Modified apache sign module source is removed.
And related our codes are renewed.
Change-Id: Ibea731c3c17fee332b2e432fc44adbd5930fcecd
Signed-off-by: Jihoon Song <jihoon80.song@samsung.com>
<classpathentry exported="true" kind="lib" path="lib/bcpkix-jdk15on-147.jar"/>
<classpathentry exported="true" kind="lib" path="lib/bcprov-jdk15on-147.jar"/>
<classpathentry exported="true" kind="lib" path="lib/commons-codec-1.7.jar"/>
+ <classpathentry exported="true" kind="lib" path="lib/commons-logging-1.1.1.jar"/>
<classpathentry exported="true" kind="lib" path="lib/org.apache.commons.httpclient.jar"/>
- <classpathentry exported="true" kind="lib" path="lib/serializer-2.7.1.jar"/>
- <classpathentry exported="true" kind="lib" path="lib/xalan-2.7.1.jar"/>
- <classpathentry exported="true" kind="lib" path="lib/xercesImpl-2.9.1.jar"/>
- <classpathentry exported="true" kind="lib" path="lib/xml-apis-1.3.04.jar"/>
+ <classpathentry exported="true" kind="lib" path="lib/xmlsec-1.5.3.jar"/>
<classpathentry exported="true" kind="lib" path="lib/KeyCertGeneratorApi.jar"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
Import-Package: org.eclipse.core.resources,
org.eclipse.ui.actions
Bundle-Vendor: %Bundle-Vendor
-Export-Package: hashsign,
- org.tizen.common.sign,
+Export-Package: org.tizen.common.sign,
org.tizen.common.sign.command,
org.tizen.common.sign.exception,
org.tizen.common.sign.model,
Bundle-ClassPath: lib/bcpkix-jdk15on-147.jar,
lib/bcprov-jdk15on-147.jar,
lib/commons-codec-1.7.jar,
+ lib/commons-logging-1.1.1.jar,
lib/org.apache.commons.httpclient.jar,
- lib/serializer-2.7.1.jar,
- lib/xalan-2.7.1.jar,
- lib/xercesImpl-2.9.1.jar,
- lib/xml-apis-1.3.04.jar,
+ lib/xmlsec-1.5.3.jar,
lib/KeyCertGeneratorApi.jar,
.
+++ /dev/null
-* xmlsec-1.5.3 libraries
-org.apach.commons.httpclient.jar
-serializer-2.7.1.jar
-xalan-2.7.1.jar
-xercesImpl-2.9.1.jar
-xml-apis-1.3.04.jar
-
-* hashsign libraries
-bcpkix-jdk15on-147.jar
-bcprov-jdk15on-147.jar
-commons-codec-1.7.jar
\ No newline at end of file
+++ /dev/null
-/*
- * Common
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
- *
- * Contact:
- * Jihoon Song <jihoon80.song@samsung.com>
- * BonYong Lee <bonyong.lee@samsung.com>
- * Kangho Kim <kh5325.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Contributors:
- * - S-Core Co., Ltd
- *
- */
-package hashsign;
-
-import org.apache.commons.httpclient.URIException;
-import org.apache.xml.security.signature.ObjectContainer;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.Transforms;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMReader;
-import org.bouncycastle.openssl.PasswordFinder;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-
-import org.apache.xml.security.signature.XMLSignature;
-import javax.xml.parsers.*;
-import javax.xml.transform.TransformerException;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.KeyInfo;
-import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-
-import java.io.*;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Security;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.util.Enumeration;
-import java.util.LinkedList;
-
-public class HashingSigning {
-
- private static class Password implements PasswordFinder {
- char[] password;
-
- Password(char[] word) {
- this.password = word;
- }
-
- public char[] getPassword() {
- return password;
- }
- }
-
- /*
- * INFO: First implementation mode of SISO. ENVELOPING is used only in the present
- */
- public enum Signing_Mode {
- DETACHED, // When the data to be signed is outside of signature element
- ENVELOPING; // For signing object element that is part of the Signature
- // element
- };
-
- public static String FileName;
- private static String PKString = "PKCS12";
- private String SigTag = null;
- private static int DistributorNumber = 1;
- private static String Dist = "distributor";
- private static String Auth = "author";
- private LinkedList<String> FileList = new LinkedList<String>();
-
- public static void AuthorSignature(String appDirPath,
- String pkContentFilePath, String pkContentFilePasswd,
- String caCertPath, String rootCertPath)
- throws UnrecoverableKeyException, KeyStoreException,
- XMLSignatureException, NoSuchAlgorithmException,
- CertificateException, FileNotFoundException,
- InvalidAlgorithmParameterException, IOException,
- ParserConfigurationException, TransformerException,
- MarshalException, javax.xml.crypto.dsig.XMLSignatureException,
- SAXException, IllegalArgumentException, IllegalStateException,
- OutOfMemoryError {
- HashingSigning hashSign = new HashingSigning();
-
- hashSign.removeTmpFile(appDirPath);
-
- hashSign.HashSignEntryFromIde(appDirPath, pkContentFilePath,
- pkContentFilePasswd, caCertPath, rootCertPath, Auth, false);
- }
-
- public static void AuthorSignatureRDS(String appDirPath,
- String pkContentFilePath, String pkContentFilePasswd,
- String caCertPath, String rootCertPath)
- throws UnrecoverableKeyException, KeyStoreException,
- XMLSignatureException, NoSuchAlgorithmException,
- CertificateException, FileNotFoundException,
- InvalidAlgorithmParameterException, IOException,
- ParserConfigurationException, TransformerException,
- MarshalException, javax.xml.crypto.dsig.XMLSignatureException,
- SAXException, IllegalArgumentException, IllegalStateException,
- OutOfMemoryError {
- HashingSigning hashSign = new HashingSigning();
-
- hashSign.HashSignEntryFromIde(appDirPath, pkContentFilePath,
- pkContentFilePasswd, caCertPath, rootCertPath, Auth, true);
- }
-
- public static void DistributorSignature(String appDirPath,
- String pkContentFilePath, String pkContentFilePasswd,
- String caCertPath, String rootCertPath, int distNumber)
- throws UnrecoverableKeyException, KeyStoreException,
- NoSuchAlgorithmException, CertificateException,
- FileNotFoundException, InvalidAlgorithmParameterException,
- IOException, ParserConfigurationException, TransformerException,
- MarshalException, javax.xml.crypto.dsig.XMLSignatureException,
- SAXException {
- HashingSigning hashSign = new HashingSigning();
-
- hashSign.Set(distNumber);
- hashSign.removeTmpFile(appDirPath);
- // if (isRemoved == false) {
- // System.out.println("/manifest.tmp couldn't delete!");
- // }
- hashSign.HashSignEntryFromIde(appDirPath, pkContentFilePath,
- pkContentFilePasswd, caCertPath, rootCertPath, Dist, false);
- }
-
- public static void DistributorSignatureRDS(String appDirPath,
- String pkContentFilePath, String pkContentFilePasswd,
- String caCertPath, String rootCertPath, int distNumber)
- throws UnrecoverableKeyException, KeyStoreException,
- NoSuchAlgorithmException, CertificateException,
- FileNotFoundException, InvalidAlgorithmParameterException,
- IOException, ParserConfigurationException, TransformerException,
- MarshalException, javax.xml.crypto.dsig.XMLSignatureException,
- SAXException {
- HashingSigning hashSign = new HashingSigning();
-
- hashSign.Set(distNumber);
-
- hashSign.HashSignEntryFromIde(appDirPath, pkContentFilePath,
- pkContentFilePasswd, caCertPath, rootCertPath, Dist, true);
- }
-
- public static boolean CheckPkcs12Password(String pkcsContentFilePath,
- String pkcsPassValue) throws FileNotFoundException,
- NoSuchAlgorithmException, CertificateException, IOException,
- KeyStoreException {
-
- String alias = "";
- FileInputStream certInStream = null;
- try {
- // Load the KeyStore and get the signing key and certificate.
- KeyStore keyStore = KeyStore.getInstance(PKString);
-
- // Retrieve the RSA PrivateKey from PKCS12 KeyCertificate Structure
- certInStream = new FileInputStream(pkcsContentFilePath);
- keyStore.load(certInStream, pkcsPassValue.toCharArray());
-
- // Find alias of privateKey from PKCS12 KeyCertificate Structure
- Enumeration<String> en = keyStore.aliases();
- for (; en.hasMoreElements();) {
- String aliasElement = (String) en.nextElement();
-
- // Check if the alias is for private key.
- if (keyStore.isKeyEntry(aliasElement) == true) {
- alias = aliasElement;
- break;
- }
- }
- if (alias.isEmpty()) {
- KeyStoreException e = new KeyStoreException(
- "Alias is not found.");
- throw e;
- }
- RSAPrivateCrtKey pKey = (RSAPrivateCrtKey) keyStore.getKey(alias,
- pkcsPassValue.toCharArray());
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- throw e;
- } catch (KeyStoreException e) {
- e.printStackTrace();
- throw e;
- } catch (IOException e) {
- System.out.println(pkcsContentFilePath
- + " is invalid certificate file or password incorrect.");
- return false;
- } catch (UnrecoverableKeyException e) {
- System.out.println(pkcsContentFilePath
- + " is invalid certificate file or password incorrect.");
- return false;
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- throw e;
- } catch (CertificateException e) {
- e.printStackTrace();
- throw e;
- } finally {
- try {
- if (certInStream != null)
- certInStream.close();
- } catch (IOException e) {
- System.out.println(pkcsContentFilePath + " cannot be closed.");
- throw e;
- }
- }
- return true;
- }
-
- private void Set(int distNumber) {
- DistributorNumber = distNumber;
- }
-
- private boolean removeTmpFile(String dirPath) {
- String tempManifestPath = dirPath.concat("/.manifest.tmp");
- File tmpManifestFile = new File(tempManifestPath);
-
- if (tmpManifestFile.exists() == true) {
- return tmpManifestFile.delete();
- }
-
- return true;
- }
-
- private void HashSignEntryFromIde(String appDirPath,
- String pkContentFilePath, String pkContentFilePasswd,
- String caCertPath, String rootCertPath, String signerType,
- boolean isRds) throws KeyStoreException, NoSuchAlgorithmException,
- CertificateException, FileNotFoundException, IOException,
- UnrecoverableKeyException, InvalidAlgorithmParameterException,
- ParserConfigurationException, TransformerException,
- MarshalException, javax.xml.crypto.dsig.XMLSignatureException,
- SAXException, IllegalArgumentException, IllegalStateException,
- OutOfMemoryError {
-
- HashingSigning hashSign = null;
-
- FileInputStream certInStream = null;
-
- try {
- FileName = "";
-
- /*
- * INFO: check arguments
- */
-
- if (appDirPath == null) {
- throw new IllegalStateException(
- "the appDir Path should not be null");
- }
-
- if (!(new File(appDirPath)).isDirectory()) {
- throw new IllegalArgumentException(
- "The directory path specified is incorrect or does not exist.");
- }
-
- if (pkContentFilePath == null) {
- throw new IllegalStateException(
- "The Author Certificate file (.p12) path should not be null.");
- }
-
- if (!(new File(pkContentFilePath)).isFile()) {
- throw new IllegalArgumentException(
- "The Author Certificate file (.p12) specified is incorrect or does not exist.");
- }
-
- // Load the KeyStore and get the signing key and certificate.
- // This will allow us to verify the input password of pk12 content
- // file is indeed correct before proceeding further
- KeyStore keyStore = KeyStore.getInstance(PKString);
- if (keyStore == null) {
- throw new KeyStoreException(
- "No provider supports a KeyStore implementation for the specified type.");
- }
-
- /*
- * INFO: check to have a key in .p12
- */
-
- // Retrieve the RSA PrivateKey from PKCS12 KeyCertificate Structure
- certInStream = new FileInputStream(pkContentFilePath);
-
- keyStore.load(certInStream, pkContentFilePasswd.toCharArray());
-
- certInStream.close();
-
- String tempDirName = appDirPath.toString();
- tempDirName = tempDirName.replace('\\', '/');
- Signing_Mode sigMode = Signing_Mode.ENVELOPING;
-
- /*
- * INFO: unnecessary code. required refactoring
- */
- hashSign = new HashingSigning();
-
- /*
- * INFO: Unknown purpose.
- */
- Security.addProvider(new BouncyCastleProvider());
-
- hashSign.HashSignExecuteIde(appDirPath, tempDirName,
- pkContentFilePath, pkContentFilePasswd, caCertPath,
- rootCertPath, "prop", sigMode, signerType, isRds);
-
- } catch (OutOfMemoryError e) {
- throw new OutOfMemoryError("Failed to allocate memory");
- } catch (KeyStoreException e) {
- throw new KeyStoreException(
- "No provider supports a KeyStore implementation for the specified type.");
- } catch (CertificateException e) {
- throw new CertificateException(
- "Failed to load the certificates in the keystore.");
- } catch (NoSuchAlgorithmException e) {
- throw new NoSuchAlgorithmException(
- "Algorithm to check the integrity of the keystore cannot be found.");
- } catch (FileNotFoundException e) {
- throw new FileNotFoundException(
- "The file does not exist, is a directory rather than a regular file, or for some other reason cannot be opened for reading.");
- } catch (IOException e) {
- throw new IOException(
- "Password required but not given, or the given password was incorrect.");
- } catch (UnrecoverableKeyException e) {
- throw new UnrecoverableKeyException(
- "Failed to retrieve RSA private key from pkcs12 content file.");
- } catch (InvalidAlgorithmParameterException e) {
- throw new InvalidAlgorithmParameterException(
- "Invalid Algorithm caused failure.");
- } catch (TransformerException e) {
- throw new TransformerException(
- "Error in transforming the XML source in output XML document.");
- } catch (ParserConfigurationException e) {
- throw new ParserConfigurationException(
- "Instantiating the document builder caused an error.");
- } catch (SAXException e) {
- throw new SAXException(
- "Failed to parse the XML Document since root of the XML doc may be invalid.");
- } catch (MarshalException e) {
- throw new MarshalException(
- "Failed to marshal the enveloping or detached signature.");
- } catch (javax.xml.crypto.dsig.XMLSignatureException e) {
- throw new javax.xml.crypto.dsig.XMLSignatureException(
- "Failed to sign the enveloping or detached signature.");
- } catch (IllegalArgumentException e) {
- // e.printStackTrace();
- throw e;
- } catch (IllegalStateException e) {
- // e.printStackTrace();
- // throw new IllegalStateException();
- // System.out.println("HashSignEntryFromIde(), e.getMessage() = " +
- // e.getMessage());
- throw e;
- } catch (Exception e) {
- System.out.println("Generic Exception caught");
- e.printStackTrace();
- } finally {
- try {
- if (certInStream != null) {
- certInStream.close();
- }
- } catch (IOException e) {
- throw new IOException(pkContentFilePath + " cannot be closed.");
- }
- }
- }
-
- private ObjectContainer createObjectElement(final boolean bAuthorSignature,
- final Document doc) throws XMLSecurityException,
- ParserConfigurationException {
-
- String signTypeTarget = bAuthorSignature ? SignatureConstants.authorTarget
- : SignatureConstants.distributorTarget;
- String signTypeRoleURI = bAuthorSignature ? SignatureConstants.authorRoleURI
- : SignatureConstants.distributorRoleURI;
-
- ObjectContainer container = new ObjectContainer(doc);
- container.setId("prop"); //$NON-NLS-1$
-
- Element properties = doc
- .createElement(SignatureConstants.SignatureProperties);
- properties.setAttributeNS(SignatureConstants.xmlnsURI,
- SignatureConstants.signaturePropertiesPrefix,
- SignatureConstants.signaturePropertiesURI);
-
- /* profile */
- Element profileElement = doc
- .createElement(SignatureConstants.profileProperty);
- profileElement.setAttribute(Constants._ATT_URI,
- SignatureConstants.profileURI);
- Element profileProperty = doc
- .createElement(SignatureConstants.SignatureProperty);
- profileProperty.setAttribute(SignatureConstants.id,
- SignatureConstants.profile);
- profileProperty.setAttribute(SignatureConstants.target, signTypeTarget);
- profileProperty.appendChild(profileElement);
- properties.appendChild(profileProperty);
-
- /* role */
- Element roleElement = doc
- .createElement(SignatureConstants.roleProperty);
- roleElement.setAttribute(Constants._ATT_URI, signTypeRoleURI);
- Element roleProperty = doc
- .createElement(SignatureConstants.SignatureProperty);
- roleProperty.setAttribute(SignatureConstants.id,
- SignatureConstants.role);
- roleProperty.setAttribute(SignatureConstants.target, signTypeTarget);
- roleProperty.appendChild(roleElement);
- properties.appendChild(roleProperty);
-
- /* identifier */
- Element identifierElement = doc
- .createElement(SignatureConstants.identifierProperty);
- Element identifierProperty = doc
- .createElement(SignatureConstants.SignatureProperty);
- identifierProperty.setAttribute(SignatureConstants.id,
- SignatureConstants.identifier);
- identifierProperty.setAttribute(SignatureConstants.target,
- signTypeTarget);
- identifierProperty.appendChild(identifierElement);
- properties.appendChild(identifierProperty);
-
- container.appendChild(properties);
-
- return container;
- }
-
- private void HashSignExecuteIde(String appDirPath, String dirName,
- String pkcsContentFilePath, String pkcsPassValue,
- String caCertPath, String rootCertPath, String objId,
- Signing_Mode sigMode, String signerType, boolean isRds)
-
- throws ParserConfigurationException, TransformerException, IOException,
- NoSuchAlgorithmException, InvalidAlgorithmParameterException,
- KeyStoreException, CertificateException, UnrecoverableKeyException,
- MarshalException, javax.xml.crypto.dsig.XMLSignatureException,
- SAXException, IllegalArgumentException, IllegalStateException,
- OutOfMemoryError, XMLSignatureException {
-
- String alias = "";
- String signerFileName = null;
- File dirFolder = null;
-
- FileInputStream certInStream = null;
-
- try {
- /*
- * INFO: determine filename by sign type
- */
-
- if (signerType.matches(Auth)) {
- SigTag = "AuthorSignature";
- signerFileName = "author-signature.xml";
- }
-
- else if (signerType.matches(Dist)) {
- SigTag = "DistributorSignature";
- signerFileName = "signature"
- + String.valueOf(DistributorNumber) + ".xml";
- } else {
- throw new IllegalArgumentException(
- "The signer type cannot be recognized by the tool.");
- }
-
- /*
- * INFO: initialize XML module
- */
- org.apache.xml.security.Init.init();
-
- /*
- * INFO: make XML structures
- */
-
- // Creating signature_file.xml// String caPasswd = null;
- DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory
- .newInstance();
- DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
- Document docName = docBuilder.newDocument();
-
- File baseDir = new File(dirName);
- String baseUriStr = baseDir.toURI().toString();
-
- XMLUtils.setDsPrefix(null);
-
- XMLSignature.setDefaultPrefix(SignatureConstants.dsigURI, "");
-
- XMLSignature xmlSig = new XMLSignature(docName, baseUriStr,
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256,
- CanonicalizationMethod.EXCLUSIVE);
-
- xmlSig.setId(SigTag);
-
- docName.appendChild(xmlSig.getElement());
-
- /*
- * INFO: add reference elements for calculate a digest value
- * Because depends with RDS, if failed, fully sign.
- */
-
- dirFolder = new File(appDirPath.toString());
-
- boolean isRdsAddDocSuccess = false;
-
- if (isRds == true) {
- isRdsAddDocSuccess = this.RdsAddDoc(appDirPath.toString(),
- dirName, xmlSig, signerType);
- if (isRdsAddDocSuccess != true) {
- this.DirectoryParserAndAddDoc(dirFolder, dirName, xmlSig,
- signerType);
- }
- } else {
- this.DirectoryParserAndAddDoc(dirFolder, dirName, xmlSig,
- signerType);
- }
-
- /*
- * INFO: add property elements
- */
-
- ObjectContainer objContainer = createObjectElement(
- signerType.matches(Auth), docName);
-
- xmlSig.appendObject(objContainer);
-
- Transforms transforms = new Transforms(docName);
- transforms.addTransform(Transforms.TRANSFORM_C14N11_OMIT_COMMENTS);
- xmlSig.addDocument("#prop", transforms, DigestMethod.SHA256); //$NON-NLS-1$
-
- /*
- * INFO: get a key
- */
-
- // Load the KeyStore and get the signing key and certificate.
- KeyStore keyStore = KeyStore.getInstance(PKString);
-
- // Retrieve the RSA PrivateKey from PKCS12 KeyCertificate Structure
- certInStream = new FileInputStream(pkcsContentFilePath);
- keyStore.load(certInStream, pkcsPassValue.toCharArray());
- certInStream.close();
-
- // Find alias of privateKey from PKCS12 KeyCertificate Structure
- Enumeration<String> en = keyStore.aliases();
-
- for (; en.hasMoreElements();) {
- String aliasElement = (String) en.nextElement();
-
- // Check if the alias is for private key.
- if (keyStore.isKeyEntry(aliasElement) == true) {
- alias = aliasElement;
- break;
- }
- }
-
- if (alias.isEmpty()) {
- Exception e = new KeyStoreException("Alias is not found.");
- throw e;
- }
- RSAPrivateCrtKey pKey = (RSAPrivateCrtKey) keyStore.getKey(alias,
- pkcsPassValue.toCharArray());
-
- KeyInfo keyInfo = null;
- X509Data x509Data = null;
-
- // Retrieve the Certificate from PKCS12 KeyCertificate
- Certificate[] certChainP12 = null;
-
- /*
- * INFO: get information in key
- */
- certChainP12 = keyStore.getCertificateChain(alias);
- if (certChainP12 == null) {
- throw new IllegalArgumentException(
- "P12 doesn't contain any certificate.");
- }
-
- int certCnt = certChainP12.length;
-
- if (certCnt == 0) {
- throw new IllegalArgumentException(
- "p12 file doesn't contain any certificate.");
- } else if (certCnt == 1) {
- // System.out.println("P12 contains 1 certificate.");
- X509Certificate x509CertClient = (X509Certificate) certChainP12[0];
- xmlSig.addKeyInfo(x509CertClient);
- keyInfo = xmlSig.getKeyInfo();
-
- if (caCertPath != null) {
- X509Certificate x509CertCa = (X509Certificate) ImportCertificate(
- caCertPath, null);
-
- x509Data = keyInfo.itemX509Data(0);
- x509Data.addCertificate(x509CertCa);
- }
-
- if (rootCertPath != null) {
- X509Certificate x509CertRoot = (X509Certificate) ImportCertificate(
- rootCertPath, null);
- x509Data = keyInfo.itemX509Data(0);
- x509Data.addCertificate(x509CertRoot);
- }
-
- } else if (certCnt == 2) {
- // System.out.println("P12 contains 2 certificates.");
- X509Certificate x509CertClient = (X509Certificate) certChainP12[0];
- xmlSig.addKeyInfo(x509CertClient);
-
- keyInfo = xmlSig.getKeyInfo();
-
- X509Certificate x509CertCa = (X509Certificate) certChainP12[1];
- x509Data = keyInfo.itemX509Data(0);
- x509Data.addCertificate(x509CertCa);
-
- if (rootCertPath != null) {
- X509Certificate x509CertRoot = (X509Certificate) ImportCertificate(
- rootCertPath, null);
- x509Data = keyInfo.itemX509Data(0);
- x509Data.addCertificate(x509CertRoot);
- }
- } else if (certCnt == 3) {
- // System.out.println("P12 contains 3 certificates.");
- X509Certificate x509CertClient = (X509Certificate) certChainP12[0];
- xmlSig.addKeyInfo(x509CertClient);
-
- keyInfo = xmlSig.getKeyInfo();
-
- X509Certificate x509CertCa = (X509Certificate) certChainP12[1];
- x509Data = keyInfo.itemX509Data(0);
- x509Data.addCertificate(x509CertCa);
-
- X509Certificate x509CertRoot = (X509Certificate) certChainP12[2];
- x509Data = keyInfo.itemX509Data(0);
- x509Data.addCertificate(x509CertRoot);
-
- } else {
- throw new IllegalArgumentException(
- "p12 file contains too many certificate. Limit is three.");
- }
-
- /*
- * INFO: sign
- */
- if (isRds == true && isRdsAddDocSuccess == true) {
- xmlSig.sign(pKey, dirName, true);
- } else
- xmlSig.sign(pKey, dirName, false);
-
- /*
- * INFO: write XML
- */
- OutputStream outStream = new FileOutputStream(dirName + "/"
- + signerFileName);
- XMLUtils.outputDOM(docName, outStream);
- outStream.close();
-
- FileList.clear();
-
- } catch (OutOfMemoryError e) {
- throw new OutOfMemoryError("Failed to allocate memory");
- } catch (UnrecoverableKeyException e) {
- throw new UnrecoverableKeyException(
- "Failed to retrieve RSA private key from pkcs12 content file.");
- } catch (NoSuchAlgorithmException e) {
- throw new NoSuchAlgorithmException(
- "Incorrect algorithm caused failure.");
- } catch (InvalidAlgorithmParameterException e) {
- throw new InvalidAlgorithmParameterException(
- "Invalid Algorithm caused failure.");
- } catch (KeyStoreException e) {
- throw new KeyStoreException(
- "Failed to get key or certifcate from key structure which may not be in pkcs12 content file.");
- } catch (CertificateException e) {
- throw new CertificateException(
- "Failed to load the certificate because of invalid entry.");
- } catch (TransformerException e) {
- throw new TransformerException(
- "Error in transforming the XML source in output XML document.");
- } catch (ParserConfigurationException e) {
- throw new ParserConfigurationException(
- "Instantiating the document builder caused an error.");
- } catch (IOException e) {
- throw new IOException(
- "The file path given for reading or writing purpose may be invalid.");
- } catch (SAXException e) {
- throw new SAXException(
- "Failed to parse the XML Document since root of the XML doc may be invalid.");
- } catch (MarshalException e) {
- throw new MarshalException(
- "Failed to marshal the enveloping or detached signature.");
- } catch (javax.xml.crypto.dsig.XMLSignatureException e) {
- throw new javax.xml.crypto.dsig.XMLSignatureException(
- "Failed to sign the enveloping or detached signature.");
- } catch (IllegalArgumentException e) {
- throw e;
- } catch (IllegalStateException e) {
- throw e;
- } catch (NullPointerException e) {
- throw new NullPointerException();
- } catch (ClassCastException e) {
- throw new ClassCastException();
- } catch (XMLSignatureException e) {
- e.printStackTrace();
- } catch (Exception e) {
- System.out.println("Generic Exception caught.");
- e.printStackTrace();
- } finally {
- try {
- if (certInStream != null) {
- certInStream.close();
- }
- } catch (IOException e) {
- throw new IOException(pkcsContentFilePath
- + " cannot be closed.");
- }
- }
- }
-
- public static int GetCertLengthP12(String pkcsContentFilePath,
- String pkcsPassValue) throws KeyStoreException,
- NoSuchAlgorithmException, CertificateException, IOException {
- FileInputStream certInStream = null;
- String alias = "";
- int certCnt = 0;
-
- try {
- if (pkcsContentFilePath == null || pkcsPassValue == null) {
- throw new IllegalArgumentException(
- "The p12 filepath and passwd must not be null.");
- }
-
- // Load the KeyStore and get the signing key and certificate.
- KeyStore keyStore = KeyStore.getInstance(PKString);
-
- // Retrieve the RSA PrivateKey from PKCS12 KeyCertificate Structure
- certInStream = new FileInputStream(pkcsContentFilePath);
- keyStore.load(certInStream, pkcsPassValue.toCharArray());
- certInStream.close();
-
- // Find alias of privateKey from PKCS12 KeyCertificate Structure
- Enumeration<String> en = keyStore.aliases();
-
- for (; en.hasMoreElements();) {
- String aliasElement = (String) en.nextElement();
-
- // Check if the alias is for private key.
- if (keyStore.isKeyEntry(aliasElement) == true) {
- alias = aliasElement;
- break;
- }
- }
-
- if (alias.isEmpty()) {
- Exception e = new KeyStoreException("Alias is not found.");
- try {
- throw e;
- } catch (Exception e1) {
- // TODO Auto-generated catch block
- e1.printStackTrace();
- }
- }
- // Retrieve the Certificate from PKCS12 KeyCertificate
- Certificate[] certChainP12 = null;
- certChainP12 = keyStore.getCertificateChain(alias);
- certCnt = certChainP12.length;
-
- } catch (KeyStoreException e) {
- e.printStackTrace();
- throw e;
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- throw e;
- } catch (CertificateException e) {
- throw new CertificateException(pkcsContentFilePath
- + " is invalid certificate file or password incorrect.");
- } catch (IOException e) {
- throw new IOException(pkcsContentFilePath
- + " is invalid certificate file or password incorrect.");
- } finally {
- try {
- if (certInStream != null)
- certInStream.close();
- } catch (IOException e) {
- throw new IOException(pkcsContentFilePath
- + " cannot be closed.");
- }
- }
-
- return certCnt;
- }
-
- private boolean RdsAddDoc(String dirPath, String dirName,
- XMLSignature xmlSig, String signerType)
- throws XMLSignatureException, IOException, IllegalStateException {
-
- String trimName = null;
- String tempString = null;
-
- /*
- * INFO: required files for RDS mode
- */
- File diffFp = new File(dirPath.toString().concat("/.delta.lst"));
- File rdsFp = new File(dirPath.toString().concat("/.manifest.tmp"));
-
- if (rdsFp.isFile() != true) {
- throw new IllegalStateException(
- ".manifest.tmp file doesn't exist. Incremental signing failed.");
- }
-
- if (rdsFp.length() == 0) {
- throw new IllegalStateException(
- ".manifest.tmp file exist, but size is zero. Incremental signing failed.");
- }
-
- if (diffFp.isFile() != true) {
- throw new IllegalStateException(
- ".delta.lst file doesn't exist. Incremental signing failed.");
- }
-
- if (diffFp.length() == 0) {
- throw new IllegalStateException(
- ".delta.lst file exist. but size is zero. Incremental signing failed.");
- }
-
- BufferedReader inRds = null;
- BufferedReader inDiff = null;
- FileWriter fd = null;
-
- /*
- * INFO: read the '.manifest.tmp' file
- * reference lists are file paths, and cache lists are read data.
- */
- LinkedList<String> referenceList = new LinkedList<String>();
- LinkedList<String> cacheList = new LinkedList<String>();
-
- try {
- inRds = new BufferedReader(new FileReader(rdsFp));
-
- while ((tempString = inRds.readLine()) != null) {
- if (tempString.contains(".manifest.tmp") == true)
- continue;
- if (tempString.contains(".delta.lst") == true)
- continue;
- if (tempString.contains("author-signature.xml"))
- continue;
- if (tempString.matches(".*.signature.*.xml"))
- continue;
-
- String[] stArray = tempString.split("__DEL__");
-
- if (stArray.length != 2) {
- throw new IllegalStateException(
- ".manifest.tmp file broken. Cache value must contain '__DEL__'. Error Line = "
- + tempString);
- }
- referenceList.add(stArray[0]);
- cacheList.add(tempString);
- }
- inRds.close();
-
- /*
- * INFO: check a permission denied
- */
- if (rdsFp.getParentFile().canWrite() != true) {
- throw new IllegalStateException(
- "Your account does not have sufficient permission to write. Target directory = "
- + rdsFp.getParentFile());
- }
-
- if (rdsFp.canWrite() != true) {
- rdsFp.setWritable(true);
- }
-
- /*
- * INFO: read the '.delta.lst' and update reference lists.
- * If state character is 'D', add '__DEL__DELETE' to the cache list and remove it in reference list.
- * If state character is 'C', add '__DEL_<PATH>' to the reference list.
- */
- fd = new FileWriter(rdsFp, true);
- inDiff = new BufferedReader(new FileReader(diffFp));
-
- while ((tempString = inDiff.readLine()) != null) {
- String[] stArray = tempString.split("__DEL__");
- if (stArray.length != 2) {
- throw new IllegalStateException(
- ".delta.lst file broken. Delemiter wrong. Error Line = "
- + tempString);
- }
-
- tempString = stArray[0];
- String tempKeyEncoded = org.apache.commons.httpclient.util.URIUtil
- .encodePathQuery(stArray[1]);
-
- int lastCharacter = tempString.length();
-
- if (tempString.charAt(lastCharacter - 1) == 'D') {
- tempString = tempString.substring(0, lastCharacter - 1);
-
- File deletedFile = new File(tempString);
- if (deletedFile.isFile() == true) {
- throw new IllegalStateException(
- "delta.lst's deleted file still exist in the disk. file = "
- + tempString);
- }
-
- if (referenceList.remove(tempKeyEncoded) != true) {
- throw new IllegalStateException(
- ".manifest.tmp didn't contain delta.lst's deleted list. Incremental signing cache value broken. line = "
- + tempKeyEncoded);
- }
-
- String deletedDelta = tempKeyEncoded + "__DEL__DELETED";
-
- if (cacheList.contains(deletedDelta) == false) {
- fd.write(deletedDelta + '\n');
- }
- } else if (tempString.charAt(lastCharacter - 1) == 'C') {
- tempString = tempString.substring(0, lastCharacter - 1);
- File createdFile = new File(tempString);
-
- if (createdFile.isFile() == false) {
- throw new IllegalStateException(
- "delta.lst's created file doesn't exist in the disk. file = "
- + tempKeyEncoded);
- }
-
- tempString = tempString.concat("__DEL__");
- tempString = tempString.concat(stArray[1]);
-
- if (referenceList.remove(tempKeyEncoded) == true) {
- } else {
- }
-
- String refUrl = org.apache.commons.httpclient.util.URIUtil
- .encodePathQuery(tempString);
-
- referenceList.add(refUrl);
- } else {
- throw new IllegalStateException(
- ".delta.lst file's delimeter is wrong. Last character must ended with 'C' or 'D'.");
- }
- }
-
- fd.flush();
- fd.close();
-
- inDiff.close();
-
- /*
- * INFO: If update a distributor, require to update an author-siganture.xml
- */
- if (signerType.matches(Dist)) {
- tempString = dirName
- + "/author-signature.xml__DEL__author-signature.xml";
- referenceList.add(tempString);
- }
-
- /*
- * INFO: add updated references to XML
- */
- int size = referenceList.size();
- for (int i = 0; i < size; i++) {
- trimName = referenceList.get(i);
- xmlSig.addDocument(trimName, (Transforms) null,
- DigestMethod.SHA256);
- }
- return true;
-
- } catch (URIException e) {
- e.printStackTrace();
- } catch (IOException e) {
- e.printStackTrace();
- } catch (XMLSignatureException e) {
- e.printStackTrace();
- } catch (IllegalStateException e) {
- throw e;
- } finally {
- try {
- if (inDiff != null) {
- inDiff.close();
- }
- if (inRds != null) {
- inRds.close();
- }
- if (fd != null) {
- fd.close();
- }
- } catch (IOException e) {
- throw new IllegalStateException(
- ".manifest.tmp or .delta.lst cannot be closed.");
- }
- }
- return false;
- }
-
- private int CountFiles(File dirTargetPath, String signerType) {
- int totalCnt = 0;
- String trimName = null;
-
- for (File f : dirTargetPath.listFiles()) {
- if (f.isDirectory()) {
- totalCnt = totalCnt + CountFiles(f, signerType);
- } else {
- trimName = f.getPath();
- if (trimName.contains(".manifest.tmp") == true)
- continue;
- if (trimName.contains(".delta.lst") == true)
- continue;
- if (trimName.matches(".*.xml")) {
- if (trimName.matches(".*.author-signature.xml")
- && signerType.matches(Dist)) {
- // continue
- } else if (trimName.matches(".*.author-signature.xml")
- && signerType.matches(Auth)) {
- continue;
- } else if (trimName.matches(".*.signature.*.xml")) {
- continue;
- } else {
- // continue
- }
- }
- totalCnt = totalCnt + 1;
- // System.out.println("Cnt = " + totalCnt + ", trimName = "
- // + trimName);
- }
- }
- return totalCnt;
- }
-
- private void DirectoryParserAndAddDoc(File dirFolder, String dirName,
- XMLSignature xmlSig, String signerType) throws URIException,
- XMLSignatureException {
- String trimName = null;
- int strLen = 0;
-
- try {
- for (File f : dirFolder.listFiles()) {
- if (f.isDirectory()) {
- DirectoryParserAndAddDoc(f, dirName, xmlSig, signerType); // Recursive
- // Call
- } else {
- trimName = f.getPath();
- if (trimName.contains(".manifest.tmp") == true)
- continue;
- if (trimName.contains(".delta.lst") == true)
- continue;
-
- if (trimName.matches(".*.xml")) {
- if (trimName.matches(".*.author-signature.xml")
- && signerType.matches(Dist)) {
- // continue
- } else if (trimName.matches(".*.author-signature.xml")
- && signerType.matches(Auth)) {
- continue;
- } else if (trimName.matches(".*.signature.*.xml")) {
- continue;
- } else {
- // continue
- }
- }
-
- strLen = dirName.length();
- trimName = trimName.substring(strLen);
-
- trimName = trimName.replace('\\', '/');
- if (trimName.startsWith("/"))
- trimName = trimName.replaceFirst("/", "");
-
- String refUrl = org.apache.commons.httpclient.util.URIUtil
- .encodePathQuery(trimName);
-
- xmlSig.addDocument(refUrl, (Transforms) null,
- DigestMethod.SHA256);
- // System.out.println("refUrl = " + refUrl);
- }
- }
- } catch (URIException e) {
- e.printStackTrace();
- } catch (XMLSignatureException e) {
- e.printStackTrace();
- }
- }
-
- private X509Certificate ImportCertificate(String caCertPath, String password)
- throws FileNotFoundException, IOException {
-
- BufferedReader buffReader = null;
- X509Certificate caCert = null;
-
- PEMReader pemRead = null;
-
- try {
-
- PasswordFinder passFinder = null;
-
- buffReader = new BufferedReader(new FileReader(caCertPath));
- if (password != null) {
- passFinder = new Password(password.toCharArray());
- pemRead = new PEMReader(buffReader, passFinder);
- } else {
- pemRead = new PEMReader(buffReader);
- }
- Object objVal;
-
- while ((objVal = pemRead.readObject()) != null) {
- if (objVal instanceof X509Certificate) {
- caCert = (X509Certificate) objVal;
-
- } else {
- System.out.println("Failed to read CA certificate");
- }
- }
-
- pemRead.close();
- if (caCert == null)
- System.out.println("Failed to read CA certificate");
-
- if (buffReader != null)
- buffReader.close();
-
- return caCert;
-
- } catch (FileNotFoundException e) {
- throw new FileNotFoundException(
- "CA certificate file not found. Please pass valid path.");
- } catch (IOException e) {
- throw new IOException("CA certificate is not valid for reading.");
- } catch (Exception e) {
- System.out.println("Generic Exception caught.");
- e.printStackTrace();
- } finally {
- try {
- if (buffReader != null) {
- buffReader.close();
- }
- if (pemRead != null) {
- pemRead.close();
- }
- } catch (IOException e) {
- throw new IOException(caCertPath + " cannot be closed.");
- }
- }
- return null;
- }
-}
\ No newline at end of file
+++ /dev/null
-/*
- * Common
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
- *
- * Contact:
- * Jihoon Song <jihoon80.song@samsung.com>
- * BonYong Lee <bonyong.lee@samsung.com>
- * Kangho Kim <kh5325.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Contributors:
- * - S-Core Co., Ltd
- *
- */
-package hashsign;
-
-public enum PackageType {
- TPK,
- WGT
-}
\ No newline at end of file
+++ /dev/null
-/*
- * Common
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
- *
- * Contact:
- * Jihoon Song <jihoon80.song@samsung.com>
- * BonYong Lee <bonyong.lee@samsung.com>
- * Kangho Kim <kh5325.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Contributors:
- * - S-Core Co., Ltd
- *
- */
-package hashsign;
-
-public interface SignatureConstants {
- public static String obj = "Object";
- public static String objId = "prop";
- public static String SignatureProperty = "SignatureProperty";
- public static String SignatureProperties = "SignatureProperties";
- public static String distributorTarget = "#DistributorSignature";
- public static String authorTarget = "#AuthorSignature";
- public static String roleProperty = "dsp:Role";
- public static String identifierProperty = "dsp:Identifier";
- public static String profileProperty = "dsp:Profile";
- public static String xmlnsURI = "http://www.w3.org/2000/xmlns/";
- public static String xmlns = "xmlns";
- public static String dsigURI = "http://www.w3.org/2000/09/xmldsig#";
- public static String profileURI = "http://www.w3.org/ns/widgets-digsig#profile";
- public static String distributorRoleURI = "http://www.w3.org/ns/widgets-digsig#role-distributor";
- public static String authorRoleURI = "http://www.w3.org/ns/widgets-digsig#role-author";
- public static String signaturePropertiesURI = "http://www.w3.org/2009/xmldsig-properties";
- public static String signaturePropertiesPrefix = "xmlns:dsp";
- public static String profile = "profile";
- public static String identifier = "identifier";
- public static String role = "role";
- public static String id = "Id";
- public static String target = "Target";
- public static String dsPrefix = "ds";
-}
\ No newline at end of file
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: AlgorithmMethod.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-/**
- * An abstract representation of an algorithm defined in the XML Security
- * specifications. Subclasses represent specific types of XML security
- * algorithms, such as a {@link javax.xml.crypto.dsig.Transform}.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public interface AlgorithmMethod {
-
- /**
- * Returns the algorithm URI of this <code>AlgorithmMethod</code>.
- *
- * @return the algorithm URI of this <code>AlgorithmMethod</code>
- */
- String getAlgorithm();
-
- /**
- * Returns the algorithm parameters of this <code>AlgorithmMethod</code>.
- *
- * @return the algorithm parameters of this <code>AlgorithmMethod</code>.
- * Returns <code>null</code> if this <code>AlgorithmMethod</code> does
- * not require parameters and they are not specified.
- */
- AlgorithmParameterSpec getParameterSpec();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: Data.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-import javax.xml.crypto.dsig.Transform;
-
-/**
- * An abstract representation of the result of dereferencing a
- * {@link URIReference} or the input/output of subsequent {@link Transform}s.
- * The primary purpose of this interface is to group and provide type safety
- * for all <code>Data</code> subtypes.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public interface Data { }
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: KeySelector.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.security.Key;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.RetrievalMethod;
-
-/**
- * A selector that finds and returns a key using the data contained in a
- * {@link KeyInfo} object. An example of an implementation of
- * this class is one that searchs a {@link java.security.KeyStore} for
- * trusted keys that match information contained in a <code>KeyInfo</code>.
- *
- * <p>Whether or not the returned key is trusted and the mechanisms
- * used to determine that is implementation-specific.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public abstract class KeySelector {
-
- /**
- * The purpose of the key that is to be selected.
- */
- public static class Purpose {
-
- private final String name;
-
- private Purpose(String name) { this.name = name; }
-
- /**
- * Returns a string representation of this purpose ("sign",
- * "verify", "encrypt", or "decrypt").
- *
- * @return a string representation of this purpose
- */
- public String toString() { return name; }
-
- /**
- * A key for signing.
- */
- public static final Purpose SIGN = new Purpose("sign");
- /**
- * A key for verifying.
- */
- public static final Purpose VERIFY = new Purpose("verify");
- /**
- * A key for encrypting.
- */
- public static final Purpose ENCRYPT = new Purpose("encrypt");
- /**
- * A key for decrypting.
- */
- public static final Purpose DECRYPT = new Purpose("decrypt");
- }
-
- /**
- * Default no-args constructor; intended for invocation by subclasses only.
- */
- protected KeySelector() {}
-
- /**
- * Attempts to find a key that satisfies the specified constraints.
- *
- * @param keyInfo a <code>KeyInfo</code> (may be <code>null</code>)
- * @param purpose the key's purpose ({@link Purpose#SIGN},
- * {@link Purpose#VERIFY}, {@link Purpose#ENCRYPT}, or
- * {@link Purpose#DECRYPT})
- * @param method the algorithm method that this key is to be used for.
- * Only keys that are compatible with the algorithm and meet the
- * constraints of the specified algorithm should be returned.
- * @param context an <code>XMLCryptoContext</code> that may contain
- * useful information for finding an appropriate key. If this key
- * selector supports resolving {@link RetrievalMethod} types, the
- * context's <code>baseURI</code> and <code>dereferencer</code>
- * parameters (if specified) should be used by the selector to
- * resolve and dereference the URI.
- * @return the result of the key selector
- * @throws KeySelectorException if an exceptional condition occurs while
- * attempting to find a key. Note that an inability to find a key is not
- * considered an exception (<code>null</code> should be
- * returned in that case). However, an error condition (ex: network
- * communications failure) that prevented the <code>KeySelector</code>
- * from finding a potential key should be considered an exception.
- * @throws ClassCastException if the data type of <code>method</code>
- * is not supported by this key selector
- */
- public abstract KeySelectorResult select(KeyInfo keyInfo, Purpose purpose,
- AlgorithmMethod method, XMLCryptoContext context)
- throws KeySelectorException;
-
- /**
- * Returns a <code>KeySelector</code> that always selects the specified
- * key, regardless of the <code>KeyInfo</code> passed to it.
- *
- * @param key the sole key to be stored in the key selector
- * @return a key selector that always selects the specified key
- * @throws NullPointerException if <code>key</code> is <code>null</code>
- */
- public static KeySelector singletonKeySelector(Key key) {
- return new SingletonKeySelector(key);
- }
-
- private static class SingletonKeySelector extends KeySelector {
- private final Key key;
-
- SingletonKeySelector(Key key) {
- if (key == null) {
- throw new NullPointerException();
- }
- this.key = key;
- }
-
- public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose,
- AlgorithmMethod method, XMLCryptoContext context)
- throws KeySelectorException {
-
- return new KeySelectorResult() {
- public Key getKey() {
- return key;
- }
- };
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: KeySelectorException.java 1380216 2012-09-03 12:26:39Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-
-/**
- * Indicates an exceptional condition thrown by a {@link KeySelector}.
- *
- * <p>A <code>KeySelectorException</code> can contain a cause: another
- * throwable that caused this <code>KeySelectorException</code> to get thrown.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public class KeySelectorException extends Exception {
-
- private static final long serialVersionUID = -7480033639322531109L;
-
- /**
- * The throwable that caused this exception to get thrown, or
- * <code>null</code> if this exception was not caused by another throwable
- * or if the causative throwable is unknown.
- *
- * @serial
- */
- private Throwable cause;
-
- /**
- * Constructs a new <code>KeySelectorException</code> with
- * <code>null</code> as its detail message.
- */
- public KeySelectorException() {
- super();
- }
-
- /**
- * Constructs a new <code>KeySelectorException</code> with the specified
- * detail message.
- *
- * @param message the detail message
- */
- public KeySelectorException(String message) {
- super(message);
- }
-
- /**
- * Constructs a new <code>KeySelectorException</code> with the
- * specified detail message and cause.
- * <p>Note that the detail message associated with
- * <code>cause</code> is <i>not</i> automatically incorporated in
- * this exception's detail message.
- *
- * @param message the detail message
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public KeySelectorException(String message, Throwable cause) {
- super(message);
- this.cause = cause;
- }
-
- /**
- * Constructs a new <code>KeySelectorException</code> with the specified
- * cause and a detail message of
- * <code>(cause==null ? null : cause.toString())</code>
- * (which typically contains the class and detail message of
- * <code>cause</code>).
- *
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public KeySelectorException(Throwable cause) {
- super(cause == null ? null : cause.toString());
- this.cause = cause;
- }
-
- /**
- * Returns the cause of this <code>KeySelectorException</code> or
- * <code>null</code> if the cause is nonexistent or unknown. (The
- * cause is the throwable that caused this
- * <code>KeySelectorException</code> to get thrown.)
- *
- * @return the cause of this <code>KeySelectorException</code> or
- * <code>null</code> if the cause is nonexistent or unknown.
- */
- public Throwable getCause() {
- return cause;
- }
-
- /**
- * Prints this <code>KeySelectorException</code>, its backtrace and
- * the cause's backtrace to the standard error stream.
- */
- public void printStackTrace() {
- super.printStackTrace();
- if (cause != null) {
- cause.printStackTrace();
- }
- }
-
- /**
- * Prints this <code>KeySelectorException</code>, its backtrace and
- * the cause's backtrace to the specified print stream.
- *
- * @param s <code>PrintStream</code> to use for output
- */
- public void printStackTrace(PrintStream s) {
- super.printStackTrace(s);
- if (cause != null) {
- cause.printStackTrace(s);
- }
- }
-
- /**
- * Prints this <code>KeySelectorException</code>, its backtrace and
- * the cause's backtrace to the specified print writer.
- *
- * @param s <code>PrintWriter</code> to use for output
- */
- public void printStackTrace(PrintWriter s) {
- super.printStackTrace(s);
- if (cause != null) {
- cause.printStackTrace(s);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: KeySelectorResult.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.security.Key;
-
-/**
- * The result returned by the {@link KeySelector#select KeySelector.select}
- * method.
- * <p>
- * At a minimum, a <code>KeySelectorResult</code> contains the <code>Key</code>
- * selected by the <code>KeySelector</code>. Implementations of this interface
- * may add methods to return implementation or algorithm specific information,
- * such as a chain of certificates or debugging information.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see KeySelector
- */
-public interface KeySelectorResult {
-
- /**
- * Returns the selected key.
- *
- * @return the selected key, or <code>null</code> if none can be found
- */
- Key getKey();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: MarshalException.java 1101389 2011-05-10 09:54:48Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-
-/**
- * Indicates an exceptional condition that occured during the XML
- * marshalling or unmarshalling process.
- *
- * <p>A <code>MarshalException</code> can contain a cause: another
- * throwable that caused this <code>MarshalException</code> to get thrown.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignature#sign(XMLSignContext)
- * @see XMLSignatureFactory#unmarshalXMLSignature(XMLValidateContext)
- */
-public class MarshalException extends Exception {
-
- private static final long serialVersionUID = -863185580332643547L;
-
- /**
- * The throwable that caused this exception to get thrown, or null if this
- * exception was not caused by another throwable or if the causative
- * throwable is unknown.
- *
- * @serial
- */
- private Throwable cause;
-
- /**
- * Constructs a new <code>MarshalException</code> with
- * <code>null</code> as its detail message.
- */
- public MarshalException() {
- super();
- }
-
- /**
- * Constructs a new <code>MarshalException</code> with the specified
- * detail message.
- *
- * @param message the detail message
- */
- public MarshalException(String message) {
- super(message);
- }
-
- /**
- * Constructs a new <code>MarshalException</code> with the
- * specified detail message and cause.
- * <p>Note that the detail message associated with
- * <code>cause</code> is <i>not</i> automatically incorporated in
- * this exception's detail message.
- *
- * @param message the detail message
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public MarshalException(String message, Throwable cause) {
- super(message);
- this.cause = cause;
- }
-
- /**
- * Constructs a new <code>MarshalException</code> with the specified cause
- * and a detail message of <code>(cause==null ? null : cause.toString())
- * </code> (which typically contains the class and detail message of
- * <code>cause</code>).
- *
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public MarshalException(Throwable cause) {
- super(cause == null ? null : cause.toString());
- this.cause = cause;
- }
-
- /**
- * Returns the cause of this <code>MarshalException</code> or
- * <code>null</code> if the cause is nonexistent or unknown. (The
- * cause is the throwable that caused this
- * <code>MarshalException</code> to get thrown.)
- *
- * @return the cause of this <code>MarshalException</code> or
- * <code>null</code> if the cause is nonexistent or unknown.
- */
- public Throwable getCause() {
- return cause;
- }
-
- /**
- * Prints this <code>MarshalException</code>, its backtrace and
- * the cause's backtrace to the standard error stream.
- */
- public void printStackTrace() {
- super.printStackTrace();
- cause.printStackTrace();
- }
-
- /**
- * Prints this <code>MarshalException</code>, its backtrace and
- * the cause's backtrace to the specified print stream.
- *
- * @param s <code>PrintStream</code> to use for output
- */
- public void printStackTrace(PrintStream s) {
- super.printStackTrace(s);
- cause.printStackTrace(s);
- }
-
- /**
- * Prints this <code>MarshalException</code>, its backtrace and
- * the cause's backtrace to the specified print writer.
- *
- * @param s <code>PrintWriter</code> to use for output
- */
- public void printStackTrace(PrintWriter s) {
- super.printStackTrace(s);
- cause.printStackTrace(s);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: NoSuchMechanismException.java 1101389 2011-05-10 09:54:48Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-
-/**
- * This exception is thrown when a particular XML mechanism is requested but
- * is not available in the environment.
- *
- * <p>A <code>NoSuchMechanismException</code> can contain a cause: another
- * throwable that caused this <code>NoSuchMechanismException</code> to get
- * thrown.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#getInstance XMLSignatureFactory.getInstance
- * @see KeyInfoFactory#getInstance KeyInfoFactory.getInstance
- */
-public class NoSuchMechanismException extends RuntimeException {
-
- private static final long serialVersionUID = 4189669069570660166L;
-
- /**
- * The throwable that caused this exception to get thrown, or null if this
- * exception was not caused by another throwable or if the causative
- * throwable is unknown.
- *
- * @serial
- */
- private Throwable cause;
-
- /**
- * Constructs a new <code>NoSuchMechanismException</code> with
- * <code>null</code> as its detail message.
- */
- public NoSuchMechanismException() {
- super();
- }
-
- /**
- * Constructs a new <code>NoSuchMechanismException</code> with the
- * specified detail message.
- *
- * @param message the detail message
- */
- public NoSuchMechanismException(String message) {
- super(message);
- }
-
- /**
- * Constructs a new <code>NoSuchMechanismException</code> with the
- * specified detail message and cause.
- * <p>Note that the detail message associated with
- * <code>cause</code> is <i>not</i> automatically incorporated in
- * this exception's detail message.
- *
- * @param message the detail message
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public NoSuchMechanismException(String message, Throwable cause) {
- super(message);
- this.cause = cause;
- }
-
- /**
- * Constructs a new <code>NoSuchMechanismException</code> with the
- * specified cause and a detail message of
- * <code>(cause==null ? null : cause.toString())</code> (which typically
- * contains the class and detail message of <code>cause</code>).
- *
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public NoSuchMechanismException(Throwable cause) {
- super(cause == null ? null : cause.toString());
- this.cause = cause;
- }
-
- /**
- * Returns the cause of this <code>NoSuchMechanismException</code> or
- * <code>null</code> if the cause is nonexistent or unknown. (The
- * cause is the throwable that caused this
- * <code>NoSuchMechanismException</code> to get thrown.)
- *
- * @return the cause of this <code>NoSuchMechanismException</code> or
- * <code>null</code> if the cause is nonexistent or unknown.
- */
- public Throwable getCause() {
- return cause;
- }
-
- /**
- * Prints this <code>NoSuchMechanismException</code>, its backtrace and
- * the cause's backtrace to the standard error stream.
- */
- public void printStackTrace() {
- super.printStackTrace();
- cause.printStackTrace();
- }
-
- /**
- * Prints this <code>NoSuchMechanismException</code>, its backtrace and
- * the cause's backtrace to the specified print stream.
- *
- * @param s <code>PrintStream</code> to use for output
- */
- public void printStackTrace(PrintStream s) {
- super.printStackTrace(s);
- cause.printStackTrace(s);
- }
-
- /**
- * Prints this <code>NoSuchMechanismException</code>, its backtrace and
- * the cause's backtrace to the specified print writer.
- *
- * @param s <code>PrintWriter</code> to use for output
- */
- public void printStackTrace(PrintWriter s) {
- super.printStackTrace(s);
- cause.printStackTrace(s);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: NodeSetData.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.util.Iterator;
-
-/**
- * An abstract representation of a <code>Data</code> type containing a
- * node-set. The type (class) and ordering of the nodes contained in the set
- * are not defined by this class; instead that behavior should be
- * defined by <code>NodeSetData</code> subclasses.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public interface NodeSetData extends Data {
-
- /**
- * Returns a read-only iterator over the nodes contained in this
- * <code>NodeSetData</code> in
- * <a href="http://www.w3.org/TR/1999/REC-xpath-19991116#dt-document-order">
- * document order</a>. Attempts to modify the returned iterator
- * via the <code>remove</code> method throw
- * <code>UnsupportedOperationException</code>.
- *
- * @return an <code>Iterator</code> over the nodes in this
- * <code>NodeSetData</code> in document order
- */
- Iterator iterator();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-/*
- * $Id: OctetStreamData.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.io.InputStream;
-
-/**
- * A representation of a <code>Data</code> type containing an octet stream.
- */
-public class OctetStreamData implements Data {
-
- private InputStream octetStream;
- private String uri;
- private String mimeType;
-
- /**
- * Creates a new <code>OctetStreamData</code>.
- *
- * @param octetStream the input stream containing the octets
- * @throws NullPointerException if <code>octetStream</code> is
- * <code>null</code>
- */
- public OctetStreamData(InputStream octetStream) {
- if (octetStream == null) {
- throw new NullPointerException("octetStream is null");
- }
- this.octetStream = octetStream;
- }
-
- /**
- * Creates a new <code>OctetStreamData</code>.
- *
- * @param octetStream the input stream containing the octets
- * @param uri the URI String identifying the data object (may be
- * <code>null</code>)
- * @param mimeType the MIME type associated with the data object (may be
- * <code>null</code>)
- * @throws NullPointerException if <code>octetStream</code> is
- * <code>null</code>
- */
- public OctetStreamData(InputStream octetStream, String uri,
- String mimeType) {
- if (octetStream == null) {
- throw new NullPointerException("octetStream is null");
- }
- this.octetStream = octetStream;
- this.uri = uri;
- this.mimeType = mimeType;
- }
-
- /**
- * Returns the input stream of this <code>OctetStreamData</code>.
- *
- * @return the input stream of this <code>OctetStreamData</code>.
- */
- public InputStream getOctetStream() {
- return octetStream;
- }
-
- /**
- * Returns the URI String identifying the data object represented by this
- * <code>OctetStreamData</code>.
- *
- * @return the URI String or <code>null</code> if not applicable
- */
- public String getURI() {
- return uri;
- }
-
- /**
- * Returns the MIME type associated with the data object represented by this
- * <code>OctetStreamData</code>.
- *
- * @return the MIME type or <code>null</code> if not applicable
- */
- public String getMimeType() {
- return mimeType;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Portions copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * ===========================================================================
- *
- * (C) Copyright IBM Corp. 2003 All Rights Reserved.
- *
- * ===========================================================================
- */
-/*
- * $Id: URIDereferencer.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-/**
- * A dereferencer of {@link URIReference}s.
- * <p>
- * The result of dereferencing a <code>URIReference</code> is either an
- * instance of {@link OctetStreamData} or {@link NodeSetData}. Unless the
- * <code>URIReference</code> is a <i>same-document reference</i> as defined
- * in section 4.2 of the W3C Recommendation for XML-Signature Syntax and
- * Processing, the result of dereferencing the <code>URIReference</code>
- * MUST be an <code>OctetStreamData</code>.
- *
- * @author Sean Mullan
- * @author Joyce Leung
- * @author JSR 105 Expert Group
- * @see XMLCryptoContext#setURIDereferencer(URIDereferencer)
- * @see XMLCryptoContext#getURIDereferencer
- */
-public interface URIDereferencer {
-
- /**
- * Dereferences the specified <code>URIReference</code> and returns the
- * dereferenced data.
- *
- * @param uriReference the <code>URIReference</code>
- * @param context an <code>XMLCryptoContext</code> that may
- * contain additional useful information for dereferencing the URI. This
- * implementation should dereference the specified
- * <code>URIReference</code> against the context's <code>baseURI</code>
- * parameter, if specified.
- * @return the dereferenced data
- * @throws NullPointerException if <code>uriReference</code> or
- * <code>context</code> are <code>null</code>
- * @throws URIReferenceException if an exception occurs while
- * dereferencing the specified <code>uriReference</code>
- */
- Data dereference(URIReference uriReference, XMLCryptoContext context)
- throws URIReferenceException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: URIReference.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-/**
- * Identifies a data object via a URI-Reference, as specified by
- * <a href="http://www.ietf.org/rfc/rfc2396.txt">RFC 2396</a>.
- *
- * <p>Note that some subclasses may not have a <code>type</code> attribute
- * and for objects of those types, the {@link #getType} method always returns
- * <code>null</code>.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see URIDereferencer
- */
-public interface URIReference {
-
- /**
- * Returns the URI of the referenced data object.
- *
- * @return the URI of the data object in RFC 2396 format (may be
- * <code>null</code> if not specified)
- */
- String getURI();
-
- /**
- * Returns the type of data referenced by this URI.
- *
- * @return the type (a URI) of the data object (may be <code>null</code>
- * if not specified)
- */
- String getType();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: URIReferenceException.java 1101389 2011-05-10 09:54:48Z coheigea $
- */
-package javax.xml.crypto;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import javax.xml.crypto.dsig.keyinfo.RetrievalMethod;
-
-/**
- * Indicates an exceptional condition thrown while dereferencing a
- * {@link URIReference}.
- *
- * <p>A <code>URIReferenceException</code> can contain a cause: another
- * throwable that caused this <code>URIReferenceException</code> to get thrown.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see URIDereferencer#dereference(URIReference, XMLCryptoContext)
- * @see RetrievalMethod#dereference(XMLCryptoContext)
- */
-public class URIReferenceException extends Exception {
-
- private static final long serialVersionUID = 7173469703932561419L;
-
- /**
- * The throwable that caused this exception to get thrown, or null if this
- * exception was not caused by another throwable or if the causative
- * throwable is unknown.
- *
- * @serial
- */
- private Throwable cause;
-
- private URIReference uriReference;
-
- /**
- * Constructs a new <code>URIReferenceException</code> with
- * <code>null</code> as its detail message.
- */
- public URIReferenceException() {
- super();
- }
-
- /**
- * Constructs a new <code>URIReferenceException</code> with the specified
- * detail message.
- *
- * @param message the detail message
- */
- public URIReferenceException(String message) {
- super(message);
- }
-
- /**
- * Constructs a new <code>URIReferenceException</code> with the
- * specified detail message and cause.
- * <p>Note that the detail message associated with
- * <code>cause</code> is <i>not</i> automatically incorporated in
- * this exception's detail message.
- *
- * @param message the detail message
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public URIReferenceException(String message, Throwable cause) {
- super(message);
- this.cause = cause;
- }
-
- /**
- * Constructs a new <code>URIReferenceException</code> with the
- * specified detail message, cause and <code>URIReference</code>.
- * <p>Note that the detail message associated with
- * <code>cause</code> is <i>not</i> automatically incorporated in
- * this exception's detail message.
- *
- * @param message the detail message
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- * @param uriReference the <code>URIReference</code> that was being
- * dereferenced when the error was encountered
- * @throws NullPointerException if <code>uriReference</code> is
- * <code>null</code>
- */
- public URIReferenceException(String message, Throwable cause,
- URIReference uriReference) {
- this(message, cause);
- if (uriReference == null) {
- throw new NullPointerException("uriReference cannot be null");
- }
- this.uriReference = uriReference;
- }
-
- /**
- * Constructs a new <code>URIReferenceException</code> with the specified
- * cause and a detail message of <code>(cause==null ? null :
- * cause.toString())</code> (which typically contains the class and detail
- * message of <code>cause</code>).
- *
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public URIReferenceException(Throwable cause) {
- super(cause == null ? null : cause.toString());
- this.cause = cause;
- }
-
- /**
- * Returns the <code>URIReference</code> that was being dereferenced
- * when the exception was thrown.
- *
- * @return the <code>URIReference</code> that was being dereferenced
- * when the exception was thrown, or <code>null</code> if not specified
- */
- public URIReference getURIReference() {
- return uriReference;
- }
-
- /**
- * Returns the cause of this <code>URIReferenceException</code> or
- * <code>null</code> if the cause is nonexistent or unknown. (The
- * cause is the throwable that caused this
- * <code>URIReferenceException</code> to get thrown.)
- *
- * @return the cause of this <code>URIReferenceException</code> or
- * <code>null</code> if the cause is nonexistent or unknown.
- */
- public Throwable getCause() {
- return cause;
- }
-
- /**
- * Prints this <code>URIReferenceException</code>, its backtrace and
- * the cause's backtrace to the standard error stream.
- */
- public void printStackTrace() {
- super.printStackTrace();
- cause.printStackTrace();
- }
-
- /**
- * Prints this <code>URIReferenceException</code>, its backtrace and
- * the cause's backtrace to the specified print stream.
- *
- * @param s <code>PrintStream</code> to use for output
- */
- public void printStackTrace(PrintStream s) {
- super.printStackTrace(s);
- cause.printStackTrace(s);
- }
-
- /**
- * Prints this <code>URIReferenceException</code>, its backtrace and
- * the cause's backtrace to the specified print writer.
- *
- * @param s <code>PrintWriter</code> to use for output
- */
- public void printStackTrace(PrintWriter s) {
- super.printStackTrace(s);
- cause.printStackTrace(s);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XMLCryptoContext.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-/**
- * Contains common context information for XML cryptographic operations.
- *
- * <p>This interface contains methods for setting and retrieving properties
- * that affect the processing of XML signatures or XML encrypted structures.
- *
- * <p>Note that <code>XMLCryptoContext</code> instances can contain information
- * and state specific to the XML cryptographic structure it is used with.
- * The results are unpredictable if an <code>XMLCryptoContext</code> is
- * used with multiple structures (for example, you should not use the same
- * {@link javax.xml.crypto.dsig.XMLValidateContext} instance to validate two
- * different {@link javax.xml.crypto.dsig.XMLSignature} objects).
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public interface XMLCryptoContext {
-
- /**
- * Returns the base URI.
- *
- * @return the base URI, or <code>null</code> if not specified
- * @see #setBaseURI(String)
- */
- String getBaseURI();
-
- /**
- * Sets the base URI.
- *
- * @param baseURI the base URI, or <code>null</code> to remove current
- * value
- * @throws IllegalArgumentException if <code>baseURI</code> is not RFC
- * 2396 compliant
- * @see #getBaseURI
- */
- void setBaseURI(String baseURI);
-
- /**
- * Returns the key selector for finding a key.
- *
- * @return the key selector, or <code>null</code> if not specified
- * @see #setKeySelector(KeySelector)
- */
- KeySelector getKeySelector();
-
- /**
- * Sets the key selector for finding a key.
- *
- * @param ks the key selector, or <code>null</code> to remove the current
- * setting
- * @see #getKeySelector
- */
- void setKeySelector(KeySelector ks);
-
- /**
- * Returns a <code>URIDereferencer</code> that is used to dereference
- * {@link URIReference}s.
- *
- * @return the <code>URIDereferencer</code>, or <code>null</code> if not
- * specified
- * @see #setURIDereferencer(URIDereferencer)
- */
- URIDereferencer getURIDereferencer();
-
- /**
- * Sets a <code>URIDereferencer</code> that is used to dereference
- * {@link URIReference}s. The specified <code>URIDereferencer</code>
- * is used in place of an implementation's default
- * <code>URIDereferencer</code>.
- *
- * @param dereferencer the <code>URIDereferencer</code>, or
- * <code>null</code> to remove any current setting
- * @see #getURIDereferencer
- */
- void setURIDereferencer(URIDereferencer dereferencer);
-
- /**
- * Returns the namespace prefix that the specified namespace URI is
- * associated with. Returns the specified default prefix if the specified
- * namespace URI has not been bound to a prefix. To bind a namespace URI
- * to a prefix, call the {@link #putNamespacePrefix putNamespacePrefix}
- * method.
- *
- * @param namespaceURI a namespace URI
- * @param defaultPrefix the prefix to be returned in the event that the
- * the specified namespace URI has not been bound to a prefix.
- * @return the prefix that is associated with the specified namespace URI,
- * or <code>defaultPrefix</code> if the URI is not registered. If
- * the namespace URI is registered but has no prefix, an empty string
- * (<code>""</code>) is returned.
- * @throws NullPointerException if <code>namespaceURI</code> is
- * <code>null</code>
- * @see #putNamespacePrefix(String, String)
- */
- String getNamespacePrefix(String namespaceURI, String defaultPrefix);
-
- /**
- * Maps the specified namespace URI to the specified prefix. If there is
- * already a prefix associated with the specified namespace URI, the old
- * prefix is replaced by the specified prefix.
- *
- * @param namespaceURI a namespace URI
- * @param prefix a namespace prefix (or <code>null</code> to remove any
- * existing mapping). Specifying the empty string (<code>""</code>)
- * binds no prefix to the namespace URI.
- * @return the previous prefix associated with the specified namespace
- * URI, or <code>null</code> if there was none
- * @throws NullPointerException if <code>namespaceURI</code> is
- * <code>null</code>
- * @see #getNamespacePrefix(String, String)
- */
- String putNamespacePrefix(String namespaceURI, String prefix);
-
- /**
- * Returns the default namespace prefix. The default namespace prefix
- * is the prefix for all namespace URIs not explicitly set by the
- * {@link #putNamespacePrefix putNamespacePrefix} method.
- *
- * @return the default namespace prefix, or <code>null</code> if none has
- * been set.
- * @see #setDefaultNamespacePrefix(String)
- */
- String getDefaultNamespacePrefix();
-
- /**
- * Sets the default namespace prefix. This sets the namespace prefix for
- * all namespace URIs not explicitly set by the {@link #putNamespacePrefix
- * putNamespacePrefix} method.
- *
- * @param defaultPrefix the default namespace prefix, or <code>null</code>
- * to remove the current setting. Specify the empty string
- * (<code>""</code>) to bind no prefix.
- * @see #getDefaultNamespacePrefix
- */
- void setDefaultNamespacePrefix(String defaultPrefix);
-
- /**
- * Sets the specified property.
- *
- * @param name the name of the property
- * @param value the value of the property to be set
- * @return the previous value of the specified property, or
- * <code>null</code> if it did not have a value
- * @throws NullPointerException if <code>name</code> is <code>null</code>
- * @see #getProperty(String)
- */
- Object setProperty(String name, Object value);
-
- /**
- * Returns the value of the specified property.
- *
- * @param name the name of the property
- * @return the current value of the specified property, or
- * <code>null</code> if it does not have a value
- * @throws NullPointerException if <code>name</code> is <code>null</code>
- * @see #setProperty(String, Object)
- */
- Object getProperty(String name);
-
- /**
- * Returns the value to which this context maps the specified key.
- *
- * <p>More formally, if this context contains a mapping from a key
- * <code>k</code> to a value <code>v</code> such that
- * <code>(key==null ? k==null : key.equals(k))</code>, then this method
- * returns <code>v</code>; otherwise it returns <code>null</code>. (There
- * can be at most one such mapping.)
- *
- * <p>This method is useful for retrieving arbitrary information that is
- * specific to the cryptographic operation that this context is used for.
- *
- * @param key the key whose associated value is to be returned
- * @return the value to which this context maps the specified key, or
- * <code>null</code> if there is no mapping for the key
- * @see #put(Object, Object)
- */
- Object get(Object key);
-
- /**
- * Associates the specified value with the specified key in this context.
- * If the context previously contained a mapping for this key, the old
- * value is replaced by the specified value.
- *
- * <p>This method is useful for storing arbitrary information that is
- * specific to the cryptographic operation that this context is used for.
- *
- * @param key key with which the specified value is to be associated with
- * @param value value to be associated with the specified key
- * @return the previous value associated with the key, or <code>null</code>
- * if there was no mapping for the key
- * @throws IllegalArgumentException if some aspect of this key or value
- * prevents it from being stored in this context
- * @see #get(Object)
- */
- Object put(Object key, Object value);
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XMLStructure.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto;
-
-/**
- * A representation of an XML structure from any namespace. The purpose of
- * this interface is to group (and provide type safety for) all
- * representations of XML structures.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public interface XMLStructure {
-
- /**
- * Indicates whether a specified feature is supported.
- *
- * @param feature the feature name (as an absolute URI)
- * @return <code>true</code> if the specified feature is supported,
- * <code>false</code> otherwise
- * @throws NullPointerException if <code>feature</code> is <code>null</code>
- */
- boolean isFeatureSupported(String feature);
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMCryptoContext.java 1203698 2011-11-18 15:29:36Z mullan $
- */
-package javax.xml.crypto.dom;
-
-import javax.xml.crypto.KeySelector;
-import javax.xml.crypto.URIDereferencer;
-import javax.xml.crypto.XMLCryptoContext;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import org.w3c.dom.Element;
-
-/**
- * This class provides a DOM-specific implementation of the
- * {@link XMLCryptoContext} interface. It also includes additional
- * methods that are specific to a DOM-based implementation for registering
- * and retrieving elements that contain attributes of type ID.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public class DOMCryptoContext implements XMLCryptoContext {
-
- private Map<String, String> nsMap = new HashMap<String, String>();
- private Map<String, Element> idMap = new HashMap<String, Element>();
- private Map<Object, Object> objMap = new HashMap<Object, Object>();
- private Map<String, Object> propMap = new HashMap<String, Object>();
- private String baseURI;
- private KeySelector ks;
- private URIDereferencer dereferencer;
- private String defaultPrefix;
-
- /**
- * Default constructor. (For invocation by subclass constructors).
- */
- protected DOMCryptoContext() {}
-
- /**
- * This implementation uses an internal {@link HashMap} to get the prefix
- * that the specified URI maps to. It returns the <code>defaultPrefix</code>
- * if it maps to <code>null</code>.
- *
- * @throws NullPointerException {@inheritDoc}
- */
- public String getNamespacePrefix(String namespaceURI,
- String defaultPrefix) {
- if (namespaceURI == null) {
- throw new NullPointerException("namespaceURI cannot be null");
- }
- String prefix = nsMap.get(namespaceURI);
- return (prefix != null ? prefix : defaultPrefix);
- }
-
- /**
- * This implementation uses an internal {@link HashMap} to map the URI
- * to the specified prefix.
- *
- * @throws NullPointerException {@inheritDoc}
- */
- public String putNamespacePrefix(String namespaceURI, String prefix) {
- if (namespaceURI == null) {
- throw new NullPointerException("namespaceURI is null");
- }
- return nsMap.put(namespaceURI, prefix);
- }
-
- public String getDefaultNamespacePrefix() {
- return defaultPrefix;
- }
-
- public void setDefaultNamespacePrefix(String defaultPrefix) {
- this.defaultPrefix = defaultPrefix;
- }
-
- public String getBaseURI() {
- return baseURI;
- }
-
- /**
- * @throws IllegalArgumentException {@inheritDoc}
- */
- public void setBaseURI(String baseURI) {
- if (baseURI != null) {
- java.net.URI.create(baseURI);
- }
- this.baseURI = baseURI;
- }
-
- public URIDereferencer getURIDereferencer() {
- return dereferencer;
- }
-
- public void setURIDereferencer(URIDereferencer dereferencer) {
- this.dereferencer = dereferencer;
- }
-
- /**
- * This implementation uses an internal {@link HashMap} to get the object
- * that the specified name maps to.
- *
- * @throws NullPointerException {@inheritDoc}
- */
- public Object getProperty(String name) {
- if (name == null) {
- throw new NullPointerException("name is null");
- }
- return propMap.get(name);
- }
-
- /**
- * This implementation uses an internal {@link HashMap} to map the name
- * to the specified object.
- *
- * @throws NullPointerException {@inheritDoc}
- */
- public Object setProperty(String name, Object value) {
- if (name == null) {
- throw new NullPointerException("name is null");
- }
- return propMap.put(name, value);
- }
-
- public KeySelector getKeySelector() {
- return ks;
- }
-
- public void setKeySelector(KeySelector ks) {
- this.ks = ks;
- }
-
- /**
- * Returns the <code>Element</code> with the specified ID attribute value.
- *
- * <p>This implementation uses an internal {@link HashMap} to get the
- * element that the specified attribute value maps to.
- *
- * @param idValue the value of the ID
- * @return the <code>Element</code> with the specified ID attribute value,
- * or <code>null</code> if none.
- * @throws NullPointerException if <code>idValue</code> is <code>null</code>
- * @see #setIdAttributeNS
- */
- public Element getElementById(String idValue) {
- if (idValue == null) {
- throw new NullPointerException("idValue is null");
- }
- return idMap.get(idValue);
- }
-
- /**
- * Registers the element's attribute specified by the namespace URI and
- * local name to be of type ID. The attribute must have a non-empty value.
- *
- * <p>This implementation uses an internal {@link HashMap} to map the
- * attribute's value to the specified element.
- *
- * @param element the element
- * @param namespaceURI the namespace URI of the attribute (specify
- * <code>null</code> if not applicable)
- * @param localName the local name of the attribute
- * @throws IllegalArgumentException if <code>localName</code> is not an
- * attribute of the specified element or it does not contain a specific
- * value
- * @throws NullPointerException if <code>element</code> or
- * <code>localName</code> is <code>null</code>
- * @see #getElementById
- */
- public void setIdAttributeNS(Element element, String namespaceURI,
- String localName) {
- if (element == null) {
- throw new NullPointerException("element is null");
- }
- if (localName == null) {
- throw new NullPointerException("localName is null");
- }
- String idValue = element.getAttributeNS(namespaceURI, localName);
- if (idValue == null || idValue.length() == 0) {
- throw new IllegalArgumentException(localName + " is not an " +
- "attribute");
- }
- idMap.put(idValue, element);
- }
-
- /**
- * Returns a read-only iterator over the set of Id/Element mappings of
- * this <code>DOMCryptoContext</code>. Attempts to modify the set via the
- * {@link Iterator#remove} method throw an
- * <code>UnsupportedOperationException</code>. The mappings are returned
- * in no particular order. Each element in the iteration is represented as a
- * {@link java.util.Map.Entry}. If the <code>DOMCryptoContext</code> is
- * modified while an iteration is in progress, the results of the
- * iteration are undefined.
- *
- * @return a read-only iterator over the set of mappings
- */
- public Iterator iterator() {
- return Collections.unmodifiableMap(idMap).entrySet().iterator();
- }
-
- /**
- * This implementation uses an internal {@link HashMap} to get the object
- * that the specified key maps to.
- */
- public Object get(Object key) {
- return objMap.get(key);
- }
-
- /**
- * This implementation uses an internal {@link HashMap} to map the key
- * to the specified object.
- *
- * @throws IllegalArgumentException {@inheritDoc}
- */
- public Object put(Object key, Object value) {
- return objMap.put(key, value);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMStructure.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dom;
-
-import org.w3c.dom.Node;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dsig.XMLSignature;
-
-/**
- * A DOM-specific {@link XMLStructure}. The purpose of this class is to
- * allow a DOM node to be used to represent extensible content (any elements
- * or mixed content) in XML Signature structures.
- *
- * <p>If a sequence of nodes is needed, the node contained in the
- * <code>DOMStructure</code> is the first node of the sequence and successive
- * nodes can be accessed by invoking {@link Node#getNextSibling}.
- *
- * <p>If the owner document of the <code>DOMStructure</code> is different than
- * the target document of an <code>XMLSignature</code>, the
- * {@link XMLSignature#sign(XMLSignContext)} method imports the node into the
- * target document before generating the signature.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public class DOMStructure implements XMLStructure {
-
- private final Node node;
-
- /**
- * Creates a <code>DOMStructure</code> containing the specified node.
- *
- * @param node the node
- * @throws NullPointerException if <code>node</code> is <code>null</code>
- */
- public DOMStructure(Node node) {
- if (node == null) {
- throw new NullPointerException("node cannot be null");
- }
- this.node = node;
- }
-
- /**
- * Returns the node contained in this <code>DOMStructure</code>.
- *
- * @return the node
- */
- public Node getNode() {
- return node;
- }
-
- /**
- * @throws NullPointerException {@inheritDoc}
- */
- public boolean isFeatureSupported(String feature) {
- if (feature == null) {
- throw new NullPointerException();
- } else {
- return false;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMURIReference.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dom;
-
-import javax.xml.crypto.URIReference;
-import org.w3c.dom.Node;
-
-/**
- * A DOM-specific {@link URIReference}. The purpose of this class is to
- * provide additional context necessary for resolving XPointer URIs or
- * same-document references.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public interface DOMURIReference extends URIReference {
-
- /**
- * Returns the here node.
- *
- * @return the attribute or processing instruction node or the
- * parent element of the text node that directly contains the URI
- */
- Node getHere();
-}
+++ /dev/null
-<html>
-<head>
-<!--
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
--->
-<!--
- Copyright 2005 Sun Microsystems, Inc. All rights reserved.
--->
-</head>
-<body>
-DOM-specific classes for the {@link javax.xml.crypto} package.
-Only users who are using a DOM-based XML cryptographic implementations (ex:
-{@link javax.xml.crypto.dsig.XMLSignatureFactory XMLSignatureFactory} or
-{@link javax.xml.crypto.dsig.keyinfo.KeyInfoFactory})
-should need to make direct use of this package.
-
-<h2>Package Specification</h2>
-
-<ul>
-<li>
-<a href="http://www.w3.org/TR/xmldsig-core/">
-XML-Signature Syntax and Processing: W3C Recommendation</a>
-<li>
-<a href="http://www.ietf.org/rfc/rfc3275.txt">
-RFC 3275: XML-Signature Syntax and Processing</a>
-</ul>
-
-</body>
-</html>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: CanonicalizationMethod.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import java.security.spec.AlgorithmParameterSpec;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-
-/**
- * A representation of the XML <code>CanonicalizationMethod</code>
- * element as defined in the
- * <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>. The XML
- * Schema Definition is defined as:
- * <p>
- * <pre>
- * <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
- * <complexType name="CanonicalizationMethodType" mixed="true">
- * <sequence>
- * <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
- * <!-- (0,unbounded) elements from (1,1) namespace -->
- * </sequence>
- * <attribute name="Algorithm" type="anyURI" use="required"/>
- * </complexType>
- * </pre>
- *
- * A <code>CanonicalizationMethod</code> instance may be created by invoking
- * the {@link XMLSignatureFactory#newCanonicalizationMethod
- * newCanonicalizationMethod} method of the {@link XMLSignatureFactory} class.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newCanonicalizationMethod(String, C14NMethodParameterSpec)
- */
-public interface CanonicalizationMethod extends Transform {
-
- /**
- * The <a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">Canonical
- * XML (without comments)</a> canonicalization method algorithm URI.
- */
- String INCLUSIVE =
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
-
- /**
- * The
- * <a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments">
- * Canonical XML with comments</a> canonicalization method algorithm URI.
- */
- String INCLUSIVE_WITH_COMMENTS =
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
-
- /**
- * The <a href="http://www.w3.org/2001/10/xml-exc-c14n#">Exclusive
- * Canonical XML (without comments)</a> canonicalization method algorithm
- * URI.
- */
- String EXCLUSIVE =
- "http://www.w3.org/2001/10/xml-exc-c14n#";
-
- /**
- * The <a href="http://www.w3.org/2001/10/xml-exc-c14n#WithComments">
- * Exclusive Canonical XML with comments</a> canonicalization method
- * algorithm URI.
- */
- String EXCLUSIVE_WITH_COMMENTS =
- "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
-
- /**
- * Returns the algorithm-specific input parameters associated with this
- * <code>CanonicalizationMethod</code>.
- *
- * <p>The returned parameters can be typecast to a
- * {@link C14NMethodParameterSpec} object.
- *
- * @return the algorithm-specific input parameters (may be
- * <code>null</code> if not specified)
- */
- AlgorithmParameterSpec getParameterSpec();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DigestMethod.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.AlgorithmMethod;
-import javax.xml.crypto.XMLStructure;
-import java.security.spec.AlgorithmParameterSpec;
-
-/**
- * A representation of the XML <code>DigestMethod</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML Schema Definition is defined as:
- * <p>
- * <pre>
- * <element name="DigestMethod" type="ds:DigestMethodType"/>
- * <complexType name="DigestMethodType" mixed="true">
- * <sequence>
- * <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
- * <!-- (0,unbounded) elements from (1,1) namespace -->
- * </sequence>
- * <attribute name="Algorithm" type="anyURI" use="required"/>
- * </complexType>
- * </pre>
- *
- * A <code>DigestMethod</code> instance may be created by invoking the
- * {@link XMLSignatureFactory#newDigestMethod newDigestMethod} method
- * of the {@link XMLSignatureFactory} class.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newDigestMethod(String, DigestMethodParameterSpec)
- */
-public interface DigestMethod extends XMLStructure, AlgorithmMethod {
-
- /**
- * The <a href="http://www.w3.org/2000/09/xmldsig#sha1">
- * SHA1</a> digest method algorithm URI.
- */
- String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
-
- /**
- * The <a href="http://www.w3.org/2001/04/xmlenc#sha256">
- * SHA256</a> digest method algorithm URI.
- */
- String SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
-
- /**
- * The <a href="http://www.w3.org/2001/04/xmlenc#sha512">
- * SHA512</a> digest method algorithm URI.
- */
- String SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
-
- /**
- * The <a href="http://www.w3.org/2001/04/xmlenc#ripemd160">
- * RIPEMD-160</a> digest method algorithm URI.
- */
- String RIPEMD160 = "http://www.w3.org/2001/04/xmlenc#ripemd160";
-
- /**
- * Returns the algorithm-specific input parameters associated with this
- * <code>DigestMethod</code>.
- *
- * <p>The returned parameters can be typecast to a {@link
- * javax.xml.crypto.dsig.spec.DigestMethodParameterSpec} object.
- *
- * @return the algorithm-specific parameters (may be <code>null</code> if
- * not specified)
- */
- AlgorithmParameterSpec getParameterSpec();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: Manifest.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.XMLStructure;
-import java.util.List;
-
-/**
- * A representation of the XML <code>Manifest</code> element as defined in
- * the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML Schema Definition is defined as:
- * <pre><code>
- * <element name="Manifest" type="ds:ManifestType"/>
- * <complexType name="ManifestType">
- * <sequence>
- * <element ref="ds:Reference" maxOccurs="unbounded"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
- * </complexType>
- * </code></pre>
- *
- * A <code>Manifest</code> instance may be created by invoking
- * one of the {@link XMLSignatureFactory#newManifest newManifest}
- * methods of the {@link XMLSignatureFactory} class; for example:
- *
- * <pre>
- * XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
- * List references = Collections.singletonList(factory.newReference
- * ("#reference-1", DigestMethod.SHA1));
- * Manifest manifest = factory.newManifest(references, "manifest-1");
- * </pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newManifest(List)
- * @see XMLSignatureFactory#newManifest(List, String)
- */
-public interface Manifest extends XMLStructure {
-
- /**
- * URI that identifies the <code>Manifest</code> element (this can be
- * specified as the value of the <code>type</code> parameter of the
- * {@link Reference} class to identify the referent's type).
- */
- String TYPE = "http://www.w3.org/2000/09/xmldsig#Manifest";
-
- /**
- * Returns the Id of this <code>Manifest</code>.
- *
- * @return the Id of this <code>Manifest</code> (or <code>null</code>
- * if not specified)
- */
- String getId();
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} of one or more {@link Reference}s that are contained in this
- * <code>Manifest</code>.
- *
- * @return an unmodifiable list of one or more <code>Reference</code>s
- */
- List getReferences();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: Reference.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.Data;
-import javax.xml.crypto.URIReference;
-import javax.xml.crypto.XMLStructure;
-import java.io.InputStream;
-import java.util.List;
-
-/**
- * A representation of the <code>Reference</code> element as defined in the
- * <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML schema is defined as:
- * <code><pre>
- * <element name="Reference" type="ds:ReferenceType"/>
- * <complexType name="ReferenceType">
- * <sequence>
- * <element ref="ds:Transforms" minOccurs="0"/>
- * <element ref="ds:DigestMethod"/>
- * <element ref="ds:DigestValue"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
- * <attribute name="URI" type="anyURI" use="optional"/>
- * <attribute name="Type" type="anyURI" use="optional"/>
- * </complexType>
- *
- * <element name="DigestValue" type="ds:DigestValueType"/>
- * <simpleType name="DigestValueType">
- * <restriction base="base64Binary"/>
- * </simpleType>
- * </pre></code>
- *
- * <p>A <code>Reference</code> instance may be created by invoking one of the
- * {@link XMLSignatureFactory#newReference newReference} methods of the
- * {@link XMLSignatureFactory} class; for example:
- *
- * <pre>
- * XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
- * Reference ref = factory.newReference
- * ("http://www.ietf.org/rfc/rfc3275.txt",
- * factory.newDigestMethod(DigestMethod.SHA1, null));
- * </pre>
- *
- * @author Sean Mullan
- * @author Erwin van der Koogh
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newReference(String, DigestMethod)
- * @see XMLSignatureFactory#newReference(String, DigestMethod, List, String, String)
- */
-public interface Reference extends URIReference, XMLStructure {
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} of {@link Transform}s that are contained in this
- * <code>Reference</code>.
- *
- * @return an unmodifiable list of <code>Transform</code>s
- * (may be empty but never <code>null</code>)
- */
- List getTransforms();
-
- /**
- * Returns the digest method of this <code>Reference</code>.
- *
- * @return the digest method
- */
- DigestMethod getDigestMethod();
-
- /**
- * Returns the optional <code>Id</code> attribute of this
- * <code>Reference</code>, which permits this reference to be
- * referenced from elsewhere.
- *
- * @return the <code>Id</code> attribute (may be <code>null</code> if not
- * specified)
- */
- String getId();
-
- /**
- * Returns the digest value of this <code>Reference</code>.
- *
- * @return the raw digest value, or <code>null</code> if this reference has
- * not been digested yet. Each invocation of this method returns a new
- * clone to protect against subsequent modification.
- */
- byte[] getDigestValue();
-
- /**
- * Returns the calculated digest value of this <code>Reference</code>
- * after a validation operation. This method is useful for debugging if
- * the reference fails to validate.
- *
- * @return the calculated digest value, or <code>null</code> if this
- * reference has not been validated yet. Each invocation of this method
- * returns a new clone to protect against subsequent modification.
- */
- byte[] getCalculatedDigestValue();
-
- /**
- * Validates this reference. This method verifies the digest of this
- * reference.
- *
- * <p>This method only validates the reference the first time it is
- * invoked. On subsequent invocations, it returns a cached result.
- *
- * @return <code>true</code> if this reference was validated successfully;
- * <code>false</code> otherwise
- * @param validateContext the validating context
- * @throws NullPointerException if <code>validateContext</code> is
- * <code>null</code>
- * @throws XMLSignatureException if an unexpected exception occurs while
- * validating the reference
- */
- boolean validate(XMLValidateContext validateContext)
- throws XMLSignatureException;
-
- /**
- * Returns the dereferenced data, if
- * <a href="XMLSignContext.html#Supported Properties">reference caching</a>
- * is enabled. This is the result of dereferencing the URI of this
- * reference during a validation or generation operation.
- *
- * @return the dereferenced data, or <code>null</code> if reference
- * caching is not enabled or this reference has not been generated or
- * validated
- */
- Data getDereferencedData();
-
- /**
- * Returns the pre-digested input stream, if
- * <a href="XMLSignContext.html#Supported Properties">reference caching</a>
- * is enabled. This is the input to the digest operation during a
- * validation or signing operation.
- *
- * @return an input stream containing the pre-digested input, or
- * <code>null</code> if reference caching is not enabled or this
- * reference has not been generated or validated
- */
- InputStream getDigestInputStream();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: SignatureMethod.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.AlgorithmMethod;
-import javax.xml.crypto.XMLStructure;
-import java.security.spec.AlgorithmParameterSpec;
-
-/**
- * A representation of the XML <code>SignatureMethod</code> element
- * as defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML Schema Definition is defined as:
- * <p>
- * <pre>
- * <element name="SignatureMethod" type="ds:SignatureMethodType"/>
- * <complexType name="SignatureMethodType" mixed="true">
- * <sequence>
- * <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
- * <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
- * <!-- (0,unbounded) elements from (1,1) namespace -->
- * </sequence>
- * <attribute name="Algorithm" type="anyURI" use="required"/>
- * </complexType>
- * </pre>
- *
- * A <code>SignatureMethod</code> instance may be created by invoking the
- * {@link XMLSignatureFactory#newSignatureMethod newSignatureMethod} method
- * of the {@link XMLSignatureFactory} class.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newSignatureMethod(String, SignatureMethodParameterSpec)
- */
-public interface SignatureMethod extends XMLStructure, AlgorithmMethod {
-
- /**
- * The <a href="http://www.w3.org/2000/09/xmldsig#dsa-sha1">DSAwithSHA1</a>
- * (DSS) signature method algorithm URI.
- */
- String DSA_SHA1 =
- "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
-
- /**
- * The <a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">RSAwithSHA1</a>
- * (PKCS #1) signature method algorithm URI.
- */
- String RSA_SHA1 =
- "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
-
- /**
- * The <a href="http://www.w3.org/2000/09/xmldsig#hmac-sha1">HMAC-SHA1</a>
- * MAC signature method algorithm URI
- */
- String HMAC_SHA1 =
- "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
-
- /**
- * Returns the algorithm-specific input parameters of this
- * <code>SignatureMethod</code>.
- *
- * <p>The returned parameters can be typecast to a {@link
- * javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec} object.
- *
- * @return the algorithm-specific input parameters of this
- * <code>SignatureMethod</code> (may be <code>null</code> if not
- * specified)
- */
- AlgorithmParameterSpec getParameterSpec();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: SignatureProperties.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.XMLStructure;
-import java.util.List;
-
-/**
- * A representation of the XML <code>SignatureProperties</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML Schema Definition is defined as:
- * <pre><code>
- *<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
- * <complexType name="SignaturePropertiesType">
- * <sequence>
- * <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
- * </complexType>
- * </code></pre>
- *
- * A <code>SignatureProperties</code> instance may be created by invoking the
- * {@link XMLSignatureFactory#newSignatureProperties newSignatureProperties}
- * method of the {@link XMLSignatureFactory} class; for example:
- *
- * <pre>
- * XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
- * SignatureProperties properties =
- * factory.newSignatureProperties(props, "signature-properties-1");
- * </pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newSignatureProperties(List, String)
- * @see SignatureProperty
- */
-public interface SignatureProperties extends XMLStructure {
-
- /**
- * URI that identifies the <code>SignatureProperties</code> element (this
- * can be specified as the value of the <code>type</code> parameter of the
- * {@link Reference} class to identify the referent's type).
- */
- String TYPE =
- "http://www.w3.org/2000/09/xmldsig#SignatureProperties";
-
- /**
- * Returns the Id of this <code>SignatureProperties</code>.
- *
- * @return the Id of this <code>SignatureProperties</code> (or
- * <code>null</code> if not specified)
- */
- String getId();
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} of one or more {@link SignatureProperty}s that are contained in
- * this <code>SignatureProperties</code>.
- *
- * @return an unmodifiable list of one or more
- * <code>SignatureProperty</code>s
- */
- List getProperties();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: SignatureProperty.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.XMLStructure;
-import java.util.List;
-
-/**
- * A representation of the XML <code>SignatureProperty</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML Schema Definition is defined as:
- * <pre><code>
- *<element name="SignatureProperty" type="ds:SignaturePropertyType"/>
- * <complexType name="SignaturePropertyType" mixed="true">
- * <choice maxOccurs="unbounded">
- * <any namespace="##other" processContents="lax"/>
- * <!-- (1,1) elements from (1, unbounded) namespaces -->
- * </choice>
- * <attribute name="Target" type="anyURI" use="required"/>
- * <attribute name="Id" type="ID" use="optional"/>
- * </complexType>
- * </code></pre>
- *
- * A <code>SignatureProperty</code> instance may be created by invoking the
- * {@link XMLSignatureFactory#newSignatureProperty newSignatureProperty}
- * method of the {@link XMLSignatureFactory} class; for example:
- *
- * <pre>
- * XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
- * SignatureProperty property = factory.newSignatureProperty
- * (Collections.singletonList(content), "#Signature-1", "TimeStamp");
- * </pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newSignatureProperty(List, String, String)
- * @see SignatureProperties
- */
-public interface SignatureProperty extends XMLStructure {
-
- /**
- * Returns the target URI of this <code>SignatureProperty</code>.
- *
- * @return the target URI of this <code>SignatureProperty</code> (never
- * <code>null</code>)
- */
- String getTarget();
-
- /**
- * Returns the Id of this <code>SignatureProperty</code>.
- *
- * @return the Id of this <code>SignatureProperty</code> (or
- * <code>null</code> if not specified)
- */
- String getId();
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} of one or more {@link XMLStructure}s that are contained in
- * this <code>SignatureProperty</code>. These represent additional
- * information items concerning the generation of the {@link XMLSignature}
- * (i.e. date/time stamp or serial numbers of cryptographic hardware used
- * in signature generation).
- *
- * @return an unmodifiable list of one or more <code>XMLStructure</code>s
- */
- List getContent();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: SignedInfo.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.XMLStructure;
-import java.io.InputStream;
-import java.util.List;
-
-/**
- * An representation of the XML <code>SignedInfo</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML Schema Definition is defined as:
- * <pre><code>
- * <element name="SignedInfo" type="ds:SignedInfoType"/>
- * <complexType name="SignedInfoType">
- * <sequence>
- * <element ref="ds:CanonicalizationMethod"/>
- * <element ref="ds:SignatureMethod"/>
- * <element ref="ds:Reference" maxOccurs="unbounded"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
- * </complexType>
- * </code></pre>
- *
- * A <code>SignedInfo</code> instance may be created by invoking one of the
- * {@link XMLSignatureFactory#newSignedInfo newSignedInfo} methods of the
- * {@link XMLSignatureFactory} class.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newSignedInfo(CanonicalizationMethod, SignatureMethod, List)
- * @see XMLSignatureFactory#newSignedInfo(CanonicalizationMethod, SignatureMethod, List, String)
- */
-public interface SignedInfo extends XMLStructure {
-
- /**
- * Returns the canonicalization method of this <code>SignedInfo</code>.
- *
- * @return the canonicalization method
- */
- CanonicalizationMethod getCanonicalizationMethod();
-
- /**
- * Returns the signature method of this <code>SignedInfo</code>.
- *
- * @return the signature method
- */
- SignatureMethod getSignatureMethod();
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList
- * unmodifiable list} of one or more {@link Reference}s.
- *
- * @return an unmodifiable list of one or more {@link Reference}s
- */
- List getReferences();
-
- /**
- * Returns the optional <code>Id</code> attribute of this
- * <code>SignedInfo</code>.
- *
- * @return the id (may be <code>null</code> if not specified)
- */
- String getId();
-
- /**
- * Returns the canonicalized signed info bytes after a signing or
- * validation operation. This method is useful for debugging.
- *
- * @return an <code>InputStream</code> containing the canonicalized bytes,
- * or <code>null</code> if this <code>SignedInfo</code> has not been
- * signed or validated yet
- */
- InputStream getCanonicalizedData();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: Transform.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import java.io.OutputStream;
-import java.security.spec.AlgorithmParameterSpec;
-import javax.xml.crypto.AlgorithmMethod;
-import javax.xml.crypto.Data;
-import javax.xml.crypto.XMLCryptoContext;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-/**
- * A representation of the XML <code>Transform</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML Schema Definition is defined as:
- *
- * <pre>
- * <element name="Transform" type="ds:TransformType"/>
- * <complexType name="TransformType" mixed="true">
- * <choice minOccurs="0" maxOccurs="unbounded">
- * <any namespace="##other" processContents="lax"/>
- * <!-- (1,1) elements from (0,unbounded) namespaces -->
- * <element name="XPath" type="string"/>
- * </choice>
- * <attribute name="Algorithm" type="anyURI" use="required"/>
- * </complexType>
- * </pre>
- *
- * A <code>Transform</code> instance may be created by invoking the
- * {@link XMLSignatureFactory#newTransform newTransform} method
- * of the {@link XMLSignatureFactory} class.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#newTransform(String, TransformParameterSpec)
- */
-public interface Transform extends XMLStructure, AlgorithmMethod {
-
- /**
- * The <a href="http://www.w3.org/2000/09/xmldsig#base64">Base64</a>
- * transform algorithm URI.
- */
- String BASE64 = "http://www.w3.org/2000/09/xmldsig#base64";
-
- /**
- * The <a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">
- * Enveloped Signature</a> transform algorithm URI.
- */
- String ENVELOPED =
- "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
-
- /**
- * The <a href="http://www.w3.org/TR/1999/REC-xpath-19991116">XPath</a>
- * transform algorithm URI.
- */
- String XPATH = "http://www.w3.org/TR/1999/REC-xpath-19991116";
-
- /**
- * The <a href="http://www.w3.org/2002/06/xmldsig-filter2">
- * XPath Filter 2</a> transform algorithm URI.
- */
- String XPATH2 = "http://www.w3.org/2002/06/xmldsig-filter2";
-
- /**
- * The <a href="http://www.w3.org/TR/1999/REC-xslt-19991116">XSLT</a>
- * transform algorithm URI.
- */
- String XSLT = "http://www.w3.org/TR/1999/REC-xslt-19991116";
-
- /**
- * Returns the algorithm-specific input parameters associated with this
- * <code>Transform</code>.
- * <p>
- * The returned parameters can be typecast to a
- * {@link TransformParameterSpec} object.
- *
- * @return the algorithm-specific input parameters (may be <code>null</code>
- * if not specified)
- */
- AlgorithmParameterSpec getParameterSpec();
-
- /**
- * Transforms the specified data using the underlying transform algorithm.
- *
- * @param data the data to be transformed
- * @param context the <code>XMLCryptoContext</code> containing
- * additional context (may be <code>null</code> if not applicable)
- * @return the transformed data
- * @throws NullPointerException if <code>data</code> is <code>null</code>
- * @throws TransformException if an error occurs while executing the
- * transform
- */
- public abstract Data transform(Data data, XMLCryptoContext context)
- throws TransformException;
-
- /**
- * Transforms the specified data using the underlying transform algorithm.
- * If the output of this transform is an <code>OctetStreamData</code>, then
- * this method returns <code>null</code> and the bytes are written to the
- * specified <code>OutputStream</code>. Otherwise, the
- * <code>OutputStream</code> is ignored and the method behaves as if
- * {@link #transform(Data, XMLCryptoContext)} were invoked.
- *
- * @param data the data to be transformed
- * @param context the <code>XMLCryptoContext</code> containing
- * additional context (may be <code>null</code> if not applicable)
- * @param os the <code>OutputStream</code> that should be used to write
- * the transformed data to
- * @return the transformed data (or <code>null</code> if the data was
- * written to the <code>OutputStream</code> parameter)
- * @throws NullPointerException if <code>data</code> or <code>os</code>
- * is <code>null</code>
- * @throws TransformException if an error occurs while executing the
- * transform
- */
- public abstract Data transform
- (Data data, XMLCryptoContext context, OutputStream os)
- throws TransformException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: TransformException.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-
-/**
- * Indicates an exceptional condition that occured while executing a
- * transform algorithm.
- *
- * <p>A <code>TransformException</code> can contain a cause: another
- * throwable that caused this <code>TransformException</code> to get thrown.
- *
- * @see Transform#transform
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public class TransformException extends Exception {
-
- private static final long serialVersionUID = 5082634801360427800L;
-
- /**
- * The throwable that caused this exception to get thrown, or null if this
- * exception was not caused by another throwable or if the causative
- * throwable is unknown.
- *
- * @serial
- */
- private Throwable cause;
-
- /**
- * Constructs a new <code>TransformException</code> with
- * <code>null</code> as its detail message.
- */
- public TransformException() {
- super();
- }
-
- /**
- * Constructs a new <code>TransformException</code> with the specified
- * detail message.
- *
- * @param message the detail message
- */
- public TransformException(String message) {
- super(message);
- }
-
- /**
- * Constructs a new <code>TransformException</code> with the
- * specified detail message and cause.
- * <p>Note that the detail message associated with
- * <code>cause</code> is <i>not</i> automatically incorporated in
- * this exception's detail message.
- *
- * @param message the detail message
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public TransformException(String message, Throwable cause) {
- super(message);
- this.cause = cause;
- }
-
- /**
- * Constructs a new <code>TransformException</code> with the specified
- * cause and a detail message of
- * <code>(cause==null ? null : cause.toString())</code>
- * (which typically contains the class and detail message of
- * <code>cause</code>).
- *
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public TransformException(Throwable cause) {
- super(cause==null ? null : cause.toString());
- this.cause = cause;
- }
-
- /**
- * Returns the cause of this <code>TransformException</code> or
- * <code>null</code> if the cause is nonexistent or unknown. (The
- * cause is the throwable that caused this
- * <code>TransformException</code> to get thrown.)
- *
- * @return the cause of this <code>TransformException</code> or
- * <code>null</code> if the cause is nonexistent or unknown.
- */
- public Throwable getCause() {
- return cause;
- }
-
- /**
- * Prints this <code>TransformException</code>, its backtrace and
- * the cause's backtrace to the standard error stream.
- */
- public void printStackTrace() {
- super.printStackTrace();
- if (cause != null) {
- cause.printStackTrace();
- }
- }
-
- /**
- * Prints this <code>TransformException</code>, its backtrace and
- * the cause's backtrace to the specified print stream.
- *
- * @param s <code>PrintStream</code> to use for output
- */
- public void printStackTrace(PrintStream s) {
- super.printStackTrace(s);
- if (cause != null) {
- cause.printStackTrace(s);
- }
- }
-
- /**
- * Prints this <code>TransformException</code>, its backtrace and
- * the cause's backtrace to the specified print writer.
- *
- * @param s <code>PrintWriter</code> to use for output
- */
- public void printStackTrace(PrintWriter s) {
- super.printStackTrace(s);
- if (cause != null) {
- cause.printStackTrace(s);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: TransformService.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.Security;
-import java.util.*;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.XMLCryptoContext;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-/**
- * A Service Provider Interface for transform and canonicalization algorithms.
- *
- * <p>Each instance of <code>TransformService</code> supports a specific
- * transform or canonicalization algorithm and XML mechanism type. To create a
- * <code>TransformService</code>, call one of the static
- * {@link #getInstance getInstance} methods, passing in the algorithm URI and
- * XML mechanism type desired, for example:
- *
- * <blockquote><code>
- * TransformService ts = TransformService.getInstance(Transform.XPATH2, "DOM");
- * </code></blockquote>
- *
- * <p><code>TransformService</code> implementations are registered and loaded
- * using the {@link java.security.Provider} mechanism. Each
- * <code>TransformService</code> service provider implementation should include
- * a <code>MechanismType</code> service attribute that identifies the XML
- * mechanism type that it supports. If the attribute is not specified,
- * "DOM" is assumed. For example, a service provider that supports the
- * XPath Filter 2 Transform and DOM mechanism would be specified in the
- * <code>Provider</code> subclass as:
- * <pre>
- * put("TransformService." + Transform.XPATH2,
- * "org.example.XPath2TransformService");
- * put("TransformService." + Transform.XPATH2 + " MechanismType", "DOM");
- * </pre>
- * <code>TransformService</code> implementations that support the DOM
- * mechanism type must abide by the DOM interoperability requirements defined
- * in the
- * <a href="../../../../overview-summary.html#DOM Mechanism Requirements">DOM
- * Mechanism Requirements</a> section of the API overview. See the
- * <a href="../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard mechanism
- * types.
- * <p>
- * Once a <code>TransformService</code> has been created, it can be used
- * to process <code>Transform</code> or <code>CanonicalizationMethod</code>
- * objects. If the <code>Transform</code> or <code>CanonicalizationMethod</code>
- * exists in XML form (for example, when validating an existing
- * <code>XMLSignature</code>), the {@link #init(XMLStructure, XMLCryptoContext)}
- * method must be first called to initialize the transform and provide document
- * context (even if there are no parameters). Alternatively, if the
- * <code>Transform</code> or <code>CanonicalizationMethod</code> is being
- * created from scratch, the {@link #init(TransformParameterSpec)} method
- * is called to initialize the transform with parameters and the
- * {@link #marshalParams marshalParams} method is called to marshal the
- * parameters to XML and provide the transform with document context. Finally,
- * the {@link #transform transform} method is called to perform the
- * transformation.
- * <p>
- * <b>Concurrent Access</b>
- * <p>The static methods of this class are guaranteed to be thread-safe.
- * Multiple threads may concurrently invoke the static methods defined in this
- * class with no ill effects.
- *
- * <p>However, this is not true for the non-static methods defined by this
- * class. Unless otherwise documented by a specific provider, threads that
- * need to access a single <code>TransformService</code> instance
- * concurrently should synchronize amongst themselves and provide the
- * necessary locking. Multiple threads each manipulating a different
- * <code>TransformService</code> instance need not synchronize.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public abstract class TransformService implements Transform {
-
- private String algorithm;
- private String mechanism;
- private Provider provider;
-
- /**
- * Default constructor, for invocation by subclasses.
- */
- protected TransformService() {}
-
- /**
- * Returns a <code>TransformService</code> that supports the specified
- * algorithm URI (ex: {@link Transform#XPATH2}) and mechanism type
- * (ex: DOM).
- *
- * <p>This method uses the standard JCA provider lookup mechanism to
- * locate and instantiate a <code>TransformService</code> implementation
- * of the desired algorithm and <code>MechanismType</code> service
- * attribute. It traverses the list of registered security
- * <code>Provider</code>s, starting with the most preferred
- * <code>Provider</code>. A new <code>TransformService</code> object
- * from the first <code>Provider</code> that supports the specified
- * algorithm and mechanism type is returned.
- *
- * <p> Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @param algorithm the URI of the algorithm
- * @param mechanismType the type of the XML processing mechanism and
- * representation
- * @return a new <code>TransformService</code>
- * @throws NullPointerException if <code>algorithm</code> or
- * <code>mechanismType</code> is <code>null</code>
- * @throws NoSuchAlgorithmException if no <code>Provider</code> supports a
- * <code>TransformService</code> implementation for the specified
- * algorithm and mechanism type
- * @see Provider
- */
- public static TransformService getInstance
- (String algorithm, String mechanismType)
- throws NoSuchAlgorithmException {
- if (mechanismType == null || algorithm == null) {
- throw new NullPointerException();
- }
- return findInstance(algorithm, mechanismType, null);
- }
-
- /**
- * Returns a <code>TransformService</code> that supports the specified
- * algorithm URI (ex: {@link Transform#XPATH2}) and mechanism type
- * (ex: DOM) as supplied by the specified provider. Note that the specified
- * <code>Provider</code> object does not have to be registered in the
- * provider list.
- *
- * @param algorithm the URI of the algorithm
- * @param mechanismType the type of the XML processing mechanism and
- * representation
- * @param provider the <code>Provider</code> object
- * @return a new <code>TransformService</code>
- * @throws NullPointerException if <code>provider</code>,
- * <code>algorithm</code>, or <code>mechanismType</code> is
- * <code>null</code>
- * @throws NoSuchAlgorithmException if a <code>TransformService</code>
- * implementation for the specified algorithm and mechanism type is not
- * available from the specified <code>Provider</code> object
- * @see Provider
- */
- public static TransformService getInstance
- (String algorithm, String mechanismType, Provider provider)
- throws NoSuchAlgorithmException {
- if (mechanismType == null || algorithm == null || provider == null) {
- throw new NullPointerException();
- }
- return findInstance(algorithm, mechanismType, provider);
- }
-
- /**
- * Returns a <code>TransformService</code> that supports the specified
- * algorithm URI (ex: {@link Transform#XPATH2}) and mechanism type
- * (ex: DOM) as supplied by the specified provider. The specified provider
- * must be registered in the security provider list.
