Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java
changeset 18240 cda839ac048f
parent 1337 e8d6cef36199
child 18780 f47b920867e7 
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java	Tue Apr 09 12:05:27 2013 +0400
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java	Mon Apr 22 11:23:33 2013 +0100
@@ -23,11 +23,12 @@
 
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import com.sun.org.apache.xml.internal.security.utils.IdResolver;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
 
@@ -51,63 +52,68 @@
    /**
     * Method engineResolve
     *
-    * Wird das gleiche Dokument referenziert?
-    * Wird ein anderes Dokument referenziert?
     * @inheritDoc
     * @param uri
-    * @param BaseURI
-    *
+    * @param baseURI
     */
-   public XMLSignatureInput engineResolve(Attr uri, String BaseURI)
+   public XMLSignatureInput engineResolve(Attr uri, String baseURI)
        throws ResourceResolverException
    {
-
-      String uriNodeValue = uri.getNodeValue();
-      Document doc = uri.getOwnerElement().getOwnerDocument();
+        String uriNodeValue = uri.getNodeValue();
+        Document doc = uri.getOwnerElement().getOwnerDocument();
 
+        Node selectedElem = null;
+        if (uriNodeValue.equals("")) {
 
-      Node selectedElem = null;
-      if (uriNodeValue.equals("")) {
+           /*
+            * Identifies the node-set (minus any comment nodes) of the XML
+            * resource containing the signature
+            */
 
-         /*
-          * Identifies the node-set (minus any comment nodes) of the XML
-          * resource containing the signature
-          */
+            log.log(java.util.logging.Level.FINE, "ResolverFragment with empty URI (means complete document)");
+            selectedElem = doc;
+        } else {
 
-         log.log(java.util.logging.Level.FINE, "ResolverFragment with empty URI (means complete document)");
-         selectedElem = doc;
-      } else {
+            /*
+             * URI="#chapter1"
+             * Identifies a node-set containing the element with ID attribute
+             * value 'chapter1' of the XML resource containing the signature.
+             * XML Signature (and its applications) modify this node-set to
+             * include the element plus all descendents including namespaces and
+             * attributes -- but not comments.
+             */
+            String id = uriNodeValue.substring(1);
 
-         /*
-          * URI="#chapter1"
-          * Identifies a node-set containing the element with ID attribute
-          * value 'chapter1' of the XML resource containing the signature.
-          * XML Signature (and its applications) modify this node-set to
-          * include the element plus all descendents including namespaces and
-          * attributes -- but not comments.
-          */
-         String id = uriNodeValue.substring(1);
-
-         // Element selectedElem = doc.getElementById(id);
-         selectedElem = IdResolver.getElementById(doc, id);
-         if (selectedElem==null) {
+            selectedElem = doc.getElementById(id);
+            if (selectedElem == null) {
                 Object exArgs[] = { id };
-            throw new ResourceResolverException(
-               "signature.Verification.MissingID", exArgs, uri, BaseURI);
-         }
-         if (log.isLoggable(java.util.logging.Level.FINE))
+                throw new ResourceResolverException(
+                    "signature.Verification.MissingID", exArgs, uri, baseURI);
+            }
+            if (secureValidation) {
+                Element start = uri.getOwnerDocument().getDocumentElement();
+                if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
+                    Object exArgs[] = { id };
+                    throw new ResourceResolverException(
+                        "signature.Verification.MultipleIDs", exArgs,
+                        uri, baseURI);
+                }
+            }
+            if (log.isLoggable(java.util.logging.Level.FINE))
                 log.log(java.util.logging.Level.FINE, "Try to catch an Element with ID " + id + " and Element was " + selectedElem);
-      }
+        }
 
-      XMLSignatureInput result = new XMLSignatureInput(selectedElem);
-      result.setExcludeComments(true);
+        XMLSignatureInput result = new XMLSignatureInput(selectedElem);
+        result.setExcludeComments(true);
 
-      //log.log(java.util.logging.Level.FINE, "We return a nodeset with " + resultSet.size() + " nodes");
-      result.setMIMEType("text/xml");
-          result.setSourceURI((BaseURI != null) ? BaseURI.concat(uri.getNodeValue()) :
-                  uri.getNodeValue());
-      return result;
-   }
+        result.setMIMEType("text/xml");
+        if (baseURI != null && baseURI.length() > 0) {
+            result.setSourceURI(baseURI.concat(uri.getNodeValue()));
+        } else {
+            result.setSourceURI(uri.getNodeValue());
+        }
+        return result;
+    }
 
    /**
     * Method engineCanResolve
jdk-sandbox