jdk-sandbox: comparison src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java

equal deleted inserted replaced

-:0f93a75b9213
+:3810c9a2efa1
 */
 package com.sun.org.apache.xml.internal.security.signature;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
-import javax.xml.XMLConstants;
 import javax.xml.parsers.ParserConfigurationException;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
+import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
-import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;
 /**
-* Handles <code>&lt;ds:SignedInfo&gt;</code> elements
+* Handles {@code &lt;ds:SignedInfo&gt;} elements
-* This <code>SignedInfo<code> element includes the canonicalization algorithm,
+* This {@code SignedInfo} element includes the canonicalization algorithm,
 * a signature algorithm, and one or more references.
 *
-* @author Christian Geuer-Pollmann
 */
 public class SignedInfo extends Manifest {
 /** Field signatureAlgorithm */
-private SignatureAlgorithm signatureAlgorithm = null;
+private SignatureAlgorithm signatureAlgorithm;
 /** Field c14nizedBytes           */
-private byte[] c14nizedBytes = null;
+private byte[] c14nizedBytes;
 private Element c14nMethod;
 private Element signatureMethod;
 /**
 * Overwrites {@link Manifest#addDocument} because it creates another
 * Element.
 *
-* @param doc the {@link Document} in which <code>XMLsignature</code> will
+* @param doc the {@link Document} in which {@code XMLsignature} will
 *    be placed
 * @throws XMLSecurityException
 */
 public SignedInfo(Document doc) throws XMLSecurityException {
 this(doc, XMLSignature.ALGO_ID_SIGNATURE_DSA,
 /**
 * Constructs {@link SignedInfo} using given Canonicalization algorithm and
 * Signature algorithm.
 *
-* @param doc <code>SignedInfo</code> is placed in this document
+* @param doc {@code SignedInfo} is placed in this document
 * @param signatureMethodURI URI representation of the Digest and
 *    Signature algorithm
 * @param canonicalizationMethodURI URI representation of the
 *    Canonicalization method
 * @throws XMLSecurityException
 }
 /**
 * Constructor SignedInfo
 *
-* @param doc <code>SignedInfo</code> is placed in this document
+* @param doc {@code SignedInfo} is placed in this document
 * @param signatureMethodURI URI representation of the Digest and
 *    Signature algorithm
 * @param hMACOutputLength
 * @param canonicalizationMethodURI URI representation of the
 *    Canonicalization method
 int hMACOutputLength, String canonicalizationMethodURI
 ) throws XMLSecurityException {
 super(doc);
 c14nMethod =
-XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_CANONICALIZATIONMETHOD);
+XMLUtils.createElementInSignatureSpace(getDocument(), Constants._TAG_CANONICALIZATIONMETHOD);
 c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM, canonicalizationMethodURI);
-this.constructionElement.appendChild(c14nMethod);
+appendSelf(c14nMethod);
-XMLUtils.addReturnToElement(this.constructionElement);
+addReturnToSelf();
 if (hMACOutputLength > 0) {
 this.signatureAlgorithm =
-new SignatureAlgorithm(this.doc, signatureMethodURI, hMACOutputLength);
+new SignatureAlgorithm(getDocument(), signatureMethodURI, hMACOutputLength);
 } else {
-this.signatureAlgorithm = new SignatureAlgorithm(this.doc, signatureMethodURI);
+this.signatureAlgorithm = new SignatureAlgorithm(getDocument(), signatureMethodURI);
 }
 signatureMethod = this.signatureAlgorithm.getElement();
-this.constructionElement.appendChild(signatureMethod);
+appendSelf(signatureMethod);
-XMLUtils.addReturnToElement(this.constructionElement);
+addReturnToSelf();
 }
 /**
 * @param doc
 * @param signatureMethodElem
 Document doc, Element signatureMethodElem, Element canonicalizationMethodElem
 ) throws XMLSecurityException {
 super(doc);
 // Check this?
 this.c14nMethod = canonicalizationMethodElem;
-this.constructionElement.appendChild(c14nMethod);
+appendSelf(c14nMethod);
-XMLUtils.addReturnToElement(this.constructionElement);
+addReturnToSelf();
 this.signatureAlgorithm =
 new SignatureAlgorithm(signatureMethodElem, null);
 signatureMethod = this.signatureAlgorithm.getElement();
-this.constructionElement.appendChild(signatureMethod);
+appendSelf(signatureMethod);
-XMLUtils.addReturnToElement(this.constructionElement);
+addReturnToSelf();
 }
 /**
 * Build a {@link SignedInfo} from an {@link Element}
 *
-* @param element <code>SignedInfo</code>
+* @param element {@code SignedInfo}
 * @param baseURI the URI of the resource where the XML instance was stored
 * @throws XMLSecurityException
 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">
 * Question</A>
 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">
 * Answer</A>
 */
 public SignedInfo(Element element, String baseURI) throws XMLSecurityException {
-this(element, baseURI, false);
+this(element, baseURI, true);
 }
 /**
 * Build a {@link SignedInfo} from an {@link Element}
 *
-* @param element <code>SignedInfo</code>
+* @param element {@code SignedInfo}
 * @param baseURI the URI of the resource where the XML instance was stored
 * @param secureValidation whether secure validation is enabled or not
 * @throws XMLSecurityException
 * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">
 * Question</A>
 */
 public SignedInfo(
 Element element, String baseURI, boolean secureValidation
 ) throws XMLSecurityException {