- *
- * <p>Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @param algorithm the URI of the algorithm
- * @param mechanismType the type of the XML processing mechanism and
- * representation
- * @param provider the string name of the provider
- * @return a new <code>TransformService</code>
- * @throws NoSuchProviderException if the specified provider is not
- * registered in the security provider list
- * @throws NullPointerException if <code>provider</code>,
- * <code>mechanismType</code>, or <code>algorithm</code> is
- * <code>null</code>
- * @throws NoSuchAlgorithmException if a <code>TransformService</code>
- * implementation for the specified algorithm and mechanism type is not
- * available from the specified provider
- * @see Provider
- */
- public static TransformService getInstance
- (String algorithm, String mechanismType, String provider)
- throws NoSuchAlgorithmException, NoSuchProviderException {
- if (mechanismType == null || algorithm == null || provider == null) {
- throw new NullPointerException();
- }
- Provider prov = Security.getProvider(provider);
- if (prov == null) {
- throw new NoSuchProviderException("cannot find provider named "
- + provider);
- }
- return findInstance(algorithm, mechanismType, prov);
- }
-
- private static TransformService findInstance(String algorithm,
- String mechanismType, Provider provider)
- throws NoSuchAlgorithmException {
-
- if (provider == null) {
- provider = getProvider("TransformService", algorithm,
- mechanismType);
- }
- Provider.Service ps = provider.getService("TransformService",
- algorithm);
- if (ps == null) {
- throw new NoSuchAlgorithmException("no such algorithm: " +
- algorithm + " for provider " +
- provider.getName());
- }
- TransformService ts = (TransformService)ps.newInstance(null);
- ts.algorithm = algorithm;
- ts.mechanism = mechanismType;
- ts.provider = provider;
- return ts;
- }
-
- private static Provider getProvider(String engine, String alg, String mech)
- throws NoSuchAlgorithmException
- {
- Map<String, String> map = new HashMap<String, String>();
- map.put(engine + "." + alg, "");
- map.put(engine + "." + alg + " " + "MechanismType", mech);
- Provider[] providers = Security.getProviders(map);
- if (providers == null) {
- if (mech.equals("DOM")) {
- // look for providers without MechanismType specified
- map.clear();
- map.put(engine + "." + alg, "");
- providers = Security.getProviders(map);
- if (providers != null) {
- return providers[0];
- }
- }
- throw new NoSuchAlgorithmException("Algorithm type " + alg +
- " not available");
- }
- return providers[0];
- }
-
- /**
- * Returns the mechanism type supported by this <code>TransformService</code>.
- *
- * @return the mechanism type
- */
- public final String getMechanismType() {
- return mechanism;
- }
-
- /**
- * Returns the URI of the algorithm supported by this
- * <code>TransformService</code>.
- *
- * @return the algorithm URI
- */
- public final String getAlgorithm() {
- return algorithm;
- }
-
- /**
- * Returns the provider of this <code>TransformService</code>.
- *
- * @return the provider
- */
- public final Provider getProvider() {
- return provider;
- }
-
- /**
- * Initializes this <code>TransformService</code> with the specified
- * parameters.
- *
- * <p>If the parameters exist in XML form, the
- * {@link #init(XMLStructure, XMLCryptoContext)} method should be used to
- * initialize the <code>TransformService</code>.
- *
- * @param params the algorithm parameters (may be <code>null</code> if
- * not required or optional)
- * @throws InvalidAlgorithmParameterException if the specified parameters
- * are invalid for this algorithm
- */
- public abstract void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException;
-
- /**
- * Marshals the algorithm-specific parameters. If there are no parameters
- * to be marshalled, this method returns without throwing an exception.
- *
- * @param parent a mechanism-specific structure containing the parent
- * node that the marshalled parameters should be appended to
- * @param context the <code>XMLCryptoContext</code> containing
- * additional context (may be <code>null</code> if not applicable)
- * @throws ClassCastException if the type of <code>parent</code> or
- * <code>context</code> is not compatible with this
- * <code>TransformService</code>
- * @throws NullPointerException if <code>parent</code> is <code>null</code>
- * @throws MarshalException if the parameters cannot be marshalled
- */
- public abstract void marshalParams
- (XMLStructure parent, XMLCryptoContext context)
- throws MarshalException;
-
- /**
- * Initializes this <code>TransformService</code> with the specified
- * parameters and document context.
- *
- * @param parent a mechanism-specific structure containing the parent
- * structure
- * @param context the <code>XMLCryptoContext</code> containing
- * additional context (may be <code>null</code> if not applicable)
- * @throws ClassCastException if the type of <code>parent</code> or
- * <code>context</code> is not compatible with this
- * <code>TransformService</code>
- * @throws NullPointerException if <code>parent</code> is <code>null</code>
- * @throws InvalidAlgorithmParameterException if the specified parameters
- * are invalid for this algorithm
- */
- public abstract void init(XMLStructure parent, XMLCryptoContext context)
- throws InvalidAlgorithmParameterException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Portions copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * ===========================================================================
- *
- * (C) Copyright IBM Corp. 2003 All Rights Reserved.
- *
- * ===========================================================================
- */
-/*
- * $Id: XMLObject.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import java.util.List;
-import javax.xml.crypto.XMLStructure;
-
-/**
- * A representation of the XML <code>Object</code> element as defined in
- * the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * An <code>XMLObject</code> may contain any data and may include optional
- * MIME type, ID, and encoding attributes. The XML Schema Definition is
- * defined as:
- *
- * <pre><code>
- * <element name="Object" type="ds:ObjectType"/>
- * <complexType name="ObjectType" mixed="true">
- * <sequence minOccurs="0" maxOccurs="unbounded">
- * <any namespace="##any" processContents="lax"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
- * <attribute name="MimeType" type="string" use="optional"/>
- * <attribute name="Encoding" type="anyURI" use="optional"/>
- * </complexType>
- * </code></pre>
- *
- * A <code>XMLObject</code> instance may be created by invoking the
- * {@link XMLSignatureFactory#newXMLObject newXMLObject} method of the
- * {@link XMLSignatureFactory} class; for example:
- *
- * <pre>
- * XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
- * List content = Collections.singletonList(fac.newManifest(references)));
- * XMLObject object = factory.newXMLObject(content, "object-1", null, null);
- * </pre>
- *
- * <p>Note that this class is named <code>XMLObject</code> rather than
- * <code>Object</code> to avoid naming clashes with the existing
- * {@link java.lang.Object java.lang.Object} class.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @author Joyce L. Leung
- * @see XMLSignatureFactory#newXMLObject(List, String, String, String)
- */
-public interface XMLObject extends XMLStructure {
-
- /**
- * URI that identifies the <code>Object</code> element (this can be
- * specified as the value of the <code>type</code> parameter of the
- * {@link Reference} class to identify the referent's type).
- */
- String TYPE = "http://www.w3.org/2000/09/xmldsig#Object";
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} of {@link XMLStructure}s contained in this <code>XMLObject</code>,
- * which represent elements from any namespace.
- *
- *<p>If there is a public subclass representing the type of
- * <code>XMLStructure</code>, it is returned as an instance of that class
- * (ex: a <code>SignatureProperties</code> element would be returned
- * as an instance of {@link javax.xml.crypto.dsig.SignatureProperties}).
- *
- * @return an unmodifiable list of <code>XMLStructure</code>s (may be empty
- * but never <code>null</code>)
- */
- List getContent();
-
- /**
- * Returns the Id of this <code>XMLObject</code>.
- *
- * @return the Id (or <code>null</code> if not specified)
- */
- String getId();
-
- /**
- * Returns the mime type of this <code>XMLObject</code>. The
- * mime type is an optional attribute which describes the data within this
- * <code>XMLObject</code> (independent of its encoding).
- *
- * @return the mime type (or <code>null</code> if not specified)
- */
- String getMimeType();
-
- /**
- * Returns the encoding URI of this <code>XMLObject</code>. The encoding
- * URI identifies the method by which the object is encoded.
- *
- * @return the encoding URI (or <code>null</code> if not specified)
- */
- String getEncoding();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XMLSignContext.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.XMLCryptoContext;
-
-/**
- * Contains context information for generating XML Signatures. This interface
- * is primarily intended for type-safety.
- *
- * <p>Note that <code>XMLSignContext</code> instances can contain
- * information and state specific to the XML signature structure it is
- * used with. The results are unpredictable if an
- * <code>XMLSignContext</code> is used with different signature structures
- * (for example, you should not use the same <code>XMLSignContext</code>
- * instance to sign two different {@link XMLSignature} objects).
- * <p>
- * <b><a name="Supported Properties"></a>Supported Properties</b>
- * <p>The following properties can be set using the
- * {@link #setProperty setProperty} method.
- * <ul>
- * <li><code>javax.xml.crypto.dsig.cacheReference</code>: value must be a
- * {@link Boolean}. This property controls whether or not the digested
- * {@link Reference} objects will cache the dereferenced content and
- * pre-digested input for subsequent retrieval via the
- * {@link Reference#getDereferencedData Reference.getDereferencedData} and
- * {@link Reference#getDigestInputStream Reference.getDigestInputStream}
- * methods. The default value if not specified is
- * <code>Boolean.FALSE</code>.
- * </ul>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignature#sign(XMLSignContext)
- */
-public interface XMLSignContext extends XMLCryptoContext {}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Portions copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * ===========================================================================
- *
- * (C) Copyright IBM Corp. 2003 All Rights Reserved.
- *
- * ===========================================================================
- */
-/*
- * $Id: XMLSignature.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.KeySelector;
-import javax.xml.crypto.KeySelectorResult;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import java.security.Signature;
-import java.util.List;
-
-/**
- * A representation of the XML <code>Signature</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * This class contains methods for signing and validating XML signatures
- * with behavior as defined by the W3C specification. The XML Schema Definition
- * is defined as:
- * <pre><code>
- * <element name="Signature" type="ds:SignatureType"/>
- * <complexType name="SignatureType">
- * <sequence>
- * <element ref="ds:SignedInfo"/>
- * <element ref="ds:SignatureValue"/>
- * <element ref="ds:KeyInfo" minOccurs="0"/>
- * <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
- * </complexType>
- * </code></pre>
- * <p>
- * An <code>XMLSignature</code> instance may be created by invoking one of the
- * {@link XMLSignatureFactory#newXMLSignature newXMLSignature} methods of the
- * {@link XMLSignatureFactory} class.
- *
- * <p>If the contents of the underlying document containing the
- * <code>XMLSignature</code> are subsequently modified, the behavior is
- * undefined.
- *
- * <p>Note that this class is named <code>XMLSignature</code> rather than
- * <code>Signature</code> to avoid naming clashes with the existing
- * {@link Signature java.security.Signature} class.
- *
- * @see XMLSignatureFactory#newXMLSignature(SignedInfo, KeyInfo)
- * @see XMLSignatureFactory#newXMLSignature(SignedInfo, KeyInfo, List, String, String)
- * @author Joyce L. Leung
- * @author Sean Mullan
- * @author Erwin van der Koogh
- * @author JSR 105 Expert Group
- */
-public interface XMLSignature extends XMLStructure {
-
- /**
- * The XML Namespace URI of the W3C Recommendation for XML-Signature
- * Syntax and Processing.
- */
- String XMLNS = "http://www.w3.org/2000/09/xmldsig#";
-
- /**
- * Validates the signature according to the
- * <a href="http://www.w3.org/TR/xmldsig-core/#sec-CoreValidation">
- * core validation processing rules</a>. This method validates the
- * signature using the existing state, it does not unmarshal and
- * reinitialize the contents of the <code>XMLSignature</code> using the
- * location information specified in the context.
- *
- * <p>This method only validates the signature the first time it is
- * invoked. On subsequent invocations, it returns a cached result.
- *
- * @param validateContext the validating context
- * @return <code>true</code> if the signature passed core validation,
- * otherwise <code>false</code>
- * @throws ClassCastException if the type of <code>validateContext</code>
- * is not compatible with this <code>XMLSignature</code>
- * @throws NullPointerException if <code>validateContext</code> is
- * <code>null</code>
- * @throws XMLSignatureException if an unexpected error occurs during
- * validation that prevented the validation operation from completing
- */
- boolean validate(XMLValidateContext validateContext)
- throws XMLSignatureException;
-
- /**
- * Returns the key info of this <code>XMLSignature</code>.
- *
- * @return the key info (may be <code>null</code> if not specified)
- */
- KeyInfo getKeyInfo();
-
- /**
- * Returns the signed info of this <code>XMLSignature</code>.
- *
- * @return the signed info (never <code>null</code>)
- */
- SignedInfo getSignedInfo();
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} of {@link XMLObject}s contained in this <code>XMLSignature</code>.
- *
- * @return an unmodifiable list of <code>XMLObject</code>s (may be empty
- * but never <code>null</code>)
- */
- List getObjects();
-
- /**
- * Returns the optional Id of this <code>XMLSignature</code>.
- *
- * @return the Id (may be <code>null</code> if not specified)
- */
- String getId();
-
- /**
- * Returns the signature value of this <code>XMLSignature</code>.
- *
- * @return the signature value
- */
- SignatureValue getSignatureValue();
-
- /**
- * Signs this <code>XMLSignature</code>.
- *
- * <p>If this method throws an exception, this <code>XMLSignature</code> and
- * the <code>signContext</code> parameter will be left in the state that
- * it was in prior to the invocation.
- *
- * @param signContext the signing context
- * @throws ClassCastException if the type of <code>signContext</code> is
- * not compatible with this <code>XMLSignature</code>
- * @throws NullPointerException if <code>signContext</code> is
- * <code>null</code>
- * @throws MarshalException if an exception occurs while marshalling
- * @throws XMLSignatureException if an unexpected exception occurs while
- * generating the signature
- */
- void sign(XMLSignContext signContext) throws MarshalException,
- XMLSignatureException;
-
- /**
- * Returns the result of the {@link KeySelector}, if specified, after
- * this <code>XMLSignature</code> has been signed or validated.
- *
- * @return the key selector result, or <code>null</code> if a key
- * selector has not been specified or this <code>XMLSignature</code>
- * has not been signed or validated
- */
- KeySelectorResult getKeySelectorResult();
-
- /**
- * A representation of the XML <code>SignatureValue</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * The XML Schema Definition is defined as:
- * <p>
- * <pre>
- * <element name="SignatureValue" type="ds:SignatureValueType"/>
- * <complexType name="SignatureValueType">
- * <simpleContent>
- * <extension base="base64Binary">
- * <attribute name="Id" type="ID" use="optional"/>
- * </extension>
- * </simpleContent>
- * </complexType>
- * </pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
- public interface SignatureValue extends XMLStructure {
- /**
- * Returns the optional <code>Id</code> attribute of this
- * <code>SignatureValue</code>, which permits this element to be
- * referenced from elsewhere.
- *
- * @return the <code>Id</code> attribute (may be <code>null</code> if
- * not specified)
- */
- String getId();
-
- /**
- * Returns the signature value of this <code>SignatureValue</code>.
- *
- * @return the signature value (may be <code>null</code> if the
- * <code>XMLSignature</code> has not been signed yet). Each
- * invocation of this method returns a new clone of the array to
- * prevent subsequent modification.
- */
- byte[] getValue();
-
- /**
- * Validates the signature value. This method performs a
- * cryptographic validation of the signature calculated over the
- * <code>SignedInfo</code> of the <code>XMLSignature</code>.
- *
- * <p>This method only validates the signature the first
- * time it is invoked. On subsequent invocations, it returns a cached
- * result.
- *
- * @return <code>true</code> if the signature was
- * validated successfully; <code>false</code> otherwise
- * @param validateContext the validating context
- * @throws NullPointerException if <code>validateContext</code> is
- * <code>null</code>
- * @throws XMLSignatureException if an unexpected exception occurs while
- * validating the signature
- */
- boolean validate(XMLValidateContext validateContext)
- throws XMLSignatureException;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XMLSignatureException.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-
-/**
- * Indicates an exceptional condition that occured during the XML
- * signature generation or validation process.
- *
- * <p>An <code>XMLSignatureException</code> can contain a cause: another
- * throwable that caused this <code>XMLSignatureException</code> to get thrown.
- */
-public class XMLSignatureException extends Exception {
-
- private static final long serialVersionUID = -3438102491013869995L;
-
- /**
- * The throwable that caused this exception to get thrown, or null if this
- * exception was not caused by another throwable or if the causative
- * throwable is unknown.
- *
- * @serial
- */
- private Throwable cause;
-
- /**
- * Constructs a new <code>XMLSignatureException</code> with
- * <code>null</code> as its detail message.
- */
- public XMLSignatureException() {
- super();
- }
-
- /**
- * Constructs a new <code>XMLSignatureException</code> with the specified
- * detail message.
- *
- * @param message the detail message
- */
- public XMLSignatureException(String message) {
- super(message);
- }
-
- /**
- * Constructs a new <code>XMLSignatureException</code> with the
- * specified detail message and cause.
- * <p>Note that the detail message associated with
- * <code>cause</code> is <i>not</i> automatically incorporated in
- * this exception's detail message.
- *
- * @param message the detail message
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public XMLSignatureException(String message, Throwable cause) {
- super(message);
- this.cause = cause;
- }
-
- /**
- * Constructs a new <code>XMLSignatureException</code> with the specified
- * cause and a detail message of
- * <code>(cause==null ? null : cause.toString())</code>
- * (which typically contains the class and detail message of
- * <code>cause</code>).
- *
- * @param cause the cause (A <tt>null</tt> value is permitted, and
- * indicates that the cause is nonexistent or unknown.)
- */
- public XMLSignatureException(Throwable cause) {
- super(cause==null ? null : cause.toString());
- this.cause = cause;
- }
-
- /**
- * Returns the cause of this <code>XMLSignatureException</code> or
- * <code>null</code> if the cause is nonexistent or unknown. (The
- * cause is the throwable that caused this
- * <code>XMLSignatureException</code> to get thrown.)
- *
- * @return the cause of this <code>XMLSignatureException</code> or
- * <code>null</code> if the cause is nonexistent or unknown.
- */
- public Throwable getCause() {
- return cause;
- }
-
- /**
- * Prints this <code>XMLSignatureException</code>, its backtrace and
- * the cause's backtrace to the standard error stream.
- */
- public void printStackTrace() {
- super.printStackTrace();
- if (cause != null) {
- cause.printStackTrace();
- }
- }
-
- /**
- * Prints this <code>XMLSignatureException</code>, its backtrace and
- * the cause's backtrace to the specified print stream.
- *
- * @param s <code>PrintStream</code> to use for output
- */
- public void printStackTrace(PrintStream s) {
- super.printStackTrace(s);
- if (cause != null) {
- cause.printStackTrace(s);
- }
- }
-
- /**
- * Prints this <code>XMLSignatureException</code>, its backtrace and
- * the cause's backtrace to the specified print writer.
- *
- * @param s <code>PrintWriter</code> to use for output
- */
- public void printStackTrace(PrintWriter s) {
- super.printStackTrace(s);
- if (cause != null) {
- cause.printStackTrace(s);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XMLSignatureFactory.java 1203738 2011-11-18 16:47:00Z mullan $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.Data;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.NoSuchMechanismException;
-import javax.xml.crypto.URIDereferencer;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dom.DOMStructure;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-import javax.xml.crypto.dsig.spec.*;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.Security;
-import java.util.List;
-
-/**
- * A factory for creating {@link XMLSignature} objects from scratch or
- * for unmarshalling an <code>XMLSignature</code> object from a corresponding
- * XML representation.
- *
- * <h2>XMLSignatureFactory Type</h2>
- *
- * <p>Each instance of <code>XMLSignatureFactory</code> supports a specific
- * XML mechanism type. To create an <code>XMLSignatureFactory</code>, call one
- * of the static {@link #getInstance getInstance} methods, passing in the XML
- * mechanism type desired, for example:
- *
- * <blockquote><code>
- * XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
- * </code></blockquote>
- *
- * <p>The objects that this factory produces will be based
- * on DOM and abide by the DOM interoperability requirements as defined in the
- * <a href="../../../../overview-summary.html#DOM Mechanism Requirements">DOM
- * Mechanism Requirements</a> section of the API overview. See the
- * <a href="../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard mechanism
- * types.
- *
- * <p><code>XMLSignatureFactory</code> implementations are registered and loaded
- * using the {@link java.security.Provider} mechanism.
- * For example, a service provider that supports the
- * DOM mechanism would be specified in the <code>Provider</code> subclass as:
- * <pre>
- * put("XMLSignatureFactory.DOM", "org.example.DOMXMLSignatureFactory");
- * </pre>
- *
- * <p>An implementation MUST minimally support the default mechanism type: DOM.
- *
- * <p>Note that a caller must use the same <code>XMLSignatureFactory</code>
- * instance to create the <code>XMLStructure</code>s of a particular
- * <code>XMLSignature</code> that is to be generated. The behavior is
- * undefined if <code>XMLStructure</code>s from different providers or
- * different mechanism types are used together.
- *
- * <p>Also, the <code>XMLStructure</code>s that are created by this factory
- * may contain state specific to the <code>XMLSignature</code> and are not
- * intended to be reusable.
- *
- * <h2>Creating XMLSignatures from scratch</h2>
- *
- * <p>Once the <code>XMLSignatureFactory</code> has been created, objects
- * can be instantiated by calling the appropriate method. For example, a
- * {@link Reference} instance may be created by invoking one of the
- * {@link #newReference newReference} methods.
- *
- * <h2>Unmarshalling XMLSignatures from XML</h2>
- *
- * <p>Alternatively, an <code>XMLSignature</code> may be created from an
- * existing XML representation by invoking the {@link #unmarshalXMLSignature
- * unmarshalXMLSignature} method and passing it a mechanism-specific
- * {@link XMLValidateContext} instance containing the XML content:
- *
- * <pre>
- * DOMValidateContext context = new DOMValidateContext(key, signatureElement);
- * XMLSignature signature = factory.unmarshalXMLSignature(context);
- * </pre>
- *
- * Each <code>XMLSignatureFactory</code> must support the required
- * <code>XMLValidateContext</code> types for that factory type, but may support
- * others. A DOM <code>XMLSignatureFactory</code> must support {@link
- * javax.xml.crypto.dsig.dom.DOMValidateContext} objects.
- *
- * <h2>Signing and marshalling XMLSignatures to XML</h2>
- *
- * Each <code>XMLSignature</code> created by the factory can also be
- * marshalled to an XML representation and signed, by invoking the
- * {@link XMLSignature#sign sign} method of the
- * {@link XMLSignature} object and passing it a mechanism-specific
- * {@link XMLSignContext} object containing the signing key and
- * marshalling parameters (see {@link DOMSignContext}).
- * For example:
- *
- * <pre>
- * DOMSignContext context = new DOMSignContext(privateKey, document);
- * signature.sign(context);
- * </pre>
- *
- * <b>Concurrent Access</b>
- * <p>The static methods of this class are guaranteed to be thread-safe.
- * Multiple threads may concurrently invoke the static methods defined in this
- * class with no ill effects.
- *
- * <p>However, this is not true for the non-static methods defined by this
- * class. Unless otherwise documented by a specific provider, threads that
- * need to access a single <code>XMLSignatureFactory</code> instance
- * concurrently should synchronize amongst themselves and provide the
- * necessary locking. Multiple threads each manipulating a different
- * <code>XMLSignatureFactory</code> instance need not synchronize.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public abstract class XMLSignatureFactory {
-
- private String mechanismType;
- private Provider provider;
-
- /**
- * Default constructor, for invocation by subclasses.
- */
- protected XMLSignatureFactory() {}
-
- /**
- * Returns an <code>XMLSignatureFactory</code> that supports the
- * specified XML processing mechanism and representation type (ex: "DOM").
- *
- * <p>This method uses the standard JCA provider lookup mechanism to
- * locate and instantiate an <code>XMLSignatureFactory</code>
- * implementation of the desired mechanism type. It traverses the list of
- * registered security <code>Provider</code>s, starting with the most
- * preferred <code>Provider</code>. A new <code>XMLSignatureFactory</code>
- * object from the first <code>Provider</code> that supports the specified
- * mechanism is returned.
- *
- * <p>Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @param mechanismType the type of the XML processing mechanism and
- * representation. See the <a
- * href="../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard
- * mechanism types.
- * @return a new <code>XMLSignatureFactory</code>
- * @throws NullPointerException if <code>mechanismType</code> is
- * <code>null</code>
- * @throws NoSuchMechanismException if no <code>Provider</code> supports an
- * <code>XMLSignatureFactory</code> implementation for the specified
- * mechanism
- * @see Provider
- */
- public static XMLSignatureFactory getInstance(String mechanismType) {
- if (mechanismType == null) {
- throw new NullPointerException("mechanismType cannot be null");
- }
-
- return findInstance(mechanismType, null);
- }
-
- private static XMLSignatureFactory findInstance(String mechanismType,
- Provider provider) {
-
- if (provider == null) {
- provider = getProvider("XMLSignatureFactory", mechanismType);
- }
- Provider.Service ps = provider.getService("XMLSignatureFactory",
- mechanismType);
- if (ps == null) {
- throw new NoSuchMechanismException("Cannot find " + mechanismType +
- " mechanism type");
- }
- try {
- XMLSignatureFactory fac = (XMLSignatureFactory)ps.newInstance(null);
- fac.mechanismType = mechanismType;
- fac.provider = provider;
- return fac;
- } catch (NoSuchAlgorithmException nsae) {
- throw new NoSuchMechanismException("Cannot find " + mechanismType +
- " mechanism type", nsae);
- }
- }
-
- private static Provider getProvider(String engine, String mech) {
- Provider[] providers = Security.getProviders(engine + "." + mech);
- if (providers == null) {
- throw new NoSuchMechanismException("Mechanism type " + mech +
- " not available");
- }
- return providers[0];
- }
-
- /**
- * Returns an <code>XMLSignatureFactory</code> that supports the
- * requested XML processing mechanism and representation type (ex: "DOM"),
- * as supplied by the specified provider. Note that the specified
- * <code>Provider</code> object does not have to be registered in the
- * provider list.
- *
- * @param mechanismType the type of the XML processing mechanism and
- * representation. See the <a
- * href="../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard
- * mechanism types.
- * @param provider the <code>Provider</code> object
- * @return a new <code>XMLSignatureFactory</code>
- * @throws NullPointerException if <code>provider</code> or
- * <code>mechanismType</code> is <code>null</code>
- * @throws NoSuchMechanismException if an <code>XMLSignatureFactory</code>
- * implementation for the specified mechanism is not available
- * from the specified <code>Provider</code> object
- * @see Provider
- */
- public static XMLSignatureFactory getInstance(String mechanismType,
- Provider provider) {
- if (mechanismType == null) {
- throw new NullPointerException("mechanismType cannot be null");
- } else if (provider == null) {
- throw new NullPointerException("provider cannot be null");
- }
-
- return findInstance(mechanismType, provider);
- }
-
- /**
- * Returns an <code>XMLSignatureFactory</code> that supports the
- * requested XML processing mechanism and representation type (ex: "DOM"),
- * as supplied by the specified provider. The specified provider must be
- * registered in the security provider list.
- *
- * <p>Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @param mechanismType the type of the XML processing mechanism and
- * representation. See the <a
- * href="../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard
- * mechanism types.
- * @param provider the string name of the provider
- * @return a new <code>XMLSignatureFactory</code>
- * @throws NoSuchProviderException if the specified provider is not
- * registered in the security provider list
- * @throws NullPointerException if <code>provider</code> or
- * <code>mechanismType</code> is <code>null</code>
- * @throws NoSuchMechanismException if an <code>XMLSignatureFactory</code>
- * implementation for the specified mechanism is not
- * available from the specified provider
- * @see Provider
- */
- public static XMLSignatureFactory getInstance(String mechanismType,
- String provider) throws NoSuchProviderException {
- if (mechanismType == null) {
- throw new NullPointerException("mechanismType cannot be null");
- } else if (provider == null) {
- throw new NullPointerException("provider cannot be null");
- }
-
- Provider prov = Security.getProvider(provider);
- if (prov == null) {
- throw new NoSuchProviderException("cannot find provider named "
- + provider);
- }
-
- return findInstance(mechanismType, prov);
- }
-
- /**
- * Returns an <code>XMLSignatureFactory</code> that supports the
- * default XML processing mechanism and representation type ("DOM").
- *
- * <p>This method uses the standard JCA provider lookup mechanism to
- * locate and instantiate an <code>XMLSignatureFactory</code>
- * implementation of the default mechanism type. It traverses the list of
- * registered security <code>Provider</code>s, starting with the most
- * preferred <code>Provider</code>. A new <code>XMLSignatureFactory</code>
- * object from the first <code>Provider</code> that supports the DOM
- * mechanism is returned.
- *
- * <p>Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @return a new <code>XMLSignatureFactory</code>
- * @throws NoSuchMechanismException if no <code>Provider</code> supports an
- * <code>XMLSignatureFactory</code> implementation for the DOM
- * mechanism
- * @see Provider
- */
- public static XMLSignatureFactory getInstance() {
- return getInstance("DOM");
- }
-
- /**
- * Returns the type of the XML processing mechanism and representation
- * supported by this <code>XMLSignatureFactory</code> (ex: "DOM").
- *
- * @return the XML processing mechanism type supported by this
- * <code>XMLSignatureFactory</code>
- */
- public final String getMechanismType() {
- return mechanismType;
- }
-
- /**
- * Returns the provider of this <code>XMLSignatureFactory</code>.
- *
- * @return the provider of this <code>XMLSignatureFactory</code>
- */
- public final Provider getProvider() {
- return provider;
- }
-
- /**
- * Creates an <code>XMLSignature</code> and initializes it with the contents
- * of the specified <code>SignedInfo</code> and <code>KeyInfo</code>
- * objects.
- *
- * @param si the signed info
- * @param ki the key info (may be <code>null</code>)
- * @return an <code>XMLSignature</code>
- * @throws NullPointerException if <code>si</code> is <code>null</code>
- */
- public abstract XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki);
-
- /**
- * Creates an <code>XMLSignature</code> and initializes it with the
- * specified parameters.
- *
- * @param si the signed info
- * @param ki the key info (may be <code>null</code>)
- * @param objects a list of {@link XMLObject}s (may be empty or
- * <code>null</code>)
- * @param id the Id (may be <code>null</code>)
- * @param signatureValueId the SignatureValue Id (may be <code>null</code>)
- * @return an <code>XMLSignature</code>
- * @throws NullPointerException if <code>si</code> is <code>null</code>
- * @throws ClassCastException if any of the <code>objects</code> are not of
- * type <code>XMLObject</code>
- */
- public abstract XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki,
- List objects, String id, String signatureValueId);
-
- /**
- * Creates a <code>Reference</code> with the specified URI and digest
- * method.
- *
- * @param uri the reference URI (may be <code>null</code>)
- * @param dm the digest method
- * @return a <code>Reference</code>
- * @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
- * compliant
- * @throws NullPointerException if <code>dm</code> is <code>null</code>
- */
- public abstract Reference newReference(String uri, DigestMethod dm);
-
- /**
- * Creates a <code>Reference</code> with the specified parameters.
- *
- * @param uri the reference URI (may be <code>null</code>)
- * @param dm the digest method
- * @param transforms a list of {@link Transform}s. The list is defensively
- * copied to protect against subsequent modification. May be
- * <code>null</code> or empty.
- * @param type the reference type, as a URI (may be <code>null</code>)
- * @param id the reference ID (may be <code>null</code>)
- * @return a <code>Reference</code>
- * @throws ClassCastException if any of the <code>transforms</code> are
- * not of type <code>Transform</code>
- * @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
- * compliant
- * @throws NullPointerException if <code>dm</code> is <code>null</code>
- */
- public abstract Reference newReference(String uri, DigestMethod dm,
- List transforms, String type, String id);
-
- /**
- * Creates a <code>Reference</code> with the specified parameters and
- * pre-calculated digest value.
- *
- * <p>This method is useful when the digest value of a
- * <code>Reference</code> has been previously computed. See for example,
- * the
- * <a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss">
- * OASIS-DSS (Digital Signature Services)</a> specification.
- *
- * @param uri the reference URI (may be <code>null</code>)
- * @param dm the digest method
- * @param transforms a list of {@link Transform}s. The list is defensively
- * copied to protect against subsequent modification. May be
- * <code>null</code> or empty.
- * @param type the reference type, as a URI (may be <code>null</code>)
- * @param id the reference ID (may be <code>null</code>)
- * @param digestValue the digest value. The array is cloned to protect
- * against subsequent modification.
- * @return a <code>Reference</code>
- * @throws ClassCastException if any of the <code>transforms</code> are
- * not of type <code>Transform</code>
- * @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
- * compliant
- * @throws NullPointerException if <code>dm</code> or
- * <code>digestValue</code> is <code>null</code>
- */
- public abstract Reference newReference(String uri, DigestMethod dm,
- List transforms, String type, String id, byte[] digestValue);
-
- /**
- * Creates a <code>Reference</code> with the specified parameters.
- *
- * <p>This method is useful when a list of transforms have already been
- * applied to the <code>Reference</code>. See for example,
- * the
- * <a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss">
- * OASIS-DSS (Digital Signature Services)</a> specification.
- *
- * <p>When an <code>XMLSignature</code> containing this reference is
- * generated, the specified <code>transforms</code> (if non-null) are
- * applied to the specified <code>result</code>. The
- * <code>Transforms</code> element of the resulting <code>Reference</code>
- * element is set to the concatenation of the
- * <code>appliedTransforms</code> and <code>transforms</code>.
- *
- * @param uri the reference URI (may be <code>null</code>)
- * @param dm the digest method
- * @param appliedTransforms a list of {@link Transform}s that have
- * already been applied. The list is defensively
- * copied to protect against subsequent modification. The list must
- * contain at least one entry.
- * @param result the result of processing the sequence of
- * <code>appliedTransforms</code>
- * @param transforms a list of {@link Transform}s that are to be applied
- * when generating the signature. The list is defensively copied to
- * protect against subsequent modification. May be <code>null</code>
- * or empty.
- * @param type the reference type, as a URI (may be <code>null</code>)
- * @param id the reference ID (may be <code>null</code>)
- * @return a <code>Reference</code>
- * @throws ClassCastException if any of the transforms (in either list)
- * are not of type <code>Transform</code>
- * @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
- * compliant or <code>appliedTransforms</code> is empty
- * @throws NullPointerException if <code>dm</code>,
- * <code>appliedTransforms</code> or <code>result</code> is
- * <code>null</code>
- */
- public abstract Reference newReference(String uri, DigestMethod dm,
- List appliedTransforms, Data result, List transforms, String type,
- String id);
-
- /**
- * Creates a <code>SignedInfo</code> with the specified canonicalization
- * and signature methods, and list of one or more references.
- *
- * @param cm the canonicalization method
- * @param sm the signature method
- * @param references a list of one or more {@link Reference}s. The list is
- * defensively copied to protect against subsequent modification.
- * @return a <code>SignedInfo</code>
- * @throws ClassCastException if any of the references are not of
- * type <code>Reference</code>
- * @throws IllegalArgumentException if <code>references</code> is empty
- * @throws NullPointerException if any of the parameters
- * are <code>null</code>
- */
- public abstract SignedInfo newSignedInfo(CanonicalizationMethod cm,
- SignatureMethod sm, List references);
-
- /**
- * Creates a <code>SignedInfo</code> with the specified parameters.
- *
- * @param cm the canonicalization method
- * @param sm the signature method
- * @param references a list of one or more {@link Reference}s. The list is
- * defensively copied to protect against subsequent modification.
- * @param id the id (may be <code>null</code>)
- * @return a <code>SignedInfo</code>
- * @throws ClassCastException if any of the references are not of
- * type <code>Reference</code>
- * @throws IllegalArgumentException if <code>references</code> is empty
- * @throws NullPointerException if <code>cm</code>, <code>sm</code>, or
- * <code>references</code> are <code>null</code>
- */
- public abstract SignedInfo newSignedInfo(CanonicalizationMethod cm,
- SignatureMethod sm, List references, String id);
-
- // Object factory methods
- /**
- * Creates an <code>XMLObject</code> from the specified parameters.
- *
- * @param content a list of {@link XMLStructure}s. The list
- * is defensively copied to protect against subsequent modification.
- * May be <code>null</code> or empty.
- * @param id the Id (may be <code>null</code>)
- * @param mimeType the mime type (may be <code>null</code>)
- * @param encoding the encoding (may be <code>null</code>)
- * @return an <code>XMLObject</code>
- * @throws ClassCastException if <code>content</code> contains any
- * entries that are not of type {@link XMLStructure}
- */
- public abstract XMLObject newXMLObject(List content, String id,
- String mimeType, String encoding);
-
- /**
- * Creates a <code>Manifest</code> containing the specified
- * list of {@link Reference}s.
- *
- * @param references a list of one or more <code>Reference</code>s. The list
- * is defensively copied to protect against subsequent modification.
- * @return a <code>Manifest</code>
- * @throws NullPointerException if <code>references</code> is
- * <code>null</code>
- * @throws IllegalArgumentException if <code>references</code> is empty
- * @throws ClassCastException if <code>references</code> contains any
- * entries that are not of type {@link Reference}
- */
- public abstract Manifest newManifest(List references);
-
- /**
- * Creates a <code>Manifest</code> containing the specified
- * list of {@link Reference}s and optional id.
- *
- * @param references a list of one or more <code>Reference</code>s. The list
- * is defensively copied to protect against subsequent modification.
- * @param id the id (may be <code>null</code>)
- * @return a <code>Manifest</code>
- * @throws NullPointerException if <code>references</code> is
- * <code>null</code>
- * @throws IllegalArgumentException if <code>references</code> is empty
- * @throws ClassCastException if <code>references</code> contains any
- * entries that are not of type {@link Reference}
- */
- public abstract Manifest newManifest(List references, String id);
-
- /**
- * Creates a <code>SignatureProperty</code> containing the specified
- * list of {@link XMLStructure}s, target URI and optional id.
- *
- * @param content a list of one or more <code>XMLStructure</code>s. The list
- * is defensively copied to protect against subsequent modification.
- * @param target the target URI of the Signature that this property applies
- * to
- * @param id the id (may be <code>null</code>)
- * @return a <code>SignatureProperty</code>
- * @throws NullPointerException if <code>content</code> or
- * <code>target</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>content</code> is empty
- * @throws ClassCastException if <code>content</code> contains any
- * entries that are not of type {@link XMLStructure}
- */
- public abstract SignatureProperty newSignatureProperty
- (List content, String target, String id);
-
- /**
- * Creates a <code>SignatureProperties</code> containing the specified
- * list of {@link SignatureProperty}s and optional id.
- *
- * @param properties a list of one or more <code>SignatureProperty</code>s.
- * The list is defensively copied to protect against subsequent
- * modification.
- * @param id the id (may be <code>null</code>)
- * @return a <code>SignatureProperties</code>
- * @throws NullPointerException if <code>properties</code>
- * is <code>null</code>
- * @throws IllegalArgumentException if <code>properties</code> is empty
- * @throws ClassCastException if <code>properties</code> contains any
- * entries that are not of type {@link SignatureProperty}
- */
- public abstract SignatureProperties newSignatureProperties
- (List properties, String id);
-
- // Algorithm factory methods
- /**
- * Creates a <code>DigestMethod</code> for the specified algorithm URI
- * and parameters.
- *
- * @param algorithm the URI identifying the digest algorithm
- * @param params algorithm-specific digest parameters (may be
- * <code>null</code>)
- * @return the <code>DigestMethod</code>
- * @throws InvalidAlgorithmParameterException if the specified parameters
- * are inappropriate for the requested algorithm
- * @throws NoSuchAlgorithmException if an implementation of the
- * specified algorithm cannot be found
- * @throws NullPointerException if <code>algorithm</code> is
- * <code>null</code>
- */
- public abstract DigestMethod newDigestMethod(String algorithm,
- DigestMethodParameterSpec params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException;
-
- /**
- * Creates a <code>SignatureMethod</code> for the specified algorithm URI
- * and parameters.
- *
- * @param algorithm the URI identifying the signature algorithm
- * @param params algorithm-specific signature parameters (may be
- * <code>null</code>)
- * @return the <code>SignatureMethod</code>
- * @throws InvalidAlgorithmParameterException if the specified parameters
- * are inappropriate for the requested algorithm
- * @throws NoSuchAlgorithmException if an implementation of the
- * specified algorithm cannot be found
- * @throws NullPointerException if <code>algorithm</code> is
- * <code>null</code>
- */
- public abstract SignatureMethod newSignatureMethod(String algorithm,
- SignatureMethodParameterSpec params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException;
-
- /**
- * Creates a <code>Transform</code> for the specified algorithm URI
- * and parameters.
- *
- * @param algorithm the URI identifying the transform algorithm
- * @param params algorithm-specific transform parameters (may be
- * <code>null</code>)
- * @return the <code>Transform</code>
- * @throws InvalidAlgorithmParameterException if the specified parameters
- * are inappropriate for the requested algorithm
- * @throws NoSuchAlgorithmException if an implementation of the
- * specified algorithm cannot be found
- * @throws NullPointerException if <code>algorithm</code> is
- * <code>null</code>
- */
- public abstract Transform newTransform(String algorithm,
- TransformParameterSpec params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException;
-
- /**
- * Creates a <code>Transform</code> for the specified algorithm URI
- * and parameters. The parameters are specified as a mechanism-specific
- * <code>XMLStructure</code> (ex: {@link DOMStructure}). This method is
- * useful when the parameters are in XML form or there is no standard
- * class for specifying the parameters.
- *
- * @param algorithm the URI identifying the transform algorithm
- * @param params a mechanism-specific XML structure from which to
- * unmarshal the parameters from (may be <code>null</code> if
- * not required or optional)
- * @return the <code>Transform</code>
- * @throws ClassCastException if the type of <code>params</code> is
- * inappropriate for this <code>XMLSignatureFactory</code>
- * @throws InvalidAlgorithmParameterException if the specified parameters
- * are inappropriate for the requested algorithm
- * @throws NoSuchAlgorithmException if an implementation of the
- * specified algorithm cannot be found
- * @throws NullPointerException if <code>algorithm</code> is
- * <code>null</code>
- */
- public abstract Transform newTransform(String algorithm,
- XMLStructure params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException;
-
- /**
- * Creates a <code>CanonicalizationMethod</code> for the specified
- * algorithm URI and parameters.
- *
- * @param algorithm the URI identifying the canonicalization algorithm
- * @param params algorithm-specific canonicalization parameters (may be
- * <code>null</code>)
- * @return the <code>CanonicalizationMethod</code>
- * @throws InvalidAlgorithmParameterException if the specified parameters
- * are inappropriate for the requested algorithm
- * @throws NoSuchAlgorithmException if an implementation of the
- * specified algorithm cannot be found
- * @throws NullPointerException if <code>algorithm</code> is
- * <code>null</code>
- */
- public abstract CanonicalizationMethod newCanonicalizationMethod(
- String algorithm, C14NMethodParameterSpec params)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
-
- /**
- * Creates a <code>CanonicalizationMethod</code> for the specified
- * algorithm URI and parameters. The parameters are specified as a
- * mechanism-specific <code>XMLStructure</code> (ex: {@link DOMStructure}).
- * This method is useful when the parameters are in XML form or there is
- * no standard class for specifying the parameters.
- *
- * @param algorithm the URI identifying the canonicalization algorithm
- * @param params a mechanism-specific XML structure from which to
- * unmarshal the parameters from (may be <code>null</code> if
- * not required or optional)
- * @return the <code>CanonicalizationMethod</code>
- * @throws ClassCastException if the type of <code>params</code> is
- * inappropriate for this <code>XMLSignatureFactory</code>
- * @throws InvalidAlgorithmParameterException if the specified parameters
- * are inappropriate for the requested algorithm
- * @throws NoSuchAlgorithmException if an implementation of the
- * specified algorithm cannot be found
- * @throws NullPointerException if <code>algorithm</code> is
- * <code>null</code>
- */
- public abstract CanonicalizationMethod newCanonicalizationMethod(
- String algorithm, XMLStructure params)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
-
- /**
- * Returns a <code>KeyInfoFactory</code> that creates <code>KeyInfo</code>
- * objects. The returned <code>KeyInfoFactory</code> has the same
- * mechanism type and provider as this <code>XMLSignatureFactory</code>.
- *
- * @return a <code>KeyInfoFactory</code>
- * @throws NoSuchMechanismException if a <code>KeyFactory</code>
- * implementation with the same mechanism type and provider
- * is not available
- */
- public final KeyInfoFactory getKeyInfoFactory() {
- return KeyInfoFactory.getInstance(getMechanismType(), getProvider());
- }
-
- /**
- * Unmarshals a new <code>XMLSignature</code> instance from a
- * mechanism-specific <code>XMLValidateContext</code> instance.
- *
- * @param context a mechanism-specific context from which to unmarshal the
- * signature from
- * @return the <code>XMLSignature</code>
- * @throws NullPointerException if <code>context</code> is
- * <code>null</code>
- * @throws ClassCastException if the type of <code>context</code> is
- * inappropriate for this factory
- * @throws MarshalException if an unrecoverable exception occurs
- * during unmarshalling
- */
- public abstract XMLSignature unmarshalXMLSignature
- (XMLValidateContext context) throws MarshalException;
-
- /**
- * Unmarshals a new <code>XMLSignature</code> instance from a
- * mechanism-specific <code>XMLStructure</code> instance.
- * This method is useful if you only want to unmarshal (and not
- * validate) an <code>XMLSignature</code>.
- *
- * @param xmlStructure a mechanism-specific XML structure from which to
- * unmarshal the signature from
- * @return the <code>XMLSignature</code>
- * @throws NullPointerException if <code>xmlStructure</code> is
- * <code>null</code>
- * @throws ClassCastException if the type of <code>xmlStructure</code> is
- * inappropriate for this factory
- * @throws MarshalException if an unrecoverable exception occurs
- * during unmarshalling
- */
- public abstract XMLSignature unmarshalXMLSignature
- (XMLStructure xmlStructure) throws MarshalException;
-
- /**
- * Indicates whether a specified feature is supported.
- *
- * @param feature the feature name (as an absolute URI)
- * @return <code>true</code> if the specified feature is supported,
- * <code>false</code> otherwise
- * @throws NullPointerException if <code>feature</code> is <code>null</code>
- */
- public abstract boolean isFeatureSupported(String feature);
-
- /**
- * Returns a reference to the <code>URIDereferencer</code> that is used by
- * default to dereference URIs in {@link Reference} objects.
- *
- * @return a reference to the default <code>URIDereferencer</code> (never
- * <code>null</code>)
- */
- public abstract URIDereferencer getURIDereferencer();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XMLValidateContext.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig;
-
-import javax.xml.crypto.XMLCryptoContext;
-
-/**
- * Contains context information for validating XML Signatures. This interface
- * is primarily intended for type-safety.
- *
- * <p>Note that <code>XMLValidateContext</code> instances can contain
- * information and state specific to the XML signature structure it is
- * used with. The results are unpredictable if an
- * <code>XMLValidateContext</code> is used with different signature structures
- * (for example, you should not use the same <code>XMLValidateContext</code>
- * instance to validate two different {@link XMLSignature} objects).
- * <p>
- * <b><a name="Supported Properties"></a>Supported Properties</b>
- * <p>The following properties can be set by an application using the
- * {@link #setProperty setProperty} method.
- * <ul>
- * <li><code>javax.xml.crypto.dsig.cacheReference</code>: value must be a
- * {@link Boolean}. This property controls whether or not the
- * {@link Reference#validate Reference.validate} method will cache the
- * dereferenced content and pre-digested input for subsequent retrieval via
- * the {@link Reference#getDereferencedData Reference.getDereferencedData}
- * and {@link Reference#getDigestInputStream
- * Reference.getDigestInputStream} methods. The default value if not
- * specified is <code>Boolean.FALSE</code>.
- * </ul>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignature#validate(XMLValidateContext)
- * @see Reference#validate(XMLValidateContext)
- */
-public interface XMLValidateContext extends XMLCryptoContext {}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMSignContext.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.dom;
-
-import javax.xml.crypto.KeySelector;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.XMLSignContext;
-import javax.xml.crypto.dsig.XMLSignature;
-import java.security.Key;
-import org.w3c.dom.Node;
-
-/**
- * A DOM-specific {@link XMLSignContext}. This class contains additional methods
- * to specify the location in a DOM tree where an {@link XMLSignature}
- * object is to be marshalled when generating the signature.
- *
- * <p>Note that <code>DOMSignContext</code> instances can contain
- * information and state specific to the XML signature structure it is
- * used with. The results are unpredictable if a
- * <code>DOMSignContext</code> is used with different signature structures
- * (for example, you should not use the same <code>DOMSignContext</code>
- * instance to sign two different {@link XMLSignature} objects).
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public class DOMSignContext extends DOMCryptoContext implements XMLSignContext {
-
- private Node parent;
- private Node nextSibling;
-
- /**
- * Creates a <code>DOMSignContext</code> with the specified signing key
- * and parent node. The signing key is stored in a
- * {@link KeySelector#singletonKeySelector singleton KeySelector} that is
- * returned by the {@link #getKeySelector getKeySelector} method.
- * The marshalled <code>XMLSignature</code> will be added as the last
- * child element of the specified parent node unless a next sibling node is
- * specified by invoking the {@link #setNextSibling setNextSibling} method.
- *
- * @param signingKey the signing key
- * @param parent the parent node
- * @throws NullPointerException if <code>signingKey</code> or
- * <code>parent</code> is <code>null</code>
- */
- public DOMSignContext(Key signingKey, Node parent) {
- if (signingKey == null) {
- throw new NullPointerException("signingKey cannot be null");
- }
- if (parent == null) {
- throw new NullPointerException("parent cannot be null");
- }
- setKeySelector(KeySelector.singletonKeySelector(signingKey));
- this.parent = parent;
- }
-
- /**
- * Creates a <code>DOMSignContext</code> with the specified signing key,
- * parent and next sibling nodes. The signing key is stored in a
- * {@link KeySelector#singletonKeySelector singleton KeySelector} that is
- * returned by the {@link #getKeySelector getKeySelector} method.
- * The marshalled <code>XMLSignature</code> will be inserted as a child
- * element of the specified parent node and immediately before the
- * specified next sibling node.
- *
- * @param signingKey the signing key
- * @param parent the parent node
- * @param nextSibling the next sibling node
- * @throws NullPointerException if <code>signingKey</code>,
- * <code>parent</code> or <code>nextSibling</code> is <code>null</code>
- */
- public DOMSignContext(Key signingKey, Node parent, Node nextSibling) {
- if (signingKey == null) {
- throw new NullPointerException("signingKey cannot be null");
- }
- if (parent == null) {
- throw new NullPointerException("parent cannot be null");
- }
- if (nextSibling == null) {
- throw new NullPointerException("nextSibling cannot be null");
- }
- setKeySelector(KeySelector.singletonKeySelector(signingKey));
- this.parent = parent;
- this.nextSibling = nextSibling;
- }
-
- /**
- * Creates a <code>DOMSignContext</code> with the specified key selector
- * and parent node. The marshalled <code>XMLSignature</code> will be added
- * as the last child element of the specified parent node unless a next
- * sibling node is specified by invoking the
- * {@link #setNextSibling setNextSibling} method.
- *
- * @param ks the key selector
- * @param parent the parent node
- * @throws NullPointerException if <code>ks</code> or <code>parent</code>
- * is <code>null</code>
- */
- public DOMSignContext(KeySelector ks, Node parent) {
- if (ks == null) {
- throw new NullPointerException("key selector cannot be null");
- }
- if (parent == null) {
- throw new NullPointerException("parent cannot be null");
- }
- setKeySelector(ks);
- this.parent = parent;
- }
-
- /**
- * Creates a <code>DOMSignContext</code> with the specified key selector,
- * parent and next sibling nodes. The marshalled <code>XMLSignature</code>
- * will be inserted as a child element of the specified parent node and
- * immediately before the specified next sibling node.
- *
- * @param ks the key selector
- * @param parent the parent node
- * @param nextSibling the next sibling node
- * @throws NullPointerException if <code>ks</code>, <code>parent</code> or
- * <code>nextSibling</code> is <code>null</code>
- */
- public DOMSignContext(KeySelector ks, Node parent, Node nextSibling) {
- if (ks == null) {
- throw new NullPointerException("key selector cannot be null");
- }
- if (parent == null) {
- throw new NullPointerException("parent cannot be null");
- }
- if (nextSibling == null) {
- throw new NullPointerException("nextSibling cannot be null");
- }
- setKeySelector(ks);
- this.parent = parent;
- this.nextSibling = nextSibling;
- }
-
- /**
- * Sets the parent node.
- *
- * @param parent the parent node. The marshalled <code>XMLSignature</code>
- * will be added as a child element of this node.
- * @throws NullPointerException if <code>parent</code> is <code>null</code>
- * @see #getParent
- */
- public void setParent(Node parent) {
- if (parent == null) {
- throw new NullPointerException("parent is null");
- }
- this.parent = parent;
- }
-
- /**
- * Sets the next sibling node.
- *
- * @param nextSibling the next sibling node. The marshalled
- * <code>XMLSignature</code> will be inserted immediately before this
- * node. Specify <code>null</code> to remove the current setting.
- * @see #getNextSibling
- */
- public void setNextSibling(Node nextSibling) {
- this.nextSibling = nextSibling;
- }
-
- /**
- * Returns the parent node.
- *
- * @return the parent node (never <code>null</code>)
- * @see #setParent(Node)
- */
- public Node getParent() {
- return parent;
- }
-
- /**
- * Returns the nextSibling node.
- *
- * @return the nextSibling node, or <code>null</code> if not specified.
- * @see #setNextSibling(Node)
- */
- public Node getNextSibling() {
- return nextSibling;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMValidateContext.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.dom;
-
-import javax.xml.crypto.KeySelector;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.XMLValidateContext;
-import java.security.Key;
-import org.w3c.dom.Node;
-
-/**
- * A DOM-specific {@link XMLValidateContext}. This class contains additional
- * methods to specify the location in a DOM tree where an {@link XMLSignature}
- * is to be unmarshalled and validated from.
- *
- * <p>Note that the behavior of an unmarshalled <code>XMLSignature</code>
- * is undefined if the contents of the underlying DOM tree are modified by the
- * caller after the <code>XMLSignature</code> is created.
- *
- * <p>Also, note that <code>DOMValidateContext</code> instances can contain
- * information and state specific to the XML signature structure it is
- * used with. The results are unpredictable if a
- * <code>DOMValidateContext</code> is used with different signature structures
- * (for example, you should not use the same <code>DOMValidateContext</code>
- * instance to validate two different {@link XMLSignature} objects).
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XMLSignatureFactory#unmarshalXMLSignature(XMLValidateContext)
- */
-public class DOMValidateContext extends DOMCryptoContext
- implements XMLValidateContext {
-
- private Node node;
-
- /**
- * Creates a <code>DOMValidateContext</code> containing the specified key
- * selector and node.
- *
- * @param ks a key selector for finding a validation key
- * @param node the node
- * @throws NullPointerException if <code>ks</code> or <code>node</code> is
- * <code>null</code>
- */
- public DOMValidateContext(KeySelector ks, Node node) {
- if (ks == null) {
- throw new NullPointerException("key selector is null");
- }
- if (node == null) {
- throw new NullPointerException("node is null");
- }
- setKeySelector(ks);
- this.node = node;
- }
-
- /**
- * Creates a <code>DOMValidateContext</code> containing the specified key
- * and node. The validating key will be stored in a
- * {@link KeySelector#singletonKeySelector singleton KeySelector} that
- * is returned when the {@link #getKeySelector getKeySelector}
- * method is called.
- *
- * @param validatingKey the validating key
- * @param node the node
- * @throws NullPointerException if <code>validatingKey</code> or
- * <code>node</code> is <code>null</code>
- */
- public DOMValidateContext(Key validatingKey, Node node) {
- if (validatingKey == null) {
- throw new NullPointerException("validatingKey is null");
- }
- if (node == null) {
- throw new NullPointerException("node is null");
- }
- setKeySelector(KeySelector.singletonKeySelector(validatingKey));
- this.node = node;
- }
-
- /**
- * Sets the node.
- *
- * @param node the node
- * @throws NullPointerException if <code>node</code> is <code>null</code>
- * @see #getNode
- */
- public void setNode(Node node) {
- if (node == null) {
- throw new NullPointerException();
- }
- this.node = node;
- }
-
- /**
- * Returns the node.
- *
- * @return the node (never <code>null</code>)
- * @see #setNode(Node)
- */
- public Node getNode() {
- return node;
- }
-}
+++ /dev/null
-<html>
-<head>
-<!--
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
--->
-<!--
- Copyright 2005 Sun Microsystems, Inc. All rights reserved.
--->
-</head>
-<body>
-DOM-specific classes for the {@link javax.xml.crypto.dsig} package.
-Only users who are using a DOM-based {@link
-javax.xml.crypto.dsig.XMLSignatureFactory XMLSignatureFactory} or
-{@link javax.xml.crypto.dsig.keyinfo.KeyInfoFactory}
-should need to make direct use of this package.
-
-<h2>Package Specification</h2>
-
-<ul>
-<li>
-<a href="http://www.w3.org/TR/xmldsig-core/">
-XML-Signature Syntax and Processing: W3C Recommendation</a>
-<li>
-<a href="http://www.ietf.org/rfc/rfc3275.txt">
-RFC 3275: XML-Signature Syntax and Processing</a>
-</ul>
-
-</body>
-</html>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: KeyInfo.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.keyinfo;
-
-import java.util.List;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.XMLCryptoContext;
-import javax.xml.crypto.XMLStructure;
-
-/**
- * A representation of the XML <code>KeyInfo</code> element as defined in
- * the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * A <code>KeyInfo</code> contains a list of {@link XMLStructure}s, each of
- * which contain information that enables the recipient(s) to obtain the key
- * needed to validate an XML signature. The XML Schema Definition is defined as:
- *
- * <pre>
- * <element name="KeyInfo" type="ds:KeyInfoType"/>
- * <complexType name="KeyInfoType" mixed="true">
- * <choice maxOccurs="unbounded">
- * <element ref="ds:KeyName"/>
- * <element ref="ds:KeyValue"/>
- * <element ref="ds:RetrievalMethod"/>
- * <element ref="ds:X509Data"/>
- * <element ref="ds:PGPData"/>
- * <element ref="ds:SPKIData"/>
- * <element ref="ds:MgmtData"/>
- * <any processContents="lax" namespace="##other"/>
- * <!-- (1,1) elements from (0,unbounded) namespaces -->
- * </choice>
- * <attribute name="Id" type="ID" use="optional"/>
- * </complexType>
- * </pre>
- *
- * A <code>KeyInfo</code> instance may be created by invoking one of the
- * {@link KeyInfoFactory#newKeyInfo newKeyInfo} methods of the
- * {@link KeyInfoFactory} class, and passing it a list of one or more
- * <code>XMLStructure</code>s and an optional id parameter;
- * for example:
- * <pre>
- * KeyInfoFactory factory = KeyInfoFactory.getInstance("DOM");
- * KeyInfo keyInfo = factory.newKeyInfo
- * (Collections.singletonList(factory.newKeyName("Alice"), "keyinfo-1"));
- * </pre>
- *
- * <p><code>KeyInfo</code> objects can also be marshalled to XML by invoking
- * the {@link #marshal marshal} method.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see KeyInfoFactory#newKeyInfo(List)
- * @see KeyInfoFactory#newKeyInfo(List, String)
- */
-public interface KeyInfo extends XMLStructure {
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} containing the key information. Each entry of the list is
- * an {@link XMLStructure}.
- *
- * <p>If there is a public subclass representing the type of
- * <code>XMLStructure</code>, it is returned as an instance of that
- * class (ex: an <code>X509Data</code> element would be returned as an
- * instance of {@link javax.xml.crypto.dsig.keyinfo.X509Data}).
- *
- * @return an unmodifiable list of one or more <code>XMLStructure</code>s
- * in this <code>KeyInfo</code>. Never returns <code>null</code> or an
- * empty list.
- */
- List getContent();
-
- /**
- * Return the optional Id attribute of this <code>KeyInfo</code>, which
- * may be useful for referencing this <code>KeyInfo</code> from other
- * XML structures.
- *
- * @return the Id attribute of this <code>KeyInfo</code> (may be
- * <code>null</code> if not specified)
- */
- String getId();
-
- /**
- * Marshals the key info to XML.
- *
- * @param parent a mechanism-specific structure containing the parent node
- * that the marshalled key info will be appended to
- * @param context the <code>XMLCryptoContext</code> containing additional
- * context (may be null if not applicable)
- * @throws ClassCastException if the type of <code>parent</code> or
- * <code>context</code> is not compatible with this key info
- * @throws MarshalException if the key info cannot be marshalled
- * @throws NullPointerException if <code>parent</code> is <code>null</code>
- */
- void marshal(XMLStructure parent, XMLCryptoContext context)
- throws MarshalException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: KeyInfoFactory.java 1203722 2011-11-18 16:27:37Z mullan $
- */
-package javax.xml.crypto.dsig.keyinfo;
-
-import java.math.BigInteger;
-import java.security.KeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.X509CRL;
-import java.util.List;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.NoSuchMechanismException;
-import javax.xml.crypto.URIDereferencer;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dom.DOMStructure;
-import javax.xml.crypto.dsig.*;
-
-/**
- * A factory for creating {@link KeyInfo} objects from scratch or for
- * unmarshalling a <code>KeyInfo</code> object from a corresponding XML
- * representation.
- *
- * <p>Each instance of <code>KeyInfoFactory</code> supports a specific
- * XML mechanism type. To create a <code>KeyInfoFactory</code>, call one of the
- * static {@link #getInstance getInstance} methods, passing in the XML
- * mechanism type desired, for example:
- *
- * <blockquote><code>
- * KeyInfoFactory factory = KeyInfoFactory.getInstance("DOM");
- * </code></blockquote>
- *
- * <p>The objects that this factory produces will be based
- * on DOM and abide by the DOM interoperability requirements as defined in the
- * <a href="../../../../../overview-summary.html#DOM Mechanism Requirements">
- * DOM Mechanism Requirements</a> section of the API overview. See the
- * <a href="../../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard mechanism
- * types.
- *
- * <p><code>KeyInfoFactory</code> implementations are registered and loaded
- * using the {@link java.security.Provider} mechanism.
- * For example, a service provider that supports the
- * DOM mechanism would be specified in the <code>Provider</code> subclass as:
- * <pre>
- * put("KeyInfoFactory.DOM", "org.example.DOMKeyInfoFactory");
- * </pre>
- *
- * <p>Also, the <code>XMLStructure</code>s that are created by this factory
- * may contain state specific to the <code>KeyInfo</code> and are not
- * intended to be reusable.
- *
- * <p>An implementation MUST minimally support the default mechanism type: DOM.
- *
- * <p>Note that a caller must use the same <code>KeyInfoFactory</code>
- * instance to create the <code>XMLStructure</code>s of a particular
- * <code>KeyInfo</code> object. The behavior is undefined if
- * <code>XMLStructure</code>s from different providers or different mechanism
- * types are used together.
- *
- * <p><b>Concurrent Access</b>
- * <p>The static methods of this class are guaranteed to be thread-safe.
- * Multiple threads may concurrently invoke the static methods defined in this
- * class with no ill effects.
- *
- * <p>However, this is not true for the non-static methods defined by this
- * class. Unless otherwise documented by a specific provider, threads that
- * need to access a single <code>KeyInfoFactory</code> instance concurrently
- * should synchronize amongst themselves and provide the necessary locking.
- * Multiple threads each manipulating a different <code>KeyInfoFactory</code>
- * instance need not synchronize.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- */
-public abstract class KeyInfoFactory {
-
- private String mechanismType;
- private Provider provider;
-
- /**
- * Default constructor, for invocation by subclasses.
- */
- protected KeyInfoFactory() {}
-
- /**
- * Returns a <code>KeyInfoFactory</code> that supports the
- * specified XML processing mechanism and representation type (ex: "DOM").
- *
- * <p>This method uses the standard JCA provider lookup mechanism to
- * locate and instantiate a <code>KeyInfoFactory</code> implementation of
- * the desired mechanism type. It traverses the list of registered security
- * <code>Provider</code>s, starting with the most preferred
- * <code>Provider</code>. A new <code>KeyInfoFactory</code> object
- * from the first <code>Provider</code> that supports the specified
- * mechanism is returned.
- *
- * <p> Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @param mechanismType the type of the XML processing mechanism and
- * representation. See the <a
- * href="../../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard
- * mechanism types.
- * @return a new <code>KeyInfoFactory</code>
- * @throws NullPointerException if <code>mechanismType</code> is
- * <code>null</code>
- * @throws NoSuchMechanismException if no <code>Provider</code> supports a
- * <code>KeyInfoFactory</code> implementation for the specified mechanism
- * @see Provider
- */
- public static KeyInfoFactory getInstance(String mechanismType) {
- if (mechanismType == null) {
- throw new NullPointerException("mechanismType cannot be null");
- }
-
- return findInstance(mechanismType, null);
- }
-
- private static KeyInfoFactory findInstance(String mechanismType,
- Provider provider) {
-
- if (provider == null) {
- provider = getProvider("KeyInfoFactory", mechanismType);
- }
- Provider.Service ps = provider.getService("KeyInfoFactory",
- mechanismType);
- if (ps == null) {
- throw new NoSuchMechanismException("Cannot find " + mechanismType +
- " mechanism type");
- }
- try {
- KeyInfoFactory fac = (KeyInfoFactory)ps.newInstance(null);
- fac.mechanismType = mechanismType;
- fac.provider = provider;
- return fac;
- } catch (NoSuchAlgorithmException nsae) {
- throw new NoSuchMechanismException("Cannot find " + mechanismType +
- " mechanism type", nsae);
- }
- }
-
- private static Provider getProvider(String engine, String mech) {
- Provider[] providers = Security.getProviders(engine + "." + mech);
- if (providers == null) {
- throw new NoSuchMechanismException("Mechanism type " + mech +
- " not available");
- }
- return providers[0];
- }
-
- /**
- * Returns a <code>KeyInfoFactory</code> that supports the
- * requested XML processing mechanism and representation type (ex: "DOM"),
- * as supplied by the specified provider. Note that the specified
- * <code>Provider</code> object does not have to be registered in the
- * provider list.
- *
- * @param mechanismType the type of the XML processing mechanism and
- * representation. See the <a
- * href="../../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard
- * mechanism types.
- * @param provider the <code>Provider</code> object
- * @return a new <code>KeyInfoFactory</code>
- * @throws NullPointerException if <code>mechanismType</code> or
- * <code>provider</code> are <code>null</code>
- * @throws NoSuchMechanismException if a <code>KeyInfoFactory</code>
- * implementation for the specified mechanism is not available from the
- * specified <code>Provider</code> object
- * @see Provider
- */
- public static KeyInfoFactory getInstance(String mechanismType,
- Provider provider) {
- if (mechanismType == null) {
- throw new NullPointerException("mechanismType cannot be null");
- } else if (provider == null) {
- throw new NullPointerException("provider cannot be null");
- }
-
- return findInstance(mechanismType, provider);
- }
-
- /**
- * Returns a <code>KeyInfoFactory</code> that supports the
- * requested XML processing mechanism and representation type (ex: "DOM"),
- * as supplied by the specified provider. The specified provider must be
- * registered in the security provider list.
- *
- * <p>Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @param mechanismType the type of the XML processing mechanism and
- * representation. See the <a
- * href="../../../../../overview-summary.html#Service Provider">Service
- * Providers</a> section of the API overview for a list of standard
- * mechanism types.
- * @param provider the string name of the provider
- * @return a new <code>KeyInfoFactory</code>
- * @throws NoSuchProviderException if the specified provider is not
- * registered in the security provider list
- * @throws NullPointerException if <code>mechanismType</code> or
- * <code>provider</code> are <code>null</code>
- * @throws NoSuchMechanismException if a <code>KeyInfoFactory</code>
- * implementation for the specified mechanism is not available from the
- * specified provider
- * @see Provider
- */
- public static KeyInfoFactory getInstance(String mechanismType,
- String provider) throws NoSuchProviderException {
- if (mechanismType == null) {
- throw new NullPointerException("mechanismType cannot be null");
- } else if (provider == null) {
- throw new NullPointerException("provider cannot be null");
- }
-
- Provider prov = Security.getProvider(provider);
- if (prov == null) {
- throw new NoSuchProviderException("cannot find provider named "
- + provider);
- }
-
- return findInstance(mechanismType, prov);
- }
-
- /**
- * Returns a <code>KeyInfoFactory</code> that supports the
- * default XML processing mechanism and representation type ("DOM").
- *
- * <p>This method uses the standard JCA provider lookup mechanism to
- * locate and instantiate a <code>KeyInfoFactory</code> implementation of
- * the default mechanism type. It traverses the list of registered security
- * <code>Provider</code>s, starting with the most preferred
- * <code>Provider</code>. A new <code>KeyInfoFactory</code> object
- * from the first <code>Provider</code> that supports the DOM mechanism is
- * returned.
- *
- * <p> Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @return a new <code>KeyInfoFactory</code>
- * @throws NoSuchMechanismException if no <code>Provider</code> supports a
- * <code>KeyInfoFactory</code> implementation for the DOM mechanism
- * @see Provider
- */
- public static KeyInfoFactory getInstance() {
- return getInstance("DOM");
- }
-
- /**
- * Returns the type of the XML processing mechanism and representation
- * supported by this <code>KeyInfoFactory</code> (ex: "DOM")
- *
- * @return the XML processing mechanism type supported by this
- * <code>KeyInfoFactory</code>
- */
- public final String getMechanismType() {
- return mechanismType;
- }
-
- /**
- * Returns the provider of this <code>KeyInfoFactory</code>.
- *
- * @return the provider of this <code>KeyInfoFactory</code>
- */
- public final Provider getProvider() {
- return provider;
- }
-
- /**
- * Creates a <code>KeyInfo</code> containing the specified list of
- * key information types.
- *
- * @param content a list of one or more {@link XMLStructure}s representing
- * key information types. The list is defensively copied to protect
- * against subsequent modification.
- * @return a <code>KeyInfo</code>
- * @throws NullPointerException if <code>content</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>content</code> is empty
- * @throws ClassCastException if <code>content</code> contains any entries
- * that are not of type {@link XMLStructure}
- */
- public abstract KeyInfo newKeyInfo(List content);
-
- /**
- * Creates a <code>KeyInfo</code> containing the specified list of key
- * information types and optional id. The
- * <code>id</code> parameter represents the value of an XML
- * <code>ID</code> attribute and is useful for referencing
- * the <code>KeyInfo</code> from other XML structures.
- *
- * @param content a list of one or more {@link XMLStructure}s representing
- * key information types. The list is defensively copied to protect
- * against subsequent modification.
- * @param id the value of an XML <code>ID</code> (may be <code>null</code>)
- * @return a <code>KeyInfo</code>
- * @throws NullPointerException if <code>content</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>content</code> is empty
- * @throws ClassCastException if <code>content</code> contains any entries
- * that are not of type {@link XMLStructure}
- */
- public abstract KeyInfo newKeyInfo(List content, String id);
-
- /**
- * Creates a <code>KeyName</code> from the specified name.
- *
- * @param name the name that identifies the key
- * @return a <code>KeyName</code>
- * @throws NullPointerException if <code>name</code> is <code>null</code>
- */
- public abstract KeyName newKeyName(String name);
-
- /**
- * Creates a <code>KeyValue</code> from the specified public key.
- *
- * @param key the public key
- * @return a <code>KeyValue</code>
- * @throws KeyException if the <code>key</code>'s algorithm is not
- * recognized or supported by this <code>KeyInfoFactory</code>
- * @throws NullPointerException if <code>key</code> is <code>null</code>
- */
- public abstract KeyValue newKeyValue(PublicKey key) throws KeyException;
-
- /**
- * Creates a <code>PGPData</code> from the specified PGP public key
- * identifier.
- *
- * @param keyId a PGP public key identifier as defined in <a href=
- * "http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>, section 11.2.
- * The array is cloned to protect against subsequent modification.
- * @return a <code>PGPData</code>
- * @throws NullPointerException if <code>keyId</code> is <code>null</code>
- * @throws IllegalArgumentException if the key id is not in the correct
- * format
- */
- public abstract PGPData newPGPData(byte[] keyId);
-
- /**
- * Creates a <code>PGPData</code> from the specified PGP public key
- * identifier, and optional key material packet and list of external
- * elements.
- *
- * @param keyId a PGP public key identifier as defined in <a href=
- * "http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>, section 11.2.
- * The array is cloned to protect against subsequent modification.
- * @param keyPacket a PGP key material packet as defined in <a href=
- * "http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>, section 5.5.
- * The array is cloned to protect against subsequent modification. May
- * be <code>null</code>.
- * @param other a list of {@link XMLStructure}s representing elements from
- * an external namespace. The list is defensively copied to protect
- * against subsequent modification. May be <code>null</code> or empty.
- * @return a <code>PGPData</code>
- * @throws NullPointerException if <code>keyId</code> is <code>null</code>
- * @throws IllegalArgumentException if the <code>keyId</code> or
- * <code>keyPacket</code> is not in the correct format. For
- * <code>keyPacket</code>, the format of the packet header is
- * checked and the tag is verified that it is of type key material. The
- * contents and format of the packet body are not checked.
- * @throws ClassCastException if <code>other</code> contains any
- * entries that are not of type {@link XMLStructure}
- */
- public abstract PGPData newPGPData(byte[] keyId, byte[] keyPacket,
- List other);
-
- /**
- * Creates a <code>PGPData</code> from the specified PGP key material
- * packet and optional list of external elements.
- *
- * @param keyPacket a PGP key material packet as defined in <a href=
- * "http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>, section 5.5.
- * The array is cloned to protect against subsequent modification.
- * @param other a list of {@link XMLStructure}s representing elements from
- * an external namespace. The list is defensively copied to protect
- * against subsequent modification. May be <code>null</code> or empty.
- * @return a <code>PGPData</code>
- * @throws NullPointerException if <code>keyPacket</code> is
- * <code>null</code>
- * @throws IllegalArgumentException if <code>keyPacket</code> is not in the
- * correct format. For <code>keyPacket</code>, the format of the packet
- * header is checked and the tag is verified that it is of type key
- * material. The contents and format of the packet body are not checked.
- * @throws ClassCastException if <code>other</code> contains any
- * entries that are not of type {@link XMLStructure}
- */
- public abstract PGPData newPGPData(byte[] keyPacket, List other);
-
- /**
- * Creates a <code>RetrievalMethod</code> from the specified URI.
- *
- * @param uri the URI that identifies the <code>KeyInfo</code> information
- * to be retrieved
- * @return a <code>RetrievalMethod</code>
- * @throws NullPointerException if <code>uri</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
- * compliant
- */
- public abstract RetrievalMethod newRetrievalMethod(String uri);
-
- /**
- * Creates a <code>RetrievalMethod</code> from the specified parameters.
- *
- * @param uri the URI that identifies the <code>KeyInfo</code> information
- * to be retrieved
- * @param type a URI that identifies the type of <code>KeyInfo</code>
- * information to be retrieved (may be <code>null</code>)
- * @param transforms a list of {@link Transform}s. The list is defensively
- * copied to protect against subsequent modification. May be
- * <code>null</code> or empty.
- * @return a <code>RetrievalMethod</code>
- * @throws NullPointerException if <code>uri</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>uri</code> is not RFC 2396
- * compliant
- * @throws ClassCastException if <code>transforms</code> contains any
- * entries that are not of type {@link Transform}
- */
- public abstract RetrievalMethod newRetrievalMethod(String uri, String type,
- List transforms);
-
- /**
- * Creates a <code>X509Data</code> containing the specified list of
- * X.509 content.
- *
- * @param content a list of one or more X.509 content types. Valid types are
- * {@link String} (subject names), <code>byte[]</code> (subject key ids),
- * {@link java.security.cert.X509Certificate}, {@link X509CRL},
- * or {@link XMLStructure} ({@link X509IssuerSerial}
- * objects or elements from an external namespace). Subject names are
- * distinguished names in RFC 2253 String format. Implementations MUST
- * support the attribute type keywords defined in RFC 2253 (CN, L, ST,
- * O, OU, C, STREET, DC and UID). Implementations MAY support additional
- * keywords. The list is defensively copied to protect against
- * subsequent modification.
- * @return a <code>X509Data</code>
- * @throws NullPointerException if <code>content</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>content</code> is empty, or
- * if a subject name is not RFC 2253 compliant or one of the attribute
- * type keywords is not recognized.
- * @throws ClassCastException if <code>content</code> contains any entries
- * that are not of one of the valid types mentioned above
- */
- public abstract X509Data newX509Data(List content);
-
- /**
- * Creates an <code>X509IssuerSerial</code> from the specified X.500 issuer
- * distinguished name and serial number.
- *
- * @param issuerName the issuer's distinguished name in RFC 2253 String
- * format. Implementations MUST support the attribute type keywords
- * defined in RFC 2253 (CN, L, ST, O, OU, C, STREET, DC and UID).
- * Implementations MAY support additional keywords.
- * @param serialNumber the serial number
- * @return an <code>X509IssuerSerial</code>
- * @throws NullPointerException if <code>issuerName</code> or
- * <code>serialNumber</code> are <code>null</code>
- * @throws IllegalArgumentException if the issuer name is not RFC 2253
- * compliant or one of the attribute type keywords is not recognized.
- */
- public abstract X509IssuerSerial newX509IssuerSerial
- (String issuerName, BigInteger serialNumber);
-
- /**
- * Indicates whether a specified feature is supported.
- *
- * @param feature the feature name (as an absolute URI)
- * @return <code>true</code> if the specified feature is supported,
- * <code>false</code> otherwise
- * @throws NullPointerException if <code>feature</code> is <code>null</code>
- */
- public abstract boolean isFeatureSupported(String feature);
-
- /**
- * Returns a reference to the <code>URIDereferencer</code> that is used by
- * default to dereference URIs in {@link RetrievalMethod} objects.
- *
- * @return a reference to the default <code>URIDereferencer</code>
- */
- public abstract URIDereferencer getURIDereferencer();
-
- /**
- * Unmarshals a new <code>KeyInfo</code> instance from a
- * mechanism-specific <code>XMLStructure</code> (ex: {@link DOMStructure})
- * instance.
- *
- * @param xmlStructure a mechanism-specific XML structure from which to
- * unmarshal the keyinfo from
- * @return the <code>KeyInfo</code>
- * @throws NullPointerException if <code>xmlStructure</code> is
- * <code>null</code>
- * @throws ClassCastException if the type of <code>xmlStructure</code> is
- * inappropriate for this factory
- * @throws MarshalException if an unrecoverable exception occurs during
- * unmarshalling
- */
- public abstract KeyInfo unmarshalKeyInfo(XMLStructure xmlStructure)
- throws MarshalException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: KeyName.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.keyinfo;
-
-import javax.xml.crypto.XMLStructure;
-
-/**
- * A representation of the XML <code>KeyName</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * A <code>KeyName</code> object contains a string value which may be used
- * by the signer to communicate a key identifier to the recipient. The
- * XML Schema Definition is defined as:
- *
- * <pre>
- * <element name="KeyName" type="string"/>
- * </pre>
- *
- * A <code>KeyName</code> instance may be created by invoking the
- * {@link KeyInfoFactory#newKeyName newKeyName} method of the
- * {@link KeyInfoFactory} class, and passing it a <code>String</code>
- * representing the name of the key; for example:
- * <pre>
- * KeyInfoFactory factory = KeyInfoFactory.getInstance("DOM");
- * KeyName keyName = factory.newKeyName("Alice");
- * </pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see KeyInfoFactory#newKeyName(String)
- */
-public interface KeyName extends XMLStructure {
-
- /**
- * Returns the name of this <code>KeyName</code>.
- *
- * @return the name of this <code>KeyName</code> (never
- * <code>null</code>)
- */
- String getName();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: KeyValue.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig.keyinfo;
-
-import java.security.KeyException;
-import java.security.PublicKey;
-import java.security.interfaces.DSAPublicKey;
-import java.security.interfaces.RSAPublicKey;
-import javax.xml.crypto.XMLStructure;
-
-/**
- * A representation of the XML <code>KeyValue</code> element as defined
- * in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>. A
- * <code>KeyValue</code> object contains a single public key that may be
- * useful in validating the signature. The XML schema definition is defined as:
- *
- * <pre>
- * <element name="KeyValue" type="ds:KeyValueType"/>
- * <complexType name="KeyValueType" mixed="true">
- * <choice>
- * <element ref="ds:DSAKeyValue"/>
- * <element ref="ds:RSAKeyValue"/>
- * <any namespace="##other" processContents="lax"/>
- * </choice>
- * </complexType>
- *
- * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
- * <complexType name="DSAKeyValueType">
- * <sequence>
- * <sequence minOccurs="0">
- * <element name="P" type="ds:CryptoBinary"/>
- * <element name="Q" type="ds:CryptoBinary"/>
- * </sequence>
- * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- * <element name="Y" type="ds:CryptoBinary"/>
- * <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
- * <sequence minOccurs="0">
- * <element name="Seed" type="ds:CryptoBinary"/>
- * <element name="PgenCounter" type="ds:CryptoBinary"/>
- * </sequence>
- * </sequence>
- * </complexType>
- *
- * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
- * <complexType name="RSAKeyValueType">
- * <sequence>
- * <element name="Modulus" type="ds:CryptoBinary"/>
- * <element name="Exponent" type="ds:CryptoBinary"/>
- * </sequence>
- * </complexType>
- * </pre>
- * A <code>KeyValue</code> instance may be created by invoking the
- * {@link KeyInfoFactory#newKeyValue newKeyValue} method of the
- * {@link KeyInfoFactory} class, and passing it a {@link
- * java.security.PublicKey} representing the value of the public key. Here is
- * an example of creating a <code>KeyValue</code> from a {@link DSAPublicKey}
- * of a {@link java.security.cert.Certificate} stored in a
- * {@link java.security.KeyStore}:
- * <pre>
- * KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- * PublicKey dsaPublicKey = keyStore.getCertificate("myDSASigningCert").getPublicKey();
- * KeyInfoFactory factory = KeyInfoFactory.getInstance("DOM");
- * KeyValue keyValue = factory.newKeyValue(dsaPublicKey);
- * </pre>
- *
- * This class returns the <code>DSAKeyValue</code> and
- * <code>RSAKeyValue</code> elements as objects of type
- * {@link DSAPublicKey} and {@link RSAPublicKey}, respectively. Note that not
- * all of the fields in the schema are accessible as parameters of these
- * types.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see KeyInfoFactory#newKeyValue(PublicKey)
- */
-public interface KeyValue extends XMLStructure {
-
- /**
- * URI identifying the DSA KeyValue KeyInfo type:
- * http://www.w3.org/2000/09/xmldsig#DSAKeyValue. This can be specified as
- * the value of the <code>type</code> parameter of the
- * {@link RetrievalMethod} class to describe a remote
- * <code>DSAKeyValue</code> structure.
- */
- String DSA_TYPE =
- "http://www.w3.org/2000/09/xmldsig#DSAKeyValue";
-
- /**
- * URI identifying the RSA KeyValue KeyInfo type:
- * http://www.w3.org/2000/09/xmldsig#RSAKeyValue. This can be specified as
- * the value of the <code>type</code> parameter of the
- * {@link RetrievalMethod} class to describe a remote
- * <code>RSAKeyValue</code> structure.
- */
- String RSA_TYPE =
- "http://www.w3.org/2000/09/xmldsig#RSAKeyValue";
-
- /**
- * Returns the public key of this <code>KeyValue</code>.
- *
- * @return the public key of this <code>KeyValue</code>
- * @throws KeyException if this <code>KeyValue</code> cannot be converted
- * to a <code>PublicKey</code>
- */
- PublicKey getPublicKey() throws KeyException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: PGPData.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig.keyinfo;
-
-import java.util.Collections;
-import java.util.List;
-import javax.xml.crypto.XMLStructure;
-
-/**
- * A representation of the XML <code>PGPData</code> element as defined in
- * the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>. A
- * <code>PGPData</code> object is used to convey information related to
- * PGP public key pairs and signatures on such keys. The XML Schema Definition
- * is defined as:
- *
- * <pre>
- * <element name="PGPData" type="ds:PGPDataType"/>
- * <complexType name="PGPDataType">
- * <choice>
- * <sequence>
- * <element name="PGPKeyID" type="base64Binary"/>
- * <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
- * <any namespace="##other" processContents="lax" minOccurs="0"
- * maxOccurs="unbounded"/>
- * </sequence>
- * <sequence>
- * <element name="PGPKeyPacket" type="base64Binary"/>
- * <any namespace="##other" processContents="lax" minOccurs="0"
- * maxOccurs="unbounded"/>
- * </sequence>
- * </choice>
- * </complexType>
- * </pre>
- *
- * A <code>PGPData</code> instance may be created by invoking one of the
- * {@link KeyInfoFactory#newPGPData newPGPData} methods of the {@link
- * KeyInfoFactory} class, and passing it
- * <code>byte</code> arrays representing the contents of the PGP public key
- * identifier and/or PGP key material packet, and an optional list of
- * elements from an external namespace.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see KeyInfoFactory#newPGPData(byte[])
- * @see KeyInfoFactory#newPGPData(byte[], byte[], List)
- * @see KeyInfoFactory#newPGPData(byte[], List)
- */
-public interface PGPData extends XMLStructure {
-
- /**
- * URI identifying the PGPData KeyInfo type:
- * http://www.w3.org/2000/09/xmldsig#PGPData. This can be specified as the
- * value of the <code>type</code> parameter of the {@link RetrievalMethod}
- * class to describe a remote <code>PGPData</code> structure.
- */
- String TYPE = "http://www.w3.org/2000/09/xmldsig#PGPData";
-
- /**
- * Returns the PGP public key identifier of this <code>PGPData</code> as
- * defined in <a href="http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>,
- * section 11.2.
- *
- * @return the PGP public key identifier (may be <code>null</code> if
- * not specified). Each invocation of this method returns a new clone
- * to protect against subsequent modification.
- */
- byte[] getKeyId();
-
- /**
- * Returns the PGP key material packet of this <code>PGPData</code> as
- * defined in <a href="http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>,
- * section 5.5.
- *
- * @return the PGP key material packet (may be <code>null</code> if not
- * specified). Each invocation of this method returns a new clone to
- * protect against subsequent modification.
- */
- byte[] getKeyPacket();
-
- /**
- * Returns an {@link Collections#unmodifiableList unmodifiable list}
- * of {@link XMLStructure}s representing elements from an external
- * namespace.
- *
- * @return an unmodifiable list of <code>XMLStructure</code>s (may be
- * empty, but never <code>null</code>)
- */
- List getExternalElements();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: RetrievalMethod.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.keyinfo;
-
-import javax.xml.crypto.Data;
-import javax.xml.crypto.URIReference;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.XMLCryptoContext;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dsig.Transform;
-import java.util.List;
-
-/**
- * A representation of the XML <code>RetrievalMethod</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * A <code>RetrievalMethod</code> object is used to convey a reference to
- * <code>KeyInfo</code> information that is stored at another location.
- * The XML schema definition is defined as:
- *
- * <pre>
- * <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
- * <complexType name="RetrievalMethodType">
- * <sequence>
- * <element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
- * </sequence>
- * <attribute name="URI" type="anyURI"/>
- * <attribute name="Type" type="anyURI" use="optional"/>
- * </complexType>
- * </pre>
- *
- * A <code>RetrievalMethod</code> instance may be created by invoking one of the
- * {@link KeyInfoFactory#newRetrievalMethod newRetrievalMethod} methods
- * of the {@link KeyInfoFactory} class, and passing it the URI
- * identifying the location of the KeyInfo, an optional type URI identifying
- * the type of KeyInfo, and an optional list of {@link Transform}s; for example:
- * <pre>
- * KeyInfoFactory factory = KeyInfoFactory.getInstance("DOM");
- * RetrievalMethod rm = factory.newRetrievalMethod
- * ("#KeyValue-1", KeyValue.DSA_TYPE, Collections.singletonList(Transform.BASE64));
- * </pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see KeyInfoFactory#newRetrievalMethod(String)
- * @see KeyInfoFactory#newRetrievalMethod(String, String, List)
- */
-public interface RetrievalMethod extends URIReference, XMLStructure {
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} of {@link Transform}s of this <code>RetrievalMethod</code>.
- *
- * @return an unmodifiable list of <code>Transform</code> objects (may be
- * empty but never <code>null</code>).
- */
- List getTransforms();
-
- /**
- * Returns the URI of the referenced <code>KeyInfo</code> information.
- *
- * @return the URI of the referenced <code>KeyInfo</code> information in
- * RFC 2396 format (never <code>null</code>)
- */
- String getURI();
-
- /**
- * Dereferences the <code>KeyInfo</code> information referenced by this
- * <code>RetrievalMethod</code> and applies the specified
- * <code>Transform</code>s.
- *
- * @param context an <code>XMLCryptoContext</code> that may contain
- * additional useful information for dereferencing the URI. The
- * context's <code>baseURI</code> and <code>dereferencer</code>
- * parameters (if specified) are used to resolve and dereference this
- * <code>RetrievalMethod</code>
- * @return a <code>Data</code> object representing the raw contents of the
- * <code>KeyInfo</code> information referenced by this
- * <code>RetrievalMethod</code>. It is the caller's responsibility to
- * convert the returned data to an appropriate
- * <code>KeyInfo</code> object.
- * @throws NullPointerException if <code>context</code> is <code>null</code>
- * @throws URIReferenceException if there is an error while dereferencing
- */
- Data dereference(XMLCryptoContext context) throws URIReferenceException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: X509Data.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package javax.xml.crypto.dsig.keyinfo;
-
-import javax.xml.crypto.XMLStructure;
-import java.security.cert.X509CRL;
-import java.util.List;
-
-/**
- * A representation of the XML <code>X509Data</code> element as defined in
- * the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>. An
- * <code>X509Data</code> object contains one or more identifers of keys
- * or X.509 certificates (or certificates' identifiers or a revocation list).
- * The XML Schema Definition is defined as:
- *
- * <pre>
- * <element name="X509Data" type="ds:X509DataType"/>
- * <complexType name="X509DataType">
- * <sequence maxOccurs="unbounded">
- * <choice>
- * <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
- * <element name="X509SKI" type="base64Binary"/>
- * <element name="X509SubjectName" type="string"/>
- * <element name="X509Certificate" type="base64Binary"/>
- * <element name="X509CRL" type="base64Binary"/>
- * <any namespace="##other" processContents="lax"/>
- * </choice>
- * </sequence>
- * </complexType>
- *
- * <complexType name="X509IssuerSerialType">
- * <sequence>
- * <element name="X509IssuerName" type="string"/>
- * <element name="X509SerialNumber" type="integer"/>
- * </sequence>
- * </complexType>
- * </pre>
- *
- * An <code>X509Data</code> instance may be created by invoking the
- * {@link KeyInfoFactory#newX509Data newX509Data} methods of the
- * {@link KeyInfoFactory} class and passing it a list of one or more
- * {@link XMLStructure}s representing X.509 content; for example:
- * <pre>
- * KeyInfoFactory factory = KeyInfoFactory.getInstance("DOM");
- * X509Data x509Data = factory.newX509Data
- * (Collections.singletonList("cn=Alice"));
- * </pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see KeyInfoFactory#newX509Data(List)
- */
-//@@@ check for illegal combinations of data violating MUSTs in W3c spec
-public interface X509Data extends XMLStructure {
-
- /**
- * URI identifying the X509Data KeyInfo type:
- * http://www.w3.org/2000/09/xmldsig#X509Data. This can be specified as
- * the value of the <code>type</code> parameter of the
- * {@link RetrievalMethod} class to describe a remote
- * <code>X509Data</code> structure.
- */
- String TYPE = "http://www.w3.org/2000/09/xmldsig#X509Data";
-
- /**
- * URI identifying the binary (ASN.1 DER) X.509 Certificate KeyInfo type:
- * http://www.w3.org/2000/09/xmldsig#rawX509Certificate. This can be
- * specified as the value of the <code>type</code> parameter of the
- * {@link RetrievalMethod} class to describe a remote X509 Certificate.
- */
- String RAW_X509_CERTIFICATE_TYPE =
- "http://www.w3.org/2000/09/xmldsig#rawX509Certificate";
-
- /**
- * Returns an {@link java.util.Collections#unmodifiableList unmodifiable
- * list} of the content in this <code>X509Data</code>. Valid types are
- * {@link String} (subject names), <code>byte[]</code> (subject key ids),
- * {@link java.security.cert.X509Certificate}, {@link X509CRL},
- * or {@link XMLStructure} ({@link X509IssuerSerial}
- * objects or elements from an external namespace).
- *
- * @return an unmodifiable list of the content in this <code>X509Data</code>
- * (never <code>null</code> or empty)
- */
- List getContent();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: X509IssuerSerial.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.keyinfo;
-
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-import javax.xml.crypto.XMLStructure;
-
-/**
- * A representation of the XML <code>X509IssuerSerial</code> element as
- * defined in the <a href="http://www.w3.org/TR/xmldsig-core/">
- * W3C Recommendation for XML-Signature Syntax and Processing</a>.
- * An <code>X509IssuerSerial</code> object contains an X.509 issuer
- * distinguished name (DN) and serial number pair. The XML schema definition is
- * defined as:
- *
- * <pre>
- * <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
- * <complexType name="X509IssuerSerialType">
- * <sequence>
- * <element name="X509IssuerName" type="string"/>
- * <element name="X509SerialNumber" type="integer"/>
- * </sequence>
- * </complexType>
- * </pre>
- *
- * An <code>X509IssuerSerial</code> instance may be created by invoking the
- * {@link KeyInfoFactory#newX509IssuerSerial newX509IssuerSerial} method
- * of the {@link KeyInfoFactory} class, and passing it a
- * <code>String</code> and <code>BigInteger</code> representing the X.500
- * DN and serial number. Here is an example of creating an
- * <code>X509IssuerSerial</code> from the issuer DN and serial number of an
- * existing {@link X509Certificate}:
- * <pre>
- * KeyInfoFactory factory = KeyInfoFactory.getInstance("DOM");
- * X509IssuerSerial issuer = factory.newX509IssuerSerial
- * (cert.getIssuerX500Principal().getName(), cert.getSerialNumber());
- * </pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see X509Data#getContent
- * @see KeyInfoFactory#newX509IssuerSerial(String, BigInteger)
- */
-public interface X509IssuerSerial extends XMLStructure {
-
- /**
- * Returns the X.500 distinguished name of this
- * <code>X509IssuerSerial</code> in
- * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> String format.
- *
- * @return the X.500 distinguished name in RFC 2253 String format (never
- * <code>null</code>)
- */
- String getIssuerName();
-
- /**
- * Returns the serial number of this <code>X509IssuerSerial</code>.
- *
- * @return the serial number (never <code>null</code>)
- */
- BigInteger getSerialNumber();
-}
+++ /dev/null
-<html>
-<head>
-<!--
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
--->
-<!--
- Copyright 2005 Sun Microsystems, Inc. All rights reserved.
--->
-</head>
-<body>
-Classes for parsing and processing {@link javax.xml.crypto.dsig.keyinfo.KeyInfo
-KeyInfo} elements and structures. <code>KeyInfo</code> is an optional element
-that enables the recipient(s) to obtain the key needed to validate an
-{@link javax.xml.crypto.dsig.XMLSignature XMLSignature}. <code>KeyInfo</code>
-may contain keys, names, certificates and other public key management
-information, such as in-band key distribution or key agreement data. This
-package contains classes representing types defined in the W3C specification
-for XML Signatures, such as
-{@link javax.xml.crypto.dsig.keyinfo.KeyName KeyName},
-{@link javax.xml.crypto.dsig.keyinfo.KeyValue KeyValue},
-{@link javax.xml.crypto.dsig.keyinfo.RetrievalMethod RetrievalMethod},
-{@link javax.xml.crypto.dsig.keyinfo.X509Data X509Data},
-{@link javax.xml.crypto.dsig.keyinfo.X509IssuerSerial X509IssuerSerial}, and
-{@link javax.xml.crypto.dsig.keyinfo.PGPData PGPData}.
-{@link javax.xml.crypto.dsig.keyinfo.KeyInfoFactory KeyInfoFactory}
-is an abstract factory that creates <code>KeyInfo</code> objects from scratch.
-
-<h2>Package Specification</h2>
-
-<ul>
-<li>
-<a href="http://www.w3.org/TR/xmldsig-core/">
-XML-Signature Syntax and Processing: W3C Recommendation</a>
-<li>
-<a href="http://www.ietf.org/rfc/rfc3275.txt">
-RFC 3275: XML-Signature Syntax and Processing</a>
-</ul>
-
-</body>
-</html>
+++ /dev/null
-<html>
-<head>
-<!--
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
--->
-<!--
- Copyright 2005 Sun Microsystems, Inc. All rights reserved.
--->
-</head>
-<body>
-Classes for generating and validating XML digital
-signatures. This package includes classes that represent the core elements
-defined in the W3C XML digital signature specification:
-{@link javax.xml.crypto.dsig.XMLSignature XMLSignature},
-{@link javax.xml.crypto.dsig.SignedInfo SignedInfo},
-{@link javax.xml.crypto.dsig.CanonicalizationMethod CanonicalizationMethod},
-{@link javax.xml.crypto.dsig.SignatureMethod SignatureMethod},
-{@link javax.xml.crypto.dsig.Reference Reference},
-{@link javax.xml.crypto.dsig.DigestMethod DigestMethod},
-{@link javax.xml.crypto.dsig.XMLObject XMLObject},
-{@link javax.xml.crypto.dsig.Manifest Manifest},
-{@link javax.xml.crypto.dsig.SignatureProperties SignatureProperties}, and
-{@link javax.xml.crypto.dsig.SignatureProperty SignatureProperty}.
-<code>KeyInfo</code> types
-are defined in the {@link javax.xml.crypto.dsig.keyinfo} subpackage.
-{@link javax.xml.crypto.dsig.XMLSignatureFactory XMLSignatureFactory}
-is an abstract factory that creates
-{@link javax.xml.crypto.dsig.XMLSignature XMLSignature} objects from scratch
-or from a pre-existing XML representation, such as a DOM node.
-{@link javax.xml.crypto.dsig.TransformService} is a service provider
-interface for creating and plugging in implementations of
-transform and canonicalization algorithms.
-
-<p>Of primary significance in this package is the
-{@link javax.xml.crypto.dsig.XMLSignature XMLSignature} class,
-which allows you to sign and validate an XML digital signature.
-
-<h2>Package Specification</h2>
-
-<ul>
-<li>
-<a href="http://www.w3.org/TR/xmldsig-core/">
-XML-Signature Syntax and Processing: W3C Recommendation</a>
-<li>
-<a href="http://www.ietf.org/rfc/rfc3275.txt">
-RFC 3275: XML-Signature Syntax and Processing</a>
-</ul>
-
-</body>
-</html>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: C14NMethodParameterSpec.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.spec;
-
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-
-/**
- * A specification of algorithm parameters for a {@link CanonicalizationMethod}
- * Algorithm. The purpose of this interface is to group (and provide type
- * safety for) all canonicalization (C14N) parameter specifications. All
- * canonicalization parameter specifications must implement this interface.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see CanonicalizationMethod
- */
-public interface C14NMethodParameterSpec extends TransformParameterSpec {}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DigestMethodParameterSpec.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.spec;
-
-import javax.xml.crypto.dsig.DigestMethod;
-import java.security.spec.AlgorithmParameterSpec;
-
-/**
- * A specification of algorithm parameters for a {@link DigestMethod}
- * algorithm. The purpose of this interface is to group (and provide type
- * safety for) all digest method parameter specifications. All digest method
- * parameter specifications must implement this interface.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see DigestMethod
- */
-public interface DigestMethodParameterSpec extends AlgorithmParameterSpec {}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: ExcC14NParameterSpec.java 1203720 2011-11-18 16:23:54Z mullan $
- */
-package javax.xml.crypto.dsig.spec;
-
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-/**
- * Parameters for the W3C Recommendation:
- * <a href="http://www.w3.org/TR/xml-exc-c14n/">
- * Exclusive XML Canonicalization (C14N) algorithm</a>. The
- * parameters include an optional inclusive namespace prefix list. The XML
- * Schema Definition of the Exclusive XML Canonicalization parameters is
- * defined as:
- * <pre><code>
- * <schema xmlns="http://www.w3.org/2001/XMLSchema"
- * xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
- * targetNamespace="http://www.w3.org/2001/10/xml-exc-c14n#"
- * version="0.1" elementFormDefault="qualified">
- *
- * <element name="InclusiveNamespaces" type="ec:InclusiveNamespaces"/>
- * <complexType name="InclusiveNamespaces">
- * <attribute name="PrefixList" type="xsd:string"/>
- * </complexType>
- * </schema>
- * </code></pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see CanonicalizationMethod
- */
-public final class ExcC14NParameterSpec implements C14NMethodParameterSpec {
-
- private List preList;
-
- /**
- * Indicates the default namespace ("#default").
- */
- public static final String DEFAULT = "#default";
-
- /**
- * Creates a <code>ExcC14NParameterSpec</code> with an empty prefix
- * list.
- */
- public ExcC14NParameterSpec() {
- preList = Collections.EMPTY_LIST;
- }
-
- /**
- * Creates a <code>ExcC14NParameterSpec</code> with the specified list
- * of prefixes. The list is copied to protect against subsequent
- * modification.
- *
- * @param prefixList the inclusive namespace prefix list. Each entry in
- * the list is a <code>String</code> that represents a namespace prefix.
- * @throws NullPointerException if <code>prefixList</code> is
- * <code>null</code>
- * @throws ClassCastException if any of the entries in the list are not
- * of type <code>String</code>
- */
- public ExcC14NParameterSpec(List prefixList) {
- if (prefixList == null) {
- throw new NullPointerException("prefixList cannot be null");
- }
- this.preList = unmodifiableCopyOfList(prefixList);
- for (int i = 0, size = preList.size(); i < size; i++) {
- if (!(preList.get(i) instanceof String)) {
- throw new ClassCastException("not a String");
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private static List unmodifiableCopyOfList(List list) {
- return Collections.unmodifiableList(new ArrayList(list));
- }
-
- /**
- * Returns the inclusive namespace prefix list. Each entry in the list
- * is a <code>String</code> that represents a namespace prefix.
- *
- * <p>This implementation returns an {@link
- * java.util.Collections#unmodifiableList unmodifiable list}.
- *
- * @return the inclusive namespace prefix list (may be empty but never
- * <code>null</code>)
- */
- public List getPrefixList() {
- return preList;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: HMACParameterSpec.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.spec;
-
-import javax.xml.crypto.dsig.SignatureMethod;
-
-/**
- * Parameters for the <a href="http://www.w3.org/TR/xmldsig-core/#sec-MACs">
- * XML Signature HMAC Algorithm</a>. The parameters include an optional output
- * length which specifies the MAC truncation length in bits. The resulting
- * HMAC will be truncated to the specified number of bits. If the parameter is
- * not specified, then this implies that all the bits of the hash are to be
- * output. The XML Schema Definition of the <code>HMACOutputLength</code>
- * element is defined as:
- * <pre><code>
- * <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
- * <simpleType name="HMACOutputLengthType">
- * <restriction base="integer"/>
- * </simpleType>
- * </code></pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see SignatureMethod
- * @see <a href="http://www.ietf.org/rfc/rfc2104.txt">RFC 2104</a>
- */
-public final class HMACParameterSpec implements SignatureMethodParameterSpec {
-
- private int outputLength;
-
- /**
- * Creates an <code>HMACParameterSpec</code> with the specified truncation
- * length.
- *
- * @param outputLength the truncation length in number of bits
- */
- public HMACParameterSpec(int outputLength) {
- this.outputLength = outputLength;
- }
-
- /**
- * Returns the truncation length.
- *
- * @return the truncation length in number of bits
- */
- public int getOutputLength() {
- return outputLength;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: SignatureMethodParameterSpec.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.spec;
-
-import javax.xml.crypto.dsig.SignatureMethod;
-import java.security.spec.AlgorithmParameterSpec;
-
-/**
- * A specification of algorithm parameters for an XML {@link SignatureMethod}
- * algorithm. The purpose of this interface is to group (and provide type
- * safety for) all signature method parameter specifications. All signature
- * method parameter specifications must implement this interface.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see SignatureMethod
- */
-public interface SignatureMethodParameterSpec extends AlgorithmParameterSpec {}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: TransformParameterSpec.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.spec;
-
-import javax.xml.crypto.dsig.Transform;
-import java.security.spec.AlgorithmParameterSpec;
-
-/**
- * A specification of algorithm parameters for a {@link Transform}
- * algorithm. The purpose of this interface is to group (and provide type
- * safety for) all transform parameter specifications. All transform parameter
- * specifications must implement this interface.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see Transform
- */
-public interface TransformParameterSpec extends AlgorithmParameterSpec {}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XPathFilter2ParameterSpec.java 1203720 2011-11-18 16:23:54Z mullan $
- */
-package javax.xml.crypto.dsig.spec;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import javax.xml.crypto.dsig.Transform;
-
-/**
- * Parameters for the W3C Recommendation
- * <a href="http://www.w3.org/TR/xmldsig-filter2/">
- * XPath Filter 2.0 Transform Algorithm</a>.
- * The parameters include a list of one or more {@link XPathType} objects.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see Transform
- * @see XPathFilterParameterSpec
- */
-public final class XPathFilter2ParameterSpec implements TransformParameterSpec {
-
- private final List xPathList;
-
- /**
- * Creates an <code>XPathFilter2ParameterSpec</code>.
- *
- * @param xPathList a list of one or more {@link XPathType} objects. The
- * list is defensively copied to protect against subsequent modification.
- * @throws ClassCastException if <code>xPathList</code> contains any
- * entries that are not of type {@link XPathType}
- * @throws IllegalArgumentException if <code>xPathList</code> is empty
- * @throws NullPointerException if <code>xPathList</code> is
- * <code>null</code>
- */
- public XPathFilter2ParameterSpec(List xPathList) {
- if (xPathList == null) {
- throw new NullPointerException("xPathList cannot be null");
- }
- this.xPathList = unmodifiableCopyOfList(xPathList);
- if (this.xPathList.isEmpty()) {
- throw new IllegalArgumentException("xPathList cannot be empty");
- }
- int size = this.xPathList.size();
- for (int i = 0; i < size; i++) {
- if (!(this.xPathList.get(i) instanceof XPathType)) {
- throw new ClassCastException
- ("xPathList["+i+"] is not a valid type");
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private static List unmodifiableCopyOfList(List list) {
- return Collections.unmodifiableList(new ArrayList(list));
- }
-
- /**
- * Returns a list of one or more {@link XPathType} objects.
- * <p>
- * This implementation returns an {@link Collections#unmodifiableList
- * unmodifiable list}.
- *
- * @return a <code>List</code> of <code>XPathType</code> objects
- * (never <code>null</code> or empty)
- */
- public List getXPathList() {
- return xPathList;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XPathFilterParameterSpec.java 1203720 2011-11-18 16:23:54Z mullan $
- */
-package javax.xml.crypto.dsig.spec;
-
-import javax.xml.crypto.dsig.Transform;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-/**
- * Parameters for the <a href="http://www.w3.org/TR/xmldsig-core/#sec-XPath">
- * XPath Filtering Transform Algorithm</a>.
- * The parameters include the XPath expression and an optional <code>Map</code>
- * of additional namespace prefix mappings. The XML Schema Definition of
- * the XPath Filtering transform parameters is defined as:
- * <pre><code>
- * <element name="XPath" type="string"/>
- * </code></pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see Transform
- */
-public final class XPathFilterParameterSpec implements TransformParameterSpec {
-
- private String xPath;
- private Map nsMap;
-
- /**
- * Creates an <code>XPathFilterParameterSpec</code> with the specified
- * XPath expression.
- *
- * @param xPath the XPath expression to be evaluated
- * @throws NullPointerException if <code>xPath</code> is <code>null</code>
- */
- public XPathFilterParameterSpec(String xPath) {
- if (xPath == null) {
- throw new NullPointerException();
- }
- this.xPath = xPath;
- this.nsMap = Collections.EMPTY_MAP;
- }
-
- /**
- * Creates an <code>XPathFilterParameterSpec</code> with the specified
- * XPath expression and namespace map. The map is copied to protect against
- * subsequent modification.
- *
- * @param xPath the XPath expression to be evaluated
- * @param namespaceMap the map of namespace prefixes. Each key is a
- * namespace prefix <code>String</code> that maps to a corresponding
- * namespace URI <code>String</code>.
- * @throws NullPointerException if <code>xPath</code> or
- * <code>namespaceMap</code> are <code>null</code>
- * @throws ClassCastException if any of the map's keys or entries are not
- * of type <code>String</code>
- */
- public XPathFilterParameterSpec(String xPath, Map namespaceMap) {
- if (xPath == null || namespaceMap == null) {
- throw new NullPointerException();
- }
- this.xPath = xPath;
- nsMap = unmodifiableCopyOfMap(namespaceMap);
- Iterator entries = nsMap.entrySet().iterator();
- while (entries.hasNext()) {
- Map.Entry me = (Map.Entry) entries.next();
- if (!(me.getKey() instanceof String) ||
- !(me.getValue() instanceof String)) {
- throw new ClassCastException("not a String");
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private static Map unmodifiableCopyOfMap(Map map) {
- return Collections.unmodifiableMap(new HashMap(map));
- }
-
- /**
- * Returns the XPath expression to be evaluated.
- *
- * @return the XPath expression to be evaluated
- */
- public String getXPath() {
- return xPath;
- }
-
- /**
- * Returns a map of namespace prefixes. Each key is a namespace prefix
- * <code>String</code> that maps to a corresponding namespace URI
- * <code>String</code>.
- * <p>
- * This implementation returns an {@link Collections#unmodifiableMap
- * unmodifiable map}.
