# HG changeset patch
# User mullan
# Date 1222094597 14400
# Node ID e8d6cef361995ec6f121f6feccdfc9f957415712
# Parent 21b652819b97e6d0e90d25228e9f856f8c0b973a
6469266: Integrate Apache XMLSec 1.4.2 into JDK 7
Reviewed-by: valeriep
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/Init.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,12 +20,9 @@
*/
package com.sun.org.apache.xml.internal.security;
-
-
import java.io.InputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
-
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -51,7 +48,7 @@
* done by calling {@link Init#init} which should be done in any static block
* of the files of this library. We ensure that this call is only executed once.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public final class Init {
@@ -113,20 +110,19 @@
dbf.setValidating(false);
DocumentBuilder db = dbf.newDocumentBuilder();
-
// We don't allow users to override the Apache XML Security
// configuration in the JRE. Users should use the standard security
// provider mechanism instead if implementing their own
// transform or canonicalization algorithms.
- // String cfile = System.getProperty("com.sun.org.apache.xml.internal.security.resource.config");
- // InputStream is =
- // Class.forName("com.sun.org.apache.xml.internal.security.Init")
- // .getResourceAsStream(cfile != null ? cfile : "resource/config.xml");
+ // InputStream is = Class.forName("com.sun.org.apache.xml.internal.security.Init").getResourceAsStream("resource/config.xml");
InputStream is = (InputStream) AccessController.doPrivileged(
new PrivilegedAction() {
public Object run() {
+// String cfile = System.getProperty
+// ("com.sun.org.apache.xml.internal.security.resource.config");
return getClass().getResourceAsStream
- ("resource/config.xml");
+// (cfile != null ? cfile : "resource/config.xml");
+ ("resource/config.xml");
}
});
@@ -167,7 +163,7 @@
//
// if (tag.equals("ResourceBundles")){
// XX_configure_i18n_start = System.currentTimeMillis();
-// Element resource=(Element)el;
+// Element resource=(Element)el;
// /* configure internationalization */
// Attr langAttr = resource.getAttributeNode("defaultLanguageCode");
// Attr countryAttr = resource.getAttributeNode("defaultCountryCode");
@@ -202,11 +198,11 @@
if (currMeth.getDeclaringClass().getName()
.equals(JAVACLASS)) {
- log.log(java.util.logging.Level.FINE, currMeth.getDeclaringClass().toString());
+ log.log(java.util.logging.Level.FINE, currMeth.getDe claringClass().toString());
}
}*/
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Canonicalizer.register(" + URI + ", "
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Canonicalizer.register(" + URI + ", "
+ JAVACLASS + ")");
Canonicalizer.register(URI, JAVACLASS);
} catch (ClassNotFoundException e) {
@@ -233,9 +229,8 @@
"JAVACLASS");
try {
Class.forName(JAVACLASS);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Transform.register(" + URI + ", " + JAVACLASS
- + ")");
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Transform.register(" + URI + ", " + JAVACLASS + ")");
Transform.register(URI, JAVACLASS);
} catch (ClassNotFoundException e) {
Object exArgs[] = { URI, JAVACLASS };
@@ -284,12 +279,11 @@
//
// if (currMeth.getDeclaringClass().getName()
// .equals(JAVACLASS)) {
-// log.log(java.util.logging.Level.FINE, currMeth.getDeclaringClass().toString());
+// log.log(java.util.logging.Level.FINE, currMeth.getDe claringClass().toString());
// }
// }
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "SignatureAlgorithm.register(" + URI + ", "
- + JAVACLASS + ")");
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "SignatureAlgorithm.register(" + URI + ", " + JAVACLASS + ")");
SignatureAlgorithm.register(URI, JAVACLASS);
} catch (ClassNotFoundException e) {
Object exArgs[] = { URI, JAVACLASS };
@@ -320,13 +314,11 @@
"DESCRIPTION");
if ((Description != null) && (Description.length() > 0)) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": "
- + Description);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": " + Description);
} else {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS
- + ": For unknown purposes");
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": For unknown purposes");
}
try {
ResourceResolver.register(JAVACLASS);
@@ -359,13 +351,11 @@
"DESCRIPTION");
if ((Description != null) && (Description.length() > 0)) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": "
- + Description);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": " + Description);
} else {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS
- + ": For unknown purposes");
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Register Resolver: " + JAVACLASS + ": For unknown purposes");
}
KeyResolver.register(JAVACLASS);
@@ -376,8 +366,8 @@
if (tag.equals("PrefixMappings")){
XX_configure_reg_prefixes_start = System.currentTimeMillis();
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Now I try to bind prefixes:");
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Now I try to bind prefixes:");
Element[] nl = XMLUtils.selectNodes(el.getFirstChild(), CONF_NS,"PrefixMapping");
@@ -386,8 +376,8 @@
"namespace");
String prefix = nl[i].getAttributeNS(null,
"prefix");
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Now I try to bind " + prefix + " to " + namespace);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Now I try to bind " + prefix + " to " + namespace);
com.sun.org.apache.xml.internal.security.utils.ElementProxy
.setDefaultPrefix(namespace, prefix);
}
@@ -398,19 +388,19 @@
long XX_init_end = System.currentTimeMillis();
//J-
- if (true) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XX_init " + ((int)(XX_init_end - XX_init_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_prng " + ((int)(XX_prng_end - XX_prng_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_parsing " + ((int)(XX_parsing_end - XX_parsing_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_i18n " + ((int)(XX_configure_i18n_end- XX_configure_i18n_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_reg_c14n " + ((int)(XX_configure_reg_c14n_end- XX_configure_reg_c14n_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_reg_jcemapper " + ((int)(XX_configure_reg_jcemapper_end- XX_configure_reg_jcemapper_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_reg_keyInfo " + ((int)(XX_configure_reg_keyInfo_end- XX_configure_reg_keyInfo_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_reg_keyResolver " + ((int)(XX_configure_reg_keyResolver_end- XX_configure_reg_keyResolver_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_reg_prefixes " + ((int)(XX_configure_reg_prefixes_end- XX_configure_reg_prefixes_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_reg_resourceresolver " + ((int)(XX_configure_reg_resourceresolver_end- XX_configure_reg_resourceresolver_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_reg_sigalgos " + ((int)(XX_configure_reg_sigalgos_end- XX_configure_reg_sigalgos_start)) + " ms");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, " XX_configure_reg_transforms " + ((int)(XX_configure_reg_transforms_end- XX_configure_reg_transforms_start)) + " ms");
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "XX_init " + ((int)(XX_init_end - XX_init_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_prng " + ((int)(XX_prng_end - XX_prng_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_parsing " + ((int)(XX_parsing_end - XX_parsing_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_i18n " + ((int)(XX_configure_i18n_end- XX_configure_i18n_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_reg_c14n " + ((int)(XX_configure_reg_c14n_end- XX_configure_reg_c14n_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_reg_jcemapper " + ((int)(XX_configure_reg_jcemapper_end- XX_configure_reg_jcemapper_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_reg_keyInfo " + ((int)(XX_configure_reg_keyInfo_end- XX_configure_reg_keyInfo_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_reg_keyResolver " + ((int)(XX_configure_reg_keyResolver_end- XX_configure_reg_keyResolver_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_reg_prefixes " + ((int)(XX_configure_reg_prefixes_end- XX_configure_reg_prefixes_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_reg_resourceresolver " + ((int)(XX_configure_reg_resourceresolver_end- XX_configure_reg_resourceresolver_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_reg_sigalgos " + ((int)(XX_configure_reg_sigalgos_end- XX_configure_reg_sigalgos_start)) + " ms");
+ log.log(java.util.logging.Level.FINE, " XX_configure_reg_transforms " + ((int)(XX_configure_reg_transforms_end- XX_configure_reg_transforms_start)) + " ms");
}
} catch (Exception e) {
log.log(java.util.logging.Level.SEVERE, "Bad: ", e);
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java Mon Sep 22 10:43:17 2008 -0400
@@ -24,7 +24,7 @@
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
-import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
+import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -33,11 +33,7 @@
* The Algorithm class which stores the Algorithm URI as a string.
*
*/
-public abstract class Algorithm extends ElementProxy {
-
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(Algorithm.class.getName());
+public abstract class Algorithm extends SignatureElementProxy {
/**
*
@@ -79,7 +75,7 @@
*/
protected void setAlgorithmURI(String algorithmURI) {
- if ((this._state == MODE_CREATE) && (algorithmURI != null)) {
+ if ( (algorithmURI != null)) {
this._constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM,
algorithmURI);
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java Mon Sep 22 10:43:17 2008 -0400
@@ -35,7 +35,7 @@
/**
* This class maps algorithm identifier URIs to JAVA JCE class names.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class JCEMapper {
@@ -45,9 +45,9 @@
- private static Map uriToJCEName = new HashMap();
+ private static Map uriToJCEName;
- private static Map algorithmsMap = new HashMap();
+ private static Map algorithmsMap;
private static String providerName = null;
/**
@@ -63,6 +63,8 @@
static void loadAlgorithms( Element algorithmsEl) {
Element[] algorithms = XMLUtils.selectNodes(algorithmsEl.getFirstChild(),Init.CONF_NS,"Algorithm");
+ uriToJCEName = new HashMap( algorithms.length * 2);
+ algorithmsMap = new HashMap( algorithms.length * 2);
for (int i = 0 ;i < algorithms.length ;i ++) {
Element el = algorithms[i];
String id = el.getAttribute("URI");
@@ -70,6 +72,7 @@
uriToJCEName.put(id, jceName);
algorithmsMap.put(id, new Algorithm(el));
}
+
}
static Algorithm getAlgorithmMapping(String algoURI) {
@@ -84,8 +87,8 @@
*
*/
public static String translateURItoJCEID(String AlgorithmURI) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
String jceName = (String) uriToJCEName.get(AlgorithmURI);
return jceName;
@@ -100,8 +103,8 @@
*
*/
public static String getAlgorithmClassFromURI(String AlgorithmURI) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Request for URI " + AlgorithmURI);
return ((Algorithm) algorithmsMap.get(AlgorithmURI)).algorithmClass;
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,10 +20,10 @@
*/
package com.sun.org.apache.xml.internal.security.algorithms;
-
-
import java.security.MessageDigest;
import java.security.NoSuchProviderException;
+import java.util.HashMap;
+import java.util.Map;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
@@ -41,11 +41,6 @@
*/
public class MessageDigestAlgorithm extends Algorithm {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(
- MessageDigestAlgorithm.class.getName());
-
/** Message Digest - NOT RECOMMENDED MD5*/
public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 = Constants.MoreAlgorithmsSpecNS + "md5";
/** Digest - Required SHA1*/
@@ -76,6 +71,12 @@
this.algorithm = messageDigest;
}
+ static ThreadLocal instances=new ThreadLocal() {
+ protected Object initialValue() {
+ return new HashMap();
+ };
+ };
+
/**
* Factory method for constructing a message digest algorithm by name.
*
@@ -86,8 +87,15 @@
*/
public static MessageDigestAlgorithm getInstance(
Document doc, String algorithmURI) throws XMLSignatureException {
+ MessageDigest md = getDigestInstance(algorithmURI);
+ return new MessageDigestAlgorithm(doc, md, algorithmURI);
+ }
- String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
+private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
+ MessageDigest result=(MessageDigest) ((Map)instances.get()).get(algorithmURI);
+ if (result!=null)
+ return result;
+ String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
if (algorithmID == null) {
Object[] exArgs = { algorithmURI };
@@ -113,8 +121,9 @@
throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
}
- return new MessageDigestAlgorithm(doc, md, algorithmURI);
- }
+ ((Map)instances.get()).put(algorithmURI, md);
+ return md;
+}
/**
* Returns the actual {@link java.security.MessageDigest} algorithm object
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java Mon Sep 22 10:43:17 2008 -0400
@@ -25,6 +25,7 @@
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
+import java.util.Map;
import com.sun.org.apache.xml.internal.security.algorithms.implementations.IntegrityHmac;
import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
@@ -52,9 +53,35 @@
/** All available algorithm classes are registered here */
static HashMap _algorithmHash = null;
+ static ThreadLocal instancesSigning=new ThreadLocal() {
+ protected Object initialValue() {
+ return new HashMap();
+ };
+ };
+
+ static ThreadLocal instancesVerify=new ThreadLocal() {
+ protected Object initialValue() {
+ return new HashMap();
+ };
+ };
+
+ static ThreadLocal keysSigning=new ThreadLocal() {
+ protected Object initialValue() {
+ return new HashMap();
+ };
+ };
+ static ThreadLocal keysVerify=new ThreadLocal() {
+ protected Object initialValue() {
+ return new HashMap();
+ };
+ };
+// boolean isForSigning=false;
+
/** Field _signatureAlgorithm */
protected SignatureAlgorithmSpi _signatureAlgorithm = null;
+ private String algorithmURI;
+
/**
* Constructor SignatureAlgorithm
*
@@ -64,18 +91,49 @@
*/
public SignatureAlgorithm(Document doc, String algorithmURI)
throws XMLSecurityException {
+ super(doc, algorithmURI);
+ this.algorithmURI = algorithmURI;
+ }
- super(doc, algorithmURI);
- try {
+ private void initializeAlgorithm(boolean isForSigning) throws XMLSignatureException {
+ if (_signatureAlgorithm!=null) {
+ return;
+ }
+ _signatureAlgorithm=isForSigning ? getInstanceForSigning(algorithmURI) : getInstanceForVerify(algorithmURI);
+ this._signatureAlgorithm
+ .engineGetContextFromElement(this._constructionElement);
+ }
+ private static SignatureAlgorithmSpi getInstanceForSigning(String algorithmURI) throws XMLSignatureException {
+ SignatureAlgorithmSpi result=(SignatureAlgorithmSpi) ((Map)instancesSigning.get()).get(algorithmURI);
+ if (result!=null) {
+ result.reset();
+ return result;
+ }
+ result=buildSigner(algorithmURI, result);
+ ((Map)instancesSigning.get()).put(algorithmURI,result);
+ return result;
+ }
+ private static SignatureAlgorithmSpi getInstanceForVerify(String algorithmURI) throws XMLSignatureException {
+ SignatureAlgorithmSpi result=(SignatureAlgorithmSpi) ((Map)instancesVerify.get()).get(algorithmURI);
+ if (result!=null) {
+ result.reset();
+ return result;
+ }
+ result=buildSigner(algorithmURI, result);
+ ((Map)instancesVerify.get()).put(algorithmURI,result);
+ return result;
+ }
+
+ private static SignatureAlgorithmSpi buildSigner(String algorithmURI, SignatureAlgorithmSpi result) throws XMLSignatureException {
+ try {
Class implementingClass =
SignatureAlgorithm.getImplementingClass(algorithmURI);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
+ implementingClass + "\"");
-
- this._signatureAlgorithm =
- (SignatureAlgorithmSpi) implementingClass.newInstance();
+ result=(SignatureAlgorithmSpi) implementingClass.newInstance();
+ return result;
} catch (IllegalAccessException ex) {
Object exArgs[] = { algorithmURI, ex.getMessage() };
@@ -92,7 +150,7 @@
throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs,
ex);
}
- }
+}
/**
* Constructor SignatureAlgorithm
@@ -107,7 +165,8 @@
throws XMLSecurityException {
this(doc, algorithmURI);
-
+ this.algorithmURI=algorithmURI;
+ initializeAlgorithm(true);
this._signatureAlgorithm.engineSetHMACOutputLength(HMACOutputLength);
((IntegrityHmac)this._signatureAlgorithm)
.engineAddContextToElement(this._constructionElement);
@@ -124,37 +183,7 @@
throws XMLSecurityException {
super(element, BaseURI);
-
- String algorithmURI = this.getURI();
-
- try {
- Class implementingClass =
- SignatureAlgorithm.getImplementingClass(algorithmURI);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
- + implementingClass + "\"");
-
- this._signatureAlgorithm =
- (SignatureAlgorithmSpi) implementingClass.newInstance();
-
- this._signatureAlgorithm
- .engineGetContextFromElement(this._constructionElement);
- } catch (IllegalAccessException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs,
- ex);
- } catch (InstantiationException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs,
- ex);
- } catch (NullPointerException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs,
- ex);
- }
+ algorithmURI = this.getURI();
}
/**
@@ -175,7 +204,12 @@
* @return the result of the {@link java.security.Signature#getAlgorithm} method
*/
public String getJCEAlgorithmString() {
- return this._signatureAlgorithm.engineGetJCEAlgorithmString();
+ try {
+ return getInstanceForVerify(algorithmURI).engineGetJCEAlgorithmString();
+ } catch (XMLSignatureException e) {
+ //Ignore.
+ return null;
+ }
}
/**
@@ -184,7 +218,11 @@
* @return The Provider of this Signature Alogrithm
*/
public String getJCEProviderName() {
- return this._signatureAlgorithm.engineGetJCEProviderName();
+ try {
+ return getInstanceForVerify(algorithmURI).engineGetJCEProviderName();
+ } catch (XMLSignatureException e) {
+ return null;
+ }
}
/**
@@ -231,7 +269,13 @@
* @throws XMLSignatureException
*/
public void initSign(Key signingKey) throws XMLSignatureException {
- this._signatureAlgorithm.engineInitSign(signingKey);
+ initializeAlgorithm(true);
+ Map map=(Map)keysSigning.get();
+ if (map.get(this.algorithmURI)==signingKey) {
+ return;
+ }
+ map.put(this.algorithmURI,signingKey);
+ this._signatureAlgorithm.engineInitSign(signingKey);
}
/**
@@ -244,6 +288,7 @@
*/
public void initSign(Key signingKey, SecureRandom secureRandom)
throws XMLSignatureException {
+ initializeAlgorithm(true);
this._signatureAlgorithm.engineInitSign(signingKey, secureRandom);
}
@@ -258,6 +303,7 @@
public void initSign(
Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
throws XMLSignatureException {
+ initializeAlgorithm(true);
this._signatureAlgorithm.engineInitSign(signingKey,
algorithmParameterSpec);
}
@@ -282,7 +328,13 @@
* @throws XMLSignatureException
*/
public void initVerify(Key verificationKey) throws XMLSignatureException {
- this._signatureAlgorithm.engineInitVerify(verificationKey);
+ initializeAlgorithm(false);
+ Map map=(Map)keysVerify.get();
+ if (map.get(this.algorithmURI)==verificationKey) {
+ return;
+ }
+ map.put(this.algorithmURI,verificationKey);
+ this._signatureAlgorithm.engineInitVerify(verificationKey);
}
/**
@@ -320,7 +372,7 @@
.getLogger(SignatureAlgorithm.class.getName());
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Init() called");
+ log.log(java.util.logging.Level.FINE, "Init() called");
if (!SignatureAlgorithm._alreadyInitialized) {
SignatureAlgorithm._algorithmHash = new HashMap(10);
@@ -340,8 +392,8 @@
throws AlgorithmAlreadyRegisteredException,XMLSignatureException {
{
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
// are we already registered?
Class registeredClassClass =
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,27 +20,20 @@
*/
package com.sun.org.apache.xml.internal.security.algorithms;
-
-
import java.security.Key;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public abstract class SignatureAlgorithmSpi {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(SignatureAlgorithmSpi.class.getName());
-
/**
* Returns the URI representation of Transformation algorithm
*
@@ -167,20 +160,6 @@
protected abstract void engineSetParameter(AlgorithmParameterSpec params)
throws XMLSignatureException;
- /** Field _doc */
- Document _doc = null;
-
- /**
- * Method engineSetDocument
- *
- * @param doc
- */
- protected void engineSetDocument(Document doc) {
- this._doc = doc;
- }
-
- /** Field _constructionElement */
- Element _constructionElement = null;
/**
* Method engineGetContextFromElement
@@ -188,7 +167,6 @@
* @param element
*/
protected void engineGetContextFromElement(Element element) {
- this._constructionElement = element;
}
/**
@@ -199,4 +177,7 @@
*/
protected abstract void engineSetHMACOutputLength(int HMACOutputLength)
throws XMLSignatureException;
+
+ public void reset() {
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java Mon Sep 22 10:43:17 2008 -0400
@@ -45,7 +45,7 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
@@ -74,8 +74,8 @@
public IntegrityHmac() throws XMLSignatureException {
String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
try {
this._macAlgorithm = Mac.getInstance(algorithmID);
@@ -99,6 +99,10 @@
throw new XMLSignatureException("empty");
}
+ public void reset() {
+ _HMACOutputLength=0;
+ }
+
/**
* Proxy method for {@link java.security.Signature#verify(byte[])}
* which is executed on the internal {@link java.security.Signature} object.
@@ -145,7 +149,20 @@
try {
this._macAlgorithm.init(secretKey);
} catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
+ // reinstantiate Mac object to work around bug in JDK
+ // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+ Mac mac = this._macAlgorithm;
+ try {
+ this._macAlgorithm = Mac.getInstance
+ (_macAlgorithm.getAlgorithm());
+ } catch (Exception e) {
+ // this shouldn't occur, but if it does, restore previous Mac
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Mac:" + e);
+ }
+ this._macAlgorithm = mac;
+ }
+ throw new XMLSignatureException("empty", ex);
}
}
@@ -323,7 +340,7 @@
*/
protected String engineGetJCEAlgorithmString() {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
+ log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
return this._macAlgorithm.getAlgorithm();
}
@@ -397,7 +414,8 @@
/**
* Class IntegrityHmacSHA1
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacSHA1 extends IntegrityHmac {
@@ -423,7 +441,8 @@
/**
* Class IntegrityHmacSHA256
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacSHA256 extends IntegrityHmac {
@@ -449,7 +468,8 @@
/**
* Class IntegrityHmacSHA384
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacSHA384 extends IntegrityHmac {
@@ -475,7 +495,8 @@
/**
* Class IntegrityHmacSHA512
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacSHA512 extends IntegrityHmac {
@@ -501,7 +522,8 @@
/**
* Class IntegrityHmacRIPEMD160
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacRIPEMD160 extends IntegrityHmac {
@@ -527,7 +549,8 @@
/**
* Class IntegrityHmacMD5
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public static class IntegrityHmacMD5 extends IntegrityHmac {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java Mon Sep 22 10:43:17 2008 -0400
@@ -3,7 +3,7 @@
* DO NOT REMOVE OR ALTER!
*/
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2007 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.algorithms.implementations;
-
-
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
@@ -38,329 +36,344 @@
import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
- /** {@link java.util.logging} logging facility */
+ /** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(SignatureBaseRSA.class.getName());
+ java.util.logging.Logger.getLogger
+ (SignatureBaseRSA.class.getName());
+
+ /** @inheritDoc */
+ public abstract String engineGetURI();
+
+ /** Field algorithm */
+ private java.security.Signature _signatureAlgorithm = null;
+
+ /**
+ * Constructor SignatureRSA
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureBaseRSA() throws XMLSignatureException {
+
+ String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
+
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Created SignatureRSA using " + algorithmID);
+ String provider=JCEMapper.getProviderId();
+ try {
+ if (provider==null) {
+ this._signatureAlgorithm = Signature.getInstance(algorithmID);
+ } else {
+ this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+ }
+ } catch (java.security.NoSuchAlgorithmException ex) {
+ Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ } catch (NoSuchProviderException ex) {
+ Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.setParameter(params);
+ } catch (InvalidAlgorithmParameterException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected boolean engineVerify(byte[] signature)
+ throws XMLSignatureException {
+
+ try {
+ return this._signatureAlgorithm.verify(signature);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+
+ if (!(publicKey instanceof PublicKey)) {
+ String supplied = publicKey.getClass().getName();
+ String needed = PublicKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+ } catch (InvalidKeyException ex) {
+ // reinstantiate Signature object to work around bug in JDK
+ // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+ Signature sig = this._signatureAlgorithm;
+ try {
+ this._signatureAlgorithm = Signature.getInstance
+ (_signatureAlgorithm.getAlgorithm());
+ } catch (Exception e) {
+ // this shouldn't occur, but if it does, restore previous
+ // Signature
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+ }
+ this._signatureAlgorithm = sig;
+ }
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected byte[] engineSign() throws XMLSignatureException {
+ try {
+ return this._signatureAlgorithm.sign();
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+ throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign
+ ((PrivateKey) privateKey, secureRandom);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte[] input) throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte input) throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
/** @inheritDoc */
- public abstract String engineGetURI();
-
- /** Field algorithm */
- private java.security.Signature _signatureAlgorithm = null;
-
- /**
- * Constructor SignatureRSA
- *
- * @throws XMLSignatureException
- */
- public SignatureBaseRSA() throws XMLSignatureException {
-
- String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
- String provider=JCEMapper.getProviderId();
- try {
- if (provider==null) {
- this._signatureAlgorithm = Signature.getInstance(algorithmID);
- } else {
- this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
- }
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID,
- ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- } catch (NoSuchProviderException ex) {
- Object[] exArgs = { algorithmID,
- ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ protected void engineUpdate(byte buf[], int offset, int len)
+ throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(buf, offset, len);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
}
- }
-
- /** @inheritDoc */
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws XMLSignatureException {
+ }
- try {
- this._signatureAlgorithm.setParameter(params);
- } catch (InvalidAlgorithmParameterException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /** @inheritDoc */
+ protected String engineGetJCEAlgorithmString() {
+ return this._signatureAlgorithm.getAlgorithm();
+ }
- /** @inheritDoc */
- protected boolean engineVerify(byte[] signature)
- throws XMLSignatureException {
+ /** @inheritDoc */
+ protected String engineGetJCEProviderName() {
+ return this._signatureAlgorithm.getProvider().getName();
+ }
- try {
- return this._signatureAlgorithm.verify(signature);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /** @inheritDoc */
+ protected void engineSetHMACOutputLength(int HMACOutputLength)
+ throws XMLSignatureException {
+ throw new XMLSignatureException
+ ("algorithms.HMACOutputLengthOnlyForHMAC");
+ }
- /** @inheritDoc */
- protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
- if (!(publicKey instanceof PublicKey)) {
- String supplied = publicKey.getClass().getName();
- String needed = PublicKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
+ /** @inheritDoc */
+ protected void engineInitSign(
+ Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+ throws XMLSignatureException {
+ throw new XMLSignatureException(
+ "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
+ }
- try {
- this._signatureAlgorithm.initVerify((PublicKey) publicKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected byte[] engineSign() throws XMLSignatureException {
-
- try {
- return this._signatureAlgorithm.sign();
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /**
+ * Class SignatureRSASHA1
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSASHA1 extends SignatureBaseRSA {
- /** @inheritDoc */
- protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
- throws XMLSignatureException {
-
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
+ /**
+ * Constructor SignatureRSASHA1
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA1() throws XMLSignatureException {
+ super();
+ }
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
-
- try {
- this._signatureAlgorithm.initSign((PrivateKey) privateKey,
- secureRandom);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
+ }
+ }
- /** @inheritDoc */
- protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
-
- try {
- this._signatureAlgorithm.initSign((PrivateKey) privateKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /**
+ * Class SignatureRSASHA256
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSASHA256 extends SignatureBaseRSA {
- /** @inheritDoc */
- protected void engineUpdate(byte[] input) throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /**
+ * Constructor SignatureRSASHA256
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA256() throws XMLSignatureException {
+ super();
+ }
- /** @inheritDoc */
- protected void engineUpdate(byte input) throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte buf[], int offset, int len)
- throws XMLSignatureException {
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;
+ }
+ }
- try {
- this._signatureAlgorithm.update(buf, offset, len);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected String engineGetJCEAlgorithmString() {
- return this._signatureAlgorithm.getAlgorithm();
- }
-
- /** @inheritDoc */
- protected String engineGetJCEProviderName() {
- return this._signatureAlgorithm.getProvider().getName();
- }
+ /**
+ * Class SignatureRSASHA384
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSASHA384 extends SignatureBaseRSA {
- /** @inheritDoc */
- protected void engineSetHMACOutputLength(int HMACOutputLength)
- throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
- }
+ /**
+ * Constructor SignatureRSASHA384
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA384() throws XMLSignatureException {
+ super();
+ }
- /** @inheritDoc */
- protected void engineInitSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
- throws XMLSignatureException {
- throw new XMLSignatureException(
- "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
- }
-
- /**
- * Class SignatureRSASHA1
- *
- * @author $Author: raul $
- */
- public static class SignatureRSASHA1 extends SignatureBaseRSA {
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;
+ }
+ }
- /**
- * Constructor SignatureRSASHA1
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA1() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
- }
- }
-
- /**
- * Class SignatureRSASHA256
- *
- * @author $Author: raul $
- */
- public static class SignatureRSASHA256 extends SignatureBaseRSA {
+ /**
+ * Class SignatureRSASHA512
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSASHA512 extends SignatureBaseRSA {
- /**
- * Constructor SignatureRSASHA256
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA256() throws XMLSignatureException {
- super();
- }
+ /**
+ * Constructor SignatureRSASHA512
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSASHA512() throws XMLSignatureException {
+ super();
+ }
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;
- }
- }
-
- /**
- * Class SignatureRSASHA384
- *
- * @author $Author: raul $
- */
- public static class SignatureRSASHA384 extends SignatureBaseRSA {
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;
+ }
+ }
- /**
- * Constructor SignatureRSASHA384
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA384() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;
- }
- }
+ /**
+ * Class SignatureRSARIPEMD160
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
- /**
- * Class SignatureRSASHA512
- *
- * @author $Author: raul $
- */
- public static class SignatureRSASHA512 extends SignatureBaseRSA {
+ /**
+ * Constructor SignatureRSARIPEMD160
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSARIPEMD160() throws XMLSignatureException {
+ super();
+ }
- /**
- * Constructor SignatureRSASHA512
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA512() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;
- }
- }
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160;
+ }
+ }
- /**
- * Class SignatureRSARIPEMD160
- *
- * @author $Author: raul $
- */
- public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSARIPEMD160
- *
- * @throws XMLSignatureException
- */
- public SignatureRSARIPEMD160() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160;
- }
- }
+ /**
+ * Class SignatureRSAMD5
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
+ */
+ public static class SignatureRSAMD5 extends SignatureBaseRSA {
- /**
- * Class SignatureRSAMD5
- *
- * @author $Author: raul $
- */
- public static class SignatureRSAMD5 extends SignatureBaseRSA {
+ /**
+ * Constructor SignatureRSAMD5
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureRSAMD5() throws XMLSignatureException {
+ super();
+ }
- /**
- * Constructor SignatureRSAMD5
- *
- * @throws XMLSignatureException
- */
- public SignatureRSAMD5() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5;
- }
- }
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5;
+ }
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.algorithms.implementations;
-
-
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
@@ -39,342 +37,359 @@
import com.sun.org.apache.xml.internal.security.utils.Base64;
import com.sun.org.apache.xml.internal.security.utils.Constants;
-
/**
*
- * @author $Author: vishal $
+ * @author $Author: mullan $
*/
public class SignatureDSA extends SignatureAlgorithmSpi {
- /** {@link java.util.logging} logging facility */
+ /** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(SignatureDSA.class.getName());
- /** Field _URI */
- public static final String _URI = Constants.SignatureSpecNS + "dsa-sha1";
+ /** Field _URI */
+ public static final String _URI = Constants.SignatureSpecNS + "dsa-sha1";
- /** Field algorithm */
- private java.security.Signature _signatureAlgorithm = null;
+ /** Field algorithm */
+ private java.security.Signature _signatureAlgorithm = null;
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return SignatureDSA._URI;
- }
+ /**
+ * Method engineGetURI
+ *
+ * @inheritDoc
+ */
+ protected String engineGetURI() {
+ return SignatureDSA._URI;
+ }
- /**
- * Constructor SignatureDSA
- *
- * @throws XMLSignatureException
- */
- public SignatureDSA() throws XMLSignatureException {
+ /**
+ * Constructor SignatureDSA
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureDSA() throws XMLSignatureException {
- String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA._URI);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
+ String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA._URI);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
- try {
- this._signatureAlgorithm = Signature.getInstance(algorithmID);
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID,
- ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- }
- }
+ String provider = JCEMapper.getProviderId();
+ try {
+ if (provider == null) {
+ this._signatureAlgorithm = Signature.getInstance(algorithmID);
+ } else {
+ this._signatureAlgorithm =
+ Signature.getInstance(algorithmID, provider);
+ }
+ } catch (java.security.NoSuchAlgorithmException ex) {
+ Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ } catch (java.security.NoSuchProviderException ex) {
+ Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ }
+ }
- /**
- * @inheritDoc
- */
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws XMLSignatureException {
+ /**
+ * @inheritDoc
+ */
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws XMLSignatureException {
- try {
- this._signatureAlgorithm.setParameter(params);
- } catch (InvalidAlgorithmParameterException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ try {
+ this._signatureAlgorithm.setParameter(params);
+ } catch (InvalidAlgorithmParameterException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * @inheritDoc
- */
- protected boolean engineVerify(byte[] signature)
+ /**
+ * @inheritDoc
+ */
+ protected boolean engineVerify(byte[] signature)
throws XMLSignatureException {
- try {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
+ try {
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
- byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
+ byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
- return this._signatureAlgorithm.verify(jcebytes);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ return this._signatureAlgorithm.verify(jcebytes);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (IOException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * @inheritDoc
- */
- protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+ /**
+ * @inheritDoc
+ */
+ protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
- if (!(publicKey instanceof PublicKey)) {
- String supplied = publicKey.getClass().getName();
- String needed = PublicKey.class.getName();
- Object exArgs[] = { supplied, needed };
+ if (!(publicKey instanceof PublicKey)) {
+ String supplied = publicKey.getClass().getName();
+ String needed = PublicKey.class.getName();
+ Object exArgs[] = { supplied, needed };
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
- try {
- this._signatureAlgorithm.initVerify((PublicKey) publicKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected byte[] engineSign() throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+ } catch (InvalidKeyException ex) {
+ // reinstantiate Signature object to work around bug in JDK
+ // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+ Signature sig = this._signatureAlgorithm;
+ try {
+ this._signatureAlgorithm = Signature.getInstance
+ (_signatureAlgorithm.getAlgorithm());
+ } catch (Exception e) {
+ // this shouldn't occur, but if it does, restore previous
+ // Signature
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+ }
+ this._signatureAlgorithm = sig;
+ }
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- try {
- byte jcebytes[] = this._signatureAlgorithm.sign();
+ /**
+ * @inheritDoc
+ */
+ protected byte[] engineSign() throws XMLSignatureException {
+
+ try {
+ byte jcebytes[] = this._signatureAlgorithm.sign();
- return SignatureDSA.convertASN1toXMLDSIG(jcebytes);
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ return SignatureDSA.convertASN1toXMLDSIG(jcebytes);
+ } catch (IOException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * @inheritDoc
- */
- protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+ /**
+ * @inheritDoc
+ */
+ protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
- try {
- this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey,
secureRandom);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * @inheritDoc
- */
- protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+ /**
+ * @inheritDoc
+ */
+ protected void engineInitSign(Key privateKey) throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
- exArgs);
- }
+ throw new XMLSignatureException
+ ("algorithms.WrongKeyForThisOperation", exArgs);
+ }
- try {
- this._signatureAlgorithm.initSign((PrivateKey) privateKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte[] input) throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /**
+ * @inheritDoc
+ */
+ protected void engineUpdate(byte[] input) throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte input) throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /**
+ * @inheritDoc
+ */
+ protected void engineUpdate(byte input) throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte buf[], int offset, int len)
- throws XMLSignatureException {
-
- try {
- this._signatureAlgorithm.update(buf, offset, len);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
+ /**
+ * @inheritDoc
+ */
+ protected void engineUpdate(byte buf[], int offset, int len)
+ throws XMLSignatureException {
+ try {
+ this._signatureAlgorithm.update(buf, offset, len);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
- /**
- * Method engineGetJCEAlgorithmString
- *
- * @inheritDoc
- */
- protected String engineGetJCEAlgorithmString() {
- return this._signatureAlgorithm.getAlgorithm();
- }
+ /**
+ * Method engineGetJCEAlgorithmString
+ *
+ * @inheritDoc
+ */
+ protected String engineGetJCEAlgorithmString() {
+ return this._signatureAlgorithm.getAlgorithm();
+ }
- /**
- * Method engineGetJCEProviderName
- *
- * @inheritDoc
- */
- protected String engineGetJCEProviderName() {
- return this._signatureAlgorithm.getProvider().getName();
- }
-
+ /**
+ * Method engineGetJCEProviderName
+ *
+ * @inheritDoc
+ */
+ protected String engineGetJCEProviderName() {
+ return this._signatureAlgorithm.getProvider().getName();
+ }
- /**
- * Converts an ASN.1 DSA value to a XML Signature DSA Value.
