--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java Thu Jun 20 18:53:57 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java Fri Jul 05 15:54:42 2013 -0400
@@ -2,21 +2,23 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-/*
- * Copyright 1999-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package com.sun.org.apache.xml.internal.security.signature;
@@ -50,11 +52,11 @@
*/
public class SignedInfo extends Manifest {
- /** Field _signatureAlgorithm */
- private SignatureAlgorithm _signatureAlgorithm = null;
+ /** Field signatureAlgorithm */
+ private SignatureAlgorithm signatureAlgorithm = null;
- /** Field _c14nizedBytes */
- private byte[] _c14nizedBytes = null;
+ /** Field c14nizedBytes */
+ private byte[] c14nizedBytes = null;
private Element c14nMethod;
private Element signatureMethod;
@@ -83,9 +85,9 @@
* Canonicalization method
* @throws XMLSecurityException
*/
- public SignedInfo(Document doc, String signatureMethodURI,
- String canonicalizationMethodURI)
- throws XMLSecurityException {
+ public SignedInfo(
+ Document doc, String signatureMethodURI, String canonicalizationMethodURI
+ ) throws XMLSecurityException {
this(doc, signatureMethodURI, 0, canonicalizationMethodURI);
}
@@ -100,31 +102,29 @@
* Canonicalization method
* @throws XMLSecurityException
*/
- public SignedInfo(Document doc, String signatureMethodURI,
- int hMACOutputLength, String canonicalizationMethodURI)
- throws XMLSecurityException {
-
+ public SignedInfo(
+ Document doc, String signatureMethodURI,
+ int hMACOutputLength, String canonicalizationMethodURI
+ ) throws XMLSecurityException {
super(doc);
- c14nMethod = XMLUtils.createElementInSignatureSpace(this._doc,
- Constants._TAG_CANONICALIZATIONMETHOD);
+ c14nMethod =
+ XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_CANONICALIZATIONMETHOD);
- c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM,
- canonicalizationMethodURI);
- this._constructionElement.appendChild(c14nMethod);
- XMLUtils.addReturnToElement(this._constructionElement);
+ c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM, canonicalizationMethodURI);
+ this.constructionElement.appendChild(c14nMethod);
+ XMLUtils.addReturnToElement(this.constructionElement);
if (hMACOutputLength > 0) {
- this._signatureAlgorithm = new SignatureAlgorithm(this._doc,
- signatureMethodURI, hMACOutputLength);
+ this.signatureAlgorithm =
+ new SignatureAlgorithm(this.doc, signatureMethodURI, hMACOutputLength);
} else {
- this._signatureAlgorithm = new SignatureAlgorithm(this._doc,
- signatureMethodURI);
+ this.signatureAlgorithm = new SignatureAlgorithm(this.doc, signatureMethodURI);
}
- signatureMethod = this._signatureAlgorithm.getElement();
- this._constructionElement.appendChild(signatureMethod);
- XMLUtils.addReturnToElement(this._constructionElement);
+ signatureMethod = this.signatureAlgorithm.getElement();
+ this.constructionElement.appendChild(signatureMethod);
+ XMLUtils.addReturnToElement(this.constructionElement);
}
/**
@@ -133,22 +133,22 @@
* @param canonicalizationMethodElem
* @throws XMLSecurityException
*/
- public SignedInfo(Document doc, Element signatureMethodElem,
- Element canonicalizationMethodElem) throws XMLSecurityException {
-
+ public SignedInfo(
+ Document doc, Element signatureMethodElem, Element canonicalizationMethodElem
+ ) throws XMLSecurityException {
super(doc);
// Check this?