- *
- * @return a <code>Map</code> of namespace prefixes to namespace URIs (may
- * be empty, but never <code>null</code>)
- */
- public Map getNamespaceMap() {
- return nsMap;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XPathType.java 1203720 2011-11-18 16:23:54Z mullan $
- */
-package javax.xml.crypto.dsig.spec;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-/**
- * The XML Schema Definition of the <code>XPath</code> element as defined in the
- * <a href="http://www.w3.org/TR/xmldsig-filter2">
- * W3C Recommendation for XML-Signature XPath Filter 2.0</a>:
- * <pre><code>
- * <schema xmlns="http://www.w3.org/2001/XMLSchema"
- * xmlns:xf="http://www.w3.org/2002/06/xmldsig-filter2"
- * targetNamespace="http://www.w3.org/2002/06/xmldsig-filter2"
- * version="0.1" elementFormDefault="qualified">
- *
- * <element name="XPath"
- * type="xf:XPathType"/>
- *
- * <complexType name="XPathType">
- * <simpleContent>
- * <extension base="string">
- * <attribute name="Filter">
- * <simpleType>
- * <restriction base="string">
- * <enumeration value="intersect"/>
- * <enumeration value="subtract"/>
- * <enumeration value="union"/>
- * </restriction>
- * </simpleType>
- * </attribute>
- * </extension>
- * </simpleContent>
- * </complexType>
- * </code></pre>
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see XPathFilter2ParameterSpec
- */
-public class XPathType {
-
- /**
- * Represents the filter set operation.
- */
- public static class Filter {
- private final String operation;
-
- private Filter(String operation) {
- this.operation = operation;
- }
-
- /**
- * Returns the string form of the operation.
- *
- * @return the string form of the operation
- */
- public String toString() {
- return operation;
- }
-
- /**
- * The intersect filter operation.
- */
- public static final Filter INTERSECT = new Filter("intersect");
-
- /**
- * The subtract filter operation.
- */
- public static final Filter SUBTRACT = new Filter("subtract");
-
- /**
- * The union filter operation.
- */
- public static final Filter UNION = new Filter("union");
- }
-
- private final String expression;
- private final Filter filter;
- private Map nsMap;
-
- /**
- * Creates an <code>XPathType</code> instance with the specified XPath
- * expression and filter.
- *
- * @param expression the XPath expression to be evaluated
- * @param filter the filter operation ({@link Filter#INTERSECT},
- * {@link Filter#SUBTRACT}, or {@link Filter#UNION})
- * @throws NullPointerException if <code>expression</code> or
- * <code>filter</code> is <code>null</code>
- */
- public XPathType(String expression, Filter filter) {
- if (expression == null) {
- throw new NullPointerException("expression cannot be null");
- }
- if (filter == null) {
- throw new NullPointerException("filter cannot be null");
- }
- this.expression = expression;
- this.filter = filter;
- this.nsMap = Collections.EMPTY_MAP;
- }
-
- /**
- * Creates an <code>XPathType</code> instance with the specified XPath
- * expression, filter, and namespace map. The map is copied to protect
- * against subsequent modification.
- *
- * @param expression the XPath expression to be evaluated
- * @param filter the filter operation ({@link Filter#INTERSECT},
- * {@link Filter#SUBTRACT}, or {@link Filter#UNION})
- * @param namespaceMap the map of namespace prefixes. Each key is a
- * namespace prefix <code>String</code> that maps to a corresponding
- * namespace URI <code>String</code>.
- * @throws NullPointerException if <code>expression</code>,
- * <code>filter</code> or <code>namespaceMap</code> are
- * <code>null</code>
- * @throws ClassCastException if any of the map's keys or entries are
- * not of type <code>String</code>
- */
- public XPathType(String expression, Filter filter, Map namespaceMap) {
- this(expression, filter);
- if (namespaceMap == null) {
- throw new NullPointerException("namespaceMap cannot be null");
- }
- nsMap = unmodifiableCopyOfMap(namespaceMap);
- Iterator entries = nsMap.entrySet().iterator();
- while (entries.hasNext()) {
- Map.Entry me = (Map.Entry) entries.next();
- if (!(me.getKey() instanceof String) ||
- !(me.getValue() instanceof String)) {
- throw new ClassCastException("not a String");
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private static Map unmodifiableCopyOfMap(Map map) {
- return Collections.unmodifiableMap(new HashMap(map));
- }
-
- /**
- * Returns the XPath expression to be evaluated.
- *
- * @return the XPath expression to be evaluated
- */
- public String getExpression() {
- return expression;
- }
-
- /**
- * Returns the filter operation.
- *
- * @return the filter operation
- */
- public Filter getFilter() {
- return filter;
- }
-
- /**
- * Returns a map of namespace prefixes. Each key is a namespace prefix
- * <code>String</code> that maps to a corresponding namespace URI
- * <code>String</code>.
- * <p>
- * This implementation returns an {@link Collections#unmodifiableMap
- * unmodifiable map}.
- *
- * @return a <code>Map</code> of namespace prefixes to namespace URIs
- * (may be empty, but never <code>null</code>)
- */
- public Map getNamespaceMap() {
- return nsMap;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XSLTTransformParameterSpec.java 1092655 2011-04-15 10:24:18Z coheigea $
- */
-package javax.xml.crypto.dsig.spec;
-
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.XMLStructure;
-
-/**
- * Parameters for the <a href="http://www.w3.org/TR/1999/REC-xslt-19991116">
- * XSLT Transform Algorithm</a>.
- * The parameters include a namespace-qualified stylesheet element.
- *
- * <p>An <code>XSLTTransformParameterSpec</code> is instantiated with a
- * mechanism-dependent (ex: DOM) stylesheet element. For example:
- * <pre>
- * DOMStructure stylesheet = new DOMStructure(element)
- * XSLTTransformParameterSpec spec = new XSLTransformParameterSpec(stylesheet);
- * </pre>
- * where <code>element</code> is an {@link org.w3c.dom.Element} containing
- * the namespace-qualified stylesheet element.
- *
- * @author Sean Mullan
- * @author JSR 105 Expert Group
- * @see Transform
- */
-public final class XSLTTransformParameterSpec implements TransformParameterSpec{
- private XMLStructure stylesheet;
-
- /**
- * Creates an <code>XSLTTransformParameterSpec</code> with the specified
- * stylesheet.
- *
- * @param stylesheet the XSLT stylesheet to be used
- * @throws NullPointerException if <code>stylesheet</code> is
- * <code>null</code>
- */
- public XSLTTransformParameterSpec(XMLStructure stylesheet) {
- if (stylesheet == null) {
- throw new NullPointerException();
- }
- this.stylesheet = stylesheet;
- }
-
- /**
- * Returns the stylesheet.
- *
- * @return the stylesheet
- */
- public XMLStructure getStylesheet() {
- return stylesheet;
- }
-}
+++ /dev/null
-<html>
-<head>
-<!--
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
--->
-<!--
- Copyright 2005 Sun Microsystems, Inc. All rights reserved.
--->
-</head>
-<body>
-Parameter classes for XML digital signatures. This package
-contains interfaces and classes representing input parameters for the
-digest, signature, transform, or canonicalization algorithms used in
-the processing of XML signatures.
-
-<h2>Package Specification</h2>
-
-<ul>
-<li>
-<a href="http://www.w3.org/TR/xmldsig-core/">
-XML-Signature Syntax and Processing: W3C Recommendation</a>
-<li>
-<a href="http://www.ietf.org/rfc/rfc3275.txt">
-RFC 3275: XML-Signature Syntax and Processing</a>
-<li>
-<a href="http://www.w3.org/TR/xml-exc-c14n/">
-Exclusive XML Canonicalization algorithm: W3C Recommendation</a>
-<li>
-<a href="http://www.w3.org/TR/xmldsig-filter2/">
-XPath Filter 2.0 Transform Algorithm: W3C Recommendation</a>
-</ul>
-
-</body>
-</html>
+++ /dev/null
-<html>
-<head>
-<!--
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
--->
-<!--
- Copyright 2005 Sun Microsystems, Inc. All rights reserved.
--->
-</head>
-<body>
-Common classes for XML cryptography. This package includes common classes that
-are used to perform XML cryptographic operations, such as generating
-an XML signature or encrypting XML data.
-
-<h2>Package Specification</h2>
-
-<ul>
-<li>
-<a href="http://www.w3.org/TR/xmldsig-core/">
-XML-Signature Syntax and Processing: W3C Recommendation</a>
-<li>
-<a href="http://www.ietf.org/rfc/rfc3275.txt">
-RFC 3275: XML-Signature Syntax and Processing</a>
-</ul>
-
-</body>
-</html>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DigesterOutputStream.java,v 1.5 2005/12/20 20:02:39 mullan Exp $
- */
-package org.apache.jcp.xml.dsig.internal;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.MessageDigest;
-
-import org.apache.xml.security.utils.UnsyncByteArrayOutputStream;
-
-/**
- * This class has been modified slightly to use java.security.MessageDigest
- * objects as input, rather than
- * org.apache.xml.security.algorithms.MessageDigestAlgorithm objects.
- * It also optionally caches the input bytes.
- *
- * @author raul
- * @author Sean Mullan
- */
-public class DigesterOutputStream extends OutputStream {
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DigesterOutputStream.class);
-
- private final boolean buffer;
- private UnsyncByteArrayOutputStream bos;
- private final MessageDigest md;
-
- /**
- * Creates a DigesterOutputStream.
- *
- * @param md the MessageDigest
- */
- public DigesterOutputStream(MessageDigest md) {
- this(md, false);
- }
-
- /**
- * Creates a DigesterOutputStream.
- *
- * @param md the MessageDigest
- * @param buffer if true, caches the input bytes
- */
- public DigesterOutputStream(MessageDigest md, boolean buffer) {
- this.md = md;
- this.buffer = buffer;
- if (buffer) {
- bos = new UnsyncByteArrayOutputStream();
- }
- }
-
- public void write(int input) {
- if (buffer) {
- bos.write(input);
- }
- md.update((byte)input);
- }
-
- @Override
- public void write(byte[] input, int offset, int len) {
- if (buffer) {
- bos.write(input, offset, len);
- }
- if (log.isDebugEnabled()) {
- log.debug("Pre-digested input:");
- StringBuilder sb = new StringBuilder(len);
- for (int i = offset; i < (offset + len); i++) {
- sb.append((char)input[i]);
- }
- log.debug(sb.toString());
- }
- md.update(input, offset, len);
- }
-
- /**
- * @return the digest value
- */
- public byte[] getDigestValue() {
- return md.digest();
- }
-
- /**
- * @return an input stream containing the cached bytes, or
- * null if not cached
- */
- public InputStream getInputStream() {
- if (buffer) {
- return new ByteArrayInputStream(bos.toByteArray());
- } else {
- return null;
- }
- }
-
- @Override
- public void close() throws IOException {
- if (buffer) {
- bos.close();
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.jcp.xml.dsig.internal;
-
-import java.io.ByteArrayOutputStream;
-import javax.crypto.Mac;
-
-/**
- * Derived from Apache sources and changed to use Mac objects instead of
- * org.apache.xml.security.algorithms.SignatureAlgorithm objects.
- *
- * @author raul
- * @author Sean Mullan
- *
- */
-public class MacOutputStream extends ByteArrayOutputStream {
- private final Mac mac;
-
- public MacOutputStream(Mac mac) {
- this.mac = mac;
- }
-
- @Override
- public void write(int arg0) {
- super.write(arg0);
- mac.update((byte) arg0);
- }
-
- @Override
- public void write(byte[] arg0, int arg1, int arg2) {
- super.write(arg0, arg1, arg2);
- mac.update(arg0, arg1, arg2);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: SignerOutputStream.java,v 1.2 2005/09/15 14:29:02 mullan Exp $
- */
-package org.apache.jcp.xml.dsig.internal;
-
-import java.io.ByteArrayOutputStream;
-import java.security.Signature;
-import java.security.SignatureException;
-
-/**
- * Derived from Apache sources and changed to use java.security.Signature
- * objects as input instead of
- * org.apache.xml.security.algorithms.SignatureAlgorithm objects.
- *
- * @author raul
- * @author Sean Mullan
- */
-public class SignerOutputStream extends ByteArrayOutputStream {
- private final Signature sig;
-
- public SignerOutputStream(Signature sig) {
- this.sig = sig;
- }
-
- @Override
- public void write(int arg0) {
- super.write(arg0);
- try {
- sig.update((byte)arg0);
- } catch (SignatureException e) {
- throw new RuntimeException(e);
- }
- }
-
- @Override
- public void write(byte[] arg0, int arg1, int arg2) {
- super.write(arg0, arg1, arg2);
- try {
- sig.update(arg0, arg1, arg2);
- } catch (SignatureException e) {
- throw new RuntimeException(e);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.security.Key;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.SignatureException;
-import java.security.spec.AlgorithmParameterSpec;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignContext;
-import javax.xml.crypto.dsig.XMLValidateContext;
-import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * An abstract class representing a SignatureMethod. Subclasses implement
- * a specific XML DSig signature algorithm.
- */
-abstract class AbstractDOMSignatureMethod extends DOMStructure
- implements SignatureMethod {
-
- // denotes the type of signature algorithm
- enum Type { DSA, RSA, ECDSA, HMAC }
-
- /**
- * Verifies the passed-in signature with the specified key, using the
- * underlying Signature or Mac algorithm.
- *
- * @param key the verification key
- * @param si the SignedInfo
- * @param sig the signature bytes to be verified
- * @param context the XMLValidateContext
- * @return <code>true</code> if the signature verified successfully,
- * <code>false</code> if not
- * @throws NullPointerException if <code>key</code>, <code>si</code> or
- * <code>sig</code> are <code>null</code>
- * @throws InvalidKeyException if the key is improperly encoded, of
- * the wrong type, or parameters are missing, etc
- * @throws SignatureException if an unexpected error occurs, such
- * as the passed in signature is improperly encoded
- * @throws XMLSignatureException if an unexpected error occurs
- */
- abstract boolean verify(Key key, SignedInfo si, byte[] sig,
- XMLValidateContext context)
- throws InvalidKeyException, SignatureException, XMLSignatureException;
-
- /**
- * Signs the bytes with the specified key, using the underlying
- * Signature or Mac algorithm.
- *
- * @param key the signing key
- * @param si the SignedInfo
- * @param context the XMLSignContext
- * @return the signature
- * @throws NullPointerException if <code>key</code> or
- * <code>si</code> are <code>null</code>
- * @throws InvalidKeyException if the key is improperly encoded, of
- * the wrong type, or parameters are missing, etc
- * @throws XMLSignatureException if an unexpected error occurs
- */
- abstract byte[] sign(Key key, SignedInfo si, XMLSignContext context)
- throws InvalidKeyException, XMLSignatureException;
-
- /**
- * Returns the java.security.Signature or javax.crypto.Mac standard
- * algorithm name.
- */
- abstract String getJCAAlgorithm();
-
- /**
- * Returns the type of signature algorithm.
- */
- abstract Type getAlgorithmType();
-
- /**
- * This method invokes the {@link #marshalParams marshalParams}
- * method to marshal any algorithm-specific parameters.
- */
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
-
- Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod",
- XMLSignature.XMLNS, dsPrefix);
- DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm());
-
- if (getParameterSpec() != null) {
- marshalParams(smElem, dsPrefix);
- }
-
- parent.appendChild(smElem);
- }
-
- /**
- * Marshals the algorithm-specific parameters to an Element and
- * appends it to the specified parent element. By default, this method
- * throws an exception since most SignatureMethod algorithms do not have
- * parameters. Subclasses should override it if they have parameters.
- *
- * @param parent the parent element to append the parameters to
- * @param paramsPrefix the algorithm parameters prefix to use
- * @throws MarshalException if the parameters cannot be marshalled
- */
- void marshalParams(Element parent, String paramsPrefix)
- throws MarshalException
- {
- throw new MarshalException("no parameters should " +
- "be specified for the " + getAlgorithm() +
- " SignatureMethod algorithm");
- }
-
- /**
- * Unmarshals <code>SignatureMethodParameterSpec</code> from the specified
- * <code>Element</code>. By default, this method throws an exception since
- * most SignatureMethod algorithms do not have parameters. Subclasses should
- * override it if they have parameters.
- *
- * @param paramsElem the <code>Element</code> holding the input params
- * @return the algorithm-specific <code>SignatureMethodParameterSpec</code>
- * @throws MarshalException if the parameters cannot be unmarshalled
- */
- SignatureMethodParameterSpec unmarshalParams(Element paramsElem)
- throws MarshalException
- {
- throw new MarshalException("no parameters should " +
- "be specified for the " + getAlgorithm() +
- " SignatureMethod algorithm");
- }
-
- /**
- * Checks if the specified parameters are valid for this algorithm. By
- * default, this method throws an exception if parameters are specified
- * since most SignatureMethod algorithms do not have parameters. Subclasses
- * should override it if they have parameters.
- *
- * @param params the algorithm-specific params (may be <code>null</code>)
- * @throws InvalidAlgorithmParameterException if the parameters are not
- * appropriate for this signature method
- */
- void checkParams(SignatureMethodParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params != null) {
- throw new InvalidAlgorithmParameterException("no parameters " +
- "should be specified for the " + getAlgorithm() +
- " SignatureMethod algorithm");
- }
- }
-
- @Override
- public boolean equals(Object o)
- {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof SignatureMethod)) {
- return false;
- }
- SignatureMethod osm = (SignatureMethod)o;
-
- return (getAlgorithm().equals(osm.getAlgorithm()) &&
- paramsEqual(osm.getParameterSpec()));
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- String algorithm = getAlgorithm();
- if (algorithm != null) {
- result = 31 * result + algorithm.hashCode();
- }
- AlgorithmParameterSpec spec = getParameterSpec();
- if (spec != null) {
- result = 31 * result + spec.hashCode();
- }
-
- return result;
- }
-
- /**
- * Returns true if parameters are equal; false otherwise.
- *
- * Subclasses should override this method to compare algorithm-specific
- * parameters.
- */
- boolean paramsEqual(AlgorithmParameterSpec spec)
- {
- return (getParameterSpec() == spec);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: ApacheCanonicalizer.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.InvalidAlgorithmParameterException;
-import java.util.Set;
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.TransformException;
-import javax.xml.crypto.dsig.TransformService;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-public abstract class ApacheCanonicalizer extends TransformService {
-
- static {
- org.apache.xml.security.Init.init();
- }
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ApacheCanonicalizer.class);
- protected Canonicalizer apacheCanonicalizer;
- private Transform apacheTransform;
- protected String inclusiveNamespaces;
- protected C14NMethodParameterSpec params;
- protected Document ownerDoc;
- protected Element transformElem;
-
- public final AlgorithmParameterSpec getParameterSpec()
- {
- return params;
- }
-
- public void init(XMLStructure parent, XMLCryptoContext context)
- throws InvalidAlgorithmParameterException
- {
- if (context != null && !(context instanceof DOMCryptoContext)) {
- throw new ClassCastException
- ("context must be of type DOMCryptoContext");
- }
- if (parent == null || !(parent instanceof javax.xml.crypto.dom.DOMStructure)) {
- throw new ClassCastException("parent must be of type DOMStructure");
- }
- transformElem = (Element)
- ((javax.xml.crypto.dom.DOMStructure)parent).getNode();
- ownerDoc = DOMUtils.getOwnerDocument(transformElem);
- }
-
- public void marshalParams(XMLStructure parent, XMLCryptoContext context)
- throws MarshalException
- {
- if (context != null && !(context instanceof DOMCryptoContext)) {
- throw new ClassCastException
- ("context must be of type DOMCryptoContext");
- }
- if (parent == null || !(parent instanceof javax.xml.crypto.dom.DOMStructure)) {
- throw new ClassCastException("parent must be of type DOMStructure");
- }
- transformElem = (Element)
- ((javax.xml.crypto.dom.DOMStructure)parent).getNode();
- ownerDoc = DOMUtils.getOwnerDocument(transformElem);
- }
-
- public Data canonicalize(Data data, XMLCryptoContext xc)
- throws TransformException
- {
- return canonicalize(data, xc, null);
- }
-
- public Data canonicalize(Data data, XMLCryptoContext xc, OutputStream os)
- throws TransformException
- {
- if (apacheCanonicalizer == null) {
- try {
- apacheCanonicalizer = Canonicalizer.getInstance(getAlgorithm());
- if (log.isDebugEnabled()) {
- log.debug("Created canonicalizer for algorithm: " + getAlgorithm());
- }
- } catch (InvalidCanonicalizerException ice) {
- throw new TransformException
- ("Couldn't find Canonicalizer for: " + getAlgorithm() +
- ": " + ice.getMessage(), ice);
- }
- }
-
- if (os != null) {
- apacheCanonicalizer.setWriter(os);
- } else {
- apacheCanonicalizer.setWriter(new ByteArrayOutputStream());
- }
-
- try {
- Set<Node> nodeSet = null;
- if (data instanceof ApacheData) {
- XMLSignatureInput in =
- ((ApacheData)data).getXMLSignatureInput();
- if (in.isElement()) {
- if (inclusiveNamespaces != null) {
- return new OctetStreamData(new ByteArrayInputStream
- (apacheCanonicalizer.canonicalizeSubtree
- (in.getSubNode(), inclusiveNamespaces)));
- } else {
- return new OctetStreamData(new ByteArrayInputStream
- (apacheCanonicalizer.canonicalizeSubtree
- (in.getSubNode())));
- }
- } else if (in.isNodeSet()) {
- nodeSet = in.getNodeSet();
- } else {
- return new OctetStreamData(new ByteArrayInputStream(
- apacheCanonicalizer.canonicalize(
- Utils.readBytesFromStream(in.getOctetStream()))));
- }
- } else if (data instanceof DOMSubTreeData) {
- DOMSubTreeData subTree = (DOMSubTreeData)data;
- if (inclusiveNamespaces != null) {
- return new OctetStreamData(new ByteArrayInputStream
- (apacheCanonicalizer.canonicalizeSubtree
- (subTree.getRoot(), inclusiveNamespaces)));
- } else {
- return new OctetStreamData(new ByteArrayInputStream
- (apacheCanonicalizer.canonicalizeSubtree
- (subTree.getRoot())));
- }
- } else if (data instanceof NodeSetData) {
- NodeSetData nsd = (NodeSetData)data;
- // convert Iterator to Set
- @SuppressWarnings("unchecked")
- Set<Node> ns = Utils.toNodeSet(nsd.iterator());
- nodeSet = ns;
- if (log.isDebugEnabled()) {
- log.debug("Canonicalizing " + nodeSet.size() + " nodes");
- }
- } else {
- return new OctetStreamData(new ByteArrayInputStream(
- apacheCanonicalizer.canonicalize(
- Utils.readBytesFromStream(
- ((OctetStreamData)data).getOctetStream()))));
- }
- if (inclusiveNamespaces != null) {
- return new OctetStreamData(new ByteArrayInputStream(
- apacheCanonicalizer.canonicalizeXPathNodeSet
- (nodeSet, inclusiveNamespaces)));
- } else {
- return new OctetStreamData(new ByteArrayInputStream(
- apacheCanonicalizer.canonicalizeXPathNodeSet(nodeSet)));
- }
- } catch (Exception e) {
- throw new TransformException(e);
- }
- }
-
- public Data transform(Data data, XMLCryptoContext xc, OutputStream os)
- throws TransformException
- {
- if (data == null) {
- throw new NullPointerException("data must not be null");
- }
- if (os == null) {
- throw new NullPointerException("output stream must not be null");
- }
-
- if (ownerDoc == null) {
- throw new TransformException("transform must be marshalled");
- }
-
- if (apacheTransform == null) {
- try {
- apacheTransform =
- new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes());
- apacheTransform.setElement(transformElem, xc.getBaseURI());
- if (log.isDebugEnabled()) {
- log.debug("Created transform for algorithm: " + getAlgorithm());
- }
- } catch (Exception ex) {
- throw new TransformException
- ("Couldn't find Transform for: " + getAlgorithm(), ex);
- }
- }
-
- XMLSignatureInput in;
- if (data instanceof ApacheData) {
- if (log.isDebugEnabled()) {
- log.debug("ApacheData = true");
- }
- in = ((ApacheData)data).getXMLSignatureInput();
- } else if (data instanceof NodeSetData) {
- if (log.isDebugEnabled()) {
- log.debug("isNodeSet() = true");
- }
- if (data instanceof DOMSubTreeData) {
- DOMSubTreeData subTree = (DOMSubTreeData)data;
- in = new XMLSignatureInput(subTree.getRoot());
- in.setExcludeComments(subTree.excludeComments());
- } else {
- @SuppressWarnings("unchecked")
- Set<Node> nodeSet =
- Utils.toNodeSet(((NodeSetData)data).iterator());
- in = new XMLSignatureInput(nodeSet);
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug("isNodeSet() = false");
- }
- try {
- in = new XMLSignatureInput
- (((OctetStreamData)data).getOctetStream());
- } catch (Exception ex) {
- throw new TransformException(ex);
- }
- }
-
- try {
- in = apacheTransform.performTransform(in, os);
- if (!in.isNodeSet() && !in.isElement()) {
- return null;
- }
- if (in.isOctetStream()) {
- return new ApacheOctetStreamData(in);
- } else {
- return new ApacheNodeSetData(in);
- }
- } catch (Exception ex) {
- throw new TransformException(ex);
- }
- }
-
- public final boolean isFeatureSupported(String feature) {
- if (feature == null) {
- throw new NullPointerException();
- } else {
- return false;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: ApacheData.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.Data;
-import org.apache.xml.security.signature.XMLSignatureInput;
-
-/**
- * XMLSignatureInput Data wrapper.
- *
- * @author Sean Mullan
- */
-public interface ApacheData extends Data {
-
- /**
- * Returns the XMLSignatureInput.
- */
- XMLSignatureInput getXMLSignatureInput();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: ApacheNodeSetData.java 1203890 2011-11-18 22:47:56Z mullan $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Set;
-import javax.xml.crypto.NodeSetData;
-import org.w3c.dom.Node;
-import org.apache.xml.security.signature.NodeFilter;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.XMLUtils;
-
-public class ApacheNodeSetData implements ApacheData, NodeSetData {
-
- private XMLSignatureInput xi;
-
- public ApacheNodeSetData(XMLSignatureInput xi) {
- this.xi = xi;
- }
-
- public Iterator iterator() {
- // If nodefilters are set, must execute them first to create node-set
- if (xi.getNodeFilters() != null) {
- return Collections.unmodifiableSet
- (getNodeSet(xi.getNodeFilters())).iterator();
- }
- try {
- return Collections.unmodifiableSet(xi.getNodeSet()).iterator();
- } catch (Exception e) {
- // should not occur
- throw new RuntimeException
- ("unrecoverable error retrieving nodeset", e);
- }
- }
-
- public XMLSignatureInput getXMLSignatureInput() {
- return xi;
- }
-
- private Set<Node> getNodeSet(List<NodeFilter> nodeFilters) {
- if (xi.isNeedsToBeExpanded()) {
- XMLUtils.circumventBug2650
- (XMLUtils.getOwnerDocument(xi.getSubNode()));
- }
-
- Set<Node> inputSet = new LinkedHashSet<Node>();
- XMLUtils.getSet(xi.getSubNode(), inputSet,
- null, !xi.isExcludeComments());
- Set<Node> nodeSet = new LinkedHashSet<Node>();
- for (Node currentNode : inputSet) {
- Iterator<NodeFilter> it = nodeFilters.iterator();
- boolean skipNode = false;
- while (it.hasNext() && !skipNode) {
- NodeFilter nf = it.next();
- if (nf.isNodeInclude(currentNode) != 1) {
- skipNode = true;
- }
- }
- if (!skipNode) {
- nodeSet.add(currentNode);
- }
- }
- return nodeSet;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: ApacheOctetStreamData.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.io.IOException;
-import javax.xml.crypto.OctetStreamData;
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-
-public class ApacheOctetStreamData extends OctetStreamData
- implements ApacheData {
-
- private XMLSignatureInput xi;
-
- public ApacheOctetStreamData(XMLSignatureInput xi)
- throws CanonicalizationException, IOException
- {
- super(xi.getOctetStream(), xi.getSourceURI(), xi.getMIMEType());
- this.xi = xi;
- }
-
- public XMLSignatureInput getXMLSignatureInput() {
- return xi;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: ApacheTransform.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.io.OutputStream;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Set;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.Transforms;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-/**
- * This is a wrapper/glue class which invokes the Apache XML-Security
- * Transform.
- *
- * @author Sean Mullan
- * @author Erwin van der Koogh
- */
-public abstract class ApacheTransform extends TransformService {
-
- static {
- org.apache.xml.security.Init.init();
- }
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ApacheTransform.class);
- private Transform apacheTransform;
- protected Document ownerDoc;
- protected Element transformElem;
- protected TransformParameterSpec params;
-
- public final AlgorithmParameterSpec getParameterSpec() {
- return params;
- }
-
- public void init(XMLStructure parent, XMLCryptoContext context)
- throws InvalidAlgorithmParameterException
- {
- if (context != null && !(context instanceof DOMCryptoContext)) {
- throw new ClassCastException
- ("context must be of type DOMCryptoContext");
- }
- if (parent == null || !(parent instanceof javax.xml.crypto.dom.DOMStructure)) {
- throw new ClassCastException("parent must be of type DOMStructure");
- }
- transformElem = (Element)
- ((javax.xml.crypto.dom.DOMStructure) parent).getNode();
- ownerDoc = DOMUtils.getOwnerDocument(transformElem);
- }
-
- public void marshalParams(XMLStructure parent, XMLCryptoContext context)
- throws MarshalException
- {
- if (context != null && !(context instanceof DOMCryptoContext)) {
- throw new ClassCastException
- ("context must be of type DOMCryptoContext");
- }
- if (parent == null || !(parent instanceof javax.xml.crypto.dom.DOMStructure)) {
- throw new ClassCastException("parent must be of type DOMStructure");
- }
- transformElem = (Element)
- ((javax.xml.crypto.dom.DOMStructure) parent).getNode();
- ownerDoc = DOMUtils.getOwnerDocument(transformElem);
- }
-
- public Data transform(Data data, XMLCryptoContext xc)
- throws TransformException
- {
- if (data == null) {
- throw new NullPointerException("data must not be null");
- }
- return transformIt(data, xc, (OutputStream)null);
- }
-
- public Data transform(Data data, XMLCryptoContext xc, OutputStream os)
- throws TransformException
- {
- if (data == null) {
- throw new NullPointerException("data must not be null");
- }
- if (os == null) {
- throw new NullPointerException("output stream must not be null");
- }
- return transformIt(data, xc, os);
- }
-
- private Data transformIt(Data data, XMLCryptoContext xc, OutputStream os)
- throws TransformException
- {
- if (ownerDoc == null) {
- throw new TransformException("transform must be marshalled");
- }
-
- if (apacheTransform == null) {
- try {
- apacheTransform =
- new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes());
- apacheTransform.setElement(transformElem, xc.getBaseURI());
- if (log.isDebugEnabled()) {
- log.debug("Created transform for algorithm: " +
- getAlgorithm());
- }
- } catch (Exception ex) {
- throw new TransformException("Couldn't find Transform for: " +
- getAlgorithm(), ex);
- }
- }
-
- Boolean secureValidation = (Boolean)
- xc.getProperty("org.apache.jcp.xml.dsig.secureValidation");
- if (secureValidation != null && secureValidation.booleanValue()) {
- String algorithm = getAlgorithm();
- if (Transforms.TRANSFORM_XSLT.equals(algorithm)) {
- throw new TransformException(
- "Transform " + algorithm + " is forbidden when secure validation is enabled"
- );
- }
- }
-
- XMLSignatureInput in;
- if (data instanceof ApacheData) {
- if (log.isDebugEnabled()) {
- log.debug("ApacheData = true");
- }
- in = ((ApacheData)data).getXMLSignatureInput();
- } else if (data instanceof NodeSetData) {
- if (log.isDebugEnabled()) {
- log.debug("isNodeSet() = true");
- }
- if (data instanceof DOMSubTreeData) {
- if (log.isDebugEnabled()) {
- log.debug("DOMSubTreeData = true");
- }
- DOMSubTreeData subTree = (DOMSubTreeData)data;
- in = new XMLSignatureInput(subTree.getRoot());
- in.setExcludeComments(subTree.excludeComments());
- } else {
- @SuppressWarnings("unchecked")
- Set<Node> nodeSet =
- Utils.toNodeSet(((NodeSetData)data).iterator());
- in = new XMLSignatureInput(nodeSet);
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug("isNodeSet() = false");
- }
- try {
- in = new XMLSignatureInput
- (((OctetStreamData)data).getOctetStream());
- } catch (Exception ex) {
- throw new TransformException(ex);
- }
- }
-
- try {
- if (os != null) {
- in = apacheTransform.performTransform(in, os);
- if (!in.isNodeSet() && !in.isElement()) {
- return null;
- }
- } else {
- in = apacheTransform.performTransform(in);
- }
- if (in.isOctetStream()) {
- return new ApacheOctetStreamData(in);
- } else {
- return new ApacheNodeSetData(in);
- }
- } catch (Exception ex) {
- throw new TransformException(ex);
- }
- }
-
- public final boolean isFeatureSupported(String feature) {
- if (feature == null) {
- throw new NullPointerException();
- } else {
- return false;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMBase64Transform.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.security.InvalidAlgorithmParameterException;
-
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-/**
- * DOM-based implementation of Base64 Encoding Transform.
- * (Uses Apache XML-Sec Transform implementation)
- *
- * @author Sean Mullan
- */
-public final class DOMBase64Transform extends ApacheTransform {
-
- public void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException {
- if (params != null) {
- throw new InvalidAlgorithmParameterException("params must be null");
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id$
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-import java.security.InvalidAlgorithmParameterException;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-
-/**
- * DOM-based implementation of CanonicalizationMethod for Canonical XML 1.1
- * (with or without comments). Uses Apache XML-Sec Canonicalizer.
- *
- * @author Sean Mullan
- */
-public final class DOMCanonicalXMLC14N11Method extends ApacheCanonicalizer {
-
- public static final String C14N_11 = "http://www.w3.org/2006/12/xml-c14n11";
- public static final String C14N_11_WITH_COMMENTS
- = "http://www.w3.org/2006/12/xml-c14n11#WithComments";
-
- public void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException {
- if (params != null) {
- throw new InvalidAlgorithmParameterException("no parameters " +
- "should be specified for Canonical XML 1.1 algorithm");
- }
- }
-
- public Data transform(Data data, XMLCryptoContext xc)
- throws TransformException {
-
- // ignore comments if dereferencing same-document URI that requires
- // you to omit comments, even if the Transform says otherwise -
- // this is to be compliant with section 4.3.3.3 of W3C Rec.
- if (data instanceof DOMSubTreeData) {
- DOMSubTreeData subTree = (DOMSubTreeData) data;
- if (subTree.excludeComments()) {
- try {
- apacheCanonicalizer = Canonicalizer.getInstance(C14N_11);
- } catch (InvalidCanonicalizerException ice) {
- throw new TransformException
- ("Couldn't find Canonicalizer for: " +
- C14N_11 + ": " + ice.getMessage(), ice);
- }
- }
- }
-
- return canonicalize(data, xc);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMCanonicalXMLC14NMethod.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-import java.security.InvalidAlgorithmParameterException;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-
-/**
- * DOM-based implementation of CanonicalizationMethod for Canonical XML
- * (with or without comments). Uses Apache XML-Sec Canonicalizer.
- *
- * @author Sean Mullan
- */
-public final class DOMCanonicalXMLC14NMethod extends ApacheCanonicalizer {
-
- public void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException {
- if (params != null) {
- throw new InvalidAlgorithmParameterException("no parameters " +
- "should be specified for Canonical XML C14N algorithm");
- }
- }
-
- public Data transform(Data data, XMLCryptoContext xc)
- throws TransformException {
-
- // ignore comments if dereferencing same-document URI that requires
- // you to omit comments, even if the Transform says otherwise -
- // this is to be compliant with section 4.3.3.3 of W3C Rec.
- if (data instanceof DOMSubTreeData) {
- DOMSubTreeData subTree = (DOMSubTreeData) data;
- if (subTree.excludeComments()) {
- try {
- apacheCanonicalizer = Canonicalizer.getInstance
- (CanonicalizationMethod.INCLUSIVE);
- } catch (InvalidCanonicalizerException ice) {
- throw new TransformException
- ("Couldn't find Canonicalizer for: " +
- CanonicalizationMethod.INCLUSIVE + ": " +
- ice.getMessage(), ice);
- }
- }
- }
-
- return canonicalize(data, xc);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMCanonicalizationMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.io.OutputStream;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.Provider;
-
-import org.w3c.dom.Element;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-
-/**
- * DOM-based abstract implementation of CanonicalizationMethod.
- *
- * @author Sean Mullan
- */
-public class DOMCanonicalizationMethod extends DOMTransform
- implements CanonicalizationMethod {
-
- /**
- * Creates a <code>DOMCanonicalizationMethod</code>.
- *
- * @param spi TransformService
- */
- public DOMCanonicalizationMethod(TransformService spi)
- throws InvalidAlgorithmParameterException
- {
- super(spi);
- }
-
- /**
- * Creates a <code>DOMCanonicalizationMethod</code> from an element. This
- * ctor invokes the abstract {@link #unmarshalParams unmarshalParams}
- * method to unmarshal any algorithm-specific input parameters.
- *
- * @param cmElem a CanonicalizationMethod element
- */
- public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context,
- Provider provider)
- throws MarshalException
- {
- super(cmElem, context, provider);
- }
-
- /**
- * Canonicalizes the specified data using the underlying canonicalization
- * algorithm. This is a convenience method that is equivalent to invoking
- * the {@link #transform transform} method.
- *
- * @param data the data to be canonicalized
- * @param xc the <code>XMLCryptoContext</code> containing
- * additional context (may be <code>null</code> if not applicable)
- * @return the canonicalized data
- * @throws NullPointerException if <code>data</code> is <code>null</code>
- * @throws TransformException if an unexpected error occurs while
- * canonicalizing the data
- */
- public Data canonicalize(Data data, XMLCryptoContext xc)
- throws TransformException
- {
- return transform(data, xc);
- }
-
- public Data canonicalize(Data data, XMLCryptoContext xc, OutputStream os)
- throws TransformException
- {
- return transform(data, xc, os);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof CanonicalizationMethod)) {
- return false;
- }
- CanonicalizationMethod ocm = (CanonicalizationMethod)o;
-
- return (getAlgorithm().equals(ocm.getAlgorithm()) &&
- DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec()));
- }
-
- @Override
- public int hashCode() {
- assert false : "hashCode not designed";
- return 42; // any arbitrary constant will do
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMCryptoBinary.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.math.BigInteger;
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import org.w3c.dom.Node;
-import org.w3c.dom.Text;
-
-import org.apache.xml.security.utils.Base64;
-
-/**
- * A DOM-based representation of the XML <code>CryptoBinary</code> simple type
- * as defined in the W3C specification for XML-Signature Syntax and Processing.
- * The XML Schema Definition is defined as:
- *
- * <xmp>
- * <simpleType name="CryptoBinary">
- * <restriction base = "base64Binary">
- * </restriction>
- * </simpleType>
- * </xmp>
- *
- * @author Sean Mullan
- */
-public final class DOMCryptoBinary extends DOMStructure {
-
- private final BigInteger bigNum;
- private final String value;
-
- /**
- * Create a <code>DOMCryptoBinary</code> instance from the specified
- * <code>BigInteger</code>
- *
- * @param bigNum the arbitrary-length integer
- * @throws NullPointerException if <code>bigNum</code> is <code>null</code>
- */
- public DOMCryptoBinary(BigInteger bigNum) {
- if (bigNum == null) {
- throw new NullPointerException("bigNum is null");
- }
- this.bigNum = bigNum;
- // convert to bitstring
- value = Base64.encode(bigNum);
- }
-
- /**
- * Creates a <code>DOMCryptoBinary</code> from a node.
- *
- * @param cbNode a CryptoBinary text node
- * @throws MarshalException if value cannot be decoded (invalid format)
- */
- public DOMCryptoBinary(Node cbNode) throws MarshalException {
- value = cbNode.getNodeValue();
- try {
- bigNum = Base64.decodeBigIntegerFromText((Text) cbNode);
- } catch (Exception ex) {
- throw new MarshalException(ex);
- }
- }
-
- /**
- * Returns the <code>BigInteger</code> that this object contains.
- *
- * @return the <code>BigInteger</code> that this object contains
- */
- public BigInteger getBigNum() {
- return bigNum;
- }
-
- public void marshal(Node parent, String prefix, DOMCryptoContext context)
- throws MarshalException {
- parent.appendChild
- (DOMUtils.getOwnerDocument(parent).createTextNode(value));
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMDigestMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.spec.AlgorithmParameterSpec;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * DOM-based abstract implementation of DigestMethod.
- *
- * @author Sean Mullan
- */
-public abstract class DOMDigestMethod extends DOMStructure
- implements DigestMethod {
-
- static final String SHA384 =
- "http://www.w3.org/2001/04/xmldsig-more#sha384"; // see RFC 4051
- private DigestMethodParameterSpec params;
-
- /**
- * Creates a <code>DOMDigestMethod</code>.
- *
- * @param params the algorithm-specific params (may be <code>null</code>)
- * @throws InvalidAlgorithmParameterException if the parameters are not
- * appropriate for this digest method
- */
- DOMDigestMethod(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params != null && !(params instanceof DigestMethodParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("params must be of type DigestMethodParameterSpec");
- }
- checkParams((DigestMethodParameterSpec)params);
- this.params = (DigestMethodParameterSpec)params;
- }
-
- /**
- * Creates a <code>DOMDigestMethod</code> from an element. This constructor
- * invokes the abstract {@link #unmarshalParams unmarshalParams} method to
- * unmarshal any algorithm-specific input parameters.
- *
- * @param dmElem a DigestMethod element
- */
- DOMDigestMethod(Element dmElem) throws MarshalException {
- Element paramsElem = DOMUtils.getFirstChildElement(dmElem);
- if (paramsElem != null) {
- params = unmarshalParams(paramsElem);
- }
- try {
- checkParams(params);
- } catch (InvalidAlgorithmParameterException iape) {
- throw new MarshalException(iape);
- }
- }
-
- static DigestMethod unmarshal(Element dmElem) throws MarshalException {
- String alg = DOMUtils.getAttributeValue(dmElem, "Algorithm");
- if (alg.equals(DigestMethod.SHA1)) {
- return new SHA1(dmElem);
- } else if (alg.equals(DigestMethod.SHA256)) {
- return new SHA256(dmElem);
- } else if (alg.equals(SHA384)) {
- return new SHA384(dmElem);
- } else if (alg.equals(DigestMethod.SHA512)) {
- return new SHA512(dmElem);
- } else {
- throw new MarshalException("unsupported DigestMethod algorithm: " +
- alg);
- }
- }
-
- /**
- * Checks if the specified parameters are valid for this algorithm. By
- * default, this method throws an exception if parameters are specified
- * since most DigestMethod algorithms do not have parameters. Subclasses
- * should override it if they have parameters.
- *
- * @param params the algorithm-specific params (may be <code>null</code>)
- * @throws InvalidAlgorithmParameterException if the parameters are not
- * appropriate for this digest method
- */
- void checkParams(DigestMethodParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params != null) {
- throw new InvalidAlgorithmParameterException("no parameters " +
- "should be specified for the " + getMessageDigestAlgorithm() +
- " DigestMethod algorithm");
- }
- }
-
- public final AlgorithmParameterSpec getParameterSpec() {
- return params;
- }
-
- /**
- * Unmarshals <code>DigestMethodParameterSpec</code> from the specified
- * <code>Element</code>. By default, this method throws an exception since
- * most DigestMethod algorithms do not have parameters. Subclasses should
- * override it if they have parameters.
- *
- * @param paramsElem the <code>Element</code> holding the input params
- * @return the algorithm-specific <code>DigestMethodParameterSpec</code>
- * @throws MarshalException if the parameters cannot be unmarshalled
- */
- DigestMethodParameterSpec unmarshalParams(Element paramsElem)
- throws MarshalException
- {
- throw new MarshalException("no parameters should " +
- "be specified for the " +
- getMessageDigestAlgorithm() +
- " DigestMethod algorithm");
- }
-
- /**
- * This method invokes the abstract {@link #marshalParams marshalParams}
- * method to marshal any algorithm-specific parameters.
- */
- public void marshal(Node parent, String prefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
-
- Element dmElem = DOMUtils.createElement(ownerDoc, "DigestMethod",
- XMLSignature.XMLNS, prefix);
- DOMUtils.setAttribute(dmElem, "Algorithm", getAlgorithm());
-
- if (params != null) {
- marshalParams(dmElem, prefix);
- }
-
- parent.appendChild(dmElem);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof DigestMethod)) {
- return false;
- }
- DigestMethod odm = (DigestMethod)o;
-
- boolean paramsEqual = (params == null ? odm.getParameterSpec() == null :
- params.equals(odm.getParameterSpec()));
-
- return (getAlgorithm().equals(odm.getAlgorithm()) && paramsEqual);
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (params != null) {
- result = 31 * result + params.hashCode();
- }
- String algorithm = getAlgorithm();
- if (algorithm != null) {
- result = 31 * result + algorithm.hashCode();
- }
-
- return result;
- }
-
- /**
- * Marshals the algorithm-specific parameters to an Element and
- * appends it to the specified parent element. By default, this method
- * throws an exception since most DigestMethod algorithms do not have
- * parameters. Subclasses should override it if they have parameters.
- *
- * @param parent the parent element to append the parameters to
- * @param the namespace prefix to use
- * @throws MarshalException if the parameters cannot be marshalled
- */
- void marshalParams(Element parent, String prefix)
- throws MarshalException
- {
- throw new MarshalException("no parameters should " +
- "be specified for the " +
- getMessageDigestAlgorithm() +
- " DigestMethod algorithm");
- }
-
- /**
- * Returns the MessageDigest standard algorithm name.
- */
- abstract String getMessageDigestAlgorithm();
-
- static final class SHA1 extends DOMDigestMethod {
- SHA1(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA1(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return DigestMethod.SHA1;
- }
- String getMessageDigestAlgorithm() {
- return "SHA-1";
- }
- }
-
- static final class SHA256 extends DOMDigestMethod {
- SHA256(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA256(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return DigestMethod.SHA256;
- }
- String getMessageDigestAlgorithm() {
- return "SHA-256";
- }
- }
-
- static final class SHA384 extends DOMDigestMethod {
- SHA384(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA384(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return SHA384;
- }
- String getMessageDigestAlgorithm() {
- return "SHA-384";
- }
- }
-
- static final class SHA512 extends DOMDigestMethod {
- SHA512(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA512(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return DigestMethod.SHA512;
- }
- String getMessageDigestAlgorithm() {
- return "SHA-512";
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMEnvelopedTransform.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.security.InvalidAlgorithmParameterException;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-/**
- * DOM-based implementation of Enveloped Signature Transform.
- * (Uses Apache XML-Sec Transform implementation)
- *
- * @author Sean Mullan
- */
-public final class DOMEnvelopedTransform extends ApacheTransform {
-
- public void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException {
- if (params != null) {
- throw new InvalidAlgorithmParameterException("params must be null");
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMExcC14NMethod.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.*;
-import org.w3c.dom.Element;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-
-/**
- * DOM-based implementation of CanonicalizationMethod for Exclusive
- * Canonical XML algorithm (with or without comments).
- * Uses Apache XML-Sec Canonicalizer.
- *
- * @author Sean Mullan
- */
-public final class DOMExcC14NMethod extends ApacheCanonicalizer {
-
- public void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params != null) {
- if (!(params instanceof ExcC14NParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("params must be of type ExcC14NParameterSpec");
- }
- this.params = (C14NMethodParameterSpec)params;
- }
- }
-
- public void init(XMLStructure parent, XMLCryptoContext context)
- throws InvalidAlgorithmParameterException
- {
- super.init(parent, context);
- Element paramsElem = DOMUtils.getFirstChildElement(transformElem);
- if (paramsElem == null) {
- this.params = null;
- this.inclusiveNamespaces = null;
- return;
- }
- unmarshalParams(paramsElem);
- }
-
- private void unmarshalParams(Element paramsElem) {
- String prefixListAttr = paramsElem.getAttributeNS(null, "PrefixList");
- this.inclusiveNamespaces = prefixListAttr;
- int begin = 0;
- int end = prefixListAttr.indexOf(' ');
- List<String> prefixList = new ArrayList<String>();
- while (end != -1) {
- prefixList.add(prefixListAttr.substring(begin, end));
- begin = end + 1;
- end = prefixListAttr.indexOf(' ', begin);
- }
- if (begin <= prefixListAttr.length()) {
- prefixList.add(prefixListAttr.substring(begin));
- }
- this.params = new ExcC14NParameterSpec(prefixList);
- }
-
- public void marshalParams(XMLStructure parent, XMLCryptoContext context)
- throws MarshalException
- {
- super.marshalParams(parent, context);
- AlgorithmParameterSpec spec = getParameterSpec();
- if (spec == null) {
- return;
- }
-
- String prefix = DOMUtils.getNSPrefix(context,
- CanonicalizationMethod.EXCLUSIVE);
- Element eElem = DOMUtils.createElement(ownerDoc,
- "InclusiveNamespaces",
- CanonicalizationMethod.EXCLUSIVE,
- prefix);
- if (prefix == null || prefix.length() == 0) {
- eElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns",
- CanonicalizationMethod.EXCLUSIVE);
- } else {
- eElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
- "xmlns:" + prefix,
- CanonicalizationMethod.EXCLUSIVE);
- }
-
- ExcC14NParameterSpec params = (ExcC14NParameterSpec)spec;
- StringBuffer prefixListAttr = new StringBuffer("");
- @SuppressWarnings("unchecked")
- List<String> prefixList = params.getPrefixList();
- for (int i = 0, size = prefixList.size(); i < size; i++) {
- prefixListAttr.append(prefixList.get(i));
- if (i < size - 1) {
- prefixListAttr.append(" ");
- }
- }
- DOMUtils.setAttribute(eElem, "PrefixList", prefixListAttr.toString());
- this.inclusiveNamespaces = prefixListAttr.toString();
- transformElem.appendChild(eElem);
- }
-
- public String getParamsNSURI() {
- return CanonicalizationMethod.EXCLUSIVE;
- }
-
- public Data transform(Data data, XMLCryptoContext xc)
- throws TransformException
- {
- // ignore comments if dereferencing same-document URI that require
- // you to omit comments, even if the Transform says otherwise -
- // this is to be compliant with section 4.3.3.3 of W3C Rec.
- if (data instanceof DOMSubTreeData) {
- DOMSubTreeData subTree = (DOMSubTreeData)data;
- if (subTree.excludeComments()) {
- try {
- apacheCanonicalizer = Canonicalizer.getInstance
- (CanonicalizationMethod.EXCLUSIVE);
- } catch (InvalidCanonicalizerException ice) {
- throw new TransformException
- ("Couldn't find Canonicalizer for: " +
- CanonicalizationMethod.EXCLUSIVE + ": " +
- ice.getMessage(), ice);
- }
- }
- }
-
- return canonicalize(data, xc);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMHMACSignatureMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.HMACParameterSpec;
-import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SignatureException;
-import java.security.spec.AlgorithmParameterSpec;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import org.apache.jcp.xml.dsig.internal.MacOutputStream;
-
-/**
- * DOM-based implementation of HMAC SignatureMethod.
- *
- * @author Sean Mullan
- */
-public abstract class DOMHMACSignatureMethod extends AbstractDOMSignatureMethod {
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DOMHMACSignatureMethod.class);
-
- // see RFC 4051 for these algorithm definitions
- static final String HMAC_SHA256 =
- "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
- static final String HMAC_SHA384 =
- "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
- static final String HMAC_SHA512 =
- "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
-
- private Mac hmac;
- private int outputLength;
- private boolean outputLengthSet;
- private SignatureMethodParameterSpec params;
-
- /**
- * Creates a <code>DOMHMACSignatureMethod</code> with the specified params
- *
- * @param params algorithm-specific parameters (may be <code>null</code>)
- * @throws InvalidAlgorithmParameterException if params are inappropriate
- */
- DOMHMACSignatureMethod(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- checkParams((SignatureMethodParameterSpec)params);
- this.params = (SignatureMethodParameterSpec)params;
- }
-
- /**
- * Creates a <code>DOMHMACSignatureMethod</code> from an element.
- *
- * @param smElem a SignatureMethod element
- */
- DOMHMACSignatureMethod(Element smElem) throws MarshalException {
- Element paramsElem = DOMUtils.getFirstChildElement(smElem);
- if (paramsElem != null) {
- params = unmarshalParams(paramsElem);
- }
- try {
- checkParams(params);
- } catch (InvalidAlgorithmParameterException iape) {
- throw new MarshalException(iape);
- }
- }
-
- void checkParams(SignatureMethodParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params != null) {
- if (!(params instanceof HMACParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("params must be of type HMACParameterSpec");
- }
- outputLength = ((HMACParameterSpec)params).getOutputLength();
- outputLengthSet = true;
- if (log.isDebugEnabled()) {
- log.debug("Setting outputLength from HMACParameterSpec to: " + outputLength);
- }
- }
- }
-
- public final AlgorithmParameterSpec getParameterSpec() {
- return params;
- }
-
- SignatureMethodParameterSpec unmarshalParams(Element paramsElem)
- throws MarshalException
- {
- outputLength = Integer.valueOf(paramsElem.getFirstChild().getNodeValue()).intValue();
- outputLengthSet = true;
- if (log.isDebugEnabled()) {
- log.debug("unmarshalled outputLength: " + outputLength);
- }
- return new HMACParameterSpec(outputLength);
- }
-
- void marshalParams(Element parent, String prefix)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element hmacElem = DOMUtils.createElement(ownerDoc, "HMACOutputLength",
- XMLSignature.XMLNS, prefix);
- hmacElem.appendChild(ownerDoc.createTextNode
- (String.valueOf(outputLength)));
-
- parent.appendChild(hmacElem);
- }
-
- boolean verify(Key key, SignedInfo si, byte[] sig,
- XMLValidateContext context)
- throws InvalidKeyException, SignatureException, XMLSignatureException
- {
- if (key == null || si == null || sig == null) {
- throw new NullPointerException();
- }
- if (!(key instanceof SecretKey)) {
- throw new InvalidKeyException("key must be SecretKey");
- }
- if (hmac == null) {
- try {
- hmac = Mac.getInstance(getJCAAlgorithm());
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLSignatureException(nsae);
- }
- }
- if (outputLengthSet && outputLength < getDigestLength()) {
- throw new XMLSignatureException
- ("HMACOutputLength must not be less than " + getDigestLength());
- }
- hmac.init((SecretKey)key);
- ((DOMSignedInfo)si).canonicalize(context, new MacOutputStream(hmac));
- byte[] result = hmac.doFinal();
-
- return MessageDigest.isEqual(sig, result);
- }
-
- byte[] sign(Key key, SignedInfo si, XMLSignContext context)
- throws InvalidKeyException, XMLSignatureException
- {
- if (key == null || si == null) {
- throw new NullPointerException();
- }
- if (!(key instanceof SecretKey)) {
- throw new InvalidKeyException("key must be SecretKey");
- }
- if (hmac == null) {
- try {
- hmac = Mac.getInstance(getJCAAlgorithm());
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLSignatureException(nsae);
- }
- }
- if (outputLengthSet && outputLength < getDigestLength()) {
- throw new XMLSignatureException
- ("HMACOutputLength must not be less than " + getDigestLength());
- }
- hmac.init((SecretKey)key);
- ((DOMSignedInfo)si).canonicalize(context, new MacOutputStream(hmac));
- return hmac.doFinal();
- }
-
- boolean paramsEqual(AlgorithmParameterSpec spec) {
- if (getParameterSpec() == spec) {
- return true;
- }
- if (!(spec instanceof HMACParameterSpec)) {
- return false;
- }
- HMACParameterSpec ospec = (HMACParameterSpec)spec;
-
- return (outputLength == ospec.getOutputLength());
- }
-
- Type getAlgorithmType() {
- return Type.HMAC;
- }
-
- /**
- * Returns the output length of the hash/digest.
- */
- abstract int getDigestLength();
-
- static final class SHA1 extends DOMHMACSignatureMethod {
- SHA1(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA1(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return SignatureMethod.HMAC_SHA1;
- }
- String getJCAAlgorithm() {
- return "HmacSHA1";
- }
- int getDigestLength() {
- return 160;
- }
- }
-
- static final class SHA256 extends DOMHMACSignatureMethod {
- SHA256(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA256(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return HMAC_SHA256;
- }
- String getJCAAlgorithm() {
- return "HmacSHA256";
- }
- int getDigestLength() {
- return 256;
- }
- }
-
- static final class SHA384 extends DOMHMACSignatureMethod {
- SHA384(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA384(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return HMAC_SHA384;
- }
- String getJCAAlgorithm() {
- return "HmacSHA384";
- }
- int getDigestLength() {
- return 384;
- }
- }
-
- static final class SHA512 extends DOMHMACSignatureMethod {
- SHA512(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA512(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return HMAC_SHA512;
- }
- String getJCAAlgorithm() {
- return "HmacSHA512";
- }
- int getDigestLength() {
- return 512;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMKeyInfo.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dom.*;
-
-import java.security.Provider;
-import java.util.*;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * DOM-based implementation of KeyInfo.
- *
- * @author Sean Mullan
- */
-public final class DOMKeyInfo extends DOMStructure implements KeyInfo {
-
- private final String id;
- private final List<XMLStructure> keyInfoTypes;
-
- /**
- * Creates a <code>DOMKeyInfo</code>.
- *
- * @param content a list of one or more {@link XMLStructure}s representing
- * key information types. The list is defensively copied to protect
- * against subsequent modification.
- * @param id an ID attribute
- * @throws NullPointerException if <code>content</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>content</code> is empty
- * @throws ClassCastException if <code>content</code> contains any entries
- * that are not of type {@link XMLStructure}
- */
- public DOMKeyInfo(List<? extends XMLStructure> content, String id) {
- if (content == null) {
- throw new NullPointerException("content cannot be null");
- }
- this.keyInfoTypes =
- Collections.unmodifiableList(new ArrayList<XMLStructure>(content));
- if (this.keyInfoTypes.isEmpty()) {
- throw new IllegalArgumentException("content cannot be empty");
- }
- for (int i = 0, size = this.keyInfoTypes.size(); i < size; i++) {
- if (!(this.keyInfoTypes.get(i) instanceof XMLStructure)) {
- throw new ClassCastException
- ("content["+i+"] is not a valid KeyInfo type");
- }
- }
- this.id = id;
- }
-
- /**
- * Creates a <code>DOMKeyInfo</code> from XML.
- *
- * @param kiElem KeyInfo element
- */
- public DOMKeyInfo(Element kiElem, XMLCryptoContext context,
- Provider provider)
- throws MarshalException
- {
- // get Id attribute, if specified
- Attr attr = kiElem.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- id = attr.getValue();
- kiElem.setIdAttributeNode(attr, true);
- } else {
- id = null;
- }
-
- // get all children nodes
- NodeList nl = kiElem.getChildNodes();
- int length = nl.getLength();
- if (length < 1) {
- throw new MarshalException
- ("KeyInfo must contain at least one type");
- }
- List<XMLStructure> content = new ArrayList<XMLStructure>(length);
- for (int i = 0; i < length; i++) {
- Node child = nl.item(i);
- // ignore all non-Element nodes
- if (child.getNodeType() != Node.ELEMENT_NODE) {
- continue;
- }
- Element childElem = (Element)child;
- String localName = childElem.getLocalName();
- if (localName.equals("X509Data")) {
- content.add(new DOMX509Data(childElem));
- } else if (localName.equals("KeyName")) {
- content.add(new DOMKeyName(childElem));
- } else if (localName.equals("KeyValue")) {
- content.add(DOMKeyValue.unmarshal(childElem));
- } else if (localName.equals("RetrievalMethod")) {
- content.add(new DOMRetrievalMethod(childElem,
- context, provider));
- } else if (localName.equals("PGPData")) {
- content.add(new DOMPGPData(childElem));
- } else { //may be MgmtData, SPKIData or element from other namespace
- content.add(new javax.xml.crypto.dom.DOMStructure((childElem)));
- }
- }
- keyInfoTypes = Collections.unmodifiableList(content);
- }
-
- public String getId() {
- return id;
- }
-
- public List getContent() {
- return keyInfoTypes;
- }
-
- public void marshal(XMLStructure parent, XMLCryptoContext context)
- throws MarshalException
- {
- if (parent == null || !(parent instanceof javax.xml.crypto.dom.DOMStructure)) {
- throw new ClassCastException("parent must be of type DOMStructure");
- }
-
- Node pNode = ((javax.xml.crypto.dom.DOMStructure)parent).getNode();
- String dsPrefix = DOMUtils.getSignaturePrefix(context);
- Element kiElem = DOMUtils.createElement
- (DOMUtils.getOwnerDocument(pNode), "KeyInfo",
- XMLSignature.XMLNS, dsPrefix);
- if (dsPrefix == null || dsPrefix.length() == 0) {
- kiElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
- "xmlns", XMLSignature.XMLNS);
- } else {
- kiElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
- "xmlns:" + dsPrefix, XMLSignature.XMLNS);
- }
- marshal(pNode, kiElem, null, dsPrefix, (DOMCryptoContext)context);
- }
-
- public void marshal(Node parent, String dsPrefix,
- DOMCryptoContext context)
- throws MarshalException
- {
- marshal(parent, null, dsPrefix, context);
- }
-
- public void marshal(Node parent, Node nextSibling, String dsPrefix,
- DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element kiElem = DOMUtils.createElement(ownerDoc, "KeyInfo",
- XMLSignature.XMLNS, dsPrefix);
- marshal(parent, kiElem, nextSibling, dsPrefix, context);
- }
-
- private void marshal(Node parent, Element kiElem, Node nextSibling,
- String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- // create and append KeyInfoType elements
- for (XMLStructure kiType : keyInfoTypes) {
- if (kiType instanceof DOMStructure) {
- ((DOMStructure)kiType).marshal(kiElem, dsPrefix, context);
- } else {
- DOMUtils.appendChild(kiElem,
- ((javax.xml.crypto.dom.DOMStructure)kiType).getNode());
- }
- }
-
- // append id attribute
- DOMUtils.setAttributeID(kiElem, "Id", id);
-
- parent.insertBefore(kiElem, nextSibling);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof KeyInfo)) {
- return false;
- }
- KeyInfo oki = (KeyInfo)o;
-
- boolean idsEqual = (id == null ? oki.getId() == null
- : id.equals(oki.getId()));
-
- return (keyInfoTypes.equals(oki.getContent()) && idsEqual);
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (id != null) {
- result = 31 * result + id.hashCode();
- }
- if (keyInfoTypes != null) {
- result = 31 * result + keyInfoTypes.hashCode();
- }
-
- return result;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMKeyInfoFactory.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.math.BigInteger;
-import java.security.KeyException;
-import java.security.PublicKey;
-import java.util.List;
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.keyinfo.*;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * DOM-based implementation of KeyInfoFactory.
- *
- * @author Sean Mullan
- */
-public final class DOMKeyInfoFactory extends KeyInfoFactory {
-
- public DOMKeyInfoFactory() { }
-
- public KeyInfo newKeyInfo(List content) {
- return newKeyInfo(content, null);
- }
-
- @SuppressWarnings("unchecked")
- public KeyInfo newKeyInfo(List content, String id) {
- return new DOMKeyInfo(content, id);
- }
-
- public KeyName newKeyName(String name) {
- return new DOMKeyName(name);
- }
-
- public KeyValue newKeyValue(PublicKey key) throws KeyException {
- String algorithm = key.getAlgorithm();
- if (algorithm.equals("DSA")) {
- return new DOMKeyValue.DSA(key);
- } else if (algorithm.equals("RSA")) {
- return new DOMKeyValue.RSA(key);
- } else if (algorithm.equals("EC")) {
- return new DOMKeyValue.EC(key);
- } else {
- throw new KeyException("unsupported key algorithm: " + algorithm);
- }
- }
-
- public PGPData newPGPData(byte[] keyId) {
- return newPGPData(keyId, null, null);
- }
-
- @SuppressWarnings("unchecked")
- public PGPData newPGPData(byte[] keyId, byte[] keyPacket, List other) {
- return new DOMPGPData(keyId, keyPacket, other);
- }
-
- @SuppressWarnings("unchecked")
- public PGPData newPGPData(byte[] keyPacket, List other) {
- return new DOMPGPData(keyPacket, other);
- }
-
- public RetrievalMethod newRetrievalMethod(String uri) {
- return newRetrievalMethod(uri, null, null);
- }
-
- @SuppressWarnings("unchecked")
- public RetrievalMethod newRetrievalMethod(String uri, String type,
- List transforms) {
- if (uri == null) {
- throw new NullPointerException("uri must not be null");
- }
- return new DOMRetrievalMethod(uri, type, transforms);
- }
-
- @SuppressWarnings("unchecked")
- public X509Data newX509Data(List content) {
- return new DOMX509Data(content);
- }
-
- public X509IssuerSerial newX509IssuerSerial(String issuerName,
- BigInteger serialNumber) {
- return new DOMX509IssuerSerial(issuerName, serialNumber);
- }
-
- public boolean isFeatureSupported(String feature) {
- if (feature == null) {
- throw new NullPointerException();
- } else {
- return false;
- }
- }
-
- public URIDereferencer getURIDereferencer() {
- return DOMURIDereferencer.INSTANCE;
- }
-
- public KeyInfo unmarshalKeyInfo(XMLStructure xmlStructure)
- throws MarshalException {
- if (xmlStructure == null || !(xmlStructure instanceof javax.xml.crypto.dom.DOMStructure)) {
- throw new ClassCastException("xmlStructure must be of type DOMStructure");
- }
- Node node =
- ((javax.xml.crypto.dom.DOMStructure) xmlStructure).getNode();
- node.normalize();
-
- Element element = null;
- if (node.getNodeType() == Node.DOCUMENT_NODE) {
- element = ((Document) node).getDocumentElement();
- } else if (node.getNodeType() == Node.ELEMENT_NODE) {
- element = (Element) node;
- } else {
- throw new MarshalException
- ("xmlStructure does not contain a proper Node");
- }
-
- // check tag
- String tag = element.getLocalName();
- if (tag == null) {
- throw new MarshalException("Document implementation must " +
- "support DOM Level 2 and be namespace aware");
- }
- if (tag.equals("KeyInfo")) {
- return new DOMKeyInfo(element, new UnmarshalContext(), getProvider());
- } else {
- throw new MarshalException("invalid KeyInfo tag: " + tag);
- }
- }
-
- private static class UnmarshalContext extends DOMCryptoContext {
- UnmarshalContext() {}
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMKeyName.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.keyinfo.KeyName;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * DOM-based implementation of KeyName.
- *
- * @author Sean Mullan
- */
-public final class DOMKeyName extends DOMStructure implements KeyName {
-
- private final String name;
-
- /**
- * Creates a <code>DOMKeyName</code>.
- *
- * @param name the name of the key identifier
- * @throws NullPointerException if <code>name</code> is null
- */
- public DOMKeyName(String name) {
- if (name == null) {
- throw new NullPointerException("name cannot be null");
- }
- this.name = name;
- }
-
- /**
- * Creates a <code>DOMKeyName</code> from a KeyName element.
- *
- * @param knElem a KeyName element
- */
- public DOMKeyName(Element knElem) {
- name = knElem.getFirstChild().getNodeValue();
- }
-
- public String getName() {
- return name;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- // prepend namespace prefix, if necessary
- Element knElem = DOMUtils.createElement(ownerDoc, "KeyName",
- XMLSignature.XMLNS, dsPrefix);
- knElem.appendChild(ownerDoc.createTextNode(name));
- parent.appendChild(knElem);
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (!(obj instanceof KeyName)) {
- return false;
- }
- KeyName okn = (KeyName)obj;
- return name.equals(okn.getName());
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (name != null) {
- result = 31 * result + name.hashCode();
- }
-
- return result;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMKeyValue.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.keyinfo.KeyValue;
-
-// import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.KeyException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.security.PublicKey;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPublicKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.DSAPublicKeySpec;
-import java.security.spec.ECParameterSpec;
-import java.security.spec.ECPoint;
-import java.security.spec.ECPublicKeySpec;
-import java.security.spec.EllipticCurve;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.utils.Base64;
-
-/**
- * DOM-based implementation of KeyValue.
- *
- * @author Sean Mullan
- */
-public abstract class DOMKeyValue extends DOMStructure implements KeyValue {
-
- private static final String XMLDSIG_11_XMLNS
- = "http://www.w3.org/2009/xmldsig11#";
- private final PublicKey publicKey;
-
- public DOMKeyValue(PublicKey key) throws KeyException {
- if (key == null) {
- throw new NullPointerException("key cannot be null");
- }
- this.publicKey = key;
- }
-
- /**
- * Creates a <code>DOMKeyValue</code> from an element.
- *
- * @param kvtElem a KeyValue child element
- */
- public DOMKeyValue(Element kvtElem) throws MarshalException {
- this.publicKey = unmarshalKeyValue(kvtElem);
- }
-
- static KeyValue unmarshal(Element kvElem) throws MarshalException {
- Element kvtElem = DOMUtils.getFirstChildElement(kvElem);
- if (kvtElem.getLocalName().equals("DSAKeyValue")) {
- return new DSA(kvtElem);
- } else if (kvtElem.getLocalName().equals("RSAKeyValue")) {
- return new RSA(kvtElem);
- } else if (kvtElem.getLocalName().equals("ECKeyValue")) {
- return new EC(kvtElem);
- } else {
- return new Unknown(kvtElem);
- }
- }
-
- public PublicKey getPublicKey() throws KeyException {
- if (publicKey == null) {
- throw new KeyException("can't convert KeyValue to PublicKey");
- } else {
- return publicKey;
- }
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
-
- // create KeyValue element
- Element kvElem = DOMUtils.createElement(ownerDoc, "KeyValue",
- XMLSignature.XMLNS, dsPrefix);
- marshalPublicKey(kvElem, ownerDoc, dsPrefix, context);
-
- parent.appendChild(kvElem);
- }
-
- abstract void marshalPublicKey(Node parent, Document doc, String dsPrefix,
- DOMCryptoContext context) throws MarshalException;
-
- abstract PublicKey unmarshalKeyValue(Element kvtElem)
- throws MarshalException;
-
- private static PublicKey generatePublicKey(KeyFactory kf, KeySpec keyspec) {
- try {
- return kf.generatePublic(keyspec);
- } catch (InvalidKeySpecException e) {
- //@@@ should dump exception to log
- return null;
- }
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (!(obj instanceof KeyValue)) {
- return false;
- }
- try {
- KeyValue kv = (KeyValue)obj;
- if (publicKey == null ) {
- if (kv.getPublicKey() != null) {
- return false;
- }
- } else if (!publicKey.equals(kv.getPublicKey())) {
- return false;
- }
- } catch (KeyException ke) {
- // no practical way to determine if the keys are equal
- return false;
- }
-
- return true;
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (publicKey != null) {
- result = 31 * result + publicKey.hashCode();
- }
-
- return result;
- }
-
- static final class RSA extends DOMKeyValue {
- // RSAKeyValue CryptoBinaries
- private DOMCryptoBinary modulus, exponent;
- private KeyFactory rsakf;
-
- RSA(PublicKey key) throws KeyException {
- super(key);
- RSAPublicKey rkey = (RSAPublicKey)key;
- exponent = new DOMCryptoBinary(rkey.getPublicExponent());
- modulus = new DOMCryptoBinary(rkey.getModulus());
- }
-
- RSA(Element elem) throws MarshalException {
- super(elem);
- }
-
- void marshalPublicKey(Node parent, Document doc, String dsPrefix,
- DOMCryptoContext context) throws MarshalException {
- Element rsaElem = DOMUtils.createElement(doc, "RSAKeyValue",
- XMLSignature.XMLNS,
- dsPrefix);
- Element modulusElem = DOMUtils.createElement(doc, "Modulus",
- XMLSignature.XMLNS,
- dsPrefix);
- Element exponentElem = DOMUtils.createElement(doc, "Exponent",
- XMLSignature.XMLNS,
- dsPrefix);
- modulus.marshal(modulusElem, dsPrefix, context);
- exponent.marshal(exponentElem, dsPrefix, context);
- rsaElem.appendChild(modulusElem);
- rsaElem.appendChild(exponentElem);
- parent.appendChild(rsaElem);
- }
-
- PublicKey unmarshalKeyValue(Element kvtElem)
- throws MarshalException
- {
- if (rsakf == null) {
- try {
- rsakf = KeyFactory.getInstance("RSA");
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException
- ("unable to create RSA KeyFactory: " + e.getMessage());
- }
- }
- Element modulusElem = DOMUtils.getFirstChildElement(kvtElem);
- modulus = new DOMCryptoBinary(modulusElem.getFirstChild());
- Element exponentElem = DOMUtils.getNextSiblingElement(modulusElem);
- exponent = new DOMCryptoBinary(exponentElem.getFirstChild());
- RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus.getBigNum(),
- exponent.getBigNum());
- return generatePublicKey(rsakf, spec);
- }
- }
-
- static final class DSA extends DOMKeyValue {
- // DSAKeyValue CryptoBinaries
- private DOMCryptoBinary p, q, g, y, j; //, seed, pgen;
- private KeyFactory dsakf;
-
- DSA(PublicKey key) throws KeyException {
- super(key);
- DSAPublicKey dkey = (DSAPublicKey) key;
- DSAParams params = dkey.getParams();
- p = new DOMCryptoBinary(params.getP());
- q = new DOMCryptoBinary(params.getQ());
- g = new DOMCryptoBinary(params.getG());
- y = new DOMCryptoBinary(dkey.getY());
- }
-
- DSA(Element elem) throws MarshalException {
- super(elem);
- }
-
- void marshalPublicKey(Node parent, Document doc, String dsPrefix,
- DOMCryptoContext context)
- throws MarshalException
- {
- Element dsaElem = DOMUtils.createElement(doc, "DSAKeyValue",
- XMLSignature.XMLNS,
- dsPrefix);
- // parameters J, Seed & PgenCounter are not included
- Element pElem = DOMUtils.createElement(doc, "P", XMLSignature.XMLNS,
- dsPrefix);
- Element qElem = DOMUtils.createElement(doc, "Q", XMLSignature.XMLNS,
- dsPrefix);
- Element gElem = DOMUtils.createElement(doc, "G", XMLSignature.XMLNS,
- dsPrefix);
- Element yElem = DOMUtils.createElement(doc, "Y", XMLSignature.XMLNS,
- dsPrefix);
- p.marshal(pElem, dsPrefix, context);
- q.marshal(qElem, dsPrefix, context);
- g.marshal(gElem, dsPrefix, context);
- y.marshal(yElem, dsPrefix, context);
- dsaElem.appendChild(pElem);
- dsaElem.appendChild(qElem);
- dsaElem.appendChild(gElem);
- dsaElem.appendChild(yElem);
- parent.appendChild(dsaElem);
- }
-
- PublicKey unmarshalKeyValue(Element kvtElem)
- throws MarshalException
- {
- if (dsakf == null) {
- try {
- dsakf = KeyFactory.getInstance("DSA");
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException
- ("unable to create DSA KeyFactory: " + e.getMessage());
- }
- }
- Element curElem = DOMUtils.getFirstChildElement(kvtElem);
- // check for P and Q
- if (curElem.getLocalName().equals("P")) {
- p = new DOMCryptoBinary(curElem.getFirstChild());
- curElem = DOMUtils.getNextSiblingElement(curElem);
- q = new DOMCryptoBinary(curElem.getFirstChild());
- curElem = DOMUtils.getNextSiblingElement(curElem);
- }
- if (curElem.getLocalName().equals("G")) {
- g = new DOMCryptoBinary(curElem.getFirstChild());
- curElem = DOMUtils.getNextSiblingElement(curElem);
- }
- y = new DOMCryptoBinary(curElem.getFirstChild());
- curElem = DOMUtils.getNextSiblingElement(curElem);
- if (curElem != null && curElem.getLocalName().equals("J")) {
- j = new DOMCryptoBinary(curElem.getFirstChild());
- // curElem = DOMUtils.getNextSiblingElement(curElem);
- }
- /*
- if (curElem != null) {
- seed = new DOMCryptoBinary(curElem.getFirstChild());
- curElem = DOMUtils.getNextSiblingElement(curElem);
- pgen = new DOMCryptoBinary(curElem.getFirstChild());
- }
- */
- //@@@ do we care about j, pgenCounter or seed?
- DSAPublicKeySpec spec = new DSAPublicKeySpec(y.getBigNum(),
- p.getBigNum(),
- q.getBigNum(),
- g.getBigNum());
- return generatePublicKey(dsakf, spec);
- }
- }
-
- static final class EC extends DOMKeyValue {
- // ECKeyValue CryptoBinaries
- private byte[] ecPublicKey;
- private KeyFactory eckf;
- private ECParameterSpec ecParams;
- private Method encodePoint, decodePoint, getCurveName,
- getECParameterSpec;
-
- EC(PublicKey key) throws KeyException {
- super(key);
- ECPublicKey ecKey = (ECPublicKey)key;
- ECPoint ecPoint = ecKey.getW();
- ecParams = ecKey.getParams();
- try {
- AccessController.doPrivileged(
- new PrivilegedExceptionAction<Void>() {
- public Void run() throws
- ClassNotFoundException, NoSuchMethodException
- {
- getMethods();
- return null;
- }
- }
- );
- } catch (PrivilegedActionException pae) {
- throw new KeyException("ECKeyValue not supported",
- pae.getException());
- }
- Object[] args = new Object[] { ecPoint, ecParams.getCurve() };
- try {
- ecPublicKey = (byte[])encodePoint.invoke(null, args);
- } catch (IllegalAccessException iae) {
- throw new KeyException(iae);
- } catch (InvocationTargetException ite) {
- throw new KeyException(ite);
- }
- }
-
- EC(Element dmElem) throws MarshalException {
- super(dmElem);
- }
-
- void getMethods() throws ClassNotFoundException, NoSuchMethodException {
- Class c = Class.forName("sun.security.ec.ECParameters");
- Class[] params = new Class[] { ECPoint.class, EllipticCurve.class };
- encodePoint = c.getMethod("encodePoint", params);
- params = new Class[] { ECParameterSpec.class };
- getCurveName = c.getMethod("getCurveName", params);
- params = new Class[] { byte[].class, EllipticCurve.class };
- decodePoint = c.getMethod("decodePoint", params);
- c = Class.forName("sun.security.ec.NamedCurve");
- params = new Class[] { String.class };
- getECParameterSpec = c.getMethod("getECParameterSpec", params);
- }
-
- void marshalPublicKey(Node parent, Document doc, String dsPrefix,
- DOMCryptoContext context)
- throws MarshalException
- {
- String prefix = DOMUtils.getNSPrefix(context, XMLDSIG_11_XMLNS);
- Element ecKeyValueElem = DOMUtils.createElement(doc, "ECKeyValue",
- XMLDSIG_11_XMLNS,
- prefix);
- Element namedCurveElem = DOMUtils.createElement(doc, "NamedCurve",
- XMLDSIG_11_XMLNS,
- prefix);
- Element publicKeyElem = DOMUtils.createElement(doc, "PublicKey",
- XMLDSIG_11_XMLNS,
- prefix);
- Object[] args = new Object[] { ecParams };
- try {
- String oid = (String) getCurveName.invoke(null, args);
- DOMUtils.setAttribute(namedCurveElem, "URI", "urn:oid:" + oid);
- } catch (IllegalAccessException iae) {
- throw new MarshalException(iae);
- } catch (InvocationTargetException ite) {
- throw new MarshalException(ite);
- }
- String qname = (prefix == null || prefix.length() == 0)
- ? "xmlns" : "xmlns:" + prefix;
- namedCurveElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
- qname, XMLDSIG_11_XMLNS);
- ecKeyValueElem.appendChild(namedCurveElem);
- String encoded = Base64.encode(ecPublicKey);
- publicKeyElem.appendChild
- (DOMUtils.getOwnerDocument(publicKeyElem).createTextNode(encoded));
- ecKeyValueElem.appendChild(publicKeyElem);
- parent.appendChild(ecKeyValueElem);
- }
-
- PublicKey unmarshalKeyValue(Element kvtElem)
- throws MarshalException
- {
- if (eckf == null) {
- try {
- eckf = KeyFactory.getInstance("EC");
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException
- ("unable to create EC KeyFactory: " + e.getMessage());
- }
- }
- try {
- AccessController.doPrivileged(
- new PrivilegedExceptionAction<Void>() {
- public Void run() throws
- ClassNotFoundException, NoSuchMethodException
- {
- getMethods();
- return null;
- }
- }
- );
- } catch (PrivilegedActionException pae) {
- throw new MarshalException("ECKeyValue not supported",
- pae.getException());
- }
- ECParameterSpec ecParams = null;
- Element curElem = DOMUtils.getFirstChildElement(kvtElem);
- if (curElem.getLocalName().equals("ECParameters")) {
- throw new UnsupportedOperationException
- ("ECParameters not supported");
- } else if (curElem.getLocalName().equals("NamedCurve")) {
- String uri = DOMUtils.getAttributeValue(curElem, "URI");
- // strip off "urn:oid"
- if (uri.startsWith("urn:oid:")) {
- String oid = uri.substring(8);
- try {
- Object[] args = new Object[] { oid };
- ecParams = (ECParameterSpec)
- getECParameterSpec.invoke(null, args);
- } catch (IllegalAccessException iae) {
- throw new MarshalException(iae);
- } catch (InvocationTargetException ite) {
- throw new MarshalException(ite);
- }
- } else {
- throw new MarshalException("Invalid NamedCurve URI");
- }
- } else {
- throw new MarshalException("Invalid ECKeyValue");
- }
- curElem = DOMUtils.getNextSiblingElement(curElem);
- ECPoint ecPoint = null;
- try {
- Object[] args = new Object[] { Base64.decode(curElem),
- ecParams.getCurve() };
- ecPoint = (ECPoint)decodePoint.invoke(null, args);
- } catch (Base64DecodingException bde) {
- throw new MarshalException("Invalid EC PublicKey", bde);
- } catch (IllegalAccessException iae) {
- throw new MarshalException(iae);
- } catch (InvocationTargetException ite) {
- throw new MarshalException(ite);
- }
-/*
- ecPoint = sun.security.ec.ECParameters.decodePoint(
- Base64.decode(curElem), ecParams.getCurve());
-*/
- ECPublicKeySpec spec = new ECPublicKeySpec(ecPoint, ecParams);
- return generatePublicKey(eckf, spec);
- }
- }
-
- static final class Unknown extends DOMKeyValue {
- private javax.xml.crypto.dom.DOMStructure externalPublicKey;
- Unknown(Element elem) throws MarshalException {
- super(elem);
- }
- PublicKey unmarshalKeyValue(Element kvElem) throws MarshalException {
- externalPublicKey = new javax.xml.crypto.dom.DOMStructure(kvElem);
- return null;
- }
- void marshalPublicKey(Node parent, Document doc, String dsPrefix,
- DOMCryptoContext context)
- throws MarshalException
- {
- parent.appendChild(externalPublicKey.getNode());
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMManifest.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-
-import java.security.Provider;
-import java.util.*;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * DOM-based implementation of Manifest.
- *
- * @author Sean Mullan
- */
-public final class DOMManifest extends DOMStructure implements Manifest {
-
- private final List<Reference> references;
- private final String id;
-
- /**
- * Creates a <code>DOMManifest</code> containing the specified
- * list of {@link Reference}s and optional id.
- *
- * @param references a list of one or more <code>Reference</code>s. The list
- * is defensively copied to protect against subsequent modification.
- * @param id the id (may be <code>null</code>
- * @throws NullPointerException if <code>references</code> is
- * <code>null</code>
- * @throws IllegalArgumentException if <code>references</code> is empty
- * @throws ClassCastException if <code>references</code> contains any
- * entries that are not of type {@link Reference}
- */
- public DOMManifest(List<? extends Reference> references, String id) {
- if (references == null) {
- throw new NullPointerException("references cannot be null");
- }
- this.references =
- Collections.unmodifiableList(new ArrayList<Reference>(references));
- if (this.references.isEmpty()) {
- throw new IllegalArgumentException("list of references must " +
- "contain at least one entry");
- }
- for (int i = 0, size = this.references.size(); i < size; i++) {
- if (!(this.references.get(i) instanceof Reference)) {
- throw new ClassCastException
- ("references["+i+"] is not a valid type");
- }
- }
- this.id = id;
- }
-
- /**
- * Creates a <code>DOMManifest</code> from an element.
- *
- * @param manElem a Manifest element
- */
- public DOMManifest(Element manElem, XMLCryptoContext context,
- Provider provider)
- throws MarshalException
- {
- Attr attr = manElem.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- this.id = attr.getValue();
- manElem.setIdAttributeNode(attr, true);
- } else {
- this.id = null;
- }
-
- Boolean secureValidation = (Boolean)
- context.getProperty("org.apache.jcp.xml.dsig.secureValidation");
- boolean secVal = false;
- if (secureValidation != null && secureValidation.booleanValue()) {
- secVal = true;
- }
-
- Element refElem = DOMUtils.getFirstChildElement(manElem);
- List<Reference> refs = new ArrayList<Reference>();
-
- int refCount = 0;
- while (refElem != null) {
- refs.add(new DOMReference(refElem, context, provider));
- refElem = DOMUtils.getNextSiblingElement(refElem);
-
- refCount++;
- if (secVal && (refCount > DOMSignedInfo.MAXIMUM_REFERENCE_COUNT)) {
- String error = "A maxiumum of " + DOMSignedInfo.MAXIMUM_REFERENCE_COUNT + " "
- + "references per Manifest are allowed with secure validation";
- throw new MarshalException(error);
- }
- }
- this.references = Collections.unmodifiableList(refs);
- }
-
- public String getId() {
- return id;
- }
-
- public List getReferences() {
- return references;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element manElem = DOMUtils.createElement(ownerDoc, "Manifest",
- XMLSignature.XMLNS, dsPrefix);
-
- DOMUtils.setAttributeID(manElem, "Id", id);
-
- // add references
- for (Reference ref : references) {
- ((DOMReference)ref).marshal(manElem, dsPrefix, context);
- }
- parent.appendChild(manElem);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof Manifest)) {
- return false;
- }
- Manifest oman = (Manifest)o;
-
- boolean idsEqual = (id == null ? oman.getId() == null
- : id.equals(oman.getId()));
-
- return (idsEqual && references.equals(oman.getReferences()));
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (id != null) {
- result = 31 * result + id.hashCode();
- }
- if (references != null) {
- result = 31 * result + references.hashCode();
- }
-
- return result;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMPGPData.java 1203846 2011-11-18 21:18:17Z mullan $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.util.*;
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.keyinfo.PGPData;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.utils.Base64;
-
-/**
- * DOM-based implementation of PGPData.
- *
- * @author Sean Mullan
- */
-public final class DOMPGPData extends DOMStructure implements PGPData {
-
- private final byte[] keyId;
- private final byte[] keyPacket;
- private final List<XMLStructure> externalElements;
-
- /**
- * Creates a <code>DOMPGPData</code> containing the specified key packet.
- * and optional list of external elements.
- *
- * @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
- * <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a>. The
- * array is cloned to prevent subsequent modification.
- * @param other a list of {@link XMLStructure}s representing elements from
- * an external namespace. The list is defensively copied to prevent
- * subsequent modification. May be <code>null</code> or empty.
- * @throws NullPointerException if <code>keyPacket</code> is
- * <code>null</code>
- * @throws IllegalArgumentException if the key packet is not in the
- * correct format
- * @throws ClassCastException if <code>other</code> contains any
- * entries that are not of type {@link XMLStructure}
- */
- public DOMPGPData(byte[] keyPacket, List<? extends XMLStructure> other) {
- if (keyPacket == null) {
- throw new NullPointerException("keyPacket cannot be null");
- }
- if (other == null || other.isEmpty()) {
- this.externalElements = Collections.emptyList();
- } else {
- this.externalElements =
- Collections.unmodifiableList(new ArrayList<XMLStructure>(other));
- for (int i = 0, size = this.externalElements.size(); i < size; i++) {
- if (!(this.externalElements.get(i) instanceof XMLStructure)) {
- throw new ClassCastException
- ("other["+i+"] is not a valid PGPData type");
- }
- }
- }
- this.keyPacket = (byte[])keyPacket.clone();
- checkKeyPacket(keyPacket);
- this.keyId = null;
- }
-
- /**
- * Creates a <code>DOMPGPData</code> containing the specified key id and
- * optional key packet and list of external elements.
- *
- * @param keyId a PGP public key id as defined in section 11.2 of
- * <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a>. The
- * array is cloned to prevent subsequent modification.
- * @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
- * <a href="http://www.ietf.org/rfc/rfc2440.txt"/>RFC 2440</a> (may
- * be <code>null</code>). The array is cloned to prevent subsequent
- * modification.
- * @param other a list of {@link XMLStructure}s representing elements from
- * an external namespace. The list is defensively copied to prevent
- * subsequent modification. May be <code>null</code> or empty.
- * @throws NullPointerException if <code>keyId</code> is <code>null</code>
- * @throws IllegalArgumentException if the key id or packet is not in the
- * correct format
- * @throws ClassCastException if <code>other</code> contains any
- * entries that are not of type {@link XMLStructure}
- */
- public DOMPGPData(byte[] keyId, byte[] keyPacket,
- List<? extends XMLStructure> other)
- {
- if (keyId == null) {
- throw new NullPointerException("keyId cannot be null");
- }
- // key ids must be 8 bytes
- if (keyId.length != 8) {
- throw new IllegalArgumentException("keyId must be 8 bytes long");
- }
- if (other == null || other.isEmpty()) {
- this.externalElements = Collections.emptyList();
- } else {
- this.externalElements =
- Collections.unmodifiableList(new ArrayList<XMLStructure>(other));
- for (int i = 0, size = this.externalElements.size(); i < size; i++) {
- if (!(this.externalElements.get(i) instanceof XMLStructure)) {
- throw new ClassCastException
- ("other["+i+"] is not a valid PGPData type");
- }
- }
- }
- this.keyId = (byte[])keyId.clone();
- this.keyPacket = keyPacket == null ? null
- : (byte[])keyPacket.clone();
- if (keyPacket != null) {
- checkKeyPacket(keyPacket);
- }
- }
-
- /**
- * Creates a <code>DOMPGPData</code> from an element.
- *
- * @param pdElem a PGPData element
- */
- public DOMPGPData(Element pdElem) throws MarshalException {
- // get all children nodes
- byte[] keyId = null;
- byte[] keyPacket = null;
- NodeList nl = pdElem.getChildNodes();
- int length = nl.getLength();
- List<XMLStructure> other = new ArrayList<XMLStructure>(length);
- for (int x = 0; x < length; x++) {
- Node n = nl.item(x);
- if (n.getNodeType() == Node.ELEMENT_NODE) {
- Element childElem = (Element)n;
- String localName = childElem.getLocalName();
- try {
- if (localName.equals("PGPKeyID")) {
- keyId = Base64.decode(childElem);
- } else if (localName.equals("PGPKeyPacket")){
- keyPacket = Base64.decode(childElem);
- } else {
- other.add
- (new javax.xml.crypto.dom.DOMStructure(childElem));
- }
- } catch (Base64DecodingException bde) {
- throw new MarshalException(bde);
- }
- }
- }
- this.keyId = keyId;
- this.keyPacket = keyPacket;
- this.externalElements = Collections.unmodifiableList(other);
- }
-
- public byte[] getKeyId() {
- return (keyId == null ? null : (byte[])keyId.clone());
- }
-
- public byte[] getKeyPacket() {
- return (keyPacket == null ? null : (byte[])keyPacket.clone());
- }
-
- public List getExternalElements() {
- return externalElements;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element pdElem = DOMUtils.createElement(ownerDoc, "PGPData",
- XMLSignature.XMLNS, dsPrefix);
-
- // create and append PGPKeyID element
- if (keyId != null) {
- Element keyIdElem = DOMUtils.createElement(ownerDoc, "PGPKeyID",
- XMLSignature.XMLNS,
- dsPrefix);
- keyIdElem.appendChild
- (ownerDoc.createTextNode(Base64.encode(keyId)));
- pdElem.appendChild(keyIdElem);
- }
-
- // create and append PGPKeyPacket element
- if (keyPacket != null) {
- Element keyPktElem = DOMUtils.createElement(ownerDoc,
- "PGPKeyPacket",
- XMLSignature.XMLNS,
- dsPrefix);
- keyPktElem.appendChild
- (ownerDoc.createTextNode(Base64.encode(keyPacket)));
- pdElem.appendChild(keyPktElem);
- }
-
- // create and append any elements
- for (XMLStructure extElem : externalElements) {
- DOMUtils.appendChild(pdElem, ((javax.xml.crypto.dom.DOMStructure)
- extElem).getNode());
- }
-
- parent.appendChild(pdElem);
- }
-
- /**
- * We assume packets use the new format packet syntax, as specified in
- * section 4 of RFC 2440.
- *
- * This method only checks if the packet contains a valid tag. The
- * contents of the packet should be checked by the application.
- */
- private void checkKeyPacket(byte[] keyPacket) {
- // length must be at least 3 (one byte for tag, one byte for length,
- // and minimally one byte of content
- if (keyPacket.length < 3) {
- throw new IllegalArgumentException("keypacket must be at least " +
- "3 bytes long");
- }
-
- int tag = keyPacket[0];
- // first bit must be set
- if ((tag & 128) != 128) {
- throw new IllegalArgumentException("keypacket tag is invalid: " +
- "bit 7 is not set");
- }
- // make sure using new format
- if ((tag & 64) != 64) {
- throw new IllegalArgumentException("old keypacket tag format is " +
- "unsupported");
- }
-
- // tag value must be 6, 14, 5 or 7
- if (((tag & 6) != 6) && ((tag & 14) != 14) &&
- ((tag & 5) != 5) && ((tag & 7) != 7)) {
- throw new IllegalArgumentException("keypacket tag is invalid: " +
- "must be 6, 14, 5, or 7");
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Portions copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * ===========================================================================
- *
- * (C) Copyright IBM Corp. 2003 All Rights Reserved.
- *
- * ===========================================================================
- */
-/*
- * $Id: DOMReference.java 1334007 2012-05-04 14:59:46Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dom.DOMURIReference;
-
-import java.io.*;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.*;
-import java.util.*;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import org.apache.jcp.xml.dsig.internal.DigesterOutputStream;
-import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
-
-/**
- * DOM-based implementation of Reference.
- *
- * @author Sean Mullan
- * @author Joyce Leung
- */
-public final class DOMReference extends DOMStructure
- implements Reference, DOMURIReference {
-
- /**
- * The maximum number of transforms per reference, if secure validation is enabled.
- */
- public static final int MAXIMUM_TRANSFORM_COUNT = 5;
-
- /**
- * Look up useC14N11 system property. If true, an explicit C14N11 transform
- * will be added if necessary when generating the signature. See section
- * 3.1.1 of http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ for more info.
- *
- * If true, overrides the same property if set in the XMLSignContext.
- */
- private static boolean useC14N11 =
- AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
- public Boolean run() {
- return Boolean.valueOf(Boolean.getBoolean
- ("com.sun.org.apache.xml.internal.security.useC14N11"));
- }
- });
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DOMReference.class);
-
- private final DigestMethod digestMethod;
- private final String id;
- private final List<Transform> transforms;
- private List<Transform> allTransforms;
- private final Data appliedTransformData;
- private Attr here;
- private final String uri;
- private final String type;
- private byte[] digestValue;
- private byte[] calcDigestValue;
- private Element refElem;
- private boolean digested = false;
- private boolean validated = false;
- private boolean validationStatus;
- private Data derefData;
- private InputStream dis;
- private MessageDigest md;
- private Provider provider;
-
- /**
- * Creates a <code>Reference</code> from the specified parameters.
- *
- * @param uri the URI (may be null)
- * @param type the type (may be null)
- * @param dm the digest method
- * @param transforms a list of {@link Transform}s. The list
- * is defensively copied to protect against subsequent modification.
- * May be <code>null</code> or empty.
- * @param id the reference ID (may be <code>null</code>)
- * @return a <code>Reference</code>
- * @throws NullPointerException if <code>dm</code> is <code>null</code>
- * @throws ClassCastException if any of the <code>transforms</code> are
- * not of type <code>Transform</code>
- */
- public DOMReference(String uri, String type, DigestMethod dm,
- List<? extends Transform> transforms, String id,
- Provider provider)
- {
- this(uri, type, dm, null, null, transforms, id, null, provider);
- }
-
- public DOMReference(String uri, String type, DigestMethod dm,
- List<? extends Transform> appliedTransforms,
- Data result, List<? extends Transform> transforms,
- String id, Provider provider)
- {
- this(uri, type, dm, appliedTransforms,
- result, transforms, id, null, provider);
- }
-
- public DOMReference(String uri, String type, DigestMethod dm,
- List<? extends Transform> appliedTransforms,
- Data result, List<? extends Transform> transforms,
- String id, byte[] digestValue, Provider provider)
- {
- if (dm == null) {
- throw new NullPointerException("DigestMethod must be non-null");
- }
- if (appliedTransforms == null) {
- this.allTransforms = new ArrayList<Transform>();
- } else {
- this.allTransforms = new ArrayList<Transform>(appliedTransforms);
- for (int i = 0, size = this.allTransforms.size(); i < size; i++) {
- if (!(this.allTransforms.get(i) instanceof Transform)) {
- throw new ClassCastException
- ("appliedTransforms["+i+"] is not a valid type");
- }
- }
- }
- if (transforms == null) {
- this.transforms = Collections.emptyList();
- } else {
- this.transforms = new ArrayList<Transform>(transforms);
- for (int i = 0, size = this.transforms.size(); i < size; i++) {
- if (!(this.transforms.get(i) instanceof Transform)) {
- throw new ClassCastException
- ("transforms["+i+"] is not a valid type");
- }
- }
- this.allTransforms.addAll(this.transforms);
- }
- this.digestMethod = dm;
- this.uri = uri;
- if ((uri != null) && (!uri.equals(""))) {
- try {
- new URI(uri);
- } catch (URISyntaxException e) {
- throw new IllegalArgumentException(e.getMessage());
- }
- }
- this.type = type;
- this.id = id;
- if (digestValue != null) {
- this.digestValue = (byte[])digestValue.clone();
- this.digested = true;
- }
- this.appliedTransformData = result;
- this.provider = provider;
- }
-
- /**
- * Creates a <code>DOMReference</code> from an element.
- *
- * @param refElem a Reference element
- */
- public DOMReference(Element refElem, XMLCryptoContext context,
- Provider provider)
- throws MarshalException
- {
- Boolean secureValidation = (Boolean)
- context.getProperty("org.apache.jcp.xml.dsig.secureValidation");
- boolean secVal = false;
- if (secureValidation != null && secureValidation.booleanValue()) {
- secVal = true;
- }
-
- // unmarshal Transforms, if specified
- Element nextSibling = DOMUtils.getFirstChildElement(refElem);
- List<Transform> transforms = new ArrayList<Transform>(5);
- if (nextSibling.getLocalName().equals("Transforms")) {
- Element transformElem = DOMUtils.getFirstChildElement(nextSibling);
-
- int transformCount = 0;
- while (transformElem != null) {
- transforms.add
- (new DOMTransform(transformElem, context, provider));
- transformElem = DOMUtils.getNextSiblingElement(transformElem);
-
- transformCount++;
- if (secVal && (transformCount > MAXIMUM_TRANSFORM_COUNT)) {
- String error = "A maxiumum of " + MAXIMUM_TRANSFORM_COUNT + " "
- + "transforms per Reference are allowed with secure validation";
- throw new MarshalException(error);
- }
- }
- nextSibling = DOMUtils.getNextSiblingElement(nextSibling);
- }
-
- // unmarshal DigestMethod
- Element dmElem = nextSibling;
- this.digestMethod = DOMDigestMethod.unmarshal(dmElem);
- String digestMethodAlgorithm = this.digestMethod.getAlgorithm();
- if (secVal
- && MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5.equals(digestMethodAlgorithm)) {
- throw new MarshalException(
- "It is forbidden to use algorithm " + digestMethod + " when secure validation is enabled"
- );
- }
-
- // unmarshal DigestValue
- try {
- Element dvElem = DOMUtils.getNextSiblingElement(dmElem);
- this.digestValue = Base64.decode(dvElem);
- } catch (Base64DecodingException bde) {
- throw new MarshalException(bde);
- }
-
- // unmarshal attributes
- this.uri = DOMUtils.getAttributeValue(refElem, "URI");
-
- Attr attr = refElem.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- this.id = attr.getValue();
- refElem.setIdAttributeNode(attr, true);
- } else {
- this.id = null;
- }
-
- this.type = DOMUtils.getAttributeValue(refElem, "Type");
- this.here = refElem.getAttributeNodeNS(null, "URI");
- this.refElem = refElem;
- this.transforms = transforms;
- this.allTransforms = transforms;
- this.appliedTransformData = null;
- this.provider = provider;
- }
-
- public DigestMethod getDigestMethod() {
- return digestMethod;
- }
-
- public String getId() {
- return id;
- }
-
- public String getURI() {
- return uri;
- }
-
- public String getType() {
- return type;
- }
-
- public List getTransforms() {
- return Collections.unmodifiableList(allTransforms);
- }
-
- public byte[] getDigestValue() {
- return (digestValue == null ? null : (byte[])digestValue.clone());
- }
-
- public byte[] getCalculatedDigestValue() {
- return (calcDigestValue == null ? null
- : (byte[])calcDigestValue.clone());
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- if (log.isDebugEnabled()) {
- log.debug("Marshalling Reference");
- }
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
-
- refElem = DOMUtils.createElement(ownerDoc, "Reference",
- XMLSignature.XMLNS, dsPrefix);
-
- // set attributes
- DOMUtils.setAttributeID(refElem, "Id", id);
- DOMUtils.setAttribute(refElem, "URI", uri);
- DOMUtils.setAttribute(refElem, "Type", type);
-
- // create and append Transforms element
- if (!allTransforms.isEmpty()) {
- Element transformsElem = DOMUtils.createElement(ownerDoc,
- "Transforms",
- XMLSignature.XMLNS,
- dsPrefix);
- refElem.appendChild(transformsElem);
- for (Transform transform : allTransforms) {
- ((DOMStructure)transform).marshal(transformsElem,
- dsPrefix, context);
- }
- }
-
- // create and append DigestMethod element
- ((DOMDigestMethod)digestMethod).marshal(refElem, dsPrefix, context);
-
- // create and append DigestValue element
- if (log.isDebugEnabled()) {
- log.debug("Adding digestValueElem");
- }
- Element digestValueElem = DOMUtils.createElement(ownerDoc,
- "DigestValue",
- XMLSignature.XMLNS,
- dsPrefix);
- if (digestValue != null) {
- digestValueElem.appendChild
- (ownerDoc.createTextNode(Base64.encode(digestValue)));
- }
- refElem.appendChild(digestValueElem);
-
- parent.appendChild(refElem);
- here = refElem.getAttributeNodeNS(null, "URI");
- }
-
- public void digest(XMLSignContext signContext)
- throws XMLSignatureException
- {
- Data data = null;
- if (appliedTransformData == null) {
- data = dereference(signContext);
- } else {
- data = appliedTransformData;
- }
- digestValue = transform(data, signContext);
-
- // insert digestValue into DigestValue element
- String encodedDV = Base64.encode(digestValue);
- if (log.isDebugEnabled()) {
- log.debug("Reference object uri = " + uri);
- }
- Element digestElem = DOMUtils.getLastChildElement(refElem);
- if (digestElem == null) {
- throw new XMLSignatureException("DigestValue element expected");
- }
- DOMUtils.removeAllChildren(digestElem);
- digestElem.appendChild
- (refElem.getOwnerDocument().createTextNode(encodedDV));
-
- digested = true;
- if (log.isDebugEnabled()) {
- log.debug("Reference digesting completed");
- }
- }
-
- public boolean validate(XMLValidateContext validateContext)
- throws XMLSignatureException
- {
- if (validateContext == null) {
- throw new NullPointerException("validateContext cannot be null");
- }
- if (validated) {
- return validationStatus;
- }
- Data data = dereference(validateContext);
- calcDigestValue = transform(data, validateContext);
-
- if (log.isDebugEnabled()) {
- log.debug("Expected digest: " + Base64.encode(digestValue));
- log.debug("Actual digest: " + Base64.encode(calcDigestValue));
- }
-
- validationStatus = Arrays.equals(digestValue, calcDigestValue);
- validated = true;
- return validationStatus;
- }
-
- public Data getDereferencedData() {
- return derefData;
- }
-
- public InputStream getDigestInputStream() {
- return dis;
- }
-
- private Data dereference(XMLCryptoContext context)
- throws XMLSignatureException
- {
- Data data = null;
-
- // use user-specified URIDereferencer if specified; otherwise use deflt
- URIDereferencer deref = context.getURIDereferencer();
- if (deref == null) {
- deref = DOMURIDereferencer.INSTANCE;
- }
- try {
- data = deref.dereference(this, context);
- if (log.isDebugEnabled()) {
- log.debug("URIDereferencer class name: " + deref.getClass().getName());
- log.debug("Data class name: " + data.getClass().getName());
- }
- } catch (URIReferenceException ure) {
- throw new XMLSignatureException(ure);
- }
-
- return data;
- }
-
- private byte[] transform(Data dereferencedData,
- XMLCryptoContext context)
- throws XMLSignatureException
- {
- if (md == null) {
- try {
- md = MessageDigest.getInstance
- (((DOMDigestMethod)digestMethod).getMessageDigestAlgorithm());
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLSignatureException(nsae);
- }
- }
- md.reset();
- DigesterOutputStream dos;
- Boolean cache = (Boolean)
- context.getProperty("javax.xml.crypto.dsig.cacheReference");
- if (cache != null && cache.booleanValue()) {
- this.derefData = copyDerefData(dereferencedData);
- dos = new DigesterOutputStream(md, true);
- } else {
- dos = new DigesterOutputStream(md);
- }
- OutputStream os = null;
- Data data = dereferencedData;
- try {
- os = new UnsyncBufferedOutputStream(dos);
- for (int i = 0, size = transforms.size(); i < size; i++) {
- DOMTransform transform = (DOMTransform)transforms.get(i);
- if (i < size - 1) {
- data = transform.transform(data, context);
- } else {
- data = transform.transform(data, context, os);
- }
- }
-
- if (data != null) {
- XMLSignatureInput xi;
- // explicitly use C14N 1.1 when generating signature
- // first check system property, then context property
- boolean c14n11 = useC14N11;
- String c14nalg = CanonicalizationMethod.INCLUSIVE;
- if (context instanceof XMLSignContext) {
- if (!c14n11) {
- Boolean prop = (Boolean)context.getProperty
- ("org.apache.xml.security.useC14N11");
- c14n11 = (prop != null && prop.booleanValue());
- if (c14n11) {
- c14nalg = "http://www.w3.org/2006/12/xml-c14n11";
- }
- } else {
- c14nalg = "http://www.w3.org/2006/12/xml-c14n11";
- }
- }
- if (data instanceof ApacheData) {
- xi = ((ApacheData)data).getXMLSignatureInput();
- } else if (data instanceof OctetStreamData) {
- xi = new XMLSignatureInput
- (((OctetStreamData)data).getOctetStream());
- } else if (data instanceof NodeSetData) {
- TransformService spi = null;
- if (provider == null) {
- spi = TransformService.getInstance(c14nalg, "DOM");
- } else {
- try {
- spi = TransformService.getInstance(c14nalg, "DOM", provider);
- } catch (NoSuchAlgorithmException nsae) {
- spi = TransformService.getInstance(c14nalg, "DOM");
- }
- }
- data = spi.transform(data, context);
- xi = new XMLSignatureInput
- (((OctetStreamData)data).getOctetStream());
- } else {
- throw new XMLSignatureException("unrecognized Data type");
- }
- if (context instanceof XMLSignContext && c14n11
- && !xi.isOctetStream() && !xi.isOutputStreamSet()) {
- TransformService spi = null;
- if (provider == null) {
- spi = TransformService.getInstance(c14nalg, "DOM");
- } else {
- try {
- spi = TransformService.getInstance(c14nalg, "DOM", provider);
- } catch (NoSuchAlgorithmException nsae) {
- spi = TransformService.getInstance(c14nalg, "DOM");
- }
- }
-
- DOMTransform t = new DOMTransform(spi);
- Element transformsElem = null;
- String dsPrefix = DOMUtils.getSignaturePrefix(context);
- if (allTransforms.isEmpty()) {
- transformsElem = DOMUtils.createElement(
- refElem.getOwnerDocument(),
- "Transforms", XMLSignature.XMLNS, dsPrefix);
- refElem.insertBefore(transformsElem,
- DOMUtils.getFirstChildElement(refElem));
- } else {
- transformsElem = DOMUtils.getFirstChildElement(refElem);
- }
- t.marshal(transformsElem, dsPrefix,
- (DOMCryptoContext)context);
- allTransforms.add(t);
- xi.updateOutputStream(os, true);
- } else {
- xi.updateOutputStream(os);
- }
- }
- os.flush();
- if (cache != null && cache.booleanValue()) {
- this.dis = dos.getInputStream();
- }
- return dos.getDigestValue();
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSignatureException(e);
- } catch (TransformException e) {
- throw new XMLSignatureException(e);
- } catch (MarshalException e) {
- throw new XMLSignatureException(e);
- } catch (IOException e) {
- throw new XMLSignatureException(e);
- } catch (org.apache.xml.security.c14n.CanonicalizationException e) {
- throw new XMLSignatureException(e);
- } finally {
- if (os != null) {
- try {
- os.close();
- } catch (IOException e) {
- throw new XMLSignatureException(e);
- }
- }
- if (dos != null) {
- try {
- dos.close();
- } catch (IOException e) {
- throw new XMLSignatureException(e);
- }
- }
- }
- }
-
- public Node getHere() {
- return here;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof Reference)) {
- return false;
- }
- Reference oref = (Reference)o;
-
- boolean idsEqual = (id == null ? oref.getId() == null
- : id.equals(oref.getId()));
- boolean urisEqual = (uri == null ? oref.getURI() == null
- : uri.equals(oref.getURI()));
- boolean typesEqual = (type == null ? oref.getType() == null
- : type.equals(oref.getType()));
- boolean digestValuesEqual =
- Arrays.equals(digestValue, oref.getDigestValue());
-
- return digestMethod.equals(oref.getDigestMethod()) && idsEqual &&
- urisEqual && typesEqual &&
- allTransforms.equals(oref.getTransforms()) && digestValuesEqual;
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (id != null) {
- result = 31 * result + id.hashCode();
- }
- if (uri != null) {
- result = 31 * result + uri.hashCode();
- }
- if (type != null) {
- result = 31 * result + type.hashCode();
- }
- if (digestValue != null) {
- result = 31 * result + Arrays.hashCode(digestValue);
- }
- if (digestMethod != null) {
- result = 31 * result + digestMethod.hashCode();
- }
- if (allTransforms != null) {
- result = 31 * result + allTransforms.hashCode();
- }
-
- return result;
- }
-
- boolean isDigested() {
- return digested;
- }
-
- private static Data copyDerefData(Data dereferencedData) {
- if (dereferencedData instanceof ApacheData) {
- // need to make a copy of the Data
- ApacheData ad = (ApacheData)dereferencedData;
- XMLSignatureInput xsi = ad.getXMLSignatureInput();
- if (xsi.isNodeSet()) {
- try {
- final Set<Node> s = xsi.getNodeSet();
- return new NodeSetData() {
- public Iterator iterator() { return s.iterator(); }
- };
- } catch (Exception e) {
- // log a warning
- log.warn("cannot cache dereferenced data: " + e);
- return null;
- }
- } else if (xsi.isElement()) {
- return new DOMSubTreeData
- (xsi.getSubNode(), xsi.isExcludeComments());
- } else if (xsi.isOctetStream() || xsi.isByteArray()) {
- try {
- return new OctetStreamData
- (xsi.getOctetStream(), xsi.getSourceURI(),
- xsi.getMIMEType());
- } catch (IOException ioe) {
- // log a warning
- log.warn("cannot cache dereferenced data: " + ioe);
- return null;
- }
- }
- }
- return dereferencedData;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Portions copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * ===========================================================================
- *
- * (C) Copyright IBM Corp. 2003 All Rights Reserved.
