8151893: Add security property to configure XML Signature secure validation mode
Reviewed-by: jnimeh, xuelei
--- a/jdk/src/java.base/share/conf/security/java.security Thu Aug 25 13:29:47 2016 +0200
+++ b/jdk/src/java.base/share/conf/security/java.security Thu Aug 25 15:06:26 2016 -0400
@@ -803,3 +803,44 @@
# E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
# EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
# FFFFFFFF FFFFFFFF, 2}
+
+#
+# The policy for the XML Signature secure validation mode. The mode is
+# enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
+# true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
+# or by running the code with a SecurityManager.
+#
+# Policy:
+# Constraint {"," Constraint }
+# Constraint:
+# AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
+# ReferenceUriSchemeConstraint | OtherConstraint
+# AlgConstraint
+# "disallowAlg" Uri
+# MaxTransformsConstraint:
+# "maxTransforms" Integer
+# MaxReferencesConstraint:
+# "maxReferences" Integer
+# ReferenceUriSchemeConstraint:
+# "disallowReferenceUriSchemes" String { String }
+# OtherConstraint:
+# "noDuplicateIds" | "noRetrievalMethodLoops"
+#
+# For AlgConstraint, Uri is the algorithm URI String that is not allowed.
+# See the XML Signature Recommendation for more information on algorithm
+# URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is
+# specified more than once, only the last entry is enforced.
+#
+# Note: This property is currently used by the JDK Reference implementation. It
+# is not guaranteed to be examined and used by other implementations.
+#
+jdk.xml.dsig.secureValidationPolicy=\
+ disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
+ disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\
+ disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\
+ disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\
+ maxTransforms 5,\
+ maxReferences 30,\
+ disallowReferenceUriSchemes file http https,\
+ noDuplicateIds,\
+ noRetrievalMethodLoops
--- a/jdk/src/java.base/share/lib/security/default.policy Thu Aug 25 13:29:47 2016 +0200
+++ b/jdk/src/java.base/share/lib/security/default.policy Thu Aug 25 15:06:26 2016 -0400
@@ -72,6 +72,8 @@
"removeProviderProperty.XMLDSig";
permission java.security.SecurityPermission
"com.sun.org.apache.xml.internal.security.register";
+ permission java.security.SecurityPermission
+ "getProperty.jdk.xml.dsig.secureValidationPolicy";
};
grant codeBase "jrt:/java.xml.ws" {
--- a/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java Thu Aug 25 13:29:47 2016 +0200
+++ b/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java Thu Aug 25 15:06:26 2016 -0400
@@ -21,7 +21,7 @@
* under the License.
*/
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
*/
/*
* $Id: ApacheTransform.java 1333869 2012-05-04 10:42:44Z coheigea $
@@ -38,7 +38,6 @@
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.transforms.Transform;
-import com.sun.org.apache.xml.internal.security.transforms.Transforms;
import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
@@ -150,7 +149,7 @@
if (Utils.secureValidation(xc)) {
String algorithm = getAlgorithm();
- if (Transforms.TRANSFORM_XSLT.equals(algorithm)) {
+ if (Policy.restrictAlg(algorithm)) {
throw new TransformException(
"Transform " + algorithm + " is forbidden when secure validation is enabled"
);
--- a/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java Thu Aug 25 13:29:47 2016 +0200
+++ b/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java Thu Aug 25 15:06:26 2016 -0400
@@ -21,7 +21,7 @@
* under the License.
*/
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
*/
/*
* $Id: DOMManifest.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -110,9 +110,10 @@
localName + ", expected Reference");
}
refs.add(new DOMReference(refElem, context, provider));
- if (secVal && (refs.size() > DOMSignedInfo.MAXIMUM_REFERENCE_COUNT)) {
- String error = "A maxiumum of " + DOMSignedInfo.MAXIMUM_REFERENCE_COUNT + " "
- + "references per Manifest are allowed with secure validation";
+ if (secVal && Policy.restrictNumReferences(refs.size())) {
+ String error = "A maximum of " + Policy.maxReferences()
+ + " references per Manifest are allowed when"
+ + " secure validation is enabled";
throw new MarshalException(error);
}
refElem = DOMUtils.getNextSiblingElement(refElem);
--- a/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java Thu Aug 25 13:29:47 2016 +0200
+++ b/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java Thu Aug 25 15:06:26 2016 -0400
@@ -21,7 +21,7 @@
* under the License.
*/
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
*/
/*
* ===========================================================================
@@ -51,7 +51,6 @@
import org.w3c.dom.Node;
import org.jcp.xml.dsig.internal.DigesterOutputStream;
-import com.sun.org.apache.xml.internal.security.algorithms.MessageDigestAlgorithm;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.utils.Base64;
@@ -67,11 +66,6 @@
implements Reference, DOMURIReference {
/**
- * The maximum number of transforms per reference, if secure validation is enabled.
