--- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java Mon Jun 22 13:36:37 2009 -0700
+++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java Tue Jun 23 13:54:36 2009 -0400
@@ -19,7 +19,7 @@
*
*/
/*
- * Copyright 2005-2008 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc. All rights reserved.
*/
/*
* $Id: DOMHMACSignatureMethod.java,v 1.2 2008/07/24 15:20:32 mullan Exp $
@@ -58,6 +58,7 @@
Logger.getLogger("org.jcp.xml.dsig.internal.dom");
private Mac hmac;
private int outputLength;
+ private boolean outputLengthSet;
/**
* Creates a <code>DOMHMACSignatureMethod</code> with the specified params
@@ -87,6 +88,7 @@
("params must be of type HMACParameterSpec");
}
outputLength = ((HMACParameterSpec) params).getOutputLength();
+ outputLengthSet = true;
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE,
"Setting outputLength from HMACParameterSpec to: "
@@ -101,6 +103,7 @@
throws MarshalException {
outputLength = new Integer
(paramsElem.getFirstChild().getNodeValue()).intValue();
+ outputLengthSet = true;
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE, "unmarshalled outputLength: " + outputLength);
}
@@ -135,23 +138,13 @@
throw new XMLSignatureException(nsae);
}
}
- if (log.isLoggable(Level.FINE)) {
- log.log(Level.FINE, "outputLength = " + outputLength);
+ if (outputLengthSet && outputLength < getDigestLength()) {
+ throw new XMLSignatureException
+ ("HMACOutputLength must not be less than " + getDigestLength());
}
hmac.init((SecretKey) key);
si.canonicalize(context, new MacOutputStream(hmac));
byte[] result = hmac.doFinal();
- if (log.isLoggable(Level.FINE)) {
- log.log(Level.FINE, "resultLength = " + result.length);
- }
- if (outputLength != -1) {
- int byteLength = outputLength/8;
- if (result.length > byteLength) {
- byte[] truncated = new byte[byteLength];
- System.arraycopy(result, 0, truncated, 0, byteLength);
- result = truncated;
- }
- }
return MessageDigest.isEqual(sig, result);
}
@@ -171,18 +164,13 @@
throw new XMLSignatureException(nsae);
}
}
+ if (outputLengthSet && outputLength < getDigestLength()) {
+ throw new XMLSignatureException
+ ("HMACOutputLength must not be less than " + getDigestLength());
+ }
hmac.init((SecretKey) key);
si.canonicalize(context, new MacOutputStream(hmac));
- byte[] result = hmac.doFinal();
- if (outputLength != -1) {
- int byteLength = outputLength/8;
- if (result.length > byteLength) {
- byte[] truncated = new byte[byteLength];
- System.arraycopy(result, 0, truncated, 0, byteLength);
- result = truncated;
- }
- }
- return result;
+ return hmac.doFinal();
}
boolean paramsEqual(AlgorithmParameterSpec spec) {
@@ -197,6 +185,11 @@
return (outputLength == ospec.getOutputLength());
}
+ /**
+ * Returns the output length of the hash/digest.
+ */
+ abstract int getDigestLength();
+
static final class SHA1 extends DOMHMACSignatureMethod {
SHA1(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
@@ -211,6 +204,9 @@
String getSignatureAlgorithm() {
return "HmacSHA1";
}
+ int getDigestLength() {
+ return 160;
+ }
}
static final class SHA256 extends DOMHMACSignatureMethod {
@@ -227,6 +223,9 @@
String getSignatureAlgorithm() {
return "HmacSHA256";
}
+ int getDigestLength() {
+ return 256;
+ }
}
static final class SHA384 extends DOMHMACSignatureMethod {
@@ -243,6 +242,9 @@
String getSignatureAlgorithm() {
return "HmacSHA384";
}
+ int getDigestLength() {
+ return 384;
+ }
}
static final class SHA512 extends DOMHMACSignatureMethod {
@@ -259,5 +261,8 @@
String getSignatureAlgorithm() {
return "HmacSHA512";
}
+ int getDigestLength() {
+ return 512;
+ }
}
}