 |
* DO NOT REMOVE OR ALTER! |
|
2 | 4 |
*/ |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
5 |
/** |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
6 |
* Licensed to the Apache Software Foundation (ASF) under one |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
7 |
* or more contributor license agreements. See the NOTICE file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
8 |
* distributed with this work for additional information |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
9 |
* regarding copyright ownership. The ASF licenses this file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
10 |
* to you under the Apache License, Version 2.0 (the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
11 |
* "License"); you may not use this file except in compliance |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
12 |
* with the License. You may obtain a copy of the License at |
1337 | 13 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
14 |
* http://www.apache.org/licenses/LICENSE-2.0 |
1337 | 15 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
16 |
* Unless required by applicable law or agreed to in writing, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
17 |
* software distributed under the License is distributed on an |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
18 |
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
19 |
* KIND, either express or implied. See the License for the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
20 |
* specific language governing permissions and limitations |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
21 |
* under the License. |
1337 | 22 |
*/ |
23 |
/* |
|
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
24 |
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. |
1337 | 25 |
*/ |
26 |
/* |
|
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
27 |
* $Id: DOMX509Data.java 1854026 2019-02-21 09:30:01Z coheigea $ |
2 | 28 |
*/ |
29 |
package org.jcp.xml.dsig.internal.dom; |
|
30 |
||
31 |
import java.io.ByteArrayInputStream; |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
32 |
import java.io.IOException; |
2 | 33 |
import java.security.cert.*; |
34 |
import java.util.*; |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
35 |
|
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
36 |
import javax.security.auth.x500.X500Principal; |
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
37 |
import javax.xml.crypto.MarshalException; |
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
38 |
import javax.xml.crypto.XMLStructure; |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
39 |
import javax.xml.crypto.dom.DOMCryptoContext; |
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
40 |
import javax.xml.crypto.dsig.XMLSignature; |
2 | 41 |
import javax.xml.crypto.dsig.keyinfo.X509Data; |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
42 |
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial; |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
43 |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
44 |
import org.w3c.dom.Document; |
2 | 45 |
import org.w3c.dom.Element; |
46 |
import org.w3c.dom.Node; |
|
47 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
48 |
import com.sun.org.apache.xml.internal.security.utils.XMLUtils; |
2 | 49 |
|
50 |
/** |
|
51 |
* DOM-based implementation of X509Data. |
|
52 |
* |
|
53 |
*/ |
|
54 |
//@@@ check for illegal combinations of data violating MUSTs in W3c spec |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
55 |
public final class DOMX509Data extends DOMStructure implements X509Data { |
2 | 56 |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
57 |
private final List<Object> content; |
1337 | 58 |
private CertificateFactory cf; |
2 | 59 |
|
60 |
/** |
|
61 |
* Creates a DOMX509Data. |
|
62 |
* |
|
63 |
* @param content a list of one or more X.509 data types. Valid types are |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
64 |
* {@link String} (subject names), {@code byte[]} (subject key ids), |
2 | 65 |
* {@link java.security.cert.X509Certificate}, {@link X509CRL}, |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
66 |
* or {@link javax.xml.dsig.XMLStructure} |
2 | 67 |
* objects or elements from an external namespace). The list is |
68 |
* defensively copied to protect against subsequent modification. |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
69 |
* @throws NullPointerException if {@code content} is {@code null} |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
70 |
* @throws IllegalArgumentException if {@code content} is empty |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
71 |
* @throws ClassCastException if {@code content} contains any entries |
2 | 72 |
* that are not of one of the valid types mentioned above |
73 |
*/ |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
74 |
public DOMX509Data(List<?> content) { |
2 | 75 |
if (content == null) { |
76 |
throw new NullPointerException("content cannot be null"); |
|
77 |
} |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
78 |
List<Object> contentCopy = new ArrayList<>(content); |
2 | 79 |
if (contentCopy.isEmpty()) { |
80 |
throw new IllegalArgumentException("content cannot be empty"); |
|
81 |
} |
|
82 |
for (int i = 0, size = contentCopy.size(); i < size; i++) { |
|
83 |
Object x509Type = contentCopy.get(i); |
|
84 |
if (x509Type instanceof String) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
85 |
new X500Principal((String)x509Type); |
2 | 86 |
} else if (!(x509Type instanceof byte[]) && |
87 |
!(x509Type instanceof X509Certificate) && |
|
88 |
!(x509Type instanceof X509CRL) && |
|
89 |
!(x509Type instanceof XMLStructure)) { |
|
90 |
throw new ClassCastException |
|
91 |
("content["+i+"] is not a valid X509Data type"); |
|
92 |
} |
|
93 |
} |
|
94 |
this.content = Collections.unmodifiableList(contentCopy); |
|
95 |
} |
|
96 |
||
97 |
/** |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
98 |
* Creates a {@code DOMX509Data} from an element. |
2 | 99 |
* |
100 |
* @param xdElem an X509Data element |