- */
- public static final int MAXIMUM_TRANSFORM_COUNT = 5;
-
- /**
* Look up useC14N11 system property. If true, an explicit C14N11 transform
* will be added if necessary when generating the signature. See section
* 3.1.1 of http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ for more info.
@@ -208,9 +202,10 @@
}
transforms.add
(new DOMTransform(transformElem, context, provider));
- if (secVal && (transforms.size() > MAXIMUM_TRANSFORM_COUNT)) {
- String error = "A maxiumum of " + MAXIMUM_TRANSFORM_COUNT + " "
- + "transforms per Reference are allowed with secure validation";
+ if (secVal && Policy.restrictNumTransforms(transforms.size())) {
+ String error = "A maximum of " + Policy.maxTransforms()
+ + " transforms per Reference are allowed when"
+ + " secure validation is enabled";
throw new MarshalException(error);
}
transformElem = DOMUtils.getNextSiblingElement(transformElem);
@@ -227,10 +222,10 @@
Element dmElem = nextSibling;
this.digestMethod = DOMDigestMethod.unmarshal(dmElem);
String digestMethodAlgorithm = this.digestMethod.getAlgorithm();
- if (secVal
- && MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5.equals(digestMethodAlgorithm)) {
+ if (secVal && Policy.restrictAlg(digestMethodAlgorithm)) {
throw new MarshalException(
- "It is forbidden to use algorithm " + digestMethod + " when secure validation is enabled"
+ "It is forbidden to use algorithm " + digestMethodAlgorithm +
+ " when secure validation is enabled"
);
}
--- a/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java Thu Aug 25 13:29:47 2016 +0200
+++ b/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java Thu Aug 25 15:06:26 2016 -0400
@@ -21,7 +21,7 @@
* under the License.
*/
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
*/
/*
* ===========================================================================
@@ -149,9 +149,10 @@
}
transforms.add
(new DOMTransform(transformElem, context, provider));
- if (secVal && (transforms.size() > DOMReference.MAXIMUM_TRANSFORM_COUNT)) {
- String error = "A maxiumum of " + DOMReference.MAXIMUM_TRANSFORM_COUNT + " "
- + "transforms per Reference are allowed with secure validation";
+ if (secVal && Policy.restrictNumTransforms(transforms.size())) {
+ String error = "A maximum of " + Policy.maxTransforms()
+ + " transforms per Reference are allowed when"
+ + " secure validation is enabled";
throw new MarshalException(error);
}
transformElem = DOMUtils.getNextSiblingElement(transformElem);
@@ -238,7 +239,8 @@
}
// guard against RetrievalMethod loops
- if ((data instanceof NodeSetData) && Utils.secureValidation(context)) {
+ if ((data instanceof NodeSetData) && Utils.secureValidation(context)
+ && Policy.restrictRetrievalMethodLoops()) {
NodeSetData<?> nsd = (NodeSetData<?>)data;
Iterator<?> i = nsd.iterator();
if (i.hasNext()) {
--- a/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java Thu Aug 25 13:29:47 2016 +0200
+++ b/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java Thu Aug 25 15:06:26 2016 -0400
@@ -21,7 +21,7 @@
* under the License.
*/
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
*/
/*
* $Id: DOMSignedInfo.java 1333415 2012-05-03 12:03:51Z coheigea $
@@ -45,7 +45,6 @@
import org.w3c.dom.Node;
import com.sun.org.apache.xml.internal.security.utils.Base64;
-import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream;
/**
@@ -55,22 +54,9 @@
*/
public final class DOMSignedInfo extends DOMStructure implements SignedInfo {
- /**
- * The maximum number of references per Manifest, if secure validation is enabled.
