author | jlahoda |
Tue, 24 Sep 2019 15:40:26 +0200 | |
branch | JDK-8226585-branch |
changeset 58290 | d885633d9de4 |
parent 54731 | 81de17a33575 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
1337 | 2 |
* reserved comment block |
3 |
* DO NOT REMOVE OR ALTER! |
|
4 |
*/ |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
5 |
/** |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
6 |
* Licensed to the Apache Software Foundation (ASF) under one |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
7 |
* or more contributor license agreements. See the NOTICE file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
8 |
* distributed with this work for additional information |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
9 |
* regarding copyright ownership. The ASF licenses this file |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
10 |
* to you under the Apache License, Version 2.0 (the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
11 |
* "License"); you may not use this file except in compliance |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
12 |
* with the License. You may obtain a copy of the License at |
2 | 13 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
14 |
* http://www.apache.org/licenses/LICENSE-2.0 |
2 | 15 |
* |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
16 |
* Unless required by applicable law or agreed to in writing, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
17 |
* software distributed under the License is distributed on an |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
18 |
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
19 |
* KIND, either express or implied. See the License for the |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
20 |
* specific language governing permissions and limitations |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
21 |
* under the License. |
2 | 22 |
*/ |
1337 | 23 |
/* |
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
24 |
* Portions copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. |
1337 | 25 |
*/ |
2 | 26 |
/* |
27 |
* =========================================================================== |
|
28 |
* |
|
29 |
* (C) Copyright IBM Corp. 2003 All Rights Reserved. |
|
30 |
* |
|
31 |
* =========================================================================== |
|
32 |
*/ |
|
33 |
/* |
|
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
34 |
* $Id: DOMXMLSignature.java 1854026 2019-02-21 09:30:01Z coheigea $ |
2 | 35 |
*/ |
36 |
package org.jcp.xml.dsig.internal.dom; |
|
37 |
||
38 |
import javax.xml.crypto.*; |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
39 |
import javax.xml.crypto.dom.*; |
2 | 40 |
import javax.xml.crypto.dsig.*; |
41 |
import javax.xml.crypto.dsig.dom.DOMSignContext; |
|
42 |
import javax.xml.crypto.dsig.dom.DOMValidateContext; |
|
43 |
import javax.xml.crypto.dsig.keyinfo.KeyInfo; |
|
44 |
||
45 |
import java.security.InvalidKeyException; |
|
46 |
import java.security.Key; |
|
1337 | 47 |
import java.security.Provider; |
2 | 48 |
import java.util.Collections; |
49 |
import java.util.ArrayList; |
|
50 |
import java.util.HashMap; |
|
51 |
import java.util.List; |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
52 |
import java.util.Map; |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
53 |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
54 |
import org.w3c.dom.Attr; |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
55 |
import org.w3c.dom.Document; |
2 | 56 |
import org.w3c.dom.Element; |
57 |
import org.w3c.dom.Node; |
|
58 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
59 |
import com.sun.org.apache.xml.internal.security.utils.XMLUtils; |
2 | 60 |
|
61 |
/** |
|
62 |
* DOM-based implementation of XMLSignature. |
|
63 |
* |
|
64 |
*/ |
|
65 |
public final class DOMXMLSignature extends DOMStructure |
|
66 |
implements XMLSignature { |
|
67 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
68 |
private static final com.sun.org.slf4j.internal.Logger LOG = |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
69 |
com.sun.org.slf4j.internal.LoggerFactory.getLogger(DOMXMLSignature.class); |
2 | 70 |
private String id; |
71 |
private SignatureValue sv; |
|
72 |
private KeyInfo ki; |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
73 |
private List<XMLObject> objects; |
2 | 74 |
private SignedInfo si; |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
75 |
private Document ownerDoc = null; |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
76 |
private Element localSigElem = null; |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
77 |
private Element sigElem = null; |
2 | 78 |
private boolean validationStatus; |
79 |
private boolean validated = false; |
|
80 |
private KeySelectorResult ksr; |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
81 |
private Map<String, XMLStructure> signatureIdMap; |
2 | 82 |
|
83 |
static { |
|
84 |
com.sun.org.apache.xml.internal.security.Init.init(); |
|
85 |
} |
|
86 |
||
87 |
/** |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
88 |
* Creates a {@code DOMXMLSignature} from the specified components. |
2 | 89 |
* |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
90 |