|
101 |
* @throws MarshalException if there is an error while unmarshalling |
|
102 |
*/ |
|
103 |
public DOMX509Data(Element xdElem) throws MarshalException { |
|
104 |
// get all children nodes |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
105 |
List<Object> newContent = new ArrayList<>(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
106 |
Node firstChild = xdElem.getFirstChild(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
107 |
while (firstChild != null) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
108 |
if (firstChild.getNodeType() == Node.ELEMENT_NODE) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
109 |
Element childElem = (Element)firstChild; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
110 |
String localName = childElem.getLocalName(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
111 |
String namespace = childElem.getNamespaceURI(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
112 |
if ("X509Certificate".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
113 |
newContent.add(unmarshalX509Certificate(childElem)); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
114 |
} else if ("X509IssuerSerial".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
115 |
newContent.add(new DOMX509IssuerSerial(childElem)); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
116 |
} else if ("X509SubjectName".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
117 |
newContent.add(childElem.getFirstChild().getNodeValue()); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
118 |
} else if ("X509SKI".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { |
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
119 |
String content = XMLUtils.getFullTextChildrenFromNode(childElem); |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
120 |
newContent.add(XMLUtils.decode(content)); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
121 |
} else if ("X509CRL".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
122 |
newContent.add(unmarshalX509CRL(childElem)); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
123 |
} else { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
124 |
newContent.add(new javax.xml.crypto.dom.DOMStructure(childElem)); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
125 |
} |
2 | 126 |
} |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
127 |
firstChild = firstChild.getNextSibling(); |
2 | 128 |
} |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
129 |
this.content = Collections.unmodifiableList(newContent); |
2 | 130 |
} |
131 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
132 |
public List<Object> getContent() { |
2 | 133 |
return content; |
134 |
} |
|
135 |
||
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
136 |
@Override |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
137 |
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
138 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
139 |
{ |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
140 |
Document ownerDoc = DOMUtils.getOwnerDocument(parent); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
141 |
Element xdElem = DOMUtils.createElement(ownerDoc, "X509Data", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
142 |
XMLSignature.XMLNS, dsPrefix); |
2 | 143 |
|
144 |
// append children and preserve order |
|
145 |
for (int i = 0, size = content.size(); i < size; i++) { |
|
146 |
Object object = content.get(i); |
|
147 |
if (object instanceof X509Certificate) { |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
148 |
marshalCert((X509Certificate)object,xdElem,ownerDoc,dsPrefix); |
2 | 149 |
} else if (object instanceof XMLStructure) { |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
150 |
if (object instanceof X509IssuerSerial) { |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
151 |
((DOMX509IssuerSerial)object).marshal |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
152 |
(xdElem, dsPrefix, context); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
153 |
} else { |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
154 |
javax.xml.crypto.dom.DOMStructure domContent = |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
155 |
(javax.xml.crypto.dom.DOMStructure)object; |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
156 |
DOMUtils.appendChild(xdElem, domContent.getNode()); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
157 |
} |
2 | 158 |
} else if (object instanceof byte[]) { |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
159 |
marshalSKI((byte[])object, xdElem, ownerDoc, dsPrefix); |
2 | 160 |
} else if (object instanceof String) { |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
161 |
marshalSubjectName((String)object, xdElem, ownerDoc,dsPrefix); |
2 | 162 |
} else if (object instanceof X509CRL) { |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
163 |
marshalCRL((X509CRL)object, xdElem, ownerDoc, dsPrefix); |
2 | 164 |
} |
165 |
} |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
166 |
|
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
167 |
parent.appendChild(xdElem); |
2 | 168 |
} |
169 |
||
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
170 |
private void marshalSKI(byte[] skid, Node parent, Document doc, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
171 |
String dsPrefix) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
172 |
{ |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
173 |
Element skidElem = DOMUtils.createElement(doc, "X509SKI", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
174 |
XMLSignature.XMLNS, dsPrefix); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
175 |
skidElem.appendChild(doc.createTextNode(XMLUtils.encodeToString(skid))); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
176 |
parent.appendChild(skidElem); |
2 | 177 |
} |
178 |
||
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
179 |
private void marshalSubjectName(String name, Node parent, Document doc, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
180 |
String dsPrefix) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