this.c14nMethod = canonicalizationMethodElem;
- this._constructionElement.appendChild(c14nMethod);
- XMLUtils.addReturnToElement(this._constructionElement);
+ this.constructionElement.appendChild(c14nMethod);
+ XMLUtils.addReturnToElement(this.constructionElement);
- this._signatureAlgorithm =
+ this.signatureAlgorithm =
new SignatureAlgorithm(signatureMethodElem, null);
- signatureMethod = this._signatureAlgorithm.getElement();
- this._constructionElement.appendChild(signatureMethod);
+ signatureMethod = this.signatureAlgorithm.getElement();
+ this.constructionElement.appendChild(signatureMethod);
- XMLUtils.addReturnToElement(this._constructionElement);
+ XMLUtils.addReturnToElement(this.constructionElement);
}
/**
@@ -157,48 +157,76 @@
* @param element <code>SignedInfo</code>
* @param baseURI the URI of the resource where the XML instance was stored
* @throws XMLSecurityException
- * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">Question</A>
- * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">Answer</A>
+ * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">
+ * Question</A>
+ * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">
+ * Answer</A>
*/
- public SignedInfo(Element element, String baseURI)
- throws XMLSecurityException {
+ public SignedInfo(Element element, String baseURI) throws XMLSecurityException {
+ this(element, baseURI, false);
+ }
+ /**
+ * Build a {@link SignedInfo} from an {@link Element}
+ *
+ * @param element <code>SignedInfo</code>
+ * @param baseURI the URI of the resource where the XML instance was stored
+ * @param secureValidation whether secure validation is enabled or not
+ * @throws XMLSecurityException
+ * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">
+ * Question</A>
+ * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">
+ * Answer</A>
+ */
+ public SignedInfo(
+ Element element, String baseURI, boolean secureValidation
+ ) throws XMLSecurityException {
// Parse the Reference children and Id attribute in the Manifest
- super(element, baseURI);
+ super(reparseSignedInfoElem(element), baseURI, secureValidation);
- /* canonicalize ds:SignedInfo, reparse it into a new document
+ c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
+ signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling());
+ this.signatureAlgorithm =
+ new SignatureAlgorithm(signatureMethod, this.getBaseURI(), secureValidation);
+ }
+
+ private static Element reparseSignedInfoElem(Element element)
+ throws XMLSecurityException {
+ /*
+ * If a custom canonicalizationMethod is used, canonicalize
+ * ds:SignedInfo, reparse it into a new document
* and replace the original not-canonicalized ds:SignedInfo by
* the re-parsed canonicalized one.
*/
- c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
- String c14nMethodURI = this.getCanonicalizationMethodURI();
+ Element c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
+ String c14nMethodURI =
+ c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
if (!(c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS))) {
+ c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) ||
+ c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) ||
+ c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS) ||
+ c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS) ||
+ c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS))) {
// the c14n is not a secure one and can rewrite the URIs or like
- // that reparse the SignedInfo to be sure
+ // so reparse the SignedInfo to be sure
try {
Canonicalizer c14nizer =
- Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
+ Canonicalizer.getInstance(c14nMethodURI);
- this._c14nizedBytes =
- c14nizer.canonicalizeSubtree(this._constructionElement);
+ byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element);
javax.xml.parsers.DocumentBuilderFactory dbf =
javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
- Boolean.TRUE);
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
Document newdoc =
- db.parse(new ByteArrayInputStream(this._c14nizedBytes));
+ db.parse(new ByteArrayInputStream(c14nizedBytes));
Node imported =
- this._doc.importNode(newdoc.getDocumentElement(), true);
+ element.getOwnerDocument().importNode(newdoc.getDocumentElement(), true);
- this._constructionElement.getParentNode().replaceChild(imported,
- this._constructionElement);
+ element.getParentNode().replaceChild(imported, element);
- this._constructionElement = (Element) imported;
+ return (Element) imported;
} catch (ParserConfigurationException ex) {
throw new XMLSecurityException("empty", ex);
} catch (IOException ex) {
@@ -207,184 +235,163 @@
throw new XMLSecurityException("empty", ex);
}
}
- signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling());
- this._signatureAlgorithm =
- new SignatureAlgorithm(signatureMethod, this.getBaseURI());
+ return element;
+ }
+
+ /**
+ * Tests core validation process
+ *
+ * @return true if verification was successful
+ * @throws MissingResourceFailureException
+ * @throws XMLSecurityException
+ */
+ public boolean verify()
+ throws MissingResourceFailureException, XMLSecurityException {
+ return super.verifyReferences(false);
+ }
+
+ /**
+ * Tests core validation process
+ *
+ * @param followManifests defines whether the verification process has to verify referenced <CODE>ds:Manifest</CODE>s, too
+ * @return true if verification was successful
+ * @throws MissingResourceFailureException
+ * @throws XMLSecurityException
+ */
+ public boolean verify(boolean followManifests)
+ throws MissingResourceFailureException, XMLSecurityException {
+ return super.verifyReferences(followManifests);
+ }
+
+ /**
+ * Returns getCanonicalizedOctetStream
+ *
+ * @return the canonicalization result octet stream of <code>SignedInfo</code> element
+ * @throws CanonicalizationException
+ * @throws InvalidCanonicalizerException
+ * @throws XMLSecurityException
+ */
+ public byte[] getCanonicalizedOctetStream()
+ throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException {
+ if (this.c14nizedBytes == null) {
+ Canonicalizer c14nizer =
+ Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
+
+ this.c14nizedBytes =
+ c14nizer.canonicalizeSubtree(this.constructionElement);
+ }
+
+ // make defensive copy
+ return this.c14nizedBytes.clone();
+ }
+
+ /**
+ * Output the C14n stream to the given OutputStream.