- *
- * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param asn1Bytes
- * @return the decode bytes
- *
- * @throws IOException
- * @see 6.4.1 DSA
- */
- private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+ /**
+ * Converts an ASN.1 DSA value to a XML Signature DSA Value.
+ *
+ * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
+ * pairs; the XML Signature requires the core BigInteger values.
+ *
+ * @param asn1Bytes
+ * @return the decode bytes
+ *
+ * @throws IOException
+ * @see 6.4.1 DSA
+ */
+ private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
throws IOException {
- byte rLength = asn1Bytes[3];
- int i;
+ byte rLength = asn1Bytes[3];
+ int i;
- for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
+ for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
- byte sLength = asn1Bytes[5 + rLength];
- int j;
+ byte sLength = asn1Bytes[5 + rLength];
+ int j;
- for (j = sLength;
+ for (j = sLength;
(j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
- if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
+ if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
|| (asn1Bytes[2] != 2) || (i > 20)
|| (asn1Bytes[4 + rLength] != 2) || (j > 20)) {
- throw new IOException("Invalid ASN.1 format of DSA signature");
- }
- byte xmldsigBytes[] = new byte[40];
+ throw new IOException("Invalid ASN.1 format of DSA signature");
+ }
+ byte xmldsigBytes[] = new byte[40];
- System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i,
+ System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i,
i);
- System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
+ System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
40 - j, j);
- return xmldsigBytes;
- }
+ return xmldsigBytes;
+ }
- /**
- * Converts a XML Signature DSA Value to an ASN.1 DSA value.
- *
- * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param xmldsigBytes
- * @return the encoded ASN.1 bytes
- *
- * @throws IOException
- * @see 6.4.1 DSA
- */
- private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+ /**
+ * Converts a XML Signature DSA Value to an ASN.1 DSA value.
+ *
+ * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
+ * pairs; the XML Signature requires the core BigInteger values.
+ *
+ * @param xmldsigBytes
+ * @return the encoded ASN.1 bytes
+ *
+ * @throws IOException
+ * @see 6.4.1 DSA
+ */
+ private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
throws IOException {
- if (xmldsigBytes.length != 40) {
- throw new IOException("Invalid XMLDSIG format of DSA signature");
- }
+ if (xmldsigBytes.length != 40) {
+ throw new IOException("Invalid XMLDSIG format of DSA signature");
+ }
- int i;
+ int i;
- for (i = 20; (i > 0) && (xmldsigBytes[20 - i] == 0); i--);
+ for (i = 20; (i > 0) && (xmldsigBytes[20 - i] == 0); i--);
- int j = i;
+ int j = i;
- if (xmldsigBytes[20 - i] < 0) {
+ if (xmldsigBytes[20 - i] < 0) {
j += 1;
- }
+ }
- int k;
+ int k;
- for (k = 20; (k > 0) && (xmldsigBytes[40 - k] == 0); k--);
+ for (k = 20; (k > 0) && (xmldsigBytes[40 - k] == 0); k--);
- int l = k;
+ int l = k;
- if (xmldsigBytes[40 - k] < 0) {
- l += 1;
- }
+ if (xmldsigBytes[40 - k] < 0) {
+ l += 1;
+ }
- byte asn1Bytes[] = new byte[6 + j + l];
+ byte asn1Bytes[] = new byte[6 + j + l];
- asn1Bytes[0] = 48;
- asn1Bytes[1] = (byte) (4 + j + l);
- asn1Bytes[2] = 2;
- asn1Bytes[3] = (byte) j;
+ asn1Bytes[0] = 48;
+ asn1Bytes[1] = (byte) (4 + j + l);
+ asn1Bytes[2] = 2;
+ asn1Bytes[3] = (byte) j;
- System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
+ System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
- asn1Bytes[4 + j] = 2;
- asn1Bytes[5 + j] = (byte) l;
+ asn1Bytes[4 + j] = 2;
+ asn1Bytes[5 + j] = (byte) l;
- System.arraycopy(xmldsigBytes, 40 - k, asn1Bytes, (6 + j + l) - k, k);
+ System.arraycopy(xmldsigBytes, 40 - k, asn1Bytes, (6 + j + l) - k, k);
- return asn1Bytes;
- }
+ return asn1Bytes;
+ }
- /**
- * Method engineSetHMACOutputLength
- *
- * @param HMACOutputLength
- * @throws XMLSignatureException
- */
- protected void engineSetHMACOutputLength(int HMACOutputLength)
- throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
- }
+ /**
+ * Method engineSetHMACOutputLength
+ *
+ * @param HMACOutputLength
+ * @throws XMLSignatureException
+ */
+ protected void engineSetHMACOutputLength(int HMACOutputLength)
+ throws XMLSignatureException {
+ throw new XMLSignatureException(
+ "algorithms.HMACOutputLengthOnlyForHMAC");
+ }
- /**
- * Method engineInitSign
- *
- * @param signingKey
- * @param algorithmParameterSpec
- * @throws XMLSignatureException
- */
- protected void engineInitSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
- throws XMLSignatureException {
- throw new XMLSignatureException(
- "algorithms.CannotUseAlgorithmParameterSpecOnDSA");
- }
+ /**
+ * Method engineInitSign
+ *
+ * @param signingKey
+ * @param algorithmParameterSpec
+ * @throws XMLSignatureException
+ */
+ protected void engineInitSign(
+ Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+ throws XMLSignatureException {
+ throw new XMLSignatureException(
+ "algorithms.CannotUseAlgorithmParameterSpecOnDSA");
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java Mon Sep 22 10:43:17 2008 -0400
@@ -0,0 +1,384 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/*
+ * Copyright 1999-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package com.sun.org.apache.xml.internal.security.algorithms.implementations;
+
+
+
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.AlgorithmParameterSpec;
+
+import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
+import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
+import com.sun.org.apache.xml.internal.security.utils.Base64;
+
+
+/**
+ *
+ * @author $Author: mullan $
+ */
+public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
+
+ /** {@link java.util.logging} logging facility */
+ static java.util.logging.Logger log =
+ java.util.logging.Logger.getLogger(SignatureECDSA.class.getName());
+
+ /** @inheritDoc */
+ public abstract String engineGetURI();
+
+ /** Field algorithm */
+ private java.security.Signature _signatureAlgorithm = null;
+
+ /**
+ * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
+ *
+ * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+ * pairs; the XML Signature requires the core BigInteger values.
+ *
+ * @param asn1Bytes
+ * @return the decode bytes
+ *
+ * @throws IOException
+ * @see 6.4.1 DSA
+ * @see 3.3. ECDSA Signatures
+ */
+ private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+ throws IOException {
+
+ byte rLength = asn1Bytes[3];
+ int i;
+
+ for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
+
+ byte sLength = asn1Bytes[5 + rLength];
+ int j;
+
+ for (j = sLength;
+ (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
+
+ if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
+ || (asn1Bytes[2] != 2) || (i > 24)
+ || (asn1Bytes[4 + rLength] != 2) || (j > 24)) {
+ throw new IOException("Invalid ASN.1 format of ECDSA signature");
+ }
+ byte xmldsigBytes[] = new byte[48];
+
+ System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 24 - i,
+ i);
+ System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
+ 48 - j, j);
+
+ return xmldsigBytes;
+ }
+
+ /**
+ * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
+ *
+ * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+ * pairs; the XML Signature requires the core BigInteger values.
+ *
+ * @param xmldsigBytes
+ * @return the encoded ASN.1 bytes
+ *
+ * @throws IOException
+ * @see 6.4.1 DSA
+ * @see 3.3. ECDSA Signatures
+ */
+ private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+ throws IOException {
+
+ if (xmldsigBytes.length != 48) {
+ throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+ }
+
+ int i;
+
+ for (i = 24; (i > 0) && (xmldsigBytes[24 - i] == 0); i--);
+
+ int j = i;
+
+ if (xmldsigBytes[24 - i] < 0) {
+ j += 1;
+ }
+
+ int k;
+
+ for (k = 24; (k > 0) && (xmldsigBytes[48 - k] == 0); k--);
+
+ int l = k;
+
+ if (xmldsigBytes[48 - k] < 0) {
+ l += 1;
+ }
+
+ byte asn1Bytes[] = new byte[6 + j + l];
+
+ asn1Bytes[0] = 48;
+ asn1Bytes[1] = (byte) (4 + j + l);
+ asn1Bytes[2] = 2;
+ asn1Bytes[3] = (byte) j;
+
+ System.arraycopy(xmldsigBytes, 24 - i, asn1Bytes, (4 + j) - i, i);
+
+ asn1Bytes[4 + j] = 2;
+ asn1Bytes[5 + j] = (byte) l;
+
+ System.arraycopy(xmldsigBytes, 48 - k, asn1Bytes, (6 + j + l) - k, k);
+
+ return asn1Bytes;
+ }
+
+ /**
+ * Constructor SignatureRSA
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSA() throws XMLSignatureException {
+
+ String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
+
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Created SignatureECDSA using " + algorithmID);
+ String provider=JCEMapper.getProviderId();
+ try {
+ if (provider==null) {
+ this._signatureAlgorithm = Signature.getInstance(algorithmID);
+ } else {
+ this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+ }
+ } catch (java.security.NoSuchAlgorithmException ex) {
+ Object[] exArgs = { algorithmID,
+ ex.getLocalizedMessage() };
+
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ } catch (NoSuchProviderException ex) {
+ Object[] exArgs = { algorithmID,
+ ex.getLocalizedMessage() };
+
+ throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.setParameter(params);
+ } catch (InvalidAlgorithmParameterException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected boolean engineVerify(byte[] signature)
+ throws XMLSignatureException {
+
+ try {
+ byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
+
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Called ECDSA.verify() on " + Base64.encode(signature));
+
+ return this._signatureAlgorithm.verify(jcebytes);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (IOException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+
+ if (!(publicKey instanceof PublicKey)) {
+ String supplied = publicKey.getClass().getName();
+ String needed = PublicKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+ exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+ } catch (InvalidKeyException ex) {
+ // reinstantiate Signature object to work around bug in JDK
+ // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
+ Signature sig = this._signatureAlgorithm;
+ try {
+ this._signatureAlgorithm = Signature.getInstance
+ (_signatureAlgorithm.getAlgorithm());
+ } catch (Exception e) {
+ // this shouldn't occur, but if it does, restore previous
+ // Signature
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
+ }
+ this._signatureAlgorithm = sig;
+ }
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected byte[] engineSign() throws XMLSignatureException {
+
+ try {
+ byte jcebytes[] = this._signatureAlgorithm.sign();
+
+ return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ } catch (IOException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+ throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+ exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+ secureRandom);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+
+ if (!(privateKey instanceof PrivateKey)) {
+ String supplied = privateKey.getClass().getName();
+ String needed = PrivateKey.class.getName();
+ Object exArgs[] = { supplied, needed };
+
+ throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+ exArgs);
+ }
+
+ try {
+ this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+ } catch (InvalidKeyException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte[] input) throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte input) throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.update(input);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected void engineUpdate(byte buf[], int offset, int len)
+ throws XMLSignatureException {
+
+ try {
+ this._signatureAlgorithm.update(buf, offset, len);
+ } catch (SignatureException ex) {
+ throw new XMLSignatureException("empty", ex);
+ }
+ }
+
+ /** @inheritDoc */
+ protected String engineGetJCEAlgorithmString() {
+ return this._signatureAlgorithm.getAlgorithm();
+ }
+
+ /** @inheritDoc */
+ protected String engineGetJCEProviderName() {
+ return this._signatureAlgorithm.getProvider().getName();
+ }
+
+ /** @inheritDoc */
+ protected void engineSetHMACOutputLength(int HMACOutputLength)
+ throws XMLSignatureException {
+ throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
+ }
+
+ /** @inheritDoc */
+ protected void engineInitSign(
+ Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+ throws XMLSignatureException {
+ throw new XMLSignatureException(
+ "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
+ }
+
+ /**
+ * Class SignatureRSASHA1
+ *
+ * @author $Author: mullan $
+ * @version $Revision: 1.2 $
+ */
+ public static class SignatureECDSASHA1 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureRSASHA1
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA1() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
+ }
+ }
+
+}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java Mon Sep 22 10:43:17 2008 -0400
@@ -3,7 +3,7 @@
* DO NOT REMOVE OR ALTER!
*/
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2008 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.c14n;
-
-
import java.io.ByteArrayInputStream;
import java.io.OutputStream;
import java.util.HashMap;
@@ -37,318 +35,326 @@
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
-
/**
*
- *
* @author Christian Geuer-Pollmann
*/
public class Canonicalizer {
- //J-
- /** The output encoding of canonicalized data */
- public static final String ENCODING = "UTF8";
-
+ /** The output encoding of canonicalized data */
+ public static final String ENCODING = "UTF8";
- /**
- * XPath Expresion for selecting every node and continuos comments joined in only one node
+ /**
+ * XPath Expresion for selecting every node and continuous comments joined
+ * in only one node
*/
- public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE = "(.//. | .//@* | .//namespace::*)";
+ public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE =
+ "(.//. | .//@* | .//namespace::*)";
-
- /**
+ /**
* The URL defined in XML-SEC Rec for inclusive c14n without comments.
*/
- public static final String ALGO_ID_C14N_OMIT_COMMENTS = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
- /**
- * The URL defined in XML-SEC Rec for inclusive c14n with comments.
- */
- public static final String ALGO_ID_C14N_WITH_COMMENTS = ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
- /**
- * The URL defined in XML-SEC Rec for exclusive c14n without comments.
- */
- public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS = "http://www.w3.org/2001/10/xml-exc-c14n#";
- /**
- * The URL defined in XML-SEC Rec for exclusive c14n with comments.
- */
- public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS = ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
-
- static boolean _alreadyInitialized = false;
- static Map _canonicalizerHash = null;
-
- protected CanonicalizerSpi canonicalizerSpi = null;
- //J+
+ public static final String ALGO_ID_C14N_OMIT_COMMENTS =
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+ /**
+ * The URL defined in XML-SEC Rec for inclusive c14n with comments.
+ */
+ public static final String ALGO_ID_C14N_WITH_COMMENTS =
+ ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
+ /**
+ * The URL defined in XML-SEC Rec for exclusive c14n without comments.
+ */
+ public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS =
+ "http://www.w3.org/2001/10/xml-exc-c14n#";
+ /**
+ * The URL defined in XML-SEC Rec for exclusive c14n with comments.
+ */
+ public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS =
+ ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
+ /**
+ * The URI for inclusive c14n 1.1 without comments.
+ */
+ public static final String ALGO_ID_C14N11_OMIT_COMMENTS =
+ "http://www.w3.org/2006/12/xml-c14n11";
+ /**
+ * The URI for inclusive c14n 1.1 with comments.
+ */
+ public static final String ALGO_ID_C14N11_WITH_COMMENTS =
+ ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments";
- /**
- * Method init
- *
- */
- public static void init() {
+ static boolean _alreadyInitialized = false;
+ static Map _canonicalizerHash = null;
+
+ protected CanonicalizerSpi canonicalizerSpi = null;
+
+ /**
+ * Method init
+ *
+ */
+ public static void init() {
- if (!Canonicalizer._alreadyInitialized) {
- Canonicalizer._canonicalizerHash = new HashMap(10);
- Canonicalizer._alreadyInitialized = true;
- }
- }
+ if (!Canonicalizer._alreadyInitialized) {
+ Canonicalizer._canonicalizerHash = new HashMap(10);
+ Canonicalizer._alreadyInitialized = true;
+ }
+ }
- /**
- * Constructor Canonicalizer
- *
- * @param algorithmURI
- * @throws InvalidCanonicalizerException
- */
- private Canonicalizer(String algorithmURI)
+ /**
+ * Constructor Canonicalizer
+ *
+ * @param algorithmURI
+ * @throws InvalidCanonicalizerException
+ */
+ private Canonicalizer(String algorithmURI)
throws InvalidCanonicalizerException {
- try {
- Class implementingClass = getImplementingClass(algorithmURI);
+ try {
+ Class implementingClass = getImplementingClass(algorithmURI);
- this.canonicalizerSpi =
- (CanonicalizerSpi) implementingClass.newInstance();
- this.canonicalizerSpi.reset=true;
- } catch (Exception e) {
- Object exArgs[] = { algorithmURI };
+ this.canonicalizerSpi =
+ (CanonicalizerSpi) implementingClass.newInstance();
+ this.canonicalizerSpi.reset=true;
+ } catch (Exception e) {
+ Object exArgs[] = { algorithmURI };
- throw new InvalidCanonicalizerException(
- "signature.Canonicalizer.UnknownCanonicalizer", exArgs);
- }
- }
+ throw new InvalidCanonicalizerException(
+ "signature.Canonicalizer.UnknownCanonicalizer", exArgs);
+ }
+ }
- /**
- * Method getInstance
- *
- * @param algorithmURI
- * @return a Conicicalizer instance ready for the job
- * @throws InvalidCanonicalizerException
- */
- public static final Canonicalizer getInstance(String algorithmURI)
+ /**
+ * Method getInstance
+ *
+ * @param algorithmURI
+ * @return a Conicicalizer instance ready for the job
+ * @throws InvalidCanonicalizerException
+ */
+ public static final Canonicalizer getInstance(String algorithmURI)
throws InvalidCanonicalizerException {
- Canonicalizer c14nizer = new Canonicalizer(algorithmURI);
+ Canonicalizer c14nizer = new Canonicalizer(algorithmURI);
- return c14nizer;
- }
+ return c14nizer;
+ }
- /**
- * Method register
- *
- * @param algorithmURI
- * @param implementingClass
- * @throws AlgorithmAlreadyRegisteredException
- */
- public static void register(String algorithmURI, String implementingClass)
+ /**
+ * Method register
+ *
+ * @param algorithmURI
+ * @param implementingClass
+ * @throws AlgorithmAlreadyRegisteredException
+ */
+ public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException {
- // check whether URI is already registered
- Class registeredClass = getImplementingClass(algorithmURI);
+ // check whether URI is already registered
+ Class registeredClass = getImplementingClass(algorithmURI);
- if (registeredClass != null) {
- Object exArgs[] = { algorithmURI, registeredClass };
+ if (registeredClass != null) {
+ Object exArgs[] = { algorithmURI, registeredClass };
- throw new AlgorithmAlreadyRegisteredException(
- "algorithm.alreadyRegistered", exArgs);
- }
+ throw new AlgorithmAlreadyRegisteredException(
+ "algorithm.alreadyRegistered", exArgs);
+ }
- try {
- _canonicalizerHash.put(algorithmURI, Class.forName(implementingClass));
+ try {
+ _canonicalizerHash.put(algorithmURI, Class.forName(implementingClass));
} catch (ClassNotFoundException e) {
- throw new RuntimeException("c14n class not found");
+ throw new RuntimeException("c14n class not found");
}
- }
+ }
- /**
- * Method getURI
- *
- * @return the URI defined for this c14n instance.
- */
- public final String getURI() {
- return this.canonicalizerSpi.engineGetURI();
- }
+ /**
+ * Method getURI
+ *
+ * @return the URI defined for this c14n instance.
+ */
+ public final String getURI() {
+ return this.canonicalizerSpi.engineGetURI();
+ }
- /**
- * Method getIncludeComments
- *
- * @return true if the c14n respect the comments.
- */
- public boolean getIncludeComments() {
- return this.canonicalizerSpi.engineGetIncludeComments();
- }
+ /**
+ * Method getIncludeComments
+ *
+ * @return true if the c14n respect the comments.
+ */
+ public boolean getIncludeComments() {
+ return this.canonicalizerSpi.engineGetIncludeComments();
+ }
- /**
- * This method tries to canonicalize the given bytes. It's possible to even
- * canonicalize non-wellformed sequences if they are well-formed after being
- * wrapped with a >a<...>/a<.
- *
- * @param inputBytes
- * @return the result of the conicalization.
- * @throws CanonicalizationException
- * @throws java.io.IOException
- * @throws javax.xml.parsers.ParserConfigurationException
- * @throws org.xml.sax.SAXException
- */
- public byte[] canonicalize(byte[] inputBytes)
+ /**
+ * This method tries to canonicalize the given bytes. It's possible to even
+ * canonicalize non-wellformed sequences if they are well-formed after being
+ * wrapped with a >a<...>/a<.
+ *
+ * @param inputBytes
+ * @return the result of the conicalization.
+ * @throws CanonicalizationException
+ * @throws java.io.IOException
+ * @throws javax.xml.parsers.ParserConfigurationException
+ * @throws org.xml.sax.SAXException
+ */
+ public byte[] canonicalize(byte[] inputBytes)
throws javax.xml.parsers.ParserConfigurationException,
java.io.IOException, org.xml.sax.SAXException,
CanonicalizationException {
- ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
- InputSource in = new InputSource(bais);
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
+ ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
+ InputSource in = new InputSource(bais);
+ DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
- dfactory.setNamespaceAware(true);
+ dfactory.setNamespaceAware(true);
- // needs to validate for ID attribute nomalization
- dfactory.setValidating(true);
+ // needs to validate for ID attribute nomalization
+ dfactory.setValidating(true);
- DocumentBuilder db = dfactory.newDocumentBuilder();
+ DocumentBuilder db = dfactory.newDocumentBuilder();
- /*
- * for some of the test vectors from the specification,
- * there has to be a validatin parser for ID attributes, default
- * attribute values, NMTOKENS, etc.
- * Unfortunaltely, the test vectors do use different DTDs or
- * even no DTD. So Xerces 1.3.1 fires many warnings about using
- * ErrorHandlers.
- *
- * Text from the spec:
- *
- * The input octet stream MUST contain a well-formed XML document,
- * but the input need not be validated. However, the attribute
- * value normalization and entity reference resolution MUST be
- * performed in accordance with the behaviors of a validating
- * XML processor. As well, nodes for default attributes (declared
- * in the ATTLIST with an AttValue but not specified) are created
- * in each element. Thus, the declarations in the document type
- * declaration are used to help create the canonical form, even
- * though the document type declaration is not retained in the
- * canonical form.
- *
- */
- db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils
- .IgnoreAllErrorHandler());
+ /*
+ * for some of the test vectors from the specification,
+ * there has to be a validatin parser for ID attributes, default
+ * attribute values, NMTOKENS, etc.
+ * Unfortunaltely, the test vectors do use different DTDs or
+ * even no DTD. So Xerces 1.3.1 fires many warnings about using
+ * ErrorHandlers.
+ *
+ * Text from the spec:
+ *
+ * The input octet stream MUST contain a well-formed XML document,
+ * but the input need not be validated. However, the attribute
+ * value normalization and entity reference resolution MUST be
+ * performed in accordance with the behaviors of a validating
+ * XML processor. As well, nodes for default attributes (declared
+ * in the ATTLIST with an AttValue but not specified) are created
+ * in each element. Thus, the declarations in the document type
+ * declaration are used to help create the canonical form, even
+ * though the document type declaration is not retained in the
+ * canonical form.
+ *
+ */
+ db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils
+ .IgnoreAllErrorHandler());
- Document document = db.parse(in);
- byte result[] = this.canonicalizeSubtree(document);
+ Document document = db.parse(in);
+ byte result[] = this.canonicalizeSubtree(document);
- return result;
- }
+ return result;
+ }
- /**
- * Canonicalizes the subtree rooted by node.
- *
- * @param node The node to canicalize
- * @return the result of the c14n.
- *
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeSubtree(Node node)
+ /**
+ * Canonicalizes the subtree rooted by node.
+ *
+ * @param node The node to canicalize
+ * @return the result of the c14n.
+ *
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeSubtree(Node node)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeSubTree(node);
- }
+ return this.canonicalizerSpi.engineCanonicalizeSubTree(node);
+ }
- /**
- * Canonicalizes the subtree rooted by node.
- *
- * @param node
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
+ /**
+ * Canonicalizes the subtree rooted by node.
+ *
+ * @param node
+ * @param inclusiveNamespaces
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeSubTree(node,
+ return this.canonicalizerSpi.engineCanonicalizeSubTree(node,
inclusiveNamespaces);
- }
+ }
- /**
- * Canonicalizes an XPath node set. The xpathNodeSet is treated
- * as a list of XPath nodes, not as a list of subtrees.
- *
- * @param xpathNodeSet
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
+ /**
+ * Canonicalizes an XPath node set. The xpathNodeSet is treated
+ * as a list of XPath nodes, not as a list of subtrees.
+ *
+ * @param xpathNodeSet
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
- }
+ return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
+ }
- /**
- * Canonicalizes an XPath node set. The xpathNodeSet is treated
- * as a list of XPath nodes, not as a list of subtrees.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(
+ /**
+ * Canonicalizes an XPath node set. The xpathNodeSet is treated
+ * as a list of XPath nodes, not as a list of subtrees.
+ *
+ * @param xpathNodeSet
+ * @param inclusiveNamespaces
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeXPathNodeSet(
NodeList xpathNodeSet, String inclusiveNamespaces)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
+ return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
inclusiveNamespaces);
- }
+ }
- /**
- * Canonicalizes an XPath node set.
- *
- * @param xpathNodeSet
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet)
+ /**
+ * Canonicalizes an XPath node set.
+ *
+ * @param xpathNodeSet
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet)
throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
- }
+ return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
+ }
- /**
- * Canonicalizes an XPath node set.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(
- Set xpathNodeSet, String inclusiveNamespaces)
- throws CanonicalizationException {
- return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
- inclusiveNamespaces);
- }
+ /**
+ * Canonicalizes an XPath node set.
+ *
+ * @param xpathNodeSet
+ * @param inclusiveNamespaces
+ * @return the result of the c14n.
+ * @throws CanonicalizationException
+ */
+ public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet,
+ String inclusiveNamespaces) throws CanonicalizationException {
+ return this.canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet,
+ inclusiveNamespaces);
+ }
- /**
- * Sets the writter where the cannocalization ends. ByteArrayOutputStream if
- * none is setted.
- * @param os
- */
- public void setWriter(OutputStream os) {
- this.canonicalizerSpi.setWriter(os);
- }
+ /**
+ * Sets the writer where the canonicalization ends. ByteArrayOutputStream
+ * if none is set.
+ * @param os
+ */
+ public void setWriter(OutputStream os) {
+ this.canonicalizerSpi.setWriter(os);
+ }
- /**
- * Returns the name of the implementing {@link CanonicalizerSpi} class
- *
- * @return the name of the implementing {@link CanonicalizerSpi} class
- */
- public String getImplementingCanonicalizerClass() {
- return this.canonicalizerSpi.getClass().getName();
- }
+ /**
+ * Returns the name of the implementing {@link CanonicalizerSpi} class
+ *
+ * @return the name of the implementing {@link CanonicalizerSpi} class
+ */
+ public String getImplementingCanonicalizerClass() {
+ return this.canonicalizerSpi.getClass().getName();
+ }
- /**
- * Method getImplementingClass
- *
- * @param URI
- * @return the name of the class that implements the give URI
- */
- private static Class getImplementingClass(String URI) {
- return (Class) _canonicalizerHash.get(URI);
- }
+ /**
+ * Method getImplementingClass
+ *
+ * @param URI
+ * @return the name of the class that implements the given URI
+ */
+ private static Class getImplementingClass(String URI) {
+ return (Class) _canonicalizerHash.get(URI);
+ }
- /**
- * Set the canonicalizator behaviour to not reset.
- *
- */
- public void notReset() {
- this.canonicalizerSpi.reset=false;
- }
+ /**
+ * Set the canonicalizer behaviour to not reset.
+ */
+ public void notReset() {
+ this.canonicalizerSpi.reset = false;
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -21,17 +20,17 @@
*/
package com.sun.org.apache.xml.internal.security.c14n.helper;
-
-
import com.sun.org.apache.xml.internal.security.utils.Constants;
import org.w3c.dom.Attr;
-
+import java.io.Serializable;
+import java.util.Comparator;
/**
* Compares two attributes based on the C14n specification.
*
*
- * - Namespace nodes have a lesser document order position than attribute nodes.
+ *
- Namespace nodes have a lesser document order position than attribute
+ * nodes.
*
- An element's namespace nodes are sorted lexicographically by
* local name (the default namespace node, if one exists, has no
* local name and is therefore lexicographically least).
@@ -40,104 +39,89 @@
* key (an empty namespace URI is lexicographically least).
*
*
- * $todo$ Should we implement java.util.Comparator and import java.util.Arrays to use Arrays.sort(intarray);
* @author Christian Geuer-Pollmann
*/
-public class AttrCompare implements java.util.Comparator {
+public class AttrCompare implements Comparator, Serializable {
- private final int ATTR0_BEFORE_ATTR1 = -1;
- private final int ATTR1_BEFORE_ATTR0 = 1;
+ private final static long serialVersionUID = -7113259629930576230L;
+ private final static int ATTR0_BEFORE_ATTR1 = -1;
+ private final static int ATTR1_BEFORE_ATTR0 = 1;
+ private final static String XMLNS=Constants.NamespaceSpecNS;
- private final static String XMLNS=Constants.NamespaceSpecNS;
- /**
- * Compares two attributes based on the C14n specification.
- *
- *
- * - Namespace nodes have a lesser document order position than attribute nodes.
- *
- An element's namespace nodes are sorted lexicographically by
- * local name (the default namespace node, if one exists, has no
- * local name and is therefore lexicographically least).
- *
- An element's attribute nodes are sorted lexicographically with
- * namespace URI as the primary key and local name as the secondary
- * key (an empty namespace URI is lexicographically least).
- *
- *
- * @param obj0 casted Attr
- * @param obj1 casted Attr
- * @return returns a negative integer, zero, or a positive integer as obj0 is less than, equal to, or greater than obj1
- *
- */
- public int compare(Object obj0, Object obj1) {
+ /**
+ * Compares two attributes based on the C14n specification.
+ *
+ *
+ * - Namespace nodes have a lesser document order position than
+ * attribute nodes.
+ *
- An element's namespace nodes are sorted lexicographically by
+ * local name (the default namespace node, if one exists, has no
+ * local name and is therefore lexicographically least).
+ *
- An element's attribute nodes are sorted lexicographically with
+ * namespace URI as the primary key and local name as the secondary
+ * key (an empty namespace URI is lexicographically least).
+ *
+ *
+ * @param obj0 casted Attr
+ * @param obj1 casted Attr
+ * @return returns a negative integer, zero, or a positive integer as
+ * obj0 is less than, equal to, or greater than obj1
+ *
+ */
+ public int compare(Object obj0, Object obj1) {
- Attr attr0 = (Attr) obj0;
- Attr attr1 = (Attr) obj1;
- String namespaceURI0 = attr0.getNamespaceURI();
- String namespaceURI1 = attr1.getNamespaceURI();
+ Attr attr0 = (Attr) obj0;
+ Attr attr1 = (Attr) obj1;
+ String namespaceURI0 = attr0.getNamespaceURI();
+ String namespaceURI1 = attr1.getNamespaceURI();
- boolean isNamespaceAttr0 =
- XMLNS.equals(namespaceURI0);
- boolean isNamespaceAttr1 =
- XMLNS.equals(namespaceURI1);
+ boolean isNamespaceAttr0 = XMLNS==namespaceURI0;
+ boolean isNamespaceAttr1 = XMLNS==namespaceURI1;
- if (isNamespaceAttr0) {
- if (isNamespaceAttr1) {
-
- // both are namespaces
- String localname0 = attr0.getLocalName();
- String localname1 = attr1.getLocalName();
+ if (isNamespaceAttr0) {
+ if (isNamespaceAttr1) {
+ // both are namespaces
+ String localname0 = attr0.getLocalName();
+ String localname1 = attr1.getLocalName();
- if (localname0.equals("xmlns")) {
- localname0 = "";
- }
+ if (localname0.equals("xmlns")) {
+ localname0 = "";
+ }
- if (localname1.equals("xmlns")) {
- localname1 = "";
- }
+ if (localname1.equals("xmlns")) {
+ localname1 = "";
+ }
- return localname0.compareTo(localname1);
- }
- // attr0 is a namespace, attr1 is not
- return ATTR0_BEFORE_ATTR1;
+ return localname0.compareTo(localname1);
+ }
+ // attr0 is a namespace, attr1 is not
+ return ATTR0_BEFORE_ATTR1;
+ }
- }
- if (isNamespaceAttr1) {
-
+ if (isNamespaceAttr1) {
// attr1 is a namespace, attr0 is not
return ATTR1_BEFORE_ATTR0;
- }
-
- // none is a namespae
+ }
- if (namespaceURI0 == null) {
- if (namespaceURI1 == null) {
- /*
- String localName0 = attr0.getLocalName();
- String localName1 = attr1.getLocalName();
- return localName0.compareTo(localName1);
- */
-
+ // none is a namespace
+ if (namespaceURI0 == null) {
+ if (namespaceURI1 == null) {
String name0 = attr0.getName();
String name1 = attr1.getName();
return name0.compareTo(name1);
+ }
+ return ATTR0_BEFORE_ATTR1;
}
- return ATTR0_BEFORE_ATTR1;
- }
- if (namespaceURI1 == null) {
- return ATTR1_BEFORE_ATTR0;
- }
- int a = namespaceURI0.compareTo(namespaceURI1);
+ if (namespaceURI1 == null) {
+ return ATTR1_BEFORE_ATTR0;
+ }
- if (a != 0) {
- return a;
- }
- /*
- String localName0 = ;
- String localName1 =;*/
+ int a = namespaceURI0.compareTo(namespaceURI1);
+ if (a != 0) {
+ return a;
+ }
- return (attr0.getLocalName())
- .compareTo( attr1.getLocalName());
-
- }
-
+ return (attr0.getLocalName()).compareTo(attr1.getLocalName());
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java Mon Sep 22 10:43:17 2008 -0400
@@ -0,0 +1,684 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/*
+ * Copyright 2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.SortedSet;
+import java.util.TreeSet;
+import javax.xml.parsers.ParserConfigurationException;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
+
+import java.util.logging.Logger;
+import java.util.logging.Logger;
+import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
+import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
+import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
+
+/**
+ * Implements
+ * Canonical XML Version 1.1, a W3C Proposed Recommendation from 29
+ * January 2008.