* @param si the {@code SignedInfo} |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
91 |
* @param ki the {@code KeyInfo}, or {@code null} if not specified |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
92 |
* @param objs a list of {@code XMLObject}s or {@code null} |
2 | 93 |
* if not specified. The list is copied to protect against subsequent |
94 |
* modification. |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
95 |
* @param id an optional id (specify {@code null} to omit) |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
96 |
* @param signatureValueId an optional id (specify {@code null} to |
2 | 97 |
* omit) |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
98 |
* @throws NullPointerException if {@code si} is {@code null} |
2 | 99 |
*/ |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
100 |
public DOMXMLSignature(SignedInfo si, KeyInfo ki, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
101 |
List<? extends XMLObject> objs, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
102 |
String id, String signatureValueId) |
2 | 103 |
{ |
104 |
if (si == null) { |
|
105 |
throw new NullPointerException("signedInfo cannot be null"); |
|
106 |
} |
|
107 |
this.si = si; |
|
108 |
this.id = id; |
|
109 |
this.sv = new DOMSignatureValue(signatureValueId); |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
110 |
if (objs == null) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
111 |
this.objects = Collections.emptyList(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
112 |
} else { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
113 |
this.objects = |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
114 |
Collections.unmodifiableList(new ArrayList<>(objs)); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
115 |
for (int i = 0, size = this.objects.size(); i < size; i++) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
116 |
if (!(this.objects.get(i) instanceof XMLObject)) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
117 |
throw new ClassCastException |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
118 |
("objs["+i+"] is not an XMLObject"); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
119 |
} |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
120 |
} |
2 | 121 |
} |
122 |
this.ki = ki; |
|
123 |
} |
|
124 |
||
125 |
/** |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
126 |
* Creates a {@code DOMXMLSignature} from XML. |
2 | 127 |
* |
128 |
* @param sigElem Signature element |
|
129 |
* @throws MarshalException if XMLSignature cannot be unmarshalled |
|
130 |
*/ |
|
1337 | 131 |
public DOMXMLSignature(Element sigElem, XMLCryptoContext context, |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
132 |
Provider provider) |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
133 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
134 |
{ |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
135 |
localSigElem = sigElem; |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
136 |
ownerDoc = localSigElem.getOwnerDocument(); |
2 | 137 |
|
138 |
// get Id attribute, if specified |
|
139 |
id = DOMUtils.getAttributeValue(localSigElem, "Id"); |
|
140 |
// unmarshal SignedInfo |
|
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
141 |
Element siElem = DOMUtils.getFirstChildElement(localSigElem, |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
142 |
"SignedInfo", |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
143 |
XMLSignature.XMLNS); |
1337 | 144 |
si = new DOMSignedInfo(siElem, context, provider); |
2 | 145 |
|
146 |
// unmarshal SignatureValue |
|
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
147 |
Element sigValElem = DOMUtils.getNextSiblingElement(siElem, |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
148 |
"SignatureValue", |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
149 |
XMLSignature.XMLNS); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
150 |
sv = new DOMSignatureValue(sigValElem); |
2 | 151 |
|
152 |
// unmarshal KeyInfo, if specified |
|
153 |
Element nextSibling = DOMUtils.getNextSiblingElement(sigValElem); |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
154 |
if (nextSibling != null && nextSibling.getLocalName().equals("KeyInfo") |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
155 |
&& XMLSignature.XMLNS.equals(nextSibling.getNamespaceURI())) { |
1337 | 156 |
ki = new DOMKeyInfo(nextSibling, context, provider); |
2 | 157 |
nextSibling = DOMUtils.getNextSiblingElement(nextSibling); |
158 |
} |
|
159 |
||
160 |
// unmarshal Objects, if specified |
|
161 |
if (nextSibling == null) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
162 |
objects = Collections.emptyList(); |
2 | 163 |
} else { |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
164 |
List<XMLObject> tempObjects = new ArrayList<>(); |
2 | 165 |
while (nextSibling != null) { |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
166 |
String name = nextSibling.getLocalName(); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
167 |
String namespace = nextSibling.getNamespaceURI(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
168 |
if (!"Object".equals(name) || !XMLSignature.XMLNS.equals(namespace)) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
169 |