+ * @param os
+ * @throws CanonicalizationException
+ * @throws InvalidCanonicalizerException
+ * @throws XMLSecurityException
+ */
+ public void signInOctetStream(OutputStream os)
+ throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException {
+ if (this.c14nizedBytes == null) {
+ Canonicalizer c14nizer =
+ Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
+ c14nizer.setWriter(os);
+ String inclusiveNamespaces = this.getInclusiveNamespaces();
+
+ if (inclusiveNamespaces == null) {
+ c14nizer.canonicalizeSubtree(this.constructionElement);
+ } else {
+ c14nizer.canonicalizeSubtree(this.constructionElement, inclusiveNamespaces);
+ }
+ } else {
+ try {
+ os.write(this.c14nizedBytes);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
}
- /**
- * Tests core validation process
- *
- * @return true if verification was successful
- * @throws MissingResourceFailureException
- * @throws XMLSecurityException
- */
- public boolean verify()
- throws MissingResourceFailureException, XMLSecurityException {
- return super.verifyReferences(false);
- }
-
- /**
- * Tests core validation process
- *
- * @param followManifests defines whether the verification process has to verify referenced <CODE>ds:Manifest</CODE>s, too
- * @return true if verification was successful
- * @throws MissingResourceFailureException
- * @throws XMLSecurityException
- */
- public boolean verify(boolean followManifests)
- throws MissingResourceFailureException, XMLSecurityException {
- return super.verifyReferences(followManifests);
- }
+ /**
+ * Returns the Canonicalization method URI
+ *
+ * @return the Canonicalization method URI
+ */
+ public String getCanonicalizationMethodURI() {
+ return c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
+ }
- /**
- * Returns getCanonicalizedOctetStream
- *
- * @return the canonicalization result octedt stream of <code>SignedInfo</code> element
- * @throws CanonicalizationException
- * @throws InvalidCanonicalizerException
- * @throws XMLSecurityException
- */
- public byte[] getCanonicalizedOctetStream()
- throws CanonicalizationException, InvalidCanonicalizerException,
- XMLSecurityException {
+ /**
+ * Returns the Signature method URI
+ *
+ * @return the Signature method URI
+ */
+ public String getSignatureMethodURI() {
+ Element signatureElement = this.getSignatureMethodElement();
- if ((this._c14nizedBytes == null)
- /*&& (this._state == ElementProxy.MODE_SIGN)*/) {
- Canonicalizer c14nizer =
- Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
-
- this._c14nizedBytes =
- c14nizer.canonicalizeSubtree(this._constructionElement);
- }
+ if (signatureElement != null) {
+ return signatureElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+ }
- // make defensive copy
- byte[] output = new byte[this._c14nizedBytes.length];
-
- System.arraycopy(this._c14nizedBytes, 0, output, 0, output.length);
-
- return output;
- }
+ return null;
+ }
- /**
- * Output the C14n stream to the give outputstream.