+ *
+ * @author Sean Mullan
+ * @author Raul Benito
+ * @version $Revision: 1.2 $
+ */
+public abstract class Canonicalizer11 extends CanonicalizerBase {
+ boolean firstCall = true;
+ final SortedSet result = new TreeSet(COMPARE);
+ static final String XMLNS_URI = Constants.NamespaceSpecNS;
+ static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
+
+ static Logger log = Logger.getLogger(Canonicalizer11.class.getName());
+
+ static class XmlAttrStack {
+ int currentLevel = 0;
+ int lastlevel = 0;
+ XmlsStackElement cur;
+ static class XmlsStackElement {
+ int level;
+ boolean rendered = false;
+ List nodes = new ArrayList();
+ };
+ List levels = new ArrayList();
+ void push(int level) {
+ currentLevel = level;
+ if (currentLevel == -1)
+ return;
+ cur = null;
+ while (lastlevel >= currentLevel) {
+ levels.remove(levels.size() - 1);
+ if (levels.size() == 0) {
+ lastlevel = 0;
+ return;
+ }
+ lastlevel=((XmlsStackElement)levels.get(levels.size()-1)).level;
+ }
+ }
+ void addXmlnsAttr(Attr n) {
+ if (cur == null) {
+ cur = new XmlsStackElement();
+ cur.level = currentLevel;
+ levels.add(cur);
+ lastlevel = currentLevel;
+ }
+ cur.nodes.add(n);
+ }
+ void getXmlnsAttr(Collection col) {
+ if (cur == null) {
+ cur = new XmlsStackElement();
+ cur.level = currentLevel;
+ lastlevel = currentLevel;
+ levels.add(cur);
+ }
+ int size = levels.size() - 2;
+ boolean parentRendered = false;
+ XmlsStackElement e = null;
+ if (size == -1) {
+ parentRendered = true;
+ } else {
+ e = (XmlsStackElement) levels.get(size);
+ if (e.rendered && e.level+1 == currentLevel)
+ parentRendered = true;
+ }
+ if (parentRendered) {
+ col.addAll(cur.nodes);
+ cur.rendered = true;
+ return;
+ }
+
+ Map loa = new HashMap();
+ List baseAttrs = new ArrayList();
+ boolean successiveOmitted = true;
+ for (;size>=0;size--) {
+ e = (XmlsStackElement) levels.get(size);
+ if (e.rendered) {
+ successiveOmitted = false;
+ }
+ Iterator it = e.nodes.iterator();
+ while (it.hasNext() && successiveOmitted) {
+ Attr n = (Attr) it.next();
+ if (n.getLocalName().equals("base")) {
+ if (!e.rendered) {
+ baseAttrs.add(n);
+ }
+ } else if (!loa.containsKey(n.getName()))
+ loa.put(n.getName(), n);
+ }
+ }
+ if (!baseAttrs.isEmpty()) {
+ Iterator it = cur.nodes.iterator();
+ String base = null;
+ Attr baseAttr = null;
+ while (it.hasNext()) {
+ Attr n = (Attr) it.next();
+ if (n.getLocalName().equals("base")) {
+ base = n.getValue();
+ baseAttr = n;
+ break;
+ }
+ }
+ it = baseAttrs.iterator();
+ while (it.hasNext()) {
+ Attr n = (Attr) it.next();
+ if (base == null) {
+ base = n.getValue();
+ baseAttr = n;
+ } else {
+ try {
+ base = joinURI(n.getValue(), base);
+ } catch (URISyntaxException ue) {
+ ue.printStackTrace();
+ }
+ }
+ }
+ if (base != null && base.length() != 0) {
+ baseAttr.setValue(base);
+ col.add(baseAttr);
+ }
+ }
+
+ cur.rendered = true;
+ col.addAll(loa.values());
+ }
+ };
+ XmlAttrStack xmlattrStack = new XmlAttrStack();
+
+ /**
+ * Constructor Canonicalizer11
+ *
+ * @param includeComments
+ */
+ public Canonicalizer11(boolean includeComments) {
+ super(includeComments);
+ }
+
+ /**
+ * Returns the Attr[]s to be outputted for the given element.
+ *
+ * The code of this method is a copy of {@link #handleAttributes(Element,
+ * NameSpaceSymbTable)},
+ * whereas it takes into account that subtree-c14n is -- well --
+ * subtree-based.
+ * So if the element in question isRoot of c14n, it's parent is not in the
+ * node set, as well as all other ancestors.
+ *
+ * @param E
+ * @param ns
+ * @return the Attr[]s to be outputted
+ * @throws CanonicalizationException
+ */
+ Iterator handleAttributesSubtree(Element E, NameSpaceSymbTable ns)
+ throws CanonicalizationException {
+ if (!E.hasAttributes() && !firstCall) {
+ return null;
+ }
+ // result will contain the attrs which have to be outputted
+ final SortedSet result = this.result;
+ result.clear();
+ NamedNodeMap attrs = E.getAttributes();
+ int attrsLength = attrs.getLength();
+
+ for (int i = 0; i < attrsLength; i++) {
+ Attr N = (Attr) attrs.item(i);
+ String NUri = N.getNamespaceURI();
+
+ if (XMLNS_URI != NUri) {
+ // It's not a namespace attr node. Add to the result and
+ // continue.
+ result.add(N);
+ continue;
+ }
+
+ String NName = N.getLocalName();
+ String NValue = N.getValue();
+ if (XML.equals(NName)
+ && XML_LANG_URI.equals(NValue)) {
+ // The default mapping for xml must not be output.
+ continue;
+ }
+
+ Node n = ns.addMappingAndRender(NName, NValue, N);
+
+ if (n != null) {
+ // Render the ns definition
+ result.add(n);
+ if (C14nHelper.namespaceIsRelative(N)) {
+ Object exArgs[] = {E.getTagName(), NName, N.getNodeValue()};
+ throw new CanonicalizationException(
+ "c14n.Canonicalizer.RelativeNamespace", exArgs);
+ }
+ }
+ }
+
+ if (firstCall) {
+ // It is the first node of the subtree
+ // Obtain all the namespaces defined in the parents, and added
+ // to the output.
+ ns.getUnrenderedNodes(result);
+ // output the attributes in the xml namespace.
+ xmlattrStack.getXmlnsAttr(result);
+ firstCall = false;
+ }
+
+ return result.iterator();
+ }
+
+ /**
+ * Returns the Attr[]s to be outputted for the given element.
+ *
+ * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a
+ * DOM which has been prepared using
+ * {@link com.sun.org.apache.xml.internal.security.utils.XMLUtils#circumventBug2650(
+ * org.w3c.dom.Document)}.
+ *
+ * @param E
+ * @param ns
+ * @return the Attr[]s to be outputted
+ * @throws CanonicalizationException
+ */
+ Iterator handleAttributes(Element E, NameSpaceSymbTable ns)
+ throws CanonicalizationException {
+ // result will contain the attrs which have to be output
+ xmlattrStack.push(ns.getLevel());
+ boolean isRealVisible = isVisibleDO(E, ns.getLevel()) == 1;
+ NamedNodeMap attrs = null;
+ int attrsLength = 0;
+ if (E.hasAttributes()) {
+ attrs = E.getAttributes();
+ attrsLength = attrs.getLength();
+ }
+
+ SortedSet result = this.result;
+ result.clear();
+
+ for (int i = 0; i < attrsLength; i++) {
+ Attr N = (Attr) attrs.item(i);
+ String NUri = N.getNamespaceURI();
+
+ if (XMLNS_URI != NUri) {
+ // A non namespace definition node.
+ if (XML_LANG_URI == NUri) {
+ if (N.getLocalName().equals("id")) {
+ if (isRealVisible) {
+ // treat xml:id like any other attribute
+ // (emit it, but don't inherit it)
+ result.add(N);
+ }
+ } else {
+ xmlattrStack.addXmlnsAttr(N);
+ }
+ } else if (isRealVisible) {
+ // The node is visible add the attribute to the list of
+ // output attributes.
+ result.add(N);
+ }
+ // keep working
+ continue;
+ }
+
+ String NName = N.getLocalName();
+ String NValue = N.getValue();
+ if ("xml".equals(NName)
+ && XML_LANG_URI.equals(NValue)) {
+ /* except omit namespace node with local name xml, which defines
+ * the xml prefix, if its string value is
+ * http://www.w3.org/XML/1998/namespace.
+ */
+ continue;
+ }
+ // add the prefix binding to the ns symb table.
+ // ns.addInclusiveMapping(NName,NValue,N,isRealVisible);
+ if (isVisible(N)) {
+ if (!isRealVisible && ns.removeMappingIfRender(NName)) {
+ continue;
+ }
+ // The xpath select this node output it if needed.
+ // Node n = ns.addMappingAndRenderXNodeSet
+ // (NName, NValue, N, isRealVisible);
+ Node n = ns.addMappingAndRender(NName, NValue, N);
+ if (n != null) {
+ result.add(n);
+ if (C14nHelper.namespaceIsRelative(N)) {
+ Object exArgs[] =
+ { E.getTagName(), NName, N.getNodeValue() };
+ throw new CanonicalizationException(
+ "c14n.Canonicalizer.RelativeNamespace", exArgs);
+ }
+ }
+ } else {
+ if (isRealVisible && NName != XMLNS) {
+ ns.removeMapping(NName);
+ } else {
+ ns.addMapping(NName, NValue, N);
+ }
+ }
+ }
+ if (isRealVisible) {
+ // The element is visible, handle the xmlns definition
+ Attr xmlns = E.getAttributeNodeNS(XMLNS_URI, XMLNS);
+ Node n = null;
+ if (xmlns == null) {
+ // No xmlns def just get the already defined.
+ n = ns.getMapping(XMLNS);
+ } else if (!isVisible(xmlns)) {
+ // There is a defn but the xmlns is not selected by the xpath.
+ // then xmlns=""
+ n = ns.addMappingAndRender(XMLNS, "", nullNode);
+ }
+ // output the xmlns def if needed.
+ if (n != null) {
+ result.add(n);
+ }
+ // Float all xml:* attributes of the unselected parent elements to
+ // this one. addXmlAttributes(E,result);
+ xmlattrStack.getXmlnsAttr(result);
+ ns.getUnrenderedNodes(result);
+ }
+
+ return result.iterator();
+ }
+
+ /**
+ * Always throws a CanonicalizationException because this is inclusive c14n.
+ *
+ * @param xpathNodeSet
+ * @param inclusiveNamespaces
+ * @return none it always fails
+ * @throws CanonicalizationException always
+ */
+ public byte[] engineCanonicalizeXPathNodeSet(Set xpathNodeSet,
+ String inclusiveNamespaces) throws CanonicalizationException {
+ throw new CanonicalizationException(
+ "c14n.Canonicalizer.UnsupportedOperation");
+ }
+
+ /**
+ * Always throws a CanonicalizationException because this is inclusive c14n.
+ *
+ * @param rootNode
+ * @param inclusiveNamespaces
+ * @return none it always fails
+ * @throws CanonicalizationException
+ */
+ public byte[] engineCanonicalizeSubTree(Node rootNode,
+ String inclusiveNamespaces) throws CanonicalizationException {
+ throw new CanonicalizationException(
+ "c14n.Canonicalizer.UnsupportedOperation");
+ }
+
+ void circumventBugIfNeeded(XMLSignatureInput input)
+ throws CanonicalizationException, ParserConfigurationException,
+ IOException, SAXException {
+ if (!input.isNeedsToBeExpanded())
+ return;
+ Document doc = null;
+ if (input.getSubNode() != null) {
+ doc = XMLUtils.getOwnerDocument(input.getSubNode());
+ } else {
+ doc = XMLUtils.getOwnerDocument(input.getNodeSet());
+ }
+ XMLUtils.circumventBug2650(doc);
+ }
+
+ void handleParent(Element e, NameSpaceSymbTable ns) {
+ if (!e.hasAttributes()) {
+ return;
+ }
+ xmlattrStack.push(-1);
+ NamedNodeMap attrs = e.getAttributes();
+ int attrsLength = attrs.getLength();
+ for (int i = 0; i < attrsLength; i++) {
+ Attr N = (Attr) attrs.item(i);
+ if (Constants.NamespaceSpecNS != N.getNamespaceURI()) {
+ // Not a namespace definition, ignore.
+ if (XML_LANG_URI == N.getNamespaceURI()) {
+ xmlattrStack.addXmlnsAttr(N);
+ }
+ continue;
+ }
+
+ String NName = N.getLocalName();
+ String NValue = N.getNodeValue();
+ if (XML.equals(NName)
+ && Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
+ continue;
+ }
+ ns.addMapping(NName,NValue,N);
+ }
+ }
+
+ private static String joinURI(String baseURI, String relativeURI)
+ throws URISyntaxException {
+ String bscheme = null;
+ String bauthority = null;
+ String bpath = "";
+ String bquery = null;
+ String bfragment = null; // Is this correct?
+
+ // pre-parse the baseURI
+ if (baseURI != null) {
+ if (baseURI.endsWith("..")) {
+ baseURI = baseURI + "/";
+ }
+ URI base = new URI(baseURI);
+ bscheme = base.getScheme();
+ bauthority = base.getAuthority();
+ bpath = base.getPath();
+ bquery = base.getQuery();
+ bfragment = base.getFragment();
+ }
+
+ URI r = new URI(relativeURI);
+ String rscheme = r.getScheme();
+ String rauthority = r.getAuthority();
+ String rpath = r.getPath();
+ String rquery = r.getQuery();
+ String rfragment = null;
+
+ String tscheme, tauthority, tpath, tquery, tfragment;
+ if (rscheme != null && rscheme.equals(bscheme)) {
+ rscheme = null;
+ }
+ if (rscheme != null) {
+ tscheme = rscheme;
+ tauthority = rauthority;
+ tpath = removeDotSegments(rpath);
+ tquery = rquery;
+ } else {
+ if (rauthority != null) {
+ tauthority = rauthority;
+ tpath = removeDotSegments(rpath);
+ tquery = rquery;
+ } else {
+ if (rpath.length() == 0) {
+ tpath = bpath;
+ if (rquery != null) {
+ tquery = rquery;
+ } else {
+ tquery = bquery;
+ }
+ } else {
+ if (rpath.startsWith("/")) {
+ tpath = removeDotSegments(rpath);
+ } else {
+ if (bauthority != null && bpath.length() == 0) {
+ tpath = "/" + rpath;
+ } else {
+ int last = bpath.lastIndexOf('/');
+ if (last == -1) {
+ tpath = rpath;
+ } else {
+ tpath = bpath.substring(0, last+1) + rpath;
+ }
+ }
+ tpath = removeDotSegments(tpath);
+ }
+ tquery = rquery;
+ }
+ tauthority = bauthority;
+ }
+ tscheme = bscheme;
+ }
+ tfragment = rfragment;
+ return new URI(tscheme, tauthority, tpath, tquery, tfragment).toString();
+ }
+
+ private static String removeDotSegments(String path) {
+
+ log.log(java.util.logging.Level.FINE, "STEP OUTPUT BUFFER\t\tINPUT BUFFER");
+
+ // 1. The input buffer is initialized with the now-appended path
+ // components then replace occurrences of "//" in the input buffer
+ // with "/" until no more occurrences of "//" are in the input buffer.
+ String input = path;
+ while (input.indexOf("//") > -1) {
+ input = input.replaceAll("//", "/");
+ }
+
+ // Initialize the output buffer with the empty string.
+ StringBuffer output = new StringBuffer();
+
+ // If the input buffer starts with a root slash "/" then move this
+ // character to the output buffer.
+ if (input.charAt(0) == '/') {
+ output.append("/");
+ input = input.substring(1);
+ }
+
+ printStep("1 ", output.toString(), input);
+
+ // While the input buffer is not empty, loop as follows
+ while (input.length() != 0) {
+ // 2A. If the input buffer begins with a prefix of "./",
+ // then remove that prefix from the input buffer
+ // else if the input buffer begins with a prefix of "../", then
+ // if also the output does not contain the root slash "/" only,
+ // then move this prefix to the end of the output buffer else
+ // remove that prefix
+ if (input.startsWith("./")) {
+ input = input.substring(2);
+ printStep("2A", output.toString(), input);
+ } else if (input.startsWith("../")) {
+ input = input.substring(3);
+ if (!output.toString().equals("/")) {
+ output.append("../");
+ }
+ printStep("2A", output.toString(), input);
+ // 2B. if the input buffer begins with a prefix of "/./" or "/.",
+ // where "." is a complete path segment, then replace that prefix
+ // with "/" in the input buffer; otherwise,
+ } else if (input.startsWith("/./")) {
+ input = input.substring(2);
+ printStep("2B", output.toString(), input);
+ } else if (input.equals("/.")) {
+ // FIXME: what is complete path segment?
+ input = input.replaceFirst("/.", "/");
+ printStep("2B", output.toString(), input);
+ // 2C. if the input buffer begins with a prefix of "/../" or "/..",
+ // where ".." is a complete path segment, then replace that prefix
+ // with "/" in the input buffer and if also the output buffer is
+ // empty, last segment in the output buffer equals "../" or "..",
+ // where ".." is a complete path segment, then append ".." or "/.."
+ // for the latter case respectively to the output buffer else
+ // remove the last segment and its preceding "/" (if any) from the
+ // output buffer and if hereby the first character in the output
+ // buffer was removed and it was not the root slash then delete a
+ // leading slash from the input buffer; otherwise,
+ } else if (input.startsWith("/../")) {
+ input = input.substring(3);
+ if (output.length() == 0) {
+ output.append("/");
+ } else if (output.toString().endsWith("../")) {
+ output.append("..");
+ } else if (output.toString().endsWith("..")) {
+ output.append("/..");
+ } else {
+ int index = output.lastIndexOf("/");
+ if (index == -1) {
+ output = new StringBuffer();
+ if (input.charAt(0) == '/') {
+ input = input.substring(1);
+ }
+ } else {
+ output = output.delete(index, output.length());
+ }
+ }
+ printStep("2C", output.toString(), input);
+ } else if (input.equals("/..")) {
+ // FIXME: what is complete path segment?
+ input = input.replaceFirst("/..", "/");
+ if (output.length() == 0) {
+ output.append("/");
+ } else if (output.toString().endsWith("../")) {
+ output.append("..");
+ } else if (output.toString().endsWith("..")) {
+ output.append("/..");
+ } else {
+ int index = output.lastIndexOf("/");
+ if (index == -1) {
+ output = new StringBuffer();
+ if (input.charAt(0) == '/') {
+ input = input.substring(1);
+ }
+ } else {
+ output = output.delete(index, output.length());
+ }
+ }
+ printStep("2C", output.toString(), input);
+ // 2D. if the input buffer consists only of ".", then remove
+ // that from the input buffer else if the input buffer consists
+ // only of ".." and if the output buffer does not contain only
+ // the root slash "/", then move the ".." to the output buffer
+ // else delte it.; otherwise,
+ } else if (input.equals(".")) {
+ input = "";
+ printStep("2D", output.toString(), input);
+ } else if (input.equals("..")) {
+ if (!output.toString().equals("/"))
+ output.append("..");
+ input = "";
+ printStep("2D", output.toString(), input);
+ // 2E. move the first path segment (if any) in the input buffer
+ // to the end of the output buffer, including the initial "/"
+ // character (if any) and any subsequent characters up to, but not
+ // including, the next "/" character or the end of the input buffer.
+ } else {
+ int end = -1;
+ int begin = input.indexOf('/');
+ if (begin == 0) {
+ end = input.indexOf('/', 1);
+ } else {
+ end = begin;
+ begin = 0;
+ }
+ String segment;
+ if (end == -1) {
+ segment = input.substring(begin);
+ input = "";
+ } else {
+ segment = input.substring(begin, end);
+ input = input.substring(end);
+ }
+ output.append(segment);
+ printStep("2E", output.toString(), input);
+ }
+ }
+
+ // 3. Finally, if the only or last segment of the output buffer is
+ // "..", where ".." is a complete path segment not followed by a slash
+ // then append a slash "/". The output buffer is returned as the result
+ // of remove_dot_segments
+ if (output.toString().endsWith("..")) {
+ output.append("/");
+ printStep("3 ", output.toString(), input);
+ }
+
+ return output.toString();
+ }
+
+ private static void printStep(String step, String output, String input) {
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, " " + step + ": " + output);
+ if (output.length() == 0) {
+ log.log(java.util.logging.Level.FINE, "\t\t\t\t" + input);
+ } else {
+ log.log(java.util.logging.Level.FINE, "\t\t\t" + input);
+ }
+ }
+ }
+}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java Mon Sep 22 10:43:17 2008 -0400
@@ -0,0 +1,41 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/*
+ * Copyright 2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
+
+/**
+ * @author Sean Mullan
+ */
+public class Canonicalizer11_OmitComments extends Canonicalizer11 {
+
+ public Canonicalizer11_OmitComments() {
+ super(false);
+ }
+
+ public final String engineGetURI() {
+ return Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS;
+ }
+
+ public final boolean engineGetIncludeComments() {
+ return false;
+ }
+}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java Mon Sep 22 10:43:17 2008 -0400
@@ -0,0 +1,41 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/*
+ * Copyright 2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
+
+/**
+ * @author Sean Mullan
+ */
+public class Canonicalizer11_WithComments extends Canonicalizer11 {
+
+ public Canonicalizer11_WithComments() {
+ super(true);
+ }
+
+ public final String engineGetURI() {
+ return Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS;
+ }
+
+ public final boolean engineGetIncludeComments() {
+ return true;
+ }
+}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -23,20 +22,30 @@
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
+import javax.xml.parsers.ParserConfigurationException;
+
import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
+import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
/**
@@ -44,13 +53,92 @@
* XML Version 1.0, a W3C Recommendation from 15 March 2001.
*
* @author Christian Geuer-Pollmann
+ * @version $Revision: 1.5 $
*/
public abstract class Canonicalizer20010315 extends CanonicalizerBase {
boolean firstCall=true;
final SortedSet result= new TreeSet(COMPARE);
static final String XMLNS_URI=Constants.NamespaceSpecNS;
static final String XML_LANG_URI=Constants.XML_LANG_SPACE_SpecNS;
- /**
+ static class XmlAttrStack {
+ int currentLevel=0;
+ int lastlevel=0;
+ XmlsStackElement cur;
+ static class XmlsStackElement {
+ int level;
+ boolean rendered=false;
+ List nodes=new ArrayList();
+ };
+ List levels=new ArrayList();
+ void push(int level) {
+ currentLevel=level;
+ if (currentLevel==-1)
+ return;
+ cur=null;
+ while (lastlevel>=currentLevel) {
+ levels.remove(levels.size()-1);
+ if (levels.size()==0) {
+ lastlevel=0;
+ return;
+ }
+ lastlevel=((XmlsStackElement)levels.get(levels.size()-1)).level;
+ }
+ }
+ void addXmlnsAttr(Attr n) {
+ if (cur==null) {
+ cur=new XmlsStackElement();
+ cur.level=currentLevel;
+ levels.add(cur);
+ lastlevel=currentLevel;
+ }
+ cur.nodes.add(n);
+ }
+ void getXmlnsAttr(Collection col) {
+ int size=levels.size()-1;
+ if (cur==null) {
+ cur=new XmlsStackElement();
+ cur.level=currentLevel;
+ lastlevel=currentLevel;
+ levels.add(cur);
+ }
+ boolean parentRendered=false;
+ XmlsStackElement e=null;
+ if (size==-1) {
+ parentRendered=true;
+ } else {
+ e=(XmlsStackElement)levels.get(size);
+ if (e.rendered && e.level+1==currentLevel)
+ parentRendered=true;
+
+ }
+ if (parentRendered) {
+ col.addAll(cur.nodes);
+ cur.rendered=true;
+ return;
+ }
+
+ Map loa = new HashMap();
+ for (;size>=0;size--) {
+ e=(XmlsStackElement)levels.get(size);
+ Iterator it=e.nodes.iterator();
+ while (it.hasNext()) {
+ Attr n=(Attr)it.next();
+ if (!loa.containsKey(n.getName()))
+ loa.put(n.getName(),n);
+ }
+ //if (e.rendered)
+ //break;
+
+ };
+ //cur.nodes.clear();
+ //cur.nodes.addAll(loa.values());
+ cur.rendered=true;
+ col.addAll(loa.values());
+ }
+
+ }
+ XmlAttrStack xmlattrStack=new XmlAttrStack();
+ /**
* Constructor Canonicalizer20010315
*
* @param includeComments
@@ -86,16 +174,16 @@
for (int i = 0; i < attrsLength; i++) {
Attr N = (Attr) attrs.item(i);
- String NName=N.getLocalName();
- String NValue=N.getValue();
String NUri =N.getNamespaceURI();
- if (!XMLNS_URI.equals(NUri)) {
+ if (XMLNS_URI!=NUri) {
//It's not a namespace attr node. Add to the result and continue.
result.add(N);
continue;
}
+ String NName=N.getLocalName();
+ String NValue=N.getValue();
if (XML.equals(NName)
&& XML_LANG_URI.equals(NValue)) {
//The default mapping for xml must not be output.
@@ -120,65 +208,14 @@
//Obtain all the namespaces defined in the parents, and added to the output.
ns.getUnrenderedNodes(result);
//output the attributes in the xml namespace.
- addXmlAttributesSubtree(E, result);
- firstCall=false;
+ xmlattrStack.getXmlnsAttr(result);
+ firstCall=false;
}
return result.iterator();
}
/**
- * Float the xml:* attributes of the parent nodes to the root node of c14n
- * @param E the root node.
- * @param result the xml:* attributes to output.
- */
- private void addXmlAttributesSubtree(Element E, SortedSet result) {
- // E is in the node-set
- Node parent = E.getParentNode();
- Map loa = new HashMap();
-
- if ((parent != null) && (parent.getNodeType() == Node.ELEMENT_NODE)) {
-
- // parent element is not in node set
- for (Node ancestor = parent;
- (ancestor != null)
- && (ancestor.getNodeType() == Node.ELEMENT_NODE);
- ancestor = ancestor.getParentNode()) {
- Element el=((Element) ancestor);
- if (!el.hasAttributes()) {
- continue;
- }
- // for all ancestor elements
- NamedNodeMap ancestorAttrs = el.getAttributes();
-
- for (int i = 0; i < ancestorAttrs.getLength(); i++) {
- // for all attributes in the ancestor element
- Attr currentAncestorAttr = (Attr) ancestorAttrs.item(i);
-
- if (XML_LANG_URI.equals(
- currentAncestorAttr.getNamespaceURI())) {
-
- // do we have an xml:* ?
- if (!E.hasAttributeNS(
- XML_LANG_URI,
- currentAncestorAttr.getLocalName())) {
-
- // the xml:* attr is not in E
- if (!loa.containsKey(currentAncestorAttr.getName())) {
- loa.put(currentAncestorAttr.getName(),
- currentAncestorAttr);
- }
- }
- }
- }
- }
- }
-
- result.addAll( loa.values());
-
- }
-
- /**
* Returns the Attr[]s to be outputted for the given element.
*
* IMPORTANT: This method expects to work on a modified DOM tree, i.e. a DOM which has
@@ -192,7 +229,8 @@
*/
Iterator handleAttributes(Element E, NameSpaceSymbTable ns ) throws CanonicalizationException {
// result will contain the attrs which have to be outputted
- boolean isRealVisible=isVisible(E);
+ xmlattrStack.push(ns.getLevel());
+ boolean isRealVisible=isVisibleDO(E,ns.getLevel())==1;
NamedNodeMap attrs = null;
int attrsLength = 0;
if (E.hasAttributes()) {
@@ -204,16 +242,15 @@
SortedSet result = this.result;
result.clear();
-
for (int i = 0; i < attrsLength; i++) {
Attr N = (Attr) attrs.item(i);
- String NName=N.getLocalName();
- String NValue=N.getValue();
String NUri =N.getNamespaceURI();
- if (!XMLNS_URI.equals(NUri)) {
+ if (XMLNS_URI!=NUri) {
//A non namespace definition node.
- if (isRealVisible){
+ if (XML_LANG_URI==NUri) {
+ xmlattrStack.addXmlnsAttr(N);
+ } else if (isRealVisible){
//The node is visible add the attribute to the list of output attributes.
result.add(N);
}
@@ -221,7 +258,8 @@
continue;
}
-
+ String NName=N.getLocalName();
+ String NValue=N.getValue();
if ("xml".equals(NName)
&& XML_LANG_URI.equals(NValue)) {
/* except omit namespace node with local name xml, which defines
@@ -232,16 +270,26 @@
//add the prefix binding to the ns symb table.
//ns.addInclusiveMapping(NName,NValue,N,isRealVisible);
if (isVisible(N)) {
- //The xpath select this node output it if needed.
- Node n=ns.addMappingAndRenderXNodeSet(NName,NValue,N,isRealVisible);
- if (n!=null) {
+ if (!isRealVisible && ns.removeMappingIfRender(NName)) {
+ continue;
+ }
+ //The xpath select this node output it if needed.
+ //Node n=ns.addMappingAndRenderXNodeSet(NName,NValue,N,isRealVisible);
+ Node n=ns.addMappingAndRender(NName,NValue,N);
+ if (n!=null) {
result.add(n);
if (C14nHelper.namespaceIsRelative(N)) {
Object exArgs[] = { E.getTagName(), NName, N.getNodeValue() };
throw new CanonicalizationException(
"c14n.Canonicalizer.RelativeNamespace", exArgs);
- }
- }
+ }
+ }
+ } else {
+ if (isRealVisible && NName!=XMLNS) {
+ ns.removeMapping(NName);
+ } else {
+ ns.addMapping(NName,NValue,N);
+ }
}
}
if (isRealVisible) {
@@ -254,85 +302,22 @@
} else if ( !isVisible(xmlns)) {
//There is a definition but the xmlns is not selected by the xpath.
//then xmlns=""
- n=ns.addMappingAndRenderXNodeSet(XMLNS,"",nullNode,true);
+ n=ns.addMappingAndRender(XMLNS,"",nullNode);
}
//output the xmlns def if needed.
if (n!=null) {
result.add(n);
}
//Float all xml:* attributes of the unselected parent elements to this one.
- addXmlAttributes(E,result);
+ //addXmlAttributes(E,result);
+ xmlattrStack.getXmlnsAttr(result);
+ ns.getUnrenderedNodes(result);
+
}
return result.iterator();
}
/**
- * Float the xml:* attributes of the unselected parent nodes to the ciurrent node.
- * @param E
- * @param result
- */
- private void addXmlAttributes(Element E, SortedSet result) {
- /* The processing of an element node E MUST be modified slightly when an
- * XPath node-set is given as input and the element's parent is omitted
- * from the node-set. The method for processing the attribute axis of an
- * element E in the node-set is enhanced. All element nodes along E's
- * ancestor axis are examined for nearest occurrences of attributes in
- * the xml namespace, such as xml:lang and xml:space (whether or not they
- * are in the node-set). From this list of attributes, remove any that are
- * in E's attribute axis (whether or not they are in the node-set). Then,
- * lexicographically merge this attribute list with the nodes of E's
- * attribute axis that are in the node-set. The result of visiting the
- * attribute axis is computed by processing the attribute nodes in this
- * merged attribute list.
- */
-
- // E is in the node-set
- Node parent = E.getParentNode();
- Map loa = new HashMap();
-
- if ((parent != null) && (parent.getNodeType() == Node.ELEMENT_NODE)
- &&!isVisible(parent)) {
-
- // parent element is not in node set
- for (Node ancestor = parent;
- (ancestor != null)
- && (ancestor.getNodeType() == Node.ELEMENT_NODE);
- ancestor = ancestor.getParentNode()) {
- Element el=((Element) ancestor);
- if (!el.hasAttributes()) {
- continue;
- }
- // for all ancestor elements
- NamedNodeMap ancestorAttrs =el.getAttributes();
-
- for (int i = 0; i < ancestorAttrs.getLength(); i++) {
-
- // for all attributes in the ancestor element
- Attr currentAncestorAttr = (Attr) ancestorAttrs.item(i);
-
- if (XML_LANG_URI.equals(
- currentAncestorAttr.getNamespaceURI())) {
-
- // do we have an xml:* ?
- if (!E.hasAttributeNS(
- XML_LANG_URI,
- currentAncestorAttr.getLocalName())) {
-
- // the xml:* attr is not in E
- if (!loa.containsKey(currentAncestorAttr.getName())) {
- loa.put(currentAncestorAttr.getName(),
- currentAncestorAttr);
- }
- }
- }
- }
- }
- }
- result.addAll(loa.values());
-
-}
-
- /**
* Always throws a CanonicalizationException because this is inclusive c14n.
*
* @param xpathNodeSet
@@ -363,4 +348,43 @@
throw new CanonicalizationException(
"c14n.Canonicalizer.UnsupportedOperation");
}
+ void circumventBugIfNeeded(XMLSignatureInput input) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException {
+ if (!input.isNeedsToBeExpanded())
+ return;
+ Document doc = null;
+ if (input.getSubNode() != null) {
+ doc=XMLUtils.getOwnerDocument(input.getSubNode());
+ } else {
+ doc=XMLUtils.getOwnerDocument(input.getNodeSet());
+ }
+ XMLUtils.circumventBug2650(doc);
+
+ }
+
+ void handleParent(Element e, NameSpaceSymbTable ns) {
+ if (!e.hasAttributes()) {
+ return;
+ }
+ xmlattrStack.push(-1);
+ NamedNodeMap attrs = e.getAttributes();
+ int attrsLength = attrs.getLength();
+ for (int i = 0; i < attrsLength; i++) {
+ Attr N = (Attr) attrs.item(i);
+ if (Constants.NamespaceSpecNS!=N.getNamespaceURI()) {
+ //Not a namespace definition, ignore.
