8014281: Better checking of XML signature
Summary: also reviewed by Andrew Gross and Christophe Ravel
Reviewed-by: mullan
--- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java Mon May 13 17:50:14 2013 -0400
+++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java Tue May 14 05:55:10 2013 -0700
@@ -51,6 +51,11 @@
public DOMCanonicalizationMethod(TransformService spi)
throws InvalidAlgorithmParameterException {
super(spi);
+ if (!(spi instanceof ApacheCanonicalizer) &&
+ !isC14Nalg(spi.getAlgorithm())) {
+ throw new InvalidAlgorithmParameterException(
+ "Illegal CanonicalizationMethod");
+ }
}
/**
@@ -63,6 +68,10 @@
public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context,
Provider provider) throws MarshalException {
super(cmElem, context, provider);
+ if (!(spi instanceof ApacheCanonicalizer) &&
+ !isC14Nalg(spi.getAlgorithm())) {
+ throw new MarshalException("Illegal CanonicalizationMethod");
+ }
}
/**
@@ -101,4 +110,13 @@
return (getAlgorithm().equals(ocm.getAlgorithm()) &&
DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec()));
}
+
+ private static boolean isC14Nalg(String alg) {
+ return (alg.equals(CanonicalizationMethod.INCLUSIVE) ||
+ alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) ||
+ alg.equals(CanonicalizationMethod.EXCLUSIVE) ||
+ alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) ||
+ alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) ||
+ alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS));
+ }
}