- *
- * ===========================================================================
- */
-/*
- * $Id: DOMRetrievalMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.io.ByteArrayInputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.Provider;
-import java.util.*;
-
-import javax.xml.XMLConstants;
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dom.DOMURIReference;
-import javax.xml.crypto.dsig.keyinfo.RetrievalMethod;
-import javax.xml.parsers.*;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * DOM-based implementation of RetrievalMethod.
- *
- * @author Sean Mullan
- * @author Joyce Leung
- */
-public final class DOMRetrievalMethod extends DOMStructure
- implements RetrievalMethod, DOMURIReference {
-
- private final List<Transform> transforms;
- private String uri;
- private String type;
- private Attr here;
-
- /**
- * Creates a <code>DOMRetrievalMethod</code> containing the specified
- * URIReference and List of Transforms.
- *
- * @param uri the URI
- * @param type the type
- * @param transforms a list of {@link Transform}s. The list is defensively
- * copied to prevent subsequent modification. May be <code>null</code>
- * or empty.
- * @throws IllegalArgumentException if the format of <code>uri</code> is
- * invalid, as specified by Reference's URI attribute in the W3C
- * specification for XML-Signature Syntax and Processing
- * @throws NullPointerException if <code>uriReference</code>
- * is <code>null</code>
- * @throws ClassCastException if <code>transforms</code> contains any
- * entries that are not of type {@link Transform}
- */
- public DOMRetrievalMethod(String uri, String type,
- List<? extends Transform> transforms)
- {
- if (uri == null) {
- throw new NullPointerException("uri cannot be null");
- }
- if (transforms == null || transforms.isEmpty()) {
- this.transforms = Collections.emptyList();
- } else {
- this.transforms = Collections.unmodifiableList(
- new ArrayList<Transform>(transforms));
- for (int i = 0, size = this.transforms.size(); i < size; i++) {
- if (!(this.transforms.get(i) instanceof Transform)) {
- throw new ClassCastException
- ("transforms["+i+"] is not a valid type");
- }
- }
- }
- this.uri = uri;
- if (!uri.equals("")) {
- try {
- new URI(uri);
- } catch (URISyntaxException e) {
- throw new IllegalArgumentException(e.getMessage());
- }
- }
-
- this.type = type;
- }
-
- /**
- * Creates a <code>DOMRetrievalMethod</code> from an element.
- *
- * @param rmElem a RetrievalMethod element
- */
- public DOMRetrievalMethod(Element rmElem, XMLCryptoContext context,
- Provider provider)
- throws MarshalException
- {
- // get URI and Type attributes
- uri = DOMUtils.getAttributeValue(rmElem, "URI");
- type = DOMUtils.getAttributeValue(rmElem, "Type");
-
- // get here node
- here = rmElem.getAttributeNodeNS(null, "URI");
-
- Boolean secureValidation = (Boolean)
- context.getProperty("org.apache.jcp.xml.dsig.secureValidation");
- boolean secVal = false;
- if (secureValidation != null && secureValidation.booleanValue()) {
- secVal = true;
- }
-
- // get Transforms, if specified
- List<Transform> transforms = new ArrayList<Transform>();
- Element transformsElem = DOMUtils.getFirstChildElement(rmElem);
-
- int transformCount = 0;
- if (transformsElem != null) {
- Element transformElem =
- DOMUtils.getFirstChildElement(transformsElem);
- while (transformElem != null) {
- transforms.add
- (new DOMTransform(transformElem, context, provider));
- transformElem = DOMUtils.getNextSiblingElement(transformElem);
-
- transformCount++;
- if (secVal && (transformCount > DOMReference.MAXIMUM_TRANSFORM_COUNT)) {
- String error = "A maxiumum of " + DOMReference.MAXIMUM_TRANSFORM_COUNT + " "
- + "transforms per Reference are allowed with secure validation";
- throw new MarshalException(error);
- }
- }
- }
- if (transforms.isEmpty()) {
- this.transforms = Collections.emptyList();
- } else {
- this.transforms = Collections.unmodifiableList(transforms);
- }
- }
-
- public String getURI() {
- return uri;
- }
-
- public String getType() {
- return type;
- }
-
- public List getTransforms() {
- return transforms;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element rmElem = DOMUtils.createElement(ownerDoc, "RetrievalMethod",
- XMLSignature.XMLNS, dsPrefix);
-
- // add URI and Type attributes
- DOMUtils.setAttribute(rmElem, "URI", uri);
- DOMUtils.setAttribute(rmElem, "Type", type);
-
- // add Transforms elements
- if (!transforms.isEmpty()) {
- Element transformsElem = DOMUtils.createElement(ownerDoc,
- "Transforms",
- XMLSignature.XMLNS,
- dsPrefix);
- rmElem.appendChild(transformsElem);
- for (Transform transform : transforms) {
- ((DOMTransform)transform).marshal(transformsElem,
- dsPrefix, context);
- }
- }
-
- parent.appendChild(rmElem);
-
- // save here node
- here = rmElem.getAttributeNodeNS(null, "URI");
- }
-
- public Node getHere() {
- return here;
- }
-
- public Data dereference(XMLCryptoContext context)
- throws URIReferenceException
- {
- if (context == null) {
- throw new NullPointerException("context cannot be null");
- }
-
- /*
- * If URIDereferencer is specified in context; use it, otherwise use
- * built-in.
- */
- URIDereferencer deref = context.getURIDereferencer();
- if (deref == null) {
- deref = DOMURIDereferencer.INSTANCE;
- }
-
- Data data = deref.dereference(this, context);
-
- // pass dereferenced data through Transforms
- try {
- for (Transform transform : transforms) {
- data = ((DOMTransform)transform).transform(data, context);
- }
- } catch (Exception e) {
- throw new URIReferenceException(e);
- }
- return data;
- }
-
- public XMLStructure dereferenceAsXMLStructure(XMLCryptoContext context)
- throws URIReferenceException
- {
- try {
- ApacheData data = (ApacheData)dereference(context);
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- DocumentBuilder db = dbf.newDocumentBuilder();
- Document doc = db.parse(new ByteArrayInputStream
- (data.getXMLSignatureInput().getBytes()));
- Element kiElem = doc.getDocumentElement();
- if (kiElem.getLocalName().equals("X509Data")) {
- return new DOMX509Data(kiElem);
- } else {
- return null; // unsupported
- }
- } catch (Exception e) {
- throw new URIReferenceException(e);
- }
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (!(obj instanceof RetrievalMethod)) {
- return false;
- }
- RetrievalMethod orm = (RetrievalMethod)obj;
-
- boolean typesEqual = (type == null ? orm.getType() == null
- : type.equals(orm.getType()));
-
- return (uri.equals(orm.getURI()) &&
- transforms.equals(orm.getTransforms()) && typesEqual);
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (type != null) {
- result = 31 * result + type.hashCode();
- }
- if (uri != null) {
- result = 31 * result + uri.hashCode();
- }
- if (transforms != null) {
- result = 31 * result + transforms.hashCode();
- }
-
- return result;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMSignatureMethod.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
-
-import java.io.IOException;
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-import org.w3c.dom.Element;
-
-import org.apache.xml.security.algorithms.implementations.SignatureECDSA;
-import org.apache.jcp.xml.dsig.internal.SignerOutputStream;
-
-/**
- * DOM-based abstract implementation of SignatureMethod.
- *
- * @author Sean Mullan
- */
-public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DOMSignatureMethod.class);
-
- private SignatureMethodParameterSpec params;
- private Signature signature;
-
- // see RFC 4051 for these algorithm definitions
- static final String RSA_SHA256 =
- "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
- static final String RSA_SHA384 =
- "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
- static final String RSA_SHA512 =
- "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
- static final String ECDSA_SHA1 =
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
- static final String ECDSA_SHA256 =
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
- static final String ECDSA_SHA384 =
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
- static final String ECDSA_SHA512 =
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
-
- /**
- * Creates a <code>DOMSignatureMethod</code>.
- *
- * @param params the algorithm-specific params (may be <code>null</code>)
- * @throws InvalidAlgorithmParameterException if the parameters are not
- * appropriate for this signature method
- */
- DOMSignatureMethod(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params != null &&
- !(params instanceof SignatureMethodParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("params must be of type SignatureMethodParameterSpec");
- }
- checkParams((SignatureMethodParameterSpec)params);
- this.params = (SignatureMethodParameterSpec)params;
- }
-
- /**
- * Creates a <code>DOMSignatureMethod</code> from an element. This ctor
- * invokes the {@link #unmarshalParams unmarshalParams} method to
- * unmarshal any algorithm-specific input parameters.
- *
- * @param smElem a SignatureMethod element
- */
- DOMSignatureMethod(Element smElem) throws MarshalException {
- Element paramsElem = DOMUtils.getFirstChildElement(smElem);
- if (paramsElem != null) {
- params = unmarshalParams(paramsElem);
- }
- try {
- checkParams(params);
- } catch (InvalidAlgorithmParameterException iape) {
- throw new MarshalException(iape);
- }
- }
-
- static SignatureMethod unmarshal(Element smElem) throws MarshalException {
- String alg = DOMUtils.getAttributeValue(smElem, "Algorithm");
- if (alg.equals(SignatureMethod.RSA_SHA1)) {
- return new SHA1withRSA(smElem);
- } else if (alg.equals(RSA_SHA256)) {
- return new SHA256withRSA(smElem);
- } else if (alg.equals(RSA_SHA384)) {
- return new SHA384withRSA(smElem);
- } else if (alg.equals(RSA_SHA512)) {
- return new SHA512withRSA(smElem);
- } else if (alg.equals(SignatureMethod.DSA_SHA1)) {
- return new SHA1withDSA(smElem);
- } else if (alg.equals(ECDSA_SHA1)) {
- return new SHA1withECDSA(smElem);
- } else if (alg.equals(ECDSA_SHA256)) {
- return new SHA256withECDSA(smElem);
- } else if (alg.equals(ECDSA_SHA384)) {
- return new SHA384withECDSA(smElem);
- } else if (alg.equals(ECDSA_SHA512)) {
- return new SHA512withECDSA(smElem);
- } else if (alg.equals(SignatureMethod.HMAC_SHA1)) {
- return new DOMHMACSignatureMethod.SHA1(smElem);
- } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA256)) {
- return new DOMHMACSignatureMethod.SHA256(smElem);
- } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA384)) {
- return new DOMHMACSignatureMethod.SHA384(smElem);
- } else if (alg.equals(DOMHMACSignatureMethod.HMAC_SHA512)) {
- return new DOMHMACSignatureMethod.SHA512(smElem);
- } else {
- throw new MarshalException
- ("unsupported SignatureMethod algorithm: " + alg);
- }
- }
-
- public final AlgorithmParameterSpec getParameterSpec() {
- return params;
- }
-
- boolean verify(Key key, SignedInfo si, byte[] sig,
- XMLValidateContext context)
- throws InvalidKeyException, SignatureException, XMLSignatureException
- {
- if (key == null || si == null || sig == null) {
- throw new NullPointerException();
- }
-
- if (!(key instanceof PublicKey)) {
- throw new InvalidKeyException("key must be PublicKey");
- }
- if (signature == null) {
- try {
- Provider p = (Provider)context.getProperty
- ("org.jcp.xml.dsig.internal.dom.SignatureProvider");
- signature = (p == null)
- ? Signature.getInstance(getJCAAlgorithm())
- : Signature.getInstance(getJCAAlgorithm(), p);
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLSignatureException(nsae);
- }
- }
- signature.initVerify((PublicKey)key);
- if (log.isDebugEnabled()) {
- log.debug("Signature provider:" + signature.getProvider());
- log.debug("verifying with key: " + key);
- }
- ((DOMSignedInfo)si).canonicalize(context,
- new SignerOutputStream(signature));
-
- try {
- Type type = getAlgorithmType();
- if (type == Type.DSA) {
- return signature.verify(convertXMLDSIGtoASN1(sig));
- } else if (type == Type.ECDSA) {
- return signature.verify(SignatureECDSA.convertXMLDSIGtoASN1(sig));
- } else {
- return signature.verify(sig);
- }
- } catch (IOException ioe) {
- throw new XMLSignatureException(ioe);
- }
- }
-
- byte[] sign(Key key, SignedInfo si, XMLSignContext context)
- throws InvalidKeyException, XMLSignatureException
- {
- if (key == null || si == null) {
- throw new NullPointerException();
- }
-
- if (!(key instanceof PrivateKey)) {
- throw new InvalidKeyException("key must be PrivateKey");
- }
- if (signature == null) {
- try {
- Provider p = (Provider)context.getProperty
- ("org.jcp.xml.dsig.internal.dom.SignatureProvider");
- signature = (p == null)
- ? Signature.getInstance(getJCAAlgorithm())
- : Signature.getInstance(getJCAAlgorithm(), p);
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLSignatureException(nsae);
- }
- }
- signature.initSign((PrivateKey)key);
- if (log.isDebugEnabled()) {
- log.debug("Signature provider:" + signature.getProvider());
- log.debug("Signing with key: " + key);
- }
-
- ((DOMSignedInfo)si).canonicalize(context,
- new SignerOutputStream(signature));
-
- try {
- Type type = getAlgorithmType();
- if (type == Type.DSA) {
- return convertASN1toXMLDSIG(signature.sign());
- } else if (type == Type.ECDSA) {
- return SignatureECDSA.convertASN1toXMLDSIG(signature.sign());
- } else {
- return signature.sign();
- }
- } catch (SignatureException se) {
- throw new XMLSignatureException(se);
- } catch (IOException ioe) {
- throw new XMLSignatureException(ioe);
- }
- }
-
- /**
- * Converts an ASN.1 DSA value to a XML Signature DSA Value.
- *
- * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param asn1Bytes
- *
- * @throws IOException
- * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
- */
- private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
- throws IOException
- {
- byte rLength = asn1Bytes[3];
- int i;
-
- for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
-
- byte sLength = asn1Bytes[5 + rLength];
- int j;
-
- for (j = sLength;
- (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
-
- if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
- || (asn1Bytes[2] != 2) || (i > 20)
- || (asn1Bytes[4 + rLength] != 2) || (j > 20)) {
- throw new IOException("Invalid ASN.1 format of DSA signature");
- } else {
- byte xmldsigBytes[] = new byte[40];
-
- System.arraycopy(asn1Bytes, (4+rLength)-i, xmldsigBytes, 20-i, i);
- System.arraycopy(asn1Bytes, (6+rLength+sLength)-j, xmldsigBytes,
- 40 - j, j);
-
- return xmldsigBytes;
- }
- }
-
- /**
- * Converts a XML Signature DSA Value to an ASN.1 DSA value.
- *
- * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param xmldsigBytes
- *
- * @throws IOException
- * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
- */
- private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
- throws IOException
- {
- if (xmldsigBytes.length != 40) {
- throw new IOException("Invalid XMLDSIG format of DSA signature");
- }
-
- int i;
-
- for (i = 20; (i > 0) && (xmldsigBytes[20 - i] == 0); i--);
-
- int j = i;
-
- if (xmldsigBytes[20 - i] < 0) {
- j += 1;
- }
-
- int k;
-
- for (k = 20; (k > 0) && (xmldsigBytes[40 - k] == 0); k--);
-
- int l = k;
-
- if (xmldsigBytes[40 - k] < 0) {
- l += 1;
- }
-
- byte asn1Bytes[] = new byte[6 + j + l];
-
- asn1Bytes[0] = 48;
- asn1Bytes[1] = (byte)(4 + j + l);
- asn1Bytes[2] = 2;
- asn1Bytes[3] = (byte)j;
-
- System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
-
- asn1Bytes[4 + j] = 2;
- asn1Bytes[5 + j] = (byte) l;
-
- System.arraycopy(xmldsigBytes, 40 - k, asn1Bytes, (6 + j + l) - k, k);
-
- return asn1Bytes;
- }
-
- static final class SHA1withRSA extends DOMSignatureMethod {
- SHA1withRSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA1withRSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return SignatureMethod.RSA_SHA1;
- }
- String getJCAAlgorithm() {
- return "SHA1withRSA";
- }
- Type getAlgorithmType() {
- return Type.RSA;
- }
- }
-
- static final class SHA256withRSA extends DOMSignatureMethod {
- SHA256withRSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA256withRSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return RSA_SHA256;
- }
- String getJCAAlgorithm() {
- return "SHA256withRSA";
- }
- Type getAlgorithmType() {
- return Type.RSA;
- }
- }
-
- static final class SHA384withRSA extends DOMSignatureMethod {
- SHA384withRSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA384withRSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return RSA_SHA384;
- }
- String getJCAAlgorithm() {
- return "SHA384withRSA";
- }
- Type getAlgorithmType() {
- return Type.RSA;
- }
- }
-
- static final class SHA512withRSA extends DOMSignatureMethod {
- SHA512withRSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA512withRSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return RSA_SHA512;
- }
- String getJCAAlgorithm() {
- return "SHA512withRSA";
- }
- Type getAlgorithmType() {
- return Type.RSA;
- }
- }
-
- static final class SHA1withDSA extends DOMSignatureMethod {
- SHA1withDSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA1withDSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return SignatureMethod.DSA_SHA1;
- }
- String getJCAAlgorithm() {
- return "SHA1withDSA";
- }
- Type getAlgorithmType() {
- return Type.DSA;
- }
- }
-
- static final class SHA1withECDSA extends DOMSignatureMethod {
- SHA1withECDSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA1withECDSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return ECDSA_SHA1;
- }
- String getJCAAlgorithm() {
- return "SHA1withECDSA";
- }
- Type getAlgorithmType() {
- return Type.ECDSA;
- }
- }
-
- static final class SHA256withECDSA extends DOMSignatureMethod {
- SHA256withECDSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA256withECDSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return ECDSA_SHA256;
- }
- String getJCAAlgorithm() {
- return "SHA256withECDSA";
- }
- Type getAlgorithmType() {
- return Type.ECDSA;
- }
- }
-
- static final class SHA384withECDSA extends DOMSignatureMethod {
- SHA384withECDSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA384withECDSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return ECDSA_SHA384;
- }
- String getJCAAlgorithm() {
- return "SHA384withECDSA";
- }
- Type getAlgorithmType() {
- return Type.ECDSA;
- }
- }
-
- static final class SHA512withECDSA extends DOMSignatureMethod {
- SHA512withECDSA(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- super(params);
- }
- SHA512withECDSA(Element dmElem) throws MarshalException {
- super(dmElem);
- }
- public String getAlgorithm() {
- return ECDSA_SHA512;
- }
- String getJCAAlgorithm() {
- return "SHA512withECDSA";
- }
- Type getAlgorithmType() {
- return Type.ECDSA;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMSignatureProperties.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-
-import java.util.*;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * DOM-based implementation of SignatureProperties.
- *
- * @author Sean Mullan
- */
-public final class DOMSignatureProperties extends DOMStructure
- implements SignatureProperties {
-
- private final String id;
- private final List<SignatureProperty> properties;
-
- /**
- * Creates a <code>DOMSignatureProperties</code> from the specified
- * parameters.
- *
- * @param properties a list of one or more {@link SignatureProperty}s. The
- * list is defensively copied to protect against subsequent modification.
- * @param id the Id (may be <code>null</code>)
- * @return a <code>DOMSignatureProperties</code>
- * @throws ClassCastException if <code>properties</code> contains any
- * entries that are not of type {@link SignatureProperty}
- * @throws IllegalArgumentException if <code>properties</code> is empty
- * @throws NullPointerException if <code>properties</code>
- */
- public DOMSignatureProperties(List<? extends SignatureProperty> properties,
- String id)
- {
- if (properties == null) {
- throw new NullPointerException("properties cannot be null");
- } else if (properties.isEmpty()) {
- throw new IllegalArgumentException("properties cannot be empty");
- } else {
- this.properties = Collections.unmodifiableList(
- new ArrayList<SignatureProperty>(properties));
- for (int i = 0, size = this.properties.size(); i < size; i++) {
- if (!(this.properties.get(i) instanceof SignatureProperty)) {
- throw new ClassCastException
- ("properties["+i+"] is not a valid type");
- }
- }
- }
- this.id = id;
- }
-
- /**
- * Creates a <code>DOMSignatureProperties</code> from an element.
- *
- * @param propsElem a SignatureProperties element
- * @throws MarshalException if a marshalling error occurs
- */
- public DOMSignatureProperties(Element propsElem, XMLCryptoContext context)
- throws MarshalException
- {
- // unmarshal attributes
- Attr attr = propsElem.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- id = attr.getValue();
- propsElem.setIdAttributeNode(attr, true);
- } else {
- id = null;
- }
-
- NodeList nodes = propsElem.getChildNodes();
- int length = nodes.getLength();
- List<SignatureProperty> properties =
- new ArrayList<SignatureProperty>(length);
- for (int i = 0; i < length; i++) {
- Node child = nodes.item(i);
- if (child.getNodeType() == Node.ELEMENT_NODE) {
- properties.add(new DOMSignatureProperty((Element)child,
- context));
- }
- }
- if (properties.isEmpty()) {
- throw new MarshalException("properties cannot be empty");
- } else {
- this.properties = Collections.unmodifiableList(properties);
- }
- }
-
- public List getProperties() {
- return properties;
- }
-
- public String getId() {
- return id;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element propsElem = DOMUtils.createElement(ownerDoc,
- "SignatureProperties",
- XMLSignature.XMLNS,
- dsPrefix);
-
- // set attributes
- DOMUtils.setAttributeID(propsElem, "Id", id);
-
- // create and append any properties
- for (SignatureProperty property : properties) {
- ((DOMSignatureProperty)property).marshal(propsElem, dsPrefix,
- context);
- }
-
- parent.appendChild(propsElem);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof SignatureProperties)) {
- return false;
- }
- SignatureProperties osp = (SignatureProperties)o;
-
- boolean idsEqual = (id == null ? osp.getId() == null
- : id.equals(osp.getId()));
-
- return (properties.equals(osp.getProperties()) && idsEqual);
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (id != null) {
- result = 31 * result + id.hashCode();
- }
- if (properties != null) {
- result = 31 * result + properties.hashCode();
- }
-
- return result;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMSignatureProperty.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-
-import java.util.*;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * DOM-based implementation of SignatureProperty.
- *
- * @author Sean Mullan
- */
-public final class DOMSignatureProperty extends DOMStructure
- implements SignatureProperty {
-
- private final String id;
- private final String target;
- private final List<XMLStructure> content;
-
- /**
- * Creates a <code>SignatureProperty</code> from the specified parameters.
- *
- * @param content a list of one or more {@link XMLStructure}s. The list
- * is defensively copied to protect against subsequent modification.
- * @param target the target URI
- * @param id the Id (may be <code>null</code>)
- * @return a <code>SignatureProperty</code>
- * @throws ClassCastException if <code>content</code> contains any
- * entries that are not of type {@link XMLStructure}
- * @throws IllegalArgumentException if <code>content</code> is empty
- * @throws NullPointerException if <code>content</code> or
- * <code>target</code> is <code>null</code>
- */
- public DOMSignatureProperty(List<? extends XMLStructure> content,
- String target, String id)
- {
- if (target == null) {
- throw new NullPointerException("target cannot be null");
- } else if (content == null) {
- throw new NullPointerException("content cannot be null");
- } else if (content.isEmpty()) {
- throw new IllegalArgumentException("content cannot be empty");
- } else {
- this.content = Collections.unmodifiableList(
- new ArrayList<XMLStructure>(content));
- for (int i = 0, size = this.content.size(); i < size; i++) {
- if (!(this.content.get(i) instanceof XMLStructure)) {
- throw new ClassCastException
- ("content["+i+"] is not a valid type");
- }
- }
- }
- this.target = target;
- this.id = id;
- }
-
- /**
- * Creates a <code>DOMSignatureProperty</code> from an element.
- *
- * @param propElem a SignatureProperty element
- */
- public DOMSignatureProperty(Element propElem, XMLCryptoContext context)
- throws MarshalException
- {
- // unmarshal attributes
- target = DOMUtils.getAttributeValue(propElem, "Target");
- if (target == null) {
- throw new MarshalException("target cannot be null");
- }
- Attr attr = propElem.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- id = attr.getValue();
- propElem.setIdAttributeNode(attr, true);
- } else {
- id = null;
- }
-
- NodeList nodes = propElem.getChildNodes();
- int length = nodes.getLength();
- List<XMLStructure> content = new ArrayList<XMLStructure>(length);
- for (int i = 0; i < length; i++) {
- content.add(new javax.xml.crypto.dom.DOMStructure(nodes.item(i)));
- }
- if (content.isEmpty()) {
- throw new MarshalException("content cannot be empty");
- } else {
- this.content = Collections.unmodifiableList(content);
- }
- }
-
- public List getContent() {
- return content;
- }
-
- public String getId() {
- return id;
- }
-
- public String getTarget() {
- return target;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element propElem = DOMUtils.createElement(ownerDoc, "SignatureProperty",
- XMLSignature.XMLNS, dsPrefix);
-
- // set attributes
- DOMUtils.setAttributeID(propElem, "Id", id);
- DOMUtils.setAttribute(propElem, "Target", target);
-
- // create and append any elements and mixed content
- for (XMLStructure property : content) {
- DOMUtils.appendChild(propElem,
- ((javax.xml.crypto.dom.DOMStructure)property).getNode());
- }
-
- parent.appendChild(propElem);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof SignatureProperty)) {
- return false;
- }
- SignatureProperty osp = (SignatureProperty)o;
-
- boolean idsEqual = (id == null ? osp.getId() == null
- : id.equals(osp.getId()));
-
- @SuppressWarnings("unchecked")
- List<XMLStructure> ospContent = osp.getContent();
- return (equalsContent(ospContent) &&
- target.equals(osp.getTarget()) && idsEqual);
- }
-
- @Override
- public int hashCode() {
- assert false : "hashCode not designed";
- return 42; // any arbitrary constant will do
- }
-
- private boolean equalsContent(List<XMLStructure> otherContent) {
- int osize = otherContent.size();
- if (content.size() != osize) {
- return false;
- }
- for (int i = 0; i < osize; i++) {
- XMLStructure oxs = otherContent.get(i);
- XMLStructure xs = content.get(i);
- if (oxs instanceof javax.xml.crypto.dom.DOMStructure) {
- if (!(xs instanceof javax.xml.crypto.dom.DOMStructure)) {
- return false;
- }
- Node onode = ((javax.xml.crypto.dom.DOMStructure)oxs).getNode();
- Node node = ((javax.xml.crypto.dom.DOMStructure)xs).getNode();
- if (!DOMUtils.nodesEqual(node, onode)) {
- return false;
- }
- } else {
- if (!(xs.equals(oxs))) {
- return false;
- }
- }
- }
-
- return true;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMSignedInfo.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.IOException;
-import java.security.Provider;
-import java.util.*;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
-
-/**
- * DOM-based implementation of SignedInfo.
- *
- * @author Sean Mullan
- */
-public final class DOMSignedInfo extends DOMStructure implements SignedInfo {
-
- /**
- * The maximum number of references per Manifest, if secure validation is enabled.
- */
- public static final int MAXIMUM_REFERENCE_COUNT = 30;
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DOMSignedInfo.class);
-
- /** Signature - NOT Recommended RSAwithMD5 */
- private static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
- Constants.MoreAlgorithmsSpecNS + "rsa-md5";
-
- /** HMAC - NOT Recommended HMAC-MD5 */
- private static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =
- Constants.MoreAlgorithmsSpecNS + "hmac-md5";
-
- private List<Reference> references;
- private CanonicalizationMethod canonicalizationMethod;
- private SignatureMethod signatureMethod;
- private String id;
- private Document ownerDoc;
- private Element localSiElem;
- private InputStream canonData;
-
- /**
- * Creates a <code>DOMSignedInfo</code> from the specified parameters. Use
- * this constructor when the <code>Id</code> is not specified.
- *
- * @param cm the canonicalization method
- * @param sm the signature method
- * @param references the list of references. The list is copied.
- * @throws NullPointerException if
- * <code>cm</code>, <code>sm</code>, or <code>references</code> is
- * <code>null</code>
- * @throws IllegalArgumentException if <code>references</code> is empty
- * @throws ClassCastException if any of the references are not of
- * type <code>Reference</code>
- */
- public DOMSignedInfo(CanonicalizationMethod cm, SignatureMethod sm,
- List<? extends Reference> references) {
- if (cm == null || sm == null || references == null) {
- throw new NullPointerException();
- }
- this.canonicalizationMethod = cm;
- this.signatureMethod = sm;
- this.references = Collections.unmodifiableList(
- new ArrayList<Reference>(references));
- if (this.references.isEmpty()) {
- throw new IllegalArgumentException("list of references must " +
- "contain at least one entry");
- }
- for (int i = 0, size = this.references.size(); i < size; i++) {
- Object obj = this.references.get(i);
- if (!(obj instanceof Reference)) {
- throw new ClassCastException("list of references contains " +
- "an illegal type");
- }
- }
- }
-
- /**
- * Creates a <code>DOMSignedInfo</code> from the specified parameters.
- *
- * @param cm the canonicalization method
- * @param sm the signature method
- * @param references the list of references. The list is copied.
- * @param id an optional identifer that will allow this
- * <code>SignedInfo</code> to be referenced by other signatures and
- * objects
- * @throws NullPointerException if <code>cm</code>, <code>sm</code>,
- * or <code>references</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>references</code> is empty
- * @throws ClassCastException if any of the references are not of
- * type <code>Reference</code>
- */
- public DOMSignedInfo(CanonicalizationMethod cm, SignatureMethod sm,
- List<? extends Reference> references, String id) {
- this(cm, sm, references);
- this.id = id;
- }
-
- /**
- * Creates a <code>DOMSignedInfo</code> from an element.
- *
- * @param siElem a SignedInfo element
- */
- public DOMSignedInfo(Element siElem, XMLCryptoContext context, Provider provider)
- throws MarshalException {
- localSiElem = siElem;
- ownerDoc = siElem.getOwnerDocument();
-
- // get Id attribute, if specified
- id = DOMUtils.getAttributeValue(siElem, "Id");
-
- // unmarshal CanonicalizationMethod
- Element cmElem = DOMUtils.getFirstChildElement(siElem);
- canonicalizationMethod = new DOMCanonicalizationMethod(cmElem, context, provider);
-
- // unmarshal SignatureMethod
- Element smElem = DOMUtils.getNextSiblingElement(cmElem);
- signatureMethod = DOMSignatureMethod.unmarshal(smElem);
-
- Boolean secureValidation = (Boolean)
- context.getProperty("org.apache.jcp.xml.dsig.secureValidation");
- boolean secVal = false;
- if (secureValidation != null && secureValidation.booleanValue()) {
- secVal = true;
- }
-
- String signatureMethodAlgorithm = signatureMethod.getAlgorithm();
- if (secVal && ((ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(signatureMethodAlgorithm)
- || ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5.equals(signatureMethodAlgorithm)))) {
- throw new MarshalException(
- "It is forbidden to use algorithm " + signatureMethod + " when secure validation is enabled"
- );
- }
-
- // unmarshal References
- ArrayList<Reference> refList = new ArrayList<Reference>(5);
- Element refElem = DOMUtils.getNextSiblingElement(smElem);
-
- int refCount = 0;
- while (refElem != null) {
- refList.add(new DOMReference(refElem, context, provider));
- refElem = DOMUtils.getNextSiblingElement(refElem);
-
- refCount++;
- if (secVal && (refCount > MAXIMUM_REFERENCE_COUNT)) {
- String error = "A maxiumum of " + MAXIMUM_REFERENCE_COUNT + " "
- + "references per Manifest are allowed with secure validation";
- throw new MarshalException(error);
- }
- }
- references = Collections.unmodifiableList(refList);
- }
-
- public CanonicalizationMethod getCanonicalizationMethod() {
- return canonicalizationMethod;
- }
-
- public SignatureMethod getSignatureMethod() {
- return signatureMethod;
- }
-
- public String getId() {
- return id;
- }
-
- public List getReferences() {
- return references;
- }
-
- public InputStream getCanonicalizedData() {
- return canonData;
- }
-
- public void canonicalize(XMLCryptoContext context, ByteArrayOutputStream bos)
- throws XMLSignatureException {
- if (context == null) {
- throw new NullPointerException("context cannot be null");
- }
-
- OutputStream os = new UnsyncBufferedOutputStream(bos);
- try {
- os.close();
- } catch (IOException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- // Impossible
- }
-
- DOMSubTreeData subTree = new DOMSubTreeData(localSiElem, true);
-
- try {
- ((DOMCanonicalizationMethod)
- canonicalizationMethod).canonicalize(subTree, context, bos);
- } catch (TransformException te) {
- throw new XMLSignatureException(te);
- }
-
- byte[] signedInfoBytes = bos.toByteArray();
-
- // this whole block should only be done if logging is enabled
- if (log.isDebugEnabled()) {
- log.debug("Canonicalized SignedInfo:");
- StringBuilder sb = new StringBuilder(signedInfoBytes.length);
- for (int i = 0; i < signedInfoBytes.length; i++) {
- sb.append((char)signedInfoBytes[i]);
- }
- log.debug(sb.toString());
- log.debug("Data to be signed/verified:" + Base64.encode(signedInfoBytes));
- }
-
- this.canonData = new ByteArrayInputStream(signedInfoBytes);
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element siElem = DOMUtils.createElement(ownerDoc, "SignedInfo",
- XMLSignature.XMLNS, dsPrefix);
-
- // create and append CanonicalizationMethod element
- DOMCanonicalizationMethod dcm =
- (DOMCanonicalizationMethod)canonicalizationMethod;
- dcm.marshal(siElem, dsPrefix, context);
-
- // create and append SignatureMethod element
- ((DOMStructure)signatureMethod).marshal(siElem, dsPrefix, context);
-
- // create and append Reference elements
- for (Reference reference : references) {
- ((DOMReference)reference).marshal(siElem, dsPrefix, context);
- }
-
- // append Id attribute
- DOMUtils.setAttributeID(siElem, "Id", id);
-
- parent.appendChild(siElem);
- localSiElem = siElem;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof SignedInfo)) {
- return false;
- }
- SignedInfo osi = (SignedInfo)o;
-
- boolean idEqual = (id == null ? osi.getId() == null
- : id.equals(osi.getId()));
-
- return (canonicalizationMethod.equals(osi.getCanonicalizationMethod())
- && signatureMethod.equals(osi.getSignatureMethod()) &&
- references.equals(osi.getReferences()) && idEqual);
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (id != null) {
- result = 31 * result + id.hashCode();
- }
- if (canonicalizationMethod != null) {
- result = 31 * result + canonicalizationMethod.hashCode();
- }
- if (signatureMethod != null) {
- result = 31 * result + signatureMethod.hashCode();
- }
- if (references != null) {
- result = 31 * result + references.hashCode();
- }
-
- return result;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMStructure.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import org.w3c.dom.Node;
-
-/**
- * DOM-based abstract implementation of XMLStructure.
- *
- * @author Sean Mullan
- */
-public abstract class DOMStructure implements XMLStructure {
-
- public final boolean isFeatureSupported(String feature) {
- if (feature == null) {
- throw new NullPointerException();
- } else {
- return false;
- }
- }
-
- public abstract void marshal(Node parent, String dsPrefix,
- DOMCryptoContext context) throws MarshalException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id$
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.NodeSetData;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.NoSuchElementException;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-
-/**
- * This is a subtype of NodeSetData that represents a dereferenced
- * same-document URI as the root of a subdocument. The main reason is
- * for efficiency and performance, as some transforms can operate
- * directly on the subdocument and there is no need to convert it
- * first to an XPath node-set.
- */
-public class DOMSubTreeData implements NodeSetData {
-
- private boolean excludeComments;
- private Node root;
-
- public DOMSubTreeData(Node root, boolean excludeComments) {
- this.root = root;
- this.excludeComments = excludeComments;
- }
-
- public Iterator iterator() {
- return new DelayedNodeIterator(root, excludeComments);
- }
-
- public Node getRoot() {
- return root;
- }
-
- public boolean excludeComments() {
- return excludeComments;
- }
-
- /**
- * This is an Iterator that contains a backing node-set that is
- * not populated until the caller first attempts to advance the iterator.
- */
- static class DelayedNodeIterator implements Iterator<Node> {
- private Node root;
- private List<Node> nodeSet;
- private ListIterator<Node> li;
- private boolean withComments;
-
- DelayedNodeIterator(Node root, boolean excludeComments) {
- this.root = root;
- this.withComments = !excludeComments;
- }
-
- public boolean hasNext() {
- if (nodeSet == null) {
- nodeSet = dereferenceSameDocumentURI(root);
- li = nodeSet.listIterator();
- }
- return li.hasNext();
- }
-
- public Node next() {
- if (nodeSet == null) {
- nodeSet = dereferenceSameDocumentURI(root);
- li = nodeSet.listIterator();
- }
- if (li.hasNext()) {
- return li.next();
- } else {
- throw new NoSuchElementException();
- }
- }
-
- public void remove() {
- throw new UnsupportedOperationException();
- }
-
- /**
- * Dereferences a same-document URI fragment.
- *
- * @param node the node (document or element) referenced by the
- * URI fragment. If null, returns an empty set.
- * @return a set of nodes (minus any comment nodes)
- */
- private List<Node> dereferenceSameDocumentURI(Node node) {
- List<Node> nodeSet = new ArrayList<Node>();
- if (node != null) {
- nodeSetMinusCommentNodes(node, nodeSet, null);
- }
- return nodeSet;
- }
-
- /**
- * Recursively traverses the subtree, and returns an XPath-equivalent
- * node-set of all nodes traversed, excluding any comment nodes,
- * if specified.
- *
- * @param node the node to traverse
- * @param nodeSet the set of nodes traversed so far
- * @param the previous sibling node
- */
- @SuppressWarnings("fallthrough")
- private void nodeSetMinusCommentNodes(Node node, List<Node> nodeSet,
- Node prevSibling)
- {
- switch (node.getNodeType()) {
- case Node.ELEMENT_NODE :
- NamedNodeMap attrs = node.getAttributes();
- if (attrs != null) {
- for (int i = 0, len = attrs.getLength(); i < len; i++) {
- nodeSet.add(attrs.item(i));
- }
- }
- nodeSet.add(node);
- Node pSibling = null;
- for (Node child = node.getFirstChild(); child != null;
- child = child.getNextSibling()) {
- nodeSetMinusCommentNodes(child, nodeSet, pSibling);
- pSibling = child;
- }
- break;
- case Node.DOCUMENT_NODE :
- pSibling = null;
- for (Node child = node.getFirstChild(); child != null;
- child = child.getNextSibling()) {
- nodeSetMinusCommentNodes(child, nodeSet, pSibling);
- pSibling = child;
- }
- break;
- case Node.TEXT_NODE :
- case Node.CDATA_SECTION_NODE:
- // emulate XPath which only returns the first node in
- // contiguous text/cdata nodes
- if (prevSibling != null &&
- (prevSibling.getNodeType() == Node.TEXT_NODE ||
- prevSibling.getNodeType() == Node.CDATA_SECTION_NODE)) {
- return;
- }
- nodeSet.add(node);
- break;
- case Node.PROCESSING_INSTRUCTION_NODE :
- nodeSet.add(node);
- break;
- case Node.COMMENT_NODE:
- if (withComments) {
- nodeSet.add(node);
- }
- }
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMTransform.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.io.OutputStream;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-
-/**
- * DOM-based abstract implementation of Transform.
- *
- * @author Sean Mullan
- */
-public class DOMTransform extends DOMStructure implements Transform {
-
- protected TransformService spi;
-
- /**
- * Creates a <code>DOMTransform</code>.
- *
- * @param spi the TransformService
- */
- public DOMTransform(TransformService spi) {
- this.spi = spi;
- }
-
- /**
- * Creates a <code>DOMTransform</code> from an element. This constructor
- * invokes the abstract {@link #unmarshalParams unmarshalParams} method to
- * unmarshal any algorithm-specific input parameters.
- *
- * @param transElem a Transform element
- */
- public DOMTransform(Element transElem, XMLCryptoContext context,
- Provider provider)
- throws MarshalException
- {
- String algorithm = DOMUtils.getAttributeValue(transElem, "Algorithm");
-
- if (provider == null) {
- try {
- spi = TransformService.getInstance(algorithm, "DOM");
- } catch (NoSuchAlgorithmException e1) {
- throw new MarshalException(e1);
- }
- } else {
- try {
- spi = TransformService.getInstance(algorithm, "DOM", provider);
- } catch (NoSuchAlgorithmException nsae) {
- try {
- spi = TransformService.getInstance(algorithm, "DOM");
- } catch (NoSuchAlgorithmException e2) {
- throw new MarshalException(e2);
- }
- }
- }
- try {
- spi.init(new javax.xml.crypto.dom.DOMStructure(transElem), context);
- } catch (InvalidAlgorithmParameterException iape) {
- throw new MarshalException(iape);
- }
- }
-
- public final AlgorithmParameterSpec getParameterSpec() {
- return spi.getParameterSpec();
- }
-
- public final String getAlgorithm() {
- return spi.getAlgorithm();
- }
-
- /**
- * This method invokes the abstract {@link #marshalParams marshalParams}
- * method to marshal any algorithm-specific parameters.
- */
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
-
- Element transformElem = null;
- if (parent.getLocalName().equals("Transforms")) {
- transformElem = DOMUtils.createElement(ownerDoc, "Transform",
- XMLSignature.XMLNS,
- dsPrefix);
- } else {
- transformElem = DOMUtils.createElement(ownerDoc,
- "CanonicalizationMethod",
- XMLSignature.XMLNS,
- dsPrefix);
- }
- DOMUtils.setAttribute(transformElem, "Algorithm", getAlgorithm());
-
- spi.marshalParams(new javax.xml.crypto.dom.DOMStructure(transformElem),
- context);
-
- parent.appendChild(transformElem);
- }
-
- /**
- * Transforms the specified data using the underlying transform algorithm.
- *
- * @param data the data to be transformed
- * @param sc the <code>XMLCryptoContext</code> containing
- * additional context (may be <code>null</code> if not applicable)
- * @return the transformed data
- * @throws NullPointerException if <code>data</code> is <code>null</code>
- * @throws XMLSignatureException if an unexpected error occurs while
- * executing the transform
- */
- public Data transform(Data data, XMLCryptoContext xc)
- throws TransformException
- {
- return spi.transform(data, xc);
- }
-
- /**
- * Transforms the specified data using the underlying transform algorithm.
- *
- * @param data the data to be transformed
- * @param sc the <code>XMLCryptoContext</code> containing
- * additional context (may be <code>null</code> if not applicable)
- * @param os the <code>OutputStream</code> that should be used to write
- * the transformed data to
- * @return the transformed data
- * @throws NullPointerException if <code>data</code> is <code>null</code>
- * @throws XMLSignatureException if an unexpected error occurs while
- * executing the transform
- */
- public Data transform(Data data, XMLCryptoContext xc, OutputStream os)
- throws TransformException
- {
- return spi.transform(data, xc, os);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof Transform)) {
- return false;
- }
- Transform otransform = (Transform)o;
-
- return (getAlgorithm().equals(otransform.getAlgorithm()) &&
- DOMUtils.paramsEqual(getParameterSpec(),
- otransform.getParameterSpec()));
- }
-
- @Override
- public int hashCode() {
- assert false : "hashCode not designed";
- return 42; // any arbitrary constant will do
- }
-
- /**
- * Transforms the specified data using the underlying transform algorithm.
- * This method invokes the {@link #marshal marshal} method and passes it
- * the specified <code>DOMSignContext</code> before transforming the data.
- *
- * @param data the data to be transformed
- * @param sc the <code>XMLCryptoContext</code> containing
- * additional context (may be <code>null</code> if not applicable)
- * @param context the marshalling context
- * @return the transformed data
- * @throws MarshalException if an exception occurs while marshalling
- * @throws NullPointerException if <code>data</code> or <code>context</code>
- * is <code>null</code>
- * @throws XMLSignatureException if an unexpected error occurs while
- * executing the transform
- */
- Data transform(Data data, XMLCryptoContext xc, DOMSignContext context)
- throws MarshalException, TransformException
- {
- marshal(context.getParent(),
- DOMUtils.getSignaturePrefix(context), context);
- return transform(data, xc);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMURIDereferencer.java 1231033 2012-01-13 12:12:12Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import org.apache.xml.security.Init;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolver;
-import org.apache.xml.security.signature.XMLSignatureInput;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.*;
-
-/**
- * DOM-based implementation of URIDereferencer.
- *
- * @author Sean Mullan
- */
-public class DOMURIDereferencer implements URIDereferencer {
-
- static final URIDereferencer INSTANCE = new DOMURIDereferencer();
-
- private DOMURIDereferencer() {
- // need to call org.apache.xml.security.Init.init()
- // before calling any apache security code
- Init.init();
- }
-
- public Data dereference(URIReference uriRef, XMLCryptoContext context)
- throws URIReferenceException {
-
- if (uriRef == null) {
- throw new NullPointerException("uriRef cannot be null");
- }
- if (context == null) {
- throw new NullPointerException("context cannot be null");
- }
-
- DOMURIReference domRef = (DOMURIReference) uriRef;
- Attr uriAttr = (Attr) domRef.getHere();
- String uri = uriRef.getURI();
- DOMCryptoContext dcc = (DOMCryptoContext) context;
- String baseURI = context.getBaseURI();
-
- Boolean secureValidation = (Boolean)
- context.getProperty("org.apache.jcp.xml.dsig.secureValidation");
- boolean secVal = false;
- if (secureValidation != null && secureValidation.booleanValue()) {
- secVal = true;
- }
-
- // Check if same-document URI and already registered on the context
- if (uri != null && uri.length() != 0 && uri.charAt(0) == '#') {
- String id = uri.substring(1);
-
- if (id.startsWith("xpointer(id(")) {
- int i1 = id.indexOf('\'');
- int i2 = id.indexOf('\'', i1+1);
- id = id.substring(i1+1, i2);
- }
-
- Node referencedElem = dcc.getElementById(id);
- if (referencedElem != null) {
- if (secVal) {
- Element start = referencedElem.getOwnerDocument().getDocumentElement();
- if (!XMLUtils.protectAgainstWrappingAttack(start, (Element)referencedElem, id)) {
- String error = "Multiple Elements with the same ID " + id + " were detected";
- throw new URIReferenceException(error);
- }
- }
-
- XMLSignatureInput result = new XMLSignatureInput(referencedElem);
- if (!uri.substring(1).startsWith("xpointer(id(")) {
- result.setExcludeComments(true);
- }
-
- result.setMIMEType("text/xml");
- if (baseURI != null && baseURI.length() > 0) {
- result.setSourceURI(baseURI.concat(uriAttr.getNodeValue()));
- } else {
- result.setSourceURI(uriAttr.getNodeValue());
- }
- return new ApacheNodeSetData(result);
- }
- }
-
- try {
- ResourceResolver apacheResolver =
- ResourceResolver.getInstance(uriAttr, baseURI, secVal);
- XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI);
- if (in.isOctetStream()) {
- return new ApacheOctetStreamData(in);
- } else {
- return new ApacheNodeSetData(in);
- }
- } catch (Exception e) {
- throw new URIReferenceException(e);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMUtils.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.util.*;
-import java.security.spec.AlgorithmParameterSpec;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.*;
-
-/**
- * Useful static DOM utility methods.
- *
- * @author Sean Mullan
- */
-public class DOMUtils {
-
- // class cannot be instantiated
- private DOMUtils() {}
-
- /**
- * Returns the owner document of the specified node.
- *
- * @param node the node
- * @return the owner document
- */
- public static Document getOwnerDocument(Node node) {
- if (node.getNodeType() == Node.DOCUMENT_NODE) {
- return (Document)node;
- } else {
- return node.getOwnerDocument();
- }
- }
-
- /**
- * Creates an element in the specified namespace, with the specified tag
- * and namespace prefix.
- *
- * @param doc the owner document
- * @param tag the tag
- * @param nsURI the namespace URI
- * @param prefix the namespace prefix
- * @return the newly created element
- */
- public static Element createElement(Document doc, String tag,
- String nsURI, String prefix)
- {
- String qName = (prefix == null || prefix.length() == 0)
- ? tag : prefix + ":" + tag;
- return doc.createElementNS(nsURI, qName);
- }
-
- /**
- * Sets an element's attribute (using DOM level 2) with the
- * specified value and namespace prefix.
- *
- * @param elem the element to set the attribute on
- * @param name the name of the attribute
- * @param value the attribute value. If null, no attribute is set.
- */
- public static void setAttribute(Element elem, String name, String value) {
- if (value == null) {
- return;
- }
- elem.setAttributeNS(null, name, value);
- }
-
- /**
- * Sets an element's attribute (using DOM level 2) with the
- * specified value and namespace prefix AND registers the ID value with
- * the specified element. This is for resolving same-document
- * ID references.
- *
- * @param elem the element to set the attribute on
- * @param name the name of the attribute
- * @param value the attribute value. If null, no attribute is set.
- */
- public static void setAttributeID(Element elem, String name, String value) {
- if (value == null) {
- return;
- }
- elem.setAttributeNS(null, name, value);
- elem.setIdAttributeNS(null, name, true);
- }
-
- /**
- * Returns the first child element of the specified node, or null if there
- * is no such element.
- *
- * @param node the node
- * @return the first child element of the specified node, or null if there
- * is no such element
- * @throws NullPointerException if <code>node == null</code>
- */
- public static Element getFirstChildElement(Node node) {
- Node child = node.getFirstChild();
- while (child != null && child.getNodeType() != Node.ELEMENT_NODE) {
- child = child.getNextSibling();
- }
- return (Element)child;
- }
-
- /**
- * Returns the last child element of the specified node, or null if there
- * is no such element.
- *
- * @param node the node
- * @return the last child element of the specified node, or null if there
- * is no such element
- * @throws NullPointerException if <code>node == null</code>
- */
- public static Element getLastChildElement(Node node) {
- Node child = node.getLastChild();
- while (child != null && child.getNodeType() != Node.ELEMENT_NODE) {
- child = child.getPreviousSibling();
- }
- return (Element)child;
- }
-
- /**
- * Returns the next sibling element of the specified node, or null if there
- * is no such element.
- *
- * @param node the node
- * @return the next sibling element of the specified node, or null if there
- * is no such element
- * @throws NullPointerException if <code>node == null</code>
- */
- public static Element getNextSiblingElement(Node node) {
- Node sibling = node.getNextSibling();
- while (sibling != null && sibling.getNodeType() != Node.ELEMENT_NODE) {
- sibling = sibling.getNextSibling();
- }
- return (Element)sibling;
- }
-
- /**
- * Returns the attribute value for the attribute with the specified name.
- * Returns null if there is no such attribute, or
- * the empty string if the attribute value is empty.
- *
- * <p>This works around a limitation of the DOM
- * <code>Element.getAttributeNode</code> method, which does not distinguish
- * between an unspecified attribute and an attribute with a value of
- * "" (it returns "" for both cases).
- *
- * @param elem the element containing the attribute
- * @param name the name of the attribute
- * @return the attribute value (may be null if unspecified)
- */
- public static String getAttributeValue(Element elem, String name) {
- Attr attr = elem.getAttributeNodeNS(null, name);
- return (attr == null) ? null : attr.getValue();
- }
-
- /**
- * Returns a Set of <code>Node</code>s, backed by the specified
- * <code>NodeList</code>.
- *
- * @param nl the NodeList
- * @return a Set of Nodes
- */
- public static Set<Node> nodeSet(NodeList nl) {
- return new NodeSet(nl);
- }
-
- static class NodeSet extends AbstractSet<Node> {
- private NodeList nl;
- public NodeSet(NodeList nl) {
- this.nl = nl;
- }
-
- public int size() { return nl.getLength(); }
- public Iterator<Node> iterator() {
- return new Iterator<Node>() {
- int index = 0;
-
- public void remove() {
- throw new UnsupportedOperationException();
- }
- public Node next() {
- if (!hasNext()) {
- throw new NoSuchElementException();
- }
- return nl.item(index++);
- }
- public boolean hasNext() {
- return index < nl.getLength() ? true : false;
- }
- };
- }
- }
-
- /**
- * Returns the prefix associated with the specified namespace URI
- *
- * @param context contains the namespace map
- * @param nsURI the namespace URI
- * @return the prefix associated with the specified namespace URI, or
- * null if not set
- */
- public static String getNSPrefix(XMLCryptoContext context, String nsURI) {
- if (context != null) {
- return context.getNamespacePrefix
- (nsURI, context.getDefaultNamespacePrefix());
- } else {
- return null;
- }
- }
-
- /**
- * Returns the prefix associated with the XML Signature namespace URI
- *
- * @param context contains the namespace map
- * @return the prefix associated with the specified namespace URI, or
- * null if not set
- */
- public static String getSignaturePrefix(XMLCryptoContext context) {
- return getNSPrefix(context, XMLSignature.XMLNS);
- }
-
- /**
- * Removes all children nodes from the specified node.
- *
- * @param node the parent node whose children are to be removed
- */
- public static void removeAllChildren(Node node) {
- NodeList children = node.getChildNodes();
- for (int i = 0, length = children.getLength(); i < length; i++) {
- node.removeChild(children.item(i));
- }
- }
-
- /**
- * Compares 2 nodes for equality. Implementation is not complete.
- */
- public static boolean nodesEqual(Node thisNode, Node otherNode) {
- if (thisNode == otherNode) {
- return true;
- }
- if (thisNode.getNodeType() != otherNode.getNodeType()) {
- return false;
- }
- // FIXME - test content, etc
- return true;
- }
-
- /**
- * Checks if child element has same owner document before
- * appending to the parent, and imports it to the parent's document
- * if necessary.
- */
- public static void appendChild(Node parent, Node child) {
- Document ownerDoc = getOwnerDocument(parent);
- if (child.getOwnerDocument() != ownerDoc) {
- parent.appendChild(ownerDoc.importNode(child, true));
- } else {
- parent.appendChild(child);
- }
- }
-
- public static boolean paramsEqual(AlgorithmParameterSpec spec1,
- AlgorithmParameterSpec spec2) {
- if (spec1 == spec2) {
- return true;
- }
- if (spec1 instanceof XPathFilter2ParameterSpec &&
- spec2 instanceof XPathFilter2ParameterSpec) {
- return paramsEqual((XPathFilter2ParameterSpec)spec1,
- (XPathFilter2ParameterSpec)spec2);
- }
- if (spec1 instanceof ExcC14NParameterSpec &&
- spec2 instanceof ExcC14NParameterSpec) {
- return paramsEqual((ExcC14NParameterSpec) spec1,
- (ExcC14NParameterSpec)spec2);
- }
- if (spec1 instanceof XPathFilterParameterSpec &&
- spec2 instanceof XPathFilterParameterSpec) {
- return paramsEqual((XPathFilterParameterSpec)spec1,
- (XPathFilterParameterSpec)spec2);
- }
- if (spec1 instanceof XSLTTransformParameterSpec &&
- spec2 instanceof XSLTTransformParameterSpec) {
- return paramsEqual((XSLTTransformParameterSpec)spec1,
- (XSLTTransformParameterSpec)spec2);
- }
- return false;
- }
-
- private static boolean paramsEqual(XPathFilter2ParameterSpec spec1,
- XPathFilter2ParameterSpec spec2)
- {
- @SuppressWarnings("unchecked")
- List<XPathType> types = spec1.getXPathList();
- @SuppressWarnings("unchecked")
- List<XPathType> otypes = spec2.getXPathList();
- int size = types.size();
- if (size != otypes.size()) {
- return false;
- }
- for (int i = 0; i < size; i++) {
- XPathType type = types.get(i);
- XPathType otype = otypes.get(i);
- if (!type.getExpression().equals(otype.getExpression()) ||
- !type.getNamespaceMap().equals(otype.getNamespaceMap()) ||
- type.getFilter() != otype.getFilter()) {
- return false;
- }
- }
- return true;
- }
-
- private static boolean paramsEqual(ExcC14NParameterSpec spec1,
- ExcC14NParameterSpec spec2)
- {
- return spec1.getPrefixList().equals(spec2.getPrefixList());
- }
-
- private static boolean paramsEqual(XPathFilterParameterSpec spec1,
- XPathFilterParameterSpec spec2)
- {
- return (spec1.getXPath().equals(spec2.getXPath()) &&
- spec1.getNamespaceMap().equals(spec2.getNamespaceMap()));
- }
-
- private static boolean paramsEqual(XSLTTransformParameterSpec spec1,
- XSLTTransformParameterSpec spec2)
- {
-
- XMLStructure ostylesheet = spec2.getStylesheet();
- if (!(ostylesheet instanceof javax.xml.crypto.dom.DOMStructure)) {
- return false;
- }
- Node ostylesheetElem =
- ((javax.xml.crypto.dom.DOMStructure) ostylesheet).getNode();
- XMLStructure stylesheet = spec1.getStylesheet();
- Node stylesheetElem =
- ((javax.xml.crypto.dom.DOMStructure) stylesheet).getNode();
- return nodesEqual(stylesheetElem, ostylesheetElem);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMX509Data.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.io.ByteArrayInputStream;
-import java.security.cert.*;
-import java.util.*;
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
-import javax.xml.crypto.dsig.keyinfo.X509Data;
-import javax.security.auth.x500.X500Principal;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.utils.Base64;
-
-/**
- * DOM-based implementation of X509Data.
- *
- * @author Sean Mullan
- */
-//@@@ check for illegal combinations of data violating MUSTs in W3c spec
-public final class DOMX509Data extends DOMStructure implements X509Data {
-
- private final List<Object> content;
- private CertificateFactory cf;
-
- /**
- * Creates a DOMX509Data.
- *
- * @param content a list of one or more X.509 data types. Valid types are
- * {@link String} (subject names), <code>byte[]</code> (subject key ids),
- * {@link java.security.cert.X509Certificate}, {@link X509CRL},
- * or {@link javax.xml.dsig.XMLStructure} ({@link X509IssuerSerial}
- * objects or elements from an external namespace). The list is
- * defensively copied to protect against subsequent modification.
- * @return a <code>X509Data</code>
- * @throws NullPointerException if <code>content</code> is <code>null</code>
- * @throws IllegalArgumentException if <code>content</code> is empty
- * @throws ClassCastException if <code>content</code> contains any entries
- * that are not of one of the valid types mentioned above
- */
- public DOMX509Data(List<?> content) {
- if (content == null) {
- throw new NullPointerException("content cannot be null");
- }
- List<Object> contentCopy = new ArrayList<Object>(content);
- if (contentCopy.isEmpty()) {
- throw new IllegalArgumentException("content cannot be empty");
- }
- for (int i = 0, size = contentCopy.size(); i < size; i++) {
- Object x509Type = contentCopy.get(i);
- if (x509Type instanceof String) {
- new X500Principal((String)x509Type);
- } else if (!(x509Type instanceof byte[]) &&
- !(x509Type instanceof X509Certificate) &&
- !(x509Type instanceof X509CRL) &&
- !(x509Type instanceof XMLStructure)) {
- throw new ClassCastException
- ("content["+i+"] is not a valid X509Data type");
- }
- }
- this.content = Collections.unmodifiableList(contentCopy);
- }
-
- /**
- * Creates a <code>DOMX509Data</code> from an element.
- *
- * @param xdElem an X509Data element
- * @throws MarshalException if there is an error while unmarshalling
- */
- public DOMX509Data(Element xdElem) throws MarshalException {
- // get all children nodes
- NodeList nl = xdElem.getChildNodes();
- int length = nl.getLength();
- List<Object> content = new ArrayList<Object>(length);
- for (int i = 0; i < length; i++) {
- Node child = nl.item(i);
- // ignore all non-Element nodes
- if (child.getNodeType() != Node.ELEMENT_NODE) {
- continue;
- }
-
- Element childElem = (Element)child;
- String localName = childElem.getLocalName();
- if (localName.equals("X509Certificate")) {
- content.add(unmarshalX509Certificate(childElem));
- } else if (localName.equals("X509IssuerSerial")) {
- content.add(new DOMX509IssuerSerial(childElem));
- } else if (localName.equals("X509SubjectName")) {
- content.add(childElem.getFirstChild().getNodeValue());
- } else if (localName.equals("X509SKI")) {
- try {
- content.add(Base64.decode(childElem));
- } catch (Base64DecodingException bde) {
- throw new MarshalException("cannot decode X509SKI", bde);
- }
- } else if (localName.equals("X509CRL")) {
- content.add(unmarshalX509CRL(childElem));
- } else {
- content.add(new javax.xml.crypto.dom.DOMStructure(childElem));
- }
- }
- this.content = Collections.unmodifiableList(content);
- }
-
- public List getContent() {
- return content;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
- Element xdElem = DOMUtils.createElement(ownerDoc, "X509Data",
- XMLSignature.XMLNS, dsPrefix);
-
- // append children and preserve order
- for (int i = 0, size = content.size(); i < size; i++) {
- Object object = content.get(i);
- if (object instanceof X509Certificate) {
- marshalCert((X509Certificate)object,xdElem,ownerDoc,dsPrefix);
- } else if (object instanceof XMLStructure) {
- if (object instanceof X509IssuerSerial) {
- ((DOMX509IssuerSerial)object).marshal
- (xdElem, dsPrefix, context);
- } else {
- javax.xml.crypto.dom.DOMStructure domContent =
- (javax.xml.crypto.dom.DOMStructure)object;
- DOMUtils.appendChild(xdElem, domContent.getNode());
- }
- } else if (object instanceof byte[]) {
- marshalSKI((byte[])object, xdElem, ownerDoc, dsPrefix);
- } else if (object instanceof String) {
- marshalSubjectName((String)object, xdElem, ownerDoc,dsPrefix);
- } else if (object instanceof X509CRL) {
- marshalCRL((X509CRL)object, xdElem, ownerDoc, dsPrefix);
- }
- }
-
- parent.appendChild(xdElem);
- }
-
- private void marshalSKI(byte[] skid, Node parent, Document doc,
- String dsPrefix)
- {
- Element skidElem = DOMUtils.createElement(doc, "X509SKI",
- XMLSignature.XMLNS, dsPrefix);
- skidElem.appendChild(doc.createTextNode(Base64.encode(skid)));
- parent.appendChild(skidElem);
- }
-
- private void marshalSubjectName(String name, Node parent, Document doc,
- String dsPrefix)
- {
- Element snElem = DOMUtils.createElement(doc, "X509SubjectName",
- XMLSignature.XMLNS, dsPrefix);
- snElem.appendChild(doc.createTextNode(name));
- parent.appendChild(snElem);
- }
-
- private void marshalCert(X509Certificate cert, Node parent, Document doc,
- String dsPrefix)
- throws MarshalException
- {
- Element certElem = DOMUtils.createElement(doc, "X509Certificate",
- XMLSignature.XMLNS, dsPrefix);
- try {
- certElem.appendChild(doc.createTextNode
- (Base64.encode(cert.getEncoded())));
- } catch (CertificateEncodingException e) {
- throw new MarshalException("Error encoding X509Certificate", e);
- }
- parent.appendChild(certElem);
- }
-
- private void marshalCRL(X509CRL crl, Node parent, Document doc,
- String dsPrefix)
- throws MarshalException
- {
- Element crlElem = DOMUtils.createElement(doc, "X509CRL",
- XMLSignature.XMLNS, dsPrefix);
- try {
- crlElem.appendChild(doc.createTextNode
- (Base64.encode(crl.getEncoded())));
- } catch (CRLException e) {
- throw new MarshalException("Error encoding X509CRL", e);
- }
- parent.appendChild(crlElem);
- }
-
- private X509Certificate unmarshalX509Certificate(Element elem)
- throws MarshalException
- {
- try {
- ByteArrayInputStream bs = unmarshalBase64Binary(elem);
- return (X509Certificate)cf.generateCertificate(bs);
- } catch (CertificateException e) {
- throw new MarshalException("Cannot create X509Certificate", e);
- }
- }
-
- private X509CRL unmarshalX509CRL(Element elem) throws MarshalException {
- try {
- ByteArrayInputStream bs = unmarshalBase64Binary(elem);
- return (X509CRL)cf.generateCRL(bs);
- } catch (CRLException e) {
- throw new MarshalException("Cannot create X509CRL", e);
- }
- }
-
- private ByteArrayInputStream unmarshalBase64Binary(Element elem)
- throws MarshalException {
- try {
- if (cf == null) {
- cf = CertificateFactory.getInstance("X.509");
- }
- return new ByteArrayInputStream(Base64.decode(elem));
- } catch (CertificateException e) {
- throw new MarshalException("Cannot create CertificateFactory", e);
- } catch (Base64DecodingException bde) {
- throw new MarshalException("Cannot decode Base64-encoded val", bde);
- }
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof X509Data)) {
- return false;
- }
- X509Data oxd = (X509Data)o;
-
- @SuppressWarnings("unchecked") List<Object> ocontent = oxd.getContent();
- int size = content.size();
- if (size != ocontent.size()) {
- return false;
- }
-
- for (int i = 0; i < size; i++) {
- Object x = content.get(i);
- Object ox = ocontent.get(i);
- if (x instanceof byte[]) {
- if (!(ox instanceof byte[]) ||
- !Arrays.equals((byte[])x, (byte[])ox)) {
- return false;
- }
- } else {
- if (!(x.equals(ox))) {
- return false;
- }
- }
- }
-
- return true;
- }
-
- @Override
- public int hashCode() {
- assert false : "hashCode not designed";
- return 42; // any arbitrary constant will do
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMX509IssuerSerial.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
-
-import java.math.BigInteger;
-import javax.security.auth.x500.X500Principal;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * DOM-based implementation of X509IssuerSerial.
- *
- * @author Sean Mullan
- */
-public final class DOMX509IssuerSerial extends DOMStructure
- implements X509IssuerSerial {
-
- private final String issuerName;
- private final BigInteger serialNumber;
-
- /**
- * Creates a <code>DOMX509IssuerSerial</code> containing the specified
- * issuer distinguished name/serial number pair.
- *
- * @param issuerName the X.509 issuer distinguished name in RFC 2253
- * String format
- * @param serialNumber the serial number
- * @throws IllegalArgumentException if the format of <code>issuerName</code>
- * is not RFC 2253 compliant
- * @throws NullPointerException if <code>issuerName</code> or
- * <code>serialNumber</code> is <code>null</code>
- */
- public DOMX509IssuerSerial(String issuerName, BigInteger serialNumber) {
- if (issuerName == null) {
- throw new NullPointerException("issuerName cannot be null");
- }
- if (serialNumber == null) {
- throw new NullPointerException("serialNumber cannot be null");
- }
- // check that issuer distinguished name conforms to RFC 2253
- new X500Principal(issuerName);
- this.issuerName = issuerName;
- this.serialNumber = serialNumber;
- }
-
- /**
- * Creates a <code>DOMX509IssuerSerial</code> from an element.
- *
- * @param isElem an X509IssuerSerial element
- */
- public DOMX509IssuerSerial(Element isElem) {
- Element iNElem = DOMUtils.getFirstChildElement(isElem);
- Element sNElem = DOMUtils.getNextSiblingElement(iNElem);
- issuerName = iNElem.getFirstChild().getNodeValue();
- serialNumber = new BigInteger(sNElem.getFirstChild().getNodeValue());
- }
-
- public String getIssuerName() {
- return issuerName;
- }
-
- public BigInteger getSerialNumber() {
- return serialNumber;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
-
- Element isElem = DOMUtils.createElement(ownerDoc, "X509IssuerSerial",
- XMLSignature.XMLNS, dsPrefix);
- Element inElem = DOMUtils.createElement(ownerDoc, "X509IssuerName",
- XMLSignature.XMLNS, dsPrefix);
- Element snElem = DOMUtils.createElement(ownerDoc, "X509SerialNumber",
- XMLSignature.XMLNS, dsPrefix);
- inElem.appendChild(ownerDoc.createTextNode(issuerName));
- snElem.appendChild(ownerDoc.createTextNode(serialNumber.toString()));
- isElem.appendChild(inElem);
- isElem.appendChild(snElem);
- parent.appendChild(isElem);
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj) {
- return true;
- }
- if (!(obj instanceof X509IssuerSerial)) {
- return false;
- }
- X509IssuerSerial ois = (X509IssuerSerial)obj;
- return (issuerName.equals(ois.getIssuerName()) &&
- serialNumber.equals(ois.getSerialNumber()));
- }
-
- @Override
- public int hashCode() {
- int result = 17;
- if (issuerName != null) {
- result = 31 * result + issuerName.hashCode();
- }
- if (serialNumber != null) {
- result = 31 * result + serialNumber.hashCode();
- }
-
- return result;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMXMLObject.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-
-import java.security.Provider;
-import java.util.*;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * DOM-based implementation of XMLObject.
- *
- * @author Sean Mullan
- */
-public final class DOMXMLObject extends DOMStructure implements XMLObject {
-
- private final String id;
- private final String mimeType;
- private final String encoding;
- private final List<XMLStructure> content;
- private Element objectElem;
-
- /**
- * Creates an <code>XMLObject</code> from the specified parameters.
- *
- * @param content a list of {@link XMLStructure}s. The list
- * is defensively copied to protect against subsequent modification.
- * May be <code>null</code> or empty.
- * @param id the Id (may be <code>null</code>)
- * @param mimeType the mime type (may be <code>null</code>)
- * @param encoding the encoding (may be <code>null</code>)
- * @return an <code>XMLObject</code>
- * @throws ClassCastException if <code>content</code> contains any
- * entries that are not of type {@link XMLStructure}
- */
- public DOMXMLObject(List<? extends XMLStructure> content, String id,
- String mimeType, String encoding)
- {
- if (content == null || content.isEmpty()) {
- this.content = Collections.emptyList();
- } else {
- this.content = Collections.unmodifiableList(
- new ArrayList<XMLStructure>(content));
- for (int i = 0, size = this.content.size(); i < size; i++) {
- if (!(this.content.get(i) instanceof XMLStructure)) {
- throw new ClassCastException
- ("content["+i+"] is not a valid type");
- }
- }
- }
- this.id = id;
- this.mimeType = mimeType;
- this.encoding = encoding;
- }
-
- /**
- * Creates an <code>XMLObject</code> from an element.
- *
- * @param objElem an Object element
- * @throws MarshalException if there is an error when unmarshalling
- */
- public DOMXMLObject(Element objElem, XMLCryptoContext context,
- Provider provider)
- throws MarshalException
- {
- // unmarshal attributes
- this.encoding = DOMUtils.getAttributeValue(objElem, "Encoding");
-
- Attr attr = objElem.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- this.id = attr.getValue();
- objElem.setIdAttributeNode(attr, true);
- } else {
- this.id = null;
- }
- this.mimeType = DOMUtils.getAttributeValue(objElem, "MimeType");
-
- NodeList nodes = objElem.getChildNodes();
- int length = nodes.getLength();
- List<XMLStructure> content = new ArrayList<XMLStructure>(length);
- for (int i = 0; i < length; i++) {
- Node child = nodes.item(i);
- if (child.getNodeType() == Node.ELEMENT_NODE) {
- Element childElem = (Element)child;
- String tag = childElem.getLocalName();
- if (tag.equals("Manifest")) {
- content.add(new DOMManifest(childElem, context, provider));
- continue;
- } else if (tag.equals("SignatureProperties")) {
- content.add(new DOMSignatureProperties(childElem, context));
- continue;
- } else if (tag.equals("X509Data")) {
- content.add(new DOMX509Data(childElem));
- continue;
- }
- //@@@FIXME: check for other dsig structures
- }
- content.add(new javax.xml.crypto.dom.DOMStructure(child));
- }
- if (content.isEmpty()) {
- this.content = Collections.emptyList();
- } else {
- this.content = Collections.unmodifiableList(content);
- }
- this.objectElem = objElem;
- }
-
- public List getContent() {
- return content;
- }
-
- public String getId() {
- return id;
- }
-
- public String getMimeType() {
- return mimeType;
- }
-
- public String getEncoding() {
- return encoding;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException {
- Document ownerDoc = DOMUtils.getOwnerDocument(parent);
-
- Element objElem = objectElem != null ? objectElem : null;
- if (objElem == null) {
- objElem = DOMUtils.createElement(ownerDoc, "Object",
- XMLSignature.XMLNS, dsPrefix);
-
- // set attributes
- DOMUtils.setAttributeID(objElem, "Id", id);
- DOMUtils.setAttribute(objElem, "MimeType", mimeType);
- DOMUtils.setAttribute(objElem, "Encoding", encoding);
-
- // create and append any elements and mixed content, if necessary
- for (XMLStructure object : content) {
- if (object instanceof DOMStructure) {
- ((DOMStructure)object).marshal(objElem, dsPrefix, context);
- } else {
- javax.xml.crypto.dom.DOMStructure domObject =
- (javax.xml.crypto.dom.DOMStructure)object;
- DOMUtils.appendChild(objElem, domObject.getNode());
- }
- }
- }
-
- parent.appendChild(objElem);
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof XMLObject)) {
- return false;
- }
- XMLObject oxo = (XMLObject)o;
-
- boolean idsEqual = (id == null ? oxo.getId() == null
- : id.equals(oxo.getId()));
- boolean encodingsEqual =
- (encoding == null ? oxo.getEncoding() == null
- : encoding.equals(oxo.getEncoding()));
- boolean mimeTypesEqual =
- (mimeType == null ? oxo.getMimeType() == null
- : mimeType.equals(oxo.getMimeType()));
-
- @SuppressWarnings("unchecked")
- List<XMLStructure> oxoContent = oxo.getContent();
- return (idsEqual && encodingsEqual && mimeTypesEqual &&
- equalsContent(oxoContent));
- }
-
- @Override
- public int hashCode() {
- assert false : "hashCode not designed";
- return 42; // any arbitrary constant will do
- }
-
- private boolean equalsContent(List<XMLStructure> otherContent) {
- if (content.size() != otherContent.size()) {
- return false;
- }
- for (int i = 0, osize = otherContent.size(); i < osize; i++) {
- XMLStructure oxs = otherContent.get(i);
- XMLStructure xs = content.get(i);
- if (oxs instanceof javax.xml.crypto.dom.DOMStructure) {
- if (!(xs instanceof javax.xml.crypto.dom.DOMStructure)) {
- return false;
- }
- Node onode = ((javax.xml.crypto.dom.DOMStructure)oxs).getNode();
- Node node = ((javax.xml.crypto.dom.DOMStructure)xs).getNode();
- if (!DOMUtils.nodesEqual(node, onode)) {
- return false;
- }
- } else {
- if (!(xs.equals(oxs))) {
- return false;
- }
- }
- }
-
- return true;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Portions copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * ===========================================================================
- *
- * (C) Copyright IBM Corp. 2003 All Rights Reserved.
- *
- * ===========================================================================
- */
-/*
- * $Id: DOMXMLSignature.java 1333415 2012-05-03 12:03:51Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.dom.DOMValidateContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.Provider;
-import java.util.Collections;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.utils.Base64;
-
-/**
- * DOM-based implementation of XMLSignature.
- *
- * @author Sean Mullan
- * @author Joyce Leung
- */
-public final class DOMXMLSignature extends DOMStructure
- implements XMLSignature {
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DOMXMLSignature.class);
- private String id;
- private SignatureValue sv;
- private KeyInfo ki;
- private List<XMLObject> objects;
- private SignedInfo si;
- private Document ownerDoc = null;
- private Element localSigElem = null;
- private Element sigElem = null;
- private boolean validationStatus;
- private boolean validated = false;
- private KeySelectorResult ksr;
- private HashMap<String, XMLStructure> signatureIdMap;
-
- static {
- org.apache.xml.security.Init.init();
- }
-
- /**
- * Creates a <code>DOMXMLSignature</code> from the specified components.
- *
- * @param si the <code>SignedInfo</code>
- * @param ki the <code>KeyInfo</code>, or <code>null</code> if not specified
- * @param objs a list of <code>XMLObject</code>s or <code>null</code>
- * if not specified. The list is copied to protect against subsequent
- * modification.
- * @param id an optional id (specify <code>null</code> to omit)
- * @param signatureValueId an optional id (specify <code>null</code> to
- * omit)
- * @throws NullPointerException if <code>si</code> is <code>null</code>
- */
- public DOMXMLSignature(SignedInfo si, KeyInfo ki,
- List<? extends XMLObject> objs,
- String id, String signatureValueId)
- {
- if (si == null) {
- throw new NullPointerException("signedInfo cannot be null");
- }
- this.si = si;
- this.id = id;
- this.sv = new DOMSignatureValue(signatureValueId);
- if (objs == null) {
- this.objects = Collections.emptyList();
- } else {
- this.objects =
- Collections.unmodifiableList(new ArrayList<XMLObject>(objs));
- for (int i = 0, size = this.objects.size(); i < size; i++) {
- if (!(this.objects.get(i) instanceof XMLObject)) {
- throw new ClassCastException
- ("objs["+i+"] is not an XMLObject");
- }
- }
- }
- this.ki = ki;
- }
-
- /**
- * Creates a <code>DOMXMLSignature</code> from XML.
- *
- * @param sigElem Signature element
- * @throws MarshalException if XMLSignature cannot be unmarshalled
- */
- public DOMXMLSignature(Element sigElem, XMLCryptoContext context,
- Provider provider)
- throws MarshalException
- {
- localSigElem = sigElem;
- ownerDoc = localSigElem.getOwnerDocument();
-
- // get Id attribute, if specified
- id = DOMUtils.getAttributeValue(localSigElem, "Id");
-
- // unmarshal SignedInfo
- Element siElem = DOMUtils.getFirstChildElement(localSigElem);
- si = new DOMSignedInfo(siElem, context, provider);
-
- // unmarshal SignatureValue
- Element sigValElem = DOMUtils.getNextSiblingElement(siElem);
- sv = new DOMSignatureValue(sigValElem, context);
-
- // unmarshal KeyInfo, if specified
- Element nextSibling = DOMUtils.getNextSiblingElement(sigValElem);
- if (nextSibling != null && nextSibling.getLocalName().equals("KeyInfo")) {
- ki = new DOMKeyInfo(nextSibling, context, provider);
- nextSibling = DOMUtils.getNextSiblingElement(nextSibling);
- }
-
- // unmarshal Objects, if specified
- if (nextSibling == null) {
- objects = Collections.emptyList();
- } else {
- List<XMLObject> tempObjects = new ArrayList<XMLObject>();
- while (nextSibling != null) {
- tempObjects.add(new DOMXMLObject(nextSibling,
- context, provider));
- nextSibling = DOMUtils.getNextSiblingElement(nextSibling);
- }
- objects = Collections.unmodifiableList(tempObjects);
- }
- }
-
- public String getId() {
- return id;
- }
-
- public KeyInfo getKeyInfo() {
- return ki;
- }
-
- public SignedInfo getSignedInfo() {
- return si;
- }
-
- public List getObjects() {
- return objects;
- }
-
- public SignatureValue getSignatureValue() {
- return sv;
- }
-
- public KeySelectorResult getKeySelectorResult() {
- return ksr;
- }
-
- public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
- throws MarshalException
- {
- marshal(parent, null, dsPrefix, context);
- }
-
- public void marshal(Node parent, Node nextSibling, String dsPrefix,
- DOMCryptoContext context)
- throws MarshalException
- {
- ownerDoc = DOMUtils.getOwnerDocument(parent);
- sigElem = DOMUtils.createElement(ownerDoc, "Signature",
- XMLSignature.XMLNS, dsPrefix);
-
- // append xmlns attribute
- if (dsPrefix == null || dsPrefix.length() == 0) {
- sigElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns",
- XMLSignature.XMLNS);
- } else {
- sigElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" +
- dsPrefix, XMLSignature.XMLNS);
- }
-
- // create and append SignedInfo element
- ((DOMSignedInfo)si).marshal(sigElem, dsPrefix, context);
-
- // create and append SignatureValue element
- ((DOMSignatureValue)sv).marshal(sigElem, dsPrefix, context);
-
- // create and append KeyInfo element if necessary
- if (ki != null) {
- ((DOMKeyInfo)ki).marshal(sigElem, null, dsPrefix, context);
- }
-
- // create and append Object elements if necessary
- for (int i = 0, size = objects.size(); i < size; i++) {
- ((DOMXMLObject)objects.get(i)).marshal(sigElem, dsPrefix, context);
- }
-
- // append Id attribute
- DOMUtils.setAttributeID(sigElem, "Id", id);
-
- parent.insertBefore(sigElem, nextSibling);
- }
-
- public boolean validate(XMLValidateContext vc)
- throws XMLSignatureException
- {
- if (vc == null) {
- throw new NullPointerException("validateContext is null");
- }
-
- if (!(vc instanceof DOMValidateContext)) {
- throw new ClassCastException
- ("validateContext must be of type DOMValidateContext");
- }
-
- if (validated) {
- return validationStatus;
- }
-
- // validate the signature
- boolean sigValidity = sv.validate(vc);
- if (!sigValidity) {
- validationStatus = false;
- validated = true;
- return validationStatus;
- }
-
- // validate all References
- @SuppressWarnings("unchecked")
- List<Reference> refs = this.si.getReferences();
- boolean validateRefs = true;
- for (int i = 0, size = refs.size(); validateRefs && i < size; i++) {
- Reference ref = refs.get(i);
- boolean refValid = ref.validate(vc);
- if (log.isDebugEnabled()) {
- log.debug("Reference[" + ref.getURI() + "] is valid: " + refValid);
- }
- validateRefs &= refValid;
- }
- if (!validateRefs) {
- if (log.isDebugEnabled()) {
- log.debug("Couldn't validate the References");
- }
- validationStatus = false;
- validated = true;
- return validationStatus;
- }
-
- // validate Manifests, if property set
- boolean validateMans = true;
- if (Boolean.TRUE.equals(vc.getProperty
- ("org.jcp.xml.dsig.validateManifests")))
- {
- for (int i=0, size=objects.size(); validateMans && i < size; i++) {
- XMLObject xo = objects.get(i);
- @SuppressWarnings("unchecked")
- List<XMLStructure> content = xo.getContent();
- int csize = content.size();
- for (int j = 0; validateMans && j < csize; j++) {
- XMLStructure xs = content.get(j);
- if (xs instanceof Manifest) {
- if (log.isDebugEnabled()) {
- log.debug("validating manifest");
- }
- Manifest man = (Manifest)xs;
- @SuppressWarnings("unchecked")
- List<Reference> manRefs = man.getReferences();
- int rsize = manRefs.size();
- for (int k = 0; validateMans && k < rsize; k++) {
- Reference ref = manRefs.get(k);
- boolean refValid = ref.validate(vc);
- if (log.isDebugEnabled()) {
- log.debug(
- "Manifest ref[" + ref.getURI() + "] is valid: " + refValid
- );
- }
- validateMans &= refValid;
- }
- }
- }
- }
- }
-
- validationStatus = validateMans;
- validated = true;
- return validationStatus;
- }
-
- public void sign(XMLSignContext signContext)
- throws MarshalException, XMLSignatureException
- {
- if (signContext == null) {
- throw new NullPointerException("signContext cannot be null");
- }
- DOMSignContext context = (DOMSignContext)signContext;
- marshal(context.getParent(), context.getNextSibling(),
- DOMUtils.getSignaturePrefix(context), context);
-
- // generate references and signature value
- List<Reference> allReferences = new ArrayList<Reference>();
-
- // traverse the Signature and register all objects with IDs that
- // may contain References
- signatureIdMap = new HashMap<String, XMLStructure>();
- signatureIdMap.put(id, this);
- signatureIdMap.put(si.getId(), si);
- @SuppressWarnings("unchecked")
- List<Reference> refs = si.getReferences();
- for (Reference ref : refs) {
- signatureIdMap.put(ref.getId(), ref);
- }
- for (XMLObject obj : objects) {
- signatureIdMap.put(obj.getId(), obj);
- @SuppressWarnings("unchecked")
- List<XMLStructure> content = obj.getContent();
- for (XMLStructure xs : content) {
- if (xs instanceof Manifest) {
- Manifest man = (Manifest)xs;
- signatureIdMap.put(man.getId(), man);
- @SuppressWarnings("unchecked")
- List<Reference> manRefs = man.getReferences();
- for (Reference ref : manRefs) {
- allReferences.add(ref);
- signatureIdMap.put(ref.getId(), ref);
- }
- }
- }
- }
- // always add SignedInfo references after Manifest references so
- // that Manifest reference are digested first
- allReferences.addAll(refs);
-
- // generate/digest each reference
- for (Reference ref : allReferences) {
- digestReference((DOMReference)ref, signContext);
- }
-
- // do final sweep to digest any references that were skipped or missed
- for (Reference ref : allReferences) {
- if (((DOMReference)ref).isDigested()) {
- continue;
- }
- ((DOMReference)ref).digest(signContext);
- }
-
- Key signingKey = null;
- KeySelectorResult ksr = null;
- try {
- ksr = signContext.getKeySelector().select(ki,
- KeySelector.Purpose.SIGN,
- si.getSignatureMethod(),
- signContext);
- signingKey = ksr.getKey();
- if (signingKey == null) {
- throw new XMLSignatureException("the keySelector did not " +
- "find a signing key");
- }
- } catch (KeySelectorException kse) {
- throw new XMLSignatureException("cannot find signing key", kse);
- }
-
- // calculate signature value
- try {
- byte[] val = ((AbstractDOMSignatureMethod)
- si.getSignatureMethod()).sign(signingKey, si, signContext);
- ((DOMSignatureValue)sv).setValue(val);
- } catch (InvalidKeyException ike) {
- throw new XMLSignatureException(ike);
- }
-
- this.localSigElem = sigElem;
- this.ksr = ksr;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof XMLSignature)) {
- return false;
- }
- XMLSignature osig = (XMLSignature)o;
-
- boolean idEqual =
- (id == null ? osig.getId() == null : id.equals(osig.getId()));
- boolean keyInfoEqual =
- (ki == null ? osig.getKeyInfo() == null
- : ki.equals(osig.getKeyInfo()));
-
- return (idEqual && keyInfoEqual &&
- sv.equals(osig.getSignatureValue()) &&
- si.equals(osig.getSignedInfo()) &&
- objects.equals(osig.getObjects()));
- }
-
- @Override
- public int hashCode() {
- assert false : "hashCode not designed";
- return 42; // any arbitrary constant will do
- }
-
- private void digestReference(DOMReference ref, XMLSignContext signContext)
- throws XMLSignatureException
- {
- if (ref.isDigested()) {
- return;
- }
- // check dependencies
- String uri = ref.getURI();
- if (Utils.sameDocumentURI(uri)) {
- String id = Utils.parseIdFromSameDocumentURI(uri);
- if (id != null && signatureIdMap.containsKey(id)) {
- XMLStructure xs = signatureIdMap.get(id);
- if (xs instanceof DOMReference) {
- digestReference((DOMReference)xs, signContext);
- } else if (xs instanceof Manifest) {
- Manifest man = (Manifest)xs;
- List manRefs = man.getReferences();
- for (int i = 0, size = manRefs.size(); i < size; i++) {
- digestReference((DOMReference)manRefs.get(i),
- signContext);
- }
- }
- }
- // if uri="" and there are XPath Transforms, there may be
- // reference dependencies in the XPath Transform - so be on
- // the safe side, and skip and do at end in the final sweep
- if (uri.length() == 0) {
- @SuppressWarnings("unchecked")
- List<Transform> transforms = ref.getTransforms();
- for (Transform transform : transforms) {
- String transformAlg = transform.getAlgorithm();
- if (transformAlg.equals(Transform.XPATH) ||
- transformAlg.equals(Transform.XPATH2)) {
- return;
- }
- }
- }
- }
- ref.digest(signContext);
- }
-
- public class DOMSignatureValue extends DOMStructure
- implements SignatureValue
- {
- private String id;
- private byte[] value;
- private String valueBase64;
- private Element sigValueElem;
- private boolean validated = false;
- private boolean validationStatus;
-
- DOMSignatureValue(String id) {
- this.id = id;
- }
-
- DOMSignatureValue(Element sigValueElem, XMLCryptoContext context)
- throws MarshalException
- {
- try {
- // base64 decode signatureValue
- value = Base64.decode(sigValueElem);
- } catch (Base64DecodingException bde) {
- throw new MarshalException(bde);
- }
-
- Attr attr = sigValueElem.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- id = attr.getValue();
- sigValueElem.setIdAttributeNode(attr, true);
- } else {
- id = null;
- }
- this.sigValueElem = sigValueElem;
- }
-
- public String getId() {
- return id;
- }
-
- public byte[] getValue() {
- return (value == null) ? null : (byte[])value.clone();
- }
-
- public boolean validate(XMLValidateContext validateContext)
- throws XMLSignatureException
- {
- if (validateContext == null) {
- throw new NullPointerException("context cannot be null");
- }
-
- if (validated) {
- return validationStatus;
- }
-
- // get validating key
- SignatureMethod sm = si.getSignatureMethod();
- Key validationKey = null;
- KeySelectorResult ksResult;
- try {
- ksResult = validateContext.getKeySelector().select
- (ki, KeySelector.Purpose.VERIFY, sm, validateContext);
- validationKey = ksResult.getKey();
- if (validationKey == null) {
- throw new XMLSignatureException("the keyselector did not " +
- "find a validation key");
- }
- } catch (KeySelectorException kse) {
- throw new XMLSignatureException("cannot find validation " +
- "key", kse);
- }
-
- // canonicalize SignedInfo and verify signature
- try {
- validationStatus = ((AbstractDOMSignatureMethod)sm).verify
- (validationKey, si, value, validateContext);
- } catch (Exception e) {
- throw new XMLSignatureException(e);
- }
-
- validated = true;
- ksr = ksResult;
- return validationStatus;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
-
- if (!(o instanceof SignatureValue)) {
- return false;
- }
- SignatureValue osv = (SignatureValue)o;
-
- boolean idEqual =
- (id == null ? osv.getId() == null : id.equals(osv.getId()));
-
- //XXX compare signature values?
- return idEqual;
- }
-
- @Override
- public int hashCode() {
- assert false : "hashCode not designed";
- return 42; // any arbitrary constant will do
- }
-
- public void marshal(Node parent, String dsPrefix,
- DOMCryptoContext context)
- throws MarshalException
- {
- // create SignatureValue element
- sigValueElem = DOMUtils.createElement(ownerDoc, "SignatureValue",
- XMLSignature.XMLNS, dsPrefix);
- if (valueBase64 != null) {
- sigValueElem.appendChild(ownerDoc.createTextNode(valueBase64));
- }
-
- // append Id attribute, if specified
- DOMUtils.setAttributeID(sigValueElem, "Id", id);
- parent.appendChild(sigValueElem);
- }
-
- void setValue(byte[] value) {
- this.value = value;
- valueBase64 = Base64.encode(value);
- sigValueElem.appendChild(ownerDoc.createTextNode(valueBase64));
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMXMLSignatureFactory.java 1333869 2012-05-04 10:42:44Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.dom.DOMValidateContext;
-import javax.xml.crypto.dsig.keyinfo.*;
-import javax.xml.crypto.dsig.spec.*;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * DOM-based implementation of XMLSignatureFactory.
- *
- * @author Sean Mullan
- */
-public final class DOMXMLSignatureFactory extends XMLSignatureFactory {
-
- /**
- * Initializes a new instance of this class.
- */
- public DOMXMLSignatureFactory() {}
-
- public XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki) {
- return new DOMXMLSignature(si, ki, null, null, null);
- }
-
- @SuppressWarnings("unchecked")
- public XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki,
- List objects, String id, String signatureValueId) {
- return new DOMXMLSignature(si, ki, objects, id, signatureValueId);
- }
-
- public Reference newReference(String uri, DigestMethod dm) {
- return newReference(uri, dm, null, null, null);
- }
-
- @SuppressWarnings("unchecked")
- public Reference newReference(String uri, DigestMethod dm, List transforms,
- String type, String id) {
- return new DOMReference(uri, type, dm, transforms, id, getProvider());
- }
-
- @SuppressWarnings("unchecked")
- public Reference newReference(String uri, DigestMethod dm,
- List appliedTransforms, Data result, List transforms, String type,
- String id) {
- if (appliedTransforms == null) {
- throw new NullPointerException("appliedTransforms cannot be null");
- }
- if (appliedTransforms.isEmpty()) {
- throw new NullPointerException("appliedTransforms cannot be empty");
- }
- if (result == null) {
- throw new NullPointerException("result cannot be null");
- }
- return new DOMReference
- (uri, type, dm, appliedTransforms, result, transforms, id, getProvider());
- }
-
- @SuppressWarnings("unchecked")
- public Reference newReference(String uri, DigestMethod dm, List transforms,
- String type, String id, byte[] digestValue) {
- if (digestValue == null) {
- throw new NullPointerException("digestValue cannot be null");
- }
- return new DOMReference
- (uri, type, dm, null, null, transforms, id, digestValue, getProvider());
- }
-
- @SuppressWarnings("unchecked")
- public SignedInfo newSignedInfo(CanonicalizationMethod cm,
- SignatureMethod sm, List references) {
- return newSignedInfo(cm, sm, references, null);
- }
-
- @SuppressWarnings("unchecked")
- public SignedInfo newSignedInfo(CanonicalizationMethod cm,
- SignatureMethod sm, List references, String id) {
- return new DOMSignedInfo(cm, sm, references, id);
- }
-
- // Object factory methods
- @SuppressWarnings("unchecked")
- public XMLObject newXMLObject(List content, String id, String mimeType,
- String encoding) {
- return new DOMXMLObject(content, id, mimeType, encoding);
- }
-
- @SuppressWarnings("unchecked")
- public Manifest newManifest(List references) {
- return newManifest(references, null);
- }
-
- @SuppressWarnings("unchecked")
- public Manifest newManifest(List references, String id) {
- return new DOMManifest(references, id);
- }
-
- @SuppressWarnings("unchecked")
- public SignatureProperties newSignatureProperties(List props, String id) {
- return new DOMSignatureProperties(props, id);
- }
-
- @SuppressWarnings("unchecked")
- public SignatureProperty newSignatureProperty
- (List info, String target, String id) {
- return new DOMSignatureProperty(info, target, id);
- }
-
- public XMLSignature unmarshalXMLSignature(XMLValidateContext context)
- throws MarshalException {
-
- if (context == null) {
- throw new NullPointerException("context cannot be null");
- }
- return unmarshal(((DOMValidateContext) context).getNode(), context);
- }
-
- public XMLSignature unmarshalXMLSignature(XMLStructure xmlStructure)
- throws MarshalException {
-
- if (xmlStructure == null || !(xmlStructure instanceof javax.xml.crypto.dom.DOMStructure)) {
- throw new ClassCastException("xmlStructure must be of type DOMStructure");
- }
- return unmarshal
- (((javax.xml.crypto.dom.DOMStructure) xmlStructure).getNode(),
- new UnmarshalContext());
- }
-
- private static class UnmarshalContext extends DOMCryptoContext {
- UnmarshalContext() {}
- }
-
- private XMLSignature unmarshal(Node node, XMLCryptoContext context)
- throws MarshalException {
-
- node.normalize();
-
- Element element = null;
- if (node.getNodeType() == Node.DOCUMENT_NODE) {
- element = ((Document) node).getDocumentElement();
- } else if (node.getNodeType() == Node.ELEMENT_NODE) {
- element = (Element) node;
- } else {
- throw new MarshalException
- ("Signature element is not a proper Node");
- }
-
- // check tag
- String tag = element.getLocalName();
- if (tag == null) {
- throw new MarshalException("Document implementation must " +
- "support DOM Level 2 and be namespace aware");
- }
- if (tag.equals("Signature")) {
- return new DOMXMLSignature(element, context, getProvider());
- } else {
- throw new MarshalException("invalid Signature tag: " + tag);
- }
- }
-
- public boolean isFeatureSupported(String feature) {
- if (feature == null) {
- throw new NullPointerException();
- } else {
- return false;
- }
- }
-
- public DigestMethod newDigestMethod(String algorithm,
- DigestMethodParameterSpec params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException {
- if (algorithm == null) {
- throw new NullPointerException();
- }
- if (algorithm.equals(DigestMethod.SHA1)) {
- return new DOMDigestMethod.SHA1(params);
- } else if (algorithm.equals(DigestMethod.SHA256)) {
- return new DOMDigestMethod.SHA256(params);
- } else if (algorithm.equals(DOMDigestMethod.SHA384)) {
- return new DOMDigestMethod.SHA384(params);
- } else if (algorithm.equals(DigestMethod.SHA512)) {
- return new DOMDigestMethod.SHA512(params);
- } else {
- throw new NoSuchAlgorithmException("unsupported algorithm");
- }
- }
-
- public SignatureMethod newSignatureMethod(String algorithm,
- SignatureMethodParameterSpec params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException {
- if (algorithm == null) {
- throw new NullPointerException();
- }
- if (algorithm.equals(SignatureMethod.RSA_SHA1)) {
- return new DOMSignatureMethod.SHA1withRSA(params);
- } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA256)) {
- return new DOMSignatureMethod.SHA256withRSA(params);
- } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA384)) {
- return new DOMSignatureMethod.SHA384withRSA(params);
- } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512)) {
- return new DOMSignatureMethod.SHA512withRSA(params);
- } else if (algorithm.equals(SignatureMethod.DSA_SHA1)) {
- return new DOMSignatureMethod.SHA1withDSA(params);
- } else if (algorithm.equals(SignatureMethod.HMAC_SHA1)) {
- return new DOMHMACSignatureMethod.SHA1(params);
- } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA256)) {
- return new DOMHMACSignatureMethod.SHA256(params);
- } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA384)) {
- return new DOMHMACSignatureMethod.SHA384(params);
- } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA512)) {
- return new DOMHMACSignatureMethod.SHA512(params);
- } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA1)) {
- return new DOMSignatureMethod.SHA1withECDSA(params);
- } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA256)) {
- return new DOMSignatureMethod.SHA256withECDSA(params);
- } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA384)) {
- return new DOMSignatureMethod.SHA384withECDSA(params);
- } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA512)) {
- return new DOMSignatureMethod.SHA512withECDSA(params);
- } else {
- throw new NoSuchAlgorithmException("unsupported algorithm");
- }
- }
-
- public Transform newTransform(String algorithm,
- TransformParameterSpec params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException {
-
- TransformService spi;
- if (getProvider() == null) {
- spi = TransformService.getInstance(algorithm, "DOM");
- } else {
- try {
- spi = TransformService.getInstance(algorithm, "DOM", getProvider());
- } catch (NoSuchAlgorithmException nsae) {
- spi = TransformService.getInstance(algorithm, "DOM");
- }
- }
-
- spi.init(params);
- return new DOMTransform(spi);
- }
-
- public Transform newTransform(String algorithm,
- XMLStructure params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException {
- TransformService spi;
- if (getProvider() == null) {
- spi = TransformService.getInstance(algorithm, "DOM");
- } else {
- try {
- spi = TransformService.getInstance(algorithm, "DOM", getProvider());
- } catch (NoSuchAlgorithmException nsae) {
- spi = TransformService.getInstance(algorithm, "DOM");
- }
- }
-
- if (params == null) {
- spi.init(null);
- } else {
- spi.init(params, null);
- }
- return new DOMTransform(spi);
- }
-
- public CanonicalizationMethod newCanonicalizationMethod(String algorithm,
- C14NMethodParameterSpec params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException {
- TransformService spi;
- if (getProvider() == null) {
- spi = TransformService.getInstance(algorithm, "DOM");
- } else {
- try {
- spi = TransformService.getInstance(algorithm, "DOM", getProvider());
- } catch (NoSuchAlgorithmException nsae) {
- spi = TransformService.getInstance(algorithm, "DOM");
- }
- }
-
- spi.init(params);
- return new DOMCanonicalizationMethod(spi);
- }
-
- public CanonicalizationMethod newCanonicalizationMethod(String algorithm,
- XMLStructure params) throws NoSuchAlgorithmException,
- InvalidAlgorithmParameterException {
- TransformService spi;
- if (getProvider() == null) {
- spi = TransformService.getInstance(algorithm, "DOM");
- } else {
- try {
- spi = TransformService.getInstance(algorithm, "DOM", getProvider());
- } catch (NoSuchAlgorithmException nsae) {
- spi = TransformService.getInstance(algorithm, "DOM");
- }
- }
-
- return new DOMCanonicalizationMethod(spi);
- }
-
- public URIDereferencer getURIDereferencer() {
- return DOMURIDereferencer.INSTANCE;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * ===========================================================================
- *
- * (C) Copyright IBM Corp. 2003 All Rights Reserved.
- *
- * ===========================================================================
- */
-/*
- * Portions copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMXPathFilter2Transform.java 1203789 2011-11-18 18:46:07Z mullan $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-import javax.xml.crypto.dsig.spec.XPathType;
-import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec;
-import java.security.InvalidAlgorithmParameterException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-
-/**
- * DOM-based implementation of XPath Filter 2.0 Transform.
- * (Uses Apache XML-Sec Transform implementation)
- *
- * @author Joyce Leung
- */
-public final class DOMXPathFilter2Transform extends ApacheTransform {
-
- public void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params == null) {
- throw new InvalidAlgorithmParameterException("params are required");
- } else if (!(params instanceof XPathFilter2ParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("params must be of type XPathFilter2ParameterSpec");
- }
- this.params = params;
- }
-
- public void init(XMLStructure parent, XMLCryptoContext context)
- throws InvalidAlgorithmParameterException
- {
- super.init(parent, context);
- try {
- unmarshalParams(DOMUtils.getFirstChildElement(transformElem));
- } catch (MarshalException me) {
- throw new InvalidAlgorithmParameterException(me);
- }
- }
-
- private void unmarshalParams(Element curXPathElem) throws MarshalException
- {
- List<XPathType> list = new ArrayList<XPathType>();
- while (curXPathElem != null) {
- String xPath = curXPathElem.getFirstChild().getNodeValue();
- String filterVal = DOMUtils.getAttributeValue(curXPathElem,
- "Filter");
- if (filterVal == null) {
- throw new MarshalException("filter cannot be null");
- }
- XPathType.Filter filter = null;
- if (filterVal.equals("intersect")) {
- filter = XPathType.Filter.INTERSECT;
- } else if (filterVal.equals("subtract")) {
- filter = XPathType.Filter.SUBTRACT;
- } else if (filterVal.equals("union")) {
- filter = XPathType.Filter.UNION;
- } else {
- throw new MarshalException("Unknown XPathType filter type" +
- filterVal);
- }
- NamedNodeMap attributes = curXPathElem.getAttributes();
- if (attributes != null) {
- int length = attributes.getLength();
- Map<String, String> namespaceMap =
- new HashMap<String, String>(length);
- for (int i = 0; i < length; i++) {
- Attr attr = (Attr)attributes.item(i);
- String prefix = attr.getPrefix();
- if (prefix != null && prefix.equals("xmlns")) {
- namespaceMap.put(attr.getLocalName(), attr.getValue());
- }
- }
- list.add(new XPathType(xPath, filter, namespaceMap));
- } else {
- list.add(new XPathType(xPath, filter));
- }
-
- curXPathElem = DOMUtils.getNextSiblingElement(curXPathElem);
- }
- this.params = new XPathFilter2ParameterSpec(list);
- }
-
- public void marshalParams(XMLStructure parent, XMLCryptoContext context)
- throws MarshalException
- {
- super.marshalParams(parent, context);
- XPathFilter2ParameterSpec xp =
- (XPathFilter2ParameterSpec)getParameterSpec();
- String prefix = DOMUtils.getNSPrefix(context, Transform.XPATH2);
- String qname = (prefix == null || prefix.length() == 0)
- ? "xmlns" : "xmlns:" + prefix;
- @SuppressWarnings("unchecked")
- List<XPathType> xpathList = xp.getXPathList();
- for (XPathType xpathType : xpathList) {
- Element elem = DOMUtils.createElement(ownerDoc, "XPath",
- Transform.XPATH2, prefix);
- elem.appendChild
- (ownerDoc.createTextNode(xpathType.getExpression()));
- DOMUtils.setAttribute(elem, "Filter",
- xpathType.getFilter().toString());
- elem.setAttributeNS("http://www.w3.org/2000/xmlns/", qname,
- Transform.XPATH2);
-
- // add namespace attributes, if necessary
- @SuppressWarnings("unchecked")
- Set<Map.Entry<String, String>> entries =
- xpathType.getNamespaceMap().entrySet();
- for (Map.Entry<String, String> entry : entries) {
- elem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" +
- entry.getKey(),
- entry.getValue());
- }
-
- transformElem.appendChild(elem);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMXPathTransform.java 1203789 2011-11-18 18:46:07Z mullan $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
-import java.security.InvalidAlgorithmParameterException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-
-/**
- * DOM-based implementation of XPath Filtering Transform.
- * (Uses Apache XML-Sec Transform implementation)
- *
- * @author Sean Mullan
- */
-public final class DOMXPathTransform extends ApacheTransform {
-
- public void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params == null) {
- throw new InvalidAlgorithmParameterException("params are required");
- } else if (!(params instanceof XPathFilterParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("params must be of type XPathFilterParameterSpec");
- }
- this.params = params;
- }
-
- public void init(XMLStructure parent, XMLCryptoContext context)
- throws InvalidAlgorithmParameterException
- {
- super.init(parent, context);
- unmarshalParams(DOMUtils.getFirstChildElement(transformElem));
- }
-
- private void unmarshalParams(Element paramsElem) {
- String xPath = paramsElem.getFirstChild().getNodeValue();
- // create a Map of namespace prefixes
- NamedNodeMap attributes = paramsElem.getAttributes();
- if (attributes != null) {
- int length = attributes.getLength();
- Map<String, String> namespaceMap =
- new HashMap<String, String>(length);
- for (int i = 0; i < length; i++) {
- Attr attr = (Attr)attributes.item(i);
- String prefix = attr.getPrefix();
- if (prefix != null && prefix.equals("xmlns")) {
- namespaceMap.put(attr.getLocalName(), attr.getValue());
- }
- }
- this.params = new XPathFilterParameterSpec(xPath, namespaceMap);
- } else {
- this.params = new XPathFilterParameterSpec(xPath);
- }
- }
-
- public void marshalParams(XMLStructure parent, XMLCryptoContext context)
- throws MarshalException
- {
- super.marshalParams(parent, context);
- XPathFilterParameterSpec xp =
- (XPathFilterParameterSpec)getParameterSpec();
- Element xpathElem = DOMUtils.createElement(ownerDoc, "XPath",
- XMLSignature.XMLNS, DOMUtils.getSignaturePrefix(context));
- xpathElem.appendChild(ownerDoc.createTextNode(xp.getXPath()));
-
- // add namespace attributes, if necessary
- @SuppressWarnings("unchecked")
- Set<Map.Entry<String, String>> entries =
- xp.getNamespaceMap().entrySet();
- for (Map.Entry<String, String> entry : entries) {
- xpathElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" +
- entry.getKey(),
- entry.getValue());
- }
-
- transformElem.appendChild(xpathElem);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: DOMXSLTTransform.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.security.InvalidAlgorithmParameterException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-import javax.xml.crypto.dsig.spec.XSLTTransformParameterSpec;
-
-/**
- * DOM-based implementation of XSLT Transform.
- * (Uses Apache XML-Sec Transform implementation)
- *
- * @author Sean Mullan
- */
-public final class DOMXSLTTransform extends ApacheTransform {
-
- public void init(TransformParameterSpec params)
- throws InvalidAlgorithmParameterException {
- if (params == null) {
- throw new InvalidAlgorithmParameterException("params are required");
- }
- if (!(params instanceof XSLTTransformParameterSpec)) {
- throw new InvalidAlgorithmParameterException("unrecognized params");
- }
- this.params = params;
- }
-
- public void init(XMLStructure parent, XMLCryptoContext context)
- throws InvalidAlgorithmParameterException {
-
- super.init(parent, context);
- unmarshalParams(DOMUtils.getFirstChildElement(transformElem));
- }
-
- private void unmarshalParams(Element sheet) {
- this.params = new XSLTTransformParameterSpec
- (new javax.xml.crypto.dom.DOMStructure(sheet));
- }
-
- public void marshalParams(XMLStructure parent, XMLCryptoContext context)
- throws MarshalException {
- super.marshalParams(parent, context);
- XSLTTransformParameterSpec xp =
- (XSLTTransformParameterSpec) getParameterSpec();
- Node xsltElem =
- ((javax.xml.crypto.dom.DOMStructure) xp.getStylesheet()).getNode();
- DOMUtils.appendChild(transformElem, xsltElem);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: Utils.java 1197150 2011-11-03 14:34:57Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.IOException;
-import java.util.*;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-
-/**
- * Miscellaneous static utility methods for use in JSR 105 RI.
- *
- * @author Sean Mullan
- */
-public final class Utils {
-
- private Utils() {}
-
- public static byte[] readBytesFromStream(InputStream is)
- throws IOException
- {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- byte[] buf = new byte[1024];
- while (true) {
- int read = is.read(buf);
- if (read == -1) { // EOF
- break;
- }
- baos.write(buf, 0, read);
- if (read < 1024) {
- break;
- }
- }
- return baos.toByteArray();
- }
-
- /**
- * Converts an Iterator to a Set of Nodes, according to the XPath
- * Data Model.