throw new MarshalException("Invalid element name: " + namespace + ":" + name + |
19051
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
170 |
", expected KeyInfo or Object"); |
6c0cfc00b3ed
8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
mullan
parents:
18780
diff
changeset
|
171 |
} |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
172 |
tempObjects.add(new DOMXMLObject(nextSibling, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
173 |
context, provider)); |
2 | 174 |
nextSibling = DOMUtils.getNextSiblingElement(nextSibling); |
175 |
} |
|
176 |
objects = Collections.unmodifiableList(tempObjects); |
|
177 |
} |
|
178 |
} |
|
179 |
||
180 |
public String getId() { |
|
181 |
return id; |
|
182 |
} |
|
183 |
||
184 |
public KeyInfo getKeyInfo() { |
|
185 |
return ki; |
|
186 |
} |
|
187 |
||
188 |
public SignedInfo getSignedInfo() { |
|
189 |
return si; |
|
190 |
} |
|
191 |
||
24970
094bfaa699c3
8046044: Fix raw and unchecked lint warnings in XML Signature Impl
mullan
parents:
23010
diff
changeset
|
192 |
public List<XMLObject> getObjects() { |
2 | 193 |
return objects; |
194 |
} |
|
195 |
||
196 |
public SignatureValue getSignatureValue() { |
|
197 |
return sv; |
|
198 |
} |
|
199 |
||
200 |
public KeySelectorResult getKeySelectorResult() { |
|
201 |
return ksr; |
|
202 |
} |
|
203 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
204 |
@Override |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
205 |
public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
206 |
throws MarshalException |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
207 |
{ |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
208 |
marshal(parent, null, dsPrefix, context); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
209 |
} |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
210 |
|
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
211 |
public void marshal(Node parent, Node nextSibling, String dsPrefix, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
212 |
DOMCryptoContext context) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
213 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
214 |
{ |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
215 |
ownerDoc = DOMUtils.getOwnerDocument(parent); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
216 |
sigElem = DOMUtils.createElement(ownerDoc, "Signature", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
217 |
XMLSignature.XMLNS, dsPrefix); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
218 |
|
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
219 |
// append xmlns attribute |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
220 |
if (dsPrefix == null || dsPrefix.length() == 0) { |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
221 |
sigElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
222 |
XMLSignature.XMLNS); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
223 |
} else { |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
224 |
sigElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
225 |
dsPrefix, XMLSignature.XMLNS); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
226 |
} |
2 | 227 |
|
228 |
// create and append SignedInfo element |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
229 |
((DOMSignedInfo)si).marshal(sigElem, dsPrefix, context); |
2 | 230 |
|
231 |
// create and append SignatureValue element |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
232 |
((DOMSignatureValue)sv).marshal(sigElem, dsPrefix, context); |
2 | 233 |
|
234 |
// create and append KeyInfo element if necessary |
|
235 |
if (ki != null) { |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
236 |
((DOMKeyInfo)ki).marshal(sigElem, null, dsPrefix, context); |
2 | 237 |
} |
238 |
||
239 |
// create and append Object elements if necessary |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
240 |
for (int i = 0, size = objects.size(); i < size; i++) { |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
241 |
((DOMXMLObject)objects.get(i)).marshal(sigElem, dsPrefix, context); |
2 | 242 |
} |
243 |
||
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
244 |
// append Id attribute |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
245 |
DOMUtils.setAttributeID(sigElem, "Id", id); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
246 |
|
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
247 |
parent.insertBefore(sigElem, nextSibling); |
2 | 248 |
} |
249 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
250 |
@Override |
2 | 251 |
public boolean validate(XMLValidateContext vc) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
252 |
throws XMLSignatureException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
253 |
{ |
2 | 254 |
if (vc == null) { |
255 |
throw new NullPointerException("validateContext is null"); |
|
256 |
} |
|
257 |
||
258 |
if (!(vc instanceof DOMValidateContext)) { |
|
259 |
throw new ClassCastException |
|
260 |
("validateContext must be of type DOMValidateContext"); |
|
261 |
} |
|
262 |
||
263 |
if (validated) { |
|
264 |
return validationStatus; |
|
265 |
} |
|
266 |
||
267 |
// validate the signature |
|
268 |
boolean sigValidity = sv.validate(vc); |
|
269 |
if (!sigValidity) { |
|
270 |
validationStatus = false; |