- */
- public static final int MAXIMUM_REFERENCE_COUNT = 30;
-
private static java.util.logging.Logger log =
java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
- /** Signature - NOT Recommended RSAwithMD5 */
- private static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
- Constants.MoreAlgorithmsSpecNS + "rsa-md5";
-
- /** HMAC - NOT Recommended HMAC-MD5 */
- private static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =
- Constants.MoreAlgorithmsSpecNS + "hmac-md5";
-
private List<Reference> references;
private CanonicalizationMethod canonicalizationMethod;
private SignatureMethod signatureMethod;
@@ -158,10 +144,10 @@
boolean secVal = Utils.secureValidation(context);
String signatureMethodAlgorithm = signatureMethod.getAlgorithm();
- if (secVal && ((ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(signatureMethodAlgorithm)
- || ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5.equals(signatureMethodAlgorithm)))) {
+ if (secVal && Policy.restrictAlg(signatureMethodAlgorithm)) {
throw new MarshalException(
- "It is forbidden to use algorithm " + signatureMethod + " when secure validation is enabled"
+ "It is forbidden to use algorithm " + signatureMethodAlgorithm +
+ " when secure validation is enabled"
);
}
@@ -179,9 +165,10 @@
}
refList.add(new DOMReference(refElem, context, provider));
- if (secVal && (refList.size() > MAXIMUM_REFERENCE_COUNT)) {
- String error = "A maxiumum of " + MAXIMUM_REFERENCE_COUNT + " "
- + "references per Manifest are allowed with secure validation";
+ if (secVal && Policy.restrictNumReferences(refList.size())) {
+ String error = "A maximum of " + Policy.maxReferences()
+ + " references per Manifest are allowed when"
+ + " secure validation is enabled";
throw new MarshalException(error);
}
refElem = DOMUtils.getNextSiblingElement(refElem);
--- a/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java Thu Aug 25 13:29:47 2016 +0200
+++ b/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java Thu Aug 25 15:06:26 2016 -0400
@@ -21,7 +21,7 @@
* under the License.
*/
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
*/
/*
* $Id: DOMURIDereferencer.java 1231033 2012-01-13 12:12:12Z coheigea $
@@ -73,6 +73,11 @@
boolean secVal = Utils.secureValidation(context);
+ if (secVal && Policy.restrictReferenceUriScheme(uri)) {
+ throw new URIReferenceException(
+ "Uri " + uri + " is forbidden when secure validation is enabled");
+ }
+
// Check if same-document URI and already registered on the context
if (uri != null && uri.length() != 0 && uri.charAt(0) == '#') {
String id = uri.substring(1);
@@ -83,12 +88,19 @@
id = id.substring(i1+1, i2);
}
- Node referencedElem = dcc.getElementById(id);
+ // check if element is registered by Id
+ Node referencedElem = uriAttr.getOwnerDocument().getElementById(id);
+ if (referencedElem == null) {
+ // see if element is registered in DOMCryptoContext
+ referencedElem = dcc.getElementById(id);
+ }
if (referencedElem != null) {
- if (secVal) {
+ if (secVal && Policy.restrictDuplicateIds()) {
Element start = referencedElem.getOwnerDocument().getDocumentElement();
if (!XMLUtils.protectAgainstWrappingAttack(start, (Element)referencedElem, id)) {
- String error = "Multiple Elements with the same ID " + id + " were detected";
+ String error = "Multiple Elements with the same ID "
+ + id + " detected when secure validation"
+ + " is enabled";
throw new URIReferenceException(error);
}
}
@@ -110,9 +122,9 @@
try {
ResourceResolver apacheResolver =
- ResourceResolver.getInstance(uriAttr, baseURI, secVal);
+ ResourceResolver.getInstance(uriAttr, baseURI, false);
XMLSignatureInput in = apacheResolver.resolve(uriAttr,
- baseURI, secVal);
+ baseURI, false);
if (in.isOctetStream()) {
return new ApacheOctetStreamData(in);
} else {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/Policy.java Thu Aug 25 15:06:26 2016 -0400
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package org.jcp.xml.dsig.internal.dom;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.AccessController;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Security;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Locale;
+import java.util.Set;
+
+/**
+ * The secure validation policy as specified by the
+ * jdk.xml.dsig.secureValidationPolicy security property.