181 |
{ |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
182 |
Element snElem = DOMUtils.createElement(doc, "X509SubjectName", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
183 |
XMLSignature.XMLNS, dsPrefix); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
184 |
snElem.appendChild(doc.createTextNode(name)); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
185 |
parent.appendChild(snElem); |
2 | 186 |
} |
187 |
||
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
188 |
private void marshalCert(X509Certificate cert, Node parent, Document doc, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
189 |
String dsPrefix) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
190 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
191 |
{ |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
192 |
Element certElem = DOMUtils.createElement(doc, "X509Certificate", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
193 |
XMLSignature.XMLNS, dsPrefix); |
2 | 194 |
try { |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
195 |
certElem.appendChild(doc.createTextNode |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
196 |
(XMLUtils.encodeToString(cert.getEncoded()))); |
2 | 197 |
} catch (CertificateEncodingException e) { |
198 |
throw new MarshalException("Error encoding X509Certificate", e); |
|
199 |
} |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
200 |
parent.appendChild(certElem); |
2 | 201 |
} |
202 |
||
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
203 |
private void marshalCRL(X509CRL crl, Node parent, Document doc, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
204 |
String dsPrefix) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
205 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
206 |
{ |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
207 |
Element crlElem = DOMUtils.createElement(doc, "X509CRL", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
208 |
XMLSignature.XMLNS, dsPrefix); |
2 | 209 |
try { |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
210 |
crlElem.appendChild(doc.createTextNode |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
211 |
(XMLUtils.encodeToString(crl.getEncoded()))); |
2 | 212 |
} catch (CRLException e) { |
213 |
throw new MarshalException("Error encoding X509CRL", e); |
|
214 |
} |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
215 |
parent.appendChild(crlElem); |
2 | 216 |
} |
217 |
||
218 |
private X509Certificate unmarshalX509Certificate(Element elem) |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
219 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
220 |
{ |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
221 |
try (ByteArrayInputStream bs = unmarshalBase64Binary(elem)) { |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
222 |
return (X509Certificate)cf.generateCertificate(bs); |
2 | 223 |
} catch (CertificateException e) { |
224 |
throw new MarshalException("Cannot create X509Certificate", e); |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
225 |
} catch (IOException e) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
226 |
throw new MarshalException("Error closing stream", e); |
2 | 227 |
} |
228 |
} |
|
229 |
||
230 |
private X509CRL unmarshalX509CRL(Element elem) throws MarshalException { |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
231 |
try (ByteArrayInputStream bs = unmarshalBase64Binary(elem)) { |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
232 |
return (X509CRL)cf.generateCRL(bs); |
2 | 233 |
} catch (CRLException e) { |
234 |
throw new MarshalException("Cannot create X509CRL", e); |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
235 |
} catch (IOException e) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
236 |
throw new MarshalException("Error closing stream", e); |
2 | 237 |
} |
238 |
} |
|
239 |
||
240 |
private ByteArrayInputStream unmarshalBase64Binary(Element elem) |
|
241 |
throws MarshalException { |
|
242 |
try { |
|
243 |
if (cf == null) { |
|
244 |
cf = CertificateFactory.getInstance("X.509"); |
|
245 |
} |
|
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
246 |
String content = XMLUtils.getFullTextChildrenFromNode(elem); |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
247 |
return new ByteArrayInputStream(XMLUtils.decode(content)); |
2 | 248 |
} catch (CertificateException e) { |
249 |
throw new MarshalException("Cannot create CertificateFactory", e); |
|
250 |
} |
|
251 |
} |
|
252 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
253 |
@Override |
2 | 254 |
public boolean equals(Object o) { |
255 |
if (this == o) { |
|
256 |
return true; |
|
257 |
} |
|
258 |
||
259 |
if (!(o instanceof X509Data)) { |
|
260 |
return false; |
|
261 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
262 |
X509Data oxd = (X509Data)o; |
2 | 263 |
|
27747 | 264 |
List<?> ocontent = oxd.getContent(); |
2 | 265 |
int size = content.size(); |
266 |
if (size != ocontent.size()) { |
|
267 |
return false; |
|
268 |
} |
|
269 |
||
270 |
for (int i = 0; i < size; i++) { |
|
271 |
Object x = content.get(i); |
|
272 |
Object ox = ocontent.get(i); |
|
273 |
if (x instanceof byte[]) { |
|
274 |
if (!(ox instanceof byte[]) || |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
275 |
!Arrays.equals((byte[])x, (byte[])ox)) { |
2 | 276 |
return false; |
277 |
} |
|
278 |
} else { |
|
279 |
if (!(x.equals(ox))) { |
|
280 |
return false; |
|
281 |
} |
|
282 |
} |
|
283 |
} |
|
284 |
||
285 |
return true; |
|
286 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
287 |
|
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
288 |
@Override |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
289 |
public int hashCode() { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
290 |
int result = 17; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
291 |
result = 31 * result + content.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
292 |
|
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
293 |
return result; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
5506
diff
changeset
|
294 |
} |
2 | 295 |
} |