|
271 |
validated = true; |
|
272 |
return validationStatus; |
|
273 |
} |
|
274 |
||
275 |
// validate all References |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
276 |
@SuppressWarnings("unchecked") |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
277 |
List<Reference> refs = this.si.getReferences(); |
2 | 278 |
boolean validateRefs = true; |
279 |
for (int i = 0, size = refs.size(); validateRefs && i < size; i++) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
280 |
Reference ref = refs.get(i); |
2 | 281 |
boolean refValid = ref.validate(vc); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
282 |
LOG.debug("Reference [{}] is valid: {}", ref.getURI(), refValid); |
2 | 283 |
validateRefs &= refValid; |
284 |
} |
|
285 |
if (!validateRefs) { |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
286 |
LOG.debug("Couldn't validate the References"); |
2 | 287 |
validationStatus = false; |
288 |
validated = true; |
|
289 |
return validationStatus; |
|
290 |
} |
|
291 |
||
292 |
// validate Manifests, if property set |
|
293 |
boolean validateMans = true; |
|
294 |
if (Boolean.TRUE.equals(vc.getProperty |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
295 |
("org.jcp.xml.dsig.validateManifests"))) |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
296 |
{ |
2 | 297 |
for (int i=0, size=objects.size(); validateMans && i < size; i++) { |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
298 |
XMLObject xo = objects.get(i); |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
299 |
@SuppressWarnings("unchecked") |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
300 |
List<XMLStructure> content = xo.getContent(); |
2 | 301 |
int csize = content.size(); |
302 |
for (int j = 0; validateMans && j < csize; j++) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
303 |
XMLStructure xs = content.get(j); |
2 | 304 |
if (xs instanceof Manifest) { |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
305 |
LOG.debug("validating manifest"); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
306 |
Manifest man = (Manifest)xs; |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
307 |
@SuppressWarnings("unchecked") |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
308 |
List<Reference> manRefs = man.getReferences(); |
2 | 309 |
int rsize = manRefs.size(); |
310 |
for (int k = 0; validateMans && k < rsize; k++) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
311 |
Reference ref = manRefs.get(k); |
2 | 312 |
boolean refValid = ref.validate(vc); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
313 |
LOG.debug( |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
314 |
"Manifest ref [{}] is valid: {}", ref.getURI(), refValid |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
315 |
); |
2 | 316 |
validateMans &= refValid; |
317 |
} |
|
318 |
} |
|
319 |
} |
|
320 |
} |
|
321 |
} |
|
322 |
||
323 |
validationStatus = validateMans; |
|
324 |
validated = true; |
|
325 |
return validationStatus; |
|
326 |
} |
|
327 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
328 |
@Override |
2 | 329 |
public void sign(XMLSignContext signContext) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
330 |
throws MarshalException, XMLSignatureException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
331 |
{ |
2 | 332 |
if (signContext == null) { |
333 |
throw new NullPointerException("signContext cannot be null"); |
|
334 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
335 |
DOMSignContext context = (DOMSignContext)signContext; |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
336 |
marshal(context.getParent(), context.getNextSibling(), |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
337 |
DOMUtils.getSignaturePrefix(context), context); |
2 | 338 |
|
339 |
// generate references and signature value |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
340 |
List<Reference> allReferences = new ArrayList<>(); |
2 | 341 |
|
342 |
// traverse the Signature and register all objects with IDs that |
|
343 |
// may contain References |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
344 |
signatureIdMap = new HashMap<>(); |
2 | 345 |
signatureIdMap.put(id, this); |
346 |
signatureIdMap.put(si.getId(), si); |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
347 |
@SuppressWarnings("unchecked") |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
348 |
List<Reference> refs = si.getReferences(); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
349 |
for (Reference ref : refs) { |
2 | 350 |
signatureIdMap.put(ref.getId(), ref); |
351 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
352 |
for (XMLObject obj : objects) { |
2 | 353 |
signatureIdMap.put(obj.getId(), obj); |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
354 |
@SuppressWarnings("unchecked") |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
355 |
List<XMLStructure> content = obj.getContent(); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
356 |
for (XMLStructure xs : content) { |
2 | 357 |
if (xs instanceof Manifest) { |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
358 |
Manifest man = (Manifest)xs; |
2 | 359 |
signatureIdMap.put(man.getId(), man); |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
360 |