- *
- * @param i the Iterator
- * @return the Set of Nodes
- */
- static Set<Node> toNodeSet(Iterator<Node> i) {
- Set<Node> nodeSet = new HashSet<Node>();
- while (i.hasNext()) {
- Node n = i.next();
- nodeSet.add(n);
- // insert attributes nodes to comply with XPath
- if (n.getNodeType() == Node.ELEMENT_NODE) {
- NamedNodeMap nnm = n.getAttributes();
- for (int j = 0, length = nnm.getLength(); j < length; j++) {
- nodeSet.add(nnm.item(j));
- }
- }
- }
- return nodeSet;
- }
-
- /**
- * Returns the ID from a same-document URI (ex: "#id")
- */
- public static String parseIdFromSameDocumentURI(String uri) {
- if (uri.length() == 0) {
- return null;
- }
- String id = uri.substring(1);
- if (id != null && id.startsWith("xpointer(id(")) {
- int i1 = id.indexOf('\'');
- int i2 = id.indexOf('\'', i1+1);
- id = id.substring(i1+1, i2);
- }
- return id;
- }
-
- /**
- * Returns true if uri is a same-document URI, false otherwise.
- */
- public static boolean sameDocumentURI(String uri) {
- return (uri != null && (uri.length() == 0 || uri.charAt(0) == '#'));
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * ===========================================================================
- *
- * (C) Copyright IBM Corp. 2003 All Rights Reserved.
- *
- * ===========================================================================
- */
-/*
- * Portions copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id: XMLDSigRI.java 1389948 2012-09-25 15:54:39Z coheigea $
- */
-package org.apache.jcp.xml.dsig.internal.dom;
-
-import java.util.*;
-import java.security.*;
-
-import javax.xml.crypto.dsig.*;
-
-/**
- * The XMLDSig RI Provider.
- *
- * @author Joyce Leung
- */
-
-/**
- * Defines the XMLDSigRI provider.
- */
-
-public final class XMLDSigRI extends Provider {
-
- static final long serialVersionUID = -5049765099299494554L;
-
- private static final String INFO = "Apache Santuario XMLDSig " +
- "(DOM XMLSignatureFactory; DOM KeyInfoFactory; " +
- "C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, " +
- "XPath2, XSLT TransformServices)";
-
- public XMLDSigRI() {
- /* We are the ApacheXMLDSig provider */
- super("ApacheXMLDSig", 1.53, INFO);
-
- final Map<Object, Object> map = new HashMap<Object, Object>();
- map.put("XMLSignatureFactory.DOM",
- "org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory");
- map.put("KeyInfoFactory.DOM",
- "org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory");
-
-
- // Inclusive C14N
- map.put("TransformService." + CanonicalizationMethod.INCLUSIVE,
- "org.apache.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod");
- map.put("Alg.Alias.TransformService.INCLUSIVE",
- CanonicalizationMethod.INCLUSIVE);
- map.put("TransformService." + CanonicalizationMethod.INCLUSIVE +
- " MechanismType", "DOM");
-
- // InclusiveWithComments C14N
- map.put("TransformService." +
- CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
- "org.apache.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod");
- map.put("Alg.Alias.TransformService.INCLUSIVE_WITH_COMMENTS",
- CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS);
- map.put("TransformService." +
- CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS +
- " MechanismType", "DOM");
-
- // Inclusive C14N 1.1
- map.put("TransformService.http://www.w3.org/2006/12/xml-c14n11",
- "org.apache.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14N11Method");
- map.put("TransformService.http://www.w3.org/2006/12/xml-c14n11" +
- " MechanismType", "DOM");
-
- // InclusiveWithComments C14N 1.1
- map.put("TransformService.http://www.w3.org/2006/12/xml-c14n11#WithComments",
- "org.apache.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14N11Method");
- map.put("TransformService.http://www.w3.org/2006/12/xml-c14n11#WithComments" +
- " MechanismType", "DOM");
-
- // Exclusive C14N
- map.put("TransformService." + CanonicalizationMethod.EXCLUSIVE,
- "org.apache.jcp.xml.dsig.internal.dom.DOMExcC14NMethod");
- map.put("Alg.Alias.TransformService.EXCLUSIVE",
- CanonicalizationMethod.EXCLUSIVE);
- map.put("TransformService." + CanonicalizationMethod.EXCLUSIVE +
- " MechanismType", "DOM");
-
- // ExclusiveWithComments C14N
- map.put("TransformService." +
- CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS,
- "org.apache.jcp.xml.dsig.internal.dom.DOMExcC14NMethod");
- map.put("Alg.Alias.TransformService.EXCLUSIVE_WITH_COMMENTS",
- CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS);
- map.put("TransformService." +
- CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS +
- " MechanismType", "DOM");
-
- // Base64 Transform
- map.put("TransformService." + Transform.BASE64,
- "org.apache.jcp.xml.dsig.internal.dom.DOMBase64Transform");
- map.put("Alg.Alias.TransformService.BASE64", Transform.BASE64);
- map.put("TransformService." + Transform.BASE64 +
- " MechanismType", "DOM");
-
- // Enveloped Transform
- map.put("TransformService." + Transform.ENVELOPED,
- "org.apache.jcp.xml.dsig.internal.dom.DOMEnvelopedTransform");
- map.put("Alg.Alias.TransformService.ENVELOPED", Transform.ENVELOPED);
- map.put("TransformService." + Transform.ENVELOPED +
- " MechanismType", "DOM");
-
- // XPath2 Transform
- map.put("TransformService." + Transform.XPATH2,
- "org.apache.jcp.xml.dsig.internal.dom.DOMXPathFilter2Transform");
- map.put("Alg.Alias.TransformService.XPATH2", Transform.XPATH2);
- map.put("TransformService." + Transform.XPATH2 +
- " MechanismType", "DOM");
-
- // XPath Transform
- map.put("TransformService." + Transform.XPATH,
- "org.apache.jcp.xml.dsig.internal.dom.DOMXPathTransform");
- map.put("Alg.Alias.TransformService.XPATH", Transform.XPATH);
- map.put("TransformService." + Transform.XPATH +
- " MechanismType", "DOM");
-
- // XSLT Transform
- map.put("TransformService." + Transform.XSLT,
- "org.apache.jcp.xml.dsig.internal.dom.DOMXSLTTransform");
- map.put("Alg.Alias.TransformService.XSLT", Transform.XSLT);
- map.put("TransformService." + Transform.XSLT + " MechanismType", "DOM");
-
- AccessController.doPrivileged(new PrivilegedAction<Void>() {
- public Void run() {
- putAll(map);
- return null;
- }
- });
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security;
-
-import java.io.InputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.apache.xml.security.algorithms.SignatureAlgorithm;
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.keys.keyresolver.KeyResolver;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.utils.ElementProxy;
-import org.apache.xml.security.utils.I18n;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolver;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-
-/**
- * This class does the configuration of the library. This includes creating
- * the mapping of Canonicalization and Transform algorithms. Initialization is
- * done by calling {@link Init#init} which should be done in any static block
- * of the files of this library. We ensure that this call is only executed once.
- */
-public class Init {
-
- /** The namespace for CONF file **/
- public static final String CONF_NS = "http://www.xmlsecurity.org/NS/#configuration";
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(Init.class);
-
- /** Field alreadyInitialized */
- private static boolean alreadyInitialized = false;
-
- /**
- * Method isInitialized
- * @return true if the library is already initialized.
- */
- public static synchronized final boolean isInitialized() {
- return Init.alreadyInitialized;
- }
-
- /**
- * Method init
- *
- */
- public static synchronized void init() {
- if (alreadyInitialized) {
- return;
- }
-
- InputStream is =
- AccessController.doPrivileged(
- new PrivilegedAction<InputStream>() {
- public InputStream run() {
- String cfile =
- System.getProperty("org.apache.xml.security.resource.config");
- if (cfile == null) {
- return null;
- }
- return getClass().getResourceAsStream(cfile);
- }
- });
- if (is == null) {
- dynamicInit();
- } else {
- fileInit(is);
- }
-
- alreadyInitialized = true;
- }
-
- /**
- * Dynamically initialise the library by registering the default algorithms/implementations
- */
- private static void dynamicInit() {
- //
- // Load the Resource Bundle - the default is the English resource bundle.
- // To load another resource bundle, call I18n.init(...) before calling this
- // method.
- //
- I18n.init("en", "US");
-
- if (log.isDebugEnabled()) {
- log.debug("Registering default algorithms");
- }
- try {
- //
- // Bind the default prefixes
- //
- ElementProxy.registerDefaultPrefixes();
-
- //
- // Set the default Transforms
- //
- Transform.registerDefaultAlgorithms();
-
- //
- // Set the default signature algorithms
- //
- SignatureAlgorithm.registerDefaultAlgorithms();
-
- //
- // Set the default JCE algorithms
- //
- JCEMapper.registerDefaultAlgorithms();
-
- //
- // Set the default c14n algorithms
- //
- Canonicalizer.registerDefaultAlgorithms();
-
- //
- // Register the default resolvers
- //
- ResourceResolver.registerDefaultResolvers();
-
- //
- // Register the default key resolvers
- //
- KeyResolver.registerDefaultResolvers();
- } catch (Exception ex) {
- log.error(ex);
- ex.printStackTrace();
- }
- }
-
- /**
- * Initialise the library from a configuration file
- */
- private static void fileInit(InputStream is) {
- try {
- /* read library configuration file */
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
- dbf.setNamespaceAware(true);
- dbf.setValidating(false);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
- Document doc = db.parse(is);
- Node config = doc.getFirstChild();
- for (; config != null; config = config.getNextSibling()) {
- if ("Configuration".equals(config.getLocalName())) {
- break;
- }
- }
- if (config == null) {
- log.error("Error in reading configuration file - Configuration element not found");
- return;
- }
- for (Node el = config.getFirstChild(); el != null; el = el.getNextSibling()) {
- if (Node.ELEMENT_NODE != el.getNodeType()) {
- continue;
- }
- String tag = el.getLocalName();
- if (tag.equals("ResourceBundles")) {
- Element resource = (Element)el;
- /* configure internationalization */
- Attr langAttr = resource.getAttributeNode("defaultLanguageCode");
- Attr countryAttr = resource.getAttributeNode("defaultCountryCode");
- String languageCode =
- (langAttr == null) ? null : langAttr.getNodeValue();
- String countryCode =
- (countryAttr == null) ? null : countryAttr.getNodeValue();
- I18n.init(languageCode, countryCode);
- }
-
- if (tag.equals("CanonicalizationMethods")) {
- Element[] list =
- XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "CanonicalizationMethod");
-
- for (int i = 0; i < list.length; i++) {
- String uri = list[i].getAttributeNS(null, "URI");
- String javaClass =
- list[i].getAttributeNS(null, "JAVACLASS");
- try {
- Canonicalizer.register(uri, javaClass);
- if (log.isDebugEnabled()) {
- log.debug("Canonicalizer.register(" + uri + ", " + javaClass + ")");
- }
- } catch (ClassNotFoundException e) {
- Object exArgs[] = { uri, javaClass };
- log.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
- }
- }
- }
-
- if (tag.equals("TransformAlgorithms")) {
- Element[] tranElem =
- XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "TransformAlgorithm");
-
- for (int i = 0; i < tranElem.length; i++) {
- String uri = tranElem[i].getAttributeNS(null, "URI");
- String javaClass =
- tranElem[i].getAttributeNS(null, "JAVACLASS");
- try {
- Transform.register(uri, javaClass);
- if (log.isDebugEnabled()) {
- log.debug("Transform.register(" + uri + ", " + javaClass + ")");
- }
- } catch (ClassNotFoundException e) {
- Object exArgs[] = { uri, javaClass };
-
- log.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
- } catch (NoClassDefFoundError ex) {
- log.warn("Not able to found dependencies for algorithm, I'll keep working.");
- }
- }
- }
-
- if ("JCEAlgorithmMappings".equals(tag)) {
- Node algorithmsNode = ((Element)el).getElementsByTagName("Algorithms").item(0);
- if (algorithmsNode != null) {
- Element[] algorithms =
- XMLUtils.selectNodes(algorithmsNode.getFirstChild(), CONF_NS, "Algorithm");
- for (int i = 0; i < algorithms.length; i++) {
- Element element = algorithms[i];
- String id = element.getAttribute("URI");
- JCEMapper.register(id, new JCEMapper.Algorithm(element));
- }
- }
- }
-
- if (tag.equals("SignatureAlgorithms")) {
- Element[] sigElems =
- XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "SignatureAlgorithm");
-
- for (int i = 0; i < sigElems.length; i++) {
- String uri = sigElems[i].getAttributeNS(null, "URI");
- String javaClass =
- sigElems[i].getAttributeNS(null, "JAVACLASS");
-
- /** $todo$ handle registering */
-
- try {
- SignatureAlgorithm.register(uri, javaClass);
- if (log.isDebugEnabled()) {
- log.debug("SignatureAlgorithm.register(" + uri + ", "
- + javaClass + ")");
- }
- } catch (ClassNotFoundException e) {
- Object exArgs[] = { uri, javaClass };
-
- log.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
- }
- }
- }
-
- if (tag.equals("ResourceResolvers")) {
- Element[]resolverElem =
- XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "Resolver");
-
- for (int i = 0; i < resolverElem.length; i++) {
- String javaClass =
- resolverElem[i].getAttributeNS(null, "JAVACLASS");
- String description =
- resolverElem[i].getAttributeNS(null, "DESCRIPTION");
-
- if ((description != null) && (description.length() > 0)) {
- if (log.isDebugEnabled()) {
- log.debug("Register Resolver: " + javaClass + ": "
- + description);
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug("Register Resolver: " + javaClass
- + ": For unknown purposes");
- }
- }
- try {
- ResourceResolver.register(javaClass);
- } catch (Throwable e) {
- log.warn(
- "Cannot register:" + javaClass
- + " perhaps some needed jars are not installed",
- e
- );
- }
- }
- }
-
- if (tag.equals("KeyResolver")){
- Element[] resolverElem =
- XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "Resolver");
- List<String> classNames = new ArrayList<String>(resolverElem.length);
- for (int i = 0; i < resolverElem.length; i++) {
- String javaClass =
- resolverElem[i].getAttributeNS(null, "JAVACLASS");
- String description =
- resolverElem[i].getAttributeNS(null, "DESCRIPTION");
-
- if ((description != null) && (description.length() > 0)) {
- if (log.isDebugEnabled()) {
- log.debug("Register Resolver: " + javaClass + ": "
- + description);
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug("Register Resolver: " + javaClass
- + ": For unknown purposes");
- }
- }
- classNames.add(javaClass);
- }
- KeyResolver.registerClassNames(classNames);
- }
-
-
- if (tag.equals("PrefixMappings")){
- if (log.isDebugEnabled()) {
- log.debug("Now I try to bind prefixes:");
- }
-
- Element[] nl =
- XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "PrefixMapping");
-
- for (int i = 0; i < nl.length; i++) {
- String namespace = nl[i].getAttributeNS(null, "namespace");
- String prefix = nl[i].getAttributeNS(null, "prefix");
- if (log.isDebugEnabled()) {
- log.debug("Now I try to bind " + prefix + " to " + namespace);
- }
- ElementProxy.setDefaultPrefix(namespace, prefix);
- }
- }
- }
- } catch (Exception e) {
- log.error("Bad: ", e);
- e.printStackTrace();
- }
- }
-
-}
-
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * The Algorithm class which stores the Algorithm URI as a string.
- */
-public abstract class Algorithm extends SignatureElementProxy {
-
- /**
- *
- * @param doc
- * @param algorithmURI is the URI of the algorithm as String
- */
- public Algorithm(Document doc, String algorithmURI) {
- super(doc);
-
- this.setAlgorithmURI(algorithmURI);
- }
-
- /**
- * Constructor Algorithm
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public Algorithm(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Method getAlgorithmURI
- *
- * @return The URI of the algorithm
- */
- public String getAlgorithmURI() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
- }
-
- /**
- * Sets the algorithm's URI as used in the signature.
- *
- * @param algorithmURI is the URI of the algorithm as String
- */
- protected void setAlgorithmURI(String algorithmURI) {
- if (algorithmURI != null) {
- this.constructionElement.setAttributeNS(
- null, Constants._ATT_ALGORITHM, algorithmURI
- );
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.signature.XMLSignature;
-import org.w3c.dom.Element;
-
-
-/**
- * This class maps algorithm identifier URIs to JAVA JCE class names.
- */
-public class JCEMapper {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(JCEMapper.class);
-
- private static Map<String, Algorithm> algorithmsMap =
- new ConcurrentHashMap<String, Algorithm>();
-
- private static String providerName = null;
-
- /**
- * Method register
- *
- * @param id
- * @param algorithm
- */
- public static void register(String id, Algorithm algorithm) {
- algorithmsMap.put(id, algorithm);
- }
-
- /**
- * This method registers the default algorithms.
- */
- public static void registerDefaultAlgorithms() {
- algorithmsMap.put(
- MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5,
- new Algorithm("", "MD5", "MessageDigest")
- );
- algorithmsMap.put(
- MessageDigestAlgorithm.ALGO_ID_DIGEST_RIPEMD160,
- new Algorithm("", "RIPEMD160", "MessageDigest")
- );
- algorithmsMap.put(
- MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1,
- new Algorithm("", "SHA-1", "MessageDigest")
- );
- algorithmsMap.put(
- MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256,
- new Algorithm("", "SHA-256", "MessageDigest")
- );
- algorithmsMap.put(
- MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA384,
- new Algorithm("", "SHA-384", "MessageDigest")
- );
- algorithmsMap.put(
- MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512,
- new Algorithm("", "SHA-512", "MessageDigest")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_DSA,
- new Algorithm("", "SHA1withDSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5,
- new Algorithm("", "MD5withRSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160,
- new Algorithm("", "RIPEMD160withRSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
- new Algorithm("", "SHA1withRSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256,
- new Algorithm("", "SHA256withRSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384,
- new Algorithm("", "SHA384withRSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512,
- new Algorithm("", "SHA512withRSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1,
- new Algorithm("", "SHA1withECDSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256,
- new Algorithm("", "SHA256withECDSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384,
- new Algorithm("", "SHA384withECDSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
- new Algorithm("", "SHA512withECDSA", "Signature")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
- new Algorithm("", "HmacMD5", "Mac")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160,
- new Algorithm("", "HMACRIPEMD160", "Mac")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
- new Algorithm("", "HmacSHA1", "Mac")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_MAC_HMAC_SHA256,
- new Algorithm("", "HmacSHA256", "Mac")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_MAC_HMAC_SHA384,
- new Algorithm("", "HmacSHA384", "Mac")
- );
- algorithmsMap.put(
- XMLSignature.ALGO_ID_MAC_HMAC_SHA512,
- new Algorithm("", "HmacSHA512", "Mac")
- );
- algorithmsMap.put(
- XMLCipher.TRIPLEDES,
- new Algorithm("DESede", "DESede/CBC/ISO10126Padding", "BlockEncryption", 192)
- );
- algorithmsMap.put(
- XMLCipher.AES_128,
- new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 128)
- );
- algorithmsMap.put(
- XMLCipher.AES_192,
- new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 192)
- );
- algorithmsMap.put(
- XMLCipher.AES_256,
- new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 256)
- );
- algorithmsMap.put(
- XMLCipher.AES_128_GCM,
- new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 128)
- );
- algorithmsMap.put(
- XMLCipher.AES_192_GCM,
- new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 192)
- );
- algorithmsMap.put(
- XMLCipher.AES_256_GCM,
- new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 256)
- );
- algorithmsMap.put(
- XMLCipher.RSA_v1dot5,
- new Algorithm("RSA", "RSA/ECB/PKCS1Padding", "KeyTransport")
- );
- algorithmsMap.put(
- XMLCipher.RSA_OAEP,
- new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
- );
- algorithmsMap.put(
- XMLCipher.RSA_OAEP_11,
- new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
- );
- algorithmsMap.put(
- XMLCipher.DIFFIE_HELLMAN,
- new Algorithm("", "", "KeyAgreement")
- );
- algorithmsMap.put(
- XMLCipher.TRIPLEDES_KeyWrap,
- new Algorithm("DESede", "DESedeWrap", "SymmetricKeyWrap", 192)
- );
- algorithmsMap.put(
- XMLCipher.AES_128_KeyWrap,
- new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 128)
- );
- algorithmsMap.put(
- XMLCipher.AES_192_KeyWrap,
- new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 192)
- );
- algorithmsMap.put(
- XMLCipher.AES_256_KeyWrap,
- new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 256)
- );
- }
-
- /**
- * Method translateURItoJCEID
- *
- * @param algorithmURI
- * @return the JCE standard name corresponding to the given URI
- */
- public static String translateURItoJCEID(String algorithmURI) {
- if (log.isDebugEnabled()) {
- log.debug("Request for URI " + algorithmURI);
- }
-
- Algorithm algorithm = algorithmsMap.get(algorithmURI);
- if (algorithm != null) {
- return algorithm.jceName;
- }
- return null;
- }
-
- /**
- * Method getAlgorithmClassFromURI
- * @param algorithmURI
- * @return the class name that implements this algorithm
- */
- public static String getAlgorithmClassFromURI(String algorithmURI) {
- if (log.isDebugEnabled()) {
- log.debug("Request for URI " + algorithmURI);
- }
-
- Algorithm algorithm = algorithmsMap.get(algorithmURI);
- if (algorithm != null) {
- return algorithm.algorithmClass;
- }
- return null;
- }
-
- /**
- * Returns the keylength in bits for a particular algorithm.
- *
- * @param algorithmURI
- * @return The length of the key used in the algorithm
- */
- public static int getKeyLengthFromURI(String algorithmURI) {
- if (log.isDebugEnabled()) {
- log.debug("Request for URI " + algorithmURI);
- }
- Algorithm algorithm = algorithmsMap.get(algorithmURI);
- if (algorithm != null) {
- return algorithm.keyLength;
- }
- return 0;
- }
-
- /**
- * Method getJCEKeyAlgorithmFromURI
- *
- * @param algorithmURI
- * @return The KeyAlgorithm for the given URI.
- */
- public static String getJCEKeyAlgorithmFromURI(String algorithmURI) {
- if (log.isDebugEnabled()) {
- log.debug("Request for URI " + algorithmURI);
- }
- Algorithm algorithm = algorithmsMap.get(algorithmURI);
- if (algorithm != null) {
- return algorithm.requiredKey;
- }
- return null;
- }
-
- /**
- * Gets the default Provider for obtaining the security algorithms
- * @return the default providerId.
- */
- public static String getProviderId() {
- return providerName;
- }
-
- /**
- * Sets the default Provider for obtaining the security algorithms
- * @param provider the default providerId.
- */
- public static void setProviderId(String provider) {
- providerName = provider;
- }
-
- /**
- * Represents the Algorithm xml element
- */
- public static class Algorithm {
-
- final String requiredKey;
- final String jceName;
- final String algorithmClass;
- final int keyLength;
-
- /**
- * Gets data from element
- * @param el
- */
- public Algorithm(Element el) {
- requiredKey = el.getAttribute("RequiredKey");
- jceName = el.getAttribute("JCEName");
- algorithmClass = el.getAttribute("AlgorithmClass");
- if (el.hasAttribute("KeyLength")) {
- keyLength = Integer.parseInt(el.getAttribute("KeyLength"));
- } else {
- keyLength = 0;
- }
- }
-
- public Algorithm(String requiredKey, String jceName) {
- this(requiredKey, jceName, null, 0);
- }
-
- public Algorithm(String requiredKey, String jceName, String algorithmClass) {
- this(requiredKey, jceName, algorithmClass, 0);
- }
-
- public Algorithm(String requiredKey, String jceName, int keyLength) {
- this(requiredKey, jceName, null, keyLength);
- }
-
- public Algorithm(String requiredKey, String jceName, String algorithmClass, int keyLength) {
- this.requiredKey = requiredKey;
- this.jceName = jceName;
- this.algorithmClass = algorithmClass;
- this.keyLength = keyLength;
- }
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms;
-
-import java.security.MessageDigest;
-import java.security.NoSuchProviderException;
-
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.EncryptionConstants;
-import org.w3c.dom.Document;
-
-/**
- * Digest Message wrapper & selector class.
- *
- * <pre>
- * MessageDigestAlgorithm.getInstance()
- * </pre>
- */
-public class MessageDigestAlgorithm extends Algorithm {
-
- /** Message Digest - NOT RECOMMENDED MD5*/
- public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 =
- Constants.MoreAlgorithmsSpecNS + "md5";
- /** Digest - Required SHA1*/
- public static final String ALGO_ID_DIGEST_SHA1 = Constants.SignatureSpecNS + "sha1";
- /** Message Digest - RECOMMENDED SHA256*/
- public static final String ALGO_ID_DIGEST_SHA256 =
- EncryptionConstants.EncryptionSpecNS + "sha256";
- /** Message Digest - OPTIONAL SHA384*/
- public static final String ALGO_ID_DIGEST_SHA384 =
- Constants.MoreAlgorithmsSpecNS + "sha384";
- /** Message Digest - OPTIONAL SHA512*/
- public static final String ALGO_ID_DIGEST_SHA512 =
- EncryptionConstants.EncryptionSpecNS + "sha512";
- /** Message Digest - OPTIONAL RIPEMD-160*/
- public static final String ALGO_ID_DIGEST_RIPEMD160 =
- EncryptionConstants.EncryptionSpecNS + "ripemd160";
-
- /** Field algorithm stores the actual {@link java.security.MessageDigest} */
- private final MessageDigest algorithm;
-
- /**
- * Constructor for the brave who pass their own message digest algorithms and the
- * corresponding URI.
- * @param doc
- * @param algorithmURI
- */
- private MessageDigestAlgorithm(Document doc, String algorithmURI)
- throws XMLSignatureException {
- super(doc, algorithmURI);
-
- algorithm = getDigestInstance(algorithmURI);
- }
-
- /**
- * Factory method for constructing a message digest algorithm by name.
- *
- * @param doc
- * @param algorithmURI
- * @return The MessageDigestAlgorithm element to attach in document and to digest
- * @throws XMLSignatureException
- */
- public static MessageDigestAlgorithm getInstance(
- Document doc, String algorithmURI
- ) throws XMLSignatureException {
- return new MessageDigestAlgorithm(doc, algorithmURI);
- }
-
- private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
- String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
-
- if (algorithmID == null) {
- Object[] exArgs = { algorithmURI };
- throw new XMLSignatureException("algorithms.NoSuchMap", exArgs);
- }
-
- MessageDigest md;
- String provider = JCEMapper.getProviderId();
- try {
- if (provider == null) {
- md = MessageDigest.getInstance(algorithmID);
- } else {
- md = MessageDigest.getInstance(algorithmID, provider);
- }
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- } catch (NoSuchProviderException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- }
-
- return md;
- }
-
- /**
- * Returns the actual {@link java.security.MessageDigest} algorithm object
- *
- * @return the actual {@link java.security.MessageDigest} algorithm object
- */
- public java.security.MessageDigest getAlgorithm() {
- return algorithm;
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#isEqual}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @param digesta
- * @param digestb
- * @return the result of the {@link java.security.MessageDigest#isEqual} method
- */
- public static boolean isEqual(byte[] digesta, byte[] digestb) {
- return java.security.MessageDigest.isEqual(digesta, digestb);
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#digest()}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @return the result of the {@link java.security.MessageDigest#digest()} method
- */
- public byte[] digest() {
- return algorithm.digest();
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#digest(byte[])}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @param input
- * @return the result of the {@link java.security.MessageDigest#digest(byte[])} method
- */
- public byte[] digest(byte input[]) {
- return algorithm.digest(input);
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#digest(byte[], int, int)}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @param buf
- * @param offset
- * @param len
- * @return the result of the {@link java.security.MessageDigest#digest(byte[], int, int)} method
- * @throws java.security.DigestException
- */
- public int digest(byte buf[], int offset, int len) throws java.security.DigestException {
- return algorithm.digest(buf, offset, len);
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#getAlgorithm}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @return the result of the {@link java.security.MessageDigest#getAlgorithm} method
- */
- public String getJCEAlgorithmString() {
- return algorithm.getAlgorithm();
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#getProvider}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @return the result of the {@link java.security.MessageDigest#getProvider} method
- */
- public java.security.Provider getJCEProvider() {
- return algorithm.getProvider();
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#getDigestLength}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @return the result of the {@link java.security.MessageDigest#getDigestLength} method
- */
- public int getDigestLength() {
- return algorithm.getDigestLength();
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#reset}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- */
- public void reset() {
- algorithm.reset();
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#update(byte[])}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @param input
- */
- public void update(byte[] input) {
- algorithm.update(input);
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#update(byte)}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @param input
- */
- public void update(byte input) {
- algorithm.update(input);
- }
-
- /**
- * Proxy method for {@link java.security.MessageDigest#update(byte[], int, int)}
- * which is executed on the internal {@link java.security.MessageDigest} object.
- *
- * @param buf
- * @param offset
- * @param len
- */
- public void update(byte buf[], int offset, int len) {
- algorithm.update(buf, offset, len);
- }
-
- /** @inheritDoc */
- public String getBaseNamespace() {
- return Constants.SignatureSpecNS;
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_DIGESTMETHOD;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms;
-
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.xml.security.algorithms.implementations.IntegrityHmac;
-import org.apache.xml.security.algorithms.implementations.SignatureBaseRSA;
-import org.apache.xml.security.algorithms.implementations.SignatureDSA;
-import org.apache.xml.security.algorithms.implementations.SignatureECDSA;
-import org.apache.xml.security.exceptions.AlgorithmAlreadyRegisteredException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignature;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.utils.ClassLoaderUtils;
-import org.apache.xml.security.utils.Constants;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Allows selection of digital signature's algorithm, private keys, other
- * security parameters, and algorithm's ID.
- *
- * @author Christian Geuer-Pollmann
- */
-public class SignatureAlgorithm extends Algorithm {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SignatureAlgorithm.class);
-
- /** All available algorithm classes are registered here */
- private static Map<String, Class<? extends SignatureAlgorithmSpi>> algorithmHash =
- new ConcurrentHashMap<String, Class<? extends SignatureAlgorithmSpi>>();
-
- /** Field signatureAlgorithm */
- private final SignatureAlgorithmSpi signatureAlgorithm;
-
- private final String algorithmURI;
-
- /**
- * Constructor SignatureAlgorithm
- *
- * @param doc
- * @param algorithmURI
- * @throws XMLSecurityException
- */
- public SignatureAlgorithm(Document doc, String algorithmURI) throws XMLSecurityException {
- super(doc, algorithmURI);
- this.algorithmURI = algorithmURI;
-
- signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
- signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
- }
-
- /**
- * Constructor SignatureAlgorithm
- *
- * @param doc
- * @param algorithmURI
- * @param hmacOutputLength
- * @throws XMLSecurityException
- */
- public SignatureAlgorithm(
- Document doc, String algorithmURI, int hmacOutputLength
- ) throws XMLSecurityException {
- super(doc, algorithmURI);
- this.algorithmURI = algorithmURI;
-
- signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
- signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
-
- signatureAlgorithm.engineSetHMACOutputLength(hmacOutputLength);
- ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(constructionElement);
- }
-
- /**
- * Constructor SignatureAlgorithm
- *
- * @param element
- * @param baseURI
- * @throws XMLSecurityException
- */
- public SignatureAlgorithm(Element element, String baseURI) throws XMLSecurityException {
- this(element, baseURI, false);
- }
-
- /**
- * Constructor SignatureAlgorithm
- *
- * @param element
- * @param baseURI
- * @param secureValidation
- * @throws XMLSecurityException
- */
- public SignatureAlgorithm(
- Element element, String baseURI, boolean secureValidation
- ) throws XMLSecurityException {
- super(element, baseURI);
- algorithmURI = this.getURI();
-
- Attr attr = element.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- element.setIdAttributeNode(attr, true);
- }
-
- if (secureValidation && (XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(algorithmURI)
- || XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5.equals(algorithmURI))) {
- Object exArgs[] = { algorithmURI };
-
- throw new XMLSecurityException("signature.signatureAlgorithm", exArgs);
- }
-
- signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
- signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
- }
-
- /**
- * Get a SignatureAlgorithmSpi object corresponding to the algorithmURI argument
- */
- private static SignatureAlgorithmSpi getSignatureAlgorithmSpi(String algorithmURI)
- throws XMLSignatureException {
- try {
- Class<? extends SignatureAlgorithmSpi> implementingClass =
- algorithmHash.get(algorithmURI);
- if (log.isDebugEnabled()) {
- log.debug("Create URI \"" + algorithmURI + "\" class \""
- + implementingClass + "\"");
- }
- return implementingClass.newInstance();
- } catch (IllegalAccessException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
- } catch (InstantiationException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
- } catch (NullPointerException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
- }
- }
-
-
- /**
- * Proxy method for {@link java.security.Signature#sign()}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @return the result of the {@link java.security.Signature#sign()} method
- * @throws XMLSignatureException
- */
- public byte[] sign() throws XMLSignatureException {
- return signatureAlgorithm.engineSign();
- }
-
- /**
- * Proxy method for {@link java.security.Signature#getAlgorithm}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @return the result of the {@link java.security.Signature#getAlgorithm} method
- */
- public String getJCEAlgorithmString() {
- return signatureAlgorithm.engineGetJCEAlgorithmString();
- }
-
- /**
- * Method getJCEProviderName
- *
- * @return The Provider of this Signature Algorithm
- */
- public String getJCEProviderName() {
- return signatureAlgorithm.engineGetJCEProviderName();
- }
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte[])}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param input
- * @throws XMLSignatureException
- */
- public void update(byte[] input) throws XMLSignatureException {
- signatureAlgorithm.engineUpdate(input);
- }
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param input
- * @throws XMLSignatureException
- */
- public void update(byte input) throws XMLSignatureException {
- signatureAlgorithm.engineUpdate(input);
- }
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param buf
- * @param offset
- * @param len
- * @throws XMLSignatureException
- */
- public void update(byte buf[], int offset, int len) throws XMLSignatureException {
- signatureAlgorithm.engineUpdate(buf, offset, len);
- }
-
- /**
- * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param signingKey
- * @throws XMLSignatureException
- */
- public void initSign(Key signingKey) throws XMLSignatureException {
- signatureAlgorithm.engineInitSign(signingKey);
- }
-
- /**
- * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey,
- * java.security.SecureRandom)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param signingKey
- * @param secureRandom
- * @throws XMLSignatureException
- */
- public void initSign(Key signingKey, SecureRandom secureRandom) throws XMLSignatureException {
- signatureAlgorithm.engineInitSign(signingKey, secureRandom);
- }
-
- /**
- * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param signingKey
- * @param algorithmParameterSpec
- * @throws XMLSignatureException
- */
- public void initSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
- ) throws XMLSignatureException {
- signatureAlgorithm.engineInitSign(signingKey, algorithmParameterSpec);
- }
-
- /**
- * Proxy method for {@link java.security.Signature#setParameter(
- * java.security.spec.AlgorithmParameterSpec)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param params
- * @throws XMLSignatureException
- */
- public void setParameter(AlgorithmParameterSpec params) throws XMLSignatureException {
- signatureAlgorithm.engineSetParameter(params);
- }
-
- /**
- * Proxy method for {@link java.security.Signature#initVerify(java.security.PublicKey)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param verificationKey
- * @throws XMLSignatureException
- */
- public void initVerify(Key verificationKey) throws XMLSignatureException {
- signatureAlgorithm.engineInitVerify(verificationKey);
- }
-
- /**
- * Proxy method for {@link java.security.Signature#verify(byte[])}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param signature
- * @return true if if the signature is valid.
- *
- * @throws XMLSignatureException
- */
- public boolean verify(byte[] signature) throws XMLSignatureException {
- return signatureAlgorithm.engineVerify(signature);
- }
-
- /**
- * Returns the URI representation of Transformation algorithm
- *
- * @return the URI representation of Transformation algorithm
- */
- public final String getURI() {
- return constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
- }
-
- /**
- * Registers implementing class of the Transform algorithm with algorithmURI
- *
- * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
- * @param implementingClass <code>implementingClass</code> the implementing class of
- * {@link SignatureAlgorithmSpi}
- * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
- * @throws XMLSignatureException
- */
- @SuppressWarnings("unchecked")
- public static void register(String algorithmURI, String implementingClass)
- throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
- XMLSignatureException {
- if (log.isDebugEnabled()) {
- log.debug("Try to register " + algorithmURI + " " + implementingClass);
- }
-
- // are we already registered?
- Class<? extends SignatureAlgorithmSpi> registeredClass = algorithmHash.get(algorithmURI);
- if (registeredClass != null) {
- Object exArgs[] = { algorithmURI, registeredClass };
- throw new AlgorithmAlreadyRegisteredException(
- "algorithm.alreadyRegistered", exArgs
- );
- }
- try {
- Class<? extends SignatureAlgorithmSpi> clazz =
- (Class<? extends SignatureAlgorithmSpi>)
- ClassLoaderUtils.loadClass(implementingClass, SignatureAlgorithm.class);
- algorithmHash.put(algorithmURI, clazz);
- } catch (NullPointerException ex) {
- Object exArgs[] = { algorithmURI, ex.getMessage() };
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
- }
- }
-
- /**
- * Registers implementing class of the Transform algorithm with algorithmURI
- *
- * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
- * @param implementingClass <code>implementingClass</code> the implementing class of
- * {@link SignatureAlgorithmSpi}
- * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
- * @throws XMLSignatureException
- */
- public static void register(String algorithmURI, Class<? extends SignatureAlgorithmSpi> implementingClass)
- throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
- XMLSignatureException {
- if (log.isDebugEnabled()) {
- log.debug("Try to register " + algorithmURI + " " + implementingClass);
- }
-
- // are we already registered?
- Class<? extends SignatureAlgorithmSpi> registeredClass = algorithmHash.get(algorithmURI);
- if (registeredClass != null) {
- Object exArgs[] = { algorithmURI, registeredClass };
- throw new AlgorithmAlreadyRegisteredException(
- "algorithm.alreadyRegistered", exArgs
- );
- }
- algorithmHash.put(algorithmURI, implementingClass);
- }
-
- /**
- * This method registers the default algorithms.
- */
- public static void registerDefaultAlgorithms() {
- algorithmHash.put(SignatureDSA.URI, SignatureDSA.class);
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, SignatureBaseRSA.SignatureRSASHA1.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_MAC_HMAC_SHA1, IntegrityHmac.IntegrityHmacSHA1.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5,
- SignatureBaseRSA.SignatureRSAMD5.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160,
- SignatureBaseRSA.SignatureRSARIPEMD160.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256, SignatureBaseRSA.SignatureRSASHA256.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384, SignatureBaseRSA.SignatureRSASHA384.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512, SignatureBaseRSA.SignatureRSASHA512.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureECDSA.SignatureECDSASHA256.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384, SignatureECDSA.SignatureECDSASHA384.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160, IntegrityHmac.IntegrityHmacRIPEMD160.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_MAC_HMAC_SHA256, IntegrityHmac.IntegrityHmacSHA256.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_MAC_HMAC_SHA384, IntegrityHmac.IntegrityHmacSHA384.class
- );
- algorithmHash.put(
- XMLSignature.ALGO_ID_MAC_HMAC_SHA512, IntegrityHmac.IntegrityHmacSHA512.class
- );
- }
-
- /**
- * Method getBaseNamespace
- *
- * @return URI of this element
- */
- public String getBaseNamespace() {
- return Constants.SignatureSpecNS;
- }
-
- /**
- * Method getBaseLocalName
- *
- * @return Local name
- */
- public String getBaseLocalName() {
- return Constants._TAG_SIGNATUREMETHOD;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms;
-
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.w3c.dom.Element;
-
-public abstract class SignatureAlgorithmSpi {
-
- /**
- * Returns the URI representation of <code>Transformation algorithm</code>
- *
- * @return the URI representation of <code>Transformation algorithm</code>
- */
- protected abstract String engineGetURI();
-
- /**
- * Proxy method for {@link java.security.Signature#getAlgorithm}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @return the result of the {@link java.security.Signature#getAlgorithm} method
- */
- protected abstract String engineGetJCEAlgorithmString();
-
- /**
- * Method engineGetJCEProviderName
- *
- * @return the JCE ProviderName
- */
- protected abstract String engineGetJCEProviderName();
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte[])}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param input
- * @throws XMLSignatureException
- */
- protected abstract void engineUpdate(byte[] input) throws XMLSignatureException;
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte[])}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param input
- * @throws XMLSignatureException
- */
- protected abstract void engineUpdate(byte input) throws XMLSignatureException;
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param buf
- * @param offset
- * @param len
- * @throws XMLSignatureException
- */
- protected abstract void engineUpdate(byte buf[], int offset, int len)
- throws XMLSignatureException;
-
- /**
- * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param signingKey
- * @throws XMLSignatureException if this method is called on a MAC
- */
- protected abstract void engineInitSign(Key signingKey) throws XMLSignatureException;
-
- /**
- * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey,
- * java.security.SecureRandom)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param signingKey
- * @param secureRandom
- * @throws XMLSignatureException if this method is called on a MAC
- */
- protected abstract void engineInitSign(Key signingKey, SecureRandom secureRandom)
- throws XMLSignatureException;
-
- /**
- * Proxy method for {@link javax.crypto.Mac}
- * which is executed on the internal {@link javax.crypto.Mac#init(Key)} object.
- *
- * @param signingKey
- * @param algorithmParameterSpec
- * @throws XMLSignatureException if this method is called on a Signature
- */
- protected abstract void engineInitSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
- ) throws XMLSignatureException;
-
- /**
- * Proxy method for {@link java.security.Signature#sign()}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @return the result of the {@link java.security.Signature#sign()} method
- * @throws XMLSignatureException
- */
- protected abstract byte[] engineSign() throws XMLSignatureException;
-
- /**
- * Method engineInitVerify
- *
- * @param verificationKey
- * @throws XMLSignatureException
- */
- protected abstract void engineInitVerify(Key verificationKey) throws XMLSignatureException;
-
- /**
- * Proxy method for {@link java.security.Signature#verify(byte[])}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param signature
- * @return true if the signature is correct
- * @throws XMLSignatureException
- */
- protected abstract boolean engineVerify(byte[] signature) throws XMLSignatureException;
-
- /**
- * Proxy method for {@link java.security.Signature#setParameter(
- * java.security.spec.AlgorithmParameterSpec)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param params
- * @throws XMLSignatureException
- */
- protected abstract void engineSetParameter(AlgorithmParameterSpec params)
- throws XMLSignatureException;
-
-
- /**
- * Method engineGetContextFromElement
- *
- * @param element
- */
- protected void engineGetContextFromElement(Element element) {
- }
-
- /**
- * Method engineSetHMACOutputLength
- *
- * @param HMACOutputLength
- * @throws XMLSignatureException
- */
- protected abstract void engineSetHMACOutputLength(int HMACOutputLength)
- throws XMLSignatureException;
-
- public void reset() {
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms.implementations;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
-import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
-import org.apache.xml.security.signature.XMLSignature;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Text;
-
-public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(IntegrityHmac.class);
-
- /** Field macAlgorithm */
- private Mac macAlgorithm = null;
-
- /** Field HMACOutputLength */
- private int HMACOutputLength = 0;
- private boolean HMACOutputLengthSet = false;
-
- /**
- * Method engineGetURI
- *
- *@inheritDoc
- */
- public abstract String engineGetURI();
-
- /**
- * Returns the output length of the hash/digest.
- */
- abstract int getDigestLength();
-
- /**
- * Method IntegrityHmac
- *
- * @throws XMLSignatureException
- */
- public IntegrityHmac() throws XMLSignatureException {
- String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
- if (log.isDebugEnabled()) {
- log.debug("Created IntegrityHmacSHA1 using " + algorithmID);
- }
-
- try {
- this.macAlgorithm = Mac.getInstance(algorithmID);
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- }
- }
-
- /**
- * Proxy method for {@link java.security.Signature#setParameter(
- * java.security.spec.AlgorithmParameterSpec)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param params
- * @throws XMLSignatureException
- */
- protected void engineSetParameter(AlgorithmParameterSpec params) throws XMLSignatureException {
- throw new XMLSignatureException("empty");
- }
-
- public void reset() {
- HMACOutputLength = 0;
- HMACOutputLengthSet = false;
- this.macAlgorithm.reset();
- }
-
- /**
- * Proxy method for {@link java.security.Signature#verify(byte[])}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param signature
- * @return true if the signature is correct
- * @throws XMLSignatureException
- */
- protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
- try {
- if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
- if (log.isDebugEnabled()) {
- log.debug("HMACOutputLength must not be less than " + getDigestLength());
- }
- Object[] exArgs = { String.valueOf(getDigestLength()) };
- throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
- } else {
- byte[] completeResult = this.macAlgorithm.doFinal();
- return MessageDigestAlgorithm.isEqual(completeResult, signature);
- }
- } catch (IllegalStateException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Proxy method for {@link java.security.Signature#initVerify(java.security.PublicKey)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param secretKey
- * @throws XMLSignatureException
- */
- protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
- if (!(secretKey instanceof SecretKey)) {
- String supplied = secretKey.getClass().getName();
- String needed = SecretKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.macAlgorithm.init(secretKey);
- } catch (InvalidKeyException ex) {
- // reinstantiate Mac object to work around bug in JDK
- // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
- Mac mac = this.macAlgorithm;
- try {
- this.macAlgorithm = Mac.getInstance(macAlgorithm.getAlgorithm());
- } catch (Exception e) {
- // this shouldn't occur, but if it does, restore previous Mac
- if (log.isDebugEnabled()) {
- log.debug("Exception when reinstantiating Mac:" + e);
- }
- this.macAlgorithm = mac;
- }
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Proxy method for {@link java.security.Signature#sign()}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @return the result of the {@link java.security.Signature#sign()} method
- * @throws XMLSignatureException
- */
- protected byte[] engineSign() throws XMLSignatureException {
- try {
- if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
- if (log.isDebugEnabled()) {
- log.debug("HMACOutputLength must not be less than " + getDigestLength());
- }
- Object[] exArgs = { String.valueOf(getDigestLength()) };
- throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
- } else {
- return this.macAlgorithm.doFinal();
- }
- } catch (IllegalStateException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Method engineInitSign
- *
- * @param secretKey
- * @throws XMLSignatureException
- */
- protected void engineInitSign(Key secretKey) throws XMLSignatureException {
- if (!(secretKey instanceof SecretKey)) {
- String supplied = secretKey.getClass().getName();
- String needed = SecretKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.macAlgorithm.init(secretKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Method engineInitSign
- *
- * @param secretKey
- * @param algorithmParameterSpec
- * @throws XMLSignatureException
- */
- protected void engineInitSign(
- Key secretKey, AlgorithmParameterSpec algorithmParameterSpec
- ) throws XMLSignatureException {
- if (!(secretKey instanceof SecretKey)) {
- String supplied = secretKey.getClass().getName();
- String needed = SecretKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.macAlgorithm.init(secretKey, algorithmParameterSpec);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (InvalidAlgorithmParameterException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Method engineInitSign
- *
- * @param secretKey
- * @param secureRandom
- * @throws XMLSignatureException
- */
- protected void engineInitSign(Key secretKey, SecureRandom secureRandom)
- throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.CannotUseSecureRandomOnMAC");
- }
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte[])}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param input
- * @throws XMLSignatureException
- */
- protected void engineUpdate(byte[] input) throws XMLSignatureException {
- try {
- this.macAlgorithm.update(input);
- } catch (IllegalStateException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param input
- * @throws XMLSignatureException
- */
- protected void engineUpdate(byte input) throws XMLSignatureException {
- try {
- this.macAlgorithm.update(input);
- } catch (IllegalStateException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
- * which is executed on the internal {@link java.security.Signature} object.
- *
- * @param buf
- * @param offset
- * @param len
- * @throws XMLSignatureException
- */
- protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
- try {
- this.macAlgorithm.update(buf, offset, len);
- } catch (IllegalStateException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Method engineGetJCEAlgorithmString
- * @inheritDoc
- *
- */
- protected String engineGetJCEAlgorithmString() {
- return this.macAlgorithm.getAlgorithm();
- }
-
- /**
- * Method engineGetJCEAlgorithmString
- *
- * @inheritDoc
- */
- protected String engineGetJCEProviderName() {
- return this.macAlgorithm.getProvider().getName();
- }
-
- /**
- * Method engineSetHMACOutputLength
- *
- * @param HMACOutputLength
- */
- protected void engineSetHMACOutputLength(int HMACOutputLength) {
- this.HMACOutputLength = HMACOutputLength;
- this.HMACOutputLengthSet = true;
- }
-
- /**
- * Method engineGetContextFromElement
- *
- * @param element
- */
- protected void engineGetContextFromElement(Element element) {
- super.engineGetContextFromElement(element);
-
- if (element == null) {
- throw new IllegalArgumentException("element null");
- }
-
- Text hmaclength =
- XMLUtils.selectDsNodeText(element.getFirstChild(), Constants._TAG_HMACOUTPUTLENGTH, 0);
-
- if (hmaclength != null) {
- this.HMACOutputLength = Integer.parseInt(hmaclength.getData());
- this.HMACOutputLengthSet = true;
- }
- }
-
- /**
- * Method engineAddContextToElement
- *
- * @param element
- */
- public void engineAddContextToElement(Element element) {
- if (element == null) {
- throw new IllegalArgumentException("null element");
- }
-
- if (this.HMACOutputLengthSet) {
- Document doc = element.getOwnerDocument();
- Element HMElem =
- XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_HMACOUTPUTLENGTH);
- Text HMText =
- doc.createTextNode(Integer.valueOf(this.HMACOutputLength).toString());
-
- HMElem.appendChild(HMText);
- XMLUtils.addReturnToElement(element);
- element.appendChild(HMElem);
- XMLUtils.addReturnToElement(element);
- }
- }
-
- /**
- * Class IntegrityHmacSHA1
- */
- public static class IntegrityHmacSHA1 extends IntegrityHmac {
-
- /**
- * Constructor IntegrityHmacSHA1
- *
- * @throws XMLSignatureException
- */
- public IntegrityHmacSHA1() throws XMLSignatureException {
- super();
- }
-
- /**
- * Method engineGetURI
- * @inheritDoc
- *
- */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_MAC_HMAC_SHA1;
- }
-
- int getDigestLength() {
- return 160;
- }
- }
-
- /**
- * Class IntegrityHmacSHA256
- */
- public static class IntegrityHmacSHA256 extends IntegrityHmac {
-
- /**
- * Constructor IntegrityHmacSHA256
- *
- * @throws XMLSignatureException
- */
- public IntegrityHmacSHA256() throws XMLSignatureException {
- super();
- }
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_MAC_HMAC_SHA256;
- }
-
- int getDigestLength() {
- return 256;
- }
- }
-
- /**
- * Class IntegrityHmacSHA384
- */
- public static class IntegrityHmacSHA384 extends IntegrityHmac {
-
- /**
- * Constructor IntegrityHmacSHA384
- *
- * @throws XMLSignatureException
- */
- public IntegrityHmacSHA384() throws XMLSignatureException {
- super();
- }
-
- /**
- * Method engineGetURI
- * @inheritDoc
- *
- */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_MAC_HMAC_SHA384;
- }
-
- int getDigestLength() {
- return 384;
- }
- }
-
- /**
- * Class IntegrityHmacSHA512
- */
- public static class IntegrityHmacSHA512 extends IntegrityHmac {
-
- /**
- * Constructor IntegrityHmacSHA512
- *
- * @throws XMLSignatureException
- */
- public IntegrityHmacSHA512() throws XMLSignatureException {
- super();
- }
-
- /**
- * Method engineGetURI
- * @inheritDoc
- *
- */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_MAC_HMAC_SHA512;
- }
-
- int getDigestLength() {
- return 512;
- }
- }
-
- /**
- * Class IntegrityHmacRIPEMD160
- */
- public static class IntegrityHmacRIPEMD160 extends IntegrityHmac {
-
- /**
- * Constructor IntegrityHmacRIPEMD160
- *
- * @throws XMLSignatureException
- */
- public IntegrityHmacRIPEMD160() throws XMLSignatureException {
- super();
- }
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;
- }
-
- int getDigestLength() {
- return 160;
- }
- }
-
- /**
- * Class IntegrityHmacMD5
- */
- public static class IntegrityHmacMD5 extends IntegrityHmac {
-
- /**
- * Constructor IntegrityHmacMD5
- *
- * @throws XMLSignatureException
- */
- public IntegrityHmacMD5() throws XMLSignatureException {
- super();
- }
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5;
- }
-
- int getDigestLength() {
- return 128;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms.implementations;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
-import org.apache.xml.security.signature.XMLSignature;
-import org.apache.xml.security.signature.XMLSignatureException;
-
-public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SignatureBaseRSA.class);
-
- /** @inheritDoc */
- public abstract String engineGetURI();
-
- /** Field algorithm */
- private java.security.Signature signatureAlgorithm = null;
-
- /**
- * Constructor SignatureRSA
- *
- * @throws XMLSignatureException
- */
- public SignatureBaseRSA() throws XMLSignatureException {
- String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-
- if (log.isDebugEnabled()) {
- log.debug("Created SignatureRSA using " + algorithmID);
- }
- String provider = JCEMapper.getProviderId();
- try {
- if (provider == null) {
- this.signatureAlgorithm = Signature.getInstance(algorithmID);
- } else {
- this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
- }
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- } catch (NoSuchProviderException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- }
- }
-
- /** @inheritDoc */
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws XMLSignatureException {
- try {
- this.signatureAlgorithm.setParameter(params);
- } catch (InvalidAlgorithmParameterException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
- try {
- return this.signatureAlgorithm.verify(signature);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
- if (!(publicKey instanceof PublicKey)) {
- String supplied = publicKey.getClass().getName();
- String needed = PublicKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initVerify((PublicKey) publicKey);
- } catch (InvalidKeyException ex) {
- // reinstantiate Signature object to work around bug in JDK
- // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
- Signature sig = this.signatureAlgorithm;
- try {
- this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
- } catch (Exception e) {
- // this shouldn't occur, but if it does, restore previous
- // Signature
- if (log.isDebugEnabled()) {
- log.debug("Exception when reinstantiating Signature:" + e);
- }
- this.signatureAlgorithm = sig;
- }
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected byte[] engineSign() throws XMLSignatureException {
- try {
- return this.signatureAlgorithm.sign();
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
- throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitSign(Key privateKey) throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initSign((PrivateKey) privateKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte[] input) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte input) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(buf, offset, len);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected String engineGetJCEAlgorithmString() {
- return this.signatureAlgorithm.getAlgorithm();
- }
-
- /** @inheritDoc */
- protected String engineGetJCEProviderName() {
- return this.signatureAlgorithm.getProvider().getName();
- }
-
- /** @inheritDoc */
- protected void engineSetHMACOutputLength(int HMACOutputLength)
- throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
- }
-
- /** @inheritDoc */
- protected void engineInitSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
- ) throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnRSA");
- }
-
- /**
- * Class SignatureRSASHA1
- */
- public static class SignatureRSASHA1 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSASHA1
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA1() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
- }
- }
-
- /**
- * Class SignatureRSASHA256
- */
- public static class SignatureRSASHA256 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSASHA256
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA256() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;
- }
- }
-
- /**
- * Class SignatureRSASHA384
- */
- public static class SignatureRSASHA384 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSASHA384
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA384() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;
- }
- }
-
- /**
- * Class SignatureRSASHA512
- */
- public static class SignatureRSASHA512 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSASHA512
- *
- * @throws XMLSignatureException
- */
- public SignatureRSASHA512() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;
- }
- }
-
- /**
- * Class SignatureRSARIPEMD160
- */
- public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSARIPEMD160
- *
- * @throws XMLSignatureException
- */
- public SignatureRSARIPEMD160() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160;
- }
- }
-
- /**
- * Class SignatureRSAMD5
- */
- public static class SignatureRSAMD5 extends SignatureBaseRSA {
-
- /**
- * Constructor SignatureRSAMD5
- *
- * @throws XMLSignatureException
- */
- public SignatureRSAMD5() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms.implementations;
-
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.Constants;
-
-public class SignatureDSA extends SignatureAlgorithmSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SignatureDSA.class);
-
- /** Field URI */
- public static final String URI = Constants.SignatureSpecNS + "dsa-sha1";
-
- /** Field algorithm */
- private java.security.Signature signatureAlgorithm = null;
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return SignatureDSA.URI;
- }
-
- /**
- * Constructor SignatureDSA
- *
- * @throws XMLSignatureException
- */
- public SignatureDSA() throws XMLSignatureException {
- String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA.URI);
- if (log.isDebugEnabled()) {
- log.debug("Created SignatureDSA using " + algorithmID);
- }
-
- String provider = JCEMapper.getProviderId();
- try {
- if (provider == null) {
- this.signatureAlgorithm = Signature.getInstance(algorithmID);
- } else {
- this.signatureAlgorithm =
- Signature.getInstance(algorithmID, provider);
- }
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- } catch (java.security.NoSuchProviderException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws XMLSignatureException {
- try {
- this.signatureAlgorithm.setParameter(params);
- } catch (InvalidAlgorithmParameterException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected boolean engineVerify(byte[] signature)
- throws XMLSignatureException {
- try {
- if (log.isDebugEnabled()) {
- log.debug("Called DSA.verify() on " + Base64.encode(signature));
- }
-
- byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
-
- return this.signatureAlgorithm.verify(jcebytes);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
- if (!(publicKey instanceof PublicKey)) {
- String supplied = publicKey.getClass().getName();
- String needed = PublicKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initVerify((PublicKey) publicKey);
- } catch (InvalidKeyException ex) {
- // reinstantiate Signature object to work around bug in JDK
- // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
- Signature sig = this.signatureAlgorithm;
- try {
- this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
- } catch (Exception e) {
- // this shouldn't occur, but if it does, restore previous
- // Signature
- if (log.isDebugEnabled()) {
- log.debug("Exception when reinstantiating Signature:" + e);
- }
- this.signatureAlgorithm = sig;
- }
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected byte[] engineSign() throws XMLSignatureException {
- try {
- byte jcebytes[] = this.signatureAlgorithm.sign();
-
- return SignatureDSA.convertASN1toXMLDSIG(jcebytes);
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
- throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineInitSign(Key privateKey) throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initSign((PrivateKey) privateKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte[] input) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte input) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * @inheritDoc
- */
- protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(buf, offset, len);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Method engineGetJCEAlgorithmString
- *
- * @inheritDoc
- */
- protected String engineGetJCEAlgorithmString() {
- return this.signatureAlgorithm.getAlgorithm();
- }
-
- /**
- * Method engineGetJCEProviderName
- *
- * @inheritDoc
- */
- protected String engineGetJCEProviderName() {
- return this.signatureAlgorithm.getProvider().getName();
- }
-
- /**
- * Converts an ASN.1 DSA value to a XML Signature DSA Value.
- *
- * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param asn1Bytes
- * @return the decode bytes
- *
- * @throws IOException
- * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
- */
- private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
-
- byte rLength = asn1Bytes[3];
- int i;
-
- for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
-
- byte sLength = asn1Bytes[5 + rLength];
- int j;
-
- for (j = sLength;
- (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
-
- if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
- || (asn1Bytes[2] != 2) || (i > 20)
- || (asn1Bytes[4 + rLength] != 2) || (j > 20)) {
- throw new IOException("Invalid ASN.1 format of DSA signature");
- }
- byte xmldsigBytes[] = new byte[40];
-
- System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i, i);
- System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
- 40 - j, j);
-
- return xmldsigBytes;
- }
-
- /**
- * Converts a XML Signature DSA Value to an ASN.1 DSA value.
- *
- * The JAVA JCE DSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param xmldsigBytes
- * @return the encoded ASN.1 bytes
- *
- * @throws IOException
- * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
- */
- private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
-
- if (xmldsigBytes.length != 40) {
- throw new IOException("Invalid XMLDSIG format of DSA signature");
- }
-
- int i;
-
- for (i = 20; (i > 0) && (xmldsigBytes[20 - i] == 0); i--);
-
- int j = i;
-
- if (xmldsigBytes[20 - i] < 0) {
- j += 1;
- }
-
- int k;
-
- for (k = 20; (k > 0) && (xmldsigBytes[40 - k] == 0); k--);
-
- int l = k;
-
- if (xmldsigBytes[40 - k] < 0) {
- l += 1;
- }
-
- byte asn1Bytes[] = new byte[6 + j + l];
-
- asn1Bytes[0] = 48;
- asn1Bytes[1] = (byte) (4 + j + l);
- asn1Bytes[2] = 2;
- asn1Bytes[3] = (byte) j;
-
- System.arraycopy(xmldsigBytes, 20 - i, asn1Bytes, (4 + j) - i, i);
-
- asn1Bytes[4 + j] = 2;
- asn1Bytes[5 + j] = (byte) l;
-
- System.arraycopy(xmldsigBytes, 40 - k, asn1Bytes, (6 + j + l) - k, k);
-
- return asn1Bytes;
- }
-
- /**
- * Method engineSetHMACOutputLength
- *
- * @param HMACOutputLength
- * @throws XMLSignatureException
- */
- protected void engineSetHMACOutputLength(int HMACOutputLength) throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
- }
-
- /**
- * Method engineInitSign
- *
- * @param signingKey
- * @param algorithmParameterSpec
- * @throws XMLSignatureException
- */
- protected void engineInitSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
- ) throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnDSA");
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.algorithms.implementations;
-
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
-import org.apache.xml.security.signature.XMLSignature;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.utils.Base64;
-
-/**
- *
- * @author $Author: raul $
- * @author Alex Dupre
- */
-public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SignatureECDSA.class);
-
- /** @inheritDoc */
- public abstract String engineGetURI();
-
- /** Field algorithm */
- private java.security.Signature signatureAlgorithm = null;
-
- /**
- * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
- *
- * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param asn1Bytes
- * @return the decode bytes
- *
- * @throws IOException
- * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
- * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
- */
- public static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
-
- if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
- throw new IOException("Invalid ASN.1 format of ECDSA signature");
- }
- int offset;
- if (asn1Bytes[1] > 0) {
- offset = 2;
- } else if (asn1Bytes[1] == (byte) 0x81) {
- offset = 3;
- } else {
- throw new IOException("Invalid ASN.1 format of ECDSA signature");
- }
-
- byte rLength = asn1Bytes[offset + 1];
- int i;
-
- for (i = rLength; (i > 0) && (asn1Bytes[(offset + 2 + rLength) - i] == 0); i--);
-
- byte sLength = asn1Bytes[offset + 2 + rLength + 1];
- int j;
-
- for (j = sLength;
- (j > 0) && (asn1Bytes[(offset + 2 + rLength + 2 + sLength) - j] == 0); j--);
-
- int rawLen = Math.max(i, j);
-
- if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
- || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
- || asn1Bytes[offset] != 2
- || asn1Bytes[offset + 2 + rLength] != 2) {
- throw new IOException("Invalid ASN.1 format of ECDSA signature");
- }
- byte xmldsigBytes[] = new byte[2*rawLen];
-
- System.arraycopy(asn1Bytes, (offset + 2 + rLength) - i, xmldsigBytes, rawLen - i, i);
- System.arraycopy(asn1Bytes, (offset + 2 + rLength + 2 + sLength) - j, xmldsigBytes,
- 2*rawLen - j, j);
-
- return xmldsigBytes;
- }
-
- /**
- * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
- *
- * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
- * pairs; the XML Signature requires the core BigInteger values.
- *
- * @param xmldsigBytes
- * @return the encoded ASN.1 bytes
- *
- * @throws IOException
- * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
- * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
- */
- public static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
-
- int rawLen = xmldsigBytes.length/2;
-
- int i;
-
- for (i = rawLen; (i > 0) && (xmldsigBytes[rawLen - i] == 0); i--);
-
- int j = i;
-
- if (xmldsigBytes[rawLen - i] < 0) {
- j += 1;
- }
-
- int k;
-
- for (k = rawLen; (k > 0) && (xmldsigBytes[2*rawLen - k] == 0); k--);
-
- int l = k;
-
- if (xmldsigBytes[2*rawLen - k] < 0) {
- l += 1;
- }
-
- int len = 2 + j + 2 + l;
- if (len > 255) {
- throw new IOException("Invalid XMLDSIG format of ECDSA signature");
- }
- int offset;
- byte asn1Bytes[];
- if (len < 128) {
- asn1Bytes = new byte[2 + 2 + j + 2 + l];
- offset = 1;
- } else {
- asn1Bytes = new byte[3 + 2 + j + 2 + l];
- asn1Bytes[1] = (byte) 0x81;
- offset = 2;
- }
- asn1Bytes[0] = 48;
- asn1Bytes[offset++] = (byte) len;
- asn1Bytes[offset++] = 2;
- asn1Bytes[offset++] = (byte) j;
-
- System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (offset + j) - i, i);
-
- offset += j;
-
- asn1Bytes[offset++] = 2;
- asn1Bytes[offset++] = (byte) l;
-
- System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (offset + l) - k, k);
-
- return asn1Bytes;
- }
-
- /**
- * Constructor SignatureRSA
- *
- * @throws XMLSignatureException
- */
- public SignatureECDSA() throws XMLSignatureException {
-
- String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-
- if (log.isDebugEnabled()) {
- log.debug("Created SignatureECDSA using " + algorithmID);
- }
- String provider = JCEMapper.getProviderId();
- try {
- if (provider == null) {
- this.signatureAlgorithm = Signature.getInstance(algorithmID);
- } else {
- this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
- }
- } catch (java.security.NoSuchAlgorithmException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- } catch (NoSuchProviderException ex) {
- Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-
- throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
- }
- }
-
- /** @inheritDoc */
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws XMLSignatureException {
- try {
- this.signatureAlgorithm.setParameter(params);
- } catch (InvalidAlgorithmParameterException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
- try {
- byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
-
- if (log.isDebugEnabled()) {
- log.debug("Called ECDSA.verify() on " + Base64.encode(signature));
- }
-
- return this.signatureAlgorithm.verify(jcebytes);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
- if (!(publicKey instanceof PublicKey)) {
- String supplied = publicKey.getClass().getName();
- String needed = PublicKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initVerify((PublicKey) publicKey);
- } catch (InvalidKeyException ex) {
- // reinstantiate Signature object to work around bug in JDK
- // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
- Signature sig = this.signatureAlgorithm;
- try {
- this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
- } catch (Exception e) {
- // this shouldn't occur, but if it does, restore previous
- // Signature
- if (log.isDebugEnabled()) {
- log.debug("Exception when reinstantiating Signature:" + e);
- }
- this.signatureAlgorithm = sig;
- }
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected byte[] engineSign() throws XMLSignatureException {
- try {
- byte jcebytes[] = this.signatureAlgorithm.sign();
-
- return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
- throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineInitSign(Key privateKey) throws XMLSignatureException {
- if (!(privateKey instanceof PrivateKey)) {
- String supplied = privateKey.getClass().getName();
- String needed = PrivateKey.class.getName();
- Object exArgs[] = { supplied, needed };
-
- throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
- }
-
- try {
- this.signatureAlgorithm.initSign((PrivateKey) privateKey);
- } catch (InvalidKeyException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte[] input) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte input) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(input);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
- try {
- this.signatureAlgorithm.update(buf, offset, len);
- } catch (SignatureException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- protected String engineGetJCEAlgorithmString() {
- return this.signatureAlgorithm.getAlgorithm();
- }
-
- /** @inheritDoc */
- protected String engineGetJCEProviderName() {
- return this.signatureAlgorithm.getProvider().getName();
- }
-
- /** @inheritDoc */
- protected void engineSetHMACOutputLength(int HMACOutputLength)
- throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
- }
-
- /** @inheritDoc */
- protected void engineInitSign(
- Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
- ) throws XMLSignatureException {
- throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnRSA");
- }
-
- /**
- * Class SignatureRSASHA1
- *
- * @author $Author: marcx $
- */
- public static class SignatureECDSASHA1 extends SignatureECDSA {
- /**
- * Constructor SignatureRSASHA1
- *
- * @throws XMLSignatureException
- */
- public SignatureECDSASHA1() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
- }
- }
-
- /**
- * Class SignatureRSASHA256
- *
- * @author Alex Dupre
- */
- public static class SignatureECDSASHA256 extends SignatureECDSA {
-
- /**
- * Constructor SignatureRSASHA256
- *
- * @throws XMLSignatureException
- */
- public SignatureECDSASHA256() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256;
- }
- }
-
- /**
- * Class SignatureRSASHA384
- *
- * @author Alex Dupre
- */
- public static class SignatureECDSASHA384 extends SignatureECDSA {
-
- /**
- * Constructor SignatureRSASHA384
- *
- * @throws XMLSignatureException
- */
- public SignatureECDSASHA384() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384;
- }
- }
-
- /**
- * Class SignatureRSASHA512
- *
- * @author Alex Dupre
- */
- public static class SignatureECDSASHA512 extends SignatureECDSA {
-
- /**
- * Constructor SignatureRSASHA512
- *
- * @throws XMLSignatureException
- */
- public SignatureECDSASHA512() throws XMLSignatureException {
- super();
- }
-
- /** @inheritDoc */
- public String engineGetURI() {
- return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
- }
- }
-
-}
+++ /dev/null
-<HTML> <HEAD> </HEAD> <BODY> <P>
-implementations of {@link org.apache.xml.security.algorithms.SignatureAlgorithmSpi}.
-</P></BODY> </HTML>
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-algorithm factories.
-</P></BODY></HTML>
\ No newline at end of file
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-/**
- * Class CanonicalizationException
- *
- * @author Christian Geuer-Pollmann
- */
-public class CanonicalizationException extends XMLSecurityException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor CanonicalizationException
- *
- */
- public CanonicalizationException() {
- super();
- }
-
- /**
- * Constructor CanonicalizationException
- *
- * @param msgID
- */
- public CanonicalizationException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor CanonicalizationException
- *
- * @param msgID
- * @param exArgs
- */
- public CanonicalizationException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor CanonicalizationException
- *
- * @param msgID
- * @param originalException
- */
- public CanonicalizationException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor CanonicalizationException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public CanonicalizationException(
- String msgID, Object exArgs[], Exception originalException
- ) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments;
-import org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments;
-import org.apache.xml.security.c14n.implementations.CanonicalizerPhysical;
-import org.apache.xml.security.exceptions.AlgorithmAlreadyRegisteredException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.InputSource;
-
-/**
- *
- * @author Christian Geuer-Pollmann
- */
-public class Canonicalizer {
-
- /** The output encoding of canonicalized data */
- public static final String ENCODING = "UTF8";
-
- /**
- * XPath Expression for selecting every node and continuous comments joined
- * in only one node
- */
- public static final String XPATH_C14N_WITH_COMMENTS_SINGLE_NODE =
- "(.//. | .//@* | .//namespace::*)";
-
- /**
- * The URL defined in XML-SEC Rec for inclusive c14n <b>without</b> comments.
- */
- public static final String ALGO_ID_C14N_OMIT_COMMENTS =
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
- /**
- * The URL defined in XML-SEC Rec for inclusive c14n <b>with</b> comments.
- */
- public static final String ALGO_ID_C14N_WITH_COMMENTS =
- ALGO_ID_C14N_OMIT_COMMENTS + "#WithComments";
- /**
- * The URL defined in XML-SEC Rec for exclusive c14n <b>without</b> comments.
- */
- public static final String ALGO_ID_C14N_EXCL_OMIT_COMMENTS =
- "http://www.w3.org/2001/10/xml-exc-c14n#";
- /**
- * The URL defined in XML-SEC Rec for exclusive c14n <b>with</b> comments.
- */
- public static final String ALGO_ID_C14N_EXCL_WITH_COMMENTS =
- ALGO_ID_C14N_EXCL_OMIT_COMMENTS + "WithComments";
- /**
- * The URI for inclusive c14n 1.1 <b>without</b> comments.
- */
- public static final String ALGO_ID_C14N11_OMIT_COMMENTS =
- "http://www.w3.org/2006/12/xml-c14n11";
- /**
- * The URI for inclusive c14n 1.1 <b>with</b> comments.
- */
- public static final String ALGO_ID_C14N11_WITH_COMMENTS =
- ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments";
- /**
- * Non-standard algorithm to serialize the physical representation for XML Encryption
- */
- public static final String ALGO_ID_C14N_PHYSICAL =
- "http://santuario.apache.org/c14n/physical";
-
- private static Map<String, Class<? extends CanonicalizerSpi>> canonicalizerHash =
- new ConcurrentHashMap<String, Class<? extends CanonicalizerSpi>>();
-
- private final CanonicalizerSpi canonicalizerSpi;
-
- /**
- * Constructor Canonicalizer
- *
- * @param algorithmURI
- * @throws InvalidCanonicalizerException
- */
- private Canonicalizer(String algorithmURI) throws InvalidCanonicalizerException {
- try {
- Class<? extends CanonicalizerSpi> implementingClass =
- canonicalizerHash.get(algorithmURI);
-
- canonicalizerSpi = implementingClass.newInstance();
- canonicalizerSpi.reset = true;
- } catch (Exception e) {
- Object exArgs[] = { algorithmURI };
- throw new InvalidCanonicalizerException(
- "signature.Canonicalizer.UnknownCanonicalizer", exArgs, e
- );
- }
- }
-
- /**
- * Method getInstance
- *
- * @param algorithmURI
- * @return a Canonicalizer instance ready for the job
- * @throws InvalidCanonicalizerException
- */
- public static final Canonicalizer getInstance(String algorithmURI)
- throws InvalidCanonicalizerException {
- return new Canonicalizer(algorithmURI);
- }
-
- /**
- * Method register
- *
- * @param algorithmURI
- * @param implementingClass
- * @throws AlgorithmAlreadyRegisteredException
- */
- @SuppressWarnings("unchecked")
- public static void register(String algorithmURI, String implementingClass)
- throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
- // check whether URI is already registered
- Class<? extends CanonicalizerSpi> registeredClass =
- canonicalizerHash.get(algorithmURI);
-
- if (registeredClass != null) {
- Object exArgs[] = { algorithmURI, registeredClass };
- throw new AlgorithmAlreadyRegisteredException("algorithm.alreadyRegistered", exArgs);
- }
-
- canonicalizerHash.put(
- algorithmURI, (Class<? extends CanonicalizerSpi>)Class.forName(implementingClass)
- );
- }
-
- /**
- * Method register
- *
- * @param algorithmURI
- * @param implementingClass
- * @throws AlgorithmAlreadyRegisteredException
- */
- public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass)
- throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
- // check whether URI is already registered
- Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
-
- if (registeredClass != null) {
- Object exArgs[] = { algorithmURI, registeredClass };
- throw new AlgorithmAlreadyRegisteredException("algorithm.alreadyRegistered", exArgs);
- }
-
- canonicalizerHash.put(algorithmURI, implementingClass);
- }
-
- /**
- * This method registers the default algorithms.
- */
- public static void registerDefaultAlgorithms() {
- canonicalizerHash.put(
- Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS,
- Canonicalizer20010315OmitComments.class
- );
- canonicalizerHash.put(
- Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS,
- Canonicalizer20010315WithComments.class
- );
- canonicalizerHash.put(
- Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS,
- Canonicalizer20010315ExclOmitComments.class
- );
- canonicalizerHash.put(
- Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS,
- Canonicalizer20010315ExclWithComments.class
- );
- canonicalizerHash.put(
- Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS,
- Canonicalizer11_OmitComments.class
- );
- canonicalizerHash.put(
- Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS,
- Canonicalizer11_WithComments.class
- );
- canonicalizerHash.put(
- Canonicalizer.ALGO_ID_C14N_PHYSICAL,
- CanonicalizerPhysical.class
- );
- }
-
- /**
- * Method getURI
- *
- * @return the URI defined for this c14n instance.
- */
- public final String getURI() {
- return canonicalizerSpi.engineGetURI();
- }
-
- /**
- * Method getIncludeComments
- *
- * @return true if the c14n respect the comments.
- */
- public boolean getIncludeComments() {
- return canonicalizerSpi.engineGetIncludeComments();
- }
-
- /**
- * This method tries to canonicalize the given bytes. It's possible to even
- * canonicalize non-wellformed sequences if they are well-formed after being
- * wrapped with a <CODE>>a<...>/a<</CODE>.
- *
- * @param inputBytes
- * @return the result of the canonicalization.
- * @throws CanonicalizationException
- * @throws java.io.IOException
- * @throws javax.xml.parsers.ParserConfigurationException
- * @throws org.xml.sax.SAXException
- */
- public byte[] canonicalize(byte[] inputBytes)
- throws javax.xml.parsers.ParserConfigurationException,
- java.io.IOException, org.xml.sax.SAXException, CanonicalizationException {
- InputStream bais = new ByteArrayInputStream(inputBytes);
- InputSource in = new InputSource(bais);
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
- dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
- dfactory.setNamespaceAware(true);
-
- // needs to validate for ID attribute normalization
- dfactory.setValidating(true);
-
- DocumentBuilder db = dfactory.newDocumentBuilder();
-
- /*
- * for some of the test vectors from the specification,
- * there has to be a validating parser for ID attributes, default
- * attribute values, NMTOKENS, etc.
- * Unfortunately, the test vectors do use different DTDs or
- * even no DTD. So Xerces 1.3.1 fires many warnings about using
- * ErrorHandlers.
- *
- * Text from the spec:
- *
- * The input octet stream MUST contain a well-formed XML document,
- * but the input need not be validated. However, the attribute
- * value normalization and entity reference resolution MUST be
- * performed in accordance with the behaviors of a validating
- * XML processor. As well, nodes for default attributes (declared
- * in the ATTLIST with an AttValue but not specified) are created
- * in each element. Thus, the declarations in the document type
- * declaration are used to help create the canonical form, even
- * though the document type declaration is not retained in the
- * canonical form.
- */
- db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
-
- Document document = db.parse(in);
- return this.canonicalizeSubtree(document);
- }
-
- /**
- * Canonicalizes the subtree rooted by <CODE>node</CODE>.
- *
- * @param node The node to canonicalize
- * @return the result of the c14n.
- *
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeSubtree(Node node) throws CanonicalizationException {
- return canonicalizerSpi.engineCanonicalizeSubTree(node);
- }
-
- /**
- * Canonicalizes the subtree rooted by <CODE>node</CODE>.
- *
- * @param node
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
- throws CanonicalizationException {
- return canonicalizerSpi.engineCanonicalizeSubTree(node, inclusiveNamespaces);
- }
-
- /**
- * Canonicalizes an XPath node set. The <CODE>xpathNodeSet</CODE> is treated
- * as a list of XPath nodes, not as a list of subtrees.
- *
- * @param xpathNodeSet
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
- throws CanonicalizationException {
- return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
- }
-
- /**
- * Canonicalizes an XPath node set. The <CODE>xpathNodeSet</CODE> is treated
- * as a list of XPath nodes, not as a list of subtrees.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(
- NodeList xpathNodeSet, String inclusiveNamespaces
- ) throws CanonicalizationException {
- return
- canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
- }
-
- /**
- * Canonicalizes an XPath node set.
- *
- * @param xpathNodeSet
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
- throws CanonicalizationException {
- return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
- }
-
- /**
- * Canonicalizes an XPath node set.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return the result of the c14n.
- * @throws CanonicalizationException
- */
- public byte[] canonicalizeXPathNodeSet(
- Set<Node> xpathNodeSet, String inclusiveNamespaces
- ) throws CanonicalizationException {
- return
- canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
- }
-
- /**
- * Sets the writer where the canonicalization ends. ByteArrayOutputStream
- * if none is set.
- * @param os
- */
- public void setWriter(OutputStream os) {
- canonicalizerSpi.setWriter(os);
- }
-
- /**
- * Returns the name of the implementing {@link CanonicalizerSpi} class
- *
- * @return the name of the implementing {@link CanonicalizerSpi} class
- */
- public String getImplementingCanonicalizerClass() {
- return canonicalizerSpi.getClass().getName();
- }
-
- /**
- * Set the canonicalizer behaviour to not reset.
- */
- public void notReset() {
- canonicalizerSpi.reset = false;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n;
-
-import java.io.ByteArrayInputStream;
-import java.io.OutputStream;
-import java.util.Set;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.InputSource;
-
-/**
- * Base class which all Canonicalization algorithms extend.
- *
- * @author Christian Geuer-Pollmann
- */
-public abstract class CanonicalizerSpi {
-
- /** Reset the writer after a c14n */
- protected boolean reset = false;
-
- /**
- * Method canonicalize
- *
- * @param inputBytes
- * @return the c14n bytes.
- *
- * @throws CanonicalizationException
- * @throws java.io.IOException
- * @throws javax.xml.parsers.ParserConfigurationException
- * @throws org.xml.sax.SAXException
- */
- public byte[] engineCanonicalize(byte[] inputBytes)
- throws javax.xml.parsers.ParserConfigurationException, java.io.IOException,
- org.xml.sax.SAXException, CanonicalizationException {
-
- java.io.InputStream bais = new ByteArrayInputStream(inputBytes);
- InputSource in = new InputSource(bais);
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
- dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
- // needs to validate for ID attribute normalization
- dfactory.setNamespaceAware(true);
-
- DocumentBuilder db = dfactory.newDocumentBuilder();
-
- Document document = db.parse(in);
- return this.engineCanonicalizeSubTree(document);
- }
-
- /**
- * Method engineCanonicalizeXPathNodeSet
- *
- * @param xpathNodeSet
- * @return the c14n bytes
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeXPathNodeSet(NodeList xpathNodeSet)
- throws CanonicalizationException {
- return this.engineCanonicalizeXPathNodeSet(
- XMLUtils.convertNodelistToSet(xpathNodeSet)
- );
- }
-
- /**
- * Method engineCanonicalizeXPathNodeSet
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return the c14n bytes
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeXPathNodeSet(NodeList xpathNodeSet, String inclusiveNamespaces)
- throws CanonicalizationException {
- return this.engineCanonicalizeXPathNodeSet(
- XMLUtils.convertNodelistToSet(xpathNodeSet), inclusiveNamespaces
- );
- }
-
- /**
- * Returns the URI of this engine.
- * @return the URI
- */
- public abstract String engineGetURI();
-
- /**
- * Returns true if comments are included
- * @return true if comments are included
- */
- public abstract boolean engineGetIncludeComments();
-
- /**
- * C14n a nodeset
- *
- * @param xpathNodeSet
- * @return the c14n bytes
- * @throws CanonicalizationException
- */
- public abstract byte[] engineCanonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
- throws CanonicalizationException;
-
- /**
- * C14n a nodeset
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return the c14n bytes
- * @throws CanonicalizationException
- */
- public abstract byte[] engineCanonicalizeXPathNodeSet(
- Set<Node> xpathNodeSet, String inclusiveNamespaces
- ) throws CanonicalizationException;
-
- /**
- * C14n a node tree.
- *
- * @param rootNode
- * @return the c14n bytes
- * @throws CanonicalizationException
- */
- public abstract byte[] engineCanonicalizeSubTree(Node rootNode)
- throws CanonicalizationException;
-
- /**
- * C14n a node tree.
- *
- * @param rootNode
- * @param inclusiveNamespaces
- * @return the c14n bytes
- * @throws CanonicalizationException
- */
- public abstract byte[] engineCanonicalizeSubTree(Node rootNode, String inclusiveNamespaces)
- throws CanonicalizationException;
-
- /**
- * Sets the writer where the canonicalization ends. ByteArrayOutputStream if
- * none is set.
- * @param os
- */
- public abstract void setWriter(OutputStream os);
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-public class InvalidCanonicalizerException extends XMLSecurityException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor InvalidCanonicalizerException
- *
- */
- public InvalidCanonicalizerException() {
- super();
- }
-
- /**
- * Constructor InvalidCanonicalizerException
- *
- * @param msgID
- */
- public InvalidCanonicalizerException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor InvalidCanonicalizerException
- *
- * @param msgID
- * @param exArgs
- */
- public InvalidCanonicalizerException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor InvalidCanonicalizerException
- *
- * @param msgID
- * @param originalException
- */
- public InvalidCanonicalizerException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor InvalidCanonicalizerException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public InvalidCanonicalizerException(
- String msgID, Object exArgs[], Exception originalException
- ) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.helper;
-
-import org.apache.xml.security.utils.Constants;
-import org.w3c.dom.Attr;
-import java.io.Serializable;
-import java.util.Comparator;
-
-/**
- * Compares two attributes based on the C14n specification.
- *
- * <UL>
- * <LI>Namespace nodes have a lesser document order position than attribute
- * nodes.
- * <LI> An element's namespace nodes are sorted lexicographically by
- * local name (the default namespace node, if one exists, has no
- * local name and is therefore lexicographically least).
- * <LI> An element's attribute nodes are sorted lexicographically with
- * namespace URI as the primary key and local name as the secondary
- * key (an empty namespace URI is lexicographically least).
- * </UL>
- *
- * @author Christian Geuer-Pollmann
- */
-public class AttrCompare implements Comparator<Attr>, Serializable {
-
- private static final long serialVersionUID = -7113259629930576230L;
- private static final int ATTR0_BEFORE_ATTR1 = -1;
- private static final int ATTR1_BEFORE_ATTR0 = 1;
- private static final String XMLNS = Constants.NamespaceSpecNS;
-
- /**
- * Compares two attributes based on the C14n specification.
- *
- * <UL>
- * <LI>Namespace nodes have a lesser document order position than
- * attribute nodes.
- * <LI> An element's namespace nodes are sorted lexicographically by
- * local name (the default namespace node, if one exists, has no
- * local name and is therefore lexicographically least).
- * <LI> An element's attribute nodes are sorted lexicographically with
- * namespace URI as the primary key and local name as the secondary
- * key (an empty namespace URI is lexicographically least).
- * </UL>
- *
- * @param attr0
- * @param attr1
- * @return returns a negative integer, zero, or a positive integer as
- * obj0 is less than, equal to, or greater than obj1
- *
- */
- public int compare(Attr attr0, Attr attr1) {
- String namespaceURI0 = attr0.getNamespaceURI();
- String namespaceURI1 = attr1.getNamespaceURI();
-
- boolean isNamespaceAttr0 = XMLNS.equals(namespaceURI0);
- boolean isNamespaceAttr1 = XMLNS.equals(namespaceURI1);
-
- if (isNamespaceAttr0) {
- if (isNamespaceAttr1) {
- // both are namespaces
- String localname0 = attr0.getLocalName();
- String localname1 = attr1.getLocalName();
-
- if ("xmlns".equals(localname0)) {
- localname0 = "";
- }
-
- if ("xmlns".equals(localname1)) {
- localname1 = "";
- }
-
- return localname0.compareTo(localname1);
- }
- // attr0 is a namespace, attr1 is not
- return ATTR0_BEFORE_ATTR1;
- } else if (isNamespaceAttr1) {
- // attr1 is a namespace, attr0 is not
- return ATTR1_BEFORE_ATTR0;
- }
-
- // none is a namespace
- if (namespaceURI0 == null) {
- if (namespaceURI1 == null) {
- String name0 = attr0.getName();
- String name1 = attr1.getName();
- return name0.compareTo(name1);
- }
- return ATTR0_BEFORE_ATTR1;
- } else if (namespaceURI1 == null) {
- return ATTR1_BEFORE_ATTR0;
- }
-
- int a = namespaceURI0.compareTo(namespaceURI1);
- if (a != 0) {
- return a;
- }
-
- return (attr0.getLocalName()).compareTo(attr1.getLocalName());
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.helper;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-
-/**
- * Temporary swapped static functions from the normalizer Section
- *
- * @author Christian Geuer-Pollmann
- */
-public class C14nHelper {
-
- /**
- * Constructor C14nHelper
- *
- */
- private C14nHelper() {
- // don't allow instantiation
- }
-
- /**
- * Method namespaceIsRelative
- *
- * @param namespace
- * @return true if the given namespace is relative.
- */
- public static boolean namespaceIsRelative(Attr namespace) {
- return !namespaceIsAbsolute(namespace);
- }
-
- /**
- * Method namespaceIsRelative
- *
- * @param namespaceValue
- * @return true if the given namespace is relative.
- */
- public static boolean namespaceIsRelative(String namespaceValue) {
- return !namespaceIsAbsolute(namespaceValue);
- }
-
- /**
- * Method namespaceIsAbsolute
- *
- * @param namespace
- * @return true if the given namespace is absolute.
- */
- public static boolean namespaceIsAbsolute(Attr namespace) {
- return namespaceIsAbsolute(namespace.getValue());
- }
-
- /**
- * Method namespaceIsAbsolute
- *
- * @param namespaceValue
- * @return true if the given namespace is absolute.
- */
- public static boolean namespaceIsAbsolute(String namespaceValue) {
- // assume empty namespaces are absolute
- if (namespaceValue.length() == 0) {
- return true;
- }
- return namespaceValue.indexOf(':') > 0;
- }
-
- /**
- * This method throws an exception if the Attribute value contains
- * a relative URI.
- *
- * @param attr
- * @throws CanonicalizationException
- */
- public static void assertNotRelativeNS(Attr attr) throws CanonicalizationException {
- if (attr == null) {
- return;
- }
-
- String nodeAttrName = attr.getNodeName();
- boolean definesDefaultNS = nodeAttrName.equals("xmlns");
- boolean definesNonDefaultNS = nodeAttrName.startsWith("xmlns:");
-
- if ((definesDefaultNS || definesNonDefaultNS) && namespaceIsRelative(attr)) {
- String parentName = attr.getOwnerElement().getTagName();
- String attrValue = attr.getValue();
- Object exArgs[] = { parentName, nodeAttrName, attrValue };
-
- throw new CanonicalizationException(
- "c14n.Canonicalizer.RelativeNamespace", exArgs
- );
- }
- }
-
- /**
- * This method throws a CanonicalizationException if the supplied Document
- * is not able to be traversed using a TreeWalker.
- *
- * @param document
- * @throws CanonicalizationException
- */
- public static void checkTraversability(Document document)
- throws CanonicalizationException {
- if (!document.isSupported("Traversal", "2.0")) {
- Object exArgs[] = {document.getImplementation().getClass().getName() };
-
- throw new CanonicalizationException(
- "c14n.Canonicalizer.TraversalNotSupported", exArgs
- );
- }
- }
-
- /**
- * This method throws a CanonicalizationException if the supplied Element
- * contains any relative namespaces.
- *
- * @param ctxNode
- * @throws CanonicalizationException
- * @see C14nHelper#assertNotRelativeNS(Attr)
- */
- public static void checkForRelativeNamespace(Element ctxNode)
- throws CanonicalizationException {
- if (ctxNode != null) {
- NamedNodeMap attributes = ctxNode.getAttributes();
-
- for (int i = 0; i < attributes.getLength(); i++) {
- C14nHelper.assertNotRelativeNS((Attr) attributes.item(i));
- }
- } else {
- throw new CanonicalizationException("Called checkForRelativeNamespace() on null");
- }
- }
-}
+++ /dev/null
-<HTML> <HEAD> </HEAD> <BODY> <P>
-helper classes for canonicalization.
-</P></BODY> </HTML>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-import javax.xml.parsers.ParserConfigurationException;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.helper.C14nHelper;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-
-/**
- * Implements <A HREF="http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/">
- * Canonical XML Version 1.1</A>, a W3C Proposed Recommendation from 29
- * January 2008.
- *
- * @author Sean Mullan
- * @author Raul Benito
- */
-public abstract class Canonicalizer11 extends CanonicalizerBase {
-
- private static final String XMLNS_URI = Constants.NamespaceSpecNS;
- private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(Canonicalizer11.class);
- private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-
- private boolean firstCall = true;
-
- private static class XmlAttrStack {
- static class XmlsStackElement {
- int level;
- boolean rendered = false;
- List<Attr> nodes = new ArrayList<Attr>();
- };
-
- int currentLevel = 0;
- int lastlevel = 0;
- XmlsStackElement cur;
- List<XmlsStackElement> levels = new ArrayList<XmlsStackElement>();
-
- void push(int level) {
- currentLevel = level;
- if (currentLevel == -1) {
- return;
- }
- cur = null;
- while (lastlevel >= currentLevel) {
- levels.remove(levels.size() - 1);
- int newSize = levels.size();
- if (newSize == 0) {
- lastlevel = 0;
- return;
- }
- lastlevel = (levels.get(newSize - 1)).level;
- }
- }
-
- void addXmlnsAttr(Attr n) {
- if (cur == null) {
- cur = new XmlsStackElement();
- cur.level = currentLevel;
- levels.add(cur);
- lastlevel = currentLevel;
- }
- cur.nodes.add(n);
- }
-
- void getXmlnsAttr(Collection<Attr> col) {
- int size = levels.size() - 1;
- if (cur == null) {
- cur = new XmlsStackElement();
- cur.level = currentLevel;
- lastlevel = currentLevel;
- levels.add(cur);
- }
- boolean parentRendered = false;
- XmlsStackElement e = null;
- if (size == -1) {
- parentRendered = true;
- } else {
- e = levels.get(size);
- if (e.rendered && e.level + 1 == currentLevel) {
- parentRendered = true;
- }
- }
- if (parentRendered) {
- col.addAll(cur.nodes);
- cur.rendered = true;
- return;
- }
-
- Map<String, Attr> loa = new HashMap<String, Attr>();
- List<Attr> baseAttrs = new ArrayList<Attr>();
- boolean successiveOmitted = true;
- for (; size >= 0; size--) {
- e = levels.get(size);
- if (e.rendered) {
- successiveOmitted = false;
- }
- Iterator<Attr> it = e.nodes.iterator();
- while (it.hasNext() && successiveOmitted) {
- Attr n = it.next();
- if (n.getLocalName().equals("base") && !e.rendered) {
- baseAttrs.add(n);
- } else if (!loa.containsKey(n.getName())) {
- loa.put(n.getName(), n);
- }
- }
- }
- if (!baseAttrs.isEmpty()) {
- Iterator<Attr> it = col.iterator();
- String base = null;
- Attr baseAttr = null;
- while (it.hasNext()) {
- Attr n = it.next();
- if (n.getLocalName().equals("base")) {
- base = n.getValue();
- baseAttr = n;
- break;
- }
- }
- it = baseAttrs.iterator();
- while (it.hasNext()) {
- Attr n = it.next();
- if (base == null) {
- base = n.getValue();
- baseAttr = n;
- } else {
- try {
- base = joinURI(n.getValue(), base);
- } catch (URISyntaxException ue) {
- if (log.isDebugEnabled()) {
- log.debug(ue.getMessage(), ue);
- }
- }
- }
- }
- if (base != null && base.length() != 0) {
- baseAttr.setValue(base);
- col.add(baseAttr);
- }
- }
-
- cur.rendered = true;
- col.addAll(loa.values());
- }
- };
-
- private XmlAttrStack xmlattrStack = new XmlAttrStack();
-
- /**
- * Constructor Canonicalizer11
- *
- * @param includeComments
- */
- public Canonicalizer11(boolean includeComments) {
- super(includeComments);
- }
-
- /**
- * Always throws a CanonicalizationException because this is inclusive c14n.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return none it always fails
- * @throws CanonicalizationException always
- */
- public byte[] engineCanonicalizeXPathNodeSet(
- Set<Node> xpathNodeSet, String inclusiveNamespaces
- ) throws CanonicalizationException {
- throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
- }
-
- /**
- * Always throws a CanonicalizationException because this is inclusive c14n.
- *
- * @param rootNode
- * @param inclusiveNamespaces
- * @return none it always fails
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeSubTree(
- Node rootNode, String inclusiveNamespaces
- ) throws CanonicalizationException {
- throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
- }
-
- /**
- * Returns the Attr[]s to be output for the given element.
- * <br>
- * The code of this method is a copy of {@link #handleAttributes(Element,
- * NameSpaceSymbTable)},
- * whereas it takes into account that subtree-c14n is -- well --
- * subtree-based.
- * So if the element in question isRoot of c14n, it's parent is not in the
- * node set, as well as all other ancestors.
- *
- * @param element
- * @param ns
- * @return the Attr[]s to be output
- * @throws CanonicalizationException
- */
- @Override
- protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException {
- if (!element.hasAttributes() && !firstCall) {
- return null;
- }
- // result will contain the attrs which have to be output
- final SortedSet<Attr> result = this.result;
- result.clear();
-
- if (element.hasAttributes()) {
- NamedNodeMap attrs = element.getAttributes();
- int attrsLength = attrs.getLength();
-
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- String NUri = attribute.getNamespaceURI();
- String NName = attribute.getLocalName();
- String NValue = attribute.getValue();
-
- if (!XMLNS_URI.equals(NUri)) {
- // It's not a namespace attr node. Add to the result and continue.
- result.add(attribute);
- } else if (!(XML.equals(NName) && XML_LANG_URI.equals(NValue))) {
- // The default mapping for xml must not be output.
- Node n = ns.addMappingAndRender(NName, NValue, attribute);
-
- if (n != null) {
- // Render the ns definition
- result.add((Attr)n);
- if (C14nHelper.namespaceIsRelative(attribute)) {
- Object exArgs[] = {element.getTagName(), NName, attribute.getNodeValue()};
- throw new CanonicalizationException(
- "c14n.Canonicalizer.RelativeNamespace", exArgs
- );
- }
- }
- }
- }
- }
-
- if (firstCall) {
- // It is the first node of the subtree
- // Obtain all the namespaces defined in the parents, and added to the output.
- ns.getUnrenderedNodes(result);
- // output the attributes in the xml namespace.
- xmlattrStack.getXmlnsAttr(result);
- firstCall = false;
- }
-
- return result.iterator();
- }
-
- /**
- * Returns the Attr[]s to be output for the given element.
- * <br>
- * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a
- * DOM which has been prepared using
- * {@link org.apache.xml.security.utils.XMLUtils#circumventBug2650(
- * org.w3c.dom.Document)}.
- *
- * @param element
- * @param ns
- * @return the Attr[]s to be output
- * @throws CanonicalizationException
- */
- @Override
- protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException {
- // result will contain the attrs which have to be output
- xmlattrStack.push(ns.getLevel());
- boolean isRealVisible = isVisibleDO(element, ns.getLevel()) == 1;
- final SortedSet<Attr> result = this.result;
- result.clear();
-
- if (element.hasAttributes()) {
- NamedNodeMap attrs = element.getAttributes();
- int attrsLength = attrs.getLength();
-
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- String NUri = attribute.getNamespaceURI();
- String NName = attribute.getLocalName();
- String NValue = attribute.getValue();
-
- if (!XMLNS_URI.equals(NUri)) {
- //A non namespace definition node.
- if (XML_LANG_URI.equals(NUri)) {
- if (NName.equals("id")) {
- if (isRealVisible) {
- // treat xml:id like any other attribute
- // (emit it, but don't inherit it)
- result.add(attribute);
- }
- } else {
- xmlattrStack.addXmlnsAttr(attribute);
- }
- } else if (isRealVisible) {
- //The node is visible add the attribute to the list of output attributes.
- result.add(attribute);
- }
- } else if (!XML.equals(NName) || !XML_LANG_URI.equals(NValue)) {
- /* except omit namespace node with local name xml, which defines
- * the xml prefix, if its string value is
- * http://www.w3.org/XML/1998/namespace.
- */
- // add the prefix binding to the ns symb table.
- if (isVisible(attribute)) {
- if (isRealVisible || !ns.removeMappingIfRender(NName)) {
- // The xpath select this node output it if needed.
- Node n = ns.addMappingAndRender(NName, NValue, attribute);
- if (n != null) {
- result.add((Attr)n);
- if (C14nHelper.namespaceIsRelative(attribute)) {
- Object exArgs[] = { element.getTagName(), NName, attribute.getNodeValue() };
- throw new CanonicalizationException(
- "c14n.Canonicalizer.RelativeNamespace", exArgs
- );
- }
- }
- }
- } else {
- if (isRealVisible && !XMLNS.equals(NName)) {
- ns.removeMapping(NName);
- } else {
- ns.addMapping(NName, NValue, attribute);
- }
- }
- }
- }
- }
-
- if (isRealVisible) {
- //The element is visible, handle the xmlns definition
- Attr xmlns = element.getAttributeNodeNS(XMLNS_URI, XMLNS);
- Node n = null;
- if (xmlns == null) {
- //No xmlns def just get the already defined.
- n = ns.getMapping(XMLNS);
- } else if (!isVisible(xmlns)) {
- //There is a definition but the xmlns is not selected by the xpath.
- //then xmlns=""
- n = ns.addMappingAndRender(XMLNS, "", nullNode);
- }
- //output the xmlns def if needed.
- if (n != null) {
- result.add((Attr)n);
- }
- //Float all xml:* attributes of the unselected parent elements to this one.
- xmlattrStack.getXmlnsAttr(result);
- ns.getUnrenderedNodes(result);
- }
-
- return result.iterator();
- }
-
- protected void circumventBugIfNeeded(XMLSignatureInput input)
- throws CanonicalizationException, ParserConfigurationException,
- IOException, SAXException {
- if (!input.isNeedsToBeExpanded()) {
- return;
- }
- Document doc = null;
- if (input.getSubNode() != null) {
- doc = XMLUtils.getOwnerDocument(input.getSubNode());
- } else {
- doc = XMLUtils.getOwnerDocument(input.getNodeSet());
- }
- XMLUtils.circumventBug2650(doc);
- }
-
- protected void handleParent(Element e, NameSpaceSymbTable ns) {
- if (!e.hasAttributes() && e.getNamespaceURI() == null) {
- return;
- }
- xmlattrStack.push(-1);
- NamedNodeMap attrs = e.getAttributes();
- int attrsLength = attrs.getLength();
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- String NName = attribute.getLocalName();
- String NValue = attribute.getNodeValue();
-
- if (Constants.NamespaceSpecNS.equals(attribute.getNamespaceURI())) {
- if (!XML.equals(NName) || !Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
- ns.addMapping(NName, NValue, attribute);
- }
- } else if (!"id".equals(NName) && XML_LANG_URI.equals(attribute.getNamespaceURI())) {
- xmlattrStack.addXmlnsAttr(attribute);
- }
- }
- if (e.getNamespaceURI() != null) {
- String NName = e.getPrefix();
- String NValue = e.getNamespaceURI();
- String Name;
- if (NName == null || NName.equals("")) {
- NName = "xmlns";
- Name = "xmlns";
- } else {
- Name = "xmlns:" + NName;
- }
- Attr n = e.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", Name);
- n.setValue(NValue);
- ns.addMapping(NName, NValue, n);
- }
- }
-
- private static String joinURI(String baseURI, String relativeURI) throws URISyntaxException {
- String bscheme = null;
- String bauthority = null;
- String bpath = "";
- String bquery = null;
-
- // pre-parse the baseURI
- if (baseURI != null) {
- if (baseURI.endsWith("..")) {
- baseURI = baseURI + "/";
- }
- URI base = new URI(baseURI);
- bscheme = base.getScheme();
- bauthority = base.getAuthority();
- bpath = base.getPath();
- bquery = base.getQuery();
- }
-
- URI r = new URI(relativeURI);
- String rscheme = r.getScheme();
- String rauthority = r.getAuthority();
- String rpath = r.getPath();
- String rquery = r.getQuery();
-
- String tscheme, tauthority, tpath, tquery;
- if (rscheme != null && rscheme.equals(bscheme)) {
- rscheme = null;
- }
- if (rscheme != null) {
- tscheme = rscheme;
- tauthority = rauthority;
- tpath = removeDotSegments(rpath);
- tquery = rquery;
- } else {
- if (rauthority != null) {
- tauthority = rauthority;
- tpath = removeDotSegments(rpath);
- tquery = rquery;
- } else {
- if (rpath.length() == 0) {
- tpath = bpath;
- if (rquery != null) {
- tquery = rquery;
- } else {
- tquery = bquery;
- }
- } else {
- if (rpath.startsWith("/")) {
- tpath = removeDotSegments(rpath);
- } else {
- if (bauthority != null && bpath.length() == 0) {
- tpath = "/" + rpath;
- } else {
- int last = bpath.lastIndexOf('/');
- if (last == -1) {
- tpath = rpath;
- } else {
- tpath = bpath.substring(0, last+1) + rpath;
- }
- }
- tpath = removeDotSegments(tpath);
- }
- tquery = rquery;
- }
- tauthority = bauthority;
- }
- tscheme = bscheme;
- }
- return new URI(tscheme, tauthority, tpath, tquery, null).toString();
- }
-
- private static String removeDotSegments(String path) {
- if (log.isDebugEnabled()) {
- log.debug("STEP OUTPUT BUFFER\t\tINPUT BUFFER");
- }
-
- // 1. The input buffer is initialized with the now-appended path
- // components then replace occurrences of "//" in the input buffer
- // with "/" until no more occurrences of "//" are in the input buffer.
- String input = path;
- while (input.indexOf("//") > -1) {
- input = input.replaceAll("//", "/");
- }
-
- // Initialize the output buffer with the empty string.
- StringBuilder output = new StringBuilder();
-
- // If the input buffer starts with a root slash "/" then move this
- // character to the output buffer.
- if (input.charAt(0) == '/') {
- output.append("/");
- input = input.substring(1);
- }
-
- printStep("1 ", output.toString(), input);
-
- // While the input buffer is not empty, loop as follows
- while (input.length() != 0) {
- // 2A. If the input buffer begins with a prefix of "./",
- // then remove that prefix from the input buffer
- // else if the input buffer begins with a prefix of "../", then
- // if also the output does not contain the root slash "/" only,
- // then move this prefix to the end of the output buffer else
- // remove that prefix
- if (input.startsWith("./")) {
- input = input.substring(2);
- printStep("2A", output.toString(), input);
- } else if (input.startsWith("../")) {
- input = input.substring(3);
- if (!output.toString().equals("/")) {
- output.append("../");
- }
- printStep("2A", output.toString(), input);
- // 2B. if the input buffer begins with a prefix of "/./" or "/.",
- // where "." is a complete path segment, then replace that prefix
- // with "/" in the input buffer; otherwise,
- } else if (input.startsWith("/./")) {
- input = input.substring(2);
- printStep("2B", output.toString(), input);
- } else if (input.equals("/.")) {
- // FIXME: what is complete path segment?
- input = input.replaceFirst("/.", "/");
- printStep("2B", output.toString(), input);
- // 2C. if the input buffer begins with a prefix of "/../" or "/..",
- // where ".." is a complete path segment, then replace that prefix
- // with "/" in the input buffer and if also the output buffer is
- // empty, last segment in the output buffer equals "../" or "..",
- // where ".." is a complete path segment, then append ".." or "/.."
- // for the latter case respectively to the output buffer else
- // remove the last segment and its preceding "/" (if any) from the
- // output buffer and if hereby the first character in the output
- // buffer was removed and it was not the root slash then delete a
- // leading slash from the input buffer; otherwise,
- } else if (input.startsWith("/../")) {
- input = input.substring(3);
- if (output.length() == 0) {
- output.append("/");
- } else if (output.toString().endsWith("../")) {
- output.append("..");
- } else if (output.toString().endsWith("..")) {
- output.append("/..");
- } else {
- int index = output.lastIndexOf("/");
- if (index == -1) {
- output = new StringBuilder();
- if (input.charAt(0) == '/') {
- input = input.substring(1);
- }
- } else {
- output = output.delete(index, output.length());
- }
- }
- printStep("2C", output.toString(), input);
- } else if (input.equals("/..")) {
- // FIXME: what is complete path segment?
- input = input.replaceFirst("/..", "/");
- if (output.length() == 0) {
- output.append("/");
- } else if (output.toString().endsWith("../")) {
- output.append("..");
- } else if (output.toString().endsWith("..")) {
- output.append("/..");
- } else {
- int index = output.lastIndexOf("/");
- if (index == -1) {
- output = new StringBuilder();
- if (input.charAt(0) == '/') {
- input = input.substring(1);
- }
- } else {
- output = output.delete(index, output.length());
- }
- }
- printStep("2C", output.toString(), input);
- // 2D. if the input buffer consists only of ".", then remove
- // that from the input buffer else if the input buffer consists
- // only of ".." and if the output buffer does not contain only
- // the root slash "/", then move the ".." to the output buffer
- // else delte it.; otherwise,
- } else if (input.equals(".")) {
- input = "";
- printStep("2D", output.toString(), input);
- } else if (input.equals("..")) {
- if (!output.toString().equals("/")) {
- output.append("..");
- }
- input = "";
- printStep("2D", output.toString(), input);
- // 2E. move the first path segment (if any) in the input buffer
- // to the end of the output buffer, including the initial "/"
- // character (if any) and any subsequent characters up to, but not
- // including, the next "/" character or the end of the input buffer.
- } else {
- int end = -1;
- int begin = input.indexOf('/');
- if (begin == 0) {
- end = input.indexOf('/', 1);
- } else {
- end = begin;
- begin = 0;
- }
- String segment;
- if (end == -1) {
- segment = input.substring(begin);
- input = "";
- } else {
- segment = input.substring(begin, end);
- input = input.substring(end);
- }
- output.append(segment);
- printStep("2E", output.toString(), input);
- }
- }
-
- // 3. Finally, if the only or last segment of the output buffer is
- // "..", where ".." is a complete path segment not followed by a slash
- // then append a slash "/". The output buffer is returned as the result
- // of remove_dot_segments
- if (output.toString().endsWith("..")) {
- output.append("/");
- printStep("3 ", output.toString(), input);
- }
-
- return output.toString();
- }
-
- private static void printStep(String step, String output, String input) {
- if (log.isDebugEnabled()) {
- log.debug(" " + step + ": " + output);
- if (output.length() == 0) {
- log.debug("\t\t\t\t" + input);
- } else {
- log.debug("\t\t\t" + input);
- }
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-
-/**
- * @author Sean Mullan
- */
-public class Canonicalizer11_OmitComments extends Canonicalizer11 {
-
- public Canonicalizer11_OmitComments() {
- super(false);
- }
-
- public final String engineGetURI() {
- return Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS;
- }
-
- public final boolean engineGetIncludeComments() {
- return false;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-
-/**
- * @author Sean Mullan
- */
-public class Canonicalizer11_WithComments extends Canonicalizer11 {
-
- public Canonicalizer11_WithComments() {
- super(true);
- }
-
- public final String engineGetURI() {
- return Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS;
- }
-
- public final boolean engineGetIncludeComments() {
- return true;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.helper.C14nHelper;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-/**
- * Implements <A HREF="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">Canonical
- * XML Version 1.0</A>, a W3C Recommendation from 15 March 2001.