+ if (XML_LANG_URI==N.getNamespaceURI()) {
+ xmlattrStack.addXmlnsAttr(N);
+ }
+ continue;
+ }
+
+ String NName=N.getLocalName();
+ String NValue=N.getNodeValue();
+ if (XML.equals(NName)
+ && Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
+ continue;
+ }
+ ns.addMapping(NName,NValue,N);
+ }
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -21,20 +20,26 @@
*/
package com.sun.org.apache.xml.internal.security.c14n.implementations;
+import java.io.IOException;
import java.util.Iterator;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
+import javax.xml.parsers.ParserConfigurationException;
+
import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
/**
* Implements " Exclusive XML
@@ -47,6 +52,7 @@
* THIS implementation is a complete rewrite of the algorithm.
*
* @author Christian Geuer-Pollmann
+ * @version $Revision: 1.5 $
* @see
* XML Canonicalization, Version 1.0
*/
@@ -55,7 +61,7 @@
* This Set contains the names (Strings like "xmlns" or "xmlns:foo") of
* the inclusive namespaces.
*/
- TreeSet _inclusiveNSSet = null;
+ TreeSet _inclusiveNSSet = new TreeSet();
static final String XMLNS_URI=Constants.NamespaceSpecNS;
final SortedSet result = new TreeSet(COMPARE);
/**
@@ -143,10 +149,8 @@
for (int i = 0; i < attrsLength; i++) {
Attr N = (Attr) attrs.item(i);
- String NName=N.getLocalName();
- String NNodeValue=N.getNodeValue();
- if (!XMLNS_URI.equals(N.getNamespaceURI())) {
+ if (XMLNS_URI!=N.getNamespaceURI()) {
//Not a namespace definition.
//The Element is output element, add his prefix(if used) to visibyUtilized
String prefix = N.getPrefix();
@@ -157,6 +161,8 @@
result.add(N);
continue;
}
+ String NName=N.getLocalName();
+ String NNodeValue=N.getNodeValue();
if (ns.addMapping(NName, NNodeValue,N)) {
//New definition check if it is relative.
@@ -168,17 +174,17 @@
}
}
}
-
+ String prefix;
if (E.getNamespaceURI() != null) {
- String prefix = E.getPrefix();
+ prefix = E.getPrefix();
if ((prefix == null) || (prefix.length() == 0)) {
- visiblyUtilized.add(XMLNS);
- } else {
- visiblyUtilized.add(prefix);
+ prefix=XMLNS;
}
+
} else {
- visiblyUtilized.add(XMLNS);
+ prefix=XMLNS;
}
+ visiblyUtilized.add(prefix);
//This can be optimezed by I don't have time
Iterator it=visiblyUtilized.iterator();
@@ -211,12 +217,6 @@
}
- /** @inheritDoc */
- public byte[] engineCanonicalizeXPathNodeSet(Set xpathNodeSet
- ) throws CanonicalizationException {
- return engineCanonicalizeXPathNodeSet(xpathNodeSet,"");
- }
-
/**
* @inheritDoc
* @param E
@@ -236,21 +236,20 @@
//The prefix visibly utilized(in the attribute or in the name) in the element
Set visiblyUtilized =null;
//It's the output selected.
- boolean isOutputElement = isVisible(E);
+ boolean isOutputElement=isVisibleDO(E,ns.getLevel())==1;
if (isOutputElement) {
visiblyUtilized = (Set) this._inclusiveNSSet.clone();
}
for (int i = 0; i < attrsLength; i++) {
Attr N = (Attr) attrs.item(i);
- String NName=N.getLocalName();
- String NNodeValue=N.getNodeValue();
- if ( !isVisible(N) ) {
- //The node is not in the nodeset(if there is a nodeset)
- continue;
- }
+
- if (!XMLNS_URI.equals(N.getNamespaceURI())) {
+ if (XMLNS_URI!=N.getNamespaceURI()) {
+ if ( !isVisible(N) ) {
+ //The node is not in the nodeset(if there is a nodeset)
+ continue;
+ }
//Not a namespace definition.
if (isOutputElement) {
//The Element is output element, add his prefix(if used) to visibyUtilized
@@ -263,6 +262,25 @@
}
continue;
}
+ String NName=N.getLocalName();
+ if (isOutputElement && !isVisible(N) && NName!=XMLNS) {
+ ns.removeMappingIfNotRender(NName);
+ continue;
+ }
+ String NNodeValue=N.getNodeValue();
+
+ if (!isOutputElement && isVisible(N) && _inclusiveNSSet.contains(NName) && !ns.removeMappingIfRender(NName)) {
+ Node n=ns.addMappingAndRender(NName,NNodeValue,N);
+ if (n!=null) {
+ result.add(n);
+ if (C14nHelper.namespaceIsRelative(N)) {
+ Object exArgs[] = { E.getTagName(), NName, N.getNodeValue() };
+ throw new CanonicalizationException(
+ "c14n.Canonicalizer.RelativeNamespace", exArgs);
+ }
+ }
+ }
+
if (ns.addMapping(NName, NNodeValue,N)) {
@@ -306,18 +324,20 @@
}
result.add(key);
}
- } else /*if (_circunvented)*/ {
- Iterator it=this._inclusiveNSSet.iterator();
- while (it.hasNext()) {
- String s=(String)it.next();
- Attr key=ns.getMappingWithoutRendered(s);
- if (key==null) {
- continue;
- }
- result.add(key);
- }
}
return result.iterator();
}
+ void circumventBugIfNeeded(XMLSignatureInput input) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException {
+ if (!input.isNeedsToBeExpanded() || _inclusiveNSSet.isEmpty())
+ return;
+ Document doc = null;
+ if (input.getSubNode() != null) {
+ doc=XMLUtils.getOwnerDocument(input.getSubNode());
+ } else {
+ doc=XMLUtils.getOwnerDocument(input.getNodeSet());
+ }
+
+ XMLUtils.circumventBug2650(doc);
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java Mon Sep 22 10:43:17 2008 -0400
@@ -28,6 +28,7 @@
/**
* Class Canonicalizer20010315ExclWithComments
*
+ * @version $Revision: 1.5 $
*/
public class Canonicalizer20010315ExclWithComments
extends Canonicalizer20010315Excl {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java Mon Sep 22 10:43:17 2008 -0400
@@ -27,9 +27,11 @@
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
+import java.util.Map;
import java.util.Set;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -45,7 +47,6 @@
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Comment;
-import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
@@ -57,6 +58,7 @@
* Abstract base class for canonicalization algorithms.
*
* @author Christian Geuer-Pollmann
+ * @version $Revision: 1.5 $
*/
public abstract class CanonicalizerBase extends CanonicalizerSpi {
//Constants to be outputed, In char array form, so
@@ -123,6 +125,18 @@
return engineCanonicalizeSubTree(rootNode,(Node)null);
}
/**
+ * Method engineCanonicalizeXPathNodeSet
+ * @inheritDoc
+ * @param xpathNodeSet
+ * @throws CanonicalizationException
+ */
+ public byte[] engineCanonicalizeXPathNodeSet(Set xpathNodeSet)
+ throws CanonicalizationException {
+ this._xpathNodeSet = xpathNodeSet;
+ return engineCanonicalizeXPathNodeSetInternal(XMLUtils.getOwnerDocument(this._xpathNodeSet));
+ }
+
+ /**
* Canonicalizes a Subtree node.
* @param input the root of the subtree to canicalize
* @return The canonicalize stream.
@@ -143,15 +157,8 @@
return bytes;
} else if (input.isNodeSet()) {
nodeFilter=input.getNodeFilters();
- Document doc = null;
- if (input.getSubNode() != null) {
- doc=XMLUtils.getOwnerDocument(input.getSubNode());
- } else {
- doc=XMLUtils.getOwnerDocument(input.getNodeSet());
- }
- if (input.isNeedsToBeExpanded()) {
- XMLUtils.circumventBug2650(doc);
- }
+
+ circumventBugIfNeeded(input);
if (input.getSubNode() != null) {
bytes = engineCanonicalizeXPathNodeSetInternal(input.getSubNode());
@@ -173,6 +180,13 @@
}
}
/**
+ * @param _writer The _writer to set.
+ */
+ public void setWriter(OutputStream _writer) {
+ this._writer = _writer;
+ }
+
+ /**
* Canonicalizes a Subtree node.
*
* @param rootNode
@@ -187,11 +201,13 @@
this._excludeNode = excludeNode;
try {
NameSpaceSymbTable ns=new NameSpaceSymbTable();
+ int nodeLevel=NODE_BEFORE_DOCUMENT_ELEMENT;
if (rootNode instanceof Element) {
//Fills the nssymbtable with the definitions of the parent of the root subnode
getParentNameSpaces((Element)rootNode,ns);
+ nodeLevel=NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
}
- this.canonicalizeSubTree(rootNode,ns,rootNode);
+ this.canonicalizeSubTree(rootNode,ns,rootNode,nodeLevel);
this._writer.close();
if (this._writer instanceof ByteArrayOutputStream) {
byte []result=((ByteArrayOutputStream)this._writer).toByteArray();
@@ -199,6 +215,12 @@
((ByteArrayOutputStream)this._writer).reset();
}
return result;
+ } else if (this._writer instanceof UnsyncByteArrayOutputStream) {
+ byte []result=((UnsyncByteArrayOutputStream)this._writer).toByteArray();
+ if (reset) {
+ ((UnsyncByteArrayOutputStream)this._writer).reset();
+ }
+ return result;
}
return null;
@@ -219,13 +241,17 @@
* @throws CanonicalizationException
* @throws IOException
*/
- final void canonicalizeSubTree(Node currentNode, NameSpaceSymbTable ns,Node endnode)
+ final void canonicalizeSubTree(Node currentNode, NameSpaceSymbTable ns,Node endnode,
+ int documentLevel)
throws CanonicalizationException, IOException {
+ if (isVisibleInt(currentNode)==-1)
+ return;
Node sibling=null;
Node parentNode=null;
final OutputStream writer=this._writer;
final Node excludeNode=this._excludeNode;
final boolean includeComments=this._includeComments;
+ Map cache=new HashMap();
do {
switch (currentNode.getNodeType()) {
@@ -242,18 +268,17 @@
case Node.DOCUMENT_FRAGMENT_NODE :
case Node.DOCUMENT_NODE :
ns.outputNodePush();
- //currentNode = currentNode.getFirstChild();
sibling= currentNode.getFirstChild();
break;
case Node.COMMENT_NODE :
if (includeComments) {
- outputCommentToWriter((Comment) currentNode, writer);
+ outputCommentToWriter((Comment) currentNode, writer, documentLevel);
}
break;
case Node.PROCESSING_INSTRUCTION_NODE :
- outputPItoWriter((ProcessingInstruction) currentNode, writer);
+ outputPItoWriter((ProcessingInstruction) currentNode, writer, documentLevel);
break;
case Node.TEXT_NODE :
@@ -262,6 +287,7 @@
break;
case Node.ELEMENT_NODE :
+ documentLevel=NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
if (currentNode==excludeNode) {
break;
}
@@ -270,27 +296,27 @@
ns.outputNodePush();
writer.write('<');
String name=currentElement.getTagName();
- writeStringToUtf8(name,writer);
+ UtfHelpper.writeByte(name,writer,cache);
Iterator attrs = this.handleAttributesSubtree(currentElement,ns);
if (attrs!=null) {
//we output all Attrs which are available
while (attrs.hasNext()) {
Attr attr = (Attr) attrs.next();
- outputAttrToWriter(attr.getNodeName(),attr.getNodeValue(), writer);
+ outputAttrToWriter(attr.getNodeName(),attr.getNodeValue(), writer,cache);
}
}
writer.write('>');
sibling= currentNode.getFirstChild();
if (sibling==null) {
writer.write(_END_TAG);
- writeStringToUtf8(name,writer);
+ UtfHelpper.writeStringToUtf8(name,writer);
writer.write('>');
//We fineshed with this level, pop to the previous definitions.
ns.outputNodePop();
- if (parentNode != null) {
+ if (parentNode != null) {
sibling= currentNode.getNextSibling();
- }
+ }
} else {
parentNode=currentElement;
}
@@ -298,7 +324,7 @@
}
while (sibling==null && parentNode!=null) {
writer.write(_END_TAG);
- writeStringToUtf8(((Element)parentNode).getTagName(),writer);
+ UtfHelpper.writeByte(((Element)parentNode).getTagName(),writer,cache);
writer.write('>');
//We fineshed with this level, pop to the previous definitions.
ns.outputNodePop();
@@ -307,6 +333,7 @@
sibling=parentNode.getNextSibling();
parentNode=parentNode.getParentNode();
if (!(parentNode instanceof Element)) {
+ documentLevel=NODE_AFTER_DOCUMENT_ELEMENT;
parentNode=null;
}
}
@@ -317,47 +344,8 @@
} while(true);
}
- /**
- * Checks whether a Comment or ProcessingInstruction is before or after the
- * document element. This is needed for prepending or appending "\n"s.
- *
- * @param currentNode comment or pi to check
- * @return NODE_BEFORE_DOCUMENT_ELEMENT, NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT or NODE_AFTER_DOCUMENT_ELEMENT
- * @see #NODE_BEFORE_DOCUMENT_ELEMENT
- * @see #NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT
- * @see #NODE_AFTER_DOCUMENT_ELEMENT
- */
- final static int getPositionRelativeToDocumentElement(Node currentNode) {
-
- if ((currentNode == null) ||
- (currentNode.getParentNode().getNodeType() != Node.DOCUMENT_NODE) ) {
- return CanonicalizerBase.NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- }
- Element documentElement = currentNode.getOwnerDocument().getDocumentElement();
- if ( (documentElement == null) || (documentElement == currentNode) ){
- return CanonicalizerBase.NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- }
- for (Node x = currentNode; x != null; x = x.getNextSibling()) {
- if (x == documentElement) {
- return CanonicalizerBase.NODE_BEFORE_DOCUMENT_ELEMENT;
- }
- }
- return CanonicalizerBase.NODE_AFTER_DOCUMENT_ELEMENT;
- }
-
- /**
- * Method engineCanonicalizeXPathNodeSet
- * @inheritDoc
- * @param xpathNodeSet
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeXPathNodeSet(Set xpathNodeSet)
- throws CanonicalizationException {
- this._xpathNodeSet = xpathNodeSet;
- return engineCanonicalizeXPathNodeSetInternal(XMLUtils.getOwnerDocument(this._xpathNodeSet));
- }
private byte[] engineCanonicalizeXPathNodeSetInternal(Node doc)
throws CanonicalizationException {
@@ -370,6 +358,12 @@
((ByteArrayOutputStream)this._writer).reset();
}
return sol;
+ } else if (this._writer instanceof UnsyncByteArrayOutputStream) {
+ byte []result=((UnsyncByteArrayOutputStream)this._writer).toByteArray();
+ if (reset) {
+ ((UnsyncByteArrayOutputStream)this._writer).reset();
+ }
+ return result;
}
return null;
} catch (UnsupportedEncodingException ex) {
@@ -390,11 +384,17 @@
*/
final void canonicalizeXPathNodeSet(Node currentNode,Node endnode )
throws CanonicalizationException, IOException {
- boolean currentNodeIsVisible = false;
- NameSpaceSymbTable ns=new NameSpaceSymbTable();
+ if (isVisibleInt(currentNode)==-1)
+ return;
+ boolean currentNodeIsVisible = false;
+ NameSpaceSymbTable ns=new NameSpaceSymbTable();
+ if (currentNode instanceof Element)
+ getParentNameSpaces((Element)currentNode,ns);
Node sibling=null;
Node parentNode=null;
OutputStream writer=this._writer;
+ int documentLevel=NODE_BEFORE_DOCUMENT_ELEMENT;
+ Map cache=new HashMap();
do {
switch (currentNode.getNodeType()) {
@@ -416,14 +416,14 @@
break;
case Node.COMMENT_NODE :
- if (this._includeComments && isVisible(currentNode)) {
- outputCommentToWriter((Comment) currentNode, writer);
+ if (this._includeComments && (isVisibleDO(currentNode,ns.getLevel())==1)) {
+ outputCommentToWriter((Comment) currentNode, writer, documentLevel);
}
break;
case Node.PROCESSING_INSTRUCTION_NODE :
if (isVisible(currentNode))
- outputPItoWriter((ProcessingInstruction) currentNode, writer);
+ outputPItoWriter((ProcessingInstruction) currentNode, writer, documentLevel);
break;
case Node.TEXT_NODE :
@@ -436,12 +436,6 @@
|| (nextSibling.getNodeType()
== Node.CDATA_SECTION_NODE));
nextSibling = nextSibling.getNextSibling()) {
- /* The XPath data model allows to select only the first of a
- * sequence of mixed text and CDATA nodes. But we must output
- * them all, so we must search:
- *
- * @see http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6329
- */
outputTextToWriter(nextSibling.getNodeValue(), writer);
currentNode=nextSibling;
sibling=currentNode.getNextSibling();
@@ -451,15 +445,21 @@
break;
case Node.ELEMENT_NODE :
+ documentLevel=NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
Element currentElement = (Element) currentNode;
//Add a level to the nssymbtable. So latter can be pop-back.
String name=null;
- currentNodeIsVisible=isVisible(currentNode);
+ int i=isVisibleDO(currentNode,ns.getLevel());
+ if (i==-1) {
+ sibling= currentNode.getNextSibling();
+ break;
+ }
+ currentNodeIsVisible=(i==1);
if (currentNodeIsVisible) {
ns.outputNodePush();
writer.write('<');
name=currentElement.getTagName();
- writeStringToUtf8(name,writer);
+ UtfHelpper.writeByte(name,writer,cache);
} else {
ns.push();
}
@@ -469,7 +469,7 @@
//we output all Attrs which are available
while (attrs.hasNext()) {
Attr attr = (Attr) attrs.next();
- outputAttrToWriter(attr.getNodeName(),attr.getNodeValue(), writer);
+ outputAttrToWriter(attr.getNodeName(),attr.getNodeValue(), writer,cache);
}
}
if (currentNodeIsVisible) {
@@ -480,7 +480,7 @@
if (sibling==null) {
if (currentNodeIsVisible) {
writer.write(_END_TAG);
- writeStringToUtf8(name,writer);
+ UtfHelpper.writeByte(name,writer,cache);
writer.write('>');
//We fineshed with this level, pop to the previous definitions.
ns.outputNodePop();
@@ -498,7 +498,7 @@
while (sibling==null && parentNode!=null) {
if (isVisible(parentNode)) {
writer.write(_END_TAG);
- writeStringToUtf8(((Element)parentNode).getTagName(),writer);
+ UtfHelpper.writeByte(((Element)parentNode).getTagName(),writer,cache);
writer.write('>');
//We fineshed with this level, pop to the previous definitions.
ns.outputNodePop();
@@ -511,6 +511,7 @@
parentNode=parentNode.getParentNode();
if (!(parentNode instanceof Element)) {
parentNode=null;
+ documentLevel=NODE_AFTER_DOCUMENT_ELEMENT;
}
}
if (sibling==null)
@@ -519,12 +520,38 @@
sibling=currentNode.getNextSibling();
} while(true);
}
+ int isVisibleDO(Node currentNode,int level) {
+ if (nodeFilter!=null) {
+ Iterator it=nodeFilter.iterator();
+ while (it.hasNext()) {
+ int i=((NodeFilter)it.next()).isNodeIncludeDO(currentNode,level);
+ if (i!=1)
+ return i;
+ }
+ }
+ if ((this._xpathNodeSet!=null) && !this._xpathNodeSet.contains(currentNode))
+ return 0;
+ return 1;
+ }
+ int isVisibleInt(Node currentNode) {
+ if (nodeFilter!=null) {
+ Iterator it=nodeFilter.iterator();
+ while (it.hasNext()) {
+ int i=((NodeFilter)it.next()).isNodeInclude(currentNode);
+ if (i!=1)
+ return i;
+ }
+ }
+ if ((this._xpathNodeSet!=null) && !this._xpathNodeSet.contains(currentNode))
+ return 0;
+ return 1;
+ }
boolean isVisible(Node currentNode) {
if (nodeFilter!=null) {
Iterator it=nodeFilter.iterator();
while (it.hasNext()) {
- if (!((NodeFilter)it.next()).isNodeInclude(currentNode))
+ if (((NodeFilter)it.next()).isNodeInclude(currentNode)!=1)
return false;
}
}
@@ -533,19 +560,42 @@
return true;
}
+ void handleParent(Element e,NameSpaceSymbTable ns) {
+ if (!e.hasAttributes()) {
+ return;
+ }
+ NamedNodeMap attrs = e.getAttributes();
+ int attrsLength = attrs.getLength();
+ for (int i = 0; i < attrsLength; i++) {
+ Attr N = (Attr) attrs.item(i);
+ if (Constants.NamespaceSpecNS!=N.getNamespaceURI()) {
+ //Not a namespace definition, ignore.
+ continue;
+ }
+
+ String NName=N.getLocalName();
+ String NValue=N.getNodeValue();
+ if (XML.equals(NName)
+ && Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
+ continue;
+ }
+ ns.addMapping(NName,NValue,N);
+ }
+ }
+
/**
* Adds to ns the definitons from the parent elements of el
* @param el
* @param ns
*/
- final static void getParentNameSpaces(Element el,NameSpaceSymbTable ns) {
- List parents=new ArrayList();
+ final void getParentNameSpaces(Element el,NameSpaceSymbTable ns) {
+ List parents=new ArrayList(10);
Node n1=el.getParentNode();
if (!(n1 instanceof Element)) {
return;
}
//Obtain all the parents of the elemnt
- Element parent=(Element) el.getParentNode();
+ Element parent=(Element) n1;
while (parent!=null) {
parents.add(parent);
Node n=parent.getParentNode();
@@ -557,28 +607,9 @@
//Visit them in reverse order.
ListIterator it=parents.listIterator(parents.size());
while (it.hasPrevious()) {
- Element ele=(Element)it.previous();
- if (!ele.hasAttributes()) {
- continue;
+ Element ele=(Element)it.previous();
+ handleParent(ele, ns);
}
- NamedNodeMap attrs = ele.getAttributes();
- int attrsLength = attrs.getLength();
- for (int i = 0; i < attrsLength; i++) {
- Attr N = (Attr) attrs.item(i);
- if (!Constants.NamespaceSpecNS.equals(N.getNamespaceURI())) {
- //Not a namespace definition, ignore.
- continue;
- }
-
- String NName=N.getLocalName();
- String NValue=N.getNodeValue();
- if (XML.equals(NName)
- && Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
- continue;
- }
- ns.addMapping(NName,NValue,N);
- }
- }
Attr nsprefix;
if (((nsprefix=ns.getMappingWithoutRendered("xmlns"))!=null)
&& "".equals(nsprefix.getValue())) {
@@ -586,269 +617,6 @@
}
}
/**
- * Outputs an Attribute to the internal Writer.
- *
- * The string value of the node is modified by replacing
- *
- * - all ampersands (&) with
&
- * - all open angle brackets (<) with
<
- * - all quotation mark characters with
"
- * - and the whitespace characters
#x9, #xA, and #xD, with character
- * references. The character references are written in uppercase
- * hexadecimal with no leading zeroes (for example, #xD is represented
- * by the character reference 
)
- *
- *
- * @param name
- * @param value
- * @param writer
- * @throws IOException
- */
- static final void outputAttrToWriter(final String name, final String value, final OutputStream writer) throws IOException {
- writer.write(' ');
- writeStringToUtf8(name,writer);
- writer.write(equalsStr);
- byte []toWrite;
- final int length = value.length();
- for (int i=0;i < length; i++) {
- char c = value.charAt(i);
-
- switch (c) {
-
- case '&' :
- toWrite=_AMP_;
- //writer.write(_AMP_);
- break;
-
- case '<' :
- toWrite=_LT_;
- //writer.write(_LT_);
- break;
-
- case '"' :
- toWrite=_QUOT_;
- //writer.write(_QUOT_);
- break;
-
- case 0x09 : // '\t'
- toWrite=__X9_;
- //writer.write(__X9_);
- break;
-
- case 0x0A : // '\n'
- toWrite=__XA_;
- //writer.write(__XA_);
- break;
-
- case 0x0D : // '\r'
- toWrite=__XD_;
- //writer.write(__XD_);
- break;
-
- default :
- writeCharToUtf8(c,writer);
- //this._writer.write(c);
- continue;
- }
- writer.write(toWrite);
- }
-
- writer.write('\"');
- }
-
- final static void writeCharToUtf8(final char c,final OutputStream out) throws IOException{
- char ch;
- if (/*(c >= 0x0001) &&*/ (c <= 0x007F)) {
- out.write(c);
- return;
- }
- int bias;
- int write;
- if (c > 0x07FF) {
- ch=(char)(c>>>12);
- write=0xE0;
- if (ch>0) {
- write |= ( ch & 0x0F);
- }
- out.write(write);
- write=0x80;
- bias=0x3F;
- } else {
- write=0xC0;
- bias=0x1F;
- }
- ch=(char)(c>>>6);
- if (ch>0) {
- write|= (ch & bias);
- }
- out.write(write);
- out.write(0x80 | ((c) & 0x3F));
-
- }
-
- final static void writeStringToUtf8(final String str,final OutputStream out) throws IOException{
- final int length=str.length();
- int i=0;
- char c;
- while (i= 0x0001) &&*/ (c <= 0x007F)) {
- out.write(c);
- continue;
- }
- char ch;
- int bias;
- int write;
- if (c > 0x07FF) {
- ch=(char)(c>>>12);
- write=0xE0;
- if (ch>0) {
- write |= ( ch & 0x0F);
- }
- out.write(write);
- write=0x80;
- bias=0x3F;
- } else {
- write=0xC0;
- bias=0x1F;
- }
- ch=(char)(c>>>6);
- if (ch>0) {
- write|= (ch & bias);
- }
- out.write(write);
- out.write(0x80 | ((c) & 0x3F));
- continue;
-
- }
-
- }
- /**
- * Outputs a PI to the internal Writer.
- *
- * @param currentPI
- * @param writer where to write the things
- * @throws IOException
- */
- static final void outputPItoWriter(ProcessingInstruction currentPI, OutputStream writer) throws IOException {
- final int position = getPositionRelativeToDocumentElement(currentPI);
-
- if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
- writer.write('\n');
- }
- writer.write(_BEGIN_PI);
-
- final String target = currentPI.getTarget();
- int length = target.length();
-
- for (int i = 0; i < length; i++) {
- char c=target.charAt(i);
- if (c==0x0D) {
- writer.write(__XD_);
- } else {
- writeCharToUtf8(c,writer);
- }
- }
-
- final String data = currentPI.getData();
-
- length = data.length();
-
- if (length > 0) {
- writer.write(' ');
-
- for (int i = 0; i < length; i++) {
- char c=data.charAt(i);
- if (c==0x0D) {
- writer.write(__XD_);
- } else {
- writeCharToUtf8(c,writer);
- }
- }
- }
-
- writer.write(_END_PI);
- if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
- writer.write('\n');
- }
- }
-
- /**
- * Method outputCommentToWriter
- *
- * @param currentComment
- * @param writer writer where to write the things
- * @throws IOException
- */
- static final void outputCommentToWriter(Comment currentComment, OutputStream writer) throws IOException {
- final int position = getPositionRelativeToDocumentElement(currentComment);
- if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
- writer.write('\n');
- }
- writer.write(_BEGIN_COMM);
-
- final String data = currentComment.getData();
- final int length = data.length();
-
- for (int i = 0; i < length; i++) {
- char c=data.charAt(i);
- if (c==0x0D) {
- writer.write(__XD_);
- } else {
- writeCharToUtf8(c,writer);
- }
- }
-
- writer.write(_END_COMM);
- if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
- writer.write('\n');
- }
- }
-
- /**
- * Outputs a Text of CDATA section to the internal Writer.
- *
- * @param text
- * @param writer writer where to write the things
- * @throws IOException
- */
- static final void outputTextToWriter(final String text, final OutputStream writer) throws IOException {
- final int length = text.length();
- byte []toWrite;
- for (int i = 0; i < length; i++) {
- char c = text.charAt(i);
-
- switch (c) {
-
- case '&' :
- toWrite=_AMP_;
- //writer.write(_AMP_);
- break;
-
- case '<' :
- toWrite=_LT_;
- //writer.write(_LT_);
- break;
-
- case '>' :
- toWrite=_GT_;
- //writer.write(_GT_);
- break;
-
- case 0xD :
- toWrite=__XD_;
- //writer.write(__XD_);
- break;
-
- default :
- writeCharToUtf8(c,writer);
- continue;
- }
- writer.write(toWrite);
- }
- }
-
- /**
* Obtain the attributes to output for this node in XPathNodeSet c14n.
*
* @param E
@@ -870,13 +638,207 @@
abstract Iterator handleAttributesSubtree(Element E, NameSpaceSymbTable ns)
throws CanonicalizationException;
+ abstract void circumventBugIfNeeded(XMLSignatureInput input) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException;
+ /**
+ * Outputs an Attribute to the internal Writer.
+ *
+ * The string value of the node is modified by replacing
+ *
+ * - all ampersands (&) with
&
+ * - all open angle brackets (<) with
<
+ * - all quotation mark characters with
"
+ * - and the whitespace characters
#x9, #xA, and #xD, with character
+ * references. The character references are written in uppercase
+ * hexadecimal with no leading zeroes (for example, #xD is represented
+ * by the character reference 
)
+ *
+ *
+ * @param name
+ * @param value
+ * @param writer
+ * @throws IOException
+ */
+ static final void outputAttrToWriter(final String name, final String value, final OutputStream writer,
+ final Map cache) throws IOException {
+ writer.write(' ');
+ UtfHelpper.writeByte(name,writer,cache);
+ writer.write(equalsStr);
+ byte []toWrite;
+ final int length = value.length();
+ int i=0;
+ while (i < length) {
+ char c = value.charAt(i++);
+
+ switch (c) {
+
+ case '&' :
+ toWrite=_AMP_;
+ break;
+
+ case '<' :
+ toWrite=_LT_;
+ break;
+
+ case '"' :
+ toWrite=_QUOT_;
+ break;
+
+ case 0x09 : // '\t'
+ toWrite=__X9_;
+ break;
+
+ case 0x0A : // '\n'
+ toWrite=__XA_;
+ break;
+
+ case 0x0D : // '\r'
+ toWrite=__XD_;
+ break;
+
+ default :
+ if (c < 0x80 ) {
+ writer.write(c);
+ } else {
+ UtfHelpper.writeCharToUtf8(c,writer);
+ };
+ continue;
+ }
+ writer.write(toWrite);
+ }
+
+ writer.write('\"');
+ }
+
+ /**
+ * Outputs a PI to the internal Writer.
+ *
+ * @param currentPI
+ * @param writer where to write the things
+ * @throws IOException
+ */
+ static final void outputPItoWriter(ProcessingInstruction currentPI, OutputStream writer,int position) throws IOException {
+
+ if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
+ writer.write('\n');
+ }
+ writer.write(_BEGIN_PI);
+
+ final String target = currentPI.getTarget();
+ int length = target.length();
- /**
- * @param _writer The _writer to set.
- */
- public void setWriter(OutputStream _writer) {
- this._writer = _writer;
- }
+ for (int i = 0; i < length; i++) {
+ char c=target.charAt(i);
+ if (c==0x0D) {
+ writer.write(__XD_);
+ } else {
+ if (c < 0x80) {
+ writer.write(c);
+ } else {
+ UtfHelpper.writeCharToUtf8(c,writer);
+ };
+ }
+ }
+
+ final String data = currentPI.getData();
+
+ length = data.length();
+
+ if (length > 0) {
+ writer.write(' ');
+
+ for (int i = 0; i < length; i++) {
+ char c=data.charAt(i);
+ if (c==0x0D) {
+ writer.write(__XD_);
+ } else {
+ UtfHelpper.writeCharToUtf8(c,writer);
+ }
+ }
+ }
+
+ writer.write(_END_PI);
+ if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
+ writer.write('\n');
+ }
+ }
+
+ /**
+ * Method outputCommentToWriter
+ *
+ * @param currentComment
+ * @param writer writer where to write the things
+ * @throws IOException
+ */
+ static final void outputCommentToWriter(Comment currentComment, OutputStream writer,int position) throws IOException {
+ if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
+ writer.write('\n');
+ }
+ writer.write(_BEGIN_COMM);
+
+ final String data = currentComment.getData();
+ final int length = data.length();
+
+ for (int i = 0; i < length; i++) {
+ char c=data.charAt(i);
+ if (c==0x0D) {
+ writer.write(__XD_);
+ } else {
+ if (c < 0x80) {
+ writer.write(c);
+ } else {
+ UtfHelpper.writeCharToUtf8(c,writer);
+ };
+ }
+ }
+
+ writer.write(_END_COMM);
+ if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
+ writer.write('\n');
+ }
+ }
+
+ /**
+ * Outputs a Text of CDATA section to the internal Writer.
+ *
+ * @param text
+ * @param writer writer where to write the things
+ * @throws IOException
+ */
+ static final void outputTextToWriter(final String text, final OutputStream writer) throws IOException {
+ final int length = text.length();
+ byte []toWrite;
+ for (int i = 0; i < length; i++) {
+ char c = text.charAt(i);
+
+ switch (c) {
+
+ case '&' :
+ toWrite=_AMP_;
+ break;
+
+ case '<' :
+ toWrite=_LT_;
+ break;
+
+ case '>' :
+ toWrite=_GT_;
+ break;
+
+ case 0xD :
+ toWrite=__XD_;
+ break;
+
+ default :
+ if (c < 0x80) {
+ writer.write(c);
+ } else {
+ UtfHelpper.writeCharToUtf8(c,writer);
+ };
+ continue;
+ }
+ writer.write(toWrite);
+ }
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,16 +20,10 @@
*/
package com.sun.org.apache.xml.internal.security.c14n.implementations;
-import java.lang.reflect.Array;
-import java.util.AbstractList;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collection;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
-import java.util.Map;
-
import org.w3c.dom.Attr;
@@ -46,21 +40,26 @@
public class NameSpaceSymbTable {
/**The map betwen prefix-> entry table. */
- SymbMap symb = new SymbMap();
+ SymbMap symb;
/**The level of nameSpaces (for Inclusive visibility).*/
int nameSpaces=0;
/**The stacks for removing the definitions when doing pop.*/
- List level = new ArrayList();
+ List level;
boolean cloned=true;
static final String XMLNS="xmlns";
+ final static SymbMap initialMap=new SymbMap();
+ static {
+ NameSpaceSymbEntry ne=new NameSpaceSymbEntry("",null,true,XMLNS);
+ ne.lastrendered="";
+ initialMap.put(XMLNS,ne);
+ }
/**
* Default constractor
**/
public NameSpaceSymbTable() {
+ level = new ArrayList(10);
//Insert the default binding for xmlns.