@SuppressWarnings("unchecked") |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
361 |
List<Reference> manRefs = man.getReferences(); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
362 |
for (Reference ref : manRefs) { |
2 | 363 |
allReferences.add(ref); |
364 |
signatureIdMap.put(ref.getId(), ref); |
|
365 |
} |
|
366 |
} |
|
367 |
} |
|
368 |
} |
|
4506
402b248b41de
6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents:
1337
diff
changeset
|
369 |
// always add SignedInfo references after Manifest references so |
402b248b41de
6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents:
1337
diff
changeset
|
370 |
// that Manifest reference are digested first |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
371 |
allReferences.addAll(refs); |
2 | 372 |
|
373 |
// generate/digest each reference |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
374 |
for (Reference ref : allReferences) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
375 |
digestReference((DOMReference)ref, signContext); |
2 | 376 |
} |
377 |
||
378 |
// do final sweep to digest any references that were skipped or missed |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
379 |
for (Reference ref : allReferences) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
380 |
if (((DOMReference)ref).isDigested()) { |
2 | 381 |
continue; |
382 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
383 |
((DOMReference)ref).digest(signContext); |
2 | 384 |
} |
385 |
||
386 |
Key signingKey = null; |
|
387 |
try { |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
388 |
KeySelectorResult keySelectorResult = signContext.getKeySelector().select(ki, |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
389 |
KeySelector.Purpose.SIGN, |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
390 |
si.getSignatureMethod(), |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
391 |
signContext); |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
392 |
signingKey = keySelectorResult.getKey(); |
2 | 393 |
if (signingKey == null) { |
394 |
throw new XMLSignatureException("the keySelector did not " + |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
395 |
"find a signing key"); |
2 | 396 |
} |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
397 |
ksr = keySelectorResult; |
2 | 398 |
} catch (KeySelectorException kse) { |
399 |
throw new XMLSignatureException("cannot find signing key", kse); |
|
400 |
} |
|
401 |
||
402 |
// calculate signature value |
|
403 |
try { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
404 |
byte[] val = ((AbstractDOMSignatureMethod) |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
405 |
si.getSignatureMethod()).sign(signingKey, si, signContext); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
406 |
((DOMSignatureValue)sv).setValue(val); |
2 | 407 |
} catch (InvalidKeyException ike) { |
408 |
throw new XMLSignatureException(ike); |
|
409 |
} |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
410 |
|
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
411 |
this.localSigElem = sigElem; |
2 | 412 |
} |
413 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
414 |
@Override |
2 | 415 |
public boolean equals(Object o) { |
416 |
if (this == o) { |
|
417 |
return true; |
|
418 |
} |
|
419 |
||
420 |
if (!(o instanceof XMLSignature)) { |
|
421 |
return false; |
|
422 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
423 |
XMLSignature osig = (XMLSignature)o; |
2 | 424 |
|
425 |
boolean idEqual = |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
426 |
id == null ? osig.getId() == null : id.equals(osig.getId()); |
2 | 427 |
boolean keyInfoEqual = |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
428 |
ki == null ? osig.getKeyInfo() == null |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
429 |
: ki.equals(osig.getKeyInfo()); |
2 | 430 |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
431 |
return idEqual && keyInfoEqual && |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
432 |
sv.equals(osig.getSignatureValue()) && |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
433 |
si.equals(osig.getSignedInfo()) && |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
434 |
objects.equals(osig.getObjects()); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
435 |
} |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
436 |
|
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
437 |
@Override |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
438 |
public int hashCode() { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
439 |
int result = 17; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
440 |
if (id != null) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
441 |
result = 31 * result + id.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
442 |
} |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
443 |
if (ki != null) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
444 |
result = 31 * result + ki.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
445 |
} |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
446 |
result = 31 * result + sv.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
447 |
result = 31 * result + si.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
448 |