- * @param os
- * @throws CanonicalizationException
- * @throws InvalidCanonicalizerException
- * @throws XMLSecurityException
- */
- public void signInOctectStream(OutputStream os)
- throws CanonicalizationException, InvalidCanonicalizerException,
- XMLSecurityException {
-
- if ((this._c14nizedBytes == null)) {
- Canonicalizer c14nizer =
- Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
- c14nizer.setWriter(os);
- String inclusiveNamespaces = this.getInclusiveNamespaces();
+ /**
+ * Method getSignatureMethodElement
+ * @return returns the SignatureMethod Element
+ *
+ */
+ public Element getSignatureMethodElement() {
+ return signatureMethod;
+ }
- if(inclusiveNamespaces == null)
- c14nizer.canonicalizeSubtree(this._constructionElement);
- else
- c14nizer.canonicalizeSubtree(this._constructionElement, inclusiveNamespaces);
- } else {
- try {
- os.write(this._c14nizedBytes);
- } catch (IOException e) {
- throw new RuntimeException(""+e);
- }
+ /**
+ * Creates a SecretKey for the appropriate Mac algorithm based on a
+ * byte[] array password.
+ *
+ * @param secretKeyBytes
+ * @return the secret key for the SignedInfo element.
+ */
+ public SecretKey createSecretKey(byte[] secretKeyBytes) {
+ return new SecretKeySpec(secretKeyBytes, this.signatureAlgorithm.getJCEAlgorithmString());
}
- }
-
- /**
- * Returns the Canonicalization method URI
- *
- * @return the Canonicalization method URI
- */
- public String getCanonicalizationMethodURI() {
-
- return c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
- }
-
- /**
- * Returns the Signature method URI
- *
- * @return the Signature method URI
- */
- public String getSignatureMethodURI() {
-
- Element signatureElement = this.getSignatureMethodElement();
-
- if (signatureElement != null) {
- return signatureElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
- }
-
- return null;
- }
+ protected SignatureAlgorithm getSignatureAlgorithm() {
+ return signatureAlgorithm;
+ }
- /**
- * Method getSignatureMethodElement
- * @return gets The SignatureMethod Node.
- *
- */
- public Element getSignatureMethodElement() {
- return signatureMethod;
- }
-
- /**
- * Creates a SecretKey for the appropriate Mac algorithm based on a
- * byte[] array password.
- *
- * @param secretKeyBytes
- * @return the secret key for the SignedInfo element.
- */
- public SecretKey createSecretKey(byte[] secretKeyBytes)
- {
+ /**
+ * Method getBaseLocalName
+ * @inheritDoc
+ *
+ */
+ public String getBaseLocalName() {
+ return Constants._TAG_SIGNEDINFO;
+ }
- return new SecretKeySpec(secretKeyBytes,
- this._signatureAlgorithm
- .getJCEAlgorithmString());
- }
+ public String getInclusiveNamespaces() {
+ String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
+ if (!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") ||
+ c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) {
+ return null;
+ }
+
+ Element inclusiveElement = XMLUtils.getNextElement(c14nMethod.getFirstChild());
- protected SignatureAlgorithm getSignatureAlgorithm() {
- return _signatureAlgorithm;
- }
- /**
- * Method getBaseLocalName
- * @inheritDoc
- *
- */
- public String getBaseLocalName() {
- return Constants._TAG_SIGNEDINFO;
- }
-
- public String getInclusiveNamespaces() {
-
-
-
- String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
- if(!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") ||
- c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) {
+ if (inclusiveElement != null) {
+ try {
+ String inclusiveNamespaces =
+ new InclusiveNamespaces(
+ inclusiveElement,
+ InclusiveNamespaces.ExclusiveCanonicalizationNamespace
+ ).getInclusiveNamespaces();
+ return inclusiveNamespaces;
+ } catch (XMLSecurityException e) {
return null;
}
-
- Element inclusiveElement = XMLUtils.getNextElement(
- c14nMethod.getFirstChild());
-
- if(inclusiveElement != null)
- {
- try
- {
- String inclusiveNamespaces = new InclusiveNamespaces(inclusiveElement,
- InclusiveNamespaces.ExclusiveCanonicalizationNamespace).getInclusiveNamespaces();
- return inclusiveNamespaces;
- }
- catch (XMLSecurityException e)
- {
- return null;
- }
- }
- return null;
+ }
+ return null;
}
}