- NameSpaceSymbEntry ne=new NameSpaceSymbEntry("",null,true);
- ne.lastrendered="";
- symb.put(XMLNS,ne);
+ symb=(SymbMap) initialMap.clone();
}
/**
@@ -75,8 +74,14 @@
NameSpaceSymbEntry n=(NameSpaceSymbEntry)(it.next());
//put them rendered?
if ((!n.rendered) && (n.n!=null)) {
+ n=(NameSpaceSymbEntry) n.clone();
+ needsClone();
+ symb.put(n.prefix,n);
+ n.lastrendered=n.uri;
+ n.rendered=true;
+
result.add(n.n);
- n.rendered=true;
+
}
}
}
@@ -104,10 +109,6 @@
**/
public void push() {
//Put the number of namespace definitions in the stack.
- /**if (cloned) {
- Object ob[]= {symb,cloned ? symb : null};
- level.add(ob);
- } **/
level.add(null);
cloned=false;
}
@@ -124,7 +125,7 @@
if (size==0) {
cloned=false;
} else
- cloned=(level.get(size-1)!=symb);
+ cloned=(level.get(size-1)!=symb);
} else {
cloned=false;
}
@@ -134,8 +135,7 @@
final void needsClone() {
if (!cloned) {
- level.remove(level.size()-1);
- level.add(symb);
+ level.set(level.size()-1,symb);
symb=(SymbMap) symb.clone();
cloned=true;
}
@@ -200,7 +200,7 @@
return false;
}
//Creates and entry in the table for this new definition.
- NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,false);
+ NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,false,prefix);
needsClone();
symb.put(prefix, ne);
if (ob != null) {
@@ -238,7 +238,7 @@
return null;
}
- NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,true);
+ NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,true,prefix);
ne.lastrendered=uri;
needsClone();
symb.put(prefix, ne);
@@ -251,53 +251,38 @@
}
return ne.n;
}
- /**
- * Adds & gets(if needed) the attribute node that defines the binding for the prefix.
- * Take on account if the rules of rendering in the inclusive c14n.
- * For inclusive c14n.
- * @param prefix the prefix to obtain the attribute.
- * @param outputNode the container element is an output element.
- * @param uri the Uri of the definition
- * @param n the attribute that have the definition
- * @return null if there is no need to render the prefix. Otherwise the node of
- * definition.
- **/
- public Node addMappingAndRenderXNodeSet(String prefix, String uri,Attr n,boolean outputNode) {
+
+ public int getLevel() {
+ // TODO Auto-generated method stub
+ return level.size();
+ }
+
+ public void removeMapping(String prefix) {
NameSpaceSymbEntry ob = symb.get(prefix);
- int visibleNameSpaces=nameSpaces;
- if ((ob!=null) && uri.equals(ob.uri)) {
- if (!ob.rendered) {
- ob=(NameSpaceSymbEntry)ob.clone();
- needsClone();
- symb.put(prefix,ob);
- ob.rendered=true;
- ob.level=visibleNameSpaces;
- return ob.n;
- }
- ob=(NameSpaceSymbEntry)ob.clone();
+
+ if (ob!=null) {
+ needsClone();
+ symb.put(prefix,null);
+ }
+ }
+
+ public void removeMappingIfNotRender(String prefix) {
+ NameSpaceSymbEntry ob = symb.get(prefix);
+
+ if (ob!=null && !ob.rendered) {
needsClone();
- symb.put(prefix,ob);
- if (outputNode && (((visibleNameSpaces-ob.level)<2) || XMLNS.equals(prefix)) ) {
- ob.level=visibleNameSpaces;
- return null; //Already rendered, just return nulll
- }
- ob.level=visibleNameSpaces;
- return ob.n;
- }
+ symb.put(prefix,null);
+ }
+ }
- NameSpaceSymbEntry ne=new NameSpaceSymbEntry(uri,n,true);
- ne.level=nameSpaces;
- ne.rendered=true;
- needsClone();
- symb.put(prefix, ne);
- if (ob != null) {
- ne.lastrendered=ob.lastrendered;
+ public boolean removeMappingIfRender(String prefix) {
+ NameSpaceSymbEntry ob = symb.get(prefix);
- if ((ob.lastrendered!=null)&& (ob.lastrendered.equals(uri))) {
- ne.rendered=true;
- }
- }
- return ne.n;
+ if (ob!=null && ob.rendered) {
+ needsClone();
+ symb.put(prefix,null);
+ }
+ return false;
}
}
@@ -305,10 +290,11 @@
* The internal structure of NameSpaceSymbTable.
**/
class NameSpaceSymbEntry implements Cloneable {
- NameSpaceSymbEntry(String name,Attr n,boolean rendered) {
+ NameSpaceSymbEntry(String name,Attr n,boolean rendered,String prefix) {
this.uri=name;
this.rendered=rendered;
this.n=n;
+ this.prefix=prefix;
}
/** @inheritDoc */
public Object clone() {
@@ -320,6 +306,7 @@
}
/** The level where the definition was rendered(Only for inclusive) */
int level=0;
+ String prefix;
/**The URI that the prefix defines */
String uri;
/**The last output in the URI for this prefix (This for speed reason).*/
@@ -330,53 +317,57 @@
Attr n;
};
-class SymbMap implements Cloneable{
- int free=23;
- NameSpaceSymbEntry[] entries=new NameSpaceSymbEntry[free];
- String[] keys=new String[free];
-
- void put(String key, NameSpaceSymbEntry value) {
+class SymbMap implements Cloneable {
+ int free=23;
+ NameSpaceSymbEntry[] entries;
+ String[] keys;
+ SymbMap() {
+ entries=new NameSpaceSymbEntry[free];
+ keys=new String[free];
+ }
+ void put(String key, NameSpaceSymbEntry value) {
int index = index(key);
- Object oldKey = keys[index];
- keys[index] = key;
- entries[index] = value;
+ Object oldKey = keys[index];
+ keys[index] = key;
+ entries[index] = value;
if (oldKey==null || !oldKey.equals(key)) {
- if (--free == 0) {
- free=entries.length;
- int newCapacity = free<<2;
- rehash(newCapacity);
- }
+ if (--free == 0) {
+ free=entries.length;
+ int newCapacity = free<<2;
+ rehash(newCapacity);
+ }
}
}
List entrySet() {
- List a=new ArrayList();
- for (int i=0;iint value
@@ -384,37 +375,38 @@
protected void rehash(int newCapacity) {
int oldCapacity = keys.length;
String oldKeys[] = keys;
- NameSpaceSymbEntry oldVals[] = entries;
+ NameSpaceSymbEntry oldVals[] = entries;
- keys = new String[newCapacity];
- entries = new NameSpaceSymbEntry[newCapacity];
+ keys = new String[newCapacity];
+ entries = new NameSpaceSymbEntry[newCapacity];
for (int i = oldCapacity; i-- > 0;) {
if(oldKeys[i] != null) {
String o = oldKeys[i];
int index = index(o);
- keys[index] = o;
- entries[index] = oldVals[i];
+ keys[index] = o;
+ entries[index] = oldVals[i];
}
}
}
- NameSpaceSymbEntry get(String key) {
- return entries[index(key)];
- }
- protected Object clone() {
- // TODO Auto-generated method stub
- try {
- SymbMap copy=(SymbMap) super.clone();
- copy.entries=new NameSpaceSymbEntry[entries.length];
- System.arraycopy(entries,0,copy.entries,0,entries.length);
- copy.keys=new String[keys.length];
- System.arraycopy(keys,0,copy.keys,0,keys.length);
+
+ NameSpaceSymbEntry get(String key) {
+ return entries[index(key)];
+ }
- return copy;
- } catch (CloneNotSupportedException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- return null;
+ protected Object clone() {
+ try {
+ SymbMap copy=(SymbMap) super.clone();
+ copy.entries=new NameSpaceSymbEntry[entries.length];
+ System.arraycopy(entries,0,copy.entries,0,entries.length);
+ copy.keys=new String[keys.length];
+ System.arraycopy(keys,0,copy.keys,0,keys.length);
+
+ return copy;
+ } catch (CloneNotSupportedException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
}
+ return null;
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java Mon Sep 22 10:43:17 2008 -0400
@@ -0,0 +1,155 @@
+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+public class UtfHelpper {
+
+ final static void writeByte(final String str,final OutputStream out,Map cache) throws IOException {
+ byte []result=(byte[]) cache.get(str);
+ if (result==null) {
+ result=getStringInUtf8(str);
+ cache.put(str,result);
+ }
+
+ out.write(result);
+
+ }
+
+ final static void writeCharToUtf8(final char c,final OutputStream out) throws IOException{
+ if (c < 0x80) {
+ out.write(c);
+ return;
+ }
+ if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF) ){
+ //No Surrogates in sun java
+ out.write(0x3f);
+ return;
+ }
+ int bias;
+ int write;
+ char ch;
+ if (c > 0x07FF) {
+ ch=(char)(c>>>12);
+ write=0xE0;
+ if (ch>0) {
+ write |= ( ch & 0x0F);
+ }
+ out.write(write);
+ write=0x80;
+ bias=0x3F;
+ } else {
+ write=0xC0;
+ bias=0x1F;
+ }
+ ch=(char)(c>>>6);
+ if (ch>0) {
+ write|= (ch & bias);
+ }
+ out.write(write);
+ out.write(0x80 | ((c) & 0x3F));
+
+ }
+
+ final static void writeStringToUtf8(final String str,final OutputStream out) throws IOException{
+ final int length=str.length();
+ int i=0;
+ char c;
+ while (i= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF) ){
+ //No Surrogates in sun java
+ out.write(0x3f);
+ continue;
+ }
+ char ch;
+ int bias;
+ int write;
+ if (c > 0x07FF) {
+ ch=(char)(c>>>12);
+ write=0xE0;
+ if (ch>0) {
+ write |= ( ch & 0x0F);
+ }
+ out.write(write);
+ write=0x80;
+ bias=0x3F;
+ } else {
+ write=0xC0;
+ bias=0x1F;
+ }
+ ch=(char)(c>>>6);
+ if (ch>0) {
+ write|= (ch & bias);
+ }
+ out.write(write);
+ out.write(0x80 | ((c) & 0x3F));
+
+ }
+
+ }
+ public final static byte[] getStringInUtf8(final String str) {
+ final int length=str.length();
+ boolean expanded=false;
+ byte []result=new byte[length];
+ int i=0;
+ int out=0;
+ char c;
+ while (i= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF) ){
+ //No Surrogates in sun java
+ result[out++]=0x3f;
+
+ continue;
+ }
+ if (!expanded) {
+ byte newResult[]=new byte[3*length];
+ System.arraycopy(result, 0, newResult, 0, out);
+ result=newResult;
+ expanded=true;
+ }
+ char ch;
+ int bias;
+ byte write;
+ if (c > 0x07FF) {
+ ch=(char)(c>>>12);
+ write=(byte)0xE0;
+ if (ch>0) {
+ write |= ( ch & 0x0F);
+ }
+ result[out++]=write;
+ write=(byte)0x80;
+ bias=0x3F;
+ } else {
+ write=(byte)0xC0;
+ bias=0x1F;
+ }
+ ch=(char)(c>>>6);
+ if (ch>0) {
+ write|= (ch & bias);
+ }
+ result[out++]=write;
+ result[out++]=(byte)(0x80 | ((c) & 0x3F));/**/
+
+ }
+ if (expanded) {
+ byte newResult[]=new byte[out];
+ System.arraycopy(result, 0, newResult, 0, out);
+ result=newResult;
+ }
+ return result;
+ }
+
+
+
+}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java Mon Sep 22 10:43:17 2008 -0400
@@ -22,6 +22,7 @@
import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
@@ -30,6 +31,7 @@
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
@@ -204,7 +206,7 @@
* @since 1.0.
*/
private XMLCipher() {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Constructing XMLCipher...");
+ logger.log(java.util.logging.Level.FINE, "Constructing XMLCipher...");
_factory = new Factory();
_serializer = new Serializer();
@@ -266,7 +268,7 @@
public static XMLCipher getInstance(String transformation) throws
XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
+ logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
if (null == transformation)
logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
if(!isValidEncryptionAlgorithm(transformation))
@@ -294,7 +296,7 @@
try {
instance._contextCipher = Cipher.getInstance(jceAlgorithm);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "cihper.algoritm = " +
+ logger.log(java.util.logging.Level.FINE, "cihper.algoritm = " +
instance._contextCipher.getAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw new XMLEncryptionException("empty", nsae);
@@ -305,49 +307,6 @@
return (instance);
}
- public static XMLCipher getInstance(String transformation,Cipher cipher) throws
- XMLEncryptionException {
- // sanity checks
- logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
- if (null == transformation)
- logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
- if(!isValidEncryptionAlgorithm(transformation))
- logger.log(java.util.logging.Level.WARNING, "Algorithm non-standard, expected one of " + ENC_ALGORITHMS);
-
- XMLCipher instance = new XMLCipher();
-
- instance._algorithm = transformation;
- instance._key = null;
- instance._kek = null;
-
-
- /* Create a canonicaliser - used when serialising DOM to octets
- * prior to encryption (and for the reverse) */
-
- try {
- instance._canon = Canonicalizer.getInstance
- (Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
-
- } catch (InvalidCanonicalizerException ice) {
- throw new XMLEncryptionException("empty", ice);
- }
-
- String jceAlgorithm = JCEMapper.translateURItoJCEID(transformation);
-
- try {
- instance._contextCipher = cipher;
- //Cipher.getInstance(jceAlgorithm);
- logger.log(java.util.logging.Level.FINE, "cihper.algoritm = " +
- instance._contextCipher.getAlgorithm());
- }catch(Exception ex) {
- throw new XMLEncryptionException("empty", ex);
- }
-
- return (instance);
- }
-
-
-
/**
* Returns an XMLCipher that implements the specified
* transformation, operates on the specified context document and serializes
@@ -380,6 +339,45 @@
return instance;
}
+ public static XMLCipher getInstance(String transformation,Cipher cipher) throws XMLEncryptionException {
+ // sanity checks
+ logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
+ if (null == transformation)
+ logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
+ if(!isValidEncryptionAlgorithm(transformation))
+ logger.log(java.util.logging.Level.WARNING, "Algorithm non-standard, expected one of " + ENC_ALGORITHMS);
+
+ XMLCipher instance = new XMLCipher();
+
+ instance._algorithm = transformation;
+ instance._key = null;
+ instance._kek = null;
+
+
+ /* Create a canonicaliser - used when serialising DOM to octets
+ * prior to encryption (and for the reverse) */
+
+ try {
+ instance._canon = Canonicalizer.getInstance
+ (Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
+
+ } catch (InvalidCanonicalizerException ice) {
+ throw new XMLEncryptionException("empty", ice);
+ }
+
+ String jceAlgorithm = JCEMapper.translateURItoJCEID(transformation);
+
+ try {
+ instance._contextCipher = cipher;
+ //Cipher.getInstance(jceAlgorithm);
+ logger.log(java.util.logging.Level.FINE, "cihper.algoritm = " +
+ instance._contextCipher.getAlgorithm());
+ }catch(Exception ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
+
+ return (instance);
+ }
/**
* Returns an XMLCipher that implements the specified
@@ -396,7 +394,7 @@
public static XMLCipher getProviderInstance(String transformation, String provider)
throws XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
+ logger.log(java.util.logging.Level.FINE, "Getting XMLCipher...");
if (null == transformation)
logger.log(java.util.logging.Level.SEVERE, "Transformation unexpectedly null...");
if(null == provider)
@@ -429,9 +427,9 @@
instance._contextCipher = Cipher.getInstance(jceAlgorithm, provider);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "cipher._algorithm = " +
+ logger.log(java.util.logging.Level.FINE, "cipher._algorithm = " +
instance._contextCipher.getAlgorithm());
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "provider.name = " + provider);
+ logger.log(java.util.logging.Level.FINE, "provider.name = " + provider);
} catch (NoSuchAlgorithmException nsae) {
throw new XMLEncryptionException("empty", nsae);
} catch (NoSuchProviderException nspre) {
@@ -490,7 +488,7 @@
public static XMLCipher getInstance()
throws XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Getting XMLCipher for no transformation...");
+ logger.log(java.util.logging.Level.FINE, "Getting XMLCipher for no transformation...");
XMLCipher instance = new XMLCipher();
@@ -532,7 +530,7 @@
throws XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Getting XMLCipher, provider but no transformation");
+ logger.log(java.util.logging.Level.FINE, "Getting XMLCipher, provider but no transformation");
if(null == provider)
logger.log(java.util.logging.Level.SEVERE, "Provider unexpectedly null..");
if("" == provider)
@@ -578,7 +576,7 @@
*/
public void init(int opmode, Key key) throws XMLEncryptionException {
// sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Initializing XMLCipher...");
+ logger.log(java.util.logging.Level.FINE, "Initializing XMLCipher...");
_ek = null;
_ed = null;
@@ -586,18 +584,18 @@
switch (opmode) {
case ENCRYPT_MODE :
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "opmode = ENCRYPT_MODE");
+ logger.log(java.util.logging.Level.FINE, "opmode = ENCRYPT_MODE");
_ed = createEncryptedData(CipherData.VALUE_TYPE, "NO VALUE YET");
break;
case DECRYPT_MODE :
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "opmode = DECRYPT_MODE");
+ logger.log(java.util.logging.Level.FINE, "opmode = DECRYPT_MODE");
break;
case WRAP_MODE :
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "opmode = WRAP_MODE");
+ logger.log(java.util.logging.Level.FINE, "opmode = WRAP_MODE");
_ek = createEncryptedKey(CipherData.VALUE_TYPE, "NO VALUE YET");
break;
case UNWRAP_MODE :
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "opmode = UNWRAP_MODE");
+ logger.log(java.util.logging.Level.FINE, "opmode = UNWRAP_MODE");
break;
default :
logger.log(java.util.logging.Level.SEVERE, "Mode unexpectedly invalid");
@@ -622,7 +620,7 @@
public EncryptedData getEncryptedData() {
// Sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Returning EncryptedData");
+ logger.log(java.util.logging.Level.FINE, "Returning EncryptedData");
return _ed;
}
@@ -640,7 +638,7 @@
public EncryptedKey getEncryptedKey() {
// Sanity checks
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Returning EncryptedKey");
+ logger.log(java.util.logging.Level.FINE, "Returning EncryptedKey");
return _ek;
}
@@ -750,11 +748,11 @@
*/
private Document encryptElement(Element element) throws Exception{
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypting element...");
+ logger.log(java.util.logging.Level.FINE, "Encrypting element...");
if(null == element)
logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
if(_cipherMode != ENCRYPT_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
if (_algorithm == null) {
throw new XMLEncryptionException("XMLCipher instance without transformation specified");
@@ -785,11 +783,11 @@
*/
private Document encryptElementContent(Element element) throws
/* XMLEncryption */Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypting element content...");
+ logger.log(java.util.logging.Level.FINE, "Encrypting element content...");
if(null == element)
logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
if(_cipherMode != ENCRYPT_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
if (_algorithm == null) {
throw new XMLEncryptionException("XMLCipher instance without transformation specified");
@@ -815,7 +813,7 @@
*/
public Document doFinal(Document context, Document source) throws
/* XMLEncryption */Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Processing source document...");
+ logger.log(java.util.logging.Level.FINE, "Processing source document...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == source)
@@ -855,7 +853,7 @@
*/
public Document doFinal(Document context, Element element) throws
/* XMLEncryption */Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Processing source element...");
+ logger.log(java.util.logging.Level.FINE, "Processing source element...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == element)
@@ -898,7 +896,7 @@
*/
public Document doFinal(Document context, Element element, boolean content)
throws /* XMLEncryption*/ Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Processing source element...");
+ logger.log(java.util.logging.Level.FINE, "Processing source element...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == element)
@@ -954,6 +952,34 @@
/**
* Returns an EncryptedData interface. Use this operation if
+ * you want to have full control over the serialization of the element
+ * or element content.
+ *
+ * This does not change the source document in any way.
+ *
+ * @param context the context Document.
+ * @param type a URI identifying type information about the plaintext form
+ * of the encrypted content (may be null)
+ * @param serializedData the serialized data
+ * @return the EncryptedData
+ * @throws Exception
+ */
+ public EncryptedData encryptData(Document context, String type,
+ InputStream serializedData) throws Exception {
+
+ logger.log(java.util.logging.Level.FINE, "Encrypting element...");
+ if (null == context)
+ logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
+ if (null == serializedData)
+ logger.log(java.util.logging.Level.SEVERE, "Serialized data unexpectedly null...");
+ if (_cipherMode != ENCRYPT_MODE)
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+
+ return encryptData(context, null, type, serializedData);
+ }
+
+ /**
+ * Returns an EncryptedData interface. Use this operation if
* you want to have full control over the contents of the
* EncryptedData structure.
*
@@ -966,160 +992,60 @@
* @return the EncryptedData
* @throws Exception
*/
- public EncryptedData encryptData(Document context, Element element, boolean contentMode) throws
- /* XMLEncryption */ Exception {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypting element...");
- if (null == context)
- logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
- if (null == element)
- logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
- if (_cipherMode != ENCRYPT_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
-
- _contextDocument = context;
-
- if (_algorithm == null) {
- throw new XMLEncryptionException("XMLCipher instance without transformation specified");
- }
-
- String serializedOctets = null;
- if (contentMode) {
- NodeList children = element.getChildNodes();
- if ((null != children)) {
- serializedOctets = _serializer.serialize(children);
- } else {
- Object exArgs[] = { "Element has no content." };
- throw new XMLEncryptionException("empty", exArgs);
- }
- } else {
- serializedOctets = _serializer.serialize(element);
- }
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Serialized octets:\n" + serializedOctets);
-
- byte[] encryptedBytes = null;
-
- // Now create the working cipher if none was created already
- Cipher c;
- if (_contextCipher == null) {
- String jceAlgorithm =
- JCEMapper.translateURItoJCEID(_algorithm);
-
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
-
- try {
- if (_requestedJCEProvider == null)
- c = Cipher.getInstance(jceAlgorithm);
- else
- c = Cipher.getInstance(jceAlgorithm, _requestedJCEProvider);
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLEncryptionException("empty", nsae);
- } catch (NoSuchProviderException nspre) {
- throw new XMLEncryptionException("empty", nspre);
- } catch (NoSuchPaddingException nspae) {
- throw new XMLEncryptionException("empty", nspae);
- }
- }
- else {
- c = _contextCipher;
- }
- // Now perform the encryption
-
- try {
- // Should internally generate an IV
- // todo - allow user to set an IV
- c.init(_cipherMode, _key);
- } catch (InvalidKeyException ike) {
- throw new XMLEncryptionException("empty", ike);
- }
-
- try {
- encryptedBytes =
- c.doFinal(serializedOctets.getBytes("UTF-8"));
-
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
- Integer.toString(c.getOutputSize(
- serializedOctets.getBytes().length)));
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Actual cipher.outputSize = " +
- Integer.toString(encryptedBytes.length));
- } catch (IllegalStateException ise) {
- throw new XMLEncryptionException("empty", ise);
- } catch (IllegalBlockSizeException ibse) {
- throw new XMLEncryptionException("empty", ibse);
- } catch (BadPaddingException bpe) {
- throw new XMLEncryptionException("empty", bpe);
- } catch (UnsupportedEncodingException uee) {
- throw new XMLEncryptionException("empty", uee);
- }
-
- // Now build up to a properly XML Encryption encoded octet stream
- // IvParameterSpec iv;
-
- byte[] iv = c.getIV();
- byte[] finalEncryptedBytes =
- new byte[iv.length + encryptedBytes.length];
- System.arraycopy(iv, 0, finalEncryptedBytes, 0,
- iv.length);
- System.arraycopy(encryptedBytes, 0, finalEncryptedBytes,
- iv.length,
- encryptedBytes.length);
-
- String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);
-
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted octets length = " +
- base64EncodedEncryptedOctets.length());
-
- try {
- CipherData cd = _ed.getCipherData();
- CipherValue cv = cd.getCipherValue();
- // cv.setValue(base64EncodedEncryptedOctets.getBytes());
- cv.setValue(base64EncodedEncryptedOctets);
-
- if (contentMode) {
- _ed.setType(
- new URI(EncryptionConstants.TYPE_CONTENT).toString());
- } else {
- _ed.setType(
- new URI(EncryptionConstants.TYPE_ELEMENT).toString());
- }
- EncryptionMethod method =
- _factory.newEncryptionMethod(new URI(_algorithm).toString());
- _ed.setEncryptionMethod(method);
- } catch (URI.MalformedURIException mfue) {
- throw new XMLEncryptionException("empty", mfue);
- }
- return (_ed);
- }
-
-
-
- public EncryptedData encryptData(Document context, byte [] serializedOctets, boolean contentMode) throws
- /* XMLEncryption */ Exception {
+ public EncryptedData encryptData(
+ Document context, Element element, boolean contentMode)
+ throws /* XMLEncryption */ Exception {
+
logger.log(java.util.logging.Level.FINE, "Encrypting element...");
if (null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
- if (null == serializedOctets)
- logger.log(java.util.logging.Level.SEVERE, "Canonicalized Data is unexpectedly null...");
+ if (null == element)
+ logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
if (_cipherMode != ENCRYPT_MODE)
logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in ENCRYPT_MODE...");
+ if (contentMode) {
+ return encryptData
+ (context, element, EncryptionConstants.TYPE_CONTENT, null);
+ } else {
+ return encryptData
+ (context, element, EncryptionConstants.TYPE_ELEMENT, null);
+ }
+ }
+
+ private EncryptedData encryptData(
+ Document context, Element element, String type,
+ InputStream serializedData) throws /* XMLEncryption */ Exception {
+
_contextDocument = context;
if (_algorithm == null) {
- throw new XMLEncryptionException("XMLCipher instance without transformation specified");
+ throw new XMLEncryptionException
+ ("XMLCipher instance without transformation specified");
}
-
- logger.log(java.util.logging.Level.FINE, "Serialized octets:\n" + serializedOctets);
+ String serializedOctets = null;
+ if (serializedData == null) {
+ if (type == EncryptionConstants.TYPE_CONTENT) {
+ NodeList children = element.getChildNodes();
+ if (null != children) {
+ serializedOctets = _serializer.serialize(children);
+ } else {
+ Object exArgs[] = { "Element has no content." };
+ throw new XMLEncryptionException("empty", exArgs);
+ }
+ } else {
+ serializedOctets = _serializer.serialize(element);
+ }
+ logger.log(java.util.logging.Level.FINE, "Serialized octets:\n" + serializedOctets);
+ }
byte[] encryptedBytes = null;
// Now create the working cipher if none was created already
Cipher c;
if (_contextCipher == null) {
- String jceAlgorithm =
- JCEMapper.translateURItoJCEID(_algorithm);
-
+ String jceAlgorithm = JCEMapper.translateURItoJCEID(_algorithm);
logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
try {
@@ -1148,41 +1074,47 @@
}
try {
- encryptedBytes =
- c.doFinal(serializedOctets);
-
- logger.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
+ if (serializedData != null) {
+ int numBytes;
+ byte[] buf = new byte[8192];
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ while ((numBytes = serializedData.read(buf)) != -1) {
+ byte[] data = c.update(buf, 0, numBytes);
+ baos.write(data);
+ }
+ baos.write(c.doFinal());
+ encryptedBytes = baos.toByteArray();
+ } else {
+ encryptedBytes = c.doFinal(serializedOctets.getBytes("UTF-8"));
+ logger.log(java.util.logging.Level.FINE, "Expected cipher.outputSize = " +
Integer.toString(c.getOutputSize(
- serializedOctets.length)));
+ serializedOctets.getBytes().length)));
+ }
logger.log(java.util.logging.Level.FINE, "Actual cipher.outputSize = " +
- Integer.toString(encryptedBytes.length));
+ Integer.toString(encryptedBytes.length));
} catch (IllegalStateException ise) {
throw new XMLEncryptionException("empty", ise);
} catch (IllegalBlockSizeException ibse) {
throw new XMLEncryptionException("empty", ibse);
} catch (BadPaddingException bpe) {
throw new XMLEncryptionException("empty", bpe);
- } catch (Exception uee) {
+ } catch (UnsupportedEncodingException uee) {
throw new XMLEncryptionException("empty", uee);
}
// Now build up to a properly XML Encryption encoded octet stream
// IvParameterSpec iv;
-
byte[] iv = c.getIV();
byte[] finalEncryptedBytes =
new byte[iv.length + encryptedBytes.length];
- System.arraycopy(iv, 0, finalEncryptedBytes, 0,
- iv.length);
- System.arraycopy(encryptedBytes, 0, finalEncryptedBytes,
- iv.length,
- encryptedBytes.length);
-
+ System.arraycopy(iv, 0, finalEncryptedBytes, 0, iv.length);
+ System.arraycopy(encryptedBytes, 0, finalEncryptedBytes, iv.length,
+ encryptedBytes.length);
String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);
logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
logger.log(java.util.logging.Level.FINE, "Encrypted octets length = " +
- base64EncodedEncryptedOctets.length());
+ base64EncodedEncryptedOctets.length());
try {
CipherData cd = _ed.getCipherData();
@@ -1190,15 +1122,11 @@
// cv.setValue(base64EncodedEncryptedOctets.getBytes());
cv.setValue(base64EncodedEncryptedOctets);
- if (contentMode) {
- _ed.setType(
- new URI(EncryptionConstants.TYPE_CONTENT).toString());
- } else {
- _ed.setType(
- new URI(EncryptionConstants.TYPE_ELEMENT).toString());
+ if (type != null) {
+ _ed.setType(new URI(type).toString());
}
EncryptionMethod method =
- _factory.newEncryptionMethod(new URI(_algorithm).toString());
+ _factory.newEncryptionMethod(new URI(_algorithm).toString());
_ed.setEncryptionMethod(method);
} catch (URI.MalformedURIException mfue) {
throw new XMLEncryptionException("empty", mfue);
@@ -1206,7 +1134,6 @@
return (_ed);
}
-
/**
* Returns an EncryptedData interface. Use this operation if
* you want to load an EncryptedData structure from a DOM
@@ -1219,7 +1146,7 @@
*/
public EncryptedData loadEncryptedData(Document context, Element element)
throws XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Loading encrypted element...");
+ logger.log(java.util.logging.Level.FINE, "Loading encrypted element...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == element)
@@ -1246,13 +1173,13 @@
public EncryptedKey loadEncryptedKey(Document context, Element element)
throws XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Loading encrypted key...");
+ logger.log(java.util.logging.Level.FINE, "Loading encrypted key...");
if(null == context)
logger.log(java.util.logging.Level.SEVERE, "Context document unexpectedly null...");
if(null == element)
logger.log(java.util.logging.Level.SEVERE, "Element unexpectedly null...");
if(_cipherMode != UNWRAP_MODE && _cipherMode != DECRYPT_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE or DECRYPT_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE or DECRYPT_MODE...");
_contextDocument = context;
_ek = _factory.newEncryptedKey(element);
@@ -1290,12 +1217,12 @@
public EncryptedKey encryptKey(Document doc, Key key) throws
XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypting key ...");
+ logger.log(java.util.logging.Level.FINE, "Encrypting key ...");
if(null == key)
logger.log(java.util.logging.Level.SEVERE, "Key unexpectedly null...");
if(_cipherMode != WRAP_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in WRAP_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in WRAP_MODE...");
if (_algorithm == null) {
@@ -1313,7 +1240,7 @@
String jceAlgorithm =
JCEMapper.translateURItoJCEID(_algorithm);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
+ logger.log(java.util.logging.Level.FINE, "alg = " + jceAlgorithm);
try {
if (_requestedJCEProvider == null)
@@ -1345,8 +1272,8 @@
String base64EncodedEncryptedOctets = Base64.encode(encryptedBytes);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted key octets:\n" + base64EncodedEncryptedOctets);
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted key octets length = " +
+ logger.log(java.util.logging.Level.FINE, "Encrypted key octets:\n" + base64EncodedEncryptedOctets);
+ logger.log(java.util.logging.Level.FINE, "Encrypted key octets length = " +
base64EncodedEncryptedOctets.length());
CipherValue cv = _ek.getCipherData().getCipherValue();
@@ -1376,10 +1303,10 @@
public Key decryptKey(EncryptedKey encryptedKey, String algorithm) throws
XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
+ logger.log(java.util.logging.Level.FINE, "Decrypting key from previously loaded EncryptedKey...");
if(_cipherMode != UNWRAP_MODE)
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
+ logger.log(java.util.logging.Level.FINE, "XMLCipher unexpectedly not in UNWRAP_MODE...");
if (algorithm == null) {
throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
@@ -1387,7 +1314,7 @@
if (_key == null) {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
+ logger.log(java.util.logging.Level.FINE, "Trying to find a KEK via key resolvers");
KeyInfo ki = encryptedKey.getKeyInfo();
if (ki != null) {
@@ -1418,7 +1345,7 @@
JCEMapper.translateURItoJCEID(
encryptedKey.getEncryptionMethod().getAlgorithm());
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
+ logger.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
try {
if (_requestedJCEProvider == null)
@@ -1448,7 +1375,7 @@
throw new XMLEncryptionException("empty", nsae);
}
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
+ logger.log(java.util.logging.Level.FINE, "Decryption of key type " + algorithm + " OK");
return ret;
@@ -1478,14 +1405,9 @@
*
* @param node the Node to clear.