result = 31 * result + objects.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
449 |
|
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
450 |
return result; |
2 | 451 |
} |
452 |
||
453 |
private void digestReference(DOMReference ref, XMLSignContext signContext) |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
454 |
throws XMLSignatureException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
455 |
{ |
2 | 456 |
if (ref.isDigested()) { |
457 |
return; |
|
458 |
} |
|
459 |
// check dependencies |
|
460 |
String uri = ref.getURI(); |
|
461 |
if (Utils.sameDocumentURI(uri)) { |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
462 |
String parsedId = Utils.parseIdFromSameDocumentURI(uri); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
463 |
if (parsedId != null && signatureIdMap.containsKey(parsedId)) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
464 |
XMLStructure xs = signatureIdMap.get(parsedId); |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
465 |
if (xs instanceof DOMReference) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
466 |
digestReference((DOMReference)xs, signContext); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
467 |
} else if (xs instanceof Manifest) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
468 |
Manifest man = (Manifest)xs; |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
469 |
List<Reference> manRefs = DOMManifest.getManifestReferences(man); |
2 | 470 |
for (int i = 0, size = manRefs.size(); i < size; i++) { |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
471 |
digestReference((DOMReference)manRefs.get(i), |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
472 |
signContext); |
2 | 473 |
} |
474 |
} |
|
475 |
} |
|
476 |
// if uri="" and there are XPath Transforms, there may be |
|
477 |
// reference dependencies in the XPath Transform - so be on |
|
478 |
// the safe side, and skip and do at end in the final sweep |
|
479 |
if (uri.length() == 0) { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
480 |
List<Transform> transforms = ref.getTransforms(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
481 |
for (Transform transform : transforms) { |
2 | 482 |
String transformAlg = transform.getAlgorithm(); |
483 |
if (transformAlg.equals(Transform.XPATH) || |
|
484 |
transformAlg.equals(Transform.XPATH2)) { |
|
485 |
return; |
|
486 |
} |
|
487 |
} |
|
488 |
} |
|
489 |
} |
|
490 |
ref.digest(signContext); |
|
491 |
} |
|
492 |
||
493 |
public class DOMSignatureValue extends DOMStructure |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
494 |
implements SignatureValue |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
495 |
{ |
2 | 496 |
private String id; |
497 |
private byte[] value; |
|
498 |
private String valueBase64; |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
499 |
private Element sigValueElem; |
2 | 500 |
private boolean validated = false; |
501 |
private boolean validationStatus; |
|
502 |
||
503 |
DOMSignatureValue(String id) { |
|
504 |
this.id = id; |
|
505 |
} |
|
506 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
507 |
DOMSignatureValue(Element sigValueElem) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
508 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
509 |
{ |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
510 |
// base64 decode signatureValue |
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
511 |
String content = XMLUtils.getFullTextChildrenFromNode(sigValueElem); |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
512 |
value = XMLUtils.decode(content); |
2 | 513 |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
514 |
Attr attr = sigValueElem.getAttributeNodeNS(null, "Id"); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
515 |
if (attr != null) { |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
516 |
id = attr.getValue(); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
517 |
sigValueElem.setIdAttributeNode(attr, true); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
518 |
} else { |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
519 |
id = null; |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
520 |
} |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
521 |
this.sigValueElem = sigValueElem; |
2 | 522 |
} |
523 |
||
524 |
public String getId() { |
|
525 |
return id; |
|
526 |
} |
|
527 |
||
528 |
public byte[] getValue() { |
|
22584
eed64ee05369
8032733: Fix cast lint warnings in client libraries
darcy
parents:
19051
diff
changeset
|
529 |
return (value == null) ? null : value.clone(); |
2 | 530 |
} |
531 |
||
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
532 |
public String getEncodedValue() { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
533 |
return valueBase64; |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
534 |
} |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
535 |
|
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
536 |
@Override |
2 | 537 |
public boolean validate(XMLValidateContext validateContext) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
538 |
throws XMLSignatureException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
539 |
{ |
2 | 540 |
if (validateContext == null) { |
541 |
throw new NullPointerException("context cannot be null"); |
