# HG changeset patch # User xuelei # Date 1368536110 25200 # Node ID 1ee4c9ea5d069f1a31fa0ad5878e74b60a4ff83d # Parent 26e69da689b9dcdcdec4ee67d0b6b355293ab01c 8014281: Better checking of XML signature Summary: also reviewed by Andrew Gross and Christophe Ravel Reviewed-by: mullan diff -r 26e69da689b9 -r 1ee4c9ea5d06 jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java --- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java Mon May 13 17:50:14 2013 -0400 +++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java Tue May 14 05:55:10 2013 -0700 @@ -51,6 +51,11 @@ public DOMCanonicalizationMethod(TransformService spi) throws InvalidAlgorithmParameterException { super(spi); + if (!(spi instanceof ApacheCanonicalizer) && + !isC14Nalg(spi.getAlgorithm())) { + throw new InvalidAlgorithmParameterException( + "Illegal CanonicalizationMethod"); + } } /** @@ -63,6 +68,10 @@ public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context, Provider provider) throws MarshalException { super(cmElem, context, provider); + if (!(spi instanceof ApacheCanonicalizer) && + !isC14Nalg(spi.getAlgorithm())) { + throw new MarshalException("Illegal CanonicalizationMethod"); + } } /** @@ -101,4 +110,13 @@ return (getAlgorithm().equals(ocm.getAlgorithm()) && DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec())); } + + private static boolean isC14Nalg(String alg) { + return (alg.equals(CanonicalizationMethod.INCLUSIVE) || + alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) || + alg.equals(CanonicalizationMethod.EXCLUSIVE) || + alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) || + alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) || + alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS)); + } }