*/
- private void removeContent(Node node) {
- NodeList list = node.getChildNodes();
- if (list.getLength() > 0) {
- Node n = list.item(0);
- if (null != n) {
- n.getParentNode().removeChild(n);
- }
- removeContent(node);
+ private static void removeContent(Node node) {
+ while (node.hasChildNodes()) {
+ node.removeChild(node.getFirstChild());
}
}
@@ -1499,7 +1421,7 @@
private Document decryptElement(Element element) throws
XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decrypting element...");
+ logger.log(java.util.logging.Level.FINE, "Decrypting element...");
if(_cipherMode != DECRYPT_MODE)
logger.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
@@ -1512,7 +1434,7 @@
}
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decrypted octets:\n" + octets);
+ logger.log(java.util.logging.Level.FINE, "Decrypted octets:\n" + octets);
Node sourceParent = element.getParentNode();
@@ -1573,7 +1495,7 @@
public byte[] decryptToByteArray(Element element)
throws XMLEncryptionException {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");
+ logger.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");
if(_cipherMode != DECRYPT_MODE)
logger.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
@@ -2226,7 +2148,7 @@
AgreementMethod newAgreementMethod(Element element) throws
XMLEncryptionException {
if (null == element) {
- //complain
+ throw new NullPointerException("element is null");
}
String algorithm = element.getAttributeNS(null,
@@ -2292,7 +2214,7 @@
CipherData newCipherData(Element element) throws
XMLEncryptionException {
if (null == element) {
- // complain
+ throw new NullPointerException("element is null");
}
int type = 0;
@@ -2352,7 +2274,7 @@
(Element) transformsElements.item(0);
if (transformsElement != null) {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Creating a DSIG based Transforms element");
+ logger.log(java.util.logging.Level.FINE, "Creating a DSIG based Transforms element");
try {
result.setTransforms(new TransformsImpl(transformsElement));
}
@@ -2411,34 +2333,28 @@
XMLEncryptionException {
EncryptedData result = null;
- NodeList dataElements = element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CIPHERDATA);
-
- // Need to get the last CipherData found, as earlier ones will
- // be for elements in the KeyInfo lists
+ NodeList dataElements = element.getElementsByTagNameNS(
+ EncryptionConstants.EncryptionSpecNS,
+ EncryptionConstants._TAG_CIPHERDATA);
+
+ // Need to get the last CipherData found, as earlier ones will
+ // be for elements in the KeyInfo lists
Element dataElement =
- (Element) dataElements.item(dataElements.getLength() - 1);
+ (Element) dataElements.item(dataElements.getLength() - 1);
CipherData data = newCipherData(dataElement);
result = newEncryptedData(data);
- try {
- result.setId(element.getAttributeNS(
- null, EncryptionConstants._ATT_ID));
- result.setType(new URI(
- element.getAttributeNS(
- null, EncryptionConstants._ATT_TYPE)).toString());
- result.setMimeType(element.getAttributeNS(
- null, EncryptionConstants._ATT_MIMETYPE));
- result.setEncoding(new URI(
- element.getAttributeNS(
- null, Constants._ATT_ENCODING)).toString());
- } catch (URI.MalformedURIException mfue) {
- // do nothing
- }
+ result.setId(element.getAttributeNS(
+ null, EncryptionConstants._ATT_ID));
+ result.setType(
+ element.getAttributeNS(null, EncryptionConstants._ATT_TYPE));
+ result.setMimeType(element.getAttributeNS(
+ null, EncryptionConstants._ATT_MIMETYPE));
+ result.setEncoding(
+ element.getAttributeNS(null, Constants._ATT_ENCODING));
Element encryptionMethodElement =
(Element) element.getElementsByTagNameNS(
@@ -2450,18 +2366,18 @@
}
// BFL 16/7/03 - simple implementation
- // TODO: Work out how to handle relative URI
+ // TODO: Work out how to handle relative URI
Element keyInfoElement =
(Element) element.getElementsByTagNameNS(
Constants.SignatureSpecNS, Constants._TAG_KEYINFO).item(0);
if (null != keyInfoElement) {
- try {
- result.setKeyInfo(new KeyInfo(keyInfoElement, null));
- } catch (XMLSecurityException xse) {
- throw new XMLEncryptionException("Error loading Key Info",
- xse);
- }
+ try {
+ result.setKeyInfo(new KeyInfo(keyInfoElement, null));
+ } catch (XMLSecurityException xse) {
+ throw new XMLEncryptionException("Error loading Key Info",
+ xse);
+ }
}
// TODO: Implement
@@ -2511,31 +2427,25 @@
EncryptedKey newEncryptedKey(Element element) throws
XMLEncryptionException {
EncryptedKey result = null;
- NodeList dataElements = element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CIPHERDATA);
+ NodeList dataElements = element.getElementsByTagNameNS(
+ EncryptionConstants.EncryptionSpecNS,
+ EncryptionConstants._TAG_CIPHERDATA);
Element dataElement =
- (Element) dataElements.item(dataElements.getLength() - 1);
+ (Element) dataElements.item(dataElements.getLength() - 1);
CipherData data = newCipherData(dataElement);
result = newEncryptedKey(data);
- try {
- result.setId(element.getAttributeNS(
- null, EncryptionConstants._ATT_ID));
- result.setType(new URI(
- element.getAttributeNS(
- null, EncryptionConstants._ATT_TYPE)).toString());
- result.setMimeType(element.getAttributeNS(
- null, EncryptionConstants._ATT_MIMETYPE));
- result.setEncoding(new URI(
- element.getAttributeNS(
- null, Constants._ATT_ENCODING)).toString());
- result.setRecipient(element.getAttributeNS(
- null, EncryptionConstants._ATT_RECIPIENT));
- } catch (URI.MalformedURIException mfue) {
- // do nothing
- }
+ result.setId(element.getAttributeNS(
+ null, EncryptionConstants._ATT_ID));
+ result.setType(
+ element.getAttributeNS(null, EncryptionConstants._ATT_TYPE));
+ result.setMimeType(element.getAttributeNS(
+ null, EncryptionConstants._ATT_MIMETYPE));
+ result.setEncoding(
+ element.getAttributeNS(null, Constants._ATT_ENCODING));
+ result.setRecipient(element.getAttributeNS(
+ null, EncryptionConstants._ATT_RECIPIENT));
Element encryptionMethodElement =
(Element) element.getElementsByTagNameNS(
@@ -2550,12 +2460,12 @@
(Element) element.getElementsByTagNameNS(
Constants.SignatureSpecNS, Constants._TAG_KEYINFO).item(0);
if (null != keyInfoElement) {
- try {
- result.setKeyInfo(new KeyInfo(keyInfoElement, null));
- } catch (XMLSecurityException xse) {
- throw new XMLEncryptionException("Error loading Key Info",
- xse);
- }
+ try {
+ result.setKeyInfo(new KeyInfo(keyInfoElement, null));
+ } catch (XMLSecurityException xse) {
+ throw new XMLEncryptionException
+ ("Error loading Key Info", xse);
+ }
}
// TODO: Implement
@@ -2581,7 +2491,8 @@
EncryptionConstants.EncryptionSpecNS,
EncryptionConstants._TAG_CARRIEDKEYNAME).item(0);
if (null != carriedNameElement) {
- result.setCarriedName(carriedNameElement.getNodeValue());
+ result.setCarriedName
+ (carriedNameElement.getFirstChild().getNodeValue());
}
return (result);
@@ -2680,13 +2591,8 @@
EncryptionProperty newEncryptionProperty(Element element) {
EncryptionProperty result = newEncryptionProperty();
- try {
- result.setTarget(new URI(
- element.getAttributeNS(
- null, EncryptionConstants._ATT_TARGET)).toString());
- } catch (URI.MalformedURIException mfue) {
- // do nothing
- }
+ result.setTarget(
+ element.getAttributeNS(null, EncryptionConstants._ATT_TARGET));
result.setId(element.getAttributeNS(
null, EncryptionConstants._ATT_ID));
// TODO: Make this lot work...
@@ -2943,7 +2849,7 @@
} catch (URI.MalformedURIException mfue) {
//complain
}
- algorithm = tmpAlgorithm.toString();
+ algorithmURI = tmpAlgorithm.toString();
}
//
@@ -3183,7 +3089,7 @@
_contextDocument, EncryptionConstants.EncryptionSpecNS,
EncryptionConstants._TAG_CIPHERVALUE);
result.appendChild(_contextDocument.createTextNode(
- new String(cipherValue)));
+ cipherValue));
return (result);
}
@@ -3247,8 +3153,7 @@
}
if (null != super.getType()) {
result.setAttributeNS(
- null, EncryptionConstants._ATT_TYPE,
- super.getType().toString());
+ null, EncryptionConstants._ATT_TYPE, super.getType());
}
if (null != super.getMimeType()) {
result.setAttributeNS(
@@ -3258,7 +3163,7 @@
if (null != super.getEncoding()) {
result.setAttributeNS(
null, EncryptionConstants._ATT_ENCODING,
- super.getEncoding().toString());
+ super.getEncoding());
}
if (null != super.getEncryptionMethod()) {
result.appendChild(((EncryptionMethodImpl)
@@ -3383,8 +3288,7 @@
}
if (null != super.getType()) {
result.setAttributeNS(
- null, EncryptionConstants._ATT_TYPE,
- super.getType().toString());
+ null, EncryptionConstants._ATT_TYPE, super.getType());
}
if (null != super.getMimeType()) {
result.setAttributeNS(null,
@@ -3392,7 +3296,7 @@
}
if (null != super.getEncoding()) {
result.setAttributeNS(null, Constants._ATT_ENCODING,
- super.getEncoding().toString());
+ super.getEncoding());
}
if (null != getRecipient()) {
result.setAttributeNS(null,
@@ -3468,13 +3372,17 @@
* @param type
*/
public void setType(String type) {
- URI tmpType = null;
- try {
- tmpType = new URI(type);
- } catch (URI.MalformedURIException mfue) {
- // complain
+ if (type == null || type.length() == 0) {
+ this.type = null;
+ } else {
+ URI tmpType = null;
+ try {
+ tmpType = new URI(type);
+ } catch (URI.MalformedURIException mfue) {
+ // complain
+ }
+ this.type = tmpType.toString();
}
- this.type = tmpType.toString();
}
/**
*
@@ -3502,13 +3410,17 @@
* @param encoding
*/
public void setEncoding(String encoding) {
- URI tmpEncoding = null;
- try {
- tmpEncoding = new URI(encoding);
- } catch (URI.MalformedURIException mfue) {
- // complain
+ if (encoding == null || encoding.length() == 0) {
+ this.encoding = null;
+ } else {
+ URI tmpEncoding = null;
+ try {
+ tmpEncoding = new URI(encoding);
+ } catch (URI.MalformedURIException mfue) {
+ // complain
+ }
+ this.encoding = tmpEncoding.toString();
}
- this.encoding = tmpEncoding.toString();
}
/**
*
@@ -3635,7 +3547,7 @@
_contextDocument, EncryptionConstants.EncryptionSpecNS,
EncryptionConstants._TAG_ENCRYPTIONMETHOD);
result.setAttributeNS(null, EncryptionConstants._ATT_ALGORITHM,
- algorithm.toString());
+ algorithm);
if (keySize > 0) {
result.appendChild(
ElementProxy.createElementForFamily(_contextDocument,
@@ -3735,8 +3647,7 @@
private class EncryptionPropertyImpl implements EncryptionProperty {
private String target = null;
private String id = null;
- private String attributeName = null;
- private String attributeValue = null;
+ private HashMap attributeMap = new HashMap();
private List encryptionInformation = null;
/**
@@ -3752,13 +3663,24 @@
}
/** @inheritDoc */
public void setTarget(String target) {
- URI tmpTarget = null;
- try {
- tmpTarget = new URI(target);
- } catch (URI.MalformedURIException mfue) {
- // complain
+ if (target == null || target.length() == 0) {
+ this.target = null;
+ } else if (target.startsWith("#")) {
+ /*
+ * This is a same document URI reference. Do not parse,
+ * because com.sun.org.apache.xml.internal.utils.URI considers this an
+ * illegal URI because it has no scheme.
+ */
+ this.target = target;
+ } else {
+ URI tmpTarget = null;
+ try {
+ tmpTarget = new URI(target);
+ } catch (URI.MalformedURIException mfue) {
+ // complain
+ }
+ this.target = tmpTarget.toString();
}
- this.target = tmpTarget.toString();
}
/** @inheritDoc */
public String getId() {
@@ -3770,12 +3692,11 @@
}
/** @inheritDoc */
public String getAttribute(String attribute) {
- return (attributeValue);
+ return (String) attributeMap.get(attribute);
}
/** @inheritDoc */
public void setAttribute(String attribute, String value) {
- attributeName = attribute;
- attributeValue = value;
+ attributeMap.put(attribute, value);
}
/** @inheritDoc */
public Iterator getEncryptionInformation() {
@@ -3805,7 +3726,7 @@
EncryptionConstants._TAG_ENCRYPTIONPROPERTY);
if (null != target) {
result.setAttributeNS(null, EncryptionConstants._ATT_TARGET,
- target.toString());
+ target);
}
if (null != id) {
result.setAttributeNS(null, EncryptionConstants._ATT_ID,
@@ -3839,7 +3760,13 @@
* @param doc
*/
public TransformsImpl(Document doc) {
- super(doc);
+ if (doc == null) {
+ throw new RuntimeException("Document is null");
+ }
+
+ this._doc = doc;
+ this._constructionElement = createElementForFamilyLocal(this._doc,
+ this.getBaseNamespace(), this.getBaseLocalName());
}
/**
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherInput.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherInput.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherInput.java Mon Sep 22 10:43:17 2008 -0400
@@ -108,84 +108,78 @@
return null;
}
- /**
- * Internal method to get bytes in decryption mode
+ /**
+ * Internal method to get bytes in decryption mode
* @return the decripted bytes
* @throws XMLEncryptionException
- */
+ */
+ private byte[] getDecryptBytes() throws XMLEncryptionException {
- private byte[] getDecryptBytes() throws XMLEncryptionException {
-
- String base64EncodedEncryptedOctets = null;
+ String base64EncodedEncryptedOctets = null;
if (_cipherData.getDataType() == CipherData.REFERENCE_TYPE) {
- // Fun time!
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Found a reference type CipherData");
- CipherReference cr = _cipherData.getCipherReference();
+ // Fun time!
+ logger.log(java.util.logging.Level.FINE, "Found a reference type CipherData");
+ CipherReference cr = _cipherData.getCipherReference();
- // Need to wrap the uri in an Attribute node so that we can
- // Pass to the resource resolvers
+ // Need to wrap the uri in an Attribute node so that we can
+ // Pass to the resource resolvers
- Attr uriAttr = cr.getURIAsAttr();
- XMLSignatureInput input = null;
+ Attr uriAttr = cr.getURIAsAttr();
+ XMLSignatureInput input = null;
- try {
- ResourceResolver resolver =
- ResourceResolver.getInstance(uriAttr, null);
- input = resolver.resolve(uriAttr, null);
- } catch (ResourceResolverException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
+ try {
+ ResourceResolver resolver =
+ ResourceResolver.getInstance(uriAttr, null);
+ input = resolver.resolve(uriAttr, null);
+ } catch (ResourceResolverException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
- if (input != null) {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Managed to resolve URI \"" + cr.getURI() + "\"");
- }
- else {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Failed to resolve URI \"" + cr.getURI() + "\"");
- }
+ if (input != null) {
+ logger.log(java.util.logging.Level.FINE, "Managed to resolve URI \"" + cr.getURI() + "\"");
+ } else {
+ logger.log(java.util.logging.Level.FINE, "Failed to resolve URI \"" + cr.getURI() + "\"");
+ }
- // Lets see if there are any transforms
- Transforms transforms = cr.getTransforms();
- if (transforms != null) {
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Have transforms in cipher reference");
- try {
- com.sun.org.apache.xml.internal.security.transforms.Transforms dsTransforms =
- transforms.getDSTransforms();
- input = dsTransforms.performTransforms(input);
- } catch (TransformationException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
- }
+ // Lets see if there are any transforms
+ Transforms transforms = cr.getTransforms();
+ if (transforms != null) {
+ logger.log(java.util.logging.Level.FINE, "Have transforms in cipher reference");
+ try {
+ com.sun.org.apache.xml.internal.security.transforms.Transforms dsTransforms =
+ transforms.getDSTransforms();
+ input = dsTransforms.performTransforms(input);
+ } catch (TransformationException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
+ }
- try {
- return input.getBytes();
- }
- catch (IOException ex) {
- throw new XMLEncryptionException("empty", ex);
- } catch (CanonicalizationException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
+ try {
+ return input.getBytes();
+ } catch (IOException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ } catch (CanonicalizationException ex) {
+ throw new XMLEncryptionException("empty", ex);
+ }
- // retrieve the cipher text
+ // retrieve the cipher text
} else if (_cipherData.getDataType() == CipherData.VALUE_TYPE) {
- CipherValue cv = _cipherData.getCipherValue();
- base64EncodedEncryptedOctets = new String(cv.getValue());
+ base64EncodedEncryptedOctets =
+ _cipherData.getCipherValue().getValue();
} else {
- throw new XMLEncryptionException("CipherData.getDataType() returned unexpected value");
- }
+ throw new XMLEncryptionException("CipherData.getDataType() returned unexpected value");
+ }
- if (logger.isLoggable(java.util.logging.Level.FINE)) logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
+ logger.log(java.util.logging.Level.FINE, "Encrypted octets:\n" + base64EncodedEncryptedOctets);
byte[] encryptedBytes = null;
-
try {
- encryptedBytes = Base64.decode(base64EncodedEncryptedOctets);
+ encryptedBytes = Base64.decode(base64EncodedEncryptedOctets);
} catch (Base64DecodingException bde) {
throw new XMLEncryptionException("empty", bde);
}
- return (encryptedBytes);
-
- }
-
+ return (encryptedBytes);
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -28,7 +27,7 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class ContentHandlerAlreadyRegisteredException
extends XMLSecurityException {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java Mon Sep 22 10:43:17 2008 -0400
@@ -25,6 +25,8 @@
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
@@ -88,15 +90,22 @@
* The containsXXX() methods return whether the KeyInfo
* contains the corresponding type.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class KeyInfo extends SignatureElementProxy {
/** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(KeyInfo.class.getName());
+ List x509Datas=null;
+ List encryptedKeys=null;
-
+ static final List nullList;
+ static {
+ List list = new ArrayList();
+ list.add(null);
+ nullList = Collections.unmodifiableList(list);
+ }
/**
* Constructor KeyInfo
@@ -108,7 +117,6 @@
XMLUtils.addReturnToElement(this._constructionElement);
-
}
/**
@@ -119,8 +127,8 @@
* @throws XMLSecurityException
*/
public KeyInfo(Element element, String BaseURI) throws XMLSecurityException {
-
super(element, BaseURI);
+ // _storageResolvers.add(null);
}
@@ -131,7 +139,7 @@
*/
public void setId(String Id) {
- if ((this._state == MODE_SIGN) && (Id != null)) {
+ if ((Id != null)) {
this._constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
IdResolver.registerElementById(this._constructionElement, Id);
}
@@ -162,10 +170,8 @@
*/
public void add(KeyName keyname) {
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(keyname.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -219,11 +225,8 @@
* @param keyvalue
*/
public void add(KeyValue keyvalue) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(keyvalue.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -241,11 +244,8 @@
* @param mgmtdata
*/
public void add(MgmtData mgmtdata) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(mgmtdata.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -254,11 +254,8 @@
* @param pgpdata
*/
public void add(PGPData pgpdata) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(pgpdata.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -279,11 +276,8 @@
* @param retrievalmethod
*/
public void add(RetrievalMethod retrievalmethod) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(retrievalmethod.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -292,11 +286,8 @@
* @param spkidata
*/
public void add(SPKIData spkidata) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(spkidata.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -305,11 +296,11 @@
* @param x509data
*/
public void add(X509Data x509data) {
-
- if (this._state == MODE_SIGN) {
+ if (x509Datas==null)
+ x509Datas=new ArrayList();
+ x509Datas.add(x509data);
this._constructionElement.appendChild(x509data.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -321,12 +312,11 @@
public void add(EncryptedKey encryptedKey)
throws XMLEncryptionException {
-
- if (this._state == MODE_SIGN) {
+ if (encryptedKeys==null)
+ encryptedKeys=new ArrayList();
+ encryptedKeys.add(encryptedKey);
XMLCipher cipher = XMLCipher.getInstance();
this._constructionElement.appendChild(cipher.martial(encryptedKey));
- }
-
}
/**
@@ -335,11 +325,8 @@
* @param element
*/
public void addUnknownElement(Element element) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(element);
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -403,6 +390,9 @@
*@return the number of the X509Data tags
*/
public int lengthX509Data() {
+ if (x509Datas!=null) {
+ return x509Datas.size();
+ }
return this.length(Constants.SignatureSpecNS, Constants._TAG_X509DATA);
}
@@ -550,7 +540,9 @@
* @throws XMLSecurityException
*/
public X509Data itemX509Data(int i) throws XMLSecurityException {
-
+ if (x509Datas!=null) {
+ return (X509Data) x509Datas.get(i);
+ }
Element e = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
Constants._TAG_X509DATA,i);
@@ -569,7 +561,9 @@
*/
public EncryptedKey itemEncryptedKey(int i) throws XMLSecurityException {
-
+ if (encryptedKeys!=null) {
+ return (EncryptedKey) encryptedKeys.get(i);
+ }
Element e =
XMLUtils.selectXencNode(this._constructionElement.getFirstChild(),
EncryptionConstants._TAG_ENCRYPTEDKEY,i);
@@ -707,20 +701,20 @@
PublicKey pk = this.getPublicKeyFromInternalResolvers();
if (pk != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I could find a key using the per-KeyInfo key resolvers");
+ log.log(java.util.logging.Level.FINE, "I could find a key using the per-KeyInfo key resolvers");
return pk;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I couldn't find a key using the per-KeyInfo key resolvers");
+ log.log(java.util.logging.Level.FINE, "I couldn't find a key using the per-KeyInfo key resolvers");
pk = this.getPublicKeyFromStaticResolvers();
if (pk != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I could find a key using the system-wide key resolvers");
+ log.log(java.util.logging.Level.FINE, "I could find a key using the system-wide key resolvers");
return pk;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I couldn't find a key using the system-wide key resolvers");
+ log.log(java.util.logging.Level.FINE, "I couldn't find a key using the system-wide key resolvers");
return null;
}
@@ -732,46 +726,29 @@
* @throws KeyResolverException
*/
PublicKey getPublicKeyFromStaticResolvers() throws KeyResolverException {
-
- for (int i = 0; i < KeyResolver.length(); i++) {
- KeyResolver keyResolver = KeyResolver.item(i);
+ int length=KeyResolver.length();
+ int storageLength=this._storageResolvers.size();
+ Iterator it= KeyResolver.iterator();
+ for (int i = 0; i < length; i++) {
+ KeyResolverSpi keyResolver = (KeyResolverSpi) it.next();
Node currentChild=this._constructionElement.getFirstChild();
+ String uri= this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- if (this._storageResolvers.size() == 0) {
-
- // if we do not have storage resolvers, we verify with null
- StorageResolver storage = null;
-
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- PublicKey pk =
- keyResolver.resolvePublicKey((Element) currentChild,
- this.getBaseURI(),
- storage);
-
- if (pk != null) {
- return pk;
- }
- }
- } else {
- for (int k = 0; k < this._storageResolvers.size(); k++) {
+ for (int k = 0; k < storageLength; k++) {
StorageResolver storage =
(StorageResolver) this._storageResolvers.get(k);
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- PublicKey pk =
- keyResolver.resolvePublicKey((Element) currentChild,
- this.getBaseURI(),
+ PublicKey pk =
+ keyResolver.engineLookupAndResolvePublicKey((Element) currentChild,
+ uri,
storage);
- if (pk != null) {
- return pk;
- }
+ if (pk != null) {
+ KeyResolver.hit(it);
+ return pk;
}
}
- }
}
currentChild=currentChild.getNextSibling();
}
@@ -786,50 +763,27 @@
* @throws KeyResolverException
*/
PublicKey getPublicKeyFromInternalResolvers() throws KeyResolverException {
-
- for (int i = 0; i < this.lengthInternalKeyResolver(); i++) {
+ int length=lengthInternalKeyResolver();
+ int storageLength=this._storageResolvers.size();
+ for (int i = 0; i < length; i++) {
KeyResolverSpi keyResolver = this.itemInternalKeyResolver(i);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Try " + keyResolver.getClass().getName());
Node currentChild=this._constructionElement.getFirstChild();
+ String uri=this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- if (this._storageResolvers.size() == 0) {
-
- // if we do not have storage resolvers, we verify with null
- StorageResolver storage = null;
-
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- PublicKey pk =
- keyResolver
- .engineResolvePublicKey((Element) currentChild, this
- .getBaseURI(), storage);
+ for (int k = 0; k < storageLength; k++) {
+ StorageResolver storage =
+ (StorageResolver) this._storageResolvers.get(k);
+ PublicKey pk = keyResolver
+ .engineLookupAndResolvePublicKey((Element) currentChild, uri, storage);
if (pk != null) {
- return pk;
+ return pk;
}
}
- } else {
- for (int k = 0; k < this._storageResolvers.size(); k++) {
- StorageResolver storage =
- (StorageResolver) this._storageResolvers.get(k);
-
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- PublicKey pk = keyResolver
- .engineResolvePublicKey((Element) currentChild, this
- .getBaseURI(), storage);
-
- if (pk != null) {
- return pk;
- }
- }
- }
- }
}
currentChild=currentChild.getNextSibling();
}
@@ -850,12 +804,12 @@
X509Certificate cert = this.getX509CertificateFromInternalResolvers();
if (cert != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE,
+ log.log(java.util.logging.Level.FINE,
"I could find a X509Certificate using the per-KeyInfo key resolvers");
return cert;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE,
+ log.log(java.util.logging.Level.FINE,
"I couldn't find a X509Certificate using the per-KeyInfo key resolvers");
@@ -863,12 +817,12 @@
cert = this.getX509CertificateFromStaticResolvers();
if (cert != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE,
+ log.log(java.util.logging.Level.FINE,
"I could find a X509Certificate using the system-wide key resolvers");
return cert;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE,
+ log.log(java.util.logging.Level.FINE,
"I couldn't find a X509Certificate using the system-wide key resolvers");
@@ -885,53 +839,44 @@
*/
X509Certificate getX509CertificateFromStaticResolvers()
throws KeyResolverException {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Start getX509CertificateFromStaticResolvers() with "
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Start getX509CertificateFromStaticResolvers() with "
+ KeyResolver.length() + " resolvers");
-
- for (int i = 0; i < KeyResolver.length(); i++) {
- KeyResolver keyResolver = KeyResolver.item(i);
- Node currentChild=this._constructionElement.getFirstChild();
- while (currentChild!=null) {
- if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- if (this._storageResolvers.size() == 0) {
-
- // if we do not have storage resolvers, we verify with null
- StorageResolver storage = null;
+ String uri=this.getBaseURI();
+ int length= KeyResolver.length();
+ int storageLength=this._storageResolvers.size();
+ Iterator it = KeyResolver.iterator();
+ for (int i = 0; i com.sun.org.apache.xml.internal.security.keys package.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class KeyUtils {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -28,7 +27,7 @@
/**
* Empty interface just to identify Elements that can be cildren of ds:KeyInfo.
*
- * @author $Author: blautenb $
+ * @author $Author: mullan $
*/
public interface KeyInfoContent {
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,25 +20,18 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content;
-
-
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class KeyName extends SignatureElementProxy implements KeyInfoContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(KeyName.class.getName());
-
/**
* Constructor KeyName
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,11 +20,8 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content;
-
-
import java.security.PublicKey;
-
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.DSAKeyValue;
import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.RSAKeyValue;
@@ -34,140 +31,131 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
* The KeyValue element contains a single public key that may be useful in
* validating the signature. Structured formats for defining DSA (REQUIRED)
* and RSA (RECOMMENDED) public keys are defined in Signature Algorithms
* (section 6.4). The KeyValue element may include externally defined public
- * keys values represented as PCDATA or element types from an external namespace.
+ * keys values represented as PCDATA or element types from an external
+ * namespace.
*
- * @author $Author: vishal $
+ * @author $Author: mullan $
*/
public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(KeyValue.class.getName());
+ /**
+ * Constructor KeyValue
+ *
+ * @param doc
+ * @param dsaKeyValue
+ */
+ public KeyValue(Document doc, DSAKeyValue dsaKeyValue) {
- /**
- * Constructor KeyValue
- *
- * @param doc
- * @param dsaKeyValue
- */
- public KeyValue(Document doc, DSAKeyValue dsaKeyValue) {
-
- super(doc);
+ super(doc);
- XMLUtils.addReturnToElement(this._constructionElement);
- this._constructionElement.appendChild(dsaKeyValue.getElement());
- XMLUtils.addReturnToElement(this._constructionElement);
- }
+ XMLUtils.addReturnToElement(this._constructionElement);
+ this._constructionElement.appendChild(dsaKeyValue.getElement());
+ XMLUtils.addReturnToElement(this._constructionElement);
+ }
- /**
- * Constructor KeyValue
- *
- * @param doc
- * @param rsaKeyValue
- */
- public KeyValue(Document doc, RSAKeyValue rsaKeyValue) {
+ /**
+ * Constructor KeyValue
+ *
+ * @param doc
+ * @param rsaKeyValue
+ */
+ public KeyValue(Document doc, RSAKeyValue rsaKeyValue) {
- super(doc);
+ super(doc);
- XMLUtils.addReturnToElement(this._constructionElement);
- this._constructionElement.appendChild(rsaKeyValue.getElement());
- XMLUtils.addReturnToElement(this._constructionElement);
- }
+ XMLUtils.addReturnToElement(this._constructionElement);
+ this._constructionElement.appendChild(rsaKeyValue.getElement());
+ XMLUtils.addReturnToElement(this._constructionElement);
+ }
- /**
- * Constructor KeyValue
- *
- * @param doc
- * @param unknownKeyValue
- */
- public KeyValue(Document doc, Element unknownKeyValue) {
+ /**
+ * Constructor KeyValue
+ *
+ * @param doc
+ * @param unknownKeyValue
+ */
+ public KeyValue(Document doc, Element unknownKeyValue) {
- super(doc);
+ super(doc);
- XMLUtils.addReturnToElement(this._constructionElement);
- this._constructionElement.appendChild(unknownKeyValue);
- XMLUtils.addReturnToElement(this._constructionElement);
- }
+ XMLUtils.addReturnToElement(this._constructionElement);
+ this._constructionElement.appendChild(unknownKeyValue);
+ XMLUtils.addReturnToElement(this._constructionElement);
+ }
- /**
- * Constructor KeyValue
- *
- * @param doc
- * @param pk
- */
- public KeyValue(Document doc, PublicKey pk) {
+ /**
+ * Constructor KeyValue
+ *
+ * @param doc
+ * @param pk
+ */
+ public KeyValue(Document doc, PublicKey pk) {
- super(doc);
+ super(doc);
- XMLUtils.addReturnToElement(this._constructionElement);
+ XMLUtils.addReturnToElement(this._constructionElement);
- if (pk instanceof java.security.interfaces.DSAPublicKey) {
- DSAKeyValue dsa = new DSAKeyValue(this._doc, pk);
+ if (pk instanceof java.security.interfaces.DSAPublicKey) {
+ DSAKeyValue dsa = new DSAKeyValue(this._doc, pk);
- this._constructionElement.appendChild(dsa.getElement());
- XMLUtils.addReturnToElement(this._constructionElement);
- } else if (pk instanceof java.security.interfaces.RSAPublicKey) {
- RSAKeyValue rsa = new RSAKeyValue(this._doc, pk);
+ this._constructionElement.appendChild(dsa.getElement());
+ XMLUtils.addReturnToElement(this._constructionElement);
+ } else if (pk instanceof java.security.interfaces.RSAPublicKey) {
+ RSAKeyValue rsa = new RSAKeyValue(this._doc, pk);
- this._constructionElement.appendChild(rsa.getElement());
- XMLUtils.addReturnToElement(this._constructionElement);
- }
- }
+ this._constructionElement.appendChild(rsa.getElement());
+ XMLUtils.addReturnToElement(this._constructionElement);
+ }
+ }
- /**
- * Constructor KeyValue
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public KeyValue(Element element, String BaseURI)
+ /**
+ * Constructor KeyValue
+ *
+ * @param element
+ * @param BaseURI
+ * @throws XMLSecurityException
+ */
+ public KeyValue(Element element, String BaseURI)
throws XMLSecurityException {
- super(element, BaseURI);
- }
+ super(element, BaseURI);
+ }
- /**
- * Method getPublicKey
- *
- * @return the public key
- * @throws XMLSecurityException
- */
- public PublicKey getPublicKey() throws XMLSecurityException {
-
+ /**
+ * Method getPublicKey
+ *
+ * @return the public key
+ * @throws XMLSecurityException
+ */
+ public PublicKey getPublicKey() throws XMLSecurityException {
- Element rsa = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
- Constants._TAG_RSAKEYVALUE,0);
+ Element rsa = XMLUtils.selectDsNode
+ (this._constructionElement.getFirstChild(),
+ Constants._TAG_RSAKEYVALUE,0);
- if (rsa != null) {
- RSAKeyValue kv = new RSAKeyValue(rsa,
- this._baseURI);
-
+ if (rsa != null) {
+ RSAKeyValue kv = new RSAKeyValue(rsa, this._baseURI);
return kv.getPublicKey();
- }
+ }
- Element dsa = XMLUtils.selectDsNode(this._constructionElement,
- Constants._TAG_DSAKEYVALUE,0);
-
+ Element dsa = XMLUtils.selectDsNode
+ (this._constructionElement.getFirstChild(),
+ Constants._TAG_DSAKEYVALUE,0);
- if (dsa != null) {
- DSAKeyValue kv = new DSAKeyValue(dsa,
- this._baseURI);
-
+ if (dsa != null) {
+ DSAKeyValue kv = new DSAKeyValue(dsa, this._baseURI);
return kv.getPublicKey();
- }
-
+ }
- return null;
- }
+ return null;
+ }
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_KEYVALUE;
- }
+ /** @inheritDoc */
+ public String getBaseLocalName() {
+ return Constants._TAG_KEYVALUE;
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,25 +20,18 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content;
-
-
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class MgmtData extends SignatureElementProxy implements KeyInfoContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(MgmtData.class.getName());
-
/**
* Constructor MgmtData
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,25 +20,18 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content;
-
-
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
* $todo$ Implement
*/
public class PGPData extends SignatureElementProxy implements KeyInfoContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(PGPData.class.getName());
-
/**
* Constructor PGPData
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,9 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content;
-
-
-
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
@@ -33,17 +30,13 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class RetrievalMethod extends SignatureElementProxy
implements KeyInfoContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(RetrievalMethod.class.getName());
//J-
/** DSA retrieval */
public static final String TYPE_DSA = Constants.SignatureSpecNS + "DSAKeyValue";
@@ -133,7 +126,7 @@
try {
Element transformsElem =
- XMLUtils.selectDsNode(this._constructionElement,
+ XMLUtils.selectDsNode(this._constructionElement.getFirstChild(),
Constants
._TAG_TRANSFORMS, 0);
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,25 +20,18 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content;
-
-
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
* $todo$ implement
*/
public class SPKIData extends SignatureElementProxy implements KeyInfoContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(SPKIData.class.getName());
-
/**
* Constructor SPKIData
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java Mon Sep 22 10:43:17 2008 -0400
@@ -41,7 +41,7 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class X509Data extends SignatureElementProxy implements KeyInfoContent {
@@ -72,60 +72,17 @@
throws XMLSecurityException {
super(element, BaseURI);
-
- boolean noElements=true;
Node sibling=this._constructionElement.getFirstChild();
while (sibling!=null) {
if (sibling.getNodeType()!=Node.ELEMENT_NODE) {
sibling=sibling.getNextSibling();
continue;
}
- noElements=false;
- Element currentElem = (Element) sibling;
- sibling=sibling.getNextSibling();
- String localname = currentElem.getLocalName();
-
- if (currentElem.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
- if (localname.equals(Constants._TAG_X509ISSUERSERIAL)) {
- XMLX509IssuerSerial is = new XMLX509IssuerSerial(currentElem,
- BaseURI);
-
- this.add(is);
- } else if (localname.equals(Constants._TAG_X509SKI)) {
- XMLX509SKI ski = new XMLX509SKI(currentElem, BaseURI);
-
- this.add(ski);
- } else if (localname.equals(Constants._TAG_X509SUBJECTNAME)) {
- XMLX509SubjectName sn = new XMLX509SubjectName(currentElem,
- BaseURI);
-
- this.add(sn);
- } else if (localname.equals(Constants._TAG_X509CERTIFICATE)) {
- XMLX509Certificate cert = new XMLX509Certificate(currentElem,
- BaseURI);
-
- this.add(cert);
- } else if (localname.equals(Constants._TAG_X509CRL)) {
- XMLX509CRL crl = new XMLX509CRL(currentElem, BaseURI);
-
- this.add(crl);
- } else {
- log.log(java.util.logging.Level.WARNING, "Found a " + currentElem.getTagName() + " element in "
- + Constants._TAG_X509DATA);
- this.addUnknownElement(currentElem);
- }
- } else {
- log.log(java.util.logging.Level.WARNING, "Found a " + currentElem.getTagName() + " element in "
- + Constants._TAG_X509DATA);
- this.addUnknownElement(currentElem);
- }
+ return;
}
- if (noElements) {
- Object exArgs[] = { "Elements", Constants._TAG_X509DATA };
-
- throw new XMLSecurityException("xml.WrongContent", exArgs);
- }
-
+ /* No Elements found */
+ Object exArgs[] = { "Elements", Constants._TAG_X509DATA };
+ throw new XMLSecurityException("xml.WrongContent", exArgs);
}
/**
@@ -169,11 +126,9 @@
*/
public void add(XMLX509IssuerSerial xmlX509IssuerSerial) {
- if (this._state == MODE_SIGN) {
this._constructionElement
.appendChild(xmlX509IssuerSerial.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -202,11 +157,8 @@
* @param xmlX509SKI
*/
public void add(XMLX509SKI xmlX509SKI) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(xmlX509SKI.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -233,11 +185,8 @@
* @param xmlX509SubjectName
*/
public void add(XMLX509SubjectName xmlX509SubjectName) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(xmlX509SubjectName.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -266,11 +215,8 @@
* @param xmlX509Certificate
*/
public void add(XMLX509Certificate xmlX509Certificate) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(xmlX509Certificate.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -288,11 +234,8 @@
* @param xmlX509CRL
*/
public void add(XMLX509CRL xmlX509CRL) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(xmlX509CRL.getElement());
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -301,11 +244,8 @@
* @param element
*/
public void addUnknownElement(Element element) {
-
- if (this._state == MODE_SIGN) {
this._constructionElement.appendChild(element);
XMLUtils.addReturnToElement(this._constructionElement);
- }
}
/**
@@ -479,7 +419,7 @@
* TODO implement
**/
public Element itemUnknownElement(int i) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "itemUnknownElement not implemented:"+i);
+ log.log(java.util.logging.Level.FINE, "itemUnknownElement not implemented:"+i);
return null;
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content.keyvalues;
-
-
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
@@ -39,18 +37,13 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class DSAKeyValue extends SignatureElementProxy
implements KeyValueContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(DSAKeyValue.class.getName());
-
/**
* Constructor DSAKeyValue
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/KeyValueContent.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/KeyValueContent.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/KeyValueContent.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -32,7 +31,7 @@
*
*
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*
*/
public interface KeyValueContent {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content.keyvalues;
-
-
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
@@ -39,19 +37,13 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class RSAKeyValue extends SignatureElementProxy
implements KeyValueContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(
- RSAKeyValue.class.getName());
-
/**
* Constructor RSAKeyValue
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,30 +20,20 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content.x509;
-
-
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
*
- *
- *
- *
- * @author $Author: raul $
+ * @author $Author: mullan $
*
*/
public class XMLX509CRL extends SignatureElementProxy
implements XMLX509DataContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(XMLX509CRL.class.getName());
-
/**
* Constructor XMLX509CRL
*
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content.x509;
-
-
import java.io.ByteArrayInputStream;
import java.security.PublicKey;
import java.security.cert.CertificateException;
@@ -34,18 +32,13 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class XMLX509Certificate extends SignatureElementProxy
implements XMLX509DataContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(XMLX509Certificate.class.getName());
-
/** Field JCA_CERT_ID */
public static final String JCA_CERT_ID = "X.509";
@@ -146,23 +139,25 @@
return null;
}
- /** @inheritDoc */
- public boolean equals(Object obj) {
-
- try {
- if (!obj.getClass().getName().equals(this.getClass().getName())) {
- return false;
- }
+ /** @inheritDoc */
+ public boolean equals(Object obj) {
- XMLX509Certificate other = (XMLX509Certificate) obj;
+ if (obj == null) {
+ return false;
+ }
+ if (!this.getClass().getName().equals(obj.getClass().getName())) {
+ return false;
+ }
+ XMLX509Certificate other = (XMLX509Certificate) obj;
+ try {
- /** $todo$ or should be create X509Certificates and use the equals() from the Certs */
- return java.security.MessageDigest.isEqual(other.getCertificateBytes(),
- this.getCertificateBytes());
- } catch (XMLSecurityException ex) {
- return false;
- }
- }
+ /** $todo$ or should be create X509Certificates and use the equals() from the Certs */
+ return java.security.MessageDigest.isEqual
+ (other.getCertificateBytes(), this.getCertificateBytes());
+ } catch (XMLSecurityException ex) {
+ return false;
+ }
+ }
/** @inheritDoc */
public String getBaseLocalName() {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -28,7 +27,7 @@
/**
* Just used for tagging contents that are allowed inside a ds:X509Data Element.
