equal
deleted
inserted
replaced
29 import java.security.AccessController; |
29 import java.security.AccessController; |
30 import java.security.AccessController; |
30 import java.security.AccessController; |
31 import java.security.PrivilegedAction; |
31 import java.security.PrivilegedAction; |
32 import java.security.Security; |
32 import java.security.Security; |
33 import java.util.Collections; |
33 import java.util.Collections; |
|
34 import java.util.HashMap; |
34 import java.util.HashSet; |
35 import java.util.HashSet; |
35 import java.util.Locale; |
36 import java.util.Locale; |
|
37 import java.util.Map; |
36 import java.util.Set; |
38 import java.util.Set; |
37 |
39 |
38 /** |
40 /** |
39 * The secure validation policy as specified by the |
41 * The secure validation policy as specified by the |
40 * jdk.xml.dsig.secureValidationPolicy security property. |
42 * jdk.xml.dsig.secureValidationPolicy security property. |
44 // all restrictions are initialized to be unconstrained |
46 // all restrictions are initialized to be unconstrained |
45 private static Set<URI> disallowedAlgs = new HashSet<>(); |
47 private static Set<URI> disallowedAlgs = new HashSet<>(); |
46 private static int maxTrans = Integer.MAX_VALUE; |
48 private static int maxTrans = Integer.MAX_VALUE; |
47 private static int maxRefs = Integer.MAX_VALUE; |
49 private static int maxRefs = Integer.MAX_VALUE; |
48 private static Set<String> disallowedRefUriSchemes = new HashSet<>(); |
50 private static Set<String> disallowedRefUriSchemes = new HashSet<>(); |
|
51 private static Map<String, Integer> minKeyMap = new HashMap<>(); |
49 private static boolean noDuplicateIds = false; |
52 private static boolean noDuplicateIds = false; |
50 private static boolean noRMLoops = false; |
53 private static boolean noRMLoops = false; |
51 |
54 |
52 static { |
55 static { |
53 try { |
56 try { |
99 String scheme = tokens[i]; |
102 String scheme = tokens[i]; |
100 disallowedRefUriSchemes.add( |
103 disallowedRefUriSchemes.add( |
101 scheme.toLowerCase(Locale.ROOT)); |
104 scheme.toLowerCase(Locale.ROOT)); |
102 } |
105 } |
103 break; |
106 break; |
|
107 case "minKeySize": |
|
108 if (tokens.length != 3) { |
|
109 error(entry); |
|
110 } |
|
111 minKeyMap.put(tokens[1], |
|
112 Integer.parseUnsignedInt(tokens[2])); |
|
113 break; |
104 case "noDuplicateIds": |
114 case "noDuplicateIds": |
105 if (tokens.length != 1) { |
115 if (tokens.length != 1) { |
106 error(entry); |
116 error(entry); |
107 } |
117 } |
108 noDuplicateIds = true; |
118 noDuplicateIds = true; |
145 } |
155 } |
146 } |
156 } |
147 return false; |
157 return false; |
148 } |
158 } |
149 |
159 |
|
160 public static boolean restrictKey(String type, int size) { |
|
161 return (size < minKeyMap.getOrDefault(type, 0)); |
|
162 } |
|
163 |
150 public static boolean restrictDuplicateIds() { |
164 public static boolean restrictDuplicateIds() { |
151 return noDuplicateIds; |
165 return noDuplicateIds; |
152 } |
166 } |
153 |
167 |
154 public static boolean restrictRetrievalMethodLoops() { |
168 public static boolean restrictRetrievalMethodLoops() { |
169 |
183 |
170 public static Set<String> disabledReferenceUriSchemes() { |
184 public static Set<String> disabledReferenceUriSchemes() { |
171 return Collections.<String>unmodifiableSet(disallowedRefUriSchemes); |
185 return Collections.<String>unmodifiableSet(disallowedRefUriSchemes); |
172 } |
186 } |
173 |
187 |
|
188 public static int minKeySize(String type) { |
|
189 return minKeyMap.getOrDefault(type, 0); |
|
190 } |
|
191 |
174 private static void error(String entry) { |
192 private static void error(String entry) { |
175 throw new IllegalArgumentException( |
193 throw new IllegalArgumentException( |
176 "Invalid jdk.xml.dsig.secureValidationPolicy entry: " + entry); |
194 "Invalid jdk.xml.dsig.secureValidationPolicy entry: " + entry); |
177 } |
195 } |
178 } |
196 } |