|
542 |
} |
|
543 |
||
544 |
if (validated) { |
|
545 |
return validationStatus; |
|
546 |
} |
|
547 |
||
548 |
// get validating key |
|
549 |
SignatureMethod sm = si.getSignatureMethod(); |
|
550 |
Key validationKey = null; |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
551 |
KeySelectorResult ksResult = null; |
2 | 552 |
try { |
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
553 |
KeySelector keySelector = validateContext.getKeySelector(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
554 |
if (keySelector != null) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
555 |
ksResult = keySelector.select |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
556 |
(ki, KeySelector.Purpose.VERIFY, sm, validateContext); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
557 |
if (ksResult != null) { |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
558 |
validationKey = ksResult.getKey(); |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
559 |
} |
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
560 |
} |
2 | 561 |
if (validationKey == null) { |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
562 |
throw new XMLSignatureException("the keyselector did not " + |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
563 |
"find a validation key"); |
2 | 564 |
} |
565 |
} catch (KeySelectorException kse) { |
|
566 |
throw new XMLSignatureException("cannot find validation " + |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
567 |
"key", kse); |
2 | 568 |
} |
569 |
||
570 |
// canonicalize SignedInfo and verify signature |
|
571 |
try { |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
572 |
validationStatus = ((AbstractDOMSignatureMethod)sm).verify |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
573 |
(validationKey, si, value, validateContext); |
2 | 574 |
} catch (Exception e) { |
575 |
throw new XMLSignatureException(e); |
|
576 |
} |
|
577 |
||
578 |
validated = true; |
|
579 |
ksr = ksResult; |
|
580 |
return validationStatus; |
|
581 |
} |
|
582 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
583 |
@Override |
2 | 584 |
public boolean equals(Object o) { |
585 |
if (this == o) { |
|
586 |
return true; |
|
587 |
} |
|
588 |
||
589 |
if (!(o instanceof SignatureValue)) { |
|
590 |
return false; |
|
591 |
} |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
592 |
SignatureValue osv = (SignatureValue)o; |
2 | 593 |
|
594 |
boolean idEqual = |
|
50614
3810c9a2efa1
8177334: Update xmldsig implementation to Apache Santuario 2.1.1
weijun
parents:
47216
diff
changeset
|
595 |
id == null ? osv.getId() == null : id.equals(osv.getId()); |
2 | 596 |
|
597 |
//XXX compare signature values? |
|
598 |
return idEqual; |
|
599 |
} |
|
600 |
||
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
601 |
@Override |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
602 |
public int hashCode() { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
603 |
int result = 17; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
604 |
if (id != null) { |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
605 |
result = 31 * result + id.hashCode(); |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
606 |
} |
2 | 607 |
|
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
608 |
return result; |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
609 |
} |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
610 |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
611 |
public void marshal(Node parent, String dsPrefix, |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
612 |
DOMCryptoContext context) |
18780
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
613 |
throws MarshalException |
f47b920867e7
8011547: Update XML Signature implementation to Apache Santuario 1.5.4
mullan
parents:
18240
diff
changeset
|
614 |
{ |
54731
81de17a33575
8219013: Update Apache Santuario (XML Signature) to version 2.1.3
weijun
parents:
53998
diff
changeset
|
615 |
// create SignatureValue element |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
616 |
sigValueElem = DOMUtils.createElement(ownerDoc, "SignatureValue", |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
617 |
XMLSignature.XMLNS, dsPrefix); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
618 |
if (valueBase64 != null) { |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
619 |
sigValueElem.appendChild(ownerDoc.createTextNode(valueBase64)); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
620 |
} |
2 | 621 |
|
622 |
// append Id attribute, if specified |
|
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
623 |
DOMUtils.setAttributeID(sigValueElem, "Id", id); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
624 |
parent.appendChild(sigValueElem); |
2 | 625 |
} |
626 |
||
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
627 |
void setValue(byte[] value) { |
2 | 628 |
this.value = value; |
53998
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
629 |
valueBase64 = XMLUtils.encodeToString(value); |
d870bb08194a
8217878: ENVELOPING XML signature no longer works in JDK 11
mullan
parents:
50614
diff
changeset
|
630 |
sigValueElem.appendChild(ownerDoc.createTextNode(valueBase64)); |
2 | 631 |
} |
632 |
} |
|
633 |
} |