+ */
+public final class Policy {
+
+ // all restrictions are initialized to be unconstrained
+ private static Set<URI> disallowedAlgs = new HashSet<>();
+ private static int maxTrans = Integer.MAX_VALUE;
+ private static int maxRefs = Integer.MAX_VALUE;
+ private static Set<String> disallowedRefUriSchemes = new HashSet<>();
+ private static boolean noDuplicateIds = false;
+ private static boolean noRMLoops = false;
+
+ static {
+ try {
+ initialize();
+ } catch (Exception e) {
+ throw new SecurityException(
+ "Cannot initialize the secure validation policy", e);
+ }
+ }
+
+ private Policy() {}
+
+ private static void initialize() {
+ String prop =
+ AccessController.doPrivileged((PrivilegedAction<String>) () ->
+ Security.getProperty("jdk.xml.dsig.secureValidationPolicy"));
+ if (prop == null || prop.isEmpty()) {
+ // no policy specified, so don't enforce any restrictions
+ return;
+ }
+ String[] entries = prop.split(",");
+ for (String entry : entries) {
+ String[] tokens = entry.split("\\s");
+ String type = tokens[0];
+ switch(type) {
+ case "disallowAlg":
+ if (tokens.length != 2) {
+ error(entry);
+ }
+ disallowedAlgs.add(URI.create(tokens[1]));
+ break;
+ case "maxTransforms":
+ if (tokens.length != 2) {
+ error(entry);
+ }
+ maxTrans = Integer.parseUnsignedInt(tokens[1]);
+ break;
+ case "maxReferences":
+ if (tokens.length != 2) {
+ error(entry);
+ }
+ maxRefs = Integer.parseUnsignedInt(tokens[1]);
+ break;
+ case "disallowReferenceUriSchemes":
+ if (tokens.length == 1) {
+ error(entry);
+ }
+ for (int i = 1; i < tokens.length; i++) {
+ String scheme = tokens[i];
+ disallowedRefUriSchemes.add(
+ scheme.toLowerCase(Locale.ROOT));
+ }
+ break;
+ case "noDuplicateIds":
+ if (tokens.length != 1) {
+ error(entry);
+ }
+ noDuplicateIds = true;
+ break;
+ case "noRetrievalMethodLoops":
+ if (tokens.length != 1) {
+ error(entry);
+ }
+ noRMLoops = true;
+ break;
+ default:
+ error(entry);
+ }
+ }
+ }
+
+ public static boolean restrictAlg(String alg) {
+ try {
+ URI uri = new URI(alg);
+ return disallowedAlgs.contains(uri);
+ } catch (URISyntaxException use) {
+ return false;
+ }
+ }
+
+ public static boolean restrictNumTransforms(int numTrans) {
+ return (numTrans > maxTrans);
+ }
+
+ public static boolean restrictNumReferences(int numRefs) {
+ return (numRefs > maxRefs);
+ }
+
+ public static boolean restrictReferenceUriScheme(String uri) {
+ if (uri != null) {
+ String scheme = java.net.URI.create(uri).getScheme();
+ if (scheme != null) {
+ return disallowedRefUriSchemes.contains(
+ scheme.toLowerCase(Locale.ROOT));
+ }
+ }
+ return false;
+ }
+
+ public static boolean restrictDuplicateIds() {
+ return noDuplicateIds;
+ }
+
+ public static boolean restrictRetrievalMethodLoops() {
+ return noRMLoops;
+ }
+
+ public static Set<URI> disabledAlgs() {
+ return Collections.<URI>unmodifiableSet(disallowedAlgs);
+ }
+
+ public static int maxTransforms() {
+ return maxTrans;
+ }
+
+ public static int maxReferences() {
+ return maxRefs;
+ }
+
+ public static Set<String> disabledReferenceUriSchemes() {
+ return Collections.<String>unmodifiableSet(disallowedRefUriSchemes);
+ }
+
+ private static void error(String entry) {
+ throw new IllegalArgumentException(
+ "Invalid jdk.xml.dsig.secureValidationPolicy entry: " + entry);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/xml/crypto/dsig/SecureValidationPolicy.java Thu Aug 25 15:06:26 2016 -0400
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8151893
+ * @summary Tests for the jdk.xml.dsig.secureValidationPolicy security property
+ * @modules java.xml.crypto/org.jcp.xml.dsig.internal.dom
+ */
+
+import java.security.Security;
+import java.util.List;
+import org.jcp.xml.dsig.internal.dom.Policy;
+
+public class SecureValidationPolicy {
+
+ public static void main(String[] args) throws Exception {
+
+ List<String> restrictedSchemes = List.of("file:/tmp/foo",
+ "http://java.com", "https://java.com");
+ List<String> restrictedAlgs = List.of(
+ "http://www.w3.org/TR/1999/REC-xslt-19991116",
+ "http://www.w3.org/2001/04/xmldsig-more#rsa-md5",
+ "http://www.w3.org/2001/04/xmldsig-more#hmac-md5",
+ "http://www.w3.org/2001/04/xmldsig-more#md5");
+
+ // Test expected defaults
+ System.out.println("Testing defaults");
+ if (!Policy.restrictNumTransforms(6)) {
+ throw new Exception("maxTransforms not enforced");
+ }
+ if (!Policy.restrictNumReferences(31)) {
+ throw new Exception("maxReferences not enforced");
+ }
+ for (String scheme : restrictedSchemes) {
+ if (!Policy.restrictReferenceUriScheme(scheme)) {
+ throw new Exception(scheme + " scheme not restricted");
+ }
+ }
+ for (String alg : restrictedAlgs) {
+ if (!Policy.restrictAlg(alg)) {
+ throw new Exception(alg + " alg not restricted");
+ }
+ }
+ if (!Policy.restrictDuplicateIds()) {
+ throw new Exception("noDuplicateIds not enforced");
+ }
+ if (!Policy.restrictRetrievalMethodLoops()) {
+ throw new Exception("noRetrievalMethodLoops not enforced");
+ }
+ }
+}