*
- * @author $Author: blautenb $
+ * @author $Author: mullan $
*/
public interface XMLX509DataContent {
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509IssuerSerial.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509IssuerSerial.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509IssuerSerial.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content.x509;
-
-
import java.math.BigInteger;
import java.security.cert.X509Certificate;
@@ -33,148 +31,139 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class XMLX509IssuerSerial extends SignatureElementProxy
implements XMLX509DataContent {
- /** {@link java.util.logging} logging facility */
+ /** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(
XMLX509IssuerSerial.class.getName());
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public XMLX509IssuerSerial(Element element, String BaseURI)
+ /**
+ * Constructor XMLX509IssuerSerial
+ *
+ * @param element
+ * @param baseURI
+ * @throws XMLSecurityException
+ */
+ public XMLX509IssuerSerial(Element element, String baseURI)
throws XMLSecurityException {
- super(element, BaseURI);
- }
+ super(element, baseURI);
+ }
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param doc
- * @param X509IssuerName
- * @param X509SerialNumber
- */
- public XMLX509IssuerSerial(Document doc, String X509IssuerName,
- BigInteger X509SerialNumber) {
+ /**
+ * Constructor XMLX509IssuerSerial
+ *
+ * @param doc
+ * @param x509IssuerName
+ * @param x509SerialNumber
+ */
+ public XMLX509IssuerSerial(Document doc, String x509IssuerName,
+ BigInteger x509SerialNumber) {
- super(doc);
-
- XMLUtils.addReturnToElement(this._constructionElement);
- this.addTextElement(X509IssuerName, Constants._TAG_X509ISSUERNAME);
- XMLUtils.addReturnToElement(this._constructionElement);
- this.addTextElement(X509SerialNumber.toString(), Constants._TAG_X509SERIALNUMBER);
- }
+ super(doc);
+ XMLUtils.addReturnToElement(this._constructionElement);
+ addTextElement(x509IssuerName, Constants._TAG_X509ISSUERNAME);
+ addTextElement(x509SerialNumber.toString(), Constants._TAG_X509SERIALNUMBER);
+ }
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param doc
- * @param X509IssuerName
- * @param X509SerialNumber
- */
- public XMLX509IssuerSerial(Document doc, String X509IssuerName,
- String X509SerialNumber) {
- this(doc, X509IssuerName, new BigInteger(X509SerialNumber));
- }
+ /**
+ * Constructor XMLX509IssuerSerial
+ *
+ * @param doc
+ * @param x509IssuerName
+ * @param x509SerialNumber
+ */
+ public XMLX509IssuerSerial(Document doc, String x509IssuerName,
+ String x509SerialNumber) {
+ this(doc, x509IssuerName, new BigInteger(x509SerialNumber));
+ }
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param doc
- * @param X509IssuerName
- * @param X509SerialNumber
- */
- public XMLX509IssuerSerial(Document doc, String X509IssuerName,
- int X509SerialNumber) {
- this(doc, X509IssuerName,
- new BigInteger(Integer.toString(X509SerialNumber)));
- }
+ /**
+ * Constructor XMLX509IssuerSerial
+ *
+ * @param doc
+ * @param x509IssuerName
+ * @param x509SerialNumber
+ */
+ public XMLX509IssuerSerial(Document doc, String x509IssuerName,
+ int x509SerialNumber) {
+ this(doc, x509IssuerName,
+ new BigInteger(Integer.toString(x509SerialNumber)));
+ }
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param doc
- * @param x509certificate
- */
- public XMLX509IssuerSerial(Document doc, X509Certificate x509certificate) {
+ /**
+ * Constructor XMLX509IssuerSerial
+ *
+ * @param doc
+ * @param x509certificate
+ */
+ public XMLX509IssuerSerial(Document doc, X509Certificate x509certificate) {
- this(doc,
- RFC2253Parser.normalize(x509certificate.getIssuerDN().getName()),
- x509certificate.getSerialNumber());
- }
+ this(doc,
+ RFC2253Parser.normalize(x509certificate.getIssuerDN().getName()),
+ x509certificate.getSerialNumber());
+ }
- /**
- * Method getSerialNumber
- *
- *
- * @return the serial number
- */
- public BigInteger getSerialNumber() {
+ /**
+ * Method getSerialNumber
+ *
+ * @return the serial number
+ */
+ public BigInteger getSerialNumber() {
- String text =
- this.getTextFromChildElement(Constants._TAG_X509SERIALNUMBER,
- Constants.SignatureSpecNS);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "In dem X509SerialNumber wurde gefunden: " + text);
+ String text = this.getTextFromChildElement
+ (Constants._TAG_X509SERIALNUMBER, Constants.SignatureSpecNS);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "X509SerialNumber text: " + text);
- return new BigInteger(text);
- }
+ return new BigInteger(text);
+ }
- /**
- * Method getSerialNumberInteger
- *
- *
- * @return the serial number as plain int
- */
- public int getSerialNumberInteger() {
- return this.getSerialNumber().intValue();
- }
+ /**
+ * Method getSerialNumberInteger
+ *
+ * @return the serial number as plain int
+ */
+ public int getSerialNumberInteger() {
+ return this.getSerialNumber().intValue();
+ }
- /**
- * Method getIssuerName
- *
- *
- * @return the issuer name
- */
- public String getIssuerName() {
+ /**
+ * Method getIssuerName
+ *
+ * @return the issuer name
+ */
+ public String getIssuerName() {
- return RFC2253Parser
- .normalize(this
- .getTextFromChildElement(Constants._TAG_X509ISSUERNAME,
- Constants.SignatureSpecNS));
- }
+ return RFC2253Parser
+ .normalize(this
+ .getTextFromChildElement(Constants._TAG_X509ISSUERNAME,
+ Constants.SignatureSpecNS));
+ }
- /** @inheritDoc */
- public boolean equals(Object obj) {
+ /** @inheritDoc */
+ public boolean equals(Object obj) {
- if (!obj.getClass().getName().equals(this.getClass().getName())) {
- return false;
- }
+ if (obj == null) {
+ return false;
+ }
+ if (!this.getClass().getName().equals(obj.getClass().getName())) {
+ return false;
+ }
- XMLX509IssuerSerial other = (XMLX509IssuerSerial) obj;
-
+ XMLX509IssuerSerial other = (XMLX509IssuerSerial) obj;
- if (other.getSerialNumber().equals(this.getSerialNumber())
- && other.getIssuerName().equals(this.getIssuerName())) {
- return true;
- }
+ return this.getSerialNumber().equals(other.getSerialNumber())
+ && this.getIssuerName().equals(other.getIssuerName());
+ }
- return false;
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509ISSUERSERIAL;
- }
+ /** @inheritDoc */
+ public String getBaseLocalName() {
+ return Constants._TAG_X509ISSUERSERIAL;
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content.x509;
-
-
import java.io.IOException;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
@@ -36,192 +34,143 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import sun.security.util.DerValue;
-
-
/**
* Handles SubjectKeyIdentifier (SKI) for X.509v3.
*
- * @author $Author: raul $
- * @see Interface X509Extension
+ * @author $Author: mullan $
+ * @see Interface X509Extension
*/
public class XMLX509SKI extends SignatureElementProxy
implements XMLX509DataContent {
- /** {@link java.util.logging} logging facility */
+ /** {@link java.util.logging} logging facility */
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(XMLX509SKI.class.getName());
- /**
- * SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14):
- * This extension identifies the public key being certified. It enables
- * distinct keys used by the same subject to be differentiated
- * (e.g., as key updating occurs).
- *
- * A key identifer shall be unique with respect to all key identifiers
- * for the subject with which it is used. This extension is always non-critical.
- */
- public static final String SKI_OID = "2.5.29.14";
-
- /**
- * Constructor X509SKI
- *
- * @param doc
- * @param skiBytes
- */
- public XMLX509SKI(Document doc, byte[] skiBytes) {
+ /**
+ * SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14):
+ * This extension identifies the public key being certified. It enables
+ * distinct keys used by the same subject to be differentiated
+ * (e.g., as key updating occurs).
+ *
+ * A key identifer shall be unique with respect to all key identifiers
+ * for the subject with which it is used. This extension is always non-critical.
+ */
+ public static final String SKI_OID = "2.5.29.14";
- super(doc);
-
- this.addBase64Text(skiBytes);
- }
+ /**
+ * Constructor X509SKI
+ *
+ * @param doc
+ * @param skiBytes
+ */
+ public XMLX509SKI(Document doc, byte[] skiBytes) {
+ super(doc);
+ this.addBase64Text(skiBytes);
+ }
- /**
- * Constructor XMLX509SKI
- *
- * @param doc
- * @param x509certificate
- * @throws XMLSecurityException
- */
- public XMLX509SKI(Document doc, X509Certificate x509certificate)
+ /**
+ * Constructor XMLX509SKI
+ *
+ * @param doc
+ * @param x509certificate
+ * @throws XMLSecurityException
+ */
+ public XMLX509SKI(Document doc, X509Certificate x509certificate)
throws XMLSecurityException {
-
- super(doc);
-
- this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
- }
+ super(doc);
+ this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
+ }
- /**
- * Constructor XMLX509SKI
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public XMLX509SKI(Element element, String BaseURI)
+ /**
+ * Constructor XMLX509SKI
+ *
+ * @param element
+ * @param BaseURI
+ * @throws XMLSecurityException
+ */
+ public XMLX509SKI(Element element, String BaseURI)
throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Method getSKIBytes
- *
- * @return the skibytes
- * @throws XMLSecurityException
- */
- public byte[] getSKIBytes() throws XMLSecurityException {
- return this.getBytesFromTextChild();
- }
+ super(element, BaseURI);
+ }
- /**
- * Method getSKIBytesFromCert
- *
- * @param cert
- * @return sky bytes from the given certificate
- *
- * @throws XMLSecurityException
- * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
- */
- public static byte[] getSKIBytesFromCert(X509Certificate cert)
- throws XMLSecurityException {
+ /**
+ * Method getSKIBytes
+ *
+ * @return the skibytes
+ * @throws XMLSecurityException
+ */
+ public byte[] getSKIBytes() throws XMLSecurityException {
+ return this.getBytesFromTextChild();
+ }
- try {
+ /**
+ * Method getSKIBytesFromCert
+ *
+ * @param cert
+ * @return ski bytes from the given certificate
+ *
+ * @throws XMLSecurityException
+ * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
+ */
+ public static byte[] getSKIBytesFromCert(X509Certificate cert)
+ throws XMLSecurityException {
- /*
- * Gets the DER-encoded OCTET string for the extension value (extnValue)
- * identified by the passed-in oid String. The oid string is
- * represented by a set of positive whole numbers separated by periods.
- */
- byte[] derEncodedValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
-
- if (cert.getVersion() < 3) {
+ if (cert.getVersion() < 3) {
Object exArgs[] = { new Integer(cert.getVersion()) };
-
throw new XMLSecurityException("certificate.noSki.lowVersion",
exArgs);
- }
+ }
- byte[] extensionValue = null;
+ /*
+ * Gets the DER-encoded OCTET string for the extension value
+ * (extnValue) identified by the passed-in oid String. The oid
+ * string is represented by a set of positive whole numbers
+ * separated by periods.
+ */
+ byte[] extensionValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
+ if (extensionValue == null) {
+ throw new XMLSecurityException("certificate.noSki.null");
+ }
- /**
- * Use sun.security.util.DerValue if it is present.
- */
- try {
- DerValue dervalue = new DerValue(derEncodedValue);
- if (dervalue == null) {
- throw new XMLSecurityException("certificate.noSki.null");
- }
- if (dervalue.tag != DerValue.tag_OctetString) {
- throw new XMLSecurityException("certificate.noSki.notOctetString");
- }
- extensionValue = dervalue.getOctetString();
- } catch (NoClassDefFoundError e) {
- }
+ /**
+ * Strip away first four bytes from the extensionValue
+ * The first two bytes are the tag and length of the extensionValue
+ * OCTET STRING, and the next two bytes are the tag and length of
+ * the skid OCTET STRING.
+ */
+ byte skidValue[] = new byte[extensionValue.length - 4];
+
+ System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
+
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(skidValue));
+ }
- /**
- * Fall back to org.bouncycastle.asn1.DERInputStream
- */
- if (extensionValue == null) {
- try {
- Class clazz = Class.forName("org.bouncycastle.asn1.DERInputStream");
- if (clazz != null) {
- Constructor constructor = clazz.getConstructor(new Class[]{InputStream.class});
- InputStream is = (InputStream) constructor.newInstance(new Object[]{new ByteArrayInputStream(derEncodedValue)});
- Method method = clazz.getMethod("readObject", new Class[]{});
- Object obj = method.invoke(is, new Object[]{});
- if (obj == null) {
- throw new XMLSecurityException("certificate.noSki.null");
- }
- Class clazz2 = Class.forName("org.bouncycastle.asn1.ASN1OctetString");
- if (!clazz2.isInstance(obj)) {
- throw new XMLSecurityException("certificate.noSki.notOctetString");
- }
- Method method2 = clazz2.getMethod("getOctets", new Class[]{});
- extensionValue = (byte[]) method2.invoke(obj, new Object[]{});
- }
- } catch (Throwable t) {
- }
- }
+ return skidValue;
+ }
- /**
- * Strip away first two bytes from the DerValue (tag and length)
- */
- byte abyte0[] = new byte[extensionValue.length - 2];
+ /** @inheritDoc */
+ public boolean equals(Object obj) {
+ if (obj == null) {
+ return false;
+ }
+ if (!this.getClass().getName().equals(obj.getClass().getName())) {
+ return false;
+ }
- System.arraycopy(extensionValue, 2, abyte0, 0, abyte0.length);
+ XMLX509SKI other = (XMLX509SKI) obj;
- /*
- byte abyte0[] = new byte[derEncodedValue.length - 4];
- System.arraycopy(derEncodedValue, 4, abyte0, 0, abyte0.length);
- */
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(abyte0));
-
- return abyte0;
- } catch (IOException ex) {
- throw new XMLSecurityException("generic.EmptyMessage", ex);
- }
- }
-
- /** @inheritDoc */
- public boolean equals(Object obj) {
+ try {
+ return java.security.MessageDigest.isEqual(other.getSKIBytes(),
+ this.getSKIBytes());
+ } catch (XMLSecurityException ex) {
+ return false;
+ }
+ }
- if (!obj.getClass().getName().equals(this.getClass().getName())) {
- return false;
- }
-
- XMLX509SKI other = (XMLX509SKI) obj;
-
- try {
- return java.security.MessageDigest.isEqual(other.getSKIBytes(),
- this.getSKIBytes());
- } catch (XMLSecurityException ex) {
- return false;
- }
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509SKI;
- }
+ /** @inheritDoc */
+ public String getBaseLocalName() {
+ return Constants._TAG_X509SKI;
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.content.x509;
-
-
import java.security.cert.X509Certificate;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
@@ -33,15 +31,11 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class XMLX509SubjectName extends SignatureElementProxy
implements XMLX509DataContent {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(XMLX509SubjectName.class.getName());
-
/**
* Constructor X509SubjectName
*
@@ -88,23 +82,21 @@
return RFC2253Parser.normalize(this.getTextFromTextChild());
}
- /** @inheritDoc */
- public boolean equals(Object obj) {
-
- if (!obj.getClass().getName().equals(this.getClass().getName())) {
- return false;
- }
+ /** @inheritDoc */
+ public boolean equals(Object obj) {
+ if (obj == null) {
+ return false;
+ }
- XMLX509SubjectName other = (XMLX509SubjectName) obj;
- String otherSubject = other.getSubjectName();
- String thisSubject = this.getSubjectName();
+ if (!this.getClass().getName().equals(obj.getClass().getName())) {
+ return false;
+ }
- if (otherSubject.equals(thisSubject)) {
- return true;
- }
+ XMLX509SubjectName other = (XMLX509SubjectName) obj;
+ String otherSubject = other.getSubjectName();
+ String thisSubject = this.getSubjectName();
- return false;
-
+ return thisSubject.equals(otherSubject);
}
/** @inheritDoc */
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -29,7 +28,7 @@
/**
*
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class InvalidKeyResolverException extends XMLSecurityException {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -26,6 +25,7 @@
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
@@ -39,7 +39,8 @@
* KeyResolver is factory class for subclass of KeyResolverSpi that
* represent child element of KeyInfo.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version %I%, %G%
*/
public class KeyResolver {
@@ -72,6 +73,7 @@
InstantiationException {
this._resolverSpi =
(KeyResolverSpi) Class.forName(className).newInstance();
+ this._resolverSpi.setGlobalResolver(true);
}
/**
@@ -83,21 +85,17 @@
return KeyResolver._resolverVector.size();
}
- /**
- * Method item
- *
- * @param i
- * @return the number i resolver registerd
- * @throws KeyResolverException
- */
- public static KeyResolver item(int i) throws KeyResolverException {
-
- KeyResolver resolver = (KeyResolver) KeyResolver._resolverVector.get(i);
- if (resolver==null) {
- throw new KeyResolverException("utils.resolver.noClass");
- }
-
- return resolver;
+ public static void hit(Iterator hintI) {
+ ResolverIterator hint = (ResolverIterator) hintI;
+ int i = hint.i;
+ if (i!=1 && hint.res ==_resolverVector) {
+ List resolverVector=(List)((ArrayList)_resolverVector).clone();
+ Object ob=resolverVector.remove(i-1);
+ resolverVector.add(0,ob);
+ _resolverVector=resolverVector;
+ } else {
+ //System.out.println("KeyResolver hitting");
+ }
}
/**
@@ -106,17 +104,19 @@
* @param element
* @param BaseURI
* @param storage
- * @return the instance that happends to implement the thing.
+ * @return The certificate represented by the element.
*
* @throws KeyResolverException
*/
- public static final KeyResolver getInstance(
+ public static final X509Certificate getX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- for (int i = 0; i < KeyResolver._resolverVector.size(); i++) {
+ // use the old vector to not be hit by updates
+ List resolverVector = KeyResolver._resolverVector;
+ for (int i = 0; i < resolverVector.size(); i++) {
KeyResolver resolver=
- (KeyResolver) KeyResolver._resolverVector.get(i);
+ (KeyResolver) resolverVector.get(i);
if (resolver==null) {
Object exArgs[] = {
@@ -127,11 +127,63 @@
throw new KeyResolverException("utils.resolver.noClass", exArgs);
}
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "check resolvability by class " + resolver.getClass());
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "check resolvability by class " + resolver.getClass());
+
+ X509Certificate cert=resolver.resolveX509Certificate(element, BaseURI, storage);
+ if (cert!=null) {
+ return cert;
+ }
+ }
+
+ Object exArgs[] = {
+ (((element != null) && (element.getNodeType() == Node.ELEMENT_NODE))
+ ? element.getTagName()
+ : "null") };
- if (resolver.canResolve(element, BaseURI, storage)) {
- return resolver;
+ throw new KeyResolverException("utils.resolver.noClass", exArgs);
+ }
+ /**
+ * Method getInstance
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return the public key contained in the element
+ *
+ * @throws KeyResolverException
+ */
+ public static final PublicKey getPublicKey(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ List resolverVector = KeyResolver._resolverVector;
+ for (int i = 0; i < resolverVector.size(); i++) {
+ KeyResolver resolver=
+ (KeyResolver) resolverVector.get(i);
+
+ if (resolver==null) {
+ Object exArgs[] = {
+ (((element != null)
+ && (element.getNodeType() == Node.ELEMENT_NODE))
+ ? element.getTagName()
+ : "null") };
+
+ throw new KeyResolverException("utils.resolver.noClass", exArgs);
+ }
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "check resolvability by class " + resolver.getClass());
+
+ PublicKey cert=resolver.resolvePublicKey(element, BaseURI, storage);
+ if (cert!=null) {
+ if (i!=0 && resolverVector==_resolverVector) {
+ //update resolver.
+ resolverVector=(List)((ArrayList)_resolverVector).clone();
+ Object ob=resolverVector.remove(i);
+ resolverVector.add(0,ob);
+ _resolverVector=resolverVector;
+ }
+ return cert;
}
}
@@ -182,34 +234,6 @@
KeyResolver._resolverVector.add(0, className);
}
- /*
- * Method resolve
- *
- * @param element
- *
- * @throws KeyResolverException
- */
-
- /**
- * Method resolveStatic
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return resolve from the static register an element
- *
- * @throws KeyResolverException
- */
- public static PublicKey resolveStatic(
- Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException {
-
- KeyResolver myResolver = KeyResolver.getInstance(element, BaseURI,
- storage);
-
- return myResolver.resolvePublicKey(element, BaseURI, storage);
- }
-
/**
* Method resolve
*
@@ -223,7 +247,7 @@
public PublicKey resolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- return this._resolverSpi.engineResolvePublicKey(element, BaseURI, storage);
+ return this._resolverSpi.engineLookupAndResolvePublicKey(element, BaseURI, storage);
}
/**
@@ -239,7 +263,7 @@
public X509Certificate resolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- return this._resolverSpi.engineResolveX509Certificate(element, BaseURI,
+ return this._resolverSpi.engineLookupResolveX509Certificate(element, BaseURI,
storage);
}
@@ -253,7 +277,7 @@
public SecretKey resolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- return this._resolverSpi.engineResolveSecretKey(element, BaseURI,
+ return this._resolverSpi.engineLookupAndResolveSecretKey(element, BaseURI,
storage);
}
@@ -277,14 +301,6 @@
return this._resolverSpi.engineGetProperty(key);
}
- /**
- * Method getPropertyKeys
- *
- * @return the properties key registerd in this resolver
- */
- public String[] getPropertyKeys() {
- return this._resolverSpi.engineGetPropertyKeys();
- }
/**
* Method understandsProperty
@@ -296,18 +312,6 @@
return this._resolverSpi.understandsProperty(propertyToTest);
}
- /**
- * Method canResolve
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return true if can resolve the key in the element
- */
- public boolean canResolve(Element element, String BaseURI,
- StorageResolver storage) {
- return this._resolverSpi.engineCanResolve(element, BaseURI, storage);
- }
/**
* Method resolverClassName
@@ -317,4 +321,37 @@
public String resolverClassName() {
return this._resolverSpi.getClass().getName();
}
+
+ static class ResolverIterator implements Iterator {
+ List res;
+ Iterator it;
+ int i;
+ public ResolverIterator(List list) {
+ res = list;
+ it = res.iterator();
+ }
+ public boolean hasNext() {
+ // TODO Auto-generated method stub
+ return it.hasNext();
+ }
+
+ public Object next() {
+ i++;
+ KeyResolver resolver = (KeyResolver) it.next();
+ if (resolver==null) {
+ throw new RuntimeException("utils.resolver.noClass");
+ }
+
+ return resolver._resolverSpi;
+ }
+
+ public void remove() {
+ // TODO Auto-generated method stub
+
+ }
+
+ };
+ public static Iterator iterator() {
+ return new ResolverIterator(_resolverVector);
+ }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -31,7 +30,7 @@
*
*
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*
*/
public class KeyResolverException extends XMLSecurityException {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java Mon Sep 22 10:43:17 2008 -0400
@@ -20,17 +20,15 @@
*/
package com.sun.org.apache.xml.internal.security.keys.keyresolver;
-
-
import java.security.PublicKey;
import java.security.cert.X509Certificate;
+import java.util.HashMap;
import javax.crypto.SecretKey;
import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
import org.w3c.dom.Element;
-
/**
* This class is abstract class for a child KeyInfo Elemnet.
*
@@ -41,14 +39,10 @@
* JAVACLASS="MyPackage.MyKeyValueImpl"//gt;
*
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
public abstract class KeyResolverSpi {
-
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(KeyResolverSpi.class.getName());
-
/**
* This method helps the {@link com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver} to decide whether a
* {@link com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi} is able to perform the requested action.
@@ -56,10 +50,28 @@
* @param element
* @param BaseURI
* @param storage
- * @return true if can resolve the key in the element
+ * @return
*/
- abstract public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage);
+ public boolean engineCanResolve(Element element, String BaseURI,
+ StorageResolver storage) {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Method engineResolvePublicKey
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return resolved public key from the registered from the element.
