--- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java Tue Apr 09 12:05:27 2013 +0400
+++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java Mon Apr 22 11:23:33 2013 +0100
@@ -38,6 +38,7 @@
import java.net.URISyntaxException;
import java.security.Provider;
import java.util.*;
+import javax.xml.XMLConstants;
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.DOMCryptoContext;
@@ -124,9 +125,13 @@
// get here node
here = rmElem.getAttributeNodeNS(null, "URI");
+ boolean secVal = Utils.secureValidation(context);
+
// get Transforms, if specified
List transforms = new ArrayList();
Element transformsElem = DOMUtils.getFirstChildElement(rmElem);
+
+ int transformCount = 0;
if (transformsElem != null) {
Element transformElem =
DOMUtils.getFirstChildElement(transformsElem);
@@ -134,6 +139,17 @@
transforms.add
(new DOMTransform(transformElem, context, provider));
transformElem = DOMUtils.getNextSiblingElement(transformElem);
+
+ transformCount++;
+ if (secVal &&
+ (transformCount > DOMReference.MAXIMUM_TRANSFORM_COUNT))
+ {
+ String error = "A maxiumum of " +
+ DOMReference.MAXIMUM_TRANSFORM_COUNT +
+ " transforms per Reference are allowed" +
+ " with secure validation";
+ throw new MarshalException(error);
+ }
}
}
if (transforms.isEmpty()) {
@@ -224,6 +240,8 @@
ApacheData data = (ApacheData) dereference(context);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
+ Boolean.TRUE);
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.parse(new ByteArrayInputStream
(data.getXMLSignatureInput().getBytes()));