- *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
- */
-public abstract class Canonicalizer20010315 extends CanonicalizerBase {
- private static final String XMLNS_URI = Constants.NamespaceSpecNS;
- private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
-
- private boolean firstCall = true;
- private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-
- private static class XmlAttrStack {
- static class XmlsStackElement {
- int level;
- boolean rendered = false;
- List<Attr> nodes = new ArrayList<Attr>();
- };
-
- int currentLevel = 0;
- int lastlevel = 0;
- XmlsStackElement cur;
- List<XmlsStackElement> levels = new ArrayList<XmlsStackElement>();
-
- void push(int level) {
- currentLevel = level;
- if (currentLevel == -1) {
- return;
- }
- cur = null;
- while (lastlevel >= currentLevel) {
- levels.remove(levels.size() - 1);
- int newSize = levels.size();
- if (newSize == 0) {
- lastlevel = 0;
- return;
- }
- lastlevel = (levels.get(newSize - 1)).level;
- }
- }
-
- void addXmlnsAttr(Attr n) {
- if (cur == null) {
- cur = new XmlsStackElement();
- cur.level = currentLevel;
- levels.add(cur);
- lastlevel = currentLevel;
- }
- cur.nodes.add(n);
- }
-
- void getXmlnsAttr(Collection<Attr> col) {
- int size = levels.size() - 1;
- if (cur == null) {
- cur = new XmlsStackElement();
- cur.level = currentLevel;
- lastlevel = currentLevel;
- levels.add(cur);
- }
- boolean parentRendered = false;
- XmlsStackElement e = null;
- if (size == -1) {
- parentRendered = true;
- } else {
- e = levels.get(size);
- if (e.rendered && e.level + 1 == currentLevel) {
- parentRendered = true;
- }
- }
- if (parentRendered) {
- col.addAll(cur.nodes);
- cur.rendered = true;
- return;
- }
-
- Map<String, Attr> loa = new HashMap<String, Attr>();
- for (; size >= 0; size--) {
- e = levels.get(size);
- Iterator<Attr> it = e.nodes.iterator();
- while (it.hasNext()) {
- Attr n = it.next();
- if (!loa.containsKey(n.getName())) {
- loa.put(n.getName(), n);
- }
- }
- }
-
- cur.rendered = true;
- col.addAll(loa.values());
- }
-
- }
-
- private XmlAttrStack xmlattrStack = new XmlAttrStack();
-
- /**
- * Constructor Canonicalizer20010315
- *
- * @param includeComments
- */
- public Canonicalizer20010315(boolean includeComments) {
- super(includeComments);
- }
-
- /**
- * Always throws a CanonicalizationException because this is inclusive c14n.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return none it always fails
- * @throws CanonicalizationException always
- */
- public byte[] engineCanonicalizeXPathNodeSet(Set<Node> xpathNodeSet, String inclusiveNamespaces)
- throws CanonicalizationException {
-
- /** $todo$ well, should we throw UnsupportedOperationException ? */
- throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
- }
-
- /**
- * Always throws a CanonicalizationException because this is inclusive c14n.
- *
- * @param rootNode
- * @param inclusiveNamespaces
- * @return none it always fails
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeSubTree(Node rootNode, String inclusiveNamespaces)
- throws CanonicalizationException {
-
- /** $todo$ well, should we throw UnsupportedOperationException ? */
- throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
- }
-
- /**
- * Returns the Attr[]s to be output for the given element.
- * <br>
- * The code of this method is a copy of {@link #handleAttributes(Element,
- * NameSpaceSymbTable)},
- * whereas it takes into account that subtree-c14n is -- well -- subtree-based.
- * So if the element in question isRoot of c14n, it's parent is not in the
- * node set, as well as all other ancestors.
- *
- * @param element
- * @param ns
- * @return the Attr[]s to be output
- * @throws CanonicalizationException
- */
- @Override
- protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException {
- if (!element.hasAttributes() && !firstCall) {
- return null;
- }
- // result will contain the attrs which have to be output
- final SortedSet<Attr> result = this.result;
- result.clear();
-
- if (element.hasAttributes()) {
- NamedNodeMap attrs = element.getAttributes();
- int attrsLength = attrs.getLength();
-
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- String NUri = attribute.getNamespaceURI();
- String NName = attribute.getLocalName();
- String NValue = attribute.getValue();
-
- if (!XMLNS_URI.equals(NUri)) {
- //It's not a namespace attr node. Add to the result and continue.
- result.add(attribute);
- } else if (!(XML.equals(NName) && XML_LANG_URI.equals(NValue))) {
- //The default mapping for xml must not be output.
- Node n = ns.addMappingAndRender(NName, NValue, attribute);
-
- if (n != null) {
- //Render the ns definition
- result.add((Attr)n);
- if (C14nHelper.namespaceIsRelative(attribute)) {
- Object exArgs[] = { element.getTagName(), NName, attribute.getNodeValue() };
- throw new CanonicalizationException(
- "c14n.Canonicalizer.RelativeNamespace", exArgs
- );
- }
- }
- }
- }
- }
-
- if (firstCall) {
- //It is the first node of the subtree
- //Obtain all the namespaces defined in the parents, and added to the output.
- ns.getUnrenderedNodes(result);
- //output the attributes in the xml namespace.
- xmlattrStack.getXmlnsAttr(result);
- firstCall = false;
- }
-
- return result.iterator();
- }
-
- /**
- * Returns the Attr[]s to be output for the given element.
- * <br>
- * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a DOM which has
- * been prepared using {@link org.apache.xml.security.utils.XMLUtils#circumventBug2650(
- * org.w3c.dom.Document)}.
- *
- * @param element
- * @param ns
- * @return the Attr[]s to be output
- * @throws CanonicalizationException
- */
- @Override
- protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException {
- // result will contain the attrs which have to be output
- xmlattrStack.push(ns.getLevel());
- boolean isRealVisible = isVisibleDO(element, ns.getLevel()) == 1;
- final SortedSet<Attr> result = this.result;
- result.clear();
-
- if (element.hasAttributes()) {
- NamedNodeMap attrs = element.getAttributes();
- int attrsLength = attrs.getLength();
-
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- String NUri = attribute.getNamespaceURI();
- String NName = attribute.getLocalName();
- String NValue = attribute.getValue();
-
- if (!XMLNS_URI.equals(NUri)) {
- //A non namespace definition node.
- if (XML_LANG_URI.equals(NUri)) {
- xmlattrStack.addXmlnsAttr(attribute);
- } else if (isRealVisible) {
- //The node is visible add the attribute to the list of output attributes.
- result.add(attribute);
- }
- } else if (!XML.equals(NName) || !XML_LANG_URI.equals(NValue)) {
- /* except omit namespace node with local name xml, which defines
- * the xml prefix, if its string value is http://www.w3.org/XML/1998/namespace.
- */
- //add the prefix binding to the ns symb table.
- if (isVisible(attribute)) {
- if (isRealVisible || !ns.removeMappingIfRender(NName)) {
- //The xpath select this node output it if needed.
- Node n = ns.addMappingAndRender(NName, NValue, attribute);
- if (n != null) {
- result.add((Attr)n);
- if (C14nHelper.namespaceIsRelative(attribute)) {
- Object exArgs[] = { element.getTagName(), NName, attribute.getNodeValue() };
- throw new CanonicalizationException(
- "c14n.Canonicalizer.RelativeNamespace", exArgs
- );
- }
- }
- }
- } else {
- if (isRealVisible && !XMLNS.equals(NName)) {
- ns.removeMapping(NName);
- } else {
- ns.addMapping(NName, NValue, attribute);
- }
- }
- }
- }
- }
- if (isRealVisible) {
- //The element is visible, handle the xmlns definition
- Attr xmlns = element.getAttributeNodeNS(XMLNS_URI, XMLNS);
- Node n = null;
- if (xmlns == null) {
- //No xmlns def just get the already defined.
- n = ns.getMapping(XMLNS);
- } else if (!isVisible(xmlns)) {
- //There is a definition but the xmlns is not selected by the xpath.
- //then xmlns=""
- n = ns.addMappingAndRender(XMLNS, "", nullNode);
- }
- //output the xmlns def if needed.
- if (n != null) {
- result.add((Attr)n);
- }
- //Float all xml:* attributes of the unselected parent elements to this one.
- xmlattrStack.getXmlnsAttr(result);
- ns.getUnrenderedNodes(result);
- }
-
- return result.iterator();
- }
-
- protected void circumventBugIfNeeded(XMLSignatureInput input)
- throws CanonicalizationException, ParserConfigurationException, IOException, SAXException {
- if (!input.isNeedsToBeExpanded()) {
- return;
- }
- Document doc = null;
- if (input.getSubNode() != null) {
- doc = XMLUtils.getOwnerDocument(input.getSubNode());
- } else {
- doc = XMLUtils.getOwnerDocument(input.getNodeSet());
- }
- XMLUtils.circumventBug2650(doc);
- }
-
- @Override
- protected void handleParent(Element e, NameSpaceSymbTable ns) {
- if (!e.hasAttributes() && e.getNamespaceURI() == null) {
- return;
- }
- xmlattrStack.push(-1);
- NamedNodeMap attrs = e.getAttributes();
- int attrsLength = attrs.getLength();
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- String NName = attribute.getLocalName();
- String NValue = attribute.getNodeValue();
-
- if (Constants.NamespaceSpecNS.equals(attribute.getNamespaceURI())) {
- if (!XML.equals(NName) || !Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
- ns.addMapping(NName, NValue, attribute);
- }
- } else if (XML_LANG_URI.equals(attribute.getNamespaceURI())) {
- xmlattrStack.addXmlnsAttr(attribute);
- }
- }
- if (e.getNamespaceURI() != null) {
- String NName = e.getPrefix();
- String NValue = e.getNamespaceURI();
- String Name;
- if (NName == null || NName.equals("")) {
- NName = "xmlns";
- Name = "xmlns";
- } else {
- Name = "xmlns:" + NName;
- }
- Attr n = e.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", Name);
- n.setValue(NValue);
- ns.addMapping(NName, NValue, n);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import java.io.IOException;
-import java.util.Iterator;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.helper.C14nHelper;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.params.InclusiveNamespaces;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-/**
- * Implements " <A
- * HREF="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">Exclusive XML
- * Canonicalization, Version 1.0 </A>" <BR />
- * Credits: During restructuring of the Canonicalizer framework, Ren??
- * Kollmorgen from Software AG submitted an implementation of ExclC14n which
- * fitted into the old architecture and which based heavily on my old (and slow)
- * implementation of "Canonical XML". A big "thank you" to Ren?? for this.
- * <BR />
- * <i>THIS </i> implementation is a complete rewrite of the algorithm.
- *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
- * @version $Revision: 1147448 $
- * @see <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/ Exclusive#">
- * XML Canonicalization, Version 1.0</a>
- */
-public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
-
- private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
- private static final String XMLNS_URI = Constants.NamespaceSpecNS;
-
- /**
- * This Set contains the names (Strings like "xmlns" or "xmlns:foo") of
- * the inclusive namespaces.
- */
- private SortedSet<String> inclusiveNSSet;
-
- private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-
- /**
- * Constructor Canonicalizer20010315Excl
- *
- * @param includeComments
- */
- public Canonicalizer20010315Excl(boolean includeComments) {
- super(includeComments);
- }
-
- /**
- * Method engineCanonicalizeSubTree
- * @inheritDoc
- * @param rootNode
- *
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeSubTree(Node rootNode)
- throws CanonicalizationException {
- return engineCanonicalizeSubTree(rootNode, "", null);
- }
-
- /**
- * Method engineCanonicalizeSubTree
- * @inheritDoc
- * @param rootNode
- * @param inclusiveNamespaces
- *
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeSubTree(
- Node rootNode, String inclusiveNamespaces
- ) throws CanonicalizationException {
- return engineCanonicalizeSubTree(rootNode, inclusiveNamespaces, null);
- }
-
- /**
- * Method engineCanonicalizeSubTree
- * @param rootNode
- * @param inclusiveNamespaces
- * @param excl A element to exclude from the c14n process.
- * @return the rootNode c14n.
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeSubTree(
- Node rootNode, String inclusiveNamespaces, Node excl
- ) throws CanonicalizationException{
- inclusiveNSSet = InclusiveNamespaces.prefixStr2Set(inclusiveNamespaces);
- return super.engineCanonicalizeSubTree(rootNode, excl);
- }
-
- /**
- *
- * @param rootNode
- * @param inclusiveNamespaces
- * @return the rootNode c14n.
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalize(
- XMLSignatureInput rootNode, String inclusiveNamespaces
- ) throws CanonicalizationException {
- inclusiveNSSet = InclusiveNamespaces.prefixStr2Set(inclusiveNamespaces);
- return super.engineCanonicalize(rootNode);
- }
-
- /**
- * Method engineCanonicalizeXPathNodeSet
- * @inheritDoc
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeXPathNodeSet(
- Set<Node> xpathNodeSet, String inclusiveNamespaces
- ) throws CanonicalizationException {
- inclusiveNSSet = InclusiveNamespaces.prefixStr2Set(inclusiveNamespaces);
- return super.engineCanonicalizeXPathNodeSet(xpathNodeSet);
- }
-
- @Override
- protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException {
- // result will contain the attrs which have to be output
- final SortedSet<Attr> result = this.result;
- result.clear();
-
- // The prefix visibly utilized (in the attribute or in the name) in
- // the element
- SortedSet<String> visiblyUtilized = new TreeSet<String>();
- if (inclusiveNSSet != null && !inclusiveNSSet.isEmpty()) {
- visiblyUtilized.addAll(inclusiveNSSet);
- }
-
- if (element.hasAttributes()) {
- NamedNodeMap attrs = element.getAttributes();
- int attrsLength = attrs.getLength();
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- String NName = attribute.getLocalName();
- String NNodeValue = attribute.getNodeValue();
-
- if (!XMLNS_URI.equals(attribute.getNamespaceURI())) {
- // Not a namespace definition.
- // The Element is output element, add the prefix (if used) to
- // visiblyUtilized
- String prefix = attribute.getPrefix();
- if (prefix != null && !(prefix.equals(XML) || prefix.equals(XMLNS))) {
- visiblyUtilized.add(prefix);
- }
- // Add to the result.
- result.add(attribute);
- } else if (!(XML.equals(NName) && XML_LANG_URI.equals(NNodeValue))
- && ns.addMapping(NName, NNodeValue, attribute)
- && C14nHelper.namespaceIsRelative(NNodeValue)) {
- // The default mapping for xml must not be output.
- // New definition check if it is relative.
- Object exArgs[] = {element.getTagName(), NName, attribute.getNodeValue()};
- throw new CanonicalizationException(
- "c14n.Canonicalizer.RelativeNamespace", exArgs
- );
- }
- }
- }
- String prefix = null;
- if (element.getNamespaceURI() != null
- && !(element.getPrefix() == null || element.getPrefix().length() == 0)) {
- prefix = element.getPrefix();
- } else {
- prefix = XMLNS;
- }
- visiblyUtilized.add(prefix);
-
- for (String s : visiblyUtilized) {
- Attr key = ns.getMapping(s);
- if (key != null) {
- result.add(key);
- }
- }
-
- return result.iterator();
- }
-
- /**
- * @inheritDoc
- * @param element
- * @throws CanonicalizationException
- */
- @Override
- protected final Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException {
- // result will contain the attrs which have to be output
- final SortedSet<Attr> result = this.result;
- result.clear();
-
- // The prefix visibly utilized (in the attribute or in the name) in
- // the element
- Set<String> visiblyUtilized = null;
- // It's the output selected.
- boolean isOutputElement = isVisibleDO(element, ns.getLevel()) == 1;
- if (isOutputElement) {
- visiblyUtilized = new TreeSet<String>();
- if (inclusiveNSSet != null && !inclusiveNSSet.isEmpty()) {
- visiblyUtilized.addAll(inclusiveNSSet);
- }
- }
-
- if (element.hasAttributes()) {
- NamedNodeMap attrs = element.getAttributes();
- int attrsLength = attrs.getLength();
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
-
- String NName = attribute.getLocalName();
- String NNodeValue = attribute.getNodeValue();
-
- if (!XMLNS_URI.equals(attribute.getNamespaceURI())) {
- if (isVisible(attribute) && isOutputElement) {
- // The Element is output element, add the prefix (if used)
- // to visibyUtilized
- String prefix = attribute.getPrefix();
- if (prefix != null && !(prefix.equals(XML) || prefix.equals(XMLNS))) {
- visiblyUtilized.add(prefix);
- }
- // Add to the result.
- result.add(attribute);
- }
- } else if (isOutputElement && !isVisible(attribute) && !XMLNS.equals(NName)) {
- ns.removeMappingIfNotRender(NName);
- } else {
- if (!isOutputElement && isVisible(attribute)
- && inclusiveNSSet.contains(NName)
- && !ns.removeMappingIfRender(NName)) {
- Node n = ns.addMappingAndRender(NName, NNodeValue, attribute);
- if (n != null) {
- result.add((Attr)n);
- if (C14nHelper.namespaceIsRelative(attribute)) {
- Object exArgs[] = { element.getTagName(), NName, attribute.getNodeValue() };
- throw new CanonicalizationException(
- "c14n.Canonicalizer.RelativeNamespace", exArgs
- );
- }
- }
- }
-
- if (ns.addMapping(NName, NNodeValue, attribute)
- && C14nHelper.namespaceIsRelative(NNodeValue)) {
- // New definition check if it is relative
- Object exArgs[] = { element.getTagName(), NName, attribute.getNodeValue() };
- throw new CanonicalizationException(
- "c14n.Canonicalizer.RelativeNamespace", exArgs
- );
- }
- }
- }
- }
-
- if (isOutputElement) {
- // The element is visible, handle the xmlns definition
- Attr xmlns = element.getAttributeNodeNS(XMLNS_URI, XMLNS);
- if (xmlns != null && !isVisible(xmlns)) {
- // There is a definition but the xmlns is not selected by the
- // xpath. then xmlns=""
- ns.addMapping(XMLNS, "", nullNode);
- }
-
- String prefix = null;
- if (element.getNamespaceURI() != null
- && !(element.getPrefix() == null || element.getPrefix().length() == 0)) {
- prefix = element.getPrefix();
- } else {
- prefix = XMLNS;
- }
- visiblyUtilized.add(prefix);
-
- for (String s : visiblyUtilized) {
- Attr key = ns.getMapping(s);
- if (key != null) {
- result.add(key);
- }
- }
- }
-
- return result.iterator();
- }
-
- protected void circumventBugIfNeeded(XMLSignatureInput input)
- throws CanonicalizationException, ParserConfigurationException,
- IOException, SAXException {
- if (!input.isNeedsToBeExpanded() || inclusiveNSSet.isEmpty() || inclusiveNSSet.isEmpty()) {
- return;
- }
- Document doc = null;
- if (input.getSubNode() != null) {
- doc = XMLUtils.getOwnerDocument(input.getSubNode());
- } else {
- doc = XMLUtils.getOwnerDocument(input.getNodeSet());
- }
- XMLUtils.circumventBug2650(doc);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-
-public class Canonicalizer20010315ExclOmitComments extends Canonicalizer20010315Excl {
-
- /**
- *
- */
- public Canonicalizer20010315ExclOmitComments() {
- super(false);
- }
-
- /** @inheritDoc */
- public final String engineGetURI() {
- return Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
- }
-
- /** @inheritDoc */
- public final boolean engineGetIncludeComments() {
- return false;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-
-/**
- * Class Canonicalizer20010315ExclWithComments
- */
-public class Canonicalizer20010315ExclWithComments extends Canonicalizer20010315Excl {
-
- /**
- * Constructor Canonicalizer20010315ExclWithComments
- *
- */
- public Canonicalizer20010315ExclWithComments() {
- super(true);
- }
-
- /** @inheritDoc */
- public final String engineGetURI() {
- return Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
- }
-
- /** @inheritDoc */
- public final boolean engineGetIncludeComments() {
- return true;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-
-/**
- * @author Christian Geuer-Pollmann
- */
-public class Canonicalizer20010315OmitComments extends Canonicalizer20010315 {
-
- /**
- * Constructor Canonicalizer20010315WithXPathOmitComments
- *
- */
- public Canonicalizer20010315OmitComments() {
- super(false);
- }
-
- /** @inheritDoc */
- public final String engineGetURI() {
- return Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
- }
-
- /** @inheritDoc */
- public final boolean engineGetIncludeComments() {
- return false;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-
-/**
- * @author Christian Geuer-Pollmann
- */
-public class Canonicalizer20010315WithComments extends Canonicalizer20010315 {
-
- /**
- * Constructor Canonicalizer20010315WithXPathWithComments
- */
- public Canonicalizer20010315WithComments() {
- super(true);
- }
-
- /** @inheritDoc */
- public final String engineGetURI() {
- return Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
- }
-
- /** @inheritDoc */
- public final boolean engineGetIncludeComments() {
- return true;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.Map;
-import java.util.Set;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.CanonicalizerSpi;
-import org.apache.xml.security.c14n.helper.AttrCompare;
-import org.apache.xml.security.signature.NodeFilter;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.UnsyncByteArrayOutputStream;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Comment;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.ProcessingInstruction;
-import org.xml.sax.SAXException;
-
-/**
- * Abstract base class for canonicalization algorithms.
- *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
- */
-public abstract class CanonicalizerBase extends CanonicalizerSpi {
- public static final String XML = "xml";
- public static final String XMLNS = "xmlns";
-
- protected static final AttrCompare COMPARE = new AttrCompare();
- protected static final Attr nullNode;
-
- private static final byte[] END_PI = {'?','>'};
- private static final byte[] BEGIN_PI = {'<','?'};
- private static final byte[] END_COMM = {'-','-','>'};
- private static final byte[] BEGIN_COMM = {'<','!','-','-'};
- private static final byte[] XA = {'&','#','x','A',';'};
- private static final byte[] X9 = {'&','#','x','9',';'};
- private static final byte[] QUOT = {'&','q','u','o','t',';'};
- private static final byte[] XD = {'&','#','x','D',';'};
- private static final byte[] GT = {'&','g','t',';'};
- private static final byte[] LT = {'&','l','t',';'};
- private static final byte[] END_TAG = {'<','/'};
- private static final byte[] AMP = {'&','a','m','p',';'};
- private static final byte[] equalsStr = {'=','\"'};
-
- protected static final int NODE_BEFORE_DOCUMENT_ELEMENT = -1;
- protected static final int NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT = 0;
- protected static final int NODE_AFTER_DOCUMENT_ELEMENT = 1;
-
- static {
- // The null xmlns definition.
- try {
- DocumentBuilder documentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- nullNode = documentBuilder.newDocument().createAttributeNS(Constants.NamespaceSpecNS, XMLNS);
- nullNode.setValue("");
- } catch (Exception e) {
- throw new RuntimeException("Unable to create nullNode: " + e);
- }
- }
-
- private List<NodeFilter> nodeFilter;
-
- private boolean includeComments;
- private Set<Node> xpathNodeSet;
- /**
- * The node to be skipped/excluded from the DOM tree
- * in subtree canonicalizations.
- */
- private Node excludeNode;
- private OutputStream writer = new ByteArrayOutputStream();
-
- /**
- * Constructor CanonicalizerBase
- *
- * @param includeComments
- */
- public CanonicalizerBase(boolean includeComments) {
- this.includeComments = includeComments;
- }
-
- /**
- * Method engineCanonicalizeSubTree
- * @inheritDoc
- * @param rootNode
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeSubTree(Node rootNode)
- throws CanonicalizationException {
- return engineCanonicalizeSubTree(rootNode, (Node)null);
- }
-
- /**
- * Method engineCanonicalizeXPathNodeSet
- * @inheritDoc
- * @param xpathNodeSet
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
- throws CanonicalizationException {
- this.xpathNodeSet = xpathNodeSet;
- return engineCanonicalizeXPathNodeSetInternal(XMLUtils.getOwnerDocument(this.xpathNodeSet));
- }
-
- /**
- * Canonicalizes a Subtree node.
- * @param input the root of the subtree to canicalize
- * @return The canonicalize stream.
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalize(XMLSignatureInput input) throws CanonicalizationException {
- try {
- if (input.isExcludeComments()) {
- includeComments = false;
- }
- if (input.isOctetStream()) {
- return engineCanonicalize(input.getBytes());
- }
- if (input.isElement()) {
- return engineCanonicalizeSubTree(input.getSubNode(), input.getExcludeNode());
- } else if (input.isNodeSet()) {
- nodeFilter = input.getNodeFilters();
-
- circumventBugIfNeeded(input);
-
- if (input.getSubNode() != null) {
- return engineCanonicalizeXPathNodeSetInternal(input.getSubNode());
- } else {
- return engineCanonicalizeXPathNodeSet(input.getNodeSet());
- }
- }
- return null;
- } catch (CanonicalizationException ex) {
- throw new CanonicalizationException("empty", ex);
- } catch (ParserConfigurationException ex) {
- throw new CanonicalizationException("empty", ex);
- } catch (IOException ex) {
- throw new CanonicalizationException("empty", ex);
- } catch (SAXException ex) {
- throw new CanonicalizationException("empty", ex);
- }
- }
-
- /**
- * @param writer The writer to set.
- */
- public void setWriter(OutputStream writer) {
- this.writer = writer;
- }
-
- /**
- * Canonicalizes a Subtree node.
- *
- * @param rootNode
- * the root of the subtree to canonicalize
- * @param excludeNode
- * a node to be excluded from the canonicalize operation
- * @return The canonicalize stream.
- * @throws CanonicalizationException
- */
- protected byte[] engineCanonicalizeSubTree(Node rootNode, Node excludeNode)
- throws CanonicalizationException {
- this.excludeNode = excludeNode;
- try {
- NameSpaceSymbTable ns = new NameSpaceSymbTable();
- int nodeLevel = NODE_BEFORE_DOCUMENT_ELEMENT;
- if (rootNode != null && Node.ELEMENT_NODE == rootNode.getNodeType()) {
- //Fills the nssymbtable with the definitions of the parent of the root subnode
- getParentNameSpaces((Element)rootNode, ns);
- nodeLevel = NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- }
- this.canonicalizeSubTree(rootNode, ns, rootNode, nodeLevel);
- this.writer.flush();
- if (this.writer instanceof ByteArrayOutputStream) {
- byte[] result = ((ByteArrayOutputStream)this.writer).toByteArray();
- if (reset) {
- ((ByteArrayOutputStream)this.writer).reset();
- } else {
- this.writer.close();
- }
- return result;
- } else if (this.writer instanceof UnsyncByteArrayOutputStream) {
- byte[] result = ((UnsyncByteArrayOutputStream)this.writer).toByteArray();
- if (reset) {
- ((UnsyncByteArrayOutputStream)this.writer).reset();
- } else {
- this.writer.close();
- }
- return result;
- } else {
- this.writer.close();
- }
- return null;
-
- } catch (UnsupportedEncodingException ex) {
- throw new CanonicalizationException("empty", ex);
- } catch (IOException ex) {
- throw new CanonicalizationException("empty", ex);
- }
- }
-
-
- /**
- * Method canonicalizeSubTree, this function is a recursive one.
- *
- * @param currentNode
- * @param ns
- * @param endnode
- * @throws CanonicalizationException
- * @throws IOException
- */
- protected final void canonicalizeSubTree(
- Node currentNode, NameSpaceSymbTable ns, Node endnode, int documentLevel
- ) throws CanonicalizationException, IOException {
- if (isVisibleInt(currentNode) == -1) {
- return;
- }
- Node sibling = null;
- Node parentNode = null;
- final OutputStream writer = this.writer;
- final Node excludeNode = this.excludeNode;
- final boolean includeComments = this.includeComments;
- Map<String, byte[]> cache = new HashMap<String, byte[]>();
- do {
- switch (currentNode.getNodeType()) {
-
- case Node.ENTITY_NODE :
- case Node.NOTATION_NODE :
- case Node.ATTRIBUTE_NODE :
- // illegal node type during traversal
- throw new CanonicalizationException("empty");
-
- case Node.DOCUMENT_FRAGMENT_NODE :
- case Node.DOCUMENT_NODE :
- ns.outputNodePush();
- sibling = currentNode.getFirstChild();
- break;
-
- case Node.COMMENT_NODE :
- if (includeComments) {
- outputCommentToWriter((Comment) currentNode, writer, documentLevel);
- }
- break;
-
- case Node.PROCESSING_INSTRUCTION_NODE :
- outputPItoWriter((ProcessingInstruction) currentNode, writer, documentLevel);
- break;
-
- case Node.TEXT_NODE :
- case Node.CDATA_SECTION_NODE :
- outputTextToWriter(currentNode.getNodeValue(), writer);
- break;
-
- case Node.ELEMENT_NODE :
- documentLevel = NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- if (currentNode == excludeNode) {
- break;
- }
- Element currentElement = (Element)currentNode;
- //Add a level to the nssymbtable. So latter can be pop-back.
- ns.outputNodePush();
- writer.write('<');
- String name = currentElement.getTagName();
- UtfHelpper.writeByte(name, writer, cache);
-
- Iterator<Attr> attrs = this.handleAttributesSubtree(currentElement, ns);
- if (attrs != null) {
- //we output all Attrs which are available
- while (attrs.hasNext()) {
- Attr attr = attrs.next();
- outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
- }
- }
- writer.write('>');
- sibling = currentNode.getFirstChild();
- if (sibling == null) {
- writer.write(END_TAG);
- UtfHelpper.writeStringToUtf8(name, writer);
- writer.write('>');
- //We finished with this level, pop to the previous definitions.
- ns.outputNodePop();
- if (parentNode != null) {
- sibling = currentNode.getNextSibling();
- }
- } else {
- parentNode = currentElement;
- }
- break;
-
- case Node.DOCUMENT_TYPE_NODE :
- default :
- break;
- }
- while (sibling == null && parentNode != null) {
- writer.write(END_TAG);
- UtfHelpper.writeByte(((Element)parentNode).getTagName(), writer, cache);
- writer.write('>');
- //We finished with this level, pop to the previous definitions.
- ns.outputNodePop();
- if (parentNode == endnode) {
- return;
- }
- sibling = parentNode.getNextSibling();
- parentNode = parentNode.getParentNode();
- if (parentNode == null || Node.ELEMENT_NODE != parentNode.getNodeType()) {
- documentLevel = NODE_AFTER_DOCUMENT_ELEMENT;
- parentNode = null;
- }
- }
- if (sibling == null) {
- return;
- }
- currentNode = sibling;
- sibling = currentNode.getNextSibling();
- } while(true);
- }
-
-
- private byte[] engineCanonicalizeXPathNodeSetInternal(Node doc)
- throws CanonicalizationException {
- try {
- this.canonicalizeXPathNodeSet(doc, doc);
- this.writer.flush();
- if (this.writer instanceof ByteArrayOutputStream) {
- byte[] sol = ((ByteArrayOutputStream)this.writer).toByteArray();
- if (reset) {
- ((ByteArrayOutputStream)this.writer).reset();
- } else {
- this.writer.close();
- }
- return sol;
- } else if (this.writer instanceof UnsyncByteArrayOutputStream) {
- byte[] result = ((UnsyncByteArrayOutputStream)this.writer).toByteArray();
- if (reset) {
- ((UnsyncByteArrayOutputStream)this.writer).reset();
- } else {
- this.writer.close();
- }
- return result;
- } else {
- this.writer.close();
- }
- return null;
- } catch (UnsupportedEncodingException ex) {
- throw new CanonicalizationException("empty", ex);
- } catch (IOException ex) {
- throw new CanonicalizationException("empty", ex);
- }
- }
-
- /**
- * Canonicalizes all the nodes included in the currentNode and contained in the
- * xpathNodeSet field.
- *
- * @param currentNode
- * @param endnode
- * @throws CanonicalizationException
- * @throws IOException
- */
- protected final void canonicalizeXPathNodeSet(Node currentNode, Node endnode)
- throws CanonicalizationException, IOException {
- if (isVisibleInt(currentNode) == -1) {
- return;
- }
- boolean currentNodeIsVisible = false;
- NameSpaceSymbTable ns = new NameSpaceSymbTable();
- if (currentNode != null && Node.ELEMENT_NODE == currentNode.getNodeType()) {
- getParentNameSpaces((Element)currentNode, ns);
- }
- if (currentNode == null) {
- return;
- }
- Node sibling = null;
- Node parentNode = null;
- OutputStream writer = this.writer;
- int documentLevel = NODE_BEFORE_DOCUMENT_ELEMENT;
- Map<String, byte[]> cache = new HashMap<String, byte[]>();
- do {
- switch (currentNode.getNodeType()) {
-
- case Node.ENTITY_NODE :
- case Node.NOTATION_NODE :
- case Node.ATTRIBUTE_NODE :
- // illegal node type during traversal
- throw new CanonicalizationException("empty");
-
- case Node.DOCUMENT_FRAGMENT_NODE :
- case Node.DOCUMENT_NODE :
- ns.outputNodePush();
- sibling = currentNode.getFirstChild();
- break;
-
- case Node.COMMENT_NODE :
- if (this.includeComments && (isVisibleDO(currentNode, ns.getLevel()) == 1)) {
- outputCommentToWriter((Comment) currentNode, writer, documentLevel);
- }
- break;
-
- case Node.PROCESSING_INSTRUCTION_NODE :
- if (isVisible(currentNode)) {
- outputPItoWriter((ProcessingInstruction) currentNode, writer, documentLevel);
- }
- break;
-
- case Node.TEXT_NODE :
- case Node.CDATA_SECTION_NODE :
- if (isVisible(currentNode)) {
- outputTextToWriter(currentNode.getNodeValue(), writer);
- for (Node nextSibling = currentNode.getNextSibling();
- (nextSibling != null) && ((nextSibling.getNodeType() == Node.TEXT_NODE)
- || (nextSibling.getNodeType() == Node.CDATA_SECTION_NODE));
- nextSibling = nextSibling.getNextSibling()) {
- outputTextToWriter(nextSibling.getNodeValue(), writer);
- currentNode = nextSibling;
- sibling = currentNode.getNextSibling();
- }
- }
- break;
-
- case Node.ELEMENT_NODE :
- documentLevel = NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- Element currentElement = (Element) currentNode;
- //Add a level to the nssymbtable. So latter can be pop-back.
- String name = null;
- int i = isVisibleDO(currentNode, ns.getLevel());
- if (i == -1) {
- sibling = currentNode.getNextSibling();
- break;
- }
- currentNodeIsVisible = (i == 1);
- if (currentNodeIsVisible) {
- ns.outputNodePush();
- writer.write('<');
- name = currentElement.getTagName();
- UtfHelpper.writeByte(name, writer, cache);
- } else {
- ns.push();
- }
-
- Iterator<Attr> attrs = handleAttributes(currentElement,ns);
- if (attrs != null) {
- //we output all Attrs which are available
- while (attrs.hasNext()) {
- Attr attr = attrs.next();
- outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
- }
- }
- if (currentNodeIsVisible) {
- writer.write('>');
- }
- sibling = currentNode.getFirstChild();
-
- if (sibling == null) {
- if (currentNodeIsVisible) {
- writer.write(END_TAG);
- UtfHelpper.writeByte(name, writer, cache);
- writer.write('>');
- //We finished with this level, pop to the previous definitions.
- ns.outputNodePop();
- } else {
- ns.pop();
- }
- if (parentNode != null) {
- sibling = currentNode.getNextSibling();
- }
- } else {
- parentNode = currentElement;
- }
- break;
-
- case Node.DOCUMENT_TYPE_NODE :
- default :
- break;
- }
- while (sibling == null && parentNode != null) {
- if (isVisible(parentNode)) {
- writer.write(END_TAG);
- UtfHelpper.writeByte(((Element)parentNode).getTagName(), writer, cache);
- writer.write('>');
- //We finished with this level, pop to the previous definitions.
- ns.outputNodePop();
- } else {
- ns.pop();
- }
- if (parentNode == endnode) {
- return;
- }
- sibling = parentNode.getNextSibling();
- parentNode = parentNode.getParentNode();
- if (parentNode == null || Node.ELEMENT_NODE != parentNode.getNodeType()) {
- parentNode = null;
- documentLevel = NODE_AFTER_DOCUMENT_ELEMENT;
- }
- }
- if (sibling == null) {
- return;
- }
- currentNode = sibling;
- sibling = currentNode.getNextSibling();
- } while(true);
- }
-
- protected int isVisibleDO(Node currentNode, int level) {
- if (nodeFilter != null) {
- Iterator<NodeFilter> it = nodeFilter.iterator();
- while (it.hasNext()) {
- int i = (it.next()).isNodeIncludeDO(currentNode, level);
- if (i != 1) {
- return i;
- }
- }
- }
- if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
- return 0;
- }
- return 1;
- }
-
- protected int isVisibleInt(Node currentNode) {
- if (nodeFilter != null) {
- Iterator<NodeFilter> it = nodeFilter.iterator();
- while (it.hasNext()) {
- int i = (it.next()).isNodeInclude(currentNode);
- if (i != 1) {
- return i;
- }
- }
- }
- if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
- return 0;
- }
- return 1;
- }
-
- protected boolean isVisible(Node currentNode) {
- if (nodeFilter != null) {
- Iterator<NodeFilter> it = nodeFilter.iterator();
- while (it.hasNext()) {
- if (it.next().isNodeInclude(currentNode) != 1) {
- return false;
- }
- }
- }
- if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
- return false;
- }
- return true;
- }
-
- protected void handleParent(Element e, NameSpaceSymbTable ns) {
- if (!e.hasAttributes() && e.getNamespaceURI() == null) {
- return;
- }
- NamedNodeMap attrs = e.getAttributes();
- int attrsLength = attrs.getLength();
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- String NName = attribute.getLocalName();
- String NValue = attribute.getNodeValue();
-
- if (Constants.NamespaceSpecNS.equals(attribute.getNamespaceURI())
- && (!XML.equals(NName) || !Constants.XML_LANG_SPACE_SpecNS.equals(NValue))) {
- ns.addMapping(NName, NValue, attribute);
- }
- }
- if (e.getNamespaceURI() != null) {
- String NName = e.getPrefix();
- String NValue = e.getNamespaceURI();
- String Name;
- if (NName == null || NName.equals("")) {
- NName = XMLNS;
- Name = XMLNS;
- } else {
- Name = XMLNS + ":" + NName;
- }
- Attr n = e.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", Name);
- n.setValue(NValue);
- ns.addMapping(NName, NValue, n);
- }
- }
-
- /**
- * Adds to ns the definitions from the parent elements of el
- * @param el
- * @param ns
- */
- protected final void getParentNameSpaces(Element el, NameSpaceSymbTable ns) {
- Node n1 = el.getParentNode();
- if (n1 == null || Node.ELEMENT_NODE != n1.getNodeType()) {
- return;
- }
- //Obtain all the parents of the element
- List<Element> parents = new ArrayList<Element>();
- Node parent = n1;
- while (parent != null && Node.ELEMENT_NODE == parent.getNodeType()) {
- parents.add((Element)parent);
- parent = parent.getParentNode();
- }
- //Visit them in reverse order.
- ListIterator<Element> it = parents.listIterator(parents.size());
- while (it.hasPrevious()) {
- Element ele = it.previous();
- handleParent(ele, ns);
- }
- parents.clear();
- Attr nsprefix;
- if (((nsprefix = ns.getMappingWithoutRendered(XMLNS)) != null)
- && "".equals(nsprefix.getValue())) {
- ns.addMappingAndRender(XMLNS, "", nullNode);
- }
- }
-
- /**
- * Obtain the attributes to output for this node in XPathNodeSet c14n.
- *
- * @param element
- * @param ns
- * @return the attributes nodes to output.
- * @throws CanonicalizationException
- */
- abstract Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException;
-
- /**
- * Obtain the attributes to output for this node in a Subtree c14n.
- *
- * @param element
- * @param ns
- * @return the attributes nodes to output.
- * @throws CanonicalizationException
- */
- abstract Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException;
-
- abstract void circumventBugIfNeeded(XMLSignatureInput input)
- throws CanonicalizationException, ParserConfigurationException, IOException, SAXException;
-
- /**
- * Outputs an Attribute to the internal Writer.
- *
- * The string value of the node is modified by replacing
- * <UL>
- * <LI>all ampersands (&) with <CODE>&amp;</CODE></LI>
- * <LI>all open angle brackets (<) with <CODE>&lt;</CODE></LI>
- * <LI>all quotation mark characters with <CODE>&quot;</CODE></LI>
- * <LI>and the whitespace characters <CODE>#x9</CODE>, #xA, and #xD, with character
- * references. The character references are written in uppercase
- * hexadecimal with no leading zeroes (for example, <CODE>#xD</CODE> is represented
- * by the character reference <CODE>&#xD;</CODE>)</LI>
- * </UL>
- *
- * @param name
- * @param value
- * @param writer
- * @throws IOException
- */
- protected static final void outputAttrToWriter(
- final String name, final String value,
- final OutputStream writer, final Map<String, byte[]> cache
- ) throws IOException {
- writer.write(' ');
- UtfHelpper.writeByte(name, writer, cache);
- writer.write(equalsStr);
- byte[] toWrite;
- final int length = value.length();
- int i = 0;
- while (i < length) {
- char c = value.charAt(i++);
-
- switch (c) {
-
- case '&' :
- toWrite = AMP;
- break;
-
- case '<' :
- toWrite = LT;
- break;
-
- case '"' :
- toWrite = QUOT;
- break;
-
- case 0x09 : // '\t'
- toWrite = X9;
- break;
-
- case 0x0A : // '\n'
- toWrite = XA;
- break;
-
- case 0x0D : // '\r'
- toWrite = XD;
- break;
-
- default :
- if (c < 0x80) {
- writer.write(c);
- } else {
- UtfHelpper.writeCharToUtf8(c, writer);
- }
- continue;
- }
- writer.write(toWrite);
- }
-
- writer.write('\"');
- }
-
- /**
- * Outputs a PI to the internal Writer.
- *
- * @param currentPI
- * @param writer where to write the things
- * @throws IOException
- */
- protected void outputPItoWriter(
- ProcessingInstruction currentPI, OutputStream writer, int position
- ) throws IOException {
- if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
- writer.write('\n');
- }
- writer.write(BEGIN_PI);
-
- final String target = currentPI.getTarget();
- int length = target.length();
-
- for (int i = 0; i < length; i++) {
- char c = target.charAt(i);
- if (c == 0x0D) {
- writer.write(XD);
- } else {
- if (c < 0x80) {
- writer.write(c);
- } else {
- UtfHelpper.writeCharToUtf8(c, writer);
- }
- }
- }
-
- final String data = currentPI.getData();
-
- length = data.length();
-
- if (length > 0) {
- writer.write(' ');
-
- for (int i = 0; i < length; i++) {
- char c = data.charAt(i);
- if (c == 0x0D) {
- writer.write(XD);
- } else {
- UtfHelpper.writeCharToUtf8(c, writer);
- }
- }
- }
-
- writer.write(END_PI);
- if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
- writer.write('\n');
- }
- }
-
- /**
- * Method outputCommentToWriter
- *
- * @param currentComment
- * @param writer writer where to write the things
- * @throws IOException
- */
- protected void outputCommentToWriter(
- Comment currentComment, OutputStream writer, int position
- ) throws IOException {
- if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
- writer.write('\n');
- }
- writer.write(BEGIN_COMM);
-
- final String data = currentComment.getData();
- final int length = data.length();
-
- for (int i = 0; i < length; i++) {
- char c = data.charAt(i);
- if (c == 0x0D) {
- writer.write(XD);
- } else {
- if (c < 0x80) {
- writer.write(c);
- } else {
- UtfHelpper.writeCharToUtf8(c, writer);
- }
- }
- }
-
- writer.write(END_COMM);
- if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
- writer.write('\n');
- }
- }
-
- /**
- * Outputs a Text of CDATA section to the internal Writer.
- *
- * @param text
- * @param writer writer where to write the things
- * @throws IOException
- */
- protected static final void outputTextToWriter(
- final String text, final OutputStream writer
- ) throws IOException {
- final int length = text.length();
- byte[] toWrite;
- for (int i = 0; i < length; i++) {
- char c = text.charAt(i);
-
- switch (c) {
-
- case '&' :
- toWrite = AMP;
- break;
-
- case '<' :
- toWrite = LT;
- break;
-
- case '>' :
- toWrite = GT;
- break;
-
- case 0xD :
- toWrite = XD;
- break;
-
- default :
- if (c < 0x80) {
- writer.write(c);
- } else {
- UtfHelpper.writeCharToUtf8(c, writer);
- }
- continue;
- }
- writer.write(toWrite);
- }
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.Iterator;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Comment;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.ProcessingInstruction;
-import org.xml.sax.SAXException;
-
-/**
- * Serializes the physical representation of the subtree. All the attributes
- * present in the subtree are emitted. The attributes are sorted within an element,
- * with the namespace declarations appearing before the regular attributes.
- * This algorithm is not a true canonicalization since equivalent subtrees
- * may produce different output. It is therefore unsuitable for digital signatures.
- * This same property makes it ideal for XML Encryption Syntax and Processing,
- * because the decrypted XML content will share the same physical representation
- * as the original XML content that was encrypted.
- */
-public class CanonicalizerPhysical extends CanonicalizerBase {
-
- private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-
- /**
- * Constructor Canonicalizer20010315
- */
- public CanonicalizerPhysical() {
- super(true);
- }
-
- /**
- * Always throws a CanonicalizationException.
- *
- * @param xpathNodeSet
- * @param inclusiveNamespaces
- * @return none it always fails
- * @throws CanonicalizationException always
- */
- public byte[] engineCanonicalizeXPathNodeSet(Set<Node> xpathNodeSet, String inclusiveNamespaces)
- throws CanonicalizationException {
-
- /** $todo$ well, should we throw UnsupportedOperationException ? */
- throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
- }
-
- /**
- * Always throws a CanonicalizationException.
- *
- * @param rootNode
- * @param inclusiveNamespaces
- * @return none it always fails
- * @throws CanonicalizationException
- */
- public byte[] engineCanonicalizeSubTree(Node rootNode, String inclusiveNamespaces)
- throws CanonicalizationException {
-
- /** $todo$ well, should we throw UnsupportedOperationException ? */
- throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
- }
-
- /**
- * Returns the Attr[]s to be output for the given element.
- * <br>
- * The code of this method is a copy of {@link #handleAttributes(Element,
- * NameSpaceSymbTable)},
- * whereas it takes into account that subtree-c14n is -- well -- subtree-based.
- * So if the element in question isRoot of c14n, it's parent is not in the
- * node set, as well as all other ancestors.
- *
- * @param element
- * @param ns
- * @return the Attr[]s to be output
- * @throws CanonicalizationException
- */
- @Override
- protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException {
- if (!element.hasAttributes()) {
- return null;
- }
-
- // result will contain all the attrs declared directly on that element
- final SortedSet<Attr> result = this.result;
- result.clear();
-
- if (element.hasAttributes()) {
- NamedNodeMap attrs = element.getAttributes();
- int attrsLength = attrs.getLength();
-
- for (int i = 0; i < attrsLength; i++) {
- Attr attribute = (Attr) attrs.item(i);
- result.add(attribute);
- }
- }
-
- return result.iterator();
- }
-
- /**
- * Returns the Attr[]s to be output for the given element.
- *
- * @param element
- * @param ns
- * @return the Attr[]s to be output
- * @throws CanonicalizationException
- */
- @Override
- protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
- throws CanonicalizationException {
-
- /** $todo$ well, should we throw UnsupportedOperationException ? */
- throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
- }
-
- protected void circumventBugIfNeeded(XMLSignatureInput input)
- throws CanonicalizationException, ParserConfigurationException, IOException, SAXException {
- // nothing to do
- }
-
- @Override
- protected void handleParent(Element e, NameSpaceSymbTable ns) {
- // nothing to do
- }
-
- /** @inheritDoc */
- public final String engineGetURI() {
- return Canonicalizer.ALGO_ID_C14N_PHYSICAL;
- }
-
- /** @inheritDoc */
- public final boolean engineGetIncludeComments() {
- return true;
- }
-
- @Override
- protected void outputPItoWriter(ProcessingInstruction currentPI,
- OutputStream writer, int position) throws IOException {
- // Processing Instructions before or after the document element are not treated specially
- super.outputPItoWriter(currentPI, writer, NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT);
- }
-
- @Override
- protected void outputCommentToWriter(Comment currentComment,
- OutputStream writer, int position) throws IOException {
- // Comments before or after the document element are not treated specially
- super.outputCommentToWriter(currentComment, writer, NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT);
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.c14n.implementations;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Node;
-
-/**
- * A stack based Symbol Table.
- *<br>For speed reasons all the symbols are introduced in the same map,
- * and at the same time in a list so it can be removed when the frame is pop back.
- * @author Raul Benito
- */
-public class NameSpaceSymbTable {
-
- private static final String XMLNS = "xmlns";
- private static final SymbMap initialMap = new SymbMap();
-
- static {
- NameSpaceSymbEntry ne = new NameSpaceSymbEntry("", null, true, XMLNS);
- ne.lastrendered = "";
- initialMap.put(XMLNS, ne);
- }
-
- /**The map betwen prefix-> entry table. */
- private SymbMap symb;
-
- /**The stacks for removing the definitions when doing pop.*/
- private List<SymbMap> level;
- private boolean cloned = true;
-
- /**
- * Default constractor
- **/
- public NameSpaceSymbTable() {
- level = new ArrayList<SymbMap>();
- //Insert the default binding for xmlns.
- symb = (SymbMap) initialMap.clone();
- }
-
- /**
- * Get all the unrendered nodes in the name space.
- * For Inclusive rendering
- * @param result the list where to fill the unrendered xmlns definitions.
- **/
- public void getUnrenderedNodes(Collection<Attr> result) {
- Iterator<NameSpaceSymbEntry> it = symb.entrySet().iterator();
- while (it.hasNext()) {
- NameSpaceSymbEntry n = it.next();
- //put them rendered?
- if ((!n.rendered) && (n.n != null)) {
- n = (NameSpaceSymbEntry) n.clone();
- needsClone();
- symb.put(n.prefix, n);
- n.lastrendered = n.uri;
- n.rendered = true;
-
- result.add(n.n);
- }
- }
- }
-
- /**
- * Push a frame for visible namespace.
- * For Inclusive rendering.
- **/
- public void outputNodePush() {
- push();
- }
-
- /**
- * Pop a frame for visible namespace.
- **/
- public void outputNodePop() {
- pop();
- }
-
- /**
- * Push a frame for a node.
- * Inclusive or Exclusive.
- **/
- public void push() {
- //Put the number of namespace definitions in the stack.
- level.add(null);
- cloned = false;
- }
-
- /**
- * Pop a frame.
- * Inclusive or Exclusive.
- **/
- public void pop() {
- int size = level.size() - 1;
- Object ob = level.remove(size);
- if (ob != null) {
- symb = (SymbMap)ob;
- if (size == 0) {
- cloned = false;
- } else {
- cloned = (level.get(size - 1) != symb);
- }
- } else {
- cloned = false;
- }
- }
-
- final void needsClone() {
- if (!cloned) {
- level.set(level.size() - 1, symb);
- symb = (SymbMap) symb.clone();
- cloned = true;
- }
- }
-
-
- /**
- * Gets the attribute node that defines the binding for the prefix.
- * @param prefix the prefix to obtain the attribute.
- * @return null if there is no need to render the prefix. Otherwise the node of
- * definition.
- **/
- public Attr getMapping(String prefix) {
- NameSpaceSymbEntry entry = symb.get(prefix);
- if (entry == null) {
- //There is no definition for the prefix(a bug?).
- return null;
- }
- if (entry.rendered) {
- //No need to render an entry already rendered.
- return null;
- }
- // Mark this entry as render.
- entry = (NameSpaceSymbEntry) entry.clone();
- needsClone();
- symb.put(prefix, entry);
- entry.rendered = true;
- entry.lastrendered = entry.uri;
- // Return the node for outputing.
- return entry.n;
- }
-
- /**
- * Gets a definition without mark it as render.
- * For render in exclusive c14n the namespaces in the include prefixes.
- * @param prefix The prefix whose definition is neaded.
- * @return the attr to render, null if there is no need to render
- **/
- public Attr getMappingWithoutRendered(String prefix) {
- NameSpaceSymbEntry entry = symb.get(prefix);
- if (entry == null) {
- return null;
- }
- if (entry.rendered) {
- return null;
- }
- return entry.n;
- }
-
- /**
- * Adds the mapping for a prefix.
- * @param prefix the prefix of definition
- * @param uri the Uri of the definition
- * @param n the attribute that have the definition
- * @return true if there is already defined.
- **/
- public boolean addMapping(String prefix, String uri, Attr n) {
- NameSpaceSymbEntry ob = symb.get(prefix);
- if ((ob != null) && uri.equals(ob.uri)) {
- //If we have it previously defined. Don't keep working.
- return false;
- }
- //Creates and entry in the table for this new definition.
- NameSpaceSymbEntry ne = new NameSpaceSymbEntry(uri, n, false, prefix);
- needsClone();
- symb.put(prefix, ne);
- if (ob != null) {
- //We have a previous definition store it for the pop.
- //Check if a previous definition(not the inmidiatly one) has been rendered.
- ne.lastrendered = ob.lastrendered;
- if ((ob.lastrendered != null) && (ob.lastrendered.equals(uri))) {
- //Yes it is. Mark as rendered.
- ne.rendered = true;
- }
- }
- return true;
- }
-
- /**
- * Adds a definition and mark it as render.
- * For inclusive c14n.
- * @param prefix the prefix of definition
- * @param uri the Uri of the definition
- * @param n the attribute that have the definition
- * @return the attr to render, null if there is no need to render
- **/
- public Node addMappingAndRender(String prefix, String uri, Attr n) {
- NameSpaceSymbEntry ob = symb.get(prefix);
-
- if ((ob != null) && uri.equals(ob.uri)) {
- if (!ob.rendered) {
- ob = (NameSpaceSymbEntry) ob.clone();
- needsClone();
- symb.put(prefix, ob);
- ob.lastrendered = uri;
- ob.rendered = true;
- return ob.n;
- }
- return null;
- }
-
- NameSpaceSymbEntry ne = new NameSpaceSymbEntry(uri,n,true,prefix);
- ne.lastrendered = uri;
- needsClone();
- symb.put(prefix, ne);
- if ((ob != null) && (ob.lastrendered != null) && (ob.lastrendered.equals(uri))) {
- ne.rendered = true;
- return null;
- }
- return ne.n;
- }
-
- public int getLevel() {
- return level.size();
- }
-
- public void removeMapping(String prefix) {
- NameSpaceSymbEntry ob = symb.get(prefix);
-
- if (ob != null) {
- needsClone();
- symb.put(prefix, null);
- }
- }
-
- public void removeMappingIfNotRender(String prefix) {
- NameSpaceSymbEntry ob = symb.get(prefix);
-
- if (ob != null && !ob.rendered) {
- needsClone();
- symb.put(prefix, null);
- }
- }
-
- public boolean removeMappingIfRender(String prefix) {
- NameSpaceSymbEntry ob = symb.get(prefix);
-
- if (ob != null && ob.rendered) {
- needsClone();
- symb.put(prefix, null);
- }
- return false;
- }
-}
-
-/**
- * The internal structure of NameSpaceSymbTable.
- **/
-class NameSpaceSymbEntry implements Cloneable {
-
- String prefix;
-
- /**The URI that the prefix defines */
- String uri;
-
- /**The last output in the URI for this prefix (This for speed reason).*/
- String lastrendered = null;
-
- /**This prefix-URI has been already render or not.*/
- boolean rendered = false;
-
- /**The attribute to include.*/
- Attr n;
-
- NameSpaceSymbEntry(String name, Attr n, boolean rendered, String prefix) {
- this.uri = name;
- this.rendered = rendered;
- this.n = n;
- this.prefix = prefix;
- }
-
- /** @inheritDoc */
- public Object clone() {
- try {
- return super.clone();
- } catch (CloneNotSupportedException e) {
- return null;
- }
- }
-};
-
-class SymbMap implements Cloneable {
- int free = 23;
- NameSpaceSymbEntry[] entries;
- String[] keys;
-
- SymbMap() {
- entries = new NameSpaceSymbEntry[free];
- keys = new String[free];
- }
-
- void put(String key, NameSpaceSymbEntry value) {
- int index = index(key);
- Object oldKey = keys[index];
- keys[index] = key;
- entries[index] = value;
- if ((oldKey == null || !oldKey.equals(key)) && (--free == 0)) {
- free = entries.length;
- int newCapacity = free << 2;
- rehash(newCapacity);
- }
- }
-
- List<NameSpaceSymbEntry> entrySet() {
- List<NameSpaceSymbEntry> a = new ArrayList<NameSpaceSymbEntry>();
- for (int i = 0;i < entries.length;i++) {
- if ((entries[i] != null) && !("".equals(entries[i].uri))) {
- a.add(entries[i]);
- }
- }
- return a;
- }
-
- protected int index(Object obj) {
- Object[] set = keys;
- int length = set.length;
- //abs of index
- int index = (obj.hashCode() & 0x7fffffff) % length;
- Object cur = set[index];
-
- if (cur == null || (cur.equals(obj))) {
- return index;
- }
- length--;
- do {
- index = index == length ? 0 : ++index;
- cur = set[index];
- } while (cur != null && (!cur.equals(obj)));
- return index;
- }
-
- /**
- * rehashes the map to the new capacity.
- *
- * @param newCapacity an <code>int</code> value
- */
- protected void rehash(int newCapacity) {
- int oldCapacity = keys.length;
- String oldKeys[] = keys;
- NameSpaceSymbEntry oldVals[] = entries;
-
- keys = new String[newCapacity];
- entries = new NameSpaceSymbEntry[newCapacity];
-
- for (int i = oldCapacity; i-- > 0;) {
- if (oldKeys[i] != null) {
- String o = oldKeys[i];
- int index = index(o);
- keys[index] = o;
- entries[index] = oldVals[i];
- }
- }
- }
-
- NameSpaceSymbEntry get(String key) {
- return entries[index(key)];
- }
-
- protected Object clone() {
- try {
- SymbMap copy = (SymbMap) super.clone();
- copy.entries = new NameSpaceSymbEntry[entries.length];
- System.arraycopy(entries, 0, copy.entries, 0, entries.length);
- copy.keys = new String[keys.length];
- System.arraycopy(keys, 0, copy.keys, 0, keys.length);
-
- return copy;
- } catch (CloneNotSupportedException e) {
- e.printStackTrace();
- }
- return null;
- }
-}
+++ /dev/null
-/**\r
- * Licensed to the Apache Software Foundation (ASF) under one\r
- * or more contributor license agreements. See the NOTICE file\r
- * distributed with this work for additional information\r
- * regarding copyright ownership. The ASF licenses this file\r
- * to you under the Apache License, Version 2.0 (the\r
- * "License"); you may not use this file except in compliance\r
- * with the License. You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing,\r
- * software distributed under the License is distributed on an\r
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
- * KIND, either express or implied. See the License for the\r
- * specific language governing permissions and limitations\r
- * under the License.\r
- */\r
-package org.apache.xml.security.c14n.implementations;\r
-\r
-import java.io.IOException;\r
-import java.io.OutputStream;\r
-import java.util.Map;\r
-\r
-public class UtfHelpper {\r
-\r
- static final void writeByte(\r
- final String str,\r
- final OutputStream out,\r
- Map<String, byte[]> cache\r
- ) throws IOException {\r
- byte[] result = cache.get(str); \r
- if (result == null) {\r
- result = getStringInUtf8(str);\r
- cache.put(str, result);\r
- }\r
-\r
- out.write(result);\r
- }\r
-\r
- static final void writeCharToUtf8(final char c, final OutputStream out) throws IOException { \r
- if (c < 0x80) {\r
- out.write(c);\r
- return;\r
- }\r
- if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) {\r
- //No Surrogates in sun java\r
- out.write(0x3f);\r
- return;\r
- }\r
- int bias;\r
- int write;\r
- char ch;\r
- if (c > 0x07FF) {\r
- ch = (char)(c>>>12); \r
- write = 0xE0;\r
- if (ch > 0) {\r
- write |= (ch & 0x0F);\r
- } \r
- out.write(write);\r
- write = 0x80;\r
- bias = 0x3F; \r
- } else {\r
- write = 0xC0;\r
- bias = 0x1F;\r
- }\r
- ch = (char)(c>>>6);\r
- if (ch > 0) {\r
- write |= (ch & bias);\r
- } \r
- out.write(write);\r
- out.write(0x80 | ((c) & 0x3F)); \r
-\r
- }\r
-\r
- static final void writeStringToUtf8(\r
- final String str,\r
- final OutputStream out\r
- ) throws IOException{ \r
- final int length = str.length();\r
- int i = 0;\r
- char c; \r
- while (i < length) {\r
- c = str.charAt(i++); \r
- if (c < 0x80) {\r
- out.write(c);\r
- continue;\r
- }\r
- if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) {\r
- //No Surrogates in sun java\r
- out.write(0x3f);\r
- continue;\r
- }\r
- char ch;\r
- int bias;\r
- int write;\r
- if (c > 0x07FF) {\r
- ch = (char)(c>>>12); \r
- write = 0xE0;\r
- if (ch > 0) {\r
- write |= (ch & 0x0F);\r
- } \r
- out.write(write);\r
- write = 0x80;\r
- bias = 0x3F; \r
- } else {\r
- write = 0xC0;\r
- bias = 0x1F;\r
- }\r
- ch = (char)(c>>>6);\r
- if (ch > 0) {\r
- write |= (ch & bias);\r
- } \r
- out.write(write);\r
- out.write(0x80 | ((c) & 0x3F)); \r
-\r
- }\r
-\r
- }\r
- \r
- public static final byte[] getStringInUtf8(final String str) {\r
- final int length = str.length();\r
- boolean expanded = false;\r
- byte[] result = new byte[length];\r
- int i = 0;\r
- int out = 0;\r
- char c; \r
- while (i < length) {\r
- c = str.charAt(i++); \r
- if (c < 0x80) {\r
- result[out++] = (byte)c;\r
- continue;\r
- }\r
- if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) { \r
- //No Surrogates in sun java\r
- result[out++] = 0x3f;\r
- continue;\r
- }\r
- if (!expanded) {\r
- byte newResult[] = new byte[3*length];\r
- System.arraycopy(result, 0, newResult, 0, out); \r
- result = newResult;\r
- expanded = true;\r
- } \r
- char ch;\r
- int bias;\r
- byte write;\r
- if (c > 0x07FF) {\r
- ch = (char)(c>>>12); \r
- write = (byte)0xE0;\r
- if (ch > 0) {\r
- write |= (ch & 0x0F);\r
- } \r
- result[out++] = write;\r
- write = (byte)0x80;\r
- bias = 0x3F; \r
- } else {\r
- write = (byte)0xC0;\r
- bias = 0x1F;\r
- }\r
- ch = (char)(c>>>6);\r
- if (ch > 0) {\r
- write |= (ch & bias);\r
- } \r
- result[out++] = write;\r
- result[out++] = (byte)(0x80 | ((c) & 0x3F)); \r
- }\r
- if (expanded) {\r
- byte newResult[] = new byte[out];\r
- System.arraycopy(result, 0, newResult, 0, out);\r
- result = newResult;\r
- }\r
- return result;\r
- }\r
-\r
-}\r
+++ /dev/null
-<HTML> <HEAD> </HEAD> <BODY> <P>
-canonicalization implementations.
-</P></BODY> </HTML>
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-Canonicalization related material and algorithms.
-</P></BODY></HTML>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa.
- *
- * An abstract class for common Serializer functionality
- */
-public abstract class AbstractSerializer implements Serializer {
-
- protected Canonicalizer canon;
-
- public void setCanonicalizer(Canonicalizer canon) {
- this.canon = canon;
- }
-
- /**
- * Returns a <code>String</code> representation of the specified
- * <code>Element</code>.
- * <p/>
- * Refer also to comments about setup of format.
- *
- * @param element the <code>Element</code> to serialize.
- * @return the <code>String</code> representation of the serilaized
- * <code>Element</code>.
- * @throws Exception
- */
- public String serialize(Element element) throws Exception {
- return canonSerialize(element);
- }
-
- /**
- * Returns a <code>byte[]</code> representation of the specified
- * <code>Element</code>.
- *
- * @param element the <code>Element</code> to serialize.
- * @return the <code>byte[]</code> representation of the serilaized
- * <code>Element</code>.
- * @throws Exception
- */
- public byte[] serializeToByteArray(Element element) throws Exception {
- return canonSerializeToByteArray(element);
- }
-
- /**
- * Returns a <code>String</code> representation of the specified
- * <code>NodeList</code>.
- * <p/>
- * This is a special case because the NodeList may represent a
- * <code>DocumentFragment</code>. A document fragment may be a
- * non-valid XML document (refer to appropriate description of
- * W3C) because it my start with a non-element node, e.g. a text
- * node.
- * <p/>
- * The methods first converts the node list into a document fragment.
- * Special care is taken to not destroy the current document, thus
- * the method clones the nodes (deep cloning) before it appends
- * them to the document fragment.
- * <p/>
- * Refer also to comments about setup of format.
- *
- * @param content the <code>NodeList</code> to serialize.
- * @return the <code>String</code> representation of the serialized
- * <code>NodeList</code>.
- * @throws Exception
- */
- public String serialize(NodeList content) throws Exception {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- canon.setWriter(baos);
- canon.notReset();
- for (int i = 0; i < content.getLength(); i++) {
- canon.canonicalizeSubtree(content.item(i));
- }
- String ret = baos.toString("UTF-8");
- baos.reset();
- return ret;
- }
-
- /**
- * Returns a <code>byte[]</code> representation of the specified
- * <code>NodeList</code>.
- *
- * @param content the <code>NodeList</code> to serialize.
- * @return the <code>byte[]</code> representation of the serialized
- * <code>NodeList</code>.
- * @throws Exception
- */
- public byte[] serializeToByteArray(NodeList content) throws Exception {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- canon.setWriter(baos);
- canon.notReset();
- for (int i = 0; i < content.getLength(); i++) {
- canon.canonicalizeSubtree(content.item(i));
- }
- return baos.toByteArray();
- }
-
- /**
- * Use the Canonicalizer to serialize the node
- * @param node
- * @return the canonicalization of the node
- * @throws Exception
- */
- public String canonSerialize(Node node) throws Exception {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- canon.setWriter(baos);
- canon.notReset();
- canon.canonicalizeSubtree(node);
- String ret = baos.toString("UTF-8");
- baos.reset();
- return ret;
- }
-
- /**
- * Use the Canonicalizer to serialize the node
- * @param node
- * @return the (byte[]) canonicalization of the node
- * @throws Exception
- */
- public byte[] canonSerializeToByteArray(Node node) throws Exception {
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- canon.setWriter(baos);
- canon.notReset();
- canon.canonicalizeSubtree(node);
- return baos.toByteArray();
- }
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public abstract Node deserialize(String source, Node ctx) throws XMLEncryptionException;
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public abstract Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException;
-
- protected static byte[] createContext(byte[] source, Node ctx) throws XMLEncryptionException {
- // Create the context to parse the document against
- ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
- try {
- OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream, "UTF-8");
- outputStreamWriter.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?><dummy");
-
- // Run through each node up to the document node and find any xmlns: nodes
- Map<String, String> storedNamespaces = new HashMap<String, String>();
- Node wk = ctx;
- while (wk != null) {
- NamedNodeMap atts = wk.getAttributes();
- if (atts != null) {
- for (int i = 0; i < atts.getLength(); ++i) {
- Node att = atts.item(i);
- String nodeName = att.getNodeName();
- if ((nodeName.equals("xmlns") || nodeName.startsWith("xmlns:"))
- && !storedNamespaces.containsKey(att.getNodeName())) {
- outputStreamWriter.write(" ");
- outputStreamWriter.write(nodeName);
- outputStreamWriter.write("=\"");
- outputStreamWriter.write(att.getNodeValue());
- outputStreamWriter.write("\"");
- storedNamespaces.put(nodeName, att.getNodeValue());
- }
- }
- }
- wk = wk.getParentNode();
- }
- outputStreamWriter.write(">");
- outputStreamWriter.flush();
- byteArrayOutputStream.write(source);
-
- outputStreamWriter.write("</dummy>");
- outputStreamWriter.close();
-
- return byteArrayOutputStream.toByteArray();
- } catch (UnsupportedEncodingException e) {
- throw new XMLEncryptionException("empty", e);
- } catch (IOException e) {
- throw new XMLEncryptionException("empty", e);
- }
- }
-
- protected static String createContext(String source, Node ctx) {
- // Create the context to parse the document against
- StringBuilder sb = new StringBuilder();
- sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?><dummy");
-
- // Run through each node up to the document node and find any xmlns: nodes
- Map<String, String> storedNamespaces = new HashMap<String, String>();
- Node wk = ctx;
- while (wk != null) {
- NamedNodeMap atts = wk.getAttributes();
- if (atts != null) {
- for (int i = 0; i < atts.getLength(); ++i) {
- Node att = atts.item(i);
- String nodeName = att.getNodeName();
- if ((nodeName.equals("xmlns") || nodeName.startsWith("xmlns:"))
- && !storedNamespaces.containsKey(att.getNodeName())) {
- sb.append(" " + nodeName + "=\"" + att.getNodeValue() + "\"");
- storedNamespaces.put(nodeName, att.getNodeValue());
- }
- }
- }
- wk = wk.getParentNode();
- }
- sb.append(">" + source + "</dummy>");
- return sb.toString();
- }
-
-}
\ No newline at end of file
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.util.Iterator;
-import org.apache.xml.security.keys.KeyInfo;
-import org.w3c.dom.Element;
-
-/**
- * A Key Agreement algorithm provides for the derivation of a shared secret key
- * based on a shared secret computed from certain types of compatible public
- * keys from both the sender and the recipient. Information from the originator
- * to determine the secret is indicated by an optional OriginatorKeyInfo
- * parameter child of an <code>AgreementMethod</code> element while that
- * associated with the recipient is indicated by an optional RecipientKeyInfo. A
- * shared key is derived from this shared secret by a method determined by the
- * Key Agreement algorithm.
- * <p>
- * <b>Note:</b> XML Encryption does not provide an on-line key agreement
- * negotiation protocol. The <code>AgreementMethod</code> element can be used by
- * the originator to identify the keys and computational procedure that were
- * used to obtain a shared encryption key. The method used to obtain or select
- * the keys or algorithm used for the agreement computation is beyond the scope
- * of this specification.
- * <p>
- * The <code>AgreementMethod</code> element appears as the content of a
- * <code>ds:KeyInfo</code> since, like other <code>ds:KeyInfo</code> children,
- * it yields a key. This <code>ds:KeyInfo</code> is in turn a child of an
- * <code>EncryptedData</code> or <code>EncryptedKey</code> element. The
- * Algorithm attribute and KeySize child of the <code>EncryptionMethod</code>
- * element under this <code>EncryptedData</code> or <code>EncryptedKey</code>
- * element are implicit parameters to the key agreement computation. In cases
- * where this <code>EncryptionMethod</code> algorithm <code>URI</code> is
- * insufficient to determine the key length, a KeySize MUST have been included.
- * In addition, the sender may place a KA-Nonce element under
- * <code>AgreementMethod</code> to assure that different keying material is
- * generated even for repeated agreements using the same sender and recipient
- * public keys.
- * <p>
- * If the agreed key is being used to wrap a key, then
- * <code>AgreementMethod</code> would appear inside a <code>ds:KeyInfo</code>
- * inside an <code>EncryptedKey</code> element.
- * <p>
- * The Schema for AgreementMethod is as follows:
- * <xmp>
- * <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
- * <complexType name="AgreementMethodType" mixed="true">
- * <sequence>
- * <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
- * <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
- * <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- * <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- * <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- * </sequence>
- * <attribute name="Algorithm" type="anyURI" use="required"/>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface AgreementMethod {
-
- /**
- * Returns a <code>byte</code> array.
- * @return a <code>byte</code> array.
- */
- byte[] getKANonce();
-
- /**
- * Sets the KANonce.jj
- * @param kanonce
- */
- void setKANonce(byte[] kanonce);
-
- /**
- * Returns additional information regarding the <code>AgreementMethod</code>.
- * @return additional information regarding the <code>AgreementMethod</code>.
- */
- Iterator<Element> getAgreementMethodInformation();
-
- /**
- * Adds additional <code>AgreementMethod</code> information.
- *
- * @param info a <code>Element</code> that represents additional information
- * specified by
- * <xmp>
- * <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- * </xmp>
- */
- void addAgreementMethodInformation(Element info);
-
- /**
- * Removes additional <code>AgreementMethod</code> information.
- *
- * @param info a <code>Element</code> that represents additional information
- * specified by
- * <xmp>
- * <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- * </xmp>
- */
- void revoveAgreementMethodInformation(Element info);
-
- /**
- * Returns information relating to the originator's shared secret.
- *
- * @return information relating to the originator's shared secret.
- */
- KeyInfo getOriginatorKeyInfo();
-
- /**
- * Sets the information relating to the originator's shared secret.
- *
- * @param keyInfo information relating to the originator's shared secret.
- */
- void setOriginatorKeyInfo(KeyInfo keyInfo);
-
- /**
- * Returns information relating to the recipient's shared secret.
- *
- * @return information relating to the recipient's shared secret.
- */
- KeyInfo getRecipientKeyInfo();
-
- /**
- * Sets the information relating to the recipient's shared secret.
- *
- * @param keyInfo information relating to the recipient's shared secret.
- */
- void setRecipientKeyInfo(KeyInfo keyInfo);
-
- /**
- * Returns the algorithm URI of this <code>CryptographicMethod</code>.
- *
- * @return the algorithm URI of this <code>CryptographicMethod</code>
- */
- String getAlgorithm();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-/**
- * <code>CipherData</code> provides encrypted data. It must either contain the
- * encrypted octet sequence as base64 encoded text of the
- * <code>CipherValue</code> element, or provide a reference to an external
- * location containing the encrypted octet sequence via the
- * <code>CipherReference</code> element.
- * <p>
- * The schema definition is as follows:
- * <xmp>
- * <element name='CipherData' type='xenc:CipherDataType'/>
- * <complexType name='CipherDataType'>
- * <choice>
- * <element name='CipherValue' type='base64Binary'/>
- * <element ref='xenc:CipherReference'/>
- * </choice>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface CipherData {
-
- /** VALUE_TYPE ASN */
- int VALUE_TYPE = 0x00000001;
-
- /** REFERENCE_TYPE ASN */
- int REFERENCE_TYPE = 0x00000002;
-
- /**
- * Returns the type of encrypted data contained in the
- * <code>CipherData</code>.
- *
- * @return <code>VALUE_TYPE</code> if the encrypted data is contained as
- * <code>CipherValue</code> or <code>REFERENCE_TYPE</code> if the
- * encrypted data is contained as <code>CipherReference</code>.
- */
- int getDataType();
-
- /**
- * Returns the cipher value as a base64 encoded <code>byte</code> array.
- *
- * @return the <code>CipherData</code>'s value.
- */
- CipherValue getCipherValue();
-
- /**
- * Sets the <code>CipherData</code>'s value.
- *
- * @param value the value of the <code>CipherData</code>.
- * @throws XMLEncryptionException
- */
- void setCipherValue(CipherValue value) throws XMLEncryptionException;
-
- /**
- * Returns a reference to an external location containing the encrypted
- * octet sequence (<code>byte</code> array).
- *
- * @return the reference to an external location containing the encrypted
- * octet sequence.
- */
- CipherReference getCipherReference();
-
- /**
- * Sets the <code>CipherData</code>'s reference.
- *
- * @param reference an external location containing the encrypted octet sequence.
- * @throws XMLEncryptionException
- */
- void setCipherReference(CipherReference reference) throws XMLEncryptionException;
-}
-
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import org.w3c.dom.Attr;
-
-/**
- * <code>CipherReference</code> identifies a source which, when processed,
- * yields the encrypted octet sequence.
- * <p>
- * The actual value is obtained as follows. The <code>CipherReference URI</code>
- * contains an identifier that is dereferenced. Should the
- * Transforms, the data resulting from dereferencing the <code>URI</code> is
- * transformed as specified so as to yield the intended cipher value. For
- * example, if the value is base64 encoded within an XML document; the
- * transforms could specify an XPath expression followed by a base64 decoding so
- * as to extract the octets.
- * <p>
- * The syntax of the <code>URI</code> and Transforms is similar to that of
- * [XML-DSIG]. However, there is a difference between signature and encryption
- * processing. In [XML-DSIG] both generation and validation processing start
- * with the same source data and perform that transform in the same order. In
- * encryption, the decryptor has only the cipher data and the specified
- * transforms are enumerated for the decryptor, in the order necessary to obtain
- * the octets. Consequently, because it has different semantics Transforms is in
- * the &xenc; namespace.
- * <p>
- * The schema definition is as follows:
- * <xmp>
- * <element name='CipherReference' type='xenc:CipherReferenceType'/>
- * <complexType name='CipherReferenceType'>
- * <sequence>
- * <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
- * </sequence>
- * <attribute name='URI' type='anyURI' use='required'/>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface CipherReference {
- /**
- * Returns an <code>URI</code> that contains an identifier that should be
- * dereferenced.
- * @return an <code>URI</code> that contains an identifier that should be
- * dereferenced.
- */
- String getURI();
-
- /**
- * Gets the URI as an Attribute node. Used to meld the CipherReference
- * with the XMLSignature ResourceResolvers
- * @return the URI as an Attribute node
- */
- Attr getURIAsAttr();
-
- /**
- * Returns the <code>Transforms</code> that specifies how to transform the
- * <code>URI</code> to yield the appropriate cipher value.
- *
- * @return the transform that specifies how to transform the reference to
- * yield the intended cipher value.
- */
- Transforms getTransforms();
-
- /**
- * Sets the <code>Transforms</code> that specifies how to transform the
- * <code>URI</code> to yield the appropriate cipher value.
- *
- * @param transforms the set of <code>Transforms</code> that specifies how
- * to transform the reference to yield the intended cipher value.
- */
- void setTransforms(Transforms transforms);
-}
-
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-/**
- * <code>CipherValue</code> is the wrapper for cipher text.
- *
- * @author Axl Mattheus
- */
-public interface CipherValue {
- /**
- * Returns the Base 64 encoded, encrypted octets that is the
- * <code>CipherValue</code>.
- *
- * @return cipher value.
- */
- String getValue();
-
- /**
- * Sets the Base 64 encoded, encrypted octets that is the
- * <code>CipherValue</code>.
- *
- * @param value the cipher value.
- */
- void setValue(String value);
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.StringReader;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa.
- */
-public class DocumentSerializer extends AbstractSerializer {
-
- protected DocumentBuilderFactory dbf;
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException {
- byte[] fragment = createContext(source, ctx);
- return deserialize(ctx, new InputSource(new ByteArrayInputStream(fragment)));
- }
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public Node deserialize(String source, Node ctx) throws XMLEncryptionException {
- String fragment = createContext(source, ctx);
- return deserialize(ctx, new InputSource(new StringReader(fragment)));
- }
-
- /**
- * @param ctx
- * @param inputSource
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- private Node deserialize(Node ctx, InputSource inputSource) throws XMLEncryptionException {
- try {
- if (dbf == null) {
- dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
- dbf.setValidating(false);
- }
- DocumentBuilder db = dbf.newDocumentBuilder();
- Document d = db.parse(inputSource);
-
- Document contextDocument = null;
- if (Node.DOCUMENT_NODE == ctx.getNodeType()) {
- contextDocument = (Document)ctx;
- } else {
- contextDocument = ctx.getOwnerDocument();
- }
-
- Element fragElt =
- (Element) contextDocument.importNode(d.getDocumentElement(), true);
- DocumentFragment result = contextDocument.createDocumentFragment();
- Node child = fragElt.getFirstChild();
- while (child != null) {
- fragElt.removeChild(child);
- result.appendChild(child);
- child = fragElt.getFirstChild();
- }
- return result;
- } catch (SAXException se) {
- throw new XMLEncryptionException("empty", se);
- } catch (ParserConfigurationException pce) {
- throw new XMLEncryptionException("empty", pce);
- } catch (IOException ioe) {
- throw new XMLEncryptionException("empty", ioe);
- }
- }
-
-}
\ No newline at end of file
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-/**
- * The <code>EncryptedData</code> element is the core element in the syntax. Not
- * only does its <code>CipherData</code> child contain the encrypted data, but
- * it's also the element that replaces the encrypted element, or serves as the
- * new document root.
- * <p>
- * It's schema definition is as follows:
- * <p>
- * <xmp>
- * <element name='EncryptedData' type='xenc:EncryptedDataType'/>
- * <complexType name='EncryptedDataType'>
- * <complexContent>
- * <extension base='xenc:EncryptedType'/>
- * </complexContent>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedData extends EncryptedType {
-}
-
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-/**
- * The <code>EncryptedKey</code> element is used to transport encryption keys
- * from the originator to a known recipient(s). It may be used as a stand-alone
- * XML document, be placed within an application document, or appear inside an
- * <code>EncryptedData</code> element as a child of a <code>ds:KeyInfo</code>
- * element. The key value is always encrypted to the recipient(s). When
- * <code>EncryptedKey</code> is decrypted the resulting octets are made
- * available to the <code>EncryptionMethod</code> algorithm without any
- * additional processing.
- * <p>
- * Its schema definition is as follows:
- * <xmp>
- * <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
- * <complexType name='EncryptedKeyType'>
- * <complexContent>
- * <extension base='xenc:EncryptedType'>
- * <sequence>
- * <element ref='xenc:ReferenceList' minOccurs='0'/>
- * <element name='CarriedKeyName' type='string' minOccurs='0'/>
- * </sequence>
- * <attribute name='Recipient' type='string' use='optional'/>
- * </extension>
- * </complexContent>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedKey extends EncryptedType {
-
- /**
- * Returns a hint as to which recipient this encrypted key value is intended for.
- *
- * @return the recipient of the <code>EncryptedKey</code>.
- */
- String getRecipient();
-
- /**
- * Sets the recipient for this <code>EncryptedKey</code>.
- *
- * @param recipient the recipient for this <code>EncryptedKey</code>.
- */
- void setRecipient(String recipient);
-
- /**
- * Returns pointers to data and keys encrypted using this key. The reference
- * list may contain multiple references to <code>EncryptedKey</code> and
- * <code>EncryptedData</code> elements. This is done using
- * <code>KeyReference</code> and <code>DataReference</code> elements
- * respectively.
- *
- * @return an <code>Iterator</code> over all the <code>ReferenceList</code>s
- * contained in this <code>EncryptedKey</code>.
- */
- ReferenceList getReferenceList();
-
- /**
- * Sets the <code>ReferenceList</code> to the <code>EncryptedKey</code>.
- *
- * @param list a list of pointers to data elements encrypted using this key.
- */
- void setReferenceList(ReferenceList list);
-
- /**
- * Returns a user readable name with the key value. This may then be used to
- * reference the key using the <code>ds:KeyName</code> element within
- * <code>ds:KeyInfo</code>. The same <code>CarriedKeyName</code> label,
- * unlike an ID type, may occur multiple times within a single document. The
- * value of the key is to be the same in all <code>EncryptedKey</code>
- * elements identified with the same <code>CarriedKeyName</code> label
- * within a single XML document.
- * <br>
- * <b>Note</b> that because whitespace is significant in the value of
- * the <code>ds:KeyName</code> element, whitespace is also significant in
- * the value of the <code>CarriedKeyName</code> element.
- *
- * @return over all the carried names contained in
- * this <code>EncryptedKey</code>.
- */
- String getCarriedName();
-
- /**
- * Sets the carried name.
- *
- * @param name the carried name.
- */
- void setCarriedName(String name);
-}
-
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import org.apache.xml.security.keys.KeyInfo;
-
-/**
- * EncryptedType is the abstract type from which <code>EncryptedData</code> and
- * <code>EncryptedKey</code> are derived. While these two latter element types
- * are very similar with respect to their content models, a syntactical
- * distinction is useful to processing.
- * <p>
- * Its schema definition is as follows:
- * <xmp>
- * <complexType name='EncryptedType' abstract='true'>
- * <sequence>
- * <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
- * minOccurs='0'/>
- * <element ref='ds:KeyInfo' minOccurs='0'/>
- * <element ref='xenc:CipherData'/>
- * <element ref='xenc:EncryptionProperties' minOccurs='0'/>
- * </sequence>
- * <attribute name='Id' type='ID' use='optional'/>
- * <attribute name='Type' type='anyURI' use='optional'/>
- * <attribute name='MimeType' type='string' use='optional'/>
- * <attribute name='Encoding' type='anyURI' use='optional'/>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedType {
-
- /**
- * Returns a <code>String</code> providing for the standard method of
- * assigning an id to the element within the document context.
- *
- * @return the id for the <code>EncryptedType</code>.
- */
- String getId();
-
- /**
- * Sets the id.
- *
- * @param id
- */
- void setId(String id);
-
- /**
- * Returns an <code>URI</code> identifying type information about the
- * plaintext form of the encrypted content. While optional, this
- * specification takes advantage of it for mandatory processing described in
- * Processing Rules: Decryption (section 4.2). If the
- * <code>EncryptedData</code> element contains data of Type 'element' or
- * element 'content', and replaces that data in an XML document context, it
- * is strongly recommended the Type attribute be provided. Without this
- * information, the decryptor will be unable to automatically restore the
- * XML document to its original cleartext form.
- *
- * @return the identifier for the type of information in plaintext form of
- * encrypted content.
- */
- String getType();
-
- /**
- * Sets the type.
- *
- * @param type an <code>URI</code> identifying type information about the
- * plaintext form of the encrypted content.
- */
- void setType(String type);
-
- /**
- * Returns a <code>String</code> which describes the media type of the data
- * which has been encrypted. The value of this attribute has values defined
- * by [MIME]. For example, if the data that is encrypted is a base64 encoded
- * PNG, the transfer Encoding may be specified as
- * 'http://www.w3.org/2000/09/xmldsig#base64' and the MimeType as
- * 'image/png'.
- * <br>
- * This attribute is purely advisory; no validation of the MimeType
- * information is required and it does not indicate the encryption
- * application must do any additional processing. Note, this information may
- * not be necessary if it is already bound to the identifier in the Type
- * attribute. For example, the Element and Content types defined in this
- * specification are always UTF-8 encoded text.
- *
- * @return the media type of the data which was encrypted.
- */
- String getMimeType();
-
- /**
- * Sets the mime type.
- *
- * @param type a <code>String</code> which describes the media type of the
- * data which has been encrypted.
- */
- void setMimeType(String type);
-
- /**
- * Return an <code>URI</code> representing the encoding of the
- * <code>EncryptedType</code>.
- *
- * @return the encoding of this <code>EncryptedType</code>.
- */
- String getEncoding();
-
- /**
- * Sets the <code>URI</code> representing the encoding of the
- * <code>EncryptedType</code>.
- *
- * @param encoding
- */
- void setEncoding(String encoding);
-
- /**
- * Returns an <code>EncryptionMethod</code> that describes the encryption
- * algorithm applied to the cipher data. If the element is absent, the
- * encryption algorithm must be known by the recipient or the decryption
- * will fail.
- *
- * @return the method used to encrypt the cipher data.
- */
- EncryptionMethod getEncryptionMethod();
-
- /**
- * Sets the <code>EncryptionMethod</code> used to encrypt the cipher data.
- *
- * @param method the <code>EncryptionMethod</code>.
- */
- void setEncryptionMethod(EncryptionMethod method);
-
- /**
- * Returns the <code>ds:KeyInfo</code>, that carries information about the
- * key used to encrypt the data. Subsequent sections of this specification
- * define new elements that may appear as children of
- * <code>ds:KeyInfo</code>.
- *
- * @return information about the key that encrypted the cipher data.
- */
- KeyInfo getKeyInfo();
-
- /**
- * Sets the encryption key information.
- *
- * @param info the <code>ds:KeyInfo</code>, that carries information about
- * the key used to encrypt the data.
- */
- void setKeyInfo(KeyInfo info);
-
- /**
- * Returns the <code>CipherReference</code> that contains the
- * <code>CipherValue</code> or <code>CipherReference</code> with the
- * encrypted data.
- *
- * @return the cipher data for the encrypted type.
- */
- CipherData getCipherData();
-
- /**
- * Returns additional information concerning the generation of the
- * <code>EncryptedType</code>.
- *
- * @return information relating to the generation of the
- * <code>EncryptedType</code>.
- */
- EncryptionProperties getEncryptionProperties();
-
- /**
- * Sets the <code>EncryptionProperties</code> that supplies additional
- * information about the generation of the <code>EncryptedType</code>.
- *
- * @param properties
- */
- void setEncryptionProperties(EncryptionProperties properties);
-}
-
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.util.Iterator;
-import org.w3c.dom.Element;
-
-/**
- * <code>EncryptionMethod</code> describes the encryption algorithm applied to
- * the cipher data. If the element is absent, the encryption algorithm must be
- * known by the recipient or the decryption will fail.
- * <p>
- * It is defined as follows:
- * <xmp>
- * <complexType name='EncryptionMethodType' mixed='true'>
- * <sequence>
- * <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
- * <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
- * <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- * </sequence>
- * <attribute name='Algorithm' type='anyURI' use='required'/>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface EncryptionMethod {
- /**
- * Returns the algorithm applied to the cipher data.
- *
- * @return the encryption algorithm.
- */
- String getAlgorithm();
-
- /**
- * Returns the key size of the key of the algorithm applied to the cipher
- * data.
- *
- * @return the key size.
- */
- int getKeySize();
-
- /**
- * Sets the size of the key of the algorithm applied to the cipher data.
- *
- * @param size the key size.
- */
- void setKeySize(int size);
-
- /**
- * Returns the OAEP parameters of the algorithm applied applied to the
- * cipher data.
- *
- * @return the OAEP parameters.
- */
- byte[] getOAEPparams();
-
- /**
- * Sets the OAEP parameters.
- *
- * @param parameters the OAEP parameters.
- */
- void setOAEPparams(byte[] parameters);
-
- /**
- * Set the Digest Algorithm to use
- * @param digestAlgorithm the Digest Algorithm to use
- */
- void setDigestAlgorithm(String digestAlgorithm);
-
- /**
- * Get the Digest Algorithm to use
- * @return the Digest Algorithm to use
- */
- String getDigestAlgorithm();
-
- /**
- * Set the MGF Algorithm to use
- * @param mgfAlgorithm the MGF Algorithm to use
- */
- void setMGFAlgorithm(String mgfAlgorithm);
-
- /**
- * Get the MGF Algorithm to use
- * @return the MGF Algorithm to use
- */
- String getMGFAlgorithm();
-
- /**
- * Returns an iterator over all the additional elements contained in the
- * <code>EncryptionMethod</code>.
- *
- * @return an <code>Iterator</code> over all the additional infomation
- * about the <code>EncryptionMethod</code>.
- */
- Iterator<Element> getEncryptionMethodInformation();
-
- /**
- * Adds encryption method information.
- *
- * @param information additional encryption method information.
- */
- void addEncryptionMethodInformation(Element information);
-
- /**
- * Removes encryption method information.
- *
- * @param information the information to remove from the
- * <code>EncryptionMethod</code>.
- */
- void removeEncryptionMethodInformation(Element information);
-}
-
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.util.Iterator;
-
-/**
- * <code>EncryptionProperties</code> can hold additional information concerning
- * the generation of the <code>EncryptedData</code> or
- * <code>EncryptedKey</code>. This information is wraped int an
- * <code>EncryptionProperty</code> element. Examples of additional information
- * is e.g., a date/time stamp or the serial number of cryptographic hardware
- * used during encryption).
- * <p>
- * It is defined as follows:
- * <xmp>
- * <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
- * <complexType name='EncryptionPropertiesType'>
- * <sequence>
- * <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
- * </sequence>
- * <attribute name='Id' type='ID' use='optional'/>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface EncryptionProperties {
-
- /**
- * Returns the <code>EncryptionProperties</code>' id.
- *
- * @return the id.
- */
- String getId();
-
- /**
- * Sets the id.
- *
- * @param id the id.
- */
- void setId(String id);
-
- /**
- * Returns an <code>Iterator</code> over all the
- * <code>EncryptionPropterty</code> elements contained in this
- * <code>EncryptionProperties</code>.
- *
- * @return an <code>Iterator</code> over all the encryption properties.
- */
- Iterator<EncryptionProperty> getEncryptionProperties();
-
- /**
- * Adds an <code>EncryptionProperty</code>.
- *
- * @param property
- */
- void addEncryptionProperty(EncryptionProperty property);
-
- /**
- * Removes the specified <code>EncryptionProperty</code>.
- *
- * @param property
- */
- void removeEncryptionProperty(EncryptionProperty property);
-}
-
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.util.Iterator;
-import org.w3c.dom.Element;
-
-/**
- * Additional information items concerning the generation of the
- * <code>EncryptedData</code> or <code>EncryptedKey</code> can be placed in an
- * <code>EncryptionProperty</code> element (e.g., date/time stamp or the serial
- * number of cryptographic hardware used during encryption). The Target
- * attribute identifies the <code>EncryptedType</code> structure being
- * described. anyAttribute permits the inclusion of attributes from the XML
- * namespace to be included (i.e., <code>xml:space</code>,
- * <code>xml:lang</code>, and <code>xml:base</code>).
- * <p>
- * It is defined as follows:
- * <xmp>
- * <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
- * <complexType name='EncryptionPropertyType' mixed='true'>
- * <choice maxOccurs='unbounded'>
- * <any namespace='##other' processContents='lax'/>
- * </choice>
- * <attribute name='Target' type='anyURI' use='optional'/>
- * <attribute name='Id' type='ID' use='optional'/>
- * <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- */
-public interface EncryptionProperty {
-
- /**
- * Returns the <code>EncryptedType</code> being described.
- *
- * @return the <code>EncryptedType</code> being described by this
- * <code>EncryptionProperty</code>.
- */
- String getTarget();
-
- /**
- * Sets the target.
- *
- * @param target
- */
- void setTarget(String target);
-
- /**
- * Returns the id of the <CODE>EncryptionProperty</CODE>.
- *
- * @return the id.
- */
- String getId();
-
- /**
- * Sets the id.
- *
- * @param id
- */
- void setId(String id);
-
- /**
- * Returns the attribute's value in the <code>xml</code> namespace.
- *
- * @param attribute
- * @return the attribute's value.
- */
- String getAttribute(String attribute);
-
- /**
- * Set the attribute value.
- *
- * @param attribute the attribute's name.
- * @param value the attribute's value.
- */
- void setAttribute(String attribute, String value);
-
- /**
- * Returns the properties of the <CODE>EncryptionProperty</CODE>.
- *
- * @return an <code>Iterator</code> over all the additional encryption
- * information contained in this class.
- */
- Iterator<Element> getEncryptionInformation();
-
- /**
- * Adds encryption information.
- *
- * @param information the additional encryption information.
- */
- void addEncryptionInformation(Element information);
-
- /**
- * Removes encryption information.
- *
- * @param information the information to remove.
- */
- void removeEncryptionInformation(Element information);
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.util.Iterator;
-import org.w3c.dom.Element;
-
-/**
- * A wrapper for a pointer from a key value of an <code>EncryptedKey</code> to
- * items encrypted by that key value (<code>EncryptedData</code> or
- * <code>EncryptedKey</code> elements).
- * <p>
- * It is defined as follows:
- * <xmp>
- * <complexType name='ReferenceType'>
- * <sequence>
- * <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- * </sequence>
- * <attribute name='URI' type='anyURI' use='required'/>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- * @see ReferenceList
- */
-public interface Reference {
- /**
- * Returns the <code>Element</code> tag name for this <code>Reference</code>.
- *
- * @return the tag name of this <code>Reference</code>.
- */
- String getType();
-
- /**
- * Returns a <code>URI</code> that points to an <code>Element</code> that
- * were encrypted using the key defined in the enclosing
- * <code>EncryptedKey</code> element.
- *
- * @return an Uniform Resource Identifier that qualifies an
- * <code>EncryptedType</code>.
- */
- String getURI();
-
- /**
- * Sets a <code>URI</code> that points to an <code>Element</code> that
- * were encrypted using the key defined in the enclosing
- * <code>EncryptedKey</code> element.
- *
- * @param uri the Uniform Resource Identifier that qualifies an
- * <code>EncryptedType</code>.
- */
- void setURI(String uri);
-
- /**
- * Returns an <code>Iterator</code> over all the child elements contained in
- * this <code>Reference</code> that will aid the recipient in retrieving the
- * <code>EncryptedKey</code> and/or <code>EncryptedData</code> elements.
- * These could include information such as XPath transforms, decompression
- * transforms, or information on how to retrieve the elements from a
- * document storage facility.
- *
- * @return child elements.
- */
- Iterator<Element> getElementRetrievalInformation();
-
- /**
- * Adds retrieval information.
- *
- * @param info
- */
- void addElementRetrievalInformation(Element info);
-
- /**
- * Removes the specified retrieval information.
- *
- * @param info
- */
- void removeElementRetrievalInformation(Element info);
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.util.Iterator;
-
-/**
- * <code>ReferenceList</code> is an element that contains pointers from a key
- * value of an <code>EncryptedKey</code> to items encrypted by that key value
- * (<code>EncryptedData</code> or <code>EncryptedKey</code> elements).
- * <p>
- * It is defined as follows:
- * <xmp>
- * <element name='ReferenceList'>
- * <complexType>
- * <choice minOccurs='1' maxOccurs='unbounded'>
- * <element name='DataReference' type='xenc:ReferenceType'/>
- * <element name='KeyReference' type='xenc:ReferenceType'/>
- * </choice>
- * </complexType>
- * </element>
- * </xmp>
- *
- * @author Axl Mattheus
- * @see Reference
- */
-public interface ReferenceList {
-
- /** DATA TAG */
- int DATA_REFERENCE = 0x00000001;
-
- /** KEY TAG */
- int KEY_REFERENCE = 0x00000002;
-
- /**
- * Adds a reference to this reference list.
- *
- * @param reference the reference to add.
- * @throws IllegalAccessException if the <code>Reference</code> is not an
- * instance of <code>DataReference</code> or <code>KeyReference</code>.
- */
- void add(Reference reference);
-
- /**
- * Removes a reference from the <code>ReferenceList</code>.
- *
- * @param reference the reference to remove.
- */
- void remove(Reference reference);
-
- /**
- * Returns the size of the <code>ReferenceList</code>.
- *
- * @return the size of the <code>ReferenceList</code>.
- */
- int size();
-
- /**
- * Indicates if the <code>ReferenceList</code> is empty.
- *
- * @return <code><b>true</b></code> if the <code>ReferenceList</code> is
- * empty, else <code><b>false</b></code>.
- */
- boolean isEmpty();
-
- /**
- * Returns an <code>Iterator</code> over all the <code>Reference</code>s
- * contained in this <code>ReferenceList</code>.
- *
- * @return Iterator.
- */
- Iterator<Reference> getReferences();
-
- /**
- * <code>DataReference</code> factory method. Returns a
- * <code>DataReference</code>.
- * @param uri
- * @return a <code>DataReference</code>.
- */
- Reference newDataReference(String uri);
-
- /**
- * <code>KeyReference</code> factory method. Returns a
- * <code>KeyReference</code>.
- * @param uri
- * @return a <code>KeyReference</code>.
- */
- Reference newKeyReference(String uri);
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa.
- */
-public interface Serializer {
-
- /**
- * Set the Canonicalizer object to use.
- */
- void setCanonicalizer(Canonicalizer canon);
-
- /**
- * Returns a <code>String</code> representation of the specified
- * <code>Element</code>.
- *
- * @param element the <code>Element</code> to serialize.
- * @return the <code>String</code> representation of the serilaized
- * <code>Element</code>.
- * @throws Exception
- */
- @Deprecated
- String serialize(Element element) throws Exception;
-
- /**
- * Returns a <code>byte[]</code> representation of the specified
- * <code>Element</code>.
- *
- * @param element the <code>Element</code> to serialize.
- * @return the <code>byte[]</code> representation of the serilaized
- * <code>Element</code>.
- * @throws Exception
- */
- byte[] serializeToByteArray(Element element) throws Exception;
-
- /**
- * Returns a <code>String</code> representation of the specified
- * <code>NodeList</code>.
- *
- * @param content the <code>NodeList</code> to serialize.
- * @return the <code>String</code> representation of the serialized
- * <code>NodeList</code>.
- * @throws Exception
- */
- @Deprecated
- String serialize(NodeList content) throws Exception;
-
- /**
- * Returns a <code>byte[]</code> representation of the specified
- * <code>NodeList</code>.
- *
- * @param content the <code>NodeList</code> to serialize.
- * @return the <code>byte[]</code> representation of the serialized
- * <code>NodeList</code>.
- * @throws Exception
- */
- byte[] serializeToByteArray(NodeList content) throws Exception;
-
- /**
- * Use the Canonicalizer to serialize the node
- * @param node
- * @return the canonicalization of the node
- * @throws Exception
- */
- @Deprecated
- String canonSerialize(Node node) throws Exception;
-
- /**
- * Use the Canonicalizer to serialize the node
- * @param node
- * @return the (byte[]) canonicalization of the node
- * @throws Exception
- */
- byte[] canonSerializeToByteArray(Node node) throws Exception;
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- @Deprecated
- Node deserialize(String source, Node ctx) throws XMLEncryptionException;
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException;
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.io.ByteArrayInputStream;
-import java.io.StringReader;
-
-import javax.xml.XMLConstants;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMResult;
-import javax.xml.transform.stream.StreamSource;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Node;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa. This requires Xalan to
- * work properly.
- */
-public class TransformSerializer extends AbstractSerializer {
-
- private TransformerFactory transformerFactory;
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException {
- byte[] fragment = createContext(source, ctx);
- return deserialize(ctx, new StreamSource(new ByteArrayInputStream(fragment)));
- }
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public Node deserialize(String source, Node ctx) throws XMLEncryptionException {
- String fragment = createContext(source, ctx);
- return deserialize(ctx, new StreamSource(new StringReader(fragment)));
- }
-
- /**
- * @param ctx
- * @param source
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- private Node deserialize(Node ctx, Source source) throws XMLEncryptionException {
- try {
- Document contextDocument = null;
- if (Node.DOCUMENT_NODE == ctx.getNodeType()) {
- contextDocument = (Document)ctx;
- } else {
- contextDocument = ctx.getOwnerDocument();
- }
-
- if (transformerFactory == null) {
- transformerFactory = TransformerFactory.newInstance();
- transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- }
- Transformer transformer = transformerFactory.newTransformer();
-
- DOMResult res = new DOMResult();
-
- Node placeholder = contextDocument.createDocumentFragment();
- res.setNode(placeholder);
-
- transformer.transform(source, res);
-
- // Skip dummy element
- Node dummyChild = placeholder.getFirstChild();
- Node child = dummyChild.getFirstChild();
-
- if (child != null && child.getNextSibling() == null) {
- return child;
- }
-
- DocumentFragment docfrag = contextDocument.createDocumentFragment();
- while (child != null) {
- dummyChild.removeChild(child);
- docfrag.appendChild(child);
- child = dummyChild.getFirstChild();
- }
-
- return docfrag;
- } catch (Exception e) {
- throw new XMLEncryptionException("empty", e);
- }
- }
-
-}
\ No newline at end of file
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-/**
- * A container for <code>ds:Transform</code>s.
- * <p>
- * It is defined as follows:
- * <xmp>
- * <complexType name='TransformsType'>
- * <sequence>
- * <element ref='ds:Transform' maxOccurs='unbounded'/>
- * </sequence>
- * </complexType>
- * </xmp>
- *
- * @author Axl Mattheus
- * @see org.apache.xml.security.encryption.CipherReference
- */
-public interface Transforms {
- /**
- * Temporary method to turn the XMLEncryption Transforms class
- * into a DS class. The main logic is currently implemented in the
- * DS class, so we need to get to get the base class.
- * <p>
- * <b>Note</b> This will be removed in future versions
- */
- org.apache.xml.security.transforms.Transforms getDSTransforms();
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
-import java.security.spec.MGF1ParameterSpec;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.OAEPParameterSpec;
-import javax.crypto.spec.PSource;
-
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.KeyInfo;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.keyresolver.implementations.EncryptedKeyResolver;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.InvalidTransformException;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.ElementProxy;
-import org.apache.xml.security.utils.EncryptionConstants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * <code>XMLCipher</code> encrypts and decrypts the contents of
- * <code>Document</code>s, <code>Element</code>s and <code>Element</code>
- * contents. It was designed to resemble <code>javax.crypto.Cipher</code> in
- * order to facilitate understanding of its functioning.
- *
- * @author Axl Mattheus (Sun Microsystems)
- * @author Christian Geuer-Pollmann
- */
-public class XMLCipher {
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(XMLCipher.class);
-
- /** Triple DES EDE (192 bit key) in CBC mode */
- public static final String TRIPLEDES =
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES;
-
- /** AES 128 Cipher */
- public static final String AES_128 =
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
-
- /** AES 256 Cipher */
- public static final String AES_256 =
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
-
- /** AES 192 Cipher */
- public static final String AES_192 =
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
-
- /** AES 128 GCM Cipher */
- public static final String AES_128_GCM =
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM;
-
- /** AES 192 GCM Cipher */
- public static final String AES_192_GCM =
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM;
-
- /** AES 256 GCM Cipher */
- public static final String AES_256_GCM =
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM;
-
- /** RSA 1.5 Cipher */
- public static final String RSA_v1dot5 =
- EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15;
-
- /** RSA OAEP Cipher */
- public static final String RSA_OAEP =
- EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-
- /** RSA OAEP Cipher */
- public static final String RSA_OAEP_11 =
- EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP_11;
-
- /** DIFFIE_HELLMAN Cipher */
- public static final String DIFFIE_HELLMAN =
- EncryptionConstants.ALGO_ID_KEYAGREEMENT_DH;
-
- /** Triple DES EDE (192 bit key) in CBC mode KEYWRAP*/
- public static final String TRIPLEDES_KeyWrap =
- EncryptionConstants.ALGO_ID_KEYWRAP_TRIPLEDES;
-
- /** AES 128 Cipher KeyWrap */
- public static final String AES_128_KeyWrap =
- EncryptionConstants.ALGO_ID_KEYWRAP_AES128;
-
- /** AES 256 Cipher KeyWrap */
- public static final String AES_256_KeyWrap =
- EncryptionConstants.ALGO_ID_KEYWRAP_AES256;
-
- /** AES 192 Cipher KeyWrap */
- public static final String AES_192_KeyWrap =
- EncryptionConstants.ALGO_ID_KEYWRAP_AES192;
-
- /** SHA1 Cipher */
- public static final String SHA1 =
- Constants.ALGO_ID_DIGEST_SHA1;
-
- /** SHA256 Cipher */
- public static final String SHA256 =
- MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256;
-
- /** SHA512 Cipher */
- public static final String SHA512 =
- MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512;
-
- /** RIPEMD Cipher */
- public static final String RIPEMD_160 =
- MessageDigestAlgorithm.ALGO_ID_DIGEST_RIPEMD160;
-
- /** XML Signature NS */
- public static final String XML_DSIG =
- Constants.SignatureSpecNS;
-
- /** N14C_XML */
- public static final String N14C_XML =
- Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
-
- /** N14C_XML with comments*/
- public static final String N14C_XML_WITH_COMMENTS =
- Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
-
- /** N14C_XML exclusive */
- public static final String EXCL_XML_N14C =
- Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
-
- /** N14C_XML exclusive with comments*/
- public static final String EXCL_XML_N14C_WITH_COMMENTS =
- Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
-
- /** N14C_PHYSICAL preserve the physical representation*/
- public static final String PHYSICAL_XML_N14C =
- Canonicalizer.ALGO_ID_C14N_PHYSICAL;
-
- /** Base64 encoding */
- public static final String BASE64_ENCODING =
- org.apache.xml.security.transforms.Transforms.TRANSFORM_BASE64_DECODE;
-
- /** ENCRYPT Mode */
- public static final int ENCRYPT_MODE = Cipher.ENCRYPT_MODE;
-
- /** DECRYPT Mode */
- public static final int DECRYPT_MODE = Cipher.DECRYPT_MODE;
-
- /** UNWRAP Mode */
- public static final int UNWRAP_MODE = Cipher.UNWRAP_MODE;
-
- /** WRAP Mode */
- public static final int WRAP_MODE = Cipher.WRAP_MODE;
-
- private static final String ENC_ALGORITHMS = TRIPLEDES + "\n" +
- AES_128 + "\n" + AES_256 + "\n" + AES_192 + "\n" + RSA_v1dot5 + "\n" +
- RSA_OAEP + "\n" + RSA_OAEP_11 + "\n" + TRIPLEDES_KeyWrap + "\n" +
- AES_128_KeyWrap + "\n" + AES_256_KeyWrap + "\n" + AES_192_KeyWrap + "\n" +
- AES_128_GCM + "\n" + AES_192_GCM + "\n" + AES_256_GCM + "\n";
-
- /** Cipher created during initialisation that is used for encryption */
- private Cipher contextCipher;
-
- /** Mode that the XMLCipher object is operating in */
- private int cipherMode = Integer.MIN_VALUE;
-
- /** URI of algorithm that is being used for cryptographic operation */
- private String algorithm = null;
-
- /** Cryptographic provider requested by caller */
- private String requestedJCEProvider = null;
-
- /** Holds c14n to serialize, if initialized then _always_ use this c14n to serialize */
- private Canonicalizer canon;
-
- /** Used for creation of DOM nodes in WRAP and ENCRYPT modes */
- private Document contextDocument;
-
- /** Instance of factory used to create XML Encryption objects */
- private Factory factory;
-
- /** Serializer class for going to/from UTF-8 */
- private Serializer serializer;
-
- /** Local copy of user's key */
- private Key key;
-
- /** Local copy of the kek (used to decrypt EncryptedKeys during a
- * DECRYPT_MODE operation */
- private Key kek;
-
- // The EncryptedKey being built (part of a WRAP operation) or read
- // (part of an UNWRAP operation)
- private EncryptedKey ek;
-
- // The EncryptedData being built (part of a WRAP operation) or read
- // (part of an UNWRAP operation)
- private EncryptedData ed;
-
- private SecureRandom random;
-
- private boolean secureValidation;
-
- private String digestAlg;
-
- /** List of internal KeyResolvers for DECRYPT and UNWRAP modes. */
- private List<KeyResolverSpi> internalKeyResolvers;
-
- /**
- * Set the Serializer algorithm to use
- */
- public void setSerializer(Serializer serializer) {
- this.serializer = serializer;
- serializer.setCanonicalizer(this.canon);
- }
-
- /**
- * Get the Serializer algorithm to use
- */
- public Serializer getSerializer() {
- return serializer;
- }
-
- /**
- * Creates a new <code>XMLCipher</code>.
- *
- * @param transformation the name of the transformation, e.g.,
- * <code>XMLCipher.TRIPLEDES</code>. If null the XMLCipher can only
- * be used for decrypt or unwrap operations where the encryption method
- * is defined in the <code>EncryptionMethod</code> element.
- * @param provider the JCE provider that supplies the transformation,
- * if null use the default provider.
- * @param canon the name of the c14n algorithm, if
- * <code>null</code> use standard serializer
- * @param digestMethod An optional digestMethod to use.
- */
- private XMLCipher(
- String transformation,
- String provider,
- String canonAlg,
- String digestMethod
- ) throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Constructing XMLCipher...");
- }
-
- factory = new Factory();
-
- algorithm = transformation;
- requestedJCEProvider = provider;
- digestAlg = digestMethod;
-
- // Create a canonicalizer - used when serializing DOM to octets
- // prior to encryption (and for the reverse)
-
- try {
- if (canonAlg == null) {
- // The default is to preserve the physical representation.