+ *
+ * @throws KeyResolverException
+ */
+ public PublicKey engineResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException {
+ throw new UnsupportedOperationException();
+ };
/**
* Method engineResolvePublicKey
@@ -71,9 +83,44 @@
*
* @throws KeyResolverException
*/
- abstract public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException;
+ throws KeyResolverException {
+ KeyResolverSpi tmp = cloneIfNeeded();
+ if (!tmp.engineCanResolve(element, BaseURI, storage))
+ return null;
+ return tmp.engineResolvePublicKey(element, BaseURI, storage);
+ }
+
+ private KeyResolverSpi cloneIfNeeded() throws KeyResolverException {
+ KeyResolverSpi tmp=this;
+ if (globalResolver) {
+ try {
+ tmp = (KeyResolverSpi) getClass().newInstance();
+ } catch (InstantiationException e) {
+ throw new KeyResolverException("",e);
+ } catch (IllegalAccessException e) {
+ throw new KeyResolverException("",e);
+ }
+ }
+ return tmp;
+ }
+
+ /**
+ * Method engineResolveCertificate
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return resolved X509Certificate key from the registered from the elements
+ *
+ * @throws KeyResolverException
+ */
+ public X509Certificate engineResolveX509Certificate(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException{
+ throw new UnsupportedOperationException();
+ };
/**
* Method engineResolveCertificate
@@ -85,9 +132,30 @@
*
* @throws KeyResolverException
*/
- abstract public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException;
+ throws KeyResolverException {
+ KeyResolverSpi tmp = cloneIfNeeded();
+ if (!tmp.engineCanResolve(element, BaseURI, storage))
+ return null;
+ return tmp.engineResolveX509Certificate(element, BaseURI, storage);
+
+ }
+ /**
+ * Method engineResolveSecretKey
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return resolved SecretKey key from the registered from the elements
+ *
+ * @throws KeyResolverException
+ */
+ public SecretKey engineResolveSecretKey(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException{
+ throw new UnsupportedOperationException();
+ };
/**
* Method engineResolveSecretKey
@@ -99,12 +167,19 @@
*
* @throws KeyResolverException
*/
- abstract public SecretKey engineResolveSecretKey(
+ public SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException;
+ throws KeyResolverException {
+ KeyResolverSpi tmp = cloneIfNeeded();
+ if (!tmp.engineCanResolve(element, BaseURI, storage))
+ return null;
+ return tmp.engineResolveSecretKey(element, BaseURI, storage);
+ }
/** Field _properties */
- protected java.util.Map _properties = new java.util.HashMap(10);
+ protected java.util.Map _properties = null;
+
+ protected boolean globalResolver=false;
/**
* Method engineSetProperty
@@ -113,19 +188,8 @@
* @param value
*/
public void engineSetProperty(String key, String value) {
-
- java.util.Iterator i = this._properties.keySet().iterator();
-
- while (i.hasNext()) {
- String c = (String) i.next();
-
- if (c.equals(key)) {
- key = c;
-
- break;
- }
- }
-
+ if (_properties==null)
+ _properties=new HashMap();
this._properties.put(key, value);
}
@@ -136,49 +200,26 @@
* @return obtain the property appointed by key
*/
public String engineGetProperty(String key) {
-
- java.util.Iterator i = this._properties.keySet().iterator();
-
- while (i.hasNext()) {
- String c = (String) i.next();
-
- if (c.equals(key)) {
- key = c;
-
- break;
- }
- }
+ if (_properties==null)
+ return null;
return (String) this._properties.get(key);
}
/**
- * Method engineGetPropertyKeys
- *
- * @return the keys of properties known by this resolver
- */
- public String[] engineGetPropertyKeys() {
- return new String[0];
- }
-
- /**
* Method understandsProperty
*
* @param propertyToTest
* @return true if understood the property
*/
public boolean understandsProperty(String propertyToTest) {
-
- String[] understood = this.engineGetPropertyKeys();
+ if (_properties==null)
+ return false;
- if (understood != null) {
- for (int i = 0; i < understood.length; i++) {
- if (understood[i].equals(propertyToTest)) {
- return true;
- }
- }
- }
+ return this._properties.get(propertyToTest)!=null;
+ }
+ public void setGlobalResolver(boolean globalResolver) {
+ this.globalResolver = globalResolver;
+ }
- return false;
- }
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -37,46 +37,10 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class DSAKeyValueResolver extends KeyResolverSpi {
- /** Field _dsaKeyElement */
- private Element _dsaKeyElement = null;
-
- /** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
-
- if (element == null) {
- return false;
- }
-
- boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_KEYVALUE);
- boolean isDSAKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_DSAKEYVALUE);
-
- if (isKeyValue) {
-
- this._dsaKeyElement =
- XMLUtils.selectDsNode(element.getFirstChild(),Constants._TAG_DSAKEYVALUE,0);
-
- if (this._dsaKeyElement != null) {
- return true;
- }
- } else if (isDSAKeyValue) {
-
- // this trick is needed to allow the RetrievalMethodResolver to eat a
- // ds:DSAKeyValue directly (without KeyValue)
- this._dsaKeyElement = element;
-
- return true;
- }
-
- return false;
- }
-
/**
* Method engineResolvePublicKey
*
@@ -85,20 +49,30 @@
* @param storage
* @return null if no {@link PublicKey} could be obtained
*/
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage) {
+ if (element == null) {
+ return null;
+ }
+ Element dsaKeyElement=null;
+ boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_KEYVALUE);
+ if (isKeyValue) {
+ dsaKeyElement =
+ XMLUtils.selectDsNode(element.getFirstChild(),Constants._TAG_DSAKEYVALUE,0);
+ } else if (XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_DSAKEYVALUE)) {
+ // this trick is needed to allow the RetrievalMethodResolver to eat a
+ // ds:DSAKeyValue directly (without KeyValue)
+ dsaKeyElement = element;
+ }
- if (this._dsaKeyElement == null) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
-
- if (!weCanResolve || (this._dsaKeyElement == null)) {
- return null;
- }
+ if (dsaKeyElement == null) {
+ return null;
}
try {
- DSAKeyValue dsaKeyValue = new DSAKeyValue(this._dsaKeyElement,
+ DSAKeyValue dsaKeyValue = new DSAKeyValue(dsaKeyElement,
BaseURI);
PublicKey pk = dsaKeyValue.getPublicKey();
@@ -112,13 +86,13 @@
/** @inheritDoc */
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
/** @inheritDoc */
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage){
return null;
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -56,7 +56,6 @@
RSAKeyValueResolver.class.getName());
- Key _key;
Key _kek;
String _algorithm;
@@ -66,7 +65,6 @@
* @param algorithm
*/
public EncryptedKeyResolver(String algorithm) {
- _key = null;
_kek = null;
_algorithm=algorithm;
}
@@ -78,64 +76,49 @@
*/
public EncryptedKeyResolver(String algorithm, Key kek) {
- _key = null;
_algorithm = algorithm;
_kek = kek;
}
- /**
- * Method engineCanResolve
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return true if can resolve the key in the element
- *
- */
-
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());
-
- if (element == null) {
- return false;
- }
-
- boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
- EncryptionConstants._TAG_ENCRYPTEDKEY);
-
- if (isEncryptedKey) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");
- try {
- XMLCipher cipher = XMLCipher.getInstance();
- cipher.init(XMLCipher.UNWRAP_MODE, _kek);
- EncryptedKey ek = cipher.loadEncryptedKey(element);
- _key = cipher.decryptKey(ek, _algorithm);
- }
- catch (Exception e) {}
- }
-
- return (_key != null);
- }
-
/** @inheritDoc */
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
/** @inheritDoc */
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
/** @inheritDoc */
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage) {
- return (SecretKey) _key;
+ SecretKey key=null;
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "EncryptedKeyResolver - Can I resolve " + element.getTagName());
+
+ if (element == null) {
+ return null;
+ }
+
+ boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
+ EncryptionConstants._TAG_ENCRYPTEDKEY);
+
+ if (isEncryptedKey) {
+ log.log(java.util.logging.Level.FINE, "Passed an Encrypted Key");
+ try {
+ XMLCipher cipher = XMLCipher.getInstance();
+ cipher.init(XMLCipher.UNWRAP_MODE, _kek);
+ EncryptedKey ek = cipher.loadEncryptedKey(element);
+ key = (SecretKey) cipher.decryptKey(ek, _algorithm);
+ }
+ catch (Exception e) {}
+ }
+
+ return key;
}
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -38,7 +37,7 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class RSAKeyValueResolver extends KeyResolverSpi {
@@ -48,75 +47,55 @@
RSAKeyValueResolver.class.getName());
/** Field _rsaKeyElement */
- private Element _rsaKeyElement = null;
+
/** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
-
+ public PublicKey engineLookupAndResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage) {
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName());
if (element == null) {
- return false;
+ return null;
}
- boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_KEYVALUE);
- boolean isRSAKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_RSAKEYVALUE);
-
- if (isKeyValue) {
- this._rsaKeyElement = XMLUtils.selectDsNode(element.getFirstChild(),
- Constants._TAG_RSAKEYVALUE, 0);
-
- if (this._rsaKeyElement != null) {
- return true;
- }
- } else if (isRSAKeyValue) {
-
+ boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_KEYVALUE);
+ Element rsaKeyElement=null;
+ if (isKeyValue) {
+ rsaKeyElement = XMLUtils.selectDsNode(element.getFirstChild(),
+ Constants._TAG_RSAKEYVALUE, 0);
+ } else if (XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_RSAKEYVALUE)) {
// this trick is needed to allow the RetrievalMethodResolver to eat a
// ds:RSAKeyValue directly (without KeyValue)
- this._rsaKeyElement = element;
-
- return true;
- }
-
- return false;
- }
+ rsaKeyElement = element;
+ }
- /** @inheritDoc */
- public PublicKey engineResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage) {
- if (this._rsaKeyElement == null) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
-
- if (!weCanResolve || (this._rsaKeyElement == null)) {
- return null;
- }
+ if (rsaKeyElement == null) {
+ return null;
}
try {
- RSAKeyValue rsaKeyValue = new RSAKeyValue(this._rsaKeyElement,
+ RSAKeyValue rsaKeyValue = new RSAKeyValue(rsaKeyElement,
BaseURI);
return rsaKeyValue.getPublicKey();
} catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
}
return null;
}
/** @inheritDoc */
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
/** @inheritDoc */
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage) {
return null;
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -28,7 +28,15 @@
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Set;
+import javax.xml.parsers.ParserConfigurationException;
+
+import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.keys.content.RetrievalMethod;
import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate;
@@ -44,6 +52,7 @@
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
/**
@@ -55,7 +64,7 @@
* RetrievalMethodResolver cannot handle itself, resolving of the extracted
* element is delegated back to the KeyResolver mechanism.
*
- * @author $Author: raul $
+ * @author $Author: mullan $ modified by Dave Garcia
*/
public class RetrievalMethodResolver extends KeyResolverSpi {
@@ -65,26 +74,6 @@
RetrievalMethodResolver.class.getName());
/**
- * Method engineCanResolve
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- *
- */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
-
- if
- (!XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_RETRIEVALMETHOD)) {
- return false;
- }
-
- return true;
- }
-
- /**
* Method engineResolvePublicKey
* @inheritDoc
* @param element
@@ -92,82 +81,59 @@
* @param storage
*
*/
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
{
+ if (!XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_RETRIEVALMETHOD)) {
+ return null;
+ }
try {
- RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
- Attr uri = rm.getURIAttr();
-
- // type can be null because it's optional
- String type = rm.getType();
- Transforms transforms = rm.getTransforms();
- ResourceResolver resRes = ResourceResolver.getInstance(uri, BaseURI);
-
- if (resRes != null) {
- XMLSignatureInput resource = resRes.resolve(uri, BaseURI);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Before applying Transforms, resource has "
- + resource.getBytes().length + "bytes");
-
- if (transforms != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "We have Transforms");
-
- resource = transforms.performTransforms(resource);
- }
- if (true) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "After applying Transforms, resource has "
- + resource.getBytes().length + "bytes");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Resolved to resource " + resource.getSourceURI());
- }
-
- byte inputBytes[] = resource.getBytes();
-
- if ((type != null) && type.equals(RetrievalMethod.TYPE_RAWX509)) {
+ //Create a retrieval method over the given element
+ RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
+ String type = rm.getType();
+ XMLSignatureInput resource=resolveInput(rm,BaseURI);
+ if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
+ //a raw certificate, direct parsing is done!
+ X509Certificate cert=getRawCertificate(resource);
+ if (cert != null) {
+ return cert.getPublicKey();
+ }
+ return null;
+ };
+ Element e = obtainRefrenceElement(resource);
+ return resolveKey(e,BaseURI,storage);
+ } catch (XMLSecurityException ex) {
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ } catch (CertificateException ex) {
+ log.log(java.util.logging.Level.FINE, "CertificateException", ex);
+ } catch (IOException ex) {
+ log.log(java.util.logging.Level.FINE, "IOException", ex);
+ } catch (ParserConfigurationException e) {
+ log.log(java.util.logging.Level.FINE, "ParserConfigurationException", e);
+ } catch (SAXException e) {
+ log.log(java.util.logging.Level.FINE, "SAXException", e);
+ }
+ return null;
+ }
- // if the resource stores a raw certificate, we have to handle it
- CertificateFactory certFact =
- CertificateFactory
- .getInstance(XMLX509Certificate.JCA_CERT_ID);
- X509Certificate cert =
- (X509Certificate) certFact
- .generateCertificate(new ByteArrayInputStream(inputBytes));
-
- if (cert != null) {
- return cert.getPublicKey();
- }
- } else {
-
- // otherwise, we parse the resource, create an Element and delegate
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
-
- Element e = this.getDocFromBytes(inputBytes);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"
- + e.getLocalName() + " Element");
-
- if (e != null) {
- KeyResolver newKeyResolver = KeyResolver.getInstance(getFirstElementChild(e),
- BaseURI, storage);
-
- if (newKeyResolver != null) {
- return newKeyResolver.resolvePublicKey(getFirstElementChild(e), BaseURI,
- storage);
- }
- }
- }
- }
- } catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
- } catch (CertificateException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "CertificateException", ex);
- } catch (IOException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "IOException", ex);
- }
-
- return null;
+ static private Element obtainRefrenceElement(XMLSignatureInput resource) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException, KeyResolverException {
+ Element e;
+ if (resource.isElement()){
+ e=(Element) resource.getSubNode();
+ } else if (resource.isNodeSet()) {
+ //Retrieved resource is a nodeSet
+ e=getDocumentElement(resource.getNodeSet());
+ } else {
+ //Retrieved resource is an inputStream
+ byte inputBytes[] = resource.getBytes();
+ e = getDocFromBytes(inputBytes);
+ //otherwise, we parse the resource, create an Element and delegate
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
+ }
+ return e;
}
/**
@@ -178,85 +144,100 @@
* @param storage
*
*/
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
{
-
- try {
- RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
- Attr uri = rm.getURIAttr();
- Transforms transforms = rm.getTransforms();
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Asked to resolve URI " + uri);
-
- ResourceResolver resRes = ResourceResolver.getInstance(uri, BaseURI);
-
- if (resRes != null) {
- XMLSignatureInput resource = resRes.resolve(uri, BaseURI);
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Before applying Transforms, resource has "
- + resource.getBytes().length + "bytes");
+ if (!XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_RETRIEVALMETHOD)) {
+ return null;
+ }
- if (transforms != null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "We have Transforms");
-
- resource = transforms.performTransforms(resource);
- }
-
- if (true) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "After applying Transforms, resource has "
- + resource.getBytes().length + "bytes");
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Resolved to resource " + resource.getSourceURI());
- }
-
- byte inputBytes[] = resource.getBytes();
-
- if ((rm.getType() != null)
- && rm.getType().equals(RetrievalMethod.TYPE_RAWX509)) {
+ try {
+ RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
+ String type = rm.getType();
+ XMLSignatureInput resource=resolveInput(rm,BaseURI);
+ if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
+ X509Certificate cert=getRawCertificate(resource);
+ return cert;
+ }
+ Element e = obtainRefrenceElement(resource);
+ return resolveCertificate(e,BaseURI,storage);
+ } catch (XMLSecurityException ex) {
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ } catch (CertificateException ex) {
+ log.log(java.util.logging.Level.FINE, "CertificateException", ex);
+ } catch (IOException ex) {
+ log.log(java.util.logging.Level.FINE, "IOException", ex);
+ } catch (ParserConfigurationException e) {
+ log.log(java.util.logging.Level.FINE, "ParserConfigurationException", e);
+ } catch (SAXException e) {
+ log.log(java.util.logging.Level.FINE, "SAXException", e);
+ }
+ return null;
+ }
- // if the resource stores a raw certificate, we have to handle it
- CertificateFactory certFact =
- CertificateFactory
- .getInstance(XMLX509Certificate.JCA_CERT_ID);
- X509Certificate cert =
- (X509Certificate) certFact
- .generateCertificate(new ByteArrayInputStream(inputBytes));
-
- if (cert != null) {
- return cert;
- }
- } else {
-
- // otherwise, we parse the resource, create an Element and delegate
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
-
- Element e = this.getDocFromBytes(inputBytes);
+ /**
+ * Retrieves a x509Certificate from the given information
+ * @param e
+ * @param BaseURI
+ * @param storage
+ * @return
+ * @throws KeyResolverException
+ */
+ static private X509Certificate resolveCertificate(Element e,String BaseURI,StorageResolver storage) throws KeyResolverException{
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"+ e.getLocalName() + " Element");
+ //An element has been provided
+ if (e != null) {
+ return KeyResolver.getX509Certificate(e,BaseURI, storage);
+ }
+ return null;
+ }
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"
- + e.getLocalName() + " Element");
-
- if (e != null) {
- KeyResolver newKeyResolver = KeyResolver.getInstance(getFirstElementChild(e),
- BaseURI, storage);
-
- if (newKeyResolver != null) {
- return newKeyResolver.resolveX509Certificate(getFirstElementChild(e), BaseURI,
- storage);
+ /**
+ * Retrieves a x509Certificate from the given information
+ * @param e
+ * @param BaseURI
+ * @param storage
+ * @return
+ * @throws KeyResolverException
+ */
+ static private PublicKey resolveKey(Element e,String BaseURI,StorageResolver storage) throws KeyResolverException{
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"+ e.getLocalName() + " Element");
+ //An element has been provided
+ if (e != null) {
+ return KeyResolver.getPublicKey(e,BaseURI, storage);
}
- }
- }
- }
- } catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
- } catch (CertificateException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "CertificateException", ex);
- } catch (IOException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "IOException", ex);
- }
+ return null;
+ }
- return null;
+ static private X509Certificate getRawCertificate(XMLSignatureInput resource) throws CanonicalizationException, IOException, CertificateException{
+ byte inputBytes[] = resource.getBytes();
+ // if the resource stores a raw certificate, we have to handle it
+ CertificateFactory certFact =CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
+ X509Certificate cert =(X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(inputBytes));
+ return cert;
+ }
+ /**
+ * Resolves the input from the given retrieval method
+ * @return
+ * @throws XMLSecurityException
+ */
+ static private XMLSignatureInput resolveInput(RetrievalMethod rm,String BaseURI) throws XMLSecurityException{
+ Attr uri = rm.getURIAttr();
+ //Apply the trnasforms
+ Transforms transforms = rm.getTransforms();
+ ResourceResolver resRes = ResourceResolver.getInstance(uri, BaseURI);
+ if (resRes != null) {
+ XMLSignatureInput resource = resRes.resolve(uri, BaseURI);
+ if (transforms != null) {
+ log.log(java.util.logging.Level.FINE, "We have Transforms");
+ resource = transforms.performTransforms(resource);
+ }
+ return resource;
+ }
+ return null;
}
/**
@@ -266,18 +247,13 @@
* @return the Document Element after parsing bytes
* @throws KeyResolverException if something goes wrong
*/
- Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
-
+ static Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
try {
- javax.xml.parsers.DocumentBuilderFactory dbf =
- javax.xml.parsers.DocumentBuilderFactory.newInstance();
-
+ javax.xml.parsers.DocumentBuilderFactory dbf =javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
-
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document doc =
db.parse(new java.io.ByteArrayInputStream(bytes));
-
return doc.getDocumentElement();
} catch (org.xml.sax.SAXException ex) {
throw new KeyResolverException("empty", ex);
@@ -296,16 +272,43 @@
* @param storage
*
*/
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
{
return null;
}
- static Element getFirstElementChild(Element e){
- Node n=e.getFirstChild();
- while (n!=null && n.getNodeType()!=Node.ELEMENT_NODE) {
- n=n.getNextSibling();
- }
- return (Element)n;
+
+ static Element getDocumentElement(Set set) {
+ Iterator it=set.iterator();
+ Element e=null;
+ while (it.hasNext()) {
+ Node currentNode=(Node)it.next();
+ if (currentNode instanceof Element) {
+ e=(Element)currentNode;
+ break;
+ }
+
+ }
+ List parents=new ArrayList(10);
+
+ //Obtain all the parents of the elemnt
+ do {
+ parents.add(e);
+ Node n=e.getParentNode();
+ if (!(n instanceof Element )) {
+ break;
+ }
+ e=(Element)n;
+ } while (e!=null);
+ //Visit them in reverse order.
+ ListIterator it2=parents.listIterator(parents.size()-1);
+ Element ele=null;
+ while (it2.hasPrevious()) {
+ ele=(Element)it2.previous();
+ if (set.contains(ele)) {
+ return ele;
+ }
+ }
+ return null;
}
}
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -41,7 +40,7 @@
* Resolves Certificates which are directly contained inside a
* ds:X509Certificate Element.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class X509CertificateResolver extends KeyResolverSpi {
@@ -49,47 +48,7 @@
static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(X509CertificateResolver.class.getName());
- /** Field _dsaKeyElement */
- Element[] _x509CertKeyElements = null;
- /**
- * Method engineCanResolve
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- *
- */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-
- if (!XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_X509DATA)) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
-
-
- this._x509CertKeyElements = XMLUtils.selectDsNodes(element.getFirstChild(),
- Constants._TAG_X509CERTIFICATE);
-
- if ((this._x509CertKeyElements != null)
- && (this._x509CertKeyElements.length > 0)) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Yes Sir, I can");
-
- return true;
- }
-
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
-
- /** Field _x509certObject[] */
- XMLX509Certificate _x509certObject[] = null;
/**
* Method engineResolvePublicKey
@@ -100,11 +59,11 @@
*
* @throws KeyResolverException
*/
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- X509Certificate cert = this.engineResolveX509Certificate(element,
+ X509Certificate cert = this.engineLookupResolveX509Certificate(element,
BaseURI, storage);
if (cert != null) {
@@ -123,43 +82,33 @@
*
* @throws KeyResolverException
*/
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
try {
- if ((this._x509CertKeyElements == null)
- || (this._x509CertKeyElements.length == 0)) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
-
- if (!weCanResolve || (this._x509CertKeyElements == null)
- || (this._x509CertKeyElements.length == 0)) {
- return null;
- }
+ Element[] els=XMLUtils.selectDsNodes(element.getFirstChild(),
+ Constants._TAG_X509CERTIFICATE);
+ if ((els == null) || (els.length == 0)) {
+ Element el=XMLUtils.selectDsNode(element.getFirstChild(),
+ Constants._TAG_X509DATA,0);
+ if (el!=null) {
+ return engineLookupResolveX509Certificate(el, BaseURI, storage);
+ }
+ return null;
}
- this._x509certObject =
- new XMLX509Certificate[this._x509CertKeyElements.length];
-
// populate Object array
- for (int i = 0; i < this._x509CertKeyElements.length; i++) {
- this._x509certObject[i] =
- new XMLX509Certificate(this._x509CertKeyElements[i]
- , BaseURI);
- }
-
- for (int i = 0; i < this._x509certObject.length; i++) {
- X509Certificate cert = this._x509certObject[i].getX509Certificate();
-
- if (cert != null) {
- return cert;
+ for (int i = 0; i < els.length; i++) {
+ XMLX509Certificate xmlCert=new XMLX509Certificate(els[i], BaseURI);
+ X509Certificate cert = xmlCert.getX509Certificate();
+ if (cert!=null) {
+ return cert;
}
}
-
return null;
} catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
throw new KeyResolverException("generic.EmptyMessage", ex);
}
@@ -173,7 +122,7 @@
* @param storage
*
*/
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
{
return null;
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -39,7 +38,7 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class X509IssuerSerialResolver extends KeyResolverSpi {
@@ -48,44 +47,13 @@
java.util.logging.Logger.getLogger(
X509IssuerSerialResolver.class.getName());
- /** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-
- X509Data x509data = null;
- try {
- x509data = new X509Data(element, BaseURI);
- } catch (XMLSignatureException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- } catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
-
- if (x509data == null) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
- return false;
- }
-
- if (x509data.containsIssuerSerial()) {
- return true;
- }
-
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
- return false;
- }
/** @inheritDoc */
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- X509Certificate cert = this.engineResolveX509Certificate(element,
+ X509Certificate cert = this.engineLookupResolveX509Certificate(element,
BaseURI, storage);
if (cert != null) {
@@ -96,10 +64,31 @@
}
/** @inheritDoc */
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
+ X509Data x509data = null;
+ try {
+ x509data = new X509Data(element, BaseURI);
+ } catch (XMLSignatureException ex) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ } catch (XMLSecurityException ex) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ }
+
+ if (x509data == null) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ }
+
+ if (!x509data.containsIssuerSerial()) {
+ return null;
+ }
try {
if (storage == null) {
Object exArgs[] = { Constants._TAG_X509ISSUERSERIAL };
@@ -107,53 +96,52 @@
new KeyResolverException("KeyResolver.needStorageResolver",
exArgs);
- if (log.isLoggable(java.util.logging.Level.INFO)) log.log(java.util.logging.Level.INFO, "", ex);
+ log.log(java.util.logging.Level.INFO, "", ex);
throw ex;
}
- X509Data x509data = new X509Data(element, BaseURI);
int noOfISS = x509data.lengthIssuerSerial();
while (storage.hasNext()) {
X509Certificate cert = storage.next();
XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
- if (true) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Found Certificate Issuer: "
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Found Certificate Issuer: "
+ certSerial.getIssuerName());
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Found Certificate Serial: "
+ log.log(java.util.logging.Level.FINE, "Found Certificate Serial: "
+ certSerial.getSerialNumber().toString());
}
for (int i=0; i 0)) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Yes Sir, I can");
-
- return true;
- }
-
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
/**
* Method engineResolvePublicKey
@@ -102,11 +57,11 @@
* @return null if no {@link PublicKey} could be obtained
* @throws KeyResolverException
*/
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- X509Certificate cert = this.engineResolveX509Certificate(element,
+ X509Certificate cert = this.engineLookupResolveX509Certificate(element,
BaseURI, storage);
if (cert != null) {
@@ -125,46 +80,55 @@
*
* @throws KeyResolverException
*/
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
-
- try {
- if (this._x509childNodes == null) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
+ }
+ if (!XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_X509DATA)) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ }
+ /** Field _x509childObject[] */
+ XMLX509SKI x509childObject[] = null;
- if (!weCanResolve || (this._x509childNodes == null)) {
- return null;
- }
- }
+ Element x509childNodes[] = null;
+ x509childNodes = XMLUtils.selectDsNodes(element.getFirstChild(),
+ Constants._TAG_X509SKI);
+ if (!((x509childNodes != null)
+ && (x509childNodes.length > 0))) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ }
+ try {
if (storage == null) {
Object exArgs[] = { Constants._TAG_X509SKI };
KeyResolverException ex =
new KeyResolverException("KeyResolver.needStorageResolver",
exArgs);
- if (log.isLoggable(java.util.logging.Level.INFO)) log.log(java.util.logging.Level.INFO, "", ex);
+ log.log(java.util.logging.Level.INFO, "", ex);
throw ex;
}
- this._x509childObject =
- new XMLX509SKI[this._x509childNodes.length];
+ x509childObject = new XMLX509SKI[x509childNodes.length];
- for (int i = 0; i < this._x509childNodes.length; i++) {
- this._x509childObject[i] =
- new XMLX509SKI(this._x509childNodes[i], BaseURI);
+ for (int i = 0; i < x509childNodes.length; i++) {
+ x509childObject[i] =
+ new XMLX509SKI(x509childNodes[i], BaseURI);
}
while (storage.hasNext()) {
X509Certificate cert = storage.next();
XMLX509SKI certSKI = new XMLX509SKI(element.getOwnerDocument(), cert);
- for (int i = 0; i < this._x509childObject.length; i++) {
- if (certSKI.equals(this._x509childObject[i])) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Return PublicKey from "
+ for (int i = 0; i < x509childObject.length; i++) {
+ if (certSKI.equals(x509childObject[i])) {
+ log.log(java.util.logging.Level.FINE, "Return PublicKey from "
+ cert.getSubjectDN().getName());
return cert;
@@ -186,7 +150,7 @@
* @param storage
*
*/
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
{
return null;
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SubjectNameResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SubjectNameResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -38,7 +38,7 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class X509SubjectNameResolver extends KeyResolverSpi {
@@ -47,50 +47,6 @@
java.util.logging.Logger.getLogger(
X509SubjectNameResolver.class.getName());
- /** Field _x509childNodes */
- private Element[] _x509childNodes = null;
-
- /** Field _x509childObject[] */
- private XMLX509SubjectName _x509childObject[] = null;
-
- /**
- * Method engineCanResolve
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- *
- */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
-
-
- if (!XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_X509DATA) ) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
-
-
-
- this._x509childNodes = XMLUtils.selectDsNodes(element,
- Constants._TAG_X509SUBJECTNAME);
-
- if ((this._x509childNodes != null)
- && (this._x509childNodes.length > 0)) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Yes Sir, I can");
-
- return true;
- }
-
-
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "I can't");
-
- return false;
- }
/**
* Method engineResolvePublicKey
@@ -101,11 +57,11 @@
* @return null if no {@link PublicKey} could be obtained
* @throws KeyResolverException
*/
- public PublicKey engineResolvePublicKey(
+ public PublicKey engineLookupAndResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
- X509Certificate cert = this.engineResolveX509Certificate(element,
+ X509Certificate cert = this.engineLookupResolveX509Certificate(element,
BaseURI, storage);
if (cert != null) {
@@ -124,37 +80,46 @@
*
* @throws KeyResolverException
*/
- public X509Certificate engineResolveX509Certificate(
+ public X509Certificate engineLookupResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
+ Element[] x509childNodes = null;
+ XMLX509SubjectName x509childObject[] = null;
+
+ if (!XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_X509DATA) ) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ }
+ x509childNodes = XMLUtils.selectDsNodes(element.getFirstChild(),
+ Constants._TAG_X509SUBJECTNAME);
+
+ if (!((x509childNodes != null)
+ && (x509childNodes.length > 0))) {
+ log.log(java.util.logging.Level.FINE, "I can't");
+ return null;
+ }
try {
- if (this._x509childNodes == null) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
-
- if (!weCanResolve || (this._x509childNodes == null)) {
- return null;
- }
- }
-
if (storage == null) {
Object exArgs[] = { Constants._TAG_X509SUBJECTNAME };
KeyResolverException ex =
new KeyResolverException("KeyResolver.needStorageResolver",
exArgs);
- if (log.isLoggable(java.util.logging.Level.INFO)) log.log(java.util.logging.Level.INFO, "", ex);
+ log.log(java.util.logging.Level.INFO, "", ex);
throw ex;
}
- this._x509childObject =
- new XMLX509SubjectName[this._x509childNodes.length];
+ x509childObject =
+ new XMLX509SubjectName[x509childNodes.length];
- for (int i = 0; i < this._x509childNodes.length; i++) {
- this._x509childObject[i] =
- new XMLX509SubjectName(this._x509childNodes[i],
+ for (int i = 0; i < x509childNodes.length; i++) {
+ x509childObject[i] =
+ new XMLX509SubjectName(x509childNodes[i],
BaseURI);
}
@@ -163,24 +128,24 @@
XMLX509SubjectName certSN =
new XMLX509SubjectName(element.getOwnerDocument(), cert);
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Found Certificate SN: " + certSN.getSubjectName());
+ log.log(java.util.logging.Level.FINE, "Found Certificate SN: " + certSN.getSubjectName());
- for (int i = 0; i < this._x509childObject.length; i++) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Found Element SN: "
- + this._x509childObject[i].getSubjectName());
+ for (int i = 0; i < x509childObject.length; i++) {
+ log.log(java.util.logging.Level.FINE, "Found Element SN: "
+ + x509childObject[i].getSubjectName());
- if (certSN.equals(this._x509childObject[i])) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "match !!! ");
+ if (certSN.equals(x509childObject[i])) {
+ log.log(java.util.logging.Level.FINE, "match !!! ");
return cert;
}
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "no match...");
+ log.log(java.util.logging.Level.FINE, "no match...");
}
}
return null;
} catch (XMLSecurityException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
+ log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
throw new KeyResolverException("generic.EmptyMessage", ex);
}
@@ -194,7 +159,7 @@
* @param storage
*
*/
- public javax.crypto.SecretKey engineResolveSecretKey(
+ public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
Element element, String BaseURI, StorageResolver storage)
{
return null;
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -21,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.storage;
-
-
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -36,7 +33,7 @@
/**
* This class collects customized resolvers for Certificates.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class StorageResolver {
@@ -45,7 +42,7 @@
java.util.logging.Logger.getLogger(StorageResolver.class.getName());
/** Field _storageResolvers */
- List _storageResolvers = new ArrayList();
+ List _storageResolvers = null;
/** Field _iterator */
Iterator _iterator = null;
@@ -71,7 +68,8 @@
* @param resolver
*/
public void add(StorageResolverSpi resolver) {
-
+ if (_storageResolvers==null)
+ _storageResolvers=new ArrayList();
this._storageResolvers.add(resolver);
this._iterator = null;
@@ -126,6 +124,8 @@
public Iterator getIterator() {
if (this._iterator == null) {
+ if (_storageResolvers==null)
+ _storageResolvers=new ArrayList();
this._iterator = new StorageResolverIterator(this._storageResolvers.iterator());
}
@@ -140,6 +140,8 @@
public boolean hasNext() {
if (this._iterator == null) {
+ if (_storageResolvers==null)
+ _storageResolvers=new ArrayList();
this._iterator = new StorageResolverIterator(this._storageResolvers.iterator());
}
@@ -158,15 +160,13 @@
/**
* Class StorageResolverIterator
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
- class StorageResolverIterator implements Iterator {
+ static class StorageResolverIterator implements Iterator {
/** Field _resolvers */
- Iterator _resolvers = null;
-
- /** Field _currentResolver */
- int _currentResolver = 0;
+ Iterator _resolvers = null;
/**
* Constructor FilesystemIterator
@@ -179,17 +179,16 @@
/** @inheritDoc */
public boolean hasNext() {
- return _resolvers.hasNext();
+ return _resolvers.hasNext();
}
/** @inheritDoc */
public Object next() {
- return _resolvers.next();
+ return _resolvers.next();
}
/**
* Method remove
- *
*/
public void remove() {
throw new UnsupportedOperationException(
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -28,7 +27,7 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class StorageResolverException extends XMLSecurityException {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverSpi.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverSpi.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverSpi.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -28,7 +27,7 @@
/**
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public abstract class StorageResolverSpi {
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -21,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.storage.implementations;
-
-
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -40,12 +37,11 @@
import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolverSpi;
import com.sun.org.apache.xml.internal.security.utils.Base64;
-
/**
* This {@link StorageResolverSpi} makes all raw (binary) {@link X509Certificate}s
* which reside as files in a single directory available to the {@link com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver}.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class CertsInFilesystemDirectoryResolver extends StorageResolverSpi {
@@ -131,20 +127,20 @@
dn = cert.getSubjectDN().getName();
added = true;
} catch (FileNotFoundException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+ log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
} catch (IOException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+ log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
} catch (CertificateNotYetValidException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+ log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
} catch (CertificateExpiredException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+ log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
} catch (CertificateException ex) {
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
+ log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
}
if (added) {
- if (true)
- if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Added certificate: " + dn);
+ if (log.isLoggable(java.util.logging.Level.FINE))
+ log.log(java.util.logging.Level.FINE, "Added certificate: " + dn);
}
}
}
@@ -157,9 +153,10 @@
/**
* Class FilesystemIterator
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
- class FilesystemIterator implements Iterator {
+ private static class FilesystemIterator implements Iterator {
/** Field _certs */
List _certs = null;
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/KeyStoreResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/KeyStoreResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/KeyStoreResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -21,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.storage.implementations;
-
-
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
@@ -37,7 +34,7 @@
* Makes the Certificates from a JAVA {@link KeyStore} object available to the
* {@link com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver}.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class KeyStoreResolver extends StorageResolverSpi {
@@ -66,9 +63,10 @@
/**
* Class KeyStoreIterator
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
- class KeyStoreIterator implements Iterator {
+ static class KeyStoreIterator implements Iterator {
/** Field _keyStore */
KeyStore _keyStore = null;
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/SingleCertificateResolver.java
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/SingleCertificateResolver.java Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/SingleCertificateResolver.java Mon Sep 22 10:43:17 2008 -0400
@@ -2,7 +2,6 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-
/*
* Copyright 1999-2004 The Apache Software Foundation.
*
@@ -21,8 +20,6 @@
*/
package com.sun.org.apache.xml.internal.security.keys.storage.implementations;
-
-
import java.security.cert.X509Certificate;
import java.util.Iterator;
@@ -33,7 +30,7 @@
* This {@link StorageResolverSpi} makes a single {@link X509Certificate}
* available to the {@link com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver}.
*
- * @author $Author: raul $
+ * @author $Author: mullan $
*/
public class SingleCertificateResolver extends StorageResolverSpi {
@@ -61,9 +58,10 @@
/**
* Class InternalIterator
*
- * @author $Author: raul $
+ * @author $Author: mullan $
+ * @version $Revision: 1.5 $
*/
- class InternalIterator implements Iterator {
+ static class InternalIterator implements Iterator {
/** Field _alreadyReturned */
boolean _alreadyReturned = false;
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.dtd
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.dtd Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.dtd Mon Sep 22 10:43:17 2008 -0400
@@ -1,73 +1,73 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml Mon Sep 22 10:43:17 2008 -0400
@@ -1,380 +1,399 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/etsi.xsd
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/etsi.xsd Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/etsi.xsd Mon Sep 22 10:43:17 2008 -0400
@@ -1,347 +1,347 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.dtd
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.dtd Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.dtd Mon Sep 22 10:43:17 2008 -0400
@@ -3,7 +3,7 @@
Joseph Reagle $last changed 20001215$
http://www.w3.org/2000/09/xmldsig#
- $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+ $Revision: 1.6 $ on $Date: 2008/07/24 16:15:03 $ by $Author: mullan $
Copyright 2001 The Internet Society and W3C (Massachusetts Institute
of Technology, Institut National de Recherche en Informatique et en
diff -r 21b652819b97 -r e8d6cef36199 jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.xsd
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.xsd Fri Sep 19 15:14:53 2008 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.xsd Mon Sep 22 10:43:17 2008 -0400
@@ -11,7 +11,7 @@