 // Parse the Reference children and Id attribute in the Manifest
-super(reparseSignedInfoElem(element), baseURI, secureValidation);
+super(reparseSignedInfoElem(element, secureValidation), baseURI, secureValidation);
 c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
 signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling());
 this.signatureAlgorithm =
 new SignatureAlgorithm(signatureMethod, this.getBaseURI(), secureValidation);
 }
-private static Element reparseSignedInfoElem(Element element)
+private static Element reparseSignedInfoElem(Element element, boolean secureValidation)
 throws XMLSecurityException {
 /*
 * If a custom canonicalizationMethod is used, canonicalize
 * ds:SignedInfo, reparse it into a new document
 * and replace the original not-canonicalized ds:SignedInfo by
 // the c14n is not a secure one and can rewrite the URIs or like
 // so reparse the SignedInfo to be sure
 try {
 Canonicalizer c14nizer =
 Canonicalizer.getInstance(c14nMethodURI);
+c14nizer.setSecureValidation(secureValidation);
 byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element);
-javax.xml.parsers.DocumentBuilderFactory dbf =
+javax.xml.parsers.DocumentBuilder db =
-javax.xml.parsers.DocumentBuilderFactory.newInstance();
+XMLUtils.createDocumentBuilder(false, secureValidation);
-dbf.setNamespaceAware(true);
+try (InputStream is = new ByteArrayInputStream(c14nizedBytes)) {
-dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+Document newdoc = db.parse(is);
-javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+Node imported = element.getOwnerDocument().importNode(
-Document newdoc =
+newdoc.getDocumentElement(), true);
-db.parse(new ByteArrayInputStream(c14nizedBytes));
+element.getParentNode().replaceChild(imported, element);
-Node imported =
+return (Element) imported;
-element.getOwnerDocument().importNode(newdoc.getDocumentElement(), true);
+}
-element.getParentNode().replaceChild(imported, element);
-return (Element) imported;
 } catch (ParserConfigurationException ex) {
-throw new XMLSecurityException("empty", ex);
+throw new XMLSecurityException(ex);
 } catch (IOException ex) {
-throw new XMLSecurityException("empty", ex);
+throw new XMLSecurityException(ex);
 } catch (SAXException ex) {
-throw new XMLSecurityException("empty", ex);
+throw new XMLSecurityException(ex);
 }
 }
 return element;
 }
 }
 /**
 * Tests core validation process
 *
-* @param followManifests defines whether the verification process has to verify referenced <CODE>ds:Manifest</CODE>s, too
+* @param followManifests defines whether the verification process has to verify referenced {@code ds:Manifest}s, too
 * @return true if verification was successful
 * @throws MissingResourceFailureException
 * @throws XMLSecurityException
 */
 public boolean verify(boolean followManifests)
 }
 /**
 * Returns getCanonicalizedOctetStream
 *
-* @return the canonicalization result octet stream of <code>SignedInfo</code> element
+* @return the canonicalization result octet stream of {@code SignedInfo} element
 * @throws CanonicalizationException
 * @throws InvalidCanonicalizerException
 * @throws XMLSecurityException
 */
 public byte[] getCanonicalizedOctetStream()
 throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException {
 if (this.c14nizedBytes == null) {
 Canonicalizer c14nizer =
 Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
+c14nizer.setSecureValidation(isSecureValidation());
-this.c14nizedBytes =
-c14nizer.canonicalizeSubtree(this.constructionElement);
+String inclusiveNamespaces = this.getInclusiveNamespaces();
+if (inclusiveNamespaces == null) {
+this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement());
+} else {
+this.c14nizedBytes = c14nizer.canonicalizeSubtree(getElement(), inclusiveNamespaces);
+}
 }
 // make defensive copy
 return this.c14nizedBytes.clone();
 }
 public void signInOctetStream(OutputStream os)
 throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException {
 if (this.c14nizedBytes == null) {
 Canonicalizer c14nizer =
 Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
+c14nizer.setSecureValidation(isSecureValidation());
 c14nizer.setWriter(os);
 String inclusiveNamespaces = this.getInclusiveNamespaces();
 if (inclusiveNamespaces == null) {
-c14nizer.canonicalizeSubtree(this.constructionElement);
+c14nizer.canonicalizeSubtree(getElement());
 } else {
-c14nizer.canonicalizeSubtree(this.constructionElement, inclusiveNamespaces);
+c14nizer.canonicalizeSubtree(getElement(), inclusiveNamespaces);
 }
 } else {
 try {
 os.write(this.c14nizedBytes);
 } catch (IOException e) {
 */
 public SecretKey createSecretKey(byte[] secretKeyBytes) {
 return new SecretKeySpec(secretKeyBytes, this.signatureAlgorithm.getJCEAlgorithmString());
 }
-protected SignatureAlgorithm getSignatureAlgorithm() {
+public SignatureAlgorithm getSignatureAlgorithm() {
 return signatureAlgorithm;
 }
 /**
 * Method getBaseLocalName
-* @inheritDoc
+* {@inheritDoc}
 *
 */
 public String getBaseLocalName() {
 return Constants._TAG_SIGNEDINFO;
 }
 public String getInclusiveNamespaces() {
-String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
+String c14nMethodURI = getCanonicalizationMethodURI();
 if (!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") ||
 c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) {
 return null;
 }

changeset 50614	3810c9a2efa1
parent 47216	71c04702a3d5
child 59240	b3116877866f