- this.canon = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_PHYSICAL);
- } else {
- this.canon = Canonicalizer.getInstance(canonAlg);
- }
- } catch (InvalidCanonicalizerException ice) {
- throw new XMLEncryptionException("empty", ice);
- }
-
- if (serializer == null) {
- serializer = new DocumentSerializer();
- }
- serializer.setCanonicalizer(this.canon);
-
- if (transformation != null) {
- contextCipher = constructCipher(transformation, digestMethod);
- }
- }
-
- /**
- * Checks to ensure that the supplied algorithm is valid.
- *
- * @param algorithm the algorithm to check.
- * @return true if the algorithm is valid, otherwise false.
- * @since 1.0.
- */
- private static boolean isValidEncryptionAlgorithm(String algorithm) {
- return (
- algorithm.equals(TRIPLEDES) ||
- algorithm.equals(AES_128) ||
- algorithm.equals(AES_256) ||
- algorithm.equals(AES_192) ||
- algorithm.equals(AES_128_GCM) ||
- algorithm.equals(AES_192_GCM) ||
- algorithm.equals(AES_256_GCM) ||
- algorithm.equals(RSA_v1dot5) ||
- algorithm.equals(RSA_OAEP) ||
- algorithm.equals(RSA_OAEP_11) ||
- algorithm.equals(TRIPLEDES_KeyWrap) ||
- algorithm.equals(AES_128_KeyWrap) ||
- algorithm.equals(AES_256_KeyWrap) ||
- algorithm.equals(AES_192_KeyWrap)
- );
- }
-
- /**
- * Validate the transformation argument of getInstance or getProviderInstance
- *
- * @param transformation the name of the transformation, e.g.,
- * <code>XMLCipher.TRIPLEDES</code> which is shorthand for
- * "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
- */
- private static void validateTransformation(String transformation) {
- if (null == transformation) {
- throw new NullPointerException("Transformation unexpectedly null...");
- }
- if (!isValidEncryptionAlgorithm(transformation)) {
- log.warn("Algorithm non-standard, expected one of " + ENC_ALGORITHMS);
- }
- }
-
- /**
- * Returns an <code>XMLCipher</code> that implements the specified
- * transformation and operates on the specified context document.
- * <p>
- * If the default provider package supplies an implementation of the
- * requested transformation, an instance of Cipher containing that
- * implementation is returned. If the transformation is not available in
- * the default provider package, other provider packages are searched.
- * <p>
- * <b>NOTE<sub>1</sub>:</b> The transformation name does not follow the same
- * pattern as that outlined in the Java Cryptography Extension Reference
- * Guide but rather that specified by the XML Encryption Syntax and
- * Processing document. The rational behind this is to make it easier for a
- * novice at writing Java Encryption software to use the library.
- * <p>
- * <b>NOTE<sub>2</sub>:</b> <code>getInstance()</code> does not follow the
- * same pattern regarding exceptional conditions as that used in
- * <code>javax.crypto.Cipher</code>. Instead, it only throws an
- * <code>XMLEncryptionException</code> which wraps an underlying exception.
- * The stack trace from the exception should be self explanatory.
- *
- * @param transformation the name of the transformation, e.g.,
- * <code>XMLCipher.TRIPLEDES</code> which is shorthand for
- * "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
- * @throws XMLEncryptionException
- * @return the XMLCipher
- * @see javax.crypto.Cipher#getInstance(java.lang.String)
- */
- public static XMLCipher getInstance(String transformation) throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Getting XMLCipher with transformation");
- }
- validateTransformation(transformation);
- return new XMLCipher(transformation, null, null, null);
- }
-
- /**
- * Returns an <code>XMLCipher</code> that implements the specified
- * transformation, operates on the specified context document and serializes
- * the document with the specified canonicalization algorithm before it
- * encrypts the document.
- * <p>
- *
- * @param transformation the name of the transformation
- * @param canon the name of the c14n algorithm, if <code>null</code> use
- * standard serializer
- * @return the XMLCipher
- * @throws XMLEncryptionException
- */
- public static XMLCipher getInstance(String transformation, String canon)
- throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Getting XMLCipher with transformation and c14n algorithm");
- }
- validateTransformation(transformation);
- return new XMLCipher(transformation, null, canon, null);
- }
-
- /**
- * Returns an <code>XMLCipher</code> that implements the specified
- * transformation, operates on the specified context document and serializes
- * the document with the specified canonicalization algorithm before it
- * encrypts the document.
- * <p>
- *
- * @param transformation the name of the transformation
- * @param canon the name of the c14n algorithm, if <code>null</code> use
- * standard serializer
- * @param digestMethod An optional digestMethod to use
- * @return the XMLCipher
- * @throws XMLEncryptionException
- */
- public static XMLCipher getInstance(String transformation, String canon, String digestMethod)
- throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Getting XMLCipher with transformation and c14n algorithm");
- }
- validateTransformation(transformation);
- return new XMLCipher(transformation, null, canon, digestMethod);
- }
-
- /**
- * Returns an <code>XMLCipher</code> that implements the specified
- * transformation and operates on the specified context document.
- *
- * @param transformation the name of the transformation
- * @param provider the JCE provider that supplies the transformation
- * @return the XMLCipher
- * @throws XMLEncryptionException
- */
- public static XMLCipher getProviderInstance(String transformation, String provider)
- throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Getting XMLCipher with transformation and provider");
- }
- if (null == provider) {
- throw new NullPointerException("Provider unexpectedly null..");
- }
- validateTransformation(transformation);
- return new XMLCipher(transformation, provider, null, null);
- }
-
- /**
- * Returns an <code>XMLCipher</code> that implements the specified
- * transformation, operates on the specified context document and serializes
- * the document with the specified canonicalization algorithm before it
- * encrypts the document.
- * <p>
- *
- * @param transformation the name of the transformation
- * @param provider the JCE provider that supplies the transformation
- * @param canon the name of the c14n algorithm, if <code>null</code> use standard
- * serializer
- * @return the XMLCipher
- * @throws XMLEncryptionException
- */
- public static XMLCipher getProviderInstance(
- String transformation, String provider, String canon
- ) throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Getting XMLCipher with transformation, provider and c14n algorithm");
- }
- if (null == provider) {
- throw new NullPointerException("Provider unexpectedly null..");
- }
- validateTransformation(transformation);
- return new XMLCipher(transformation, provider, canon, null);
- }
-
- /**
- * Returns an <code>XMLCipher</code> that implements the specified
- * transformation, operates on the specified context document and serializes
- * the document with the specified canonicalization algorithm before it
- * encrypts the document.
- * <p>
- *
- * @param transformation the name of the transformation
- * @param provider the JCE provider that supplies the transformation
- * @param canon the name of the c14n algorithm, if <code>null</code> use standard
- * serializer
- * @param digestMethod An optional digestMethod to use
- * @return the XMLCipher
- * @throws XMLEncryptionException
- */
- public static XMLCipher getProviderInstance(
- String transformation, String provider, String canon, String digestMethod
- ) throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Getting XMLCipher with transformation, provider and c14n algorithm");
- }
- if (null == provider) {
- throw new NullPointerException("Provider unexpectedly null..");
- }
- validateTransformation(transformation);
- return new XMLCipher(transformation, provider, canon, digestMethod);
- }
-
- /**
- * Returns an <code>XMLCipher</code> that implements no specific
- * transformation, and can therefore only be used for decrypt or
- * unwrap operations where the encryption method is defined in the
- * <code>EncryptionMethod</code> element.
- *
- * @return The XMLCipher
- * @throws XMLEncryptionException
- */
- public static XMLCipher getInstance() throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Getting XMLCipher with no arguments");
- }
- return new XMLCipher(null, null, null, null);
- }
-
- /**
- * Returns an <code>XMLCipher</code> that implements no specific
- * transformation, and can therefore only be used for decrypt or
- * unwrap operations where the encryption method is defined in the
- * <code>EncryptionMethod</code> element.
- *
- * Allows the caller to specify a provider that will be used for
- * cryptographic operations.
- *
- * @param provider the JCE provider that supplies the transformation
- * @return the XMLCipher
- * @throws XMLEncryptionException
- */
- public static XMLCipher getProviderInstance(String provider) throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Getting XMLCipher with provider");
- }
- return new XMLCipher(null, provider, null, null);
- }
-
- /**
- * Initializes this cipher with a key.
- * <p>
- * The cipher is initialized for one of the following four operations:
- * encryption, decryption, key wrapping or key unwrapping, depending on the
- * value of opmode.
- *
- * For WRAP and ENCRYPT modes, this also initialises the internal
- * EncryptedKey or EncryptedData (with a CipherValue)
- * structure that will be used during the ensuing operations. This
- * can be obtained (in order to modify KeyInfo elements etc. prior to
- * finalising the encryption) by calling
- * {@link #getEncryptedData} or {@link #getEncryptedKey}.
- *
- * @param opmode the operation mode of this cipher (this is one of the
- * following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
- * @param key
- * @see javax.crypto.Cipher#init(int, java.security.Key)
- * @throws XMLEncryptionException
- */
- public void init(int opmode, Key key) throws XMLEncryptionException {
- // sanity checks
- if (log.isDebugEnabled()) {
- log.debug("Initializing XMLCipher...");
- }
-
- ek = null;
- ed = null;
-
- switch (opmode) {
-
- case ENCRYPT_MODE :
- if (log.isDebugEnabled()) {
- log.debug("opmode = ENCRYPT_MODE");
- }
- ed = createEncryptedData(CipherData.VALUE_TYPE, "NO VALUE YET");
- break;
- case DECRYPT_MODE :
- if (log.isDebugEnabled()) {
- log.debug("opmode = DECRYPT_MODE");
- }
- break;
- case WRAP_MODE :
- if (log.isDebugEnabled()) {
- log.debug("opmode = WRAP_MODE");
- }
- ek = createEncryptedKey(CipherData.VALUE_TYPE, "NO VALUE YET");
- break;
- case UNWRAP_MODE :
- if (log.isDebugEnabled()) {
- log.debug("opmode = UNWRAP_MODE");
- }
- break;
- default :
- log.error("Mode unexpectedly invalid");
- throw new XMLEncryptionException("Invalid mode in init");
- }
-
- cipherMode = opmode;
- this.key = key;
- }
-
- /**
- * Set whether secure validation is enabled or not. The default is false.
- */
- public void setSecureValidation(boolean secureValidation) {
- this.secureValidation = secureValidation;
- }
-
- /**
- * This method is used to add a custom {@link KeyResolverSpi} to an XMLCipher.
- * These KeyResolvers are used in KeyInfo objects in DECRYPT and
- * UNWRAP modes.
- *
- * @param keyResolver
- */
- public void registerInternalKeyResolver(KeyResolverSpi keyResolver) {
- if (internalKeyResolvers == null) {
- internalKeyResolvers = new ArrayList<KeyResolverSpi>();
- }
- internalKeyResolvers.add(keyResolver);
- }
-
- /**
- * Get the EncryptedData being built
- * <p>
- * Returns the EncryptedData being built during an ENCRYPT operation.
- * This can then be used by applications to add KeyInfo elements and
- * set other parameters.
- *
- * @return The EncryptedData being built
- */
- public EncryptedData getEncryptedData() {
- // Sanity checks
- if (log.isDebugEnabled()) {
- log.debug("Returning EncryptedData");
- }
- return ed;
- }
-
- /**
- * Get the EncryptedData being build
- *
- * Returns the EncryptedData being built during an ENCRYPT operation.
- * This can then be used by applications to add KeyInfo elements and
- * set other parameters.
- *
- * @return The EncryptedData being built
- */
- public EncryptedKey getEncryptedKey() {
- // Sanity checks
- if (log.isDebugEnabled()) {
- log.debug("Returning EncryptedKey");
- }
- return ek;
- }
-
- /**
- * Set a Key Encryption Key.
- * <p>
- * The Key Encryption Key (KEK) is used for encrypting/decrypting
- * EncryptedKey elements. By setting this separately, the XMLCipher
- * class can know whether a key applies to the data part or wrapped key
- * part of an encrypted object.
- *
- * @param kek The key to use for de/encrypting key data
- */
-
- public void setKEK(Key kek) {
- this.kek = kek;
- }
-
- /**
- * Martial an EncryptedData
- *
- * Takes an EncryptedData object and returns a DOM Element that
- * represents the appropriate <code>EncryptedData</code>
- * <p>
- * <b>Note:</b> This should only be used in cases where the context
- * document has been passed in via a call to doFinal.
- *
- * @param encryptedData EncryptedData object to martial
- * @return the DOM <code>Element</code> representing the passed in
- * object
- */
- public Element martial(EncryptedData encryptedData) {
- return factory.toElement(encryptedData);
- }
-
- /**
- * Martial an EncryptedData
- *
- * Takes an EncryptedData object and returns a DOM Element that
- * represents the appropriate <code>EncryptedData</code>
- *
- * @param context The document that will own the returned nodes
- * @param encryptedData EncryptedData object to martial
- * @return the DOM <code>Element</code> representing the passed in
- * object
- */
- public Element martial(Document context, EncryptedData encryptedData) {
- contextDocument = context;
- return factory.toElement(encryptedData);
- }
-
- /**
- * Martial an EncryptedKey
- *
- * Takes an EncryptedKey object and returns a DOM Element that
- * represents the appropriate <code>EncryptedKey</code>
- *
- * <p>
- * <b>Note:</b> This should only be used in cases where the context
- * document has been passed in via a call to doFinal.
- *
- * @param encryptedKey EncryptedKey object to martial
- * @return the DOM <code>Element</code> representing the passed in
- * object
- */
- public Element martial(EncryptedKey encryptedKey) {
- return factory.toElement(encryptedKey);
- }
-
- /**
- * Martial an EncryptedKey
- *
- * Takes an EncryptedKey object and returns a DOM Element that
- * represents the appropriate <code>EncryptedKey</code>
- *
- * @param context The document that will own the created nodes
- * @param encryptedKey EncryptedKey object to martial
- * @return the DOM <code>Element</code> representing the passed in
- * object
- */
- public Element martial(Document context, EncryptedKey encryptedKey) {
- contextDocument = context;
- return factory.toElement(encryptedKey);
- }
-
- /**
- * Martial a ReferenceList
- *
- * Takes a ReferenceList object and returns a DOM Element that
- * represents the appropriate <code>ReferenceList</code>
- *
- * <p>
- * <b>Note:</b> This should only be used in cases where the context
- * document has been passed in via a call to doFinal.
- *
- * @param referenceList ReferenceList object to martial
- * @return the DOM <code>Element</code> representing the passed in
- * object
- */
- public Element martial(ReferenceList referenceList) {
- return factory.toElement(referenceList);
- }
-
- /**
- * Martial a ReferenceList
- *
- * Takes a ReferenceList object and returns a DOM Element that
- * represents the appropriate <code>ReferenceList</code>
- *
- * @param context The document that will own the created nodes
- * @param referenceList ReferenceList object to martial
- * @return the DOM <code>Element</code> representing the passed in
- * object
- */
- public Element martial(Document context, ReferenceList referenceList) {
- contextDocument = context;
- return factory.toElement(referenceList);
- }
-
- /**
- * Encrypts an <code>Element</code> and replaces it with its encrypted
- * counterpart in the context <code>Document</code>, that is, the
- * <code>Document</code> specified when one calls
- * {@link #getInstance(String) getInstance}.
- *
- * @param element the <code>Element</code> to encrypt.
- * @return the context <code>Document</code> with the encrypted
- * <code>Element</code> having replaced the source <code>Element</code>.
- * @throws Exception
- */
- private Document encryptElement(Element element) throws Exception{
- if (log.isDebugEnabled()) {
- log.debug("Encrypting element...");
- }
- if (null == element) {
- log.error("Element unexpectedly null...");
- }
- if (cipherMode != ENCRYPT_MODE && log.isDebugEnabled()) {
- log.debug("XMLCipher unexpectedly not in ENCRYPT_MODE...");
- }
-
- if (algorithm == null) {
- throw new XMLEncryptionException("XMLCipher instance without transformation specified");
- }
- encryptData(contextDocument, element, false);
-
- Element encryptedElement = factory.toElement(ed);
-
- Node sourceParent = element.getParentNode();
- sourceParent.replaceChild(encryptedElement, element);
-
- return contextDocument;
- }
-
- /**
- * Encrypts a <code>NodeList</code> (the contents of an
- * <code>Element</code>) and replaces its parent <code>Element</code>'s
- * content with this the resulting <code>EncryptedType</code> within the
- * context <code>Document</code>, that is, the <code>Document</code>
- * specified when one calls
- * {@link #getInstance(String) getInstance}.
- *
- * @param element the <code>NodeList</code> to encrypt.
- * @return the context <code>Document</code> with the encrypted
- * <code>NodeList</code> having replaced the content of the source
- * <code>Element</code>.
- * @throws Exception
- */
- private Document encryptElementContent(Element element) throws /* XMLEncryption */Exception {
- if (log.isDebugEnabled()) {
- log.debug("Encrypting element content...");
- }
- if (null == element) {
- log.error("Element unexpectedly null...");
- }
- if (cipherMode != ENCRYPT_MODE && log.isDebugEnabled()) {
- log.debug("XMLCipher unexpectedly not in ENCRYPT_MODE...");
- }
-
- if (algorithm == null) {
- throw new XMLEncryptionException("XMLCipher instance without transformation specified");
- }
- encryptData(contextDocument, element, true);
-
- Element encryptedElement = factory.toElement(ed);
-
- removeContent(element);
- element.appendChild(encryptedElement);
-
- return contextDocument;
- }
-
- /**
- * Process a DOM <code>Document</code> node. The processing depends on the
- * initialization parameters of {@link #init(int, Key) init()}.
- *
- * @param context the context <code>Document</code>.
- * @param source the <code>Document</code> to be encrypted or decrypted.
- * @return the processed <code>Document</code>.
- * @throws Exception to indicate any exceptional conditions.
- */
- public Document doFinal(Document context, Document source) throws /* XMLEncryption */Exception {
- if (log.isDebugEnabled()) {
- log.debug("Processing source document...");
- }
- if (null == context) {
- log.error("Context document unexpectedly null...");
- }
- if (null == source) {
- log.error("Source document unexpectedly null...");
- }
-
- contextDocument = context;
-
- Document result = null;
-
- switch (cipherMode) {
- case DECRYPT_MODE:
- result = decryptElement(source.getDocumentElement());
- break;
- case ENCRYPT_MODE:
- result = encryptElement(source.getDocumentElement());
- break;
- case UNWRAP_MODE:
- case WRAP_MODE:
- break;
- default:
- throw new XMLEncryptionException("empty", new IllegalStateException());
- }
-
- return result;
- }
-
- /**
- * Process a DOM <code>Element</code> node. The processing depends on the
- * initialization parameters of {@link #init(int, Key) init()}.
- *
- * @param context the context <code>Document</code>.
- * @param element the <code>Element</code> to be encrypted.
- * @return the processed <code>Document</code>.
- * @throws Exception to indicate any exceptional conditions.
- */
- public Document doFinal(Document context, Element element) throws /* XMLEncryption */Exception {
- if (log.isDebugEnabled()) {
- log.debug("Processing source element...");
- }
- if (null == context) {
- log.error("Context document unexpectedly null...");
- }
- if (null == element) {
- log.error("Source element unexpectedly null...");
- }
-
- contextDocument = context;
-
- Document result = null;
-
- switch (cipherMode) {
- case DECRYPT_MODE:
- result = decryptElement(element);
- break;
- case ENCRYPT_MODE:
- result = encryptElement(element);
- break;
- case UNWRAP_MODE:
- case WRAP_MODE:
- break;
- default:
- throw new XMLEncryptionException("empty", new IllegalStateException());
- }
-
- return result;
- }
-
- /**
- * Process the contents of a DOM <code>Element</code> node. The processing
- * depends on the initialization parameters of
- * {@link #init(int, Key) init()}.
- *
- * @param context the context <code>Document</code>.
- * @param element the <code>Element</code> which contents is to be
- * encrypted.
- * @param content
- * @return the processed <code>Document</code>.
- * @throws Exception to indicate any exceptional conditions.
- */
- public Document doFinal(Document context, Element element, boolean content)
- throws /* XMLEncryption*/ Exception {
- if (log.isDebugEnabled()) {
- log.debug("Processing source element...");
- }
- if (null == context) {
- log.error("Context document unexpectedly null...");
- }
- if (null == element) {
- log.error("Source element unexpectedly null...");
- }
-
- contextDocument = context;
-
- Document result = null;
-
- switch (cipherMode) {
- case DECRYPT_MODE:
- if (content) {
- result = decryptElementContent(element);
- } else {
- result = decryptElement(element);
- }
- break;
- case ENCRYPT_MODE:
- if (content) {
- result = encryptElementContent(element);
- } else {
- result = encryptElement(element);
- }
- break;
- case UNWRAP_MODE:
- case WRAP_MODE:
- break;
- default:
- throw new XMLEncryptionException("empty", new IllegalStateException());
- }
-
- return result;
- }
-
- /**
- * Returns an <code>EncryptedData</code> interface. Use this operation if
- * you want to have full control over the contents of the
- * <code>EncryptedData</code> structure.
- *
- * This does not change the source document in any way.
- *
- * @param context the context <code>Document</code>.
- * @param element the <code>Element</code> that will be encrypted.
- * @return the <code>EncryptedData</code>
- * @throws Exception
- */
- public EncryptedData encryptData(Document context, Element element) throws
- /* XMLEncryption */Exception {
- return encryptData(context, element, false);
- }
-
- /**
- * Returns an <code>EncryptedData</code> interface. Use this operation if
- * you want to have full control over the serialization of the element
- * or element content.
- *
- * This does not change the source document in any way.
- *
- * @param context the context <code>Document</code>.
- * @param type a URI identifying type information about the plaintext form
- * of the encrypted content (may be <code>null</code>)
- * @param serializedData the serialized data
- * @return the <code>EncryptedData</code>
- * @throws Exception
- */
- public EncryptedData encryptData(
- Document context, String type, InputStream serializedData
- ) throws Exception {
- if (log.isDebugEnabled()) {
- log.debug("Encrypting element...");
- }
- if (null == context) {
- log.error("Context document unexpectedly null...");
- }
- if (null == serializedData) {
- log.error("Serialized data unexpectedly null...");
- }
- if (cipherMode != ENCRYPT_MODE && log.isDebugEnabled()) {
- log.debug("XMLCipher unexpectedly not in ENCRYPT_MODE...");
- }
-
- return encryptData(context, null, type, serializedData);
- }
-
- /**
- * Returns an <code>EncryptedData</code> interface. Use this operation if
- * you want to have full control over the contents of the
- * <code>EncryptedData</code> structure.
- *
- * This does not change the source document in any way.
- *
- * @param context the context <code>Document</code>.
- * @param element the <code>Element</code> that will be encrypted.
- * @param contentMode <code>true</code> to encrypt element's content only,
- * <code>false</code> otherwise
- * @return the <code>EncryptedData</code>
- * @throws Exception
- */
- public EncryptedData encryptData(
- Document context, Element element, boolean contentMode
- ) throws /* XMLEncryption */ Exception {
- if (log.isDebugEnabled()) {
- log.debug("Encrypting element...");
- }
- if (null == context) {
- log.error("Context document unexpectedly null...");
- }
- if (null == element) {
- log.error("Element unexpectedly null...");
- }
- if (cipherMode != ENCRYPT_MODE && log.isDebugEnabled()) {
- log.debug("XMLCipher unexpectedly not in ENCRYPT_MODE...");
- }
-
- if (contentMode) {
- return encryptData(context, element, EncryptionConstants.TYPE_CONTENT, null);
- } else {
- return encryptData(context, element, EncryptionConstants.TYPE_ELEMENT, null);
- }
- }
-
- private EncryptedData encryptData(
- Document context, Element element, String type, InputStream serializedData
- ) throws /* XMLEncryption */ Exception {
- contextDocument = context;
-
- if (algorithm == null) {
- throw new XMLEncryptionException("XMLCipher instance without transformation specified");
- }
-
- byte[] serializedOctets = null;
- if (serializedData == null) {
- if (type.equals(EncryptionConstants.TYPE_CONTENT)) {
- NodeList children = element.getChildNodes();
- if (null != children) {
- serializedOctets = serializer.serializeToByteArray(children);
- } else {
- Object exArgs[] = { "Element has no content." };
- throw new XMLEncryptionException("empty", exArgs);
- }
- } else {
- serializedOctets = serializer.serializeToByteArray(element);
- }
- if (log.isDebugEnabled()) {
- log.debug("Serialized octets:\n" + new String(serializedOctets, "UTF-8"));
- }
- }
-
- byte[] encryptedBytes = null;
-
- // Now create the working cipher if none was created already
- Cipher c;
- if (contextCipher == null) {
- c = constructCipher(algorithm, null);
- } else {
- c = contextCipher;
- }
- // Now perform the encryption
-
- try {
- // The Spec mandates a 96-bit IV for GCM algorithms
- if (AES_128_GCM.equals(algorithm) || AES_192_GCM.equals(algorithm)
- || AES_256_GCM.equals(algorithm)) {
- if (random == null) {
- random = SecureRandom.getInstance("SHA1PRNG");
- }
- byte[] temp = new byte[12];
- random.nextBytes(temp);
- IvParameterSpec paramSpec = new IvParameterSpec(temp);
- c.init(cipherMode, key, paramSpec);
- } else {
- c.init(cipherMode, key);
- }
- } catch (InvalidKeyException ike) {
- throw new XMLEncryptionException("empty", ike);
- } catch (NoSuchAlgorithmException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
-
- try {
- if (serializedData != null) {
- int numBytes;
- byte[] buf = new byte[8192];
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- while ((numBytes = serializedData.read(buf)) != -1) {
- byte[] data = c.update(buf, 0, numBytes);
- baos.write(data);
- }
- baos.write(c.doFinal());
- encryptedBytes = baos.toByteArray();
- } else {
- encryptedBytes = c.doFinal(serializedOctets);
- if (log.isDebugEnabled()) {
- log.debug("Expected cipher.outputSize = " +
- Integer.toString(c.getOutputSize(serializedOctets.length)));
- }
- }
- if (log.isDebugEnabled()) {
- log.debug("Actual cipher.outputSize = "
- + Integer.toString(encryptedBytes.length));
- }
- } catch (IllegalStateException ise) {
- throw new XMLEncryptionException("empty", ise);
- } catch (IllegalBlockSizeException ibse) {
- throw new XMLEncryptionException("empty", ibse);
- } catch (BadPaddingException bpe) {
- throw new XMLEncryptionException("empty", bpe);
- } catch (UnsupportedEncodingException uee) {
- throw new XMLEncryptionException("empty", uee);
- }
-
- // Now build up to a properly XML Encryption encoded octet stream
- // IvParameterSpec iv;
- byte[] iv = c.getIV();
- byte[] finalEncryptedBytes = new byte[iv.length + encryptedBytes.length];
- System.arraycopy(iv, 0, finalEncryptedBytes, 0, iv.length);
- System.arraycopy(encryptedBytes, 0, finalEncryptedBytes, iv.length, encryptedBytes.length);
- String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);
-
- if (log.isDebugEnabled()) {
- log.debug("Encrypted octets:\n" + base64EncodedEncryptedOctets);
- log.debug("Encrypted octets length = " + base64EncodedEncryptedOctets.length());
- }
-
- try {
- CipherData cd = ed.getCipherData();
- CipherValue cv = cd.getCipherValue();
- // cv.setValue(base64EncodedEncryptedOctets.getBytes());
- cv.setValue(base64EncodedEncryptedOctets);
-
- if (type != null) {
- ed.setType(new URI(type).toString());
- }
- EncryptionMethod method =
- factory.newEncryptionMethod(new URI(algorithm).toString());
- method.setDigestAlgorithm(digestAlg);
- ed.setEncryptionMethod(method);
- } catch (URISyntaxException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
- return ed;
- }
-
- /**
- * Returns an <code>EncryptedData</code> interface. Use this operation if
- * you want to load an <code>EncryptedData</code> structure from a DOM
- * structure and manipulate the contents.
- *
- * @param context the context <code>Document</code>.
- * @param element the <code>Element</code> that will be loaded
- * @throws XMLEncryptionException
- * @return the <code>EncryptedData</code>
- */
- public EncryptedData loadEncryptedData(Document context, Element element)
- throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Loading encrypted element...");
- }
- if (null == context) {
- throw new NullPointerException("Context document unexpectedly null...");
- }
- if (null == element) {
- throw new NullPointerException("Element unexpectedly null...");
- }
- if (cipherMode != DECRYPT_MODE) {
- throw new XMLEncryptionException("XMLCipher unexpectedly not in DECRYPT_MODE...");
- }
-
- contextDocument = context;
- ed = factory.newEncryptedData(element);
-
- return ed;
- }
-
- /**
- * Returns an <code>EncryptedKey</code> interface. Use this operation if
- * you want to load an <code>EncryptedKey</code> structure from a DOM
- * structure and manipulate the contents.
- *
- * @param context the context <code>Document</code>.
- * @param element the <code>Element</code> that will be loaded
- * @return the <code>EncryptedKey</code>
- * @throws XMLEncryptionException
- */
- public EncryptedKey loadEncryptedKey(Document context, Element element)
- throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Loading encrypted key...");
- }
- if (null == context) {
- throw new NullPointerException("Context document unexpectedly null...");
- }
- if (null == element) {
- throw new NullPointerException("Element unexpectedly null...");
- }
- if (cipherMode != UNWRAP_MODE && cipherMode != DECRYPT_MODE) {
- throw new XMLEncryptionException(
- "XMLCipher unexpectedly not in UNWRAP_MODE or DECRYPT_MODE..."
- );
- }
-
- contextDocument = context;
- ek = factory.newEncryptedKey(element);
- return ek;
- }
-
- /**
- * Returns an <code>EncryptedKey</code> interface. Use this operation if
- * you want to load an <code>EncryptedKey</code> structure from a DOM
- * structure and manipulate the contents.
- *
- * Assumes that the context document is the document that owns the element
- *
- * @param element the <code>Element</code> that will be loaded
- * @return the <code>EncryptedKey</code>
- * @throws XMLEncryptionException
- */
- public EncryptedKey loadEncryptedKey(Element element) throws XMLEncryptionException {
- return loadEncryptedKey(element.getOwnerDocument(), element);
- }
-
- /**
- * Encrypts a key to an EncryptedKey structure
- *
- * @param doc the Context document that will be used to general DOM
- * @param key Key to encrypt (will use previously set KEK to
- * perform encryption
- * @return the <code>EncryptedKey</code>
- * @throws XMLEncryptionException
- */
- public EncryptedKey encryptKey(Document doc, Key key) throws XMLEncryptionException {
- return encryptKey(doc, key, null, null);
- }
-
- /**
- * Encrypts a key to an EncryptedKey structure
- *
- * @param doc the Context document that will be used to general DOM
- * @param key Key to encrypt (will use previously set KEK to
- * perform encryption
- * @param mgfAlgorithm The xenc11 MGF Algorithm to use
- * @param oaepParams The OAEPParams to use
- * @return the <code>EncryptedKey</code>
- * @throws XMLEncryptionException
- */
- public EncryptedKey encryptKey(
- Document doc,
- Key key,
- String mgfAlgorithm,
- byte[] oaepParams
- ) throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Encrypting key ...");
- }
-
- if (null == key) {
- log.error("Key unexpectedly null...");
- }
- if (cipherMode != WRAP_MODE) {
- log.debug("XMLCipher unexpectedly not in WRAP_MODE...");
- }
- if (algorithm == null) {
- throw new XMLEncryptionException("XMLCipher instance without transformation specified");
- }
-
- contextDocument = doc;
-
- byte[] encryptedBytes = null;
- Cipher c;
-
- if (contextCipher == null) {
- // Now create the working cipher
- c = constructCipher(algorithm, null);
- } else {
- c = contextCipher;
- }
- // Now perform the encryption
-
- try {
- // Should internally generate an IV
- // todo - allow user to set an IV
- OAEPParameterSpec oaepParameters =
- constructOAEPParameters(
- algorithm, digestAlg, mgfAlgorithm, oaepParams
- );
- if (oaepParameters == null) {
- c.init(Cipher.WRAP_MODE, this.key);
- } else {
- c.init(Cipher.WRAP_MODE, this.key, oaepParameters);
- }
- encryptedBytes = c.wrap(key);
- } catch (InvalidKeyException ike) {
- throw new XMLEncryptionException("empty", ike);
- } catch (IllegalBlockSizeException ibse) {
- throw new XMLEncryptionException("empty", ibse);
- } catch (InvalidAlgorithmParameterException e) {
- throw new XMLEncryptionException("empty", e);
- }
-
- String base64EncodedEncryptedOctets = Base64.encode(encryptedBytes);
- if (log.isDebugEnabled()) {
- log.debug("Encrypted key octets:\n" + base64EncodedEncryptedOctets);
- log.debug("Encrypted key octets length = " + base64EncodedEncryptedOctets.length());
- }
-
- CipherValue cv = ek.getCipherData().getCipherValue();
- cv.setValue(base64EncodedEncryptedOctets);
-
- try {
- EncryptionMethod method = factory.newEncryptionMethod(new URI(algorithm).toString());
- method.setDigestAlgorithm(digestAlg);
- method.setMGFAlgorithm(mgfAlgorithm);
- method.setOAEPparams(oaepParams);
- ek.setEncryptionMethod(method);
- } catch (URISyntaxException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
- return ek;
- }
-
- /**
- * Decrypt a key from a passed in EncryptedKey structure
- *
- * @param encryptedKey Previously loaded EncryptedKey that needs
- * to be decrypted.
- * @param algorithm Algorithm for the decryption
- * @return a key corresponding to the given type
- * @throws XMLEncryptionException
- */
- public Key decryptKey(EncryptedKey encryptedKey, String algorithm)
- throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Decrypting key from previously loaded EncryptedKey...");
- }
-
- if (cipherMode != UNWRAP_MODE && log.isDebugEnabled()) {
- log.debug("XMLCipher unexpectedly not in UNWRAP_MODE...");
- }
-
- if (algorithm == null) {
- throw new XMLEncryptionException("Cannot decrypt a key without knowing the algorithm");
- }
-
- if (key == null) {
- if (log.isDebugEnabled()) {
- log.debug("Trying to find a KEK via key resolvers");
- }
-
- KeyInfo ki = encryptedKey.getKeyInfo();
- if (ki != null) {
- ki.setSecureValidation(secureValidation);
- try {
- String keyWrapAlg = encryptedKey.getEncryptionMethod().getAlgorithm();
- String keyType = JCEMapper.getJCEKeyAlgorithmFromURI(keyWrapAlg);
- if ("RSA".equals(keyType)) {
- key = ki.getPrivateKey();
- } else {
- key = ki.getSecretKey();
- }
- }
- catch (Exception e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- }
- }
- if (key == null) {
- log.error("XMLCipher::decryptKey called without a KEK and cannot resolve");
- throw new XMLEncryptionException("Unable to decrypt without a KEK");
- }
- }
-
- // Obtain the encrypted octets
- XMLCipherInput cipherInput = new XMLCipherInput(encryptedKey);
- cipherInput.setSecureValidation(secureValidation);
- byte[] encryptedBytes = cipherInput.getBytes();
-
- String jceKeyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(algorithm);
- if (log.isDebugEnabled()) {
- log.debug("JCE Key Algorithm: " + jceKeyAlgorithm);
- }
-
- Cipher c;
- if (contextCipher == null) {
- // Now create the working cipher
- c =
- constructCipher(
- encryptedKey.getEncryptionMethod().getAlgorithm(),
- encryptedKey.getEncryptionMethod().getDigestAlgorithm()
- );
- } else {
- c = contextCipher;
- }
-
- Key ret;
-
- try {
- EncryptionMethod encMethod = encryptedKey.getEncryptionMethod();
- OAEPParameterSpec oaepParameters =
- constructOAEPParameters(
- encMethod.getAlgorithm(), encMethod.getDigestAlgorithm(),
- encMethod.getMGFAlgorithm(), encMethod.getOAEPparams()
- );
- if (oaepParameters == null) {
- c.init(Cipher.UNWRAP_MODE, key);
- } else {
- c.init(Cipher.UNWRAP_MODE, key, oaepParameters);
- }
- ret = c.unwrap(encryptedBytes, jceKeyAlgorithm, Cipher.SECRET_KEY);
- } catch (InvalidKeyException ike) {
- throw new XMLEncryptionException("empty", ike);
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLEncryptionException("empty", nsae);
- } catch (InvalidAlgorithmParameterException e) {
- throw new XMLEncryptionException("empty", e);
- }
- if (log.isDebugEnabled()) {
- log.debug("Decryption of key type " + algorithm + " OK");
- }
-
- return ret;
- }
-
- /**
- * Construct an OAEPParameterSpec object from the given parameters
- */
- private OAEPParameterSpec constructOAEPParameters(
- String encryptionAlgorithm,
- String digestAlgorithm,
- String mgfAlgorithm,
- byte[] oaepParams
- ) {
- if (XMLCipher.RSA_OAEP.equals(encryptionAlgorithm)
- || XMLCipher.RSA_OAEP_11.equals(encryptionAlgorithm)) {
-
- String jceDigestAlgorithm = "SHA-1";
- if (digestAlgorithm != null) {
- jceDigestAlgorithm = JCEMapper.translateURItoJCEID(digestAlgorithm);
- }
-
- PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
- if (oaepParams != null) {
- pSource = new PSource.PSpecified(oaepParams);
- }
-
- MGF1ParameterSpec mgfParameterSpec = new MGF1ParameterSpec("SHA-1");
- if (XMLCipher.RSA_OAEP_11.equals(encryptionAlgorithm)) {
- if (EncryptionConstants.MGF1_SHA256.equals(mgfAlgorithm)) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-256");
- } else if (EncryptionConstants.MGF1_SHA384.equals(mgfAlgorithm)) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-384");
- } else if (EncryptionConstants.MGF1_SHA512.equals(mgfAlgorithm)) {
- mgfParameterSpec = new MGF1ParameterSpec("SHA-512");
- }
- }
- return new OAEPParameterSpec(jceDigestAlgorithm, "MGF1", mgfParameterSpec, pSource);
- }
-
- return null;
- }
-
- /**
- * Construct a Cipher object
- */
- private Cipher constructCipher(String algorithm, String digestAlgorithm) throws XMLEncryptionException {
- String jceAlgorithm = JCEMapper.translateURItoJCEID(algorithm);
- if (log.isDebugEnabled()) {
- log.debug("JCE Algorithm = " + jceAlgorithm);
- }
-
- Cipher c;
- try {
- if (requestedJCEProvider == null) {
- c = Cipher.getInstance(jceAlgorithm);
- } else {
- c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
- }
- } catch (NoSuchAlgorithmException nsae) {
- // Check to see if an RSA OAEP MGF-1 with SHA-1 algorithm was requested
- // Some JDKs don't support RSA/ECB/OAEPPadding
- if (XMLCipher.RSA_OAEP.equals(algorithm)
- && (digestAlgorithm == null
- || MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1.equals(digestAlgorithm))) {
- try {
- if (requestedJCEProvider == null) {
- c = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
- } else {
- c = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding", requestedJCEProvider);
- }
- } catch (Exception ex) {
- throw new XMLEncryptionException("empty", ex);
- }
- } else {
- throw new XMLEncryptionException("empty", nsae);
- }
- } catch (NoSuchProviderException nspre) {
- throw new XMLEncryptionException("empty", nspre);
- } catch (NoSuchPaddingException nspae) {
- throw new XMLEncryptionException("empty", nspae);
- }
-
- return c;
- }
-
- /**
- * Decrypt a key from a passed in EncryptedKey structure. This version
- * is used mainly internally, when the cipher already has an
- * EncryptedData loaded. The algorithm URI will be read from the
- * EncryptedData
- *
- * @param encryptedKey Previously loaded EncryptedKey that needs
- * to be decrypted.
- * @return a key corresponding to the given type
- * @throws XMLEncryptionException
- */
- public Key decryptKey(EncryptedKey encryptedKey) throws XMLEncryptionException {
- return decryptKey(encryptedKey, ed.getEncryptionMethod().getAlgorithm());
- }
-
- /**
- * Removes the contents of a <code>Node</code>.
- *
- * @param node the <code>Node</code> to clear.
- */
- private static void removeContent(Node node) {
- while (node.hasChildNodes()) {
- node.removeChild(node.getFirstChild());
- }
- }
-
- /**
- * Decrypts <code>EncryptedData</code> in a single-part operation.
- *
- * @param element the <code>EncryptedData</code> to decrypt.
- * @return the <code>Node</code> as a result of the decrypt operation.
- * @throws XMLEncryptionException
- */
- private Document decryptElement(Element element) throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Decrypting element...");
- }
-
- if (cipherMode != DECRYPT_MODE) {
- log.error("XMLCipher unexpectedly not in DECRYPT_MODE...");
- }
-
- byte[] octets = decryptToByteArray(element);
-
- if (log.isDebugEnabled()) {
- log.debug("Decrypted octets:\n" + new String(octets));
- }
-
- Node sourceParent = element.getParentNode();
- Node decryptedNode = serializer.deserialize(octets, sourceParent);
-
- // The de-serialiser returns a node whose children we need to take on.
- if (sourceParent != null && Node.DOCUMENT_NODE == sourceParent.getNodeType()) {
- // If this is a content decryption, this may have problems
- contextDocument.removeChild(contextDocument.getDocumentElement());
- contextDocument.appendChild(decryptedNode);
- } else if (sourceParent != null) {
- sourceParent.replaceChild(decryptedNode, element);
- }
-
- return contextDocument;
- }
-
- /**
- *
- * @param element
- * @return the <code>Node</code> as a result of the decrypt operation.
- * @throws XMLEncryptionException
- */
- private Document decryptElementContent(Element element) throws XMLEncryptionException {
- Element e =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_ENCRYPTEDDATA
- ).item(0);
-
- if (null == e) {
- throw new XMLEncryptionException("No EncryptedData child element.");
- }
-
- return decryptElement(e);
- }
-
- /**
- * Decrypt an EncryptedData element to a byte array.
- *
- * When passed in an EncryptedData node, returns the decryption
- * as a byte array.
- *
- * Does not modify the source document.
- * @param element
- * @return the bytes resulting from the decryption
- * @throws XMLEncryptionException
- */
- public byte[] decryptToByteArray(Element element) throws XMLEncryptionException {
- if (log.isDebugEnabled()) {
- log.debug("Decrypting to ByteArray...");
- }
-
- if (cipherMode != DECRYPT_MODE) {
- log.error("XMLCipher unexpectedly not in DECRYPT_MODE...");
- }
-
- EncryptedData encryptedData = factory.newEncryptedData(element);
-
- if (key == null) {
- KeyInfo ki = encryptedData.getKeyInfo();
- if (ki != null) {
- try {
- // Add an EncryptedKey resolver
- String encMethodAlgorithm = encryptedData.getEncryptionMethod().getAlgorithm();
- EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
- if (internalKeyResolvers != null) {
- int size = internalKeyResolvers.size();
- for (int i = 0; i < size; i++) {
- resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
- }
- }
- ki.registerInternalKeyResolver(resolver);
- ki.setSecureValidation(secureValidation);
- key = ki.getSecretKey();
- } catch (KeyResolverException kre) {
- if (log.isDebugEnabled()) {
- log.debug(kre);
- }
- }
- }
-
- if (key == null) {
- log.error(
- "XMLCipher::decryptElement called without a key and unable to resolve"
- );
- throw new XMLEncryptionException("encryption.nokey");
- }
- }
-
- // Obtain the encrypted octets
- XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
- cipherInput.setSecureValidation(secureValidation);
- byte[] encryptedBytes = cipherInput.getBytes();
-
- // Now create the working cipher
- String jceAlgorithm =
- JCEMapper.translateURItoJCEID(encryptedData.getEncryptionMethod().getAlgorithm());
- if (log.isDebugEnabled()) {
- log.debug("JCE Algorithm = " + jceAlgorithm);
- }
-
- Cipher c;
- try {
- if (requestedJCEProvider == null) {
- c = Cipher.getInstance(jceAlgorithm);
- } else {
- c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
- }
- } catch (NoSuchAlgorithmException nsae) {
- throw new XMLEncryptionException("empty", nsae);
- } catch (NoSuchProviderException nspre) {
- throw new XMLEncryptionException("empty", nspre);
- } catch (NoSuchPaddingException nspae) {
- throw new XMLEncryptionException("empty", nspae);
- }
-
- // Calculate the IV length and copy out
-
- // For now, we only work with Block ciphers, so this will work.
- // This should probably be put into the JCE mapper.
-
- int ivLen = c.getBlockSize();
- String alg = encryptedData.getEncryptionMethod().getAlgorithm();
- if (AES_128_GCM.equals(alg) || AES_192_GCM.equals(alg) || AES_256_GCM.equals(alg)) {
- ivLen = 12;
- }
- byte[] ivBytes = new byte[ivLen];
-
- // You may be able to pass the entire piece in to IvParameterSpec
- // and it will only take the first x bytes, but no way to be certain
- // that this will work for every JCE provider, so lets copy the
- // necessary bytes into a dedicated array.
-
- System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
- IvParameterSpec iv = new IvParameterSpec(ivBytes);
-
- try {
- c.init(cipherMode, key, iv);
- } catch (InvalidKeyException ike) {
- throw new XMLEncryptionException("empty", ike);
- } catch (InvalidAlgorithmParameterException iape) {
- throw new XMLEncryptionException("empty", iape);
- }
-
- try {
- return c.doFinal(encryptedBytes, ivLen, encryptedBytes.length - ivLen);
- } catch (IllegalBlockSizeException ibse) {
- throw new XMLEncryptionException("empty", ibse);
- } catch (BadPaddingException bpe) {
- throw new XMLEncryptionException("empty", bpe);
- }
- }
-
- /*
- * Expose the interface for creating XML Encryption objects
- */
-
- /**
- * Creates an <code>EncryptedData</code> <code>Element</code>.
- *
- * The newEncryptedData and newEncryptedKey methods create fairly complete
- * elements that are immediately useable. All the other create* methods
- * return bare elements that still need to be built upon.
- *<p>
- * An EncryptionMethod will still need to be added however
- *
- * @param type Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of
- * CipherData this EncryptedData will contain.
- * @param value the Base 64 encoded, encrypted text to wrap in the
- * <code>EncryptedData</code> or the URI to set in the CipherReference
- * (usage will depend on the <code>type</code>
- * @return the <code>EncryptedData</code> <code>Element</code>.
- *
- * <!--
- * <EncryptedData Id[OPT] Type[OPT] MimeType[OPT] Encoding[OPT]>
- * <EncryptionMethod/>[OPT]
- * <ds:KeyInfo>[OPT]
- * <EncryptedKey/>[OPT]
- * <AgreementMethod/>[OPT]
- * <ds:KeyName/>[OPT]
- * <ds:RetrievalMethod/>[OPT]
- * <ds:[MUL]/>[OPT]
- * </ds:KeyInfo>
- * <CipherData>[MAN]
- * <CipherValue/> XOR <CipherReference/>
- * </CipherData>
- * <EncryptionProperties/>[OPT]
- * </EncryptedData>
- * -->
- * @throws XMLEncryptionException
- */
- public EncryptedData createEncryptedData(int type, String value) throws XMLEncryptionException {
- EncryptedData result = null;
- CipherData data = null;
-
- switch (type) {
- case CipherData.REFERENCE_TYPE:
- CipherReference cipherReference = factory.newCipherReference(value);
- data = factory.newCipherData(type);
- data.setCipherReference(cipherReference);
- result = factory.newEncryptedData(data);
- break;
- case CipherData.VALUE_TYPE:
- CipherValue cipherValue = factory.newCipherValue(value);
- data = factory.newCipherData(type);
- data.setCipherValue(cipherValue);
- result = factory.newEncryptedData(data);
- }
-
- return result;
- }
-
- /**
- * Creates an <code>EncryptedKey</code> <code>Element</code>.
- *
- * The newEncryptedData and newEncryptedKey methods create fairly complete
- * elements that are immediately useable. All the other create* methods
- * return bare elements that still need to be built upon.
- *<p>
- * An EncryptionMethod will still need to be added however
- *
- * @param type Either REFERENCE_TYPE or VALUE_TYPE - defines what kind of
- * CipherData this EncryptedData will contain.
- * @param value the Base 64 encoded, encrypted text to wrap in the
- * <code>EncryptedKey</code> or the URI to set in the CipherReference
- * (usage will depend on the <code>type</code>
- * @return the <code>EncryptedKey</code> <code>Element</code>.
- *
- * <!--
- * <EncryptedKey Id[OPT] Type[OPT] MimeType[OPT] Encoding[OPT]>
- * <EncryptionMethod/>[OPT]
- * <ds:KeyInfo>[OPT]
- * <EncryptedKey/>[OPT]
- * <AgreementMethod/>[OPT]
- * <ds:KeyName/>[OPT]
- * <ds:RetrievalMethod/>[OPT]
- * <ds:[MUL]/>[OPT]
- * </ds:KeyInfo>
- * <CipherData>[MAN]
- * <CipherValue/> XOR <CipherReference/>
- * </CipherData>
- * <EncryptionProperties/>[OPT]
- * </EncryptedData>
- * -->
- * @throws XMLEncryptionException
- */
- public EncryptedKey createEncryptedKey(int type, String value) throws XMLEncryptionException {
- EncryptedKey result = null;
- CipherData data = null;
-
- switch (type) {
- case CipherData.REFERENCE_TYPE:
- CipherReference cipherReference = factory.newCipherReference(value);
- data = factory.newCipherData(type);
- data.setCipherReference(cipherReference);
- result = factory.newEncryptedKey(data);
- break;
- case CipherData.VALUE_TYPE:
- CipherValue cipherValue = factory.newCipherValue(value);
- data = factory.newCipherData(type);
- data.setCipherValue(cipherValue);
- result = factory.newEncryptedKey(data);
- }
-
- return result;
- }
-
- /**
- * Create an AgreementMethod object
- *
- * @param algorithm Algorithm of the agreement method
- * @return a new <code>AgreementMethod</code>
- */
- public AgreementMethod createAgreementMethod(String algorithm) {
- return factory.newAgreementMethod(algorithm);
- }
-
- /**
- * Create a CipherData object
- *
- * @param type Type of this CipherData (either VALUE_TUPE or
- * REFERENCE_TYPE)
- * @return a new <code>CipherData</code>
- */
- public CipherData createCipherData(int type) {
- return factory.newCipherData(type);
- }
-
- /**
- * Create a CipherReference object
- *
- * @param uri The URI that the reference will refer
- * @return a new <code>CipherReference</code>
- */
- public CipherReference createCipherReference(String uri) {
- return factory.newCipherReference(uri);
- }
-
- /**
- * Create a CipherValue element
- *
- * @param value The value to set the ciphertext to
- * @return a new <code>CipherValue</code>
- */
- public CipherValue createCipherValue(String value) {
- return factory.newCipherValue(value);
- }
-
- /**
- * Create an EncryptionMethod object
- *
- * @param algorithm Algorithm for the encryption
- * @return a new <code>EncryptionMethod</code>
- */
- public EncryptionMethod createEncryptionMethod(String algorithm) {
- return factory.newEncryptionMethod(algorithm);
- }
-
- /**
- * Create an EncryptionProperties element
- * @return a new <code>EncryptionProperties</code>
- */
- public EncryptionProperties createEncryptionProperties() {
- return factory.newEncryptionProperties();
- }
-
- /**
- * Create a new EncryptionProperty element
- * @return a new <code>EncryptionProperty</code>
- */
- public EncryptionProperty createEncryptionProperty() {
- return factory.newEncryptionProperty();
- }
-
- /**
- * Create a new ReferenceList object
- * @param type ReferenceList.DATA_REFERENCE or ReferenceList.KEY_REFERENCE
- * @return a new <code>ReferenceList</code>
- */
- public ReferenceList createReferenceList(int type) {
- return factory.newReferenceList(type);
- }
-
- /**
- * Create a new Transforms object
- * <p>
- * <b>Note</b>: A context document <i>must</i> have been set
- * elsewhere (possibly via a call to doFinal). If not, use the
- * createTransforms(Document) method.
- * @return a new <code>Transforms</code>
- */
- public Transforms createTransforms() {
- return factory.newTransforms();
- }
-
- /**
- * Create a new Transforms object
- *
- * Because the handling of Transforms is currently done in the signature
- * code, the creation of a Transforms object <b>requires</b> a
- * context document.
- *
- * @param doc Document that will own the created Transforms node
- * @return a new <code>Transforms</code>
- */
- public Transforms createTransforms(Document doc) {
- return factory.newTransforms(doc);
- }
-
- /**
- *
- * @author Axl Mattheus
- */
- private class Factory {
- /**
- * @param algorithm
- * @return a new AgreementMethod
- */
- AgreementMethod newAgreementMethod(String algorithm) {
- return new AgreementMethodImpl(algorithm);
- }
-
- /**
- * @param type
- * @return a new CipherData
- *
- */
- CipherData newCipherData(int type) {
- return new CipherDataImpl(type);
- }
-
- /**
- * @param uri
- * @return a new CipherReference
- */
- CipherReference newCipherReference(String uri) {
- return new CipherReferenceImpl(uri);
- }
-
- /**
- * @param value
- * @return a new CipherValue
- */
- CipherValue newCipherValue(String value) {
- return new CipherValueImpl(value);
- }
-
- /*
- CipherValue newCipherValue(byte[] value) {
- return new CipherValueImpl(value);
- }
- */
-
- /**
- * @param data
- * @return a new EncryptedData
- */
- EncryptedData newEncryptedData(CipherData data) {
- return new EncryptedDataImpl(data);
- }
-
- /**
- * @param data
- * @return a new EncryptedKey
- */
- EncryptedKey newEncryptedKey(CipherData data) {
- return new EncryptedKeyImpl(data);
- }
-
- /**
- * @param algorithm
- * @return a new EncryptionMethod
- */
- EncryptionMethod newEncryptionMethod(String algorithm) {
- return new EncryptionMethodImpl(algorithm);
- }
-
- /**
- * @return a new EncryptionProperties
- */
- EncryptionProperties newEncryptionProperties() {
- return new EncryptionPropertiesImpl();
- }
-
- /**
- * @return a new EncryptionProperty
- */
- EncryptionProperty newEncryptionProperty() {
- return new EncryptionPropertyImpl();
- }
-
- /**
- * @param type ReferenceList.DATA_REFERENCE or ReferenceList.KEY_REFERENCE
- * @return a new ReferenceList
- */
- ReferenceList newReferenceList(int type) {
- return new ReferenceListImpl(type);
- }
-
- /**
- * @return a new Transforms
- */
- Transforms newTransforms() {
- return new TransformsImpl();
- }
-
- /**
- * @param doc
- * @return a new Transforms
- */
- Transforms newTransforms(Document doc) {
- return new TransformsImpl(doc);
- }
-
- /**
- * @param element
- * @return a new CipherData
- * @throws XMLEncryptionException
- */
- CipherData newCipherData(Element element) throws XMLEncryptionException {
- if (null == element) {
- throw new NullPointerException("element is null");
- }
-
- int type = 0;
- Element e = null;
- if (element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CIPHERVALUE).getLength() > 0
- ) {
- type = CipherData.VALUE_TYPE;
- e = (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CIPHERVALUE).item(0);
- } else if (element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CIPHERREFERENCE).getLength() > 0) {
- type = CipherData.REFERENCE_TYPE;
- e = (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CIPHERREFERENCE).item(0);
- }
-
- CipherData result = newCipherData(type);
- if (type == CipherData.VALUE_TYPE) {
- result.setCipherValue(newCipherValue(e));
- } else if (type == CipherData.REFERENCE_TYPE) {
- result.setCipherReference(newCipherReference(e));
- }
-
- return result;
- }
-
- /**
- * @param element
- * @return a new CipherReference
- * @throws XMLEncryptionException
- *
- */
- CipherReference newCipherReference(Element element) throws XMLEncryptionException {
-
- Attr uriAttr =
- element.getAttributeNodeNS(null, EncryptionConstants._ATT_URI);
- CipherReference result = new CipherReferenceImpl(uriAttr);
-
- // Find any Transforms
- NodeList transformsElements =
- element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_TRANSFORMS);
- Element transformsElement = (Element) transformsElements.item(0);
-
- if (transformsElement != null) {
- if (log.isDebugEnabled()) {
- log.debug("Creating a DSIG based Transforms element");
- }
- try {
- result.setTransforms(new TransformsImpl(transformsElement));
- } catch (XMLSignatureException xse) {
- throw new XMLEncryptionException("empty", xse);
- } catch (InvalidTransformException ite) {
- throw new XMLEncryptionException("empty", ite);
- } catch (XMLSecurityException xse) {
- throw new XMLEncryptionException("empty", xse);
- }
- }
-
- return result;
- }
-
- /**
- * @param element
- * @return a new CipherValue
- */
- CipherValue newCipherValue(Element element) {
- String value = XMLUtils.getFullTextChildrenFromElement(element);
-
- return newCipherValue(value);
- }
-
- /**
- * @param element
- * @return a new EncryptedData
- * @throws XMLEncryptionException
- *
- */
- EncryptedData newEncryptedData(Element element) throws XMLEncryptionException {
- EncryptedData result = null;
-
- NodeList dataElements =
- element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
-
- // Need to get the last CipherData found, as earlier ones will
- // be for elements in the KeyInfo lists
-
- Element dataElement =
- (Element) dataElements.item(dataElements.getLength() - 1);
-
- CipherData data = newCipherData(dataElement);
-
- result = newEncryptedData(data);
-
- result.setId(element.getAttributeNS(null, EncryptionConstants._ATT_ID));
- result.setType(element.getAttributeNS(null, EncryptionConstants._ATT_TYPE));
- result.setMimeType(element.getAttributeNS(null, EncryptionConstants._ATT_MIMETYPE));
- result.setEncoding( element.getAttributeNS(null, Constants._ATT_ENCODING));
-
- Element encryptionMethodElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_ENCRYPTIONMETHOD).item(0);
- if (null != encryptionMethodElement) {
- result.setEncryptionMethod(newEncryptionMethod(encryptionMethodElement));
- }
-
- // BFL 16/7/03 - simple implementation
- // TODO: Work out how to handle relative URI
-
- Element keyInfoElement =
- (Element) element.getElementsByTagNameNS(
- Constants.SignatureSpecNS, Constants._TAG_KEYINFO).item(0);
- if (null != keyInfoElement) {
- KeyInfo ki = newKeyInfo(keyInfoElement);
- result.setKeyInfo(ki);
- }
-
- // TODO: Implement
- Element encryptionPropertiesElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_ENCRYPTIONPROPERTIES).item(0);
- if (null != encryptionPropertiesElement) {
- result.setEncryptionProperties(
- newEncryptionProperties(encryptionPropertiesElement)
- );
- }
-
- return result;
- }
-
- /**
- * @param element
- * @return a new EncryptedKey
- * @throws XMLEncryptionException
- */
- EncryptedKey newEncryptedKey(Element element) throws XMLEncryptionException {
- EncryptedKey result = null;
- NodeList dataElements =
- element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_CIPHERDATA);
- Element dataElement =
- (Element) dataElements.item(dataElements.getLength() - 1);
-
- CipherData data = newCipherData(dataElement);
- result = newEncryptedKey(data);
-
- result.setId(element.getAttributeNS(null, EncryptionConstants._ATT_ID));
- result.setType(element.getAttributeNS(null, EncryptionConstants._ATT_TYPE));
- result.setMimeType(element.getAttributeNS(null, EncryptionConstants._ATT_MIMETYPE));
- result.setEncoding(element.getAttributeNS(null, Constants._ATT_ENCODING));
- result.setRecipient(element.getAttributeNS(null, EncryptionConstants._ATT_RECIPIENT));
-
- Element encryptionMethodElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_ENCRYPTIONMETHOD).item(0);
- if (null != encryptionMethodElement) {
- result.setEncryptionMethod(newEncryptionMethod(encryptionMethodElement));
- }
-
- Element keyInfoElement =
- (Element) element.getElementsByTagNameNS(
- Constants.SignatureSpecNS, Constants._TAG_KEYINFO).item(0);
- if (null != keyInfoElement) {
- KeyInfo ki = newKeyInfo(keyInfoElement);
- result.setKeyInfo(ki);
- }
-
- // TODO: Implement
- Element encryptionPropertiesElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_ENCRYPTIONPROPERTIES).item(0);
- if (null != encryptionPropertiesElement) {
- result.setEncryptionProperties(
- newEncryptionProperties(encryptionPropertiesElement)
- );
- }
-
- Element referenceListElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_REFERENCELIST).item(0);
- if (null != referenceListElement) {
- result.setReferenceList(newReferenceList(referenceListElement));
- }
-
- Element carriedNameElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CARRIEDKEYNAME).item(0);
- if (null != carriedNameElement) {
- result.setCarriedName(carriedNameElement.getFirstChild().getNodeValue());
- }
-
- return result;
- }
-
- /**
- * @param element
- * @return a new KeyInfo
- * @throws XMLEncryptionException
- */
- KeyInfo newKeyInfo(Element element) throws XMLEncryptionException {
- try {
- KeyInfo ki = new KeyInfo(element, null);
- ki.setSecureValidation(secureValidation);
- if (internalKeyResolvers != null) {
- int size = internalKeyResolvers.size();
- for (int i = 0; i < size; i++) {
- ki.registerInternalKeyResolver(internalKeyResolvers.get(i));
- }
- }
- return ki;
- } catch (XMLSecurityException xse) {
- throw new XMLEncryptionException("Error loading Key Info", xse);
- }
- }
-
- /**
- * @param element
- * @return a new EncryptionMethod
- */
- EncryptionMethod newEncryptionMethod(Element element) {
- String encAlgorithm = element.getAttributeNS(null, EncryptionConstants._ATT_ALGORITHM);
- EncryptionMethod result = newEncryptionMethod(encAlgorithm);
-
- Element keySizeElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_KEYSIZE).item(0);
- if (null != keySizeElement) {
- result.setKeySize(
- Integer.valueOf(
- keySizeElement.getFirstChild().getNodeValue()).intValue());
- }
-
- Element oaepParamsElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_OAEPPARAMS).item(0);
- if (null != oaepParamsElement) {
- try {
- String oaepParams = oaepParamsElement.getFirstChild().getNodeValue();
- result.setOAEPparams(Base64.decode(oaepParams.getBytes("UTF-8")));
- } catch(UnsupportedEncodingException e) {
- throw new RuntimeException("UTF-8 not supported", e);
- } catch (Base64DecodingException e) {
- throw new RuntimeException("BASE-64 decoding error", e);
- }
- }
-
- Element digestElement =
- (Element) element.getElementsByTagNameNS(
- Constants.SignatureSpecNS, Constants._TAG_DIGESTMETHOD).item(0);
- if (digestElement != null) {
- String digestAlgorithm = digestElement.getAttributeNS(null, "Algorithm");
- result.setDigestAlgorithm(digestAlgorithm);
- }
-
- Element mgfElement =
- (Element) element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpec11NS, EncryptionConstants._TAG_MGF).item(0);
- if (mgfElement != null && !XMLCipher.RSA_OAEP.equals(algorithm)) {
- String mgfAlgorithm = mgfElement.getAttributeNS(null, "Algorithm");
- result.setMGFAlgorithm(mgfAlgorithm);
- }
-
- // TODO: Make this mess work
- // <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
-
- return result;
- }
-
- /**
- * @param element
- * @return a new EncryptionProperties
- */
- EncryptionProperties newEncryptionProperties(Element element) {
- EncryptionProperties result = newEncryptionProperties();
-
- result.setId(element.getAttributeNS(null, EncryptionConstants._ATT_ID));
-
- NodeList encryptionPropertyList =
- element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_ENCRYPTIONPROPERTY);
- for (int i = 0; i < encryptionPropertyList.getLength(); i++) {
- Node n = encryptionPropertyList.item(i);
- if (null != n) {
- result.addEncryptionProperty(newEncryptionProperty((Element) n));
- }
- }
-
- return result;
- }
-
- /**
- * @param element
- * @return a new EncryptionProperty
- */
- EncryptionProperty newEncryptionProperty(Element element) {
- EncryptionProperty result = newEncryptionProperty();
-
- result.setTarget(element.getAttributeNS(null, EncryptionConstants._ATT_TARGET));
- result.setId(element.getAttributeNS(null, EncryptionConstants._ATT_ID));
- // TODO: Make this lot work...
- // <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
-
- // TODO: Make this work...
- // <any namespace='##other' processContents='lax'/>
-
- return result;
- }
-
- /**
- * @param element
- * @return a new ReferenceList
- */
- ReferenceList newReferenceList(Element element) {
- int type = 0;
- if (null != element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_DATAREFERENCE).item(0)) {
- type = ReferenceList.DATA_REFERENCE;
- } else if (null != element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_KEYREFERENCE).item(0)) {
- type = ReferenceList.KEY_REFERENCE;
- }
-
- ReferenceList result = new ReferenceListImpl(type);
- NodeList list = null;
- switch (type) {
- case ReferenceList.DATA_REFERENCE:
- list =
- element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_DATAREFERENCE);
- for (int i = 0; i < list.getLength() ; i++) {
- String uri = ((Element) list.item(i)).getAttribute("URI");
- result.add(result.newDataReference(uri));
- }
- break;
- case ReferenceList.KEY_REFERENCE:
- list =
- element.getElementsByTagNameNS(
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_KEYREFERENCE);
- for (int i = 0; i < list.getLength() ; i++) {
- String uri = ((Element) list.item(i)).getAttribute("URI");
- result.add(result.newKeyReference(uri));
- }
- }
-
- return result;
- }
-
- /**
- * @param encryptedData
- * @return the XML Element form of that EncryptedData
- */
- Element toElement(EncryptedData encryptedData) {
- return ((EncryptedDataImpl) encryptedData).toElement();
- }
-
- /**
- * @param encryptedKey
- * @return the XML Element form of that EncryptedKey
- */
- Element toElement(EncryptedKey encryptedKey) {
- return ((EncryptedKeyImpl) encryptedKey).toElement();
- }
-
- /**
- * @param referenceList
- * @return the XML Element form of that ReferenceList
- */
- Element toElement(ReferenceList referenceList) {
- return ((ReferenceListImpl) referenceList).toElement();
- }
-
- private class AgreementMethodImpl implements AgreementMethod {
- private byte[] kaNonce = null;
- private List<Element> agreementMethodInformation = null;
- private KeyInfo originatorKeyInfo = null;
- private KeyInfo recipientKeyInfo = null;
- private String algorithmURI = null;
-
- /**
- * @param algorithm
- */
- public AgreementMethodImpl(String algorithm) {
- agreementMethodInformation = new LinkedList<Element>();
- URI tmpAlgorithm = null;
- try {
- tmpAlgorithm = new URI(algorithm);
- } catch (URISyntaxException ex) {
- throw (IllegalArgumentException)
- new IllegalArgumentException().initCause(ex);
- }
- algorithmURI = tmpAlgorithm.toString();
- }
-
- /** @inheritDoc */
- public byte[] getKANonce() {
- return kaNonce;
- }
-
- /** @inheritDoc */
- public void setKANonce(byte[] kanonce) {
- kaNonce = kanonce;
- }
-
- /** @inheritDoc */
- public Iterator<Element> getAgreementMethodInformation() {
- return agreementMethodInformation.iterator();
- }
-
- /** @inheritDoc */
- public void addAgreementMethodInformation(Element info) {
- agreementMethodInformation.add(info);
- }
-
- /** @inheritDoc */
- public void revoveAgreementMethodInformation(Element info) {
- agreementMethodInformation.remove(info);
- }
-
- /** @inheritDoc */
- public KeyInfo getOriginatorKeyInfo() {
- return originatorKeyInfo;
- }
-
- /** @inheritDoc */
- public void setOriginatorKeyInfo(KeyInfo keyInfo) {
- originatorKeyInfo = keyInfo;
- }
-
- /** @inheritDoc */
- public KeyInfo getRecipientKeyInfo() {
- return recipientKeyInfo;
- }
-
- /** @inheritDoc */
- public void setRecipientKeyInfo(KeyInfo keyInfo) {
- recipientKeyInfo = keyInfo;
- }
-
- /** @inheritDoc */
- public String getAlgorithm() {
- return algorithmURI;
- }
- }
-
- private class CipherDataImpl implements CipherData {
- private static final String valueMessage =
- "Data type is reference type.";
- private static final String referenceMessage =
- "Data type is value type.";
- private CipherValue cipherValue = null;
- private CipherReference cipherReference = null;
- private int cipherType = Integer.MIN_VALUE;
-
- /**
- * @param type
- */
- public CipherDataImpl(int type) {
- cipherType = type;
- }
-
- /** @inheritDoc */
- public CipherValue getCipherValue() {
- return cipherValue;
- }
-
- /** @inheritDoc */
- public void setCipherValue(CipherValue value) throws XMLEncryptionException {
-
- if (cipherType == REFERENCE_TYPE) {
- throw new XMLEncryptionException(
- "empty", new UnsupportedOperationException(valueMessage)
- );
- }
-
- cipherValue = value;
- }
-
- /** @inheritDoc */
- public CipherReference getCipherReference() {
- return cipherReference;
- }
-
- /** @inheritDoc */
- public void setCipherReference(CipherReference reference) throws
- XMLEncryptionException {
- if (cipherType == VALUE_TYPE) {
- throw new XMLEncryptionException(
- "empty", new UnsupportedOperationException(referenceMessage)
- );
- }
-
- cipherReference = reference;
- }
-
- /** @inheritDoc */
- public int getDataType() {
- return cipherType;
- }
-
- Element toElement() {
- Element result =
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_CIPHERDATA
- );
- if (cipherType == VALUE_TYPE) {
- result.appendChild(((CipherValueImpl) cipherValue).toElement());
- } else if (cipherType == REFERENCE_TYPE) {
- result.appendChild(((CipherReferenceImpl) cipherReference).toElement());
- }
-
- return result;
- }
- }
-
- private class CipherReferenceImpl implements CipherReference {
- private String referenceURI = null;
- private Transforms referenceTransforms = null;
- private Attr referenceNode = null;
-
- /**
- * @param uri
- */
- public CipherReferenceImpl(String uri) {
- /* Don't check validity of URI as may be "" */
- referenceURI = uri;
- referenceNode = null;
- }
-
- /**
- * @param uri
- */
- public CipherReferenceImpl(Attr uri) {
- referenceURI = uri.getNodeValue();
- referenceNode = uri;
- }
-
- /** @inheritDoc */
- public String getURI() {
- return referenceURI;
- }
-
- /** @inheritDoc */
- public Attr getURIAsAttr() {
- return referenceNode;
- }
-
- /** @inheritDoc */
- public Transforms getTransforms() {
- return referenceTransforms;
- }
-
- /** @inheritDoc */
- public void setTransforms(Transforms transforms) {
- referenceTransforms = transforms;
- }
-
- Element toElement() {
- Element result =
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_CIPHERREFERENCE
- );
- result.setAttributeNS(null, EncryptionConstants._ATT_URI, referenceURI);
- if (null != referenceTransforms) {
- result.appendChild(((TransformsImpl) referenceTransforms).toElement());
- }
-
- return result;
- }
- }
-
- private class CipherValueImpl implements CipherValue {
- private String cipherValue = null;
-
- /**
- * @param value
- */
- public CipherValueImpl(String value) {
- cipherValue = value;
- }
-
- /** @inheritDoc */
- public String getValue() {
- return cipherValue;
- }
-
- /** @inheritDoc */
- public void setValue(String value) {
- cipherValue = value;
- }
-
- Element toElement() {
- Element result =
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_CIPHERVALUE
- );
- result.appendChild(contextDocument.createTextNode(cipherValue));
-
- return result;
- }
- }
-
- private class EncryptedDataImpl extends EncryptedTypeImpl implements EncryptedData {
-
- /**
- * @param data
- */
- public EncryptedDataImpl(CipherData data) {
- super(data);
- }
-
- Element toElement() {
- Element result =
- ElementProxy.createElementForFamily(
- contextDocument, EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_ENCRYPTEDDATA
- );
-
- if (null != super.getId()) {
- result.setAttributeNS(null, EncryptionConstants._ATT_ID, super.getId());
- }
- if (null != super.getType()) {
- result.setAttributeNS(null, EncryptionConstants._ATT_TYPE, super.getType());
- }
- if (null != super.getMimeType()) {
- result.setAttributeNS(
- null, EncryptionConstants._ATT_MIMETYPE, super.getMimeType()
- );
- }
- if (null != super.getEncoding()) {
- result.setAttributeNS(
- null, EncryptionConstants._ATT_ENCODING, super.getEncoding()
- );
- }
- if (null != super.getEncryptionMethod()) {
- result.appendChild(
- ((EncryptionMethodImpl)super.getEncryptionMethod()).toElement()
- );
- }
- if (null != super.getKeyInfo()) {
- result.appendChild(super.getKeyInfo().getElement().cloneNode(true));
- }
-
- result.appendChild(((CipherDataImpl) super.getCipherData()).toElement());
- if (null != super.getEncryptionProperties()) {
- result.appendChild(((EncryptionPropertiesImpl)
- super.getEncryptionProperties()).toElement());
- }
-
- return result;
- }
- }
-
- private class EncryptedKeyImpl extends EncryptedTypeImpl implements EncryptedKey {
- private String keyRecipient = null;
- private ReferenceList referenceList = null;
- private String carriedName = null;
-
- /**
- * @param data
- */
- public EncryptedKeyImpl(CipherData data) {
- super(data);
- }
-
- /** @inheritDoc */
- public String getRecipient() {
- return keyRecipient;
- }
-
- /** @inheritDoc */
- public void setRecipient(String recipient) {
- keyRecipient = recipient;
- }
-
- /** @inheritDoc */
- public ReferenceList getReferenceList() {
- return referenceList;
- }
-
- /** @inheritDoc */
- public void setReferenceList(ReferenceList list) {
- referenceList = list;
- }
-
- /** @inheritDoc */
- public String getCarriedName() {
- return carriedName;
- }
-
- /** @inheritDoc */
- public void setCarriedName(String name) {
- carriedName = name;
- }
-
- Element toElement() {
- Element result =
- ElementProxy.createElementForFamily(
- contextDocument, EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_ENCRYPTEDKEY
- );
-
- if (null != super.getId()) {
- result.setAttributeNS(null, EncryptionConstants._ATT_ID, super.getId());
- }
- if (null != super.getType()) {
- result.setAttributeNS(null, EncryptionConstants._ATT_TYPE, super.getType());
- }
- if (null != super.getMimeType()) {
- result.setAttributeNS(
- null, EncryptionConstants._ATT_MIMETYPE, super.getMimeType()
- );
- }
- if (null != super.getEncoding()) {
- result.setAttributeNS(null, Constants._ATT_ENCODING, super.getEncoding());
- }
- if (null != getRecipient()) {
- result.setAttributeNS(
- null, EncryptionConstants._ATT_RECIPIENT, getRecipient()
- );
- }
- if (null != super.getEncryptionMethod()) {
- result.appendChild(((EncryptionMethodImpl)
- super.getEncryptionMethod()).toElement());
- }
- if (null != super.getKeyInfo()) {
- result.appendChild(super.getKeyInfo().getElement().cloneNode(true));
- }
- result.appendChild(((CipherDataImpl) super.getCipherData()).toElement());
- if (null != super.getEncryptionProperties()) {
- result.appendChild(((EncryptionPropertiesImpl)
- super.getEncryptionProperties()).toElement());
- }
- if (referenceList != null && !referenceList.isEmpty()) {
- result.appendChild(((ReferenceListImpl)getReferenceList()).toElement());
- }
- if (null != carriedName) {
- Element element =
- ElementProxy.createElementForFamily(
- contextDocument,
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_CARRIEDKEYNAME
- );
- Node node = contextDocument.createTextNode(carriedName);
- element.appendChild(node);
- result.appendChild(element);
- }
-
- return result;
- }
- }
-
- private abstract class EncryptedTypeImpl {
- private String id = null;
- private String type = null;
- private String mimeType = null;
- private String encoding = null;
- private EncryptionMethod encryptionMethod = null;
- private KeyInfo keyInfo = null;
- private CipherData cipherData = null;
- private EncryptionProperties encryptionProperties = null;
-
- /**
- * Constructor.
- * @param data
- */
- protected EncryptedTypeImpl(CipherData data) {
- cipherData = data;
- }
-
- /**
- *
- * @return the Id
- */
- public String getId() {
- return id;
- }
-
- /**
- *
- * @param id
- */
- public void setId(String id) {
- this.id = id;
- }
-
- /**
- *
- * @return the type
- */
- public String getType() {
- return type;
- }
-
- /**
- *
- * @param type
- */
- public void setType(String type) {
- if (type == null || type.length() == 0) {
- this.type = null;
- } else {
- URI tmpType = null;
- try {
- tmpType = new URI(type);
- } catch (URISyntaxException ex) {
- throw (IllegalArgumentException)
- new IllegalArgumentException().initCause(ex);
- }
- this.type = tmpType.toString();
- }
- }
-
- /**
- *
- * @return the MimeType
- */
- public String getMimeType() {
- return mimeType;
- }
- /**
- *
- * @param type
- */
- public void setMimeType(String type) {
- mimeType = type;
- }
-
- /**
- *
- * @return the encoding
- */
- public String getEncoding() {
- return encoding;
- }
-
- /**
- *
- * @param encoding
- */
- public void setEncoding(String encoding) {
- if (encoding == null || encoding.length() == 0) {
- this.encoding = null;
- } else {
- URI tmpEncoding = null;
- try {
- tmpEncoding = new URI(encoding);
- } catch (URISyntaxException ex) {
- throw (IllegalArgumentException)
- new IllegalArgumentException().initCause(ex);
- }
- this.encoding = tmpEncoding.toString();
- }
- }
-
- /**
- *
- * @return the EncryptionMethod
- */
- public EncryptionMethod getEncryptionMethod() {
- return encryptionMethod;
- }
-
- /**
- *
- * @param method
- */
- public void setEncryptionMethod(EncryptionMethod method) {
- encryptionMethod = method;
- }
-
- /**
- *
- * @return the KeyInfo
- */
- public KeyInfo getKeyInfo() {
- return keyInfo;
- }
-
- /**
- *
- * @param info
- */
- public void setKeyInfo(KeyInfo info) {
- keyInfo = info;
- }
-
- /**
- *
- * @return the CipherData
- */
- public CipherData getCipherData() {
- return cipherData;
- }
-
- /**
- *
- * @return the EncryptionProperties
- */
- public EncryptionProperties getEncryptionProperties() {
- return encryptionProperties;
- }
-
- /**
- *
- * @param properties
- */
- public void setEncryptionProperties(EncryptionProperties properties) {
- encryptionProperties = properties;
- }
- }
-
- private class EncryptionMethodImpl implements EncryptionMethod {
- private String algorithm = null;
- private int keySize = Integer.MIN_VALUE;
- private byte[] oaepParams = null;
- private List<Element> encryptionMethodInformation = null;
- private String digestAlgorithm = null;
- private String mgfAlgorithm = null;
-
- /**
- * Constructor.
- * @param algorithm
- */
- public EncryptionMethodImpl(String algorithm) {
- URI tmpAlgorithm = null;
- try {
- tmpAlgorithm = new URI(algorithm);
- } catch (URISyntaxException ex) {
- throw (IllegalArgumentException)
- new IllegalArgumentException().initCause(ex);
- }
- this.algorithm = tmpAlgorithm.toString();
- encryptionMethodInformation = new LinkedList<Element>();
- }
-
- /** @inheritDoc */
- public String getAlgorithm() {
- return algorithm;
- }
-
- /** @inheritDoc */
- public int getKeySize() {
- return keySize;
- }
-
- /** @inheritDoc */
- public void setKeySize(int size) {
- keySize = size;
- }
-
- /** @inheritDoc */
- public byte[] getOAEPparams() {
- return oaepParams;
- }
-
- /** @inheritDoc */
- public void setOAEPparams(byte[] params) {
- oaepParams = params;
- }
-
- /** @inheritDoc */
- public void setDigestAlgorithm(String digestAlgorithm) {
- this.digestAlgorithm = digestAlgorithm;
- }
-
- /** @inheritDoc */
- public String getDigestAlgorithm() {
- return digestAlgorithm;
- }
-
- /** @inheritDoc */
- public void setMGFAlgorithm(String mgfAlgorithm) {
- this.mgfAlgorithm = mgfAlgorithm;
- }
-
- /** @inheritDoc */
- public String getMGFAlgorithm() {
- return mgfAlgorithm;
- }
-
- /** @inheritDoc */
- public Iterator<Element> getEncryptionMethodInformation() {
- return encryptionMethodInformation.iterator();
- }
-
- /** @inheritDoc */
- public void addEncryptionMethodInformation(Element info) {
- encryptionMethodInformation.add(info);
- }
-
- /** @inheritDoc */
- public void removeEncryptionMethodInformation(Element info) {
- encryptionMethodInformation.remove(info);
- }
-
- Element toElement() {
- Element result =
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_ENCRYPTIONMETHOD
- );
- result.setAttributeNS(null, EncryptionConstants._ATT_ALGORITHM, algorithm);
- if (keySize > 0) {
- result.appendChild(
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_KEYSIZE
- ).appendChild(contextDocument.createTextNode(String.valueOf(keySize))));
- }
- if (null != oaepParams) {
- Element oaepElement =
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_OAEPPARAMS
- );
- oaepElement.appendChild(contextDocument.createTextNode(Base64.encode(oaepParams)));
- result.appendChild(oaepElement);
- }
- if (digestAlgorithm != null) {
- Element digestElement =
- XMLUtils.createElementInSignatureSpace(contextDocument, Constants._TAG_DIGESTMETHOD);
- digestElement.setAttributeNS(null, "Algorithm", digestAlgorithm);
- result.appendChild(digestElement);
- }
- if (mgfAlgorithm != null) {
- Element mgfElement =
- XMLUtils.createElementInEncryption11Space(
- contextDocument, EncryptionConstants._TAG_MGF
- );
- mgfElement.setAttributeNS(null, "Algorithm", mgfAlgorithm);
- mgfElement.setAttributeNS(
- Constants.NamespaceSpecNS,
- "xmlns:" + ElementProxy.getDefaultPrefix(EncryptionConstants.EncryptionSpec11NS),
- EncryptionConstants.EncryptionSpec11NS
- );
- result.appendChild(mgfElement);
- }
- Iterator<Element> itr = encryptionMethodInformation.iterator();
- while (itr.hasNext()) {
- result.appendChild(itr.next());
- }
-
- return result;
- }
- }
-
- private class EncryptionPropertiesImpl implements EncryptionProperties {
- private String id = null;
- private List<EncryptionProperty> encryptionProperties = null;
-
- /**
- * Constructor.
- */
- public EncryptionPropertiesImpl() {
- encryptionProperties = new LinkedList<EncryptionProperty>();
- }
-
- /** @inheritDoc */
- public String getId() {
- return id;
- }
-
- /** @inheritDoc */
- public void setId(String id) {
- this.id = id;
- }
-
- /** @inheritDoc */
- public Iterator<EncryptionProperty> getEncryptionProperties() {
- return encryptionProperties.iterator();
- }
-
- /** @inheritDoc */
- public void addEncryptionProperty(EncryptionProperty property) {
- encryptionProperties.add(property);
- }
-
- /** @inheritDoc */
- public void removeEncryptionProperty(EncryptionProperty property) {
- encryptionProperties.remove(property);
- }
-
- Element toElement() {
- Element result =
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_ENCRYPTIONPROPERTIES
- );
- if (null != id) {
- result.setAttributeNS(null, EncryptionConstants._ATT_ID, id);
- }
- Iterator<EncryptionProperty> itr = getEncryptionProperties();
- while (itr.hasNext()) {
- result.appendChild(((EncryptionPropertyImpl)itr.next()).toElement());
- }
-
- return result;
- }
- }
-
- private class EncryptionPropertyImpl implements EncryptionProperty {
- private String target = null;
- private String id = null;
- private Map<String, String> attributeMap = new HashMap<String, String>();
- private List<Element> encryptionInformation = null;
-
- /**
- * Constructor.
- */
- public EncryptionPropertyImpl() {
- encryptionInformation = new LinkedList<Element>();
- }
-
- /** @inheritDoc */
- public String getTarget() {
- return target;
- }
-
- /** @inheritDoc */
- public void setTarget(String target) {
- if (target == null || target.length() == 0) {
- this.target = null;
- } else if (target.startsWith("#")) {
- /*
- * This is a same document URI reference. Do not parse,
- * because it has no scheme.
- */
- this.target = target;
- } else {
- URI tmpTarget = null;
- try {
- tmpTarget = new URI(target);
- } catch (URISyntaxException ex) {
- throw (IllegalArgumentException)
- new IllegalArgumentException().initCause(ex);
- }
- this.target = tmpTarget.toString();
- }
- }
-
- /** @inheritDoc */
- public String getId() {
- return id;
- }
-
- /** @inheritDoc */
- public void setId(String id) {
- this.id = id;
- }
-
- /** @inheritDoc */
- public String getAttribute(String attribute) {
- return attributeMap.get(attribute);
- }
-
- /** @inheritDoc */
- public void setAttribute(String attribute, String value) {
- attributeMap.put(attribute, value);
- }
-
- /** @inheritDoc */
- public Iterator<Element> getEncryptionInformation() {
- return encryptionInformation.iterator();
- }
-
- /** @inheritDoc */
- public void addEncryptionInformation(Element info) {
- encryptionInformation.add(info);
- }
-
- /** @inheritDoc */
- public void removeEncryptionInformation(Element info) {
- encryptionInformation.remove(info);
- }
-
- Element toElement() {
- Element result =
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_ENCRYPTIONPROPERTY
- );
- if (null != target) {
- result.setAttributeNS(null, EncryptionConstants._ATT_TARGET, target);
- }
- if (null != id) {
- result.setAttributeNS(null, EncryptionConstants._ATT_ID, id);
- }
- // TODO: figure out the anyAttribyte stuff...
- // TODO: figure out the any stuff...
-
- return result;
- }
- }
-
- private class TransformsImpl extends org.apache.xml.security.transforms.Transforms
- implements Transforms {
-
- /**
- * Construct Transforms
- */
- public TransformsImpl() {
- super(contextDocument);
- }
-
- /**
- *
- * @param doc
- */
- public TransformsImpl(Document doc) {
- if (doc == null) {
- throw new RuntimeException("Document is null");
- }
-
- this.doc = doc;
- this.constructionElement =
- createElementForFamilyLocal(
- this.doc, this.getBaseNamespace(), this.getBaseLocalName()
- );
- }
-
- /**
- *
- * @param element
- * @throws XMLSignatureException
- * @throws InvalidTransformException
- * @throws XMLSecurityException
- * @throws TransformationException
- */
- public TransformsImpl(Element element)
- throws XMLSignatureException, InvalidTransformException,
- XMLSecurityException, TransformationException {
- super(element, "");
- }
-
- /**
- *
- * @return the XML Element form of that Transforms
- */
- public Element toElement() {
- if (doc == null) {
- doc = contextDocument;
- }
-
- return getElement();
- }
-
- /** @inheritDoc */
- public org.apache.xml.security.transforms.Transforms getDSTransforms() {
- return this;
- }
-
- // Over-ride the namespace
- /** @inheritDoc */
- public String getBaseNamespace() {
- return EncryptionConstants.EncryptionSpecNS;
- }
- }
-
- private class ReferenceListImpl implements ReferenceList {
- private Class<?> sentry;
- private List<Reference> references;
-
- /**
- * Constructor.
- * @param type
- */
- public ReferenceListImpl(int type) {
- if (type == ReferenceList.DATA_REFERENCE) {
- sentry = DataReference.class;
- } else if (type == ReferenceList.KEY_REFERENCE) {
- sentry = KeyReference.class;
- } else {
- throw new IllegalArgumentException();
- }
- references = new LinkedList<Reference>();
- }
-
- /** @inheritDoc */
- public void add(Reference reference) {
- if (!reference.getClass().equals(sentry)) {
- throw new IllegalArgumentException();
- }
- references.add(reference);
- }
-
- /** @inheritDoc */
- public void remove(Reference reference) {
- if (!reference.getClass().equals(sentry)) {
- throw new IllegalArgumentException();
- }
- references.remove(reference);
- }
-
- /** @inheritDoc */
- public int size() {
- return references.size();
- }
-
- /** @inheritDoc */
- public boolean isEmpty() {
- return references.isEmpty();
- }
-
- /** @inheritDoc */
- public Iterator<Reference> getReferences() {
- return references.iterator();
- }
-
- Element toElement() {
- Element result =
- ElementProxy.createElementForFamily(
- contextDocument,
- EncryptionConstants.EncryptionSpecNS,
- EncryptionConstants._TAG_REFERENCELIST
- );
- Iterator<Reference> eachReference = references.iterator();
- while (eachReference.hasNext()) {
- Reference reference = eachReference.next();
- result.appendChild(((ReferenceImpl) reference).toElement());
- }
- return result;
- }
-
- /** @inheritDoc */
- public Reference newDataReference(String uri) {
- return new DataReference(uri);
- }
-
- /** @inheritDoc */
- public Reference newKeyReference(String uri) {
- return new KeyReference(uri);
- }
-
- /**
- * <code>ReferenceImpl</code> is an implementation of
- * <code>Reference</code>.
- *
- * @see Reference
- */
- private abstract class ReferenceImpl implements Reference {
- private String uri;
- private List<Element> referenceInformation;
-
- ReferenceImpl(String uri) {
- this.uri = uri;
- referenceInformation = new LinkedList<Element>();
- }
-
- /** @inheritDoc */
- public abstract String getType();
-
- /** @inheritDoc */
- public String getURI() {
- return uri;
- }
-
- /** @inheritDoc */
- public Iterator<Element> getElementRetrievalInformation() {
- return referenceInformation.iterator();
- }
-
- /** @inheritDoc */
- public void setURI(String uri) {
- this.uri = uri;
- }
-
- /** @inheritDoc */
- public void removeElementRetrievalInformation(Element node) {
- referenceInformation.remove(node);
- }
-
- /** @inheritDoc */
- public void addElementRetrievalInformation(Element node) {
- referenceInformation.add(node);
- }
-
- /**
- * @return the XML Element form of that Reference
- */
- public Element toElement() {
- String tagName = getType();
- Element result =
- ElementProxy.createElementForFamily(
- contextDocument,
- EncryptionConstants.EncryptionSpecNS,
- tagName
- );
- result.setAttribute(EncryptionConstants._ATT_URI, uri);
-
- // TODO: Need to martial referenceInformation
- // Figure out how to make this work..
- // <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-
- return result;
- }
- }
-
- private class DataReference extends ReferenceImpl {
-
- DataReference(String uri) {
- super(uri);
- }
-
- /** @inheritDoc */
- public String getType() {
- return EncryptionConstants._TAG_DATAREFERENCE;
- }
- }
-
- private class KeyReference extends ReferenceImpl {
-
- KeyReference(String uri) {
- super(uri);
- }
-
- /** @inheritDoc */
- public String getType() {
- return EncryptionConstants._TAG_KEYREFERENCE;
- }
- }
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import java.io.IOException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.utils.resolver.ResourceResolver;
-import org.apache.xml.security.utils.resolver.ResourceResolverException;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.TransformationException;
-import org.w3c.dom.Attr;
-import org.apache.xml.security.utils.Base64;
-
-/**
- * <code>XMLCipherInput</code> is used to wrap input passed into the
- * XMLCipher encryption operations.
- *
- * In decryption mode, it takes a <code>CipherData</code> object and allows
- * callers to dereference the CipherData into the encrypted bytes that it
- * actually represents. This takes care of all base64 encoding etc.
- *
- * While primarily an internal class, this can be used by applications to
- * quickly and easily retrieve the encrypted bytes from an EncryptedType
- * object
- *
- * @author Berin Lautenbach
- */
-public class XMLCipherInput {
-
- private static org.apache.commons.logging.Log logger =
- org.apache.commons.logging.LogFactory.getLog(XMLCipherInput.class);
-
- /** The data we are working with */
- private CipherData cipherData;
-
- /** MODES */
- private int mode;
-
- private boolean secureValidation;
-
- /**
- * Constructor for processing encrypted octets
- *
- * @param data The <code>CipherData</code> object to read the bytes from
- * @throws XMLEncryptionException {@link XMLEncryptionException}
- */
- public XMLCipherInput(CipherData data) throws XMLEncryptionException {
- cipherData = data;
- mode = XMLCipher.DECRYPT_MODE;
- if (cipherData == null) {
- throw new XMLEncryptionException("CipherData is null");
- }
- }
-
- /**
- * Constructor for processing encrypted octets
- *
- * @param input The <code>EncryptedType</code> object to read
- * the bytes from.
- * @throws XMLEncryptionException {@link XMLEncryptionException}
- */
- public XMLCipherInput(EncryptedType input) throws XMLEncryptionException {
- cipherData = ((input == null) ? null : input.getCipherData());
- mode = XMLCipher.DECRYPT_MODE;
- if (cipherData == null) {
- throw new XMLEncryptionException("CipherData is null");
- }
- }
-
- /**
- * Set whether secure validation is enabled or not. The default is false.
- */
- public void setSecureValidation(boolean secureValidation) {
- this.secureValidation = secureValidation;
- }
-
- /**
- * Dereferences the input and returns it as a single byte array.
- *
- * @throws XMLEncryptionException
- * @return The decripted bytes.
- */
- public byte[] getBytes() throws XMLEncryptionException {
- if (mode == XMLCipher.DECRYPT_MODE) {
- return getDecryptBytes();
- }
- return null;
- }
-
- /**
- * Internal method to get bytes in decryption mode
- * @return the decrypted bytes
- * @throws XMLEncryptionException
- */
- private byte[] getDecryptBytes() throws XMLEncryptionException {
- String base64EncodedEncryptedOctets = null;
-
- if (cipherData.getDataType() == CipherData.REFERENCE_TYPE) {
- // Fun time!
- if (logger.isDebugEnabled()) {
- logger.debug("Found a reference type CipherData");
- }
- CipherReference cr = cipherData.getCipherReference();
-
- // Need to wrap the uri in an Attribute node so that we can
- // Pass to the resource resolvers
-
- Attr uriAttr = cr.getURIAsAttr();
- XMLSignatureInput input = null;
-
- try {
- ResourceResolver resolver =
- ResourceResolver.getInstance(uriAttr, null, secureValidation);
- input = resolver.resolve(uriAttr, null);
- } catch (ResourceResolverException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
-
- if (input != null) {
- if (logger.isDebugEnabled()) {
- logger.debug("Managed to resolve URI \"" + cr.getURI() + "\"");
- }
- } else {
- if (logger.isDebugEnabled()) {
- logger.debug("Failed to resolve URI \"" + cr.getURI() + "\"");
- }
- }
-
- // Lets see if there are any transforms
- Transforms transforms = cr.getTransforms();
- if (transforms != null) {
- if (logger.isDebugEnabled()) {
- logger.debug("Have transforms in cipher reference");
- }
- try {
- org.apache.xml.security.transforms.Transforms dsTransforms =
- transforms.getDSTransforms();
- dsTransforms.setSecureValidation(secureValidation);
- input = dsTransforms.performTransforms(input);
- } catch (TransformationException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
- }
-
- try {
- return input.getBytes();
- } catch (IOException ex) {
- throw new XMLEncryptionException("empty", ex);
- } catch (CanonicalizationException ex) {
- throw new XMLEncryptionException("empty", ex);
- }
-
- // retrieve the cipher text
- } else if (cipherData.getDataType() == CipherData.VALUE_TYPE) {
- base64EncodedEncryptedOctets = cipherData.getCipherValue().getValue();
- } else {
- throw new XMLEncryptionException("CipherData.getDataType() returned unexpected value");
- }
-
- if (logger.isDebugEnabled()) {
- logger.debug("Encrypted octets:\n" + base64EncodedEncryptedOctets);
- }
-
- try {
- return Base64.decode(base64EncodedEncryptedOctets);
- } catch (Base64DecodingException bde) {
- throw new XMLEncryptionException("empty", bde);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-/**
- * Constants
- */
-public interface XMLCipherParameters {
-
- String AES_128 =
- "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
-
- String AES_256 =
- "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
-
- String AES_192 =
- "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
-
- String RSA_1_5 =
- "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
-
- String RSA_OAEP =
- "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
-
- String DIFFIE_HELLMAN =
- "http://www.w3.org/2001/04/xmlenc#dh";
-
- String TRIPLEDES_KEYWRAP =
- "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
-
- String AES_128_KEYWRAP =
- "http://www.w3.org/2001/04/xmlenc#kw-aes128";
-
- String AES_256_KEYWRAP =
- "http://www.w3.org/2001/04/xmlenc#kw-aes256";
-
- String AES_192_KEYWRAP =
- "http://www.w3.org/2001/04/xmlenc#kw-aes192";
-
- String SHA1 =
- "http://www.w3.org/2000/09/xmldsig#sha1";
-
- String SHA256 =
- "http://www.w3.org/2001/04/xmlenc#sha256";
-
- String SHA512 =
- "http://www.w3.org/2001/04/xmlenc#sha512";
-
- String RIPEMD_160 =
- "http://www.w3.org/2001/04/xmlenc#ripemd160";
-
- String XML_DSIG =
- "http://www.w3.org/2000/09/xmldsig#";
-
- String N14C_XML =
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
-
- String N14C_XML_CMMNTS =
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
-
- String EXCL_XML_N14C =
- "http://www.w3.org/2001/10/xml-exc-c14n#";
-
- String EXCL_XML_N14C_CMMNTS =
- "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.encryption;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-/**
- *
- */
-public class XMLEncryptionException extends XMLSecurityException {
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- *
- *
- */
- public XMLEncryptionException() {
- super();
- }
-
- /**
- *
- * @param msgID
- */
- public XMLEncryptionException(String msgID) {
- super(msgID);
- }
-
- /**
- *
- * @param msgID
- * @param exArgs
- */
- public XMLEncryptionException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- *
- * @param msgID
- * @param originalException
- */
- public XMLEncryptionException(String msgID, Exception originalException) {
- super(msgID, originalException);
-
- }
-
- /**
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public XMLEncryptionException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
- <title></title>
-</head>
-<body>
-Provides classes for implementing XML Encryption applications. There are two
-main families of classes in this package. The first group of classes is an
-XML Schema to Java mapping of the complex types and elements of the
-XML Encryption Schema as outllined at <a
- href="http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/">XML Encrtypyion
-Specification</a>. The second group of classes are used to perform encryption
-operations, and to manipulate the first group of classes. The most important
-classes in this second group is <code><a
- href="file://./org/apache/xml/security/encryption/XMLCipher.html">XMLCipher</a></code>,
-<code><a
- href="file://./org/apache/xml/security/encryption/XMLEncryptionFactory.html">XMLEncryptionFactory</a></code>
-and <code>XMLSerializer</code>. <code>XMLCipher</code> was designed to resemble
-<code>javax.crypto.Cipher</code>. The aforementioned classes were desinged
-with ease-of-use and configurability in mind. Becuase of this, the programmer
-may at times be exposed to lower level programming tasks. This library strives
-to be as simple as possible to use, but no simpler.<br>
-<br>
-</body>
-</html>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.exceptions;
-
-public class AlgorithmAlreadyRegisteredException extends XMLSecurityException {
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor AlgorithmAlreadyRegisteredException
- *
- */
- public AlgorithmAlreadyRegisteredException() {
- super();
- }
-
- /**
- * Constructor AlgorithmAlreadyRegisteredException
- *
- * @param msgID
- */
- public AlgorithmAlreadyRegisteredException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor AlgorithmAlreadyRegisteredException
- *
- * @param msgID
- * @param exArgs
- */
- public AlgorithmAlreadyRegisteredException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor AlgorithmAlreadyRegisteredException
- *
- * @param msgID
- * @param originalException
- */
- public AlgorithmAlreadyRegisteredException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor AlgorithmAlreadyRegisteredException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public AlgorithmAlreadyRegisteredException(
- String msgID, Object exArgs[], Exception originalException
- ) {
- super(msgID, exArgs, originalException);
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.exceptions;
-
-/**
- * This Exception is thrown if decoding of Base64 data fails.
- *
- * @author Christian Geuer-Pollmann
- */
-public class Base64DecodingException extends XMLSecurityException {
-
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor Base64DecodingException
- *
- */
- public Base64DecodingException() {
- super();
- }
-
- /**
- * Constructor Base64DecodingException
- *
- * @param msgID
- */
- public Base64DecodingException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor Base64DecodingException
- *
- * @param msgID
- * @param exArgs
- */
- public Base64DecodingException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor Base64DecodingException
- *
- * @param msgID
- * @param originalException
- */
- public Base64DecodingException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor Base64DecodingException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public Base64DecodingException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.exceptions;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.text.MessageFormat;
-
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.I18n;
-
-/**
- * The mother of all Exceptions in this bundle. It allows exceptions to have
- * their messages translated to the different locales.
- *
- * The <code>xmlsecurity_en.properties</code> file contains this line:
- * <pre>
- * xml.WrongElement = Can't create a {0} from a {1} element
- * </pre>
- *
- * Usage in the Java source is:
- * <pre>
- * {
- * Object exArgs[] = { Constants._TAG_TRANSFORMS, "BadElement" };
- *
- * throw new XMLSecurityException("xml.WrongElement", exArgs);
- * }
- * </pre>
- *
- * Additionally, if another Exception has been caught, we can supply it, too>
- * <pre>
- * try {
- * ...
- * } catch (Exception oldEx) {
- * Object exArgs[] = { Constants._TAG_TRANSFORMS, "BadElement" };
- *
- * throw new XMLSecurityException("xml.WrongElement", exArgs, oldEx);
- * }
- * </pre>
- *
- *
- * @author Christian Geuer-Pollmann
- */
-public class XMLSecurityException extends Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /** Field msgID */
- protected String msgID;
-
- /**
- * Constructor XMLSecurityException
- *
- */
- public XMLSecurityException() {
- super("Missing message string");
-
- this.msgID = null;
- }
-
- /**
- * Constructor XMLSecurityException
- *
- * @param msgID
- */
- public XMLSecurityException(String msgID) {
- super(I18n.getExceptionMessage(msgID));
-
- this.msgID = msgID;
- }
-
- /**
- * Constructor XMLSecurityException
- *
- * @param msgID
- * @param exArgs
- */
- public XMLSecurityException(String msgID, Object exArgs[]) {
-
- super(MessageFormat.format(I18n.getExceptionMessage(msgID), exArgs));
-
- this.msgID = msgID;
- }
-
- /**
- * Constructor XMLSecurityException
- *
- * @param originalException
- */
- public XMLSecurityException(Exception originalException) {
-
- super("Missing message ID to locate message string in resource bundle \""
- + Constants.exceptionMessagesResourceBundleBase
- + "\". Original Exception was a "
- + originalException.getClass().getName() + " and message "
- + originalException.getMessage(), originalException);
- }
-
- /**
- * Constructor XMLSecurityException
- *
- * @param msgID
- * @param originalException
- */
- public XMLSecurityException(String msgID, Exception originalException) {
- super(I18n.getExceptionMessage(msgID, originalException), originalException);
-
- this.msgID = msgID;
- }
-
- /**
- * Constructor XMLSecurityException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public XMLSecurityException(String msgID, Object exArgs[], Exception originalException) {
- super(MessageFormat.format(I18n.getExceptionMessage(msgID), exArgs), originalException);
-
- this.msgID = msgID;
- }
-
- /**
- * Method getMsgID
- *
- * @return the messageId
- */
- public String getMsgID() {
- if (msgID == null) {
- return "Missing message ID";
- }
- return msgID;
- }
-
- /** @inheritDoc */
- public String toString() {
- String s = this.getClass().getName();
- String message = super.getLocalizedMessage();
-
- if (message != null) {
- message = s + ": " + message;
- } else {
- message = s;
- }
-
- if (super.getCause() != null) {
- message = message + "\nOriginal Exception was " + super.getCause().toString();
- }
-
- return message;
- }
-
- /**
- * Method printStackTrace
- *
- */
- public void printStackTrace() {
- synchronized (System.err) {
- super.printStackTrace(System.err);
- }
- }
-
- /**
- * Method printStackTrace
- *
- * @param printwriter
- */
- public void printStackTrace(PrintWriter printwriter) {
- super.printStackTrace(printwriter);
- }
-
- /**
- * Method printStackTrace
- *
- * @param printstream
- */
- public void printStackTrace(PrintStream printstream) {
- super.printStackTrace(printstream);
- }
-
- /**
- * Method getOriginalException
- *
- * @return the original exception
- */
- public Exception getOriginalException() {
- if (this.getCause() instanceof Exception) {
- return (Exception)this.getCause();
- }
- return null;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.exceptions;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.text.MessageFormat;
-
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.I18n;
-
-/**
- * The mother of all runtime Exceptions in this bundle. It allows exceptions to have
- * their messages translated to the different locales.
- *
- * The <code>xmlsecurity_en.properties</code> file contains this line:
- * <pre>
- * xml.WrongElement = Can't create a {0} from a {1} element
- * </pre>
- *
- * Usage in the Java source is:
- * <pre>
- * {
- * Object exArgs[] = { Constants._TAG_TRANSFORMS, "BadElement" };
- *
- * throw new XMLSecurityException("xml.WrongElement", exArgs);
- * }
- * </pre>
- *
- * Additionally, if another Exception has been caught, we can supply it, too>
- * <pre>
- * try {
- * ...
- * } catch (Exception oldEx) {
- * Object exArgs[] = { Constants._TAG_TRANSFORMS, "BadElement" };
- *
- * throw new XMLSecurityException("xml.WrongElement", exArgs, oldEx);
- * }
- * </pre>
- *
- *
- * @author Christian Geuer-Pollmann
- */
-public class XMLSecurityRuntimeException extends RuntimeException {
-
- private static final long serialVersionUID = 1L;
-
- /** Field msgID */
- protected String msgID;
-
- /**
- * Constructor XMLSecurityRuntimeException
- *
- */
- public XMLSecurityRuntimeException() {
- super("Missing message string");
-
- this.msgID = null;
- }
-
- /**
- * Constructor XMLSecurityRuntimeException
- *
- * @param msgID
- */
- public XMLSecurityRuntimeException(String msgID) {
- super(I18n.getExceptionMessage(msgID));
-
- this.msgID = msgID;
- }
-
- /**
- * Constructor XMLSecurityRuntimeException
- *
- * @param msgID
- * @param exArgs
- */
- public XMLSecurityRuntimeException(String msgID, Object exArgs[]) {
- super(MessageFormat.format(I18n.getExceptionMessage(msgID), exArgs));
-
- this.msgID = msgID;
- }
-
- /**
- * Constructor XMLSecurityRuntimeException
- *
- * @param originalException
- */
- public XMLSecurityRuntimeException(Exception originalException) {
- super("Missing message ID to locate message string in resource bundle \""
- + Constants.exceptionMessagesResourceBundleBase
- + "\". Original Exception was a "
- + originalException.getClass().getName() + " and message "
- + originalException.getMessage(), originalException);
- }
-
- /**
- * Constructor XMLSecurityRuntimeException
- *
- * @param msgID
- * @param originalException
- */
- public XMLSecurityRuntimeException(String msgID, Exception originalException) {
- super(I18n.getExceptionMessage(msgID, originalException), originalException);
-
- this.msgID = msgID;
- }
-
- /**
- * Constructor XMLSecurityRuntimeException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public XMLSecurityRuntimeException(String msgID, Object exArgs[], Exception originalException) {
- super(MessageFormat.format(I18n.getExceptionMessage(msgID), exArgs));
-
- this.msgID = msgID;
- }
-
- /**
- * Method getMsgID
- *
- * @return the messageId
- */
- public String getMsgID() {
- if (msgID == null) {
- return "Missing message ID";
- }
- return msgID;
- }
-
- /** @inheritDoc */
- public String toString() {
- String s = this.getClass().getName();
- String message = super.getLocalizedMessage();
-
- if (message != null) {
- message = s + ": " + message;
- } else {
- message = s;
- }
-
- if (this.getCause() != null) {
- message = message + "\nOriginal Exception was " + this.getCause().toString();
- }
-
- return message;
- }
-
- /**
- * Method printStackTrace
- *
- */
- public void printStackTrace() {
- synchronized (System.err) {
- super.printStackTrace(System.err);
- }
- }
-
- /**
- * Method printStackTrace
- *
- * @param printwriter
- */
- public void printStackTrace(PrintWriter printwriter) {
- super.printStackTrace(printwriter);
- }
-
- /**
- * Method printStackTrace
- *
- * @param printstream
- */
- public void printStackTrace(PrintStream printstream) {
- super.printStackTrace(printstream);
- }
-
- /**
- * Method getOriginalException
- *
- * @return the original exception
- */
- public Exception getOriginalException() {
- if (this.getCause() instanceof Exception) {
- return (Exception)this.getCause();
- }
- return null;
- }
-
-}
\ No newline at end of file
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-general exceptions used by this library.
-</P></BODY></HTML>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-public class ContentHandlerAlreadyRegisteredException extends XMLSecurityException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor ContentHandlerAlreadyRegisteredException
- *
- */
- public ContentHandlerAlreadyRegisteredException() {
- super();
- }
-
- /**
- * Constructor ContentHandlerAlreadyRegisteredException
- *
- * @param msgID
- */
- public ContentHandlerAlreadyRegisteredException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor ContentHandlerAlreadyRegisteredException
- *
- * @param msgID
- * @param exArgs
- */
- public ContentHandlerAlreadyRegisteredException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor ContentHandlerAlreadyRegisteredException
- *
- * @param msgID
- * @param originalException
- */
- public ContentHandlerAlreadyRegisteredException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor ContentHandlerAlreadyRegisteredException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public ContentHandlerAlreadyRegisteredException(
- String msgID, Object exArgs[], Exception originalException
- ) {
- super(msgID, exArgs, originalException);
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.encryption.EncryptedKey;
-import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.encryption.XMLEncryptionException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.DEREncodedKeyValue;
-import org.apache.xml.security.keys.content.KeyInfoReference;
-import org.apache.xml.security.keys.content.KeyName;
-import org.apache.xml.security.keys.content.KeyValue;
-import org.apache.xml.security.keys.content.MgmtData;
-import org.apache.xml.security.keys.content.PGPData;
-import org.apache.xml.security.keys.content.RetrievalMethod;
-import org.apache.xml.security.keys.content.SPKIData;
-import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
-import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
-import org.apache.xml.security.keys.keyresolver.KeyResolver;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.EncryptionConstants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * This class stand for KeyInfo Element that may contain keys, names,
- * certificates and other public key management information,
- * such as in-band key distribution or key agreement data.
- * <BR />
- * KeyInfo Element has two basic functions:
- * One is KeyResolve for getting the public key in signature validation processing.
- * the other one is toElement for getting the element in signature generation processing.
- * <BR />
- * The <CODE>lengthXXX()</CODE> methods provide access to the internal Key
- * objects:
- * <UL>
- * <LI>If the <CODE>KeyInfo</CODE> was constructed from an Element
- * (Signature verification), the <CODE>lengthXXX()</CODE> methods searches
- * for child elements of <CODE>ds:KeyInfo</CODE> for known types. </LI>
- * <LI>If the <CODE>KeyInfo</CODE> was constructed from scratch (during
- * Signature generation), the <CODE>lengthXXX()</CODE> methods return the number
- * of <CODE>XXXs</CODE> objects already passed to the KeyInfo</LI>
- * </UL>
- * <BR />
- * The <CODE>addXXX()</CODE> methods are used for adding Objects of the
- * appropriate type to the <CODE>KeyInfo</CODE>. This is used during signature
- * generation.
- * <BR />
- * The <CODE>itemXXX(int i)</CODE> methods return the i'th object of the
- * corresponding type.
- * <BR />
- * The <CODE>containsXXX()</CODE> methods return <I>whether</I> the KeyInfo
- * contains the corresponding type.
- *
- */
-public class KeyInfo extends SignatureElementProxy {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(KeyInfo.class);
-
- // We need at least one StorageResolver otherwise
- // the KeyResolvers would not be called.
- // The default StorageResolver is null.
-
- private List<X509Data> x509Datas = null;
- private List<EncryptedKey> encryptedKeys = null;
-
- private static final List<StorageResolver> nullList;
- static {
- List<StorageResolver> list = new ArrayList<StorageResolver>(1);
- list.add(null);
- nullList = java.util.Collections.unmodifiableList(list);
- }
-
- /** Field storageResolvers */
- private List<StorageResolver> storageResolvers = nullList;
-
- /**
- * Stores the individual (per-KeyInfo) {@link KeyResolverSpi}s
- */
- private List<KeyResolverSpi> internalKeyResolvers = new ArrayList<KeyResolverSpi>();
-
- private boolean secureValidation;
-
- /**
- * Constructor KeyInfo
- * @param doc
- */
- public KeyInfo(Document doc) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Constructor KeyInfo
- *
- * @param element
- * @param baseURI
- * @throws XMLSecurityException
- */
- public KeyInfo(Element element, String baseURI) throws XMLSecurityException {
- super(element, baseURI);
-
- Attr attr = element.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- element.setIdAttributeNode(attr, true);
- }
- }
-
- /**
- * Set whether secure processing is enabled or not. The default is false.
- */
- public void setSecureValidation(boolean secureValidation) {
- this.secureValidation = secureValidation;
- }
-
- /**
- * Sets the <code>Id</code> attribute
- *
- * @param Id ID
- */
- public void setId(String id) {
- if (id != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute
- *
- * @return the <code>Id</code> attribute
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /**
- * Method addKeyName
- *
- * @param keynameString
- */
- public void addKeyName(String keynameString) {
- this.add(new KeyName(this.doc, keynameString));
- }
-
- /**
- * Method add
- *
- * @param keyname
- */
- public void add(KeyName keyname) {
- this.constructionElement.appendChild(keyname.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addKeyValue
- *
- * @param pk
- */
- public void addKeyValue(PublicKey pk) {
- this.add(new KeyValue(this.doc, pk));
- }
-
- /**
- * Method addKeyValue
- *
- * @param unknownKeyValueElement
- */
- public void addKeyValue(Element unknownKeyValueElement) {
- this.add(new KeyValue(this.doc, unknownKeyValueElement));
- }
-
- /**
- * Method add
- *
- * @param dsakeyvalue
- */
- public void add(DSAKeyValue dsakeyvalue) {
- this.add(new KeyValue(this.doc, dsakeyvalue));
- }
-
- /**
- * Method add
- *
- * @param rsakeyvalue
- */
- public void add(RSAKeyValue rsakeyvalue) {
- this.add(new KeyValue(this.doc, rsakeyvalue));
- }
-
- /**
- * Method add
- *
- * @param pk
- */
- public void add(PublicKey pk) {
- this.add(new KeyValue(this.doc, pk));
- }
-
- /**
- * Method add
- *
- * @param keyvalue
- */
- public void add(KeyValue keyvalue) {
- this.constructionElement.appendChild(keyvalue.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addMgmtData
- *
- * @param mgmtdata
- */
- public void addMgmtData(String mgmtdata) {
- this.add(new MgmtData(this.doc, mgmtdata));
- }
-
- /**
- * Method add
- *
- * @param mgmtdata
- */
- public void add(MgmtData mgmtdata) {
- this.constructionElement.appendChild(mgmtdata.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addPGPData
- *
- * @param pgpdata
- */
- public void add(PGPData pgpdata) {
- this.constructionElement.appendChild(pgpdata.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addRetrievalMethod
- *
- * @param uri
- * @param transforms
- * @param Type
- */
- public void addRetrievalMethod(String uri, Transforms transforms, String Type) {
- this.add(new RetrievalMethod(this.doc, uri, transforms, Type));
- }
-
- /**
- * Method add
- *
- * @param retrievalmethod
- */
- public void add(RetrievalMethod retrievalmethod) {
- this.constructionElement.appendChild(retrievalmethod.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method add
- *
- * @param spkidata
- */
- public void add(SPKIData spkidata) {
- this.constructionElement.appendChild(spkidata.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addX509Data
- *
- * @param x509data
- */
- public void add(X509Data x509data) {
- if (x509Datas == null) {
- x509Datas = new ArrayList<X509Data>();
- }
- x509Datas.add(x509data);
- this.constructionElement.appendChild(x509data.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addEncryptedKey
- *
- * @param encryptedKey
- * @throws XMLEncryptionException
- */
-
- public void add(EncryptedKey encryptedKey) throws XMLEncryptionException {
- if (encryptedKeys == null) {
- encryptedKeys = new ArrayList<EncryptedKey>();
- }
- encryptedKeys.add(encryptedKey);
- XMLCipher cipher = XMLCipher.getInstance();
- this.constructionElement.appendChild(cipher.martial(encryptedKey));
- }
-
- /**
- * Method addDEREncodedKeyValue
- *
- * @param pk
- * @throws XMLSecurityException
- */
- public void addDEREncodedKeyValue(PublicKey pk) throws XMLSecurityException {
- this.add(new DEREncodedKeyValue(this.doc, pk));
- }
-
- /**
- * Method add
- *
- * @param derEncodedKeyValue
- */
- public void add(DEREncodedKeyValue derEncodedKeyValue) {
- this.constructionElement.appendChild(derEncodedKeyValue.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addKeyInfoReference
- *
- * @param URI
- * @throws XMLSecurityException
- */
- public void addKeyInfoReference(String URI) throws XMLSecurityException {
- this.add(new KeyInfoReference(this.doc, URI));
- }
-
- /**
- * Method add
- *
- * @param keyInfoReference
- */
- public void add(KeyInfoReference keyInfoReference) {
- this.constructionElement.appendChild(keyInfoReference.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addUnknownElement
- *
- * @param element
- */
- public void addUnknownElement(Element element) {
- this.constructionElement.appendChild(element);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method lengthKeyName
- *
- * @return the number of the KeyName tags
- */
- public int lengthKeyName() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_KEYNAME);
- }
-
- /**
- * Method lengthKeyValue
- *
- *@return the number of the KeyValue tags
- */
- public int lengthKeyValue() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_KEYVALUE);
- }
-
- /**
- * Method lengthMgmtData
- *
- *@return the number of the MgmtData tags
- */
- public int lengthMgmtData() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_MGMTDATA);
- }
-
- /**
- * Method lengthPGPData
- *
- *@return the number of the PGPDat. tags
- */
- public int lengthPGPData() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_PGPDATA);
- }
-
- /**
- * Method lengthRetrievalMethod
- *
- *@return the number of the RetrievalMethod tags
- */
- public int lengthRetrievalMethod() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_RETRIEVALMETHOD);
- }
-
- /**
- * Method lengthSPKIData
- *
- *@return the number of the SPKIData tags
- */
- public int lengthSPKIData() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_SPKIDATA);
- }
-
- /**
- * Method lengthX509Data
- *
- *@return the number of the X509Data tags
- */
- public int lengthX509Data() {
- if (x509Datas != null) {
- return x509Datas.size();
- }
- return this.length(Constants.SignatureSpecNS, Constants._TAG_X509DATA);
- }
-
- /**
- * Method lengthDEREncodedKeyValue
- *
- *@return the number of the DEREncodedKeyValue tags
- */
- public int lengthDEREncodedKeyValue() {
- return this.length(Constants.SignatureSpec11NS, Constants._TAG_DERENCODEDKEYVALUE);
- }
-
- /**
- * Method lengthKeyInfoReference
- *
- *@return the number of the KeyInfoReference tags
- */
- public int lengthKeyInfoReference() {
- return this.length(Constants.SignatureSpec11NS, Constants._TAG_KEYINFOREFERENCE);
- }
-
- /**
- * Method lengthUnknownElement
- * NOTE possibly buggy.
- * @return the number of the UnknownElement tags
- */
- public int lengthUnknownElement() {
- int res = 0;
- NodeList nl = this.constructionElement.getChildNodes();
-
- for (int i = 0; i < nl.getLength(); i++) {
- Node current = nl.item(i);
-
- /**
- * $todo$ using this method, we don't see unknown Elements
- * from Signature NS; revisit
- */
- if ((current.getNodeType() == Node.ELEMENT_NODE)
- && current.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
- res++;
- }
- }
-
- return res;
- }
-
- /**
- * Method itemKeyName
- *
- * @param i
- * @return the asked KeyName element, null if the index is too big
- * @throws XMLSecurityException
- */
- public KeyName itemKeyName(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_KEYNAME, i);
-
- if (e != null) {
- return new KeyName(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemKeyValue
- *
- * @param i
- * @return the asked KeyValue element, null if the index is too big
- * @throws XMLSecurityException
- */
- public KeyValue itemKeyValue(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_KEYVALUE, i);
-
- if (e != null) {
- return new KeyValue(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemMgmtData
- *
- * @param i
- * @return the asked MgmtData element, null if the index is too big
- * @throws XMLSecurityException
- */
- public MgmtData itemMgmtData(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_MGMTDATA, i);
-
- if (e != null) {
- return new MgmtData(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemPGPData
- *
- * @param i
- * @return the asked PGPData element, null if the index is too big
- * @throws XMLSecurityException
- */
- public PGPData itemPGPData(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_PGPDATA, i);
-
- if (e != null) {
- return new PGPData(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemRetrievalMethod
- *
- * @param i
- *@return the asked RetrievalMethod element, null if the index is too big
- * @throws XMLSecurityException
- */
- public RetrievalMethod itemRetrievalMethod(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_RETRIEVALMETHOD, i);
-
- if (e != null) {
- return new RetrievalMethod(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemSPKIData
- *
- * @param i
- * @return the asked SPKIData element, null if the index is too big
- * @throws XMLSecurityException
- */
- public SPKIData itemSPKIData(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_SPKIDATA, i);
-
- if (e != null) {
- return new SPKIData(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemX509Data
- *
- * @param i
- * @return the asked X509Data element, null if the index is too big
- * @throws XMLSecurityException
- */
- public X509Data itemX509Data(int i) throws XMLSecurityException {
- if (x509Datas != null) {
- return x509Datas.get(i);
- }
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_X509DATA, i);
-
- if (e != null) {
- return new X509Data(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemEncryptedKey
- *
- * @param i
- * @return the asked EncryptedKey element, null if the index is too big
- * @throws XMLSecurityException
- */
- public EncryptedKey itemEncryptedKey(int i) throws XMLSecurityException {
- if (encryptedKeys != null) {
- return encryptedKeys.get(i);
- }
- Element e =
- XMLUtils.selectXencNode(
- this.constructionElement.getFirstChild(), EncryptionConstants._TAG_ENCRYPTEDKEY, i);
-
- if (e != null) {
- XMLCipher cipher = XMLCipher.getInstance();
- cipher.init(XMLCipher.UNWRAP_MODE, null);
- return cipher.loadEncryptedKey(e);
- }
- return null;
- }
-
- /**
- * Method itemDEREncodedKeyValue
- *
- * @param i
- * @return the asked DEREncodedKeyValue element, null if the index is too big
- * @throws XMLSecurityException
- */
- public DEREncodedKeyValue itemDEREncodedKeyValue(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDs11Node(
- this.constructionElement.getFirstChild(), Constants._TAG_DERENCODEDKEYVALUE, i);
-
- if (e != null) {
- return new DEREncodedKeyValue(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemKeyInfoReference
- *
- * @param i
- * @return the asked KeyInfoReference element, null if the index is too big
- * @throws XMLSecurityException
- */
- public KeyInfoReference itemKeyInfoReference(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDs11Node(
- this.constructionElement.getFirstChild(), Constants._TAG_KEYINFOREFERENCE, i);
-
- if (e != null) {
- return new KeyInfoReference(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemUnknownElement
- *
- * @param i index
- * @return the element number of the unknown elements
- */
- public Element itemUnknownElement(int i) {
- NodeList nl = this.constructionElement.getChildNodes();
- int res = 0;
-
- for (int j = 0; j < nl.getLength(); j++) {
- Node current = nl.item(j);
-
- /**
- * $todo$ using this method, we don't see unknown Elements
- * from Signature NS; revisit
- */
- if ((current.getNodeType() == Node.ELEMENT_NODE)
- && current.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
- res++;
-
- if (res == i) {
- return (Element) current;
- }
- }
- }
-
- return null;
- }
-
- /**
- * Method isEmpty
- *
- * @return true if the element has no descendants.
- */
- public boolean isEmpty() {
- return this.constructionElement.getFirstChild() == null;
- }
-
- /**
- * Method containsKeyName
- *
- * @return If the KeyInfo contains a KeyName node
- */
- public boolean containsKeyName() {
- return this.lengthKeyName() > 0;
- }
-
- /**
- * Method containsKeyValue
- *
- * @return If the KeyInfo contains a KeyValue node
- */
- public boolean containsKeyValue() {
- return this.lengthKeyValue() > 0;
- }
-
- /**
- * Method containsMgmtData
- *
- * @return If the KeyInfo contains a MgmtData node
- */
- public boolean containsMgmtData() {
- return this.lengthMgmtData() > 0;
- }
-
- /**
- * Method containsPGPData
- *
- * @return If the KeyInfo contains a PGPData node
- */
- public boolean containsPGPData() {
- return this.lengthPGPData() > 0;
- }
-
- /**
- * Method containsRetrievalMethod
- *
- * @return If the KeyInfo contains a RetrievalMethod node
- */
- public boolean containsRetrievalMethod() {
- return this.lengthRetrievalMethod() > 0;
- }
-
- /**
- * Method containsSPKIData
- *
- * @return If the KeyInfo contains a SPKIData node
- */
- public boolean containsSPKIData() {
- return this.lengthSPKIData() > 0;
- }
-
- /**
- * Method containsUnknownElement
- *
- * @return If the KeyInfo contains a UnknownElement node
- */
- public boolean containsUnknownElement() {
- return this.lengthUnknownElement() > 0;
- }
-
- /**
- * Method containsX509Data
- *
- * @return If the KeyInfo contains a X509Data node
- */
- public boolean containsX509Data() {
- return this.lengthX509Data() > 0;
- }
-
- /**
- * Method containsDEREncodedKeyValue
- *
- * @return If the KeyInfo contains a DEREncodedKeyValue node
- */
- public boolean containsDEREncodedKeyValue() {
- return this.lengthDEREncodedKeyValue() > 0;
- }
-
- /**
- * Method containsKeyInfoReference
- *
- * @return If the KeyInfo contains a KeyInfoReference node
- */
- public boolean containsKeyInfoReference() {
- return this.lengthKeyInfoReference() > 0;
- }
-
- /**
- * This method returns the public key.
- *
- * @return If the KeyInfo contains a PublicKey node
- * @throws KeyResolverException
- */
- public PublicKey getPublicKey() throws KeyResolverException {
- PublicKey pk = this.getPublicKeyFromInternalResolvers();
-
- if (pk != null) {
- if (log.isDebugEnabled()) {
- log.debug("I could find a key using the per-KeyInfo key resolvers");
- }
-
- return pk;
- }
- if (log.isDebugEnabled()) {
- log.debug("I couldn't find a key using the per-KeyInfo key resolvers");
- }
-
- pk = this.getPublicKeyFromStaticResolvers();
-
- if (pk != null) {
- if (log.isDebugEnabled()) {
- log.debug("I could find a key using the system-wide key resolvers");
- }
-
- return pk;
- }
- if (log.isDebugEnabled()) {
- log.debug("I couldn't find a key using the system-wide key resolvers");
- }
-
- return null;
- }
-
- /**
- * Searches the library wide KeyResolvers for public keys
- *
- * @return The public key contained in this Node.
- * @throws KeyResolverException
- */
- PublicKey getPublicKeyFromStaticResolvers() throws KeyResolverException {
- Iterator<KeyResolverSpi> it = KeyResolver.iterator();
- while (it.hasNext()) {
- KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
- Node currentChild = this.constructionElement.getFirstChild();
- String uri = this.getBaseURI();
- while (currentChild != null) {
- if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- for (StorageResolver storage : storageResolvers) {
- PublicKey pk =
- keyResolver.engineLookupAndResolvePublicKey(
- (Element) currentChild, uri, storage
- );
-
- if (pk != null) {
- return pk;
- }
- }
- }
- currentChild = currentChild.getNextSibling();
- }
- }
- return null;
- }
-
- /**
- * Searches the per-KeyInfo KeyResolvers for public keys
- *
- * @return The public key contained in this Node.
- * @throws KeyResolverException
- */
- PublicKey getPublicKeyFromInternalResolvers() throws KeyResolverException {
- for (KeyResolverSpi keyResolver : internalKeyResolvers) {
- if (log.isDebugEnabled()) {
- log.debug("Try " + keyResolver.getClass().getName());
- }
- keyResolver.setSecureValidation(secureValidation);
- Node currentChild = this.constructionElement.getFirstChild();
- String uri = this.getBaseURI();
- while (currentChild != null) {
- if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- for (StorageResolver storage : storageResolvers) {
- PublicKey pk =
- keyResolver.engineLookupAndResolvePublicKey(
- (Element) currentChild, uri, storage
- );
-
- if (pk != null) {
- return pk;
- }
- }
- }
- currentChild = currentChild.getNextSibling();
- }
- }
-
- return null;
- }
-
- /**
- * Method getX509Certificate
- *
- * @return The certificate contained in this KeyInfo
- * @throws KeyResolverException
- */
- public X509Certificate getX509Certificate() throws KeyResolverException {
- // First search using the individual resolvers from the user
- X509Certificate cert = this.getX509CertificateFromInternalResolvers();
-
- if (cert != null) {
- if (log.isDebugEnabled()) {
- log.debug("I could find a X509Certificate using the per-KeyInfo key resolvers");
- }
-
- return cert;
- }
- if (log.isDebugEnabled()) {
- log.debug("I couldn't find a X509Certificate using the per-KeyInfo key resolvers");
- }
-
- // Then use the system-wide Resolvers
- cert = this.getX509CertificateFromStaticResolvers();
-
- if (cert != null) {
- if (log.isDebugEnabled()) {
- log.debug("I could find a X509Certificate using the system-wide key resolvers");
- }
-
- return cert;
- }
- if (log.isDebugEnabled()) {
- log.debug("I couldn't find a X509Certificate using the system-wide key resolvers");
- }
-
- return null;
- }
-
- /**
- * This method uses each System-wide {@link KeyResolver} to search the
- * child elements. Each combination of {@link KeyResolver} and child element
- * is checked against all {@link StorageResolver}s.
- *
- * @return The certificate contained in this KeyInfo
- * @throws KeyResolverException
- */
- X509Certificate getX509CertificateFromStaticResolvers()
- throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug(
- "Start getX509CertificateFromStaticResolvers() with " + KeyResolver.length()
- + " resolvers"
- );
- }
- String uri = this.getBaseURI();
- Iterator<KeyResolverSpi> it = KeyResolver.iterator();
- while (it.hasNext()) {
- KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
- X509Certificate cert = applyCurrentResolver(uri, keyResolver);
- if (cert != null) {
- return cert;
- }
- }
- return null;
- }
-
- private X509Certificate applyCurrentResolver(
- String uri, KeyResolverSpi keyResolver
- ) throws KeyResolverException {
- Node currentChild = this.constructionElement.getFirstChild();
- while (currentChild != null) {
- if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- for (StorageResolver storage : storageResolvers) {
- X509Certificate cert =
- keyResolver.engineLookupResolveX509Certificate(
- (Element) currentChild, uri, storage
- );
-
- if (cert != null) {
- return cert;
- }
- }
- }
- currentChild = currentChild.getNextSibling();
- }
- return null;
- }
-
- /**
- * Method getX509CertificateFromInternalResolvers
- *
- * @return The certificate contained in this KeyInfo
- * @throws KeyResolverException
- */
- X509Certificate getX509CertificateFromInternalResolvers()
- throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug(
- "Start getX509CertificateFromInternalResolvers() with "
- + this.lengthInternalKeyResolver() + " resolvers"
- );
- }
- String uri = this.getBaseURI();
- for (KeyResolverSpi keyResolver : internalKeyResolvers) {
- if (log.isDebugEnabled()) {
- log.debug("Try " + keyResolver.getClass().getName());
- }
- keyResolver.setSecureValidation(secureValidation);
- X509Certificate cert = applyCurrentResolver(uri, keyResolver);
- if (cert != null) {
- return cert;
- }
- }
-
- return null;
- }
-
- /**
- * This method returns a secret (symmetric) key. This is for XML Encryption.
- * @return the secret key contained in this KeyInfo
- * @throws KeyResolverException
- */
- public SecretKey getSecretKey() throws KeyResolverException {
- SecretKey sk = this.getSecretKeyFromInternalResolvers();
-
- if (sk != null) {
- if (log.isDebugEnabled()) {
- log.debug("I could find a secret key using the per-KeyInfo key resolvers");
- }
-
- return sk;
- }
- if (log.isDebugEnabled()) {
- log.debug("I couldn't find a secret key using the per-KeyInfo key resolvers");
- }
-
- sk = this.getSecretKeyFromStaticResolvers();
-
- if (sk != null) {
- if (log.isDebugEnabled()) {
- log.debug("I could find a secret key using the system-wide key resolvers");
- }
-
- return sk;
- }
- if (log.isDebugEnabled()) {
- log.debug("I couldn't find a secret key using the system-wide key resolvers");
- }
-
- return null;
- }
-
- /**
- * Searches the library wide KeyResolvers for Secret keys
- *
- * @return the secret key contained in this KeyInfo
- * @throws KeyResolverException
- */
- SecretKey getSecretKeyFromStaticResolvers() throws KeyResolverException {
- Iterator<KeyResolverSpi> it = KeyResolver.iterator();
- while (it.hasNext()) {
- KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
-
- Node currentChild = this.constructionElement.getFirstChild();
- String uri = this.getBaseURI();
- while (currentChild != null) {
- if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- for (StorageResolver storage : storageResolvers) {
- SecretKey sk =
- keyResolver.engineLookupAndResolveSecretKey(
- (Element) currentChild, uri, storage
- );
-
- if (sk != null) {
- return sk;
- }
- }
- }
- currentChild = currentChild.getNextSibling();
- }
- }
- return null;
- }
-
- /**
- * Searches the per-KeyInfo KeyResolvers for secret keys
- *
- * @return the secret key contained in this KeyInfo
- * @throws KeyResolverException
- */
-
- SecretKey getSecretKeyFromInternalResolvers() throws KeyResolverException {
- for (KeyResolverSpi keyResolver : internalKeyResolvers) {
- if (log.isDebugEnabled()) {
- log.debug("Try " + keyResolver.getClass().getName());
- }
- keyResolver.setSecureValidation(secureValidation);
- Node currentChild = this.constructionElement.getFirstChild();
- String uri = this.getBaseURI();
- while (currentChild != null) {
- if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- for (StorageResolver storage : storageResolvers) {
- SecretKey sk =
- keyResolver.engineLookupAndResolveSecretKey(
- (Element) currentChild, uri, storage
- );
-
- if (sk != null) {
- return sk;
- }
- }
- }
- currentChild = currentChild.getNextSibling();
- }
- }
-
- return null;
- }
-
- /**
- * This method returns a private key. This is for Key Transport in XML Encryption.
- * @return the private key contained in this KeyInfo
- * @throws KeyResolverException
- */
- public PrivateKey getPrivateKey() throws KeyResolverException {
- PrivateKey pk = this.getPrivateKeyFromInternalResolvers();
-
- if (pk != null) {
- if (log.isDebugEnabled()) {
- log.debug("I could find a private key using the per-KeyInfo key resolvers");
- }
- return pk;
- }
- if (log.isDebugEnabled()) {
- log.debug("I couldn't find a secret key using the per-KeyInfo key resolvers");
- }
-
- pk = this.getPrivateKeyFromStaticResolvers();
- if (pk != null) {
- if (log.isDebugEnabled()) {
- log.debug("I could find a private key using the system-wide key resolvers");
- }
- return pk;
- }
- if (log.isDebugEnabled()) {
- log.debug("I couldn't find a private key using the system-wide key resolvers");
- }
-
- return null;
- }
-
- /**
- * Searches the library wide KeyResolvers for Private keys
- *
- * @return the private key contained in this KeyInfo
- * @throws KeyResolverException
- */
- PrivateKey getPrivateKeyFromStaticResolvers() throws KeyResolverException {
- Iterator<KeyResolverSpi> it = KeyResolver.iterator();
- while (it.hasNext()) {
- KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
-
- Node currentChild = this.constructionElement.getFirstChild();
- String uri = this.getBaseURI();
- while (currentChild != null) {
- if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- // not using StorageResolvers at the moment
- // since they cannot return private keys
- PrivateKey pk =
- keyResolver.engineLookupAndResolvePrivateKey(
- (Element) currentChild, uri, null
- );
-
- if (pk != null) {
- return pk;
- }
- }
- currentChild = currentChild.getNextSibling();
- }
- }
- return null;
- }
-
- /**
- * Searches the per-KeyInfo KeyResolvers for private keys
- *
- * @return the private key contained in this KeyInfo
- * @throws KeyResolverException
- */
- PrivateKey getPrivateKeyFromInternalResolvers() throws KeyResolverException {
- for (KeyResolverSpi keyResolver : internalKeyResolvers) {
- if (log.isDebugEnabled()) {
- log.debug("Try " + keyResolver.getClass().getName());
- }
- keyResolver.setSecureValidation(secureValidation);
- Node currentChild = this.constructionElement.getFirstChild();
- String uri = this.getBaseURI();
- while (currentChild != null) {
- if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
- // not using StorageResolvers at the moment
- // since they cannot return private keys
- PrivateKey pk =
- keyResolver.engineLookupAndResolvePrivateKey(
- (Element) currentChild, uri, null
- );
-
- if (pk != null) {
- return pk;
- }
- }
- currentChild = currentChild.getNextSibling();
- }
- }
-
- return null;
- }
-
- /**
- * This method is used to add a custom {@link KeyResolverSpi} to a KeyInfo
- * object.
- *
- * @param realKeyResolver
- */
- public void registerInternalKeyResolver(KeyResolverSpi realKeyResolver) {
- this.internalKeyResolvers.add(realKeyResolver);
- }
-
- /**
- * Method lengthInternalKeyResolver
- * @return the length of the key
- */
- int lengthInternalKeyResolver() {
- return this.internalKeyResolvers.size();
- }
-
- /**
- * Method itemInternalKeyResolver
- *
- * @param i the index
- * @return the KeyResolverSpi for the index.
- */
- KeyResolverSpi itemInternalKeyResolver(int i) {
- return this.internalKeyResolvers.get(i);
- }
-
- /**
- * Method addStorageResolver
- *
- * @param storageResolver
- */
- public void addStorageResolver(StorageResolver storageResolver) {
- if (storageResolvers == nullList) {
- // Replace the default null StorageResolver
- storageResolvers = new ArrayList<StorageResolver>();
- }
- this.storageResolvers.add(storageResolver);
- }
-
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_KEYINFO;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys;
-
-import java.io.PrintStream;
-import java.security.PublicKey;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.KeyName;
-import org.apache.xml.security.keys.content.KeyValue;
-import org.apache.xml.security.keys.content.MgmtData;
-import org.apache.xml.security.keys.content.X509Data;
-
-/**
- * Utility class for for <CODE>org.apache.xml.security.keys</CODE> package.
- *
- * @author $Author: coheigea $
- */
-public class KeyUtils {
-
- private KeyUtils() {
- // no instantiation
- }
-
- /**
- * Method prinoutKeyInfo
- *
- * @param ki
- * @param os
- * @throws XMLSecurityException
- */
- public static void prinoutKeyInfo(KeyInfo ki, PrintStream os)
- throws XMLSecurityException {
-
- for (int i = 0; i < ki.lengthKeyName(); i++) {
- KeyName x = ki.itemKeyName(i);
-
- os.println("KeyName(" + i + ")=\"" + x.getKeyName() + "\"");
- }
-
- for (int i = 0; i < ki.lengthKeyValue(); i++) {
- KeyValue x = ki.itemKeyValue(i);
- PublicKey pk = x.getPublicKey();
-
- os.println("KeyValue Nr. " + i);
- os.println(pk);
- }
-
- for (int i = 0; i < ki.lengthMgmtData(); i++) {
- MgmtData x = ki.itemMgmtData(i);
-
- os.println("MgmtData(" + i + ")=\"" + x.getMgmtData() + "\"");
- }
-
- for (int i = 0; i < ki.lengthX509Data(); i++) {
- X509Data x = ki.itemX509Data(i);
-
- os.println("X509Data(" + i + ")=\"" + (x.containsCertificate()
- ? "Certificate " : "") + (x.containsIssuerSerial()
- ? "IssuerSerial " : "") + "\"");
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.X509EncodedKeySpec;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.Signature11ElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Provides content model support for the <code>dsig11:DEREncodedKeyvalue</code> element.
- *
- * @author Brent Putman (putmanb@georgetown.edu)
- */
-public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyInfoContent {
-
- /** JCA algorithm key types supported by this implementation. */
- public static final String supportedKeyTypes[] = { "RSA", "DSA", "EC"};
-
- /**
- * Constructor DEREncodedKeyValue
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public DEREncodedKeyValue(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor DEREncodedKeyValue
- *
- * @param doc
- * @param publicKey
- * @throws XMLSecurityException
- */
- public DEREncodedKeyValue(Document doc, PublicKey publicKey) throws XMLSecurityException {
- super(doc);
-
- this.addBase64Text(getEncodedDER(publicKey));
- }
-
- /**
- * Constructor DEREncodedKeyValue
- *
- * @param doc
- * @param base64EncodedKey
- */
- public DEREncodedKeyValue(Document doc, byte[] encodedKey) {
- super(doc);
-
- this.addBase64Text(encodedKey);
- }
-
- /**
- * Sets the <code>Id</code> attribute
- *
- * @param Id ID
- */
- public void setId(String id) {
- if (id != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
- } else {
- this.constructionElement.removeAttributeNS(null, Constants._ATT_ID);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute
- *
- * @return the <code>Id</code> attribute
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_DERENCODEDKEYVALUE;
- }
-
- /**
- * Method getPublicKey
- *
- * @return the public key
- * @throws XMLSecurityException
- */
- public PublicKey getPublicKey() throws XMLSecurityException {
- byte[] encodedKey = getBytesFromTextChild();
-
- // Iterate over the supported key types until one produces a public key.
- for (String keyType : supportedKeyTypes) {
- try {
- KeyFactory keyFactory = KeyFactory.getInstance(keyType);
- X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey);
- PublicKey publicKey = keyFactory.generatePublic(keySpec);
- if (publicKey != null) {
- return publicKey;
- }
- } catch (NoSuchAlgorithmException e) {
- // Do nothing, try the next type
- } catch (InvalidKeySpecException e) {
- // Do nothing, try the next type
- }
- }
- throw new XMLSecurityException("DEREncodedKeyValue.UnsupportedEncodedKey");
- }
-
- /**
- * Method getEncodedDER
- *
- * @return the public key
- * @throws XMLSecurityException
- */
- protected byte[] getEncodedDER(PublicKey publicKey) throws XMLSecurityException {
- try {
- KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
- X509EncodedKeySpec keySpec = keyFactory.getKeySpec(publicKey, X509EncodedKeySpec.class);
- return keySpec.getEncoded();
- } catch (NoSuchAlgorithmException e) {
- Object exArgs[] = { publicKey.getAlgorithm(), publicKey.getFormat(), publicKey.getClass().getName() };
- throw new XMLSecurityException("DEREncodedKeyValue.UnsupportedPublicKey", exArgs, e);
- } catch (InvalidKeySpecException e) {
- Object exArgs[] = { publicKey.getAlgorithm(), publicKey.getFormat(), publicKey.getClass().getName() };
- throw new XMLSecurityException("DEREncodedKeyValue.UnsupportedPublicKey", exArgs, e);
- }
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-/**
- * Empty interface just to identify Elements that can be children of ds:KeyInfo.
- *
- * @author $Author: coheigea $
- */
-public interface KeyInfoContent {
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.Signature11ElementProxy;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Provides content model support for the <code>dsig11:KeyInfoReference</code> element.
- *
- * @author Brent Putman (putmanb@georgetown.edu)
- */
-public class KeyInfoReference extends Signature11ElementProxy implements KeyInfoContent {
-
- /**
- * Constructor RetrievalMethod
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public KeyInfoReference(Element element, String baseURI) throws XMLSecurityException {
- super(element, baseURI);
- }
-
- /**
- * Constructor RetrievalMethod
- *
- * @param doc
- * @param URI
- */
- public KeyInfoReference(Document doc, String URI) {
- super(doc);
-
- this.constructionElement.setAttributeNS(null, Constants._ATT_URI, URI);
- }
-
- /**
- * Method getURIAttr
- *
- * @return the URI attribute
- */
- public Attr getURIAttr() {
- return this.constructionElement.getAttributeNodeNS(null, Constants._ATT_URI);
- }
-
- /**
- * Method getURI
- *
- * @return URI string
- */
- public String getURI() {
- return this.getURIAttr().getNodeValue();
- }
-
- /**
- * Sets the <code>Id</code> attribute
- *
- * @param Id ID
- */
- public void setId(String id) {
- if (id != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
- } else {
- this.constructionElement.removeAttributeNS(null, Constants._ATT_ID);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute
- *
- * @return the <code>Id</code> attribute
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_KEYINFOREFERENCE;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * @author $Author: coheigea $
- */
-public class KeyName extends SignatureElementProxy implements KeyInfoContent {
-
- /**
- * Constructor KeyName
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public KeyName(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor KeyName
- *
- * @param doc
- * @param keyName
- */
- public KeyName(Document doc, String keyName) {
- super(doc);
-
- this.addText(keyName);
- }
-
- /**
- * Method getKeyName
- *
- * @return key name
- */
- public String getKeyName() {
- return this.getTextFromTextChild();
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_KEYNAME;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import java.security.PublicKey;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
-import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * The KeyValue element contains a single public key that may be useful in
- * validating the signature. Structured formats for defining DSA (REQUIRED)
- * and RSA (RECOMMENDED) public keys are defined in Signature Algorithms
- * (section 6.4). The KeyValue element may include externally defined public
- * keys values represented as PCDATA or element types from an external
- * namespace.
- *
- * @author $Author: coheigea $
- */
-public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
-
- /**
- * Constructor KeyValue
- *
- * @param doc
- * @param dsaKeyValue
- */
- public KeyValue(Document doc, DSAKeyValue dsaKeyValue) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- this.constructionElement.appendChild(dsaKeyValue.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Constructor KeyValue
- *
- * @param doc
- * @param rsaKeyValue
- */
- public KeyValue(Document doc, RSAKeyValue rsaKeyValue) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- this.constructionElement.appendChild(rsaKeyValue.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Constructor KeyValue
- *
- * @param doc
- * @param unknownKeyValue
- */
- public KeyValue(Document doc, Element unknownKeyValue) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- this.constructionElement.appendChild(unknownKeyValue);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Constructor KeyValue
- *
- * @param doc
- * @param pk
- */
- public KeyValue(Document doc, PublicKey pk) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
-
- if (pk instanceof java.security.interfaces.DSAPublicKey) {
- DSAKeyValue dsa = new DSAKeyValue(this.doc, pk);
-
- this.constructionElement.appendChild(dsa.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- } else if (pk instanceof java.security.interfaces.RSAPublicKey) {
- RSAKeyValue rsa = new RSAKeyValue(this.doc, pk);
-
- this.constructionElement.appendChild(rsa.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
- }
-
- /**
- * Constructor KeyValue
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public KeyValue(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Method getPublicKey
- *
- * @return the public key
- * @throws XMLSecurityException
- */
- public PublicKey getPublicKey() throws XMLSecurityException {
- Element rsa =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_RSAKEYVALUE, 0);
-
- if (rsa != null) {
- RSAKeyValue kv = new RSAKeyValue(rsa, this.baseURI);
- return kv.getPublicKey();
- }
-
- Element dsa =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_DSAKEYVALUE, 0);
-
- if (dsa != null) {
- DSAKeyValue kv = new DSAKeyValue(dsa, this.baseURI);
- return kv.getPublicKey();
- }
-
- return null;
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_KEYVALUE;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * @author $Author: coheigea $
- */
-public class MgmtData extends SignatureElementProxy implements KeyInfoContent {
-
- /**
- * Constructor MgmtData
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public MgmtData(Element element, String BaseURI)
- throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor MgmtData
- *
- * @param doc
- * @param mgmtData
- */
- public MgmtData(Document doc, String mgmtData) {
- super(doc);
-
- this.addText(mgmtData);
- }
-
- /**
- * Method getMgmtData
- *
- * @return the managment data
- */
- public String getMgmtData() {
- return this.getTextFromTextChild();
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_MGMTDATA;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Element;
-
-/**
- * @author $Author: coheigea $
- * $todo$ Implement
- */
-public class PGPData extends SignatureElementProxy implements KeyInfoContent {
-
- /**
- * Constructor PGPData
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public PGPData(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_PGPDATA;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class RetrievalMethod extends SignatureElementProxy implements KeyInfoContent {
-
- /** DSA retrieval */
- public static final String TYPE_DSA = Constants.SignatureSpecNS + "DSAKeyValue";
- /** RSA retrieval */
- public static final String TYPE_RSA = Constants.SignatureSpecNS + "RSAKeyValue";
- /** PGP retrieval */
- public static final String TYPE_PGP = Constants.SignatureSpecNS + "PGPData";
- /** SPKI retrieval */
- public static final String TYPE_SPKI = Constants.SignatureSpecNS + "SPKIData";
- /** MGMT retrieval */
- public static final String TYPE_MGMT = Constants.SignatureSpecNS + "MgmtData";
- /** X509 retrieval */
- public static final String TYPE_X509 = Constants.SignatureSpecNS + "X509Data";
- /** RAWX509 retrieval */
- public static final String TYPE_RAWX509 = Constants.SignatureSpecNS + "rawX509Certificate";
-
- /**
- * Constructor RetrievalMethod
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public RetrievalMethod(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor RetrievalMethod
- *
- * @param doc
- * @param URI
- * @param transforms
- * @param Type
- */
- public RetrievalMethod(Document doc, String URI, Transforms transforms, String Type) {
- super(doc);
-
- this.constructionElement.setAttributeNS(null, Constants._ATT_URI, URI);
-
- if (Type != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_TYPE, Type);
- }
-
- if (transforms != null) {
- this.constructionElement.appendChild(transforms.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
- }
-
- /**
- * Method getURIAttr
- *
- * @return the URI attribute
- */
- public Attr getURIAttr() {
- return this.constructionElement.getAttributeNodeNS(null, Constants._ATT_URI);
- }
-
- /**
- * Method getURI
- *
- * @return URI string
- */
- public String getURI() {
- return this.getURIAttr().getNodeValue();
- }
-
- /** @return the type*/
- public String getType() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_TYPE);
- }
-
- /**
- * Method getTransforms
- *
- * @throws XMLSecurityException
- * @return the transformations
- */
- public Transforms getTransforms() throws XMLSecurityException {
- try {
- Element transformsElem =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_TRANSFORMS, 0);
-
- if (transformsElem != null) {
- return new Transforms(transformsElem, this.baseURI);
- }
-
- return null;
- } catch (XMLSignatureException ex) {
- throw new XMLSecurityException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_RETRIEVALMETHOD;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Element;
-
-/**
- * @author $Author: coheigea $
- * $todo$ implement
- */
-public class SPKIData extends SignatureElementProxy implements KeyInfoContent {
-
- /**
- * Constructor SPKIData
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public SPKIData(Element element, String BaseURI)
- throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_SPKIDATA;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content;
-
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.x509.XMLX509CRL;
-import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
-import org.apache.xml.security.keys.content.x509.XMLX509Digest;
-import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
-import org.apache.xml.security.keys.content.x509.XMLX509SKI;
-import org.apache.xml.security.keys.content.x509.XMLX509SubjectName;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-public class X509Data extends SignatureElementProxy implements KeyInfoContent {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(X509Data.class);
-
- /**
- * Constructor X509Data
- *
- * @param doc
- */
- public X509Data(Document doc) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Constructor X509Data
- *
- * @param element
- * @param baseURI
- * @throws XMLSecurityException
- */
- public X509Data(Element element, String baseURI) throws XMLSecurityException {
- super(element, baseURI);
-
- Node sibling = this.constructionElement.getFirstChild();
- while (sibling != null) {
- if (sibling.getNodeType() != Node.ELEMENT_NODE) {
- sibling = sibling.getNextSibling();
- continue;
- }
- return;
- }
- /* No Elements found */
- Object exArgs[] = { "Elements", Constants._TAG_X509DATA };
- throw new XMLSecurityException("xml.WrongContent", exArgs);
- }
-
- /**
- * Method addIssuerSerial
- *
- * @param X509IssuerName
- * @param X509SerialNumber
- */
- public void addIssuerSerial(String X509IssuerName, BigInteger X509SerialNumber) {
- this.add(new XMLX509IssuerSerial(this.doc, X509IssuerName, X509SerialNumber));
- }
-
- /**
- * Method addIssuerSerial
- *
- * @param X509IssuerName
- * @param X509SerialNumber
- */
- public void addIssuerSerial(String X509IssuerName, String X509SerialNumber) {
- this.add(new XMLX509IssuerSerial(this.doc, X509IssuerName, X509SerialNumber));
- }
-
- /**
- * Method addIssuerSerial
- *
- * @param X509IssuerName
- * @param X509SerialNumber
- */
- public void addIssuerSerial(String X509IssuerName, int X509SerialNumber) {
- this.add(new XMLX509IssuerSerial(this.doc, X509IssuerName, X509SerialNumber));
- }
-
- /**
- * Method add
- *
- * @param xmlX509IssuerSerial
- */
- public void add(XMLX509IssuerSerial xmlX509IssuerSerial) {
-
- this.constructionElement.appendChild(xmlX509IssuerSerial.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addSKI
- *
- * @param skiBytes
- */
- public void addSKI(byte[] skiBytes) {
- this.add(new XMLX509SKI(this.doc, skiBytes));
- }
-
- /**
- * Method addSKI
- *
- * @param x509certificate
- * @throws XMLSecurityException
- */
- public void addSKI(X509Certificate x509certificate)
- throws XMLSecurityException {
- this.add(new XMLX509SKI(this.doc, x509certificate));
- }
-
- /**
- * Method add
- *
- * @param xmlX509SKI
- */
- public void add(XMLX509SKI xmlX509SKI) {
- this.constructionElement.appendChild(xmlX509SKI.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addSubjectName
- *
- * @param subjectName
- */
- public void addSubjectName(String subjectName) {
- this.add(new XMLX509SubjectName(this.doc, subjectName));
- }
-
- /**
- * Method addSubjectName
- *
- * @param x509certificate
- */
- public void addSubjectName(X509Certificate x509certificate) {
- this.add(new XMLX509SubjectName(this.doc, x509certificate));
- }
-
- /**
- * Method add
- *
- * @param xmlX509SubjectName
- */
- public void add(XMLX509SubjectName xmlX509SubjectName) {
- this.constructionElement.appendChild(xmlX509SubjectName.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addCertificate
- *
- * @param x509certificate
- * @throws XMLSecurityException
- */
- public void addCertificate(X509Certificate x509certificate)
- throws XMLSecurityException {
- this.add(new XMLX509Certificate(this.doc, x509certificate));
- }
-
- /**
- * Method addCertificate
- *
- * @param x509certificateBytes
- */
- public void addCertificate(byte[] x509certificateBytes) {
- this.add(new XMLX509Certificate(this.doc, x509certificateBytes));
- }
-
- /**
- * Method add
- *
- * @param xmlX509Certificate
- */
- public void add(XMLX509Certificate xmlX509Certificate) {
- this.constructionElement.appendChild(xmlX509Certificate.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addCRL
- *
- * @param crlBytes
- */
- public void addCRL(byte[] crlBytes) {
- this.add(new XMLX509CRL(this.doc, crlBytes));
- }
-
- /**
- * Method add
- *
- * @param xmlX509CRL
- */
- public void add(XMLX509CRL xmlX509CRL) {
- this.constructionElement.appendChild(xmlX509CRL.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addDigest
- *
- * @param x509certificate
- * @param algorithmURI
- * @throws XMLSecurityException
- */
- public void addDigest(X509Certificate x509certificate, String algorithmURI)
- throws XMLSecurityException {
- this.add(new XMLX509Digest(this.doc, x509certificate, algorithmURI));
- }
-
- /**
- * Method addDigest
- *
- * @param x509CertificateDigestByes
- * @param algorithmURI
- */
- public void addDigest(byte[] x509certificateDigestBytes, String algorithmURI) {
- this.add(new XMLX509Digest(this.doc, x509certificateDigestBytes, algorithmURI));
- }
-
- /**
- * Method add
- *
- * @param XMLX509Digest
- */
- public void add(XMLX509Digest xmlX509Digest) {
- this.constructionElement.appendChild(xmlX509Digest.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addUnknownElement
- *
- * @param element
- */
- public void addUnknownElement(Element element) {
- this.constructionElement.appendChild(element);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method lengthIssuerSerial
- *
- * @return the number of IssuerSerial elements in this X509Data
- */
- public int lengthIssuerSerial() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_X509ISSUERSERIAL);
- }
-
- /**
- * Method lengthSKI
- *
- * @return the number of SKI elements in this X509Data
- */
- public int lengthSKI() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_X509SKI);
- }
-
- /**
- * Method lengthSubjectName
- *
- * @return the number of SubjectName elements in this X509Data
- */
- public int lengthSubjectName() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_X509SUBJECTNAME);
- }
-
- /**
- * Method lengthCertificate
- *
- * @return the number of Certificate elements in this X509Data
- */
- public int lengthCertificate() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE);
- }
-
- /**
- * Method lengthCRL
- *
- * @return the number of CRL elements in this X509Data
- */
- public int lengthCRL() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_X509CRL);
- }
-
- /**
- * Method lengthDigest
- *
- * @return the number of X509Digest elements in this X509Data
- */
- public int lengthDigest() {
- return this.length(Constants.SignatureSpec11NS, Constants._TAG_X509DIGEST);
- }
-
- /**
- * Method lengthUnknownElement
- *
- * @return the number of UnknownElement elements in this X509Data
- */
- public int lengthUnknownElement() {
- int result = 0;
- Node n = this.constructionElement.getFirstChild();
- while (n != null){
- if ((n.getNodeType() == Node.ELEMENT_NODE)
- && !n.getNamespaceURI().equals(Constants.SignatureSpecNS)) {
- result++;
- }
- n = n.getNextSibling();
- }
-
- return result;
- }
-
- /**
- * Method itemIssuerSerial
- *
- * @param i
- * @return the X509IssuerSerial, null if not present
- * @throws XMLSecurityException
- */
- public XMLX509IssuerSerial itemIssuerSerial(int i) throws XMLSecurityException {
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_X509ISSUERSERIAL, i);
-
- if (e != null) {
- return new XMLX509IssuerSerial(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemSKI
- *
- * @param i
- * @return the X509SKI, null if not present
- * @throws XMLSecurityException
- */
- public XMLX509SKI itemSKI(int i) throws XMLSecurityException {
-
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_X509SKI, i);
-
- if (e != null) {
- return new XMLX509SKI(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemSubjectName
- *
- * @param i
- * @return the X509SubjectName, null if not present
- * @throws XMLSecurityException
- */
- public XMLX509SubjectName itemSubjectName(int i) throws XMLSecurityException {
-
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_X509SUBJECTNAME, i);
-
- if (e != null) {
- return new XMLX509SubjectName(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemCertificate
- *
- * @param i
- * @return the X509Certifacte, null if not present
- * @throws XMLSecurityException
- */
- public XMLX509Certificate itemCertificate(int i) throws XMLSecurityException {
-
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_X509CERTIFICATE, i);
-
- if (e != null) {
- return new XMLX509Certificate(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemCRL
- *
- * @param i
- * @return the X509CRL, null if not present
- * @throws XMLSecurityException
- */
- public XMLX509CRL itemCRL(int i) throws XMLSecurityException {
-
- Element e =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_X509CRL, i);
-
- if (e != null) {
- return new XMLX509CRL(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemDigest
- *
- * @param i
- * @return the X509Digest, null if not present
- * @throws XMLSecurityException
- */
- public XMLX509Digest itemDigest(int i) throws XMLSecurityException {
-
- Element e =
- XMLUtils.selectDs11Node(
- this.constructionElement.getFirstChild(), Constants._TAG_X509DIGEST, i);
-
- if (e != null) {
- return new XMLX509Digest(e, this.baseURI);
- }
- return null;
- }
-
- /**
- * Method itemUnknownElement
- *
- * @param i
- * @return the Unknown Element at i
- * TODO implement
- **/
- public Element itemUnknownElement(int i) {
- if (log.isDebugEnabled()) {
- log.debug("itemUnknownElement not implemented:" + i);
- }
- return null;
- }
-
- /**
- * Method containsIssuerSerial
- *
- * @return true if this X509Data contains a IssuerSerial
- */
- public boolean containsIssuerSerial() {
- return this.lengthIssuerSerial() > 0;
- }
-
- /**
- * Method containsSKI
- *
- * @return true if this X509Data contains a SKI
- */
- public boolean containsSKI() {
- return this.lengthSKI() > 0;
- }
-
- /**
- * Method containsSubjectName
- *
- * @return true if this X509Data contains a SubjectName
- */
- public boolean containsSubjectName() {
- return this.lengthSubjectName() > 0;
- }
-
- /**
- * Method containsCertificate
- *
- * @return true if this X509Data contains a Certificate
- */
- public boolean containsCertificate() {
- return this.lengthCertificate() > 0;
- }
-
- /**
- * Method containsDigest
- *
- * @return true if this X509Data contains an X509Digest
- */
- public boolean containsDigest() {
- return this.lengthDigest() > 0;
- }
-
- /**
- * Method containsCRL
- *
- * @return true if this X509Data contains a CRL
- */
- public boolean containsCRL() {
- return this.lengthCRL() > 0;
- }
-
- /**
- * Method containsUnknownElement
- *
- * @return true if this X509Data contains an UnknownElement
- */
- public boolean containsUnknownElement() {
- return this.lengthUnknownElement() > 0;
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509DATA;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.keyvalues;
-
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.interfaces.DSAPublicKey;
-import java.security.spec.DSAPublicKeySpec;
-import java.security.spec.InvalidKeySpecException;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.I18n;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class DSAKeyValue extends SignatureElementProxy implements KeyValueContent {
-
- /**
- * Constructor DSAKeyValue
- *
- * @param element
- * @param baseURI
- * @throws XMLSecurityException
- */
- public DSAKeyValue(Element element, String baseURI) throws XMLSecurityException {
- super(element, baseURI);
- }
-
- /**
- * Constructor DSAKeyValue
- *
- * @param doc
- * @param P
- * @param Q
- * @param G
- * @param Y
- */
- public DSAKeyValue(Document doc, BigInteger P, BigInteger Q, BigInteger G, BigInteger Y) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- this.addBigIntegerElement(P, Constants._TAG_P);
- this.addBigIntegerElement(Q, Constants._TAG_Q);
- this.addBigIntegerElement(G, Constants._TAG_G);
- this.addBigIntegerElement(Y, Constants._TAG_Y);
- }
-
- /**
- * Constructor DSAKeyValue
- *
- * @param doc
- * @param key
- * @throws IllegalArgumentException
- */
- public DSAKeyValue(Document doc, Key key) throws IllegalArgumentException {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
-
- if (key instanceof java.security.interfaces.DSAPublicKey) {
- this.addBigIntegerElement(((DSAPublicKey) key).getParams().getP(), Constants._TAG_P);
- this.addBigIntegerElement(((DSAPublicKey) key).getParams().getQ(), Constants._TAG_Q);
- this.addBigIntegerElement(((DSAPublicKey) key).getParams().getG(), Constants._TAG_G);
- this.addBigIntegerElement(((DSAPublicKey) key).getY(), Constants._TAG_Y);
- } else {
- Object exArgs[] = { Constants._TAG_DSAKEYVALUE, key.getClass().getName() };
-
- throw new IllegalArgumentException(I18n.translate("KeyValue.IllegalArgument", exArgs));
- }
- }
-
- /** @inheritDoc */
- public PublicKey getPublicKey() throws XMLSecurityException {
- try {
- DSAPublicKeySpec pkspec =
- new DSAPublicKeySpec(
- this.getBigIntegerFromChildElement(
- Constants._TAG_Y, Constants.SignatureSpecNS
- ),
- this.getBigIntegerFromChildElement(
- Constants._TAG_P, Constants.SignatureSpecNS
- ),
- this.getBigIntegerFromChildElement(
- Constants._TAG_Q, Constants.SignatureSpecNS
- ),
- this.getBigIntegerFromChildElement(
- Constants._TAG_G, Constants.SignatureSpecNS
- )
- );
- KeyFactory dsaFactory = KeyFactory.getInstance("DSA");
- PublicKey pk = dsaFactory.generatePublic(pkspec);
-
- return pk;
- } catch (NoSuchAlgorithmException ex) {
- throw new XMLSecurityException("empty", ex);
- } catch (InvalidKeySpecException ex) {
- throw new XMLSecurityException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_DSAKEYVALUE;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.keyvalues;
-
-import java.security.PublicKey;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-public interface KeyValueContent {
-
- /**
- * Method getPublicKey
- *
- * @return the public key
- * @throws XMLSecurityException
- */
- PublicKey getPublicKey() throws XMLSecurityException;
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.keyvalues;
-
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.RSAPublicKeySpec;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.I18n;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class RSAKeyValue extends SignatureElementProxy implements KeyValueContent {
-
- /**
- * Constructor RSAKeyValue
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public RSAKeyValue(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor RSAKeyValue
- *
- * @param doc
- * @param modulus
- * @param exponent
- */
- public RSAKeyValue(Document doc, BigInteger modulus, BigInteger exponent) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- this.addBigIntegerElement(modulus, Constants._TAG_MODULUS);
- this.addBigIntegerElement(exponent, Constants._TAG_EXPONENT);
- }
-
- /**
- * Constructor RSAKeyValue
- *
- * @param doc
- * @param key
- * @throws IllegalArgumentException
- */
- public RSAKeyValue(Document doc, Key key) throws IllegalArgumentException {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
-
- if (key instanceof java.security.interfaces.RSAPublicKey ) {
- this.addBigIntegerElement(
- ((RSAPublicKey) key).getModulus(), Constants._TAG_MODULUS
- );
- this.addBigIntegerElement(
- ((RSAPublicKey) key).getPublicExponent(), Constants._TAG_EXPONENT
- );
- } else {
- Object exArgs[] = { Constants._TAG_RSAKEYVALUE, key.getClass().getName() };
-
- throw new IllegalArgumentException(I18n.translate("KeyValue.IllegalArgument", exArgs));
- }
- }
-
- /** @inheritDoc */
- public PublicKey getPublicKey() throws XMLSecurityException {
- try {
- KeyFactory rsaFactory = KeyFactory.getInstance("RSA");
-
- RSAPublicKeySpec rsaKeyspec =
- new RSAPublicKeySpec(
- this.getBigIntegerFromChildElement(
- Constants._TAG_MODULUS, Constants.SignatureSpecNS
- ),
- this.getBigIntegerFromChildElement(
- Constants._TAG_EXPONENT, Constants.SignatureSpecNS
- )
- );
- PublicKey pk = rsaFactory.generatePublic(rsaKeyspec);
-
- return pk;
- } catch (NoSuchAlgorithmException ex) {
- throw new XMLSecurityException("empty", ex);
- } catch (InvalidKeySpecException ex) {
- throw new XMLSecurityException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_RSAKEYVALUE;
- }
-}
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-basic handlers for elements that can occur inside <CODE>ds:KeyValue</CODE>.
-</P></BODY></HTML>
\ No newline at end of file
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-basic handlers for elements that can occur inside <CODE>ds:KeyInfo</CODE>.
-</P></BODY></HTML>
\ No newline at end of file
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.x509;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class XMLX509CRL extends SignatureElementProxy implements XMLX509DataContent {
-
- /**
- * Constructor XMLX509CRL
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public XMLX509CRL(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor X509CRL
- *
- * @param doc
- * @param crlBytes
- */
- public XMLX509CRL(Document doc, byte[] crlBytes) {
- super(doc);
-
- this.addBase64Text(crlBytes);
- }
-
- /**
- * Method getCRLBytes
- *
- * @return the CRL bytes
- * @throws XMLSecurityException
- */
- public byte[] getCRLBytes() throws XMLSecurityException {
- return this.getBytesFromTextChild();
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509CRL;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.x509;
-
-import java.io.ByteArrayInputStream;
-import java.security.PublicKey;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class XMLX509Certificate extends SignatureElementProxy implements XMLX509DataContent {
-
- /** Field JCA_CERT_ID */
- public static final String JCA_CERT_ID = "X.509";
-
- /**
- * Constructor X509Certificate
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public XMLX509Certificate(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor X509Certificate
- *
- * @param doc
- * @param certificateBytes
- */
- public XMLX509Certificate(Document doc, byte[] certificateBytes) {
- super(doc);
-
- this.addBase64Text(certificateBytes);
- }
-
- /**
- * Constructor XMLX509Certificate
- *
- * @param doc
- * @param x509certificate
- * @throws XMLSecurityException
- */
- public XMLX509Certificate(Document doc, X509Certificate x509certificate)
- throws XMLSecurityException {
- super(doc);
-
- try {
- this.addBase64Text(x509certificate.getEncoded());
- } catch (java.security.cert.CertificateEncodingException ex) {
- throw new XMLSecurityException("empty", ex);
- }
- }
-
- /**
- * Method getCertificateBytes
- *
- * @return the certificate bytes
- * @throws XMLSecurityException
- */
- public byte[] getCertificateBytes() throws XMLSecurityException {
- return this.getBytesFromTextChild();
- }
-
- /**
- * Method getX509Certificate
- *
- * @return the x509 certificate
- * @throws XMLSecurityException
- */
- public X509Certificate getX509Certificate() throws XMLSecurityException {
- try {
- byte certbytes[] = this.getCertificateBytes();
- CertificateFactory certFact =
- CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
- X509Certificate cert =
- (X509Certificate) certFact.generateCertificate(
- new ByteArrayInputStream(certbytes)
- );
-
- if (cert != null) {
- return cert;
- }
-
- return null;
- } catch (CertificateException ex) {
- throw new XMLSecurityException("empty", ex);
- }
- }
-
- /**
- * Method getPublicKey
- *
- * @return the publickey
- * @throws XMLSecurityException
- */
- public PublicKey getPublicKey() throws XMLSecurityException {
- X509Certificate cert = this.getX509Certificate();
-
- if (cert != null) {
- return cert.getPublicKey();
- }
-
- return null;
- }
-
- /** @inheritDoc */
- public boolean equals(Object obj) {
- if (!(obj instanceof XMLX509Certificate)) {
- return false;
- }
- XMLX509Certificate other = (XMLX509Certificate) obj;
- try {
- return Arrays.equals(other.getCertificateBytes(), this.getCertificateBytes());
- } catch (XMLSecurityException ex) {
- return false;
- }
- }
-
- public int hashCode() {
- int result = 17;
- try {
- byte[] bytes = getCertificateBytes();
- for (int i = 0; i < bytes.length; i++) {
- result = 31 * result + bytes[i];
- }
- } catch (XMLSecurityException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- }
- return result;
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509CERTIFICATE;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.x509;
-
-/**
- * Just used for tagging contents that are allowed inside a ds:X509Data Element.
- *
- * @author $Author: coheigea $
- */
-public interface XMLX509DataContent {
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.x509;
-
-import java.security.MessageDigest;
-import java.security.cert.X509Certificate;
-
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.Signature11ElementProxy;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Provides content model support for the <code>dsig11:X509Digest</code> element.
- *
- * @author Brent Putman (putmanb@georgetown.edu)
- */
-public class XMLX509Digest extends Signature11ElementProxy implements XMLX509DataContent {
-
- /**
- * Constructor XMLX509Digest
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public XMLX509Digest(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor XMLX509Digest
- *
- * @param doc
- * @param digestBytes
- * @param algorithmURI
- */
- public XMLX509Digest(Document doc, byte[] digestBytes, String algorithmURI) {
- super(doc);
- this.addBase64Text(digestBytes);
- this.constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithmURI);
- }
-
- /**
- * Constructor XMLX509Digest
- *
- * @param doc
- * @param x509certificate
- * @param algorithmURI
- * @throws XMLSecurityException
- */
- public XMLX509Digest(Document doc, X509Certificate x509certificate, String algorithmURI) throws XMLSecurityException {
- super(doc);
- this.addBase64Text(getDigestBytesFromCert(x509certificate, algorithmURI));
- this.constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithmURI);
- }
-
- /**
- * Method getAlgorithmAttr
- *
- * @return the Algorithm attribute
- */
- public Attr getAlgorithmAttr() {
- return this.constructionElement.getAttributeNodeNS(null, Constants._ATT_ALGORITHM);
- }
-
- /**
- * Method getAlgorithm
- *
- * @return Algorithm string
- */
- public String getAlgorithm() {
- return this.getAlgorithmAttr().getNodeValue();
- }
-
- /**
- * Method getDigestBytes
- *
- * @return the digestbytes
- * @throws XMLSecurityException
- */
- public byte[] getDigestBytes() throws XMLSecurityException {
- return this.getBytesFromTextChild();
- }
-
- /**
- * Method getDigestBytesFromCert
- *
- * @param cert
- * @param algorithmURI
- * @return digest bytes from the given certificate
- *
- * @throws XMLSecurityException
- */
- public static byte[] getDigestBytesFromCert(X509Certificate cert, String algorithmURI) throws XMLSecurityException {
- String jcaDigestAlgorithm = JCEMapper.translateURItoJCEID(algorithmURI);
- if (jcaDigestAlgorithm == null) {
- Object exArgs[] = { algorithmURI };
- throw new XMLSecurityException("XMLX509Digest.UnknownDigestAlgorithm", exArgs);
- }
-
- try {
- MessageDigest md = MessageDigest.getInstance(jcaDigestAlgorithm);
- return md.digest(cert.getEncoded());
- } catch (Exception e) {
- Object exArgs[] = { jcaDigestAlgorithm };
- throw new XMLSecurityException("XMLX509Digest.FailedDigest", exArgs);
- }
-
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509DIGEST;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.x509;
-
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.RFC2253Parser;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-public class XMLX509IssuerSerial extends SignatureElementProxy implements XMLX509DataContent {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(XMLX509IssuerSerial.class);
-
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param element
- * @param baseURI
- * @throws XMLSecurityException
- */
- public XMLX509IssuerSerial(Element element, String baseURI) throws XMLSecurityException {
- super(element, baseURI);
- }
-
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param doc
- * @param x509IssuerName
- * @param x509SerialNumber
- */
- public XMLX509IssuerSerial(Document doc, String x509IssuerName, BigInteger x509SerialNumber) {
- super(doc);
- XMLUtils.addReturnToElement(this.constructionElement);
- addTextElement(x509IssuerName, Constants._TAG_X509ISSUERNAME);
- addTextElement(x509SerialNumber.toString(), Constants._TAG_X509SERIALNUMBER);
- }
-
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param doc
- * @param x509IssuerName
- * @param x509SerialNumber
- */
- public XMLX509IssuerSerial(Document doc, String x509IssuerName, String x509SerialNumber) {
- this(doc, x509IssuerName, new BigInteger(x509SerialNumber));
- }
-
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param doc
- * @param x509IssuerName
- * @param x509SerialNumber
- */
- public XMLX509IssuerSerial(Document doc, String x509IssuerName, int x509SerialNumber) {
- this(doc, x509IssuerName, new BigInteger(Integer.toString(x509SerialNumber)));
- }
-
- /**
- * Constructor XMLX509IssuerSerial
- *
- * @param doc
- * @param x509certificate
- */
- public XMLX509IssuerSerial(Document doc, X509Certificate x509certificate) {
- this(
- doc,
- x509certificate.getIssuerX500Principal().getName(),
- x509certificate.getSerialNumber()
- );
- }
-
- /**
- * Method getSerialNumber
- *
- * @return the serial number
- */
- public BigInteger getSerialNumber() {
- String text =
- this.getTextFromChildElement(Constants._TAG_X509SERIALNUMBER, Constants.SignatureSpecNS);
- if (log.isDebugEnabled()) {
- log.debug("X509SerialNumber text: " + text);
- }
-
- return new BigInteger(text);
- }
-
- /**
- * Method getSerialNumberInteger
- *
- * @return the serial number as plain int
- */
- public int getSerialNumberInteger() {
- return this.getSerialNumber().intValue();
- }
-
- /**
- * Method getIssuerName
- *
- * @return the issuer name
- */
- public String getIssuerName() {
- return RFC2253Parser.normalize(
- this.getTextFromChildElement(Constants._TAG_X509ISSUERNAME, Constants.SignatureSpecNS)
- );
- }
-
- /** @inheritDoc */
- public boolean equals(Object obj) {
- if (!(obj instanceof XMLX509IssuerSerial)) {
- return false;
- }
-
- XMLX509IssuerSerial other = (XMLX509IssuerSerial) obj;
-
- return this.getSerialNumber().equals(other.getSerialNumber())
- && this.getIssuerName().equals(other.getIssuerName());
- }
-
- public int hashCode() {
- int result = 17;
- result = 31 * result + getSerialNumber().hashCode();
- result = 31 * result + getIssuerName().hashCode();
- return result;
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509ISSUERSERIAL;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.x509;
-
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Handles SubjectKeyIdentifier (SKI) for X.509v3.
- *
- * @see <A HREF="http://java.sun.com/j2se/1.5.0/docs/api/java/security/cert/X509Extension.html">
- * Interface X509Extension</A>
- */
-public class XMLX509SKI extends SignatureElementProxy implements XMLX509DataContent {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(XMLX509SKI.class);
-
- /**
- * <CODE>SubjectKeyIdentifier (id-ce-subjectKeyIdentifier) (2.5.29.14)</CODE>:
- * This extension identifies the public key being certified. It enables
- * distinct keys used by the same subject to be differentiated
- * (e.g., as key updating occurs).
- * <BR />
- * A key identifier shall be unique with respect to all key identifiers
- * for the subject with which it is used. This extension is always non-critical.
- */
- public static final String SKI_OID = "2.5.29.14";
-
- /**
- * Constructor X509SKI
- *
- * @param doc
- * @param skiBytes
- */
- public XMLX509SKI(Document doc, byte[] skiBytes) {
- super(doc);
- this.addBase64Text(skiBytes);
- }
-
- /**
- * Constructor XMLX509SKI
- *
- * @param doc
- * @param x509certificate
- * @throws XMLSecurityException
- */
- public XMLX509SKI(Document doc, X509Certificate x509certificate)
- throws XMLSecurityException {
- super(doc);
- this.addBase64Text(XMLX509SKI.getSKIBytesFromCert(x509certificate));
- }
-
- /**
- * Constructor XMLX509SKI
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public XMLX509SKI(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Method getSKIBytes
- *
- * @return the skibytes
- * @throws XMLSecurityException
- */
- public byte[] getSKIBytes() throws XMLSecurityException {
- return this.getBytesFromTextChild();
- }
-
- /**
- * Method getSKIBytesFromCert
- *
- * @param cert
- * @return ski bytes from the given certificate
- *
- * @throws XMLSecurityException
- * @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
- */
- public static byte[] getSKIBytesFromCert(X509Certificate cert)
- throws XMLSecurityException {
-
- if (cert.getVersion() < 3) {
- Object exArgs[] = { Integer.valueOf(cert.getVersion()) };
- throw new XMLSecurityException("certificate.noSki.lowVersion", exArgs);
- }
-
- /*
- * Gets the DER-encoded OCTET string for the extension value
- * (extnValue) identified by the passed-in oid String. The oid
- * string is represented by a set of positive whole numbers
- * separated by periods.
- */
- byte[] extensionValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
- if (extensionValue == null) {
- throw new XMLSecurityException("certificate.noSki.null");
- }
-
- /**
- * Strip away first four bytes from the extensionValue
- * The first two bytes are the tag and length of the extensionValue
- * OCTET STRING, and the next two bytes are the tag and length of
- * the ski OCTET STRING.
- */
- byte skidValue[] = new byte[extensionValue.length - 4];
-
- System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
-
- if (log.isDebugEnabled()) {
- log.debug("Base64 of SKI is " + Base64.encode(skidValue));
- }
-
- return skidValue;
- }
-
- /** @inheritDoc */
- public boolean equals(Object obj) {
- if (!(obj instanceof XMLX509SKI)) {
- return false;
- }
-
- XMLX509SKI other = (XMLX509SKI) obj;
-
- try {
- return Arrays.equals(other.getSKIBytes(), this.getSKIBytes());
- } catch (XMLSecurityException ex) {
- return false;
- }
- }
-
- public int hashCode() {
- int result = 17;
- try {
- byte[] bytes = getSKIBytes();
- for (int i = 0; i < bytes.length; i++) {
- result = 31 * result + bytes[i];
- }
- } catch (XMLSecurityException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- }
- return result;
-
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509SKI;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.content.x509;
-
-import java.security.cert.X509Certificate;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.RFC2253Parser;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * @author $Author: coheigea $
- */
-public class XMLX509SubjectName extends SignatureElementProxy implements XMLX509DataContent {
-
- /**
- * Constructor X509SubjectName
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public XMLX509SubjectName(Element element, String BaseURI)
- throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Constructor X509SubjectName
- *
- * @param doc
- * @param X509SubjectNameString
- */
- public XMLX509SubjectName(Document doc, String X509SubjectNameString) {
- super(doc);
-
- this.addText(X509SubjectNameString);
- }
-
- /**
- * Constructor XMLX509SubjectName
- *
- * @param doc
- * @param x509certificate
- */
- public XMLX509SubjectName(Document doc, X509Certificate x509certificate) {
- this(doc, x509certificate.getSubjectX500Principal().getName());
- }
-
- /**
- * Method getSubjectName
- *
- *
- * @return the subject name
- */
- public String getSubjectName() {
- return RFC2253Parser.normalize(this.getTextFromTextChild());
- }
-
- /** @inheritDoc */
- public boolean equals(Object obj) {
- if (!(obj instanceof XMLX509SubjectName)) {
- return false;
- }
-
- XMLX509SubjectName other = (XMLX509SubjectName) obj;
- String otherSubject = other.getSubjectName();
- String thisSubject = this.getSubjectName();
-
- return thisSubject.equals(otherSubject);
- }
-
- public int hashCode() {
- int result = 17;
- result = 31 * result + this.getSubjectName().hashCode();
- return result;
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_X509SUBJECTNAME;
- }
-}
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-basic handlers for elements that can occur inside <CODE>ds:X509Data</CODE>.
-</P></BODY></HTML>
\ No newline at end of file
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-public class InvalidKeyResolverException extends XMLSecurityException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor InvalidKeyResolverException
- *
- */
- public InvalidKeyResolverException() {
- super();
- }
-
- /**
- * Constructor InvalidKeyResolverException
- *
- * @param msgID
- */
- public InvalidKeyResolverException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor InvalidKeyResolverException
- *
- * @param msgID
- * @param exArgs
- */
- public InvalidKeyResolverException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor InvalidKeyResolverException
- *
- * @param msgID
- * @param originalException
- */
- public InvalidKeyResolverException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor InvalidKeyResolverException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public InvalidKeyResolverException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver;
-
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.concurrent.CopyOnWriteArrayList;
-
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.keys.keyresolver.implementations.DEREncodedKeyValueResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.KeyInfoReferenceResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.X509DigestResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver;
-import org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * KeyResolver is factory class for subclass of KeyResolverSpi that
- * represent child element of KeyInfo.
- */
-public class KeyResolver {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(KeyResolver.class);
-
- /** Field resolverVector */
- private static List<KeyResolver> resolverVector = new CopyOnWriteArrayList<KeyResolver>();
-
- /** Field resolverSpi */
- private final KeyResolverSpi resolverSpi;
-
- /**
- * Constructor.
- *
- * @param keyResolverSpi a KeyResolverSpi instance
- */
- private KeyResolver(KeyResolverSpi keyResolverSpi) {
- resolverSpi = keyResolverSpi;
- }
-
- /**
- * Method length
- *
- * @return the length of resolvers registered
- */
- public static int length() {
- return resolverVector.size();
- }
-
- /**
- * Method getX509Certificate
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return The certificate represented by the element.
- *
- * @throws KeyResolverException
- */
- public static final X509Certificate getX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- for (KeyResolver resolver : resolverVector) {
- if (resolver == null) {
- Object exArgs[] = {
- (((element != null)
- && (element.getNodeType() == Node.ELEMENT_NODE))
- ? element.getTagName() : "null")
- };
-
- throw new KeyResolverException("utils.resolver.noClass", exArgs);
- }
- if (log.isDebugEnabled()) {
- log.debug("check resolvability by class " + resolver.getClass());
- }
-
- X509Certificate cert = resolver.resolveX509Certificate(element, baseURI, storage);
- if (cert != null) {
- return cert;
- }
- }
-
- Object exArgs[] = {
- (((element != null) && (element.getNodeType() == Node.ELEMENT_NODE))
- ? element.getTagName() : "null")
- };
-
- throw new KeyResolverException("utils.resolver.noClass", exArgs);
- }
-
- /**
- * Method getPublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return the public key contained in the element
- *
- * @throws KeyResolverException
- */
- public static final PublicKey getPublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- for (KeyResolver resolver : resolverVector) {
- if (resolver == null) {
- Object exArgs[] = {
- (((element != null)
- && (element.getNodeType() == Node.ELEMENT_NODE))
- ? element.getTagName() : "null")
- };
-
- throw new KeyResolverException("utils.resolver.noClass", exArgs);
- }
- if (log.isDebugEnabled()) {
- log.debug("check resolvability by class " + resolver.getClass());
- }
-
- PublicKey cert = resolver.resolvePublicKey(element, baseURI, storage);
- if (cert != null) {
- return cert;
- }
- }
-
- Object exArgs[] = {
- (((element != null) && (element.getNodeType() == Node.ELEMENT_NODE))
- ? element.getTagName() : "null")
- };
-
- throw new KeyResolverException("utils.resolver.noClass", exArgs);
- }
-
- /**
- * This method is used for registering {@link KeyResolverSpi}s which are
- * available to <I>all</I> {@link org.apache.xml.security.keys.KeyInfo} objects. This means that
- * personalized {@link KeyResolverSpi}s should only be registered directly
- * to the {@link org.apache.xml.security.keys.KeyInfo} using
- * {@link org.apache.xml.security.keys.KeyInfo#registerInternalKeyResolver}.
- * Please note that this method will create a new copy of the underlying array, as the
- * underlying collection is a CopyOnWriteArrayList.
- *
- * @param className
- * @param globalResolver Whether the KeyResolverSpi is a global resolver or not
- * @throws InstantiationException
- * @throws IllegalAccessException
- * @throws ClassNotFoundException
- */
- public static void register(String className, boolean globalResolver)
- throws ClassNotFoundException, IllegalAccessException, InstantiationException {
- KeyResolverSpi keyResolverSpi =
- (KeyResolverSpi) Class.forName(className).newInstance();
- keyResolverSpi.setGlobalResolver(globalResolver);
- register(keyResolverSpi, false);
- }
-
- /**
- * This method is used for registering {@link KeyResolverSpi}s which are
- * available to <I>all</I> {@link org.apache.xml.security.keys.KeyInfo} objects. This means that
- * personalized {@link KeyResolverSpi}s should only be registered directly
- * to the {@link org.apache.xml.security.keys.KeyInfo} using
- * {@link org.apache.xml.security.keys.KeyInfo#registerInternalKeyResolver}.
- * Please note that this method will create a new copy of the underlying array, as the
- * underlying collection is a CopyOnWriteArrayList.
- *
- * @param className
- * @param globalResolver Whether the KeyResolverSpi is a global resolver or not
- */
- public static void registerAtStart(String className, boolean globalResolver) {
- KeyResolverSpi keyResolverSpi = null;
- Exception ex = null;
- try {
- keyResolverSpi = (KeyResolverSpi) Class.forName(className).newInstance();
- } catch (ClassNotFoundException e) {
- ex = e;
- } catch (IllegalAccessException e) {
- ex = e;
- } catch (InstantiationException e) {
- ex = e;
- }
-
- if (ex != null) {
- throw (IllegalArgumentException) new
- IllegalArgumentException("Invalid KeyResolver class name").initCause(ex);
- }
- keyResolverSpi.setGlobalResolver(globalResolver);
- register(keyResolverSpi, true);
- }
-
- /**
- * This method is used for registering {@link KeyResolverSpi}s which are
- * available to <I>all</I> {@link org.apache.xml.security.keys.KeyInfo} objects. This means that
- * personalized {@link KeyResolverSpi}s should only be registered directly
- * to the {@link org.apache.xml.security.keys.KeyInfo} using
- * {@link org.apache.xml.security.keys.KeyInfo#registerInternalKeyResolver}.
- * Please note that this method will create a new copy of the underlying array, as the
- * underlying collection is a CopyOnWriteArrayList.
- *
- * @param keyResolverSpi a KeyResolverSpi instance to register
- * @param start whether to register the KeyResolverSpi at the start of the list or not
- */
- public static void register(
- KeyResolverSpi keyResolverSpi,
- boolean start
- ) {
- KeyResolver resolver = new KeyResolver(keyResolverSpi);
- if (start) {
- resolverVector.add(0, resolver);
- } else {
- resolverVector.add(resolver);
- }
- }
-
- /**
- * This method is used for registering {@link KeyResolverSpi}s which are
- * available to <I>all</I> {@link org.apache.xml.security.keys.KeyInfo} objects. This means that
- * personalized {@link KeyResolverSpi}s should only be registered directly
- * to the {@link org.apache.xml.security.keys.KeyInfo} using
- * {@link org.apache.xml.security.keys.KeyInfo#registerInternalKeyResolver}.
- * The KeyResolverSpi instances are not registered as a global resolver.
- *
- *
- * @param classNames
- * @throws InstantiationException
- * @throws IllegalAccessException
- * @throws ClassNotFoundException
- */
- public static void registerClassNames(List<String> classNames)
- throws ClassNotFoundException, IllegalAccessException, InstantiationException {
- List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>(classNames.size());
- for (String className : classNames) {
- KeyResolverSpi keyResolverSpi =
- (KeyResolverSpi) Class.forName(className).newInstance();
- keyResolverSpi.setGlobalResolver(false);
- keyResolverList.add(new KeyResolver(keyResolverSpi));
- }
- resolverVector.addAll(keyResolverList);
- }
-
- /**
- * This method registers the default resolvers.
- */
- public static void registerDefaultResolvers() {
-
- List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>();
- keyResolverList.add(new KeyResolver(new RSAKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new DSAKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new X509CertificateResolver()));
- keyResolverList.add(new KeyResolver(new X509SKIResolver()));
- keyResolverList.add(new KeyResolver(new RetrievalMethodResolver()));
- keyResolverList.add(new KeyResolver(new X509SubjectNameResolver()));
- keyResolverList.add(new KeyResolver(new X509IssuerSerialResolver()));
- keyResolverList.add(new KeyResolver(new DEREncodedKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new KeyInfoReferenceResolver()));
- keyResolverList.add(new KeyResolver(new X509DigestResolver()));
-
- resolverVector.addAll(keyResolverList);
- }
-
- /**
- * Method resolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved public key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public PublicKey resolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupAndResolvePublicKey(element, baseURI, storage);
- }
-
- /**
- * Method resolveX509Certificate
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved X509certificate key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public X509Certificate resolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupResolveX509Certificate(element, baseURI, storage);
- }
-
- /**
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key from the registered from the elements
- * @throws KeyResolverException
- */
- public SecretKey resolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupAndResolveSecretKey(element, baseURI, storage);
- }
-
- /**
- * Method setProperty
- *
- * @param key
- * @param value
- */
- public void setProperty(String key, String value) {
- resolverSpi.engineSetProperty(key, value);
- }
-
- /**
- * Method getProperty
- *
- * @param key
- * @return the property set for this resolver
- */
- public String getProperty(String key) {
- return resolverSpi.engineGetProperty(key);
- }
-
-
- /**
- * Method understandsProperty
- *
- * @param propertyToTest
- * @return true if the resolver understands property propertyToTest
- */
- public boolean understandsProperty(String propertyToTest) {
- return resolverSpi.understandsProperty(propertyToTest);
- }
-
-
- /**
- * Method resolverClassName
- *
- * @return the name of the resolver.
- */
- public String resolverClassName() {
- return resolverSpi.getClass().getName();
- }
-
- /**
- * Iterate over the KeyResolverSpi instances
- */
- static class ResolverIterator implements Iterator<KeyResolverSpi> {
- List<KeyResolver> res;
- Iterator<KeyResolver> it;
-
- public ResolverIterator(List<KeyResolver> list) {
- res = list;
- it = res.iterator();
- }
-
- public boolean hasNext() {
- return it.hasNext();
- }
-
- public KeyResolverSpi next() {
- KeyResolver resolver = it.next();
- if (resolver == null) {
- throw new RuntimeException("utils.resolver.noClass");
- }
-
- return resolver.resolverSpi;
- }
-
- public void remove() {
- throw new UnsupportedOperationException("Can't remove resolvers using the iterator");
- }
- };
-
- public static Iterator<KeyResolverSpi> iterator() {
- return new ResolverIterator(resolverVector);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-public class KeyResolverException extends XMLSecurityException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor KeyResolverException
- *
- */
- public KeyResolverException() {
- super();
- }
-
- /**
- * Constructor KeyResolverException
- *
- * @param msgID
- */
- public KeyResolverException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor KeyResolverException
- *
- * @param msgID
- * @param exArgs
- */
- public KeyResolverException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor KeyResolverException
- *
- * @param msgID
- * @param originalException
- */
- public KeyResolverException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor KeyResolverException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public KeyResolverException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.w3c.dom.Element;
-
-/**
- * This class is an abstract class for a child KeyInfo Element.
- *
- * If you want the your KeyResolver, at firstly you must extend this class, and register
- * as following in config.xml
- * <PRE>
- * <KeyResolver URI="http://www.w3.org/2000/09/xmldsig#KeyValue"
- * JAVACLASS="MyPackage.MyKeyValueImpl"//gt;
- * </PRE>
- */
-public abstract class KeyResolverSpi {
-
- /** Field properties */
- protected java.util.Map<String, String> properties = null;
-
- protected boolean globalResolver = false;
-
- protected boolean secureValidation;
-
- /**
- * Set whether secure validation is enabled or not. The default is false.
- */
- public void setSecureValidation(boolean secureValidation) {
- this.secureValidation = secureValidation;
- }
-
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
- throw new UnsupportedOperationException();
- }
-
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved public key from the registered from the element.
- *
- * @throws KeyResolverException
- */
- public PublicKey engineResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- throw new UnsupportedOperationException();
- };
-
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved public key from the registered from the element.
- *
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
- return null;
- }
- return tmp.engineResolvePublicKey(element, baseURI, storage);
- }
-
- private KeyResolverSpi cloneIfNeeded() throws KeyResolverException {
- KeyResolverSpi tmp = this;
- if (globalResolver) {
- try {
- tmp = getClass().newInstance();
- } catch (InstantiationException e) {
- throw new KeyResolverException("", e);
- } catch (IllegalAccessException e) {
- throw new KeyResolverException("", e);
- }
- }
- return tmp;
- }
-
- /**
- * Method engineResolveCertificate
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved X509Certificate key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException{
- throw new UnsupportedOperationException();
- };
-
- /**
- * Method engineLookupResolveX509Certificate
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved X509Certificate key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
- return null;
- }
- return tmp.engineResolveX509Certificate(element, baseURI, storage);
-
- }
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException{
- throw new UnsupportedOperationException();
- };
-
- /**
- * Method engineLookupAndResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
- return null;
- }
- return tmp.engineResolveSecretKey(element, baseURI, storage);
- }
-
- /**
- * Method engineLookupAndResolvePrivateKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- // This method was added later, it has no equivalent
- // engineResolvePrivateKey() in the old API.
- // We cannot throw UnsupportedOperationException because
- // KeyResolverSpi implementations who don't know about
- // this method would stop the search too early.
- return null;
- }
-
- /**
- * Method engineSetProperty
- *
- * @param key
- * @param value
- */
- public void engineSetProperty(String key, String value) {
- if (properties == null) {
- properties = new HashMap<String, String>();
- }
- properties.put(key, value);
- }
-
- /**
- * Method engineGetProperty
- *
- * @param key
- * @return obtain the property appointed by key
- */
- public String engineGetProperty(String key) {
- if (properties == null) {
- return null;
- }
-
- return properties.get(key);
- }
-
- /**
- * Method understandsProperty
- *
- * @param propertyToTest
- * @return true if understood the property
- */
- public boolean understandsProperty(String propertyToTest) {
- if (properties == null) {
- return false;
- }
-
- return properties.get(propertyToTest) != null;
- }
-
- public void setGlobalResolver(boolean globalResolver) {
- this.globalResolver = globalResolver;
- }
-
-}
+++ /dev/null
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.DEREncodedKeyValue;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * KeyResolverSpi implementation which resolves public keys from a
- * <code>dsig11:DEREncodedKeyValue</code> element.
- *
- * @author Brent Putman (putmanb@georgetown.edu)
- */
-public class DEREncodedKeyValueResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DEREncodedKeyValueResolver.class);
-
- /** {@inheritDoc}. */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
- return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_DERENCODEDKEYVALUE);
- }
-
- /** {@inheritDoc}. */
- public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
-
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName());
- }
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
- try {
- DEREncodedKeyValue derKeyValue = new DEREncodedKeyValue(element, baseURI);
- return derKeyValue.getPublicKey();
- } catch (XMLSecurityException e) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", e);
- }
- }
-
- return null;
- }
-
- /** {@inheritDoc}. */
- public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
- return null;
- }
-
- /** {@inheritDoc}. */
- public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
- return null;
- }
-
- /** {@inheritDoc}. */
- public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
- return null;
- }
-
-
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-public class DSAKeyValueResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DSAKeyValueResolver.class);
-
-
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage
- ) {
- if (element == null) {
- return null;
- }
- Element dsaKeyElement = null;
- boolean isKeyValue =
- XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE);
- if (isKeyValue) {
- dsaKeyElement =
- XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_DSAKEYVALUE, 0);
- } else if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_DSAKEYVALUE)) {
- // this trick is needed to allow the RetrievalMethodResolver to eat a
- // ds:DSAKeyValue directly (without KeyValue)
- dsaKeyElement = element;
- }
-
- if (dsaKeyElement == null) {
- return null;
- }
-
- try {
- DSAKeyValue dsaKeyValue = new DSAKeyValue(dsaKeyElement, BaseURI);
- PublicKey pk = dsaKeyValue.getPublicKey();
-
- return pk;
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- //do nothing
- }
-
- return null;
- }
-
-
- /** @inheritDoc */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String BaseURI, StorageResolver storage
- ) {
- return null;
- }
-
- /** @inheritDoc */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String BaseURI, StorageResolver storage
- ) {
- return null;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.Key;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.encryption.EncryptedKey;
-import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.encryption.XMLEncryptionException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.EncryptionConstants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * The <code>EncryptedKeyResolver</code> is not a generic resolver. It can
- * only be for specific instantiations, as the key being unwrapped will
- * always be of a particular type and will always have been wrapped by
- * another key which needs to be recursively resolved.
- *
- * The <code>EncryptedKeyResolver</code> can therefore only be instantiated
- * with an algorithm. It can also be instantiated with a key (the KEK) or
- * will search the static KeyResolvers to find the appropriate key.
- *
- * @author Berin Lautenbach
- */
-public class EncryptedKeyResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(RSAKeyValueResolver.class);
-
- private Key kek;
- private String algorithm;
- private List<KeyResolverSpi> internalKeyResolvers;
-
- /**
- * Constructor for use when a KEK needs to be derived from a KeyInfo
- * list
- * @param algorithm
- */
- public EncryptedKeyResolver(String algorithm) {
- kek = null;
- this.algorithm = algorithm;
- }
-
- /**
- * Constructor used for when a KEK has been set
- * @param algorithm
- * @param kek
- */
- public EncryptedKeyResolver(String algorithm, Key kek) {
- this.algorithm = algorithm;
- this.kek = kek;
- }
-
- /**
- * This method is used to add a custom {@link KeyResolverSpi} to help
- * resolve the KEK.
- *
- * @param realKeyResolver
- */
- public void registerInternalKeyResolver(KeyResolverSpi realKeyResolver) {
- if (internalKeyResolvers == null) {
- internalKeyResolvers = new ArrayList<KeyResolverSpi>();
- }
- internalKeyResolvers.add(realKeyResolver);
- }
-
- /** @inheritDoc */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage
- ) {
- return null;
- }
-
- /** @inheritDoc */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String BaseURI, StorageResolver storage
- ) {
- return null;
- }
-
- /** @inheritDoc */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String BaseURI, StorageResolver storage
- ) {
- if (log.isDebugEnabled()) {
- log.debug("EncryptedKeyResolver - Can I resolve " + element.getTagName());
- }
-
- if (element == null) {
- return null;
- }
-
- SecretKey key = null;
- boolean isEncryptedKey =
- XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
- if (isEncryptedKey) {
- if (log.isDebugEnabled()) {
- log.debug("Passed an Encrypted Key");
- }
- try {
- XMLCipher cipher = XMLCipher.getInstance();
- cipher.init(XMLCipher.UNWRAP_MODE, kek);
- if (internalKeyResolvers != null) {
- int size = internalKeyResolvers.size();
- for (int i = 0; i < size; i++) {
- cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
- }
- }
- EncryptedKey ek = cipher.loadEncryptedKey(element);
- key = (SecretKey) cipher.decryptKey(ek, algorithm);
- } catch (XMLEncryptionException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- }
- }
-
- return key;
- }
-}
+++ /dev/null
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-import javax.crypto.SecretKey;
-import javax.xml.XMLConstants;
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.KeyInfo;
-import org.apache.xml.security.keys.content.KeyInfoReference;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolver;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-/**
- * KeyResolverSpi implementation which resolves public keys, private keys, secret keys, and X.509 certificates from a
- * <code>dsig11:KeyInfoReference</code> element.
- *
- * @author Brent Putman (putmanb@georgetown.edu)
- */
-public class KeyInfoReferenceResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(KeyInfoReferenceResolver.class);
-
- /** {@inheritDoc}. */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
- return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_KEYINFOREFERENCE);
- }
-
- /** {@inheritDoc}. */
- public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
-
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName());
- }
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
- try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
- if (referent != null) {
- return referent.getPublicKey();
- }
- } catch (XMLSecurityException e) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", e);
- }
- }
-
- return null;
- }
-
- /** {@inheritDoc}. */
- public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
-
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName());
- }
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
- try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
- if (referent != null) {
- return referent.getX509Certificate();
- }
- } catch (XMLSecurityException e) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", e);
- }
- }
-
- return null;
- }
-
- /** {@inheritDoc}. */
- public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
-
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName());
- }
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
- try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
- if (referent != null) {
- return referent.getSecretKey();
- }
- } catch (XMLSecurityException e) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", e);
- }
- }
-
- return null;
- }
-
- /** {@inheritDoc}. */
- public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
-
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName());
- }
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
- try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
- if (referent != null) {
- return referent.getPrivateKey();
- }
- } catch (XMLSecurityException e) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", e);
- }
- }
-
- return null;
- }
-
- /**
- * Resolve the KeyInfoReference Element's URI attribute into a KeyInfo instance.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved
- * @throws XMLSecurityException
- */
- private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
- KeyInfoReference reference = new KeyInfoReference(element, baseURI);
- Attr uriAttr = reference.getURIAttr();
-
- XMLSignatureInput resource = resolveInput(uriAttr, baseURI, secureValidation);
-
- Element referentElement = null;
- try {
- referentElement = obtainReferenceElement(resource);
- } catch (Exception e) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", e);
- }
- return null;
- }
-
- if (referentElement == null) {
- log.debug("De-reference of KeyInfoReference URI returned null: " + uriAttr.getValue());
- return null;
- }
-
- validateReference(referentElement);
-
- KeyInfo referent = new KeyInfo(referentElement, baseURI);
- referent.addStorageResolver(storage);
- return referent;
- }
-
- /**
- * Validate the Element referred to by the KeyInfoReference.
- *
- * @param referentElement
- *
- * @throws XMLSecurityException
- */
- private void validateReference(Element referentElement) throws XMLSecurityException {
- if (!XMLUtils.elementIsInSignatureSpace(referentElement, Constants._TAG_KEYINFO)) {
- Object exArgs[] = { new QName(referentElement.getNamespaceURI(), referentElement.getLocalName()) };
- throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.WrongType", exArgs);
- }
-
- KeyInfo referent = new KeyInfo(referentElement, "");
- if (referent.containsKeyInfoReference()) {
- if (secureValidation) {
- throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithSecure");
- } else {
- // Don't support chains of references at this time. If do support in the future, this is where the code
- // would go to validate that don't have a cycle, resulting in an infinite loop. This may be unrealistic
- // to implement, and/or very expensive given remote URI references.
- throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithoutSecure");
- }
- }
-
- }
-
- /**
- * Resolve the XML signature input represented by the specified URI.
- *
- * @param uri
- * @param baseURI
- * @param secureValidation
- * @return
- * @throws XMLSecurityException
- */
- private XMLSignatureInput resolveInput(Attr uri, String baseURI, boolean secureValidation)
- throws XMLSecurityException {
- ResourceResolver resRes = ResourceResolver.getInstance(uri, baseURI, secureValidation);
- XMLSignatureInput resource = resRes.resolve(uri, baseURI);
- return resource;
- }
-
- /**
- * Resolve the Element effectively represented by the XML signature input source.
- *
- * @param resource
- * @return
- * @throws CanonicalizationException
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- * @throws KeyResolverException
- */
- private Element obtainReferenceElement(XMLSignatureInput resource)
- throws CanonicalizationException, ParserConfigurationException,
- IOException, SAXException, KeyResolverException {
-
- Element e;
- if (resource.isElement()){
- e = (Element) resource.getSubNode();
- } else if (resource.isNodeSet()) {
- log.debug("De-reference of KeyInfoReference returned an unsupported NodeSet");
- return null;
- } else {
- // Retrieved resource is a byte stream
- byte inputBytes[] = resource.getBytes();
- e = getDocFromBytes(inputBytes);
- }
- return e;
- }
-
- /**
- * Parses a byte array and returns the parsed Element.
- *
- * @param bytes
- * @return the Document Element after parsing bytes
- * @throws KeyResolverException if something goes wrong
- */
- private Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
- try {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- DocumentBuilder db = dbf.newDocumentBuilder();
- Document doc = db.parse(new ByteArrayInputStream(bytes));
- return doc.getDocumentElement();
- } catch (SAXException ex) {
- throw new KeyResolverException("empty", ex);
- } catch (IOException ex) {
- throw new KeyResolverException("empty", ex);
- } catch (ParserConfigurationException ex) {
- throw new KeyResolverException("empty", ex);
- }
- }
-
-}
+++ /dev/null
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Enumeration;
-import javax.crypto.SecretKey;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
-import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
-import org.apache.xml.security.keys.content.x509.XMLX509SKI;
-import org.apache.xml.security.keys.content.x509.XMLX509SubjectName;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * Resolves a PrivateKey within a KeyStore based on the KeyInfo hints.
- * For X509Data hints, the certificate associated with the private key entry must match.
- * For a KeyName hint, the KeyName must match the alias of a PrivateKey entry within the KeyStore.
- */
-public class PrivateKeyResolver extends KeyResolverSpi {
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(PrivateKeyResolver.class.getName());
-
- private KeyStore keyStore;
- private char[] password;
-
- /**
- * Constructor.
- */
- public PrivateKeyResolver(KeyStore keyStore, char[] password) {
- this.keyStore = keyStore;
- this.password = password;
- }
-
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String BaseURI, StorageResolver storage) {
- if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)
- || XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
- return true;
- }
-
- return false;
- }
-
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage
- ) throws KeyResolverException {
- return null;
- }
-
- /**
- * Method engineResolveX509Certificate
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String BaseURI, StorageResolver storage
- ) throws KeyResolverException {
- return null;
- }
-
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String BaseURI, StorageResolver storage
- ) throws KeyResolverException {
- return null;
- }
-
- /**
- * Method engineResolvePrivateKey
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName() + "?");
- }
-
- if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
- PrivateKey privKey = resolveX509Data(element, baseURI);
- if (privKey != null) {
- return privKey;
- }
- } else if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
- log.debug("Can I resolve KeyName?");
- String keyName = element.getFirstChild().getNodeValue();
-
- try {
- Key key = keyStore.getKey(keyName, password);
- if (key instanceof PrivateKey) {
- return (PrivateKey) key;
- }
- } catch (Exception e) {
- log.debug("Cannot recover the key", e);
- }
- }
-
- log.debug("I can't");
- return null;
- }
-
- private PrivateKey resolveX509Data(Element element, String baseURI) {
- log.debug("Can I resolve X509Data?");
-
- try {
- X509Data x509Data = new X509Data(element, baseURI);
-
- int len = x509Data.lengthSKI();
- for (int i = 0; i < len; i++) {
- XMLX509SKI x509SKI = x509Data.itemSKI(i);
- PrivateKey privKey = resolveX509SKI(x509SKI);
- if (privKey != null) {
- return privKey;
- }
- }
-
- len = x509Data.lengthIssuerSerial();
- for (int i = 0; i < len; i++) {
- XMLX509IssuerSerial x509Serial = x509Data.itemIssuerSerial(i);
- PrivateKey privKey = resolveX509IssuerSerial(x509Serial);
- if (privKey != null) {
- return privKey;
- }
- }
-
- len = x509Data.lengthSubjectName();
- for (int i = 0; i < len; i++) {
- XMLX509SubjectName x509SubjectName = x509Data.itemSubjectName(i);
- PrivateKey privKey = resolveX509SubjectName(x509SubjectName);
- if (privKey != null) {
- return privKey;
- }
- }
-
- len = x509Data.lengthCertificate();
- for (int i = 0; i < len; i++) {
- XMLX509Certificate x509Cert = x509Data.itemCertificate(i);
- PrivateKey privKey = resolveX509Certificate(x509Cert);
- if (privKey != null) {
- return privKey;
- }
- }
- } catch (XMLSecurityException e) {
- log.debug("XMLSecurityException", e);
- } catch (KeyStoreException e) {
- log.debug("KeyStoreException", e);
- }
-
- return null;
- }
-
- /*
- * Search for a private key entry in the KeyStore with the same Subject Key Identifier
- */
- private PrivateKey resolveX509SKI(XMLX509SKI x509SKI) throws XMLSecurityException, KeyStoreException {
- log.debug("Can I resolve X509SKI?");
-
- Enumeration<String> aliases = keyStore.aliases();
- while (aliases.hasMoreElements()) {
- String alias = (String) aliases.nextElement();
- if (keyStore.isKeyEntry(alias)) {
-
- Certificate cert = keyStore.getCertificate(alias);
- if (cert instanceof X509Certificate) {
- XMLX509SKI certSKI = new XMLX509SKI(x509SKI.getDocument(), (X509Certificate) cert);
-
- if (certSKI.equals(x509SKI)) {
- log.debug("match !!! ");
-
- try {
- Key key = keyStore.getKey(alias, password);
- if (key instanceof PrivateKey) {
- return (PrivateKey) key;
- }
- } catch (Exception e) {
- log.debug("Cannot recover the key", e);
- // Keep searching
- }
- }
- }
- }
- }
-
- return null;
- }
-
- /*
- * Search for a private key entry in the KeyStore with the same Issuer/Serial Number pair.
- */
- private PrivateKey resolveX509IssuerSerial(XMLX509IssuerSerial x509Serial) throws KeyStoreException {
- log.debug("Can I resolve X509IssuerSerial?");
-
- Enumeration<String> aliases = keyStore.aliases();
- while (aliases.hasMoreElements()) {
- String alias = (String) aliases.nextElement();
- if (keyStore.isKeyEntry(alias)) {
-
- Certificate cert = keyStore.getCertificate(alias);
- if (cert instanceof X509Certificate) {
- XMLX509IssuerSerial certSerial =
- new XMLX509IssuerSerial(x509Serial.getDocument(), (X509Certificate) cert);
-
- if (certSerial.equals(x509Serial)) {
- log.debug("match !!! ");
-
- try {
- Key key = keyStore.getKey(alias, password);
- if (key instanceof PrivateKey) {
- return (PrivateKey) key;
- }
- } catch (Exception e) {
- log.debug("Cannot recover the key", e);
- // Keep searching
- }
- }
- }
- }
- }
-
- return null;
- }
-
- /*
- * Search for a private key entry in the KeyStore with the same Subject Name.
- */
- private PrivateKey resolveX509SubjectName(XMLX509SubjectName x509SubjectName) throws KeyStoreException {
- log.debug("Can I resolve X509SubjectName?");
-
- Enumeration<String> aliases = keyStore.aliases();
- while (aliases.hasMoreElements()) {
- String alias = (String) aliases.nextElement();
- if (keyStore.isKeyEntry(alias)) {
-
- Certificate cert = keyStore.getCertificate(alias);
- if (cert instanceof X509Certificate) {
- XMLX509SubjectName certSN =
- new XMLX509SubjectName(x509SubjectName.getDocument(), (X509Certificate) cert);
-
- if (certSN.equals(x509SubjectName)) {
- log.debug("match !!! ");
-
- try {
- Key key = keyStore.getKey(alias, password);
- if (key instanceof PrivateKey) {
- return (PrivateKey) key;
- }
- } catch (Exception e) {
- log.debug("Cannot recover the key", e);
- // Keep searching
- }
- }
- }
- }
- }
-
- return null;
- }
-
- /*
- * Search for a private key entry in the KeyStore with the same Certificate.
- */
- private PrivateKey resolveX509Certificate(
- XMLX509Certificate x509Cert
- ) throws XMLSecurityException, KeyStoreException {
- log.debug("Can I resolve X509Certificate?");
- byte[] x509CertBytes = x509Cert.getCertificateBytes();
-
- Enumeration<String> aliases = keyStore.aliases();
- while (aliases.hasMoreElements()) {
- String alias = (String) aliases.nextElement();
- if (keyStore.isKeyEntry(alias)) {
-
- Certificate cert = keyStore.getCertificate(alias);
- if (cert instanceof X509Certificate) {
- byte[] certBytes = null;
-
- try {
- certBytes = cert.getEncoded();
- } catch (CertificateEncodingException e1) {
- }
-
- if (certBytes != null && Arrays.equals(certBytes, x509CertBytes)) {
- log.debug("match !!! ");
-
- try {
- Key key = keyStore.getKey(alias, password);
- if (key instanceof PrivateKey) {
- return (PrivateKey) key;
- }
- }
- catch (Exception e) {
- log.debug("Cannot recover the key", e);
- // Keep searching
- }
- }
- }
- }
- }
-
- return null;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-public class RSAKeyValueResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(RSAKeyValueResolver.class);
-
-
- /** @inheritDoc */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage
- ) {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName());
- }
- if (element == null) {
- return null;
- }
-
- boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE);
- Element rsaKeyElement = null;
- if (isKeyValue) {
- rsaKeyElement =
- XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_RSAKEYVALUE, 0);
- } else if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RSAKEYVALUE)) {
- // this trick is needed to allow the RetrievalMethodResolver to eat a
- // ds:RSAKeyValue directly (without KeyValue)
- rsaKeyElement = element;
- }
-
- if (rsaKeyElement == null) {
- return null;
- }
-
- try {
- RSAKeyValue rsaKeyValue = new RSAKeyValue(rsaKeyElement, BaseURI);
-
- return rsaKeyValue.getPublicKey();
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", ex);
- }
- }
-
- return null;
- }
-
- /** @inheritDoc */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String BaseURI, StorageResolver storage
- ) {
- return null;
- }
-
- /** @inheritDoc */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String BaseURI, StorageResolver storage
- ) {
- return null;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.PublicKey;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.Set;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.RetrievalMethod;
-import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
-import org.apache.xml.security.keys.keyresolver.KeyResolver;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolver;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-/**
- * The RetrievalMethodResolver can retrieve public keys and certificates from
- * other locations. The location is specified using the ds:RetrievalMethod
- * element which points to the location. This includes the handling of raw
- * (binary) X.509 certificate which are not encapsulated in an XML structure.
- * If the retrieval process encounters an element which the
- * RetrievalMethodResolver cannot handle itself, resolving of the extracted
- * element is delegated back to the KeyResolver mechanism.
- *
- * @author $Author: raul $ modified by Dave Garcia
- */
-public class RetrievalMethodResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(RetrievalMethodResolver.class);
-
- /**
- * Method engineResolvePublicKey
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) {
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
- return null;
- }
-
- try {
- // Create a retrieval method over the given element
- RetrievalMethod rm = new RetrievalMethod(element, baseURI);
- String type = rm.getType();
- XMLSignatureInput resource = resolveInput(rm, baseURI, secureValidation);
- if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
- // a raw certificate, direct parsing is done!
- X509Certificate cert = getRawCertificate(resource);
- if (cert != null) {
- return cert.getPublicKey();
- }
- return null;
- }
- Element e = obtainReferenceElement(resource);
-
- // Check to make sure that the reference is not to another RetrievalMethod
- // which points to this element
- if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
- if (secureValidation) {
- String error = "Error: It is forbidden to have one RetrievalMethod "
- + "point to another with secure validation";
- if (log.isDebugEnabled()) {
- log.debug(error);
- }
- return null;
- }
- RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
- XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
- Element e2 = obtainReferenceElement(resource2);
- if (e2 == element) {
- if (log.isDebugEnabled()) {
- log.debug("Error: Can't have RetrievalMethods pointing to each other");
- }
- return null;
- }
- }
-
- return resolveKey(e, baseURI, storage);
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", ex);
- }
- } catch (CertificateException ex) {
- if (log.isDebugEnabled()) {
- log.debug("CertificateException", ex);
- }
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug("IOException", ex);
- }
- } catch (ParserConfigurationException e) {
- if (log.isDebugEnabled()) {
- log.debug("ParserConfigurationException", e);
- }
- } catch (SAXException e) {
- if (log.isDebugEnabled()) {
- log.debug("SAXException", e);
- }
- }
- return null;
- }
-
- /**
- * Method engineResolveX509Certificate
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage) {
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
- return null;
- }
-
- try {
- RetrievalMethod rm = new RetrievalMethod(element, baseURI);
- String type = rm.getType();
- XMLSignatureInput resource = resolveInput(rm, baseURI, secureValidation);
- if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
- return getRawCertificate(resource);
- }
-
- Element e = obtainReferenceElement(resource);
-
- // Check to make sure that the reference is not to another RetrievalMethod
- // which points to this element
- if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
- if (secureValidation) {
- String error = "Error: It is forbidden to have one RetrievalMethod "
- + "point to another with secure validation";
- if (log.isDebugEnabled()) {
- log.debug(error);
- }
- return null;
- }
- RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
- XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
- Element e2 = obtainReferenceElement(resource2);
- if (e2 == element) {
- if (log.isDebugEnabled()) {
- log.debug("Error: Can't have RetrievalMethods pointing to each other");
- }
- return null;
- }
- }
-
- return resolveCertificate(e, baseURI, storage);
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", ex);
- }
- } catch (CertificateException ex) {
- if (log.isDebugEnabled()) {
- log.debug("CertificateException", ex);
- }
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug("IOException", ex);
- }
- } catch (ParserConfigurationException e) {
- if (log.isDebugEnabled()) {
- log.debug("ParserConfigurationException", e);
- }
- } catch (SAXException e) {
- if (log.isDebugEnabled()) {
- log.debug("SAXException", e);
- }
- }
- return null;
- }
-
- /**
- * Retrieves a x509Certificate from the given information
- * @param e
- * @param baseURI
- * @param storage
- * @return
- * @throws KeyResolverException
- */
- private static X509Certificate resolveCertificate(
- Element e, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Now we have a {" + e.getNamespaceURI() + "}"
- + e.getLocalName() + " Element");
- }
- // An element has been provided
- if (e != null) {
- return KeyResolver.getX509Certificate(e, baseURI, storage);
- }
- return null;
- }
-
- /**
- * Retrieves a PublicKey from the given information
- * @param e
- * @param baseURI
- * @param storage
- * @return
- * @throws KeyResolverException
- */
- private static PublicKey resolveKey(
- Element e, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Now we have a {" + e.getNamespaceURI() + "}"
- + e.getLocalName() + " Element");
- }
- // An element has been provided
- if (e != null) {
- return KeyResolver.getPublicKey(e, baseURI, storage);
- }
- return null;
- }
-
- private static Element obtainReferenceElement(XMLSignatureInput resource)
- throws CanonicalizationException, ParserConfigurationException,
- IOException, SAXException, KeyResolverException {
- Element e;
- if (resource.isElement()){
- e = (Element) resource.getSubNode();
- } else if (resource.isNodeSet()) {
- // Retrieved resource is a nodeSet
- e = getDocumentElement(resource.getNodeSet());
- } else {
- // Retrieved resource is an inputStream
- byte inputBytes[] = resource.getBytes();
- e = getDocFromBytes(inputBytes);
- // otherwise, we parse the resource, create an Element and delegate
- if (log.isDebugEnabled()) {
- log.debug("we have to parse " + inputBytes.length + " bytes");
- }
- }
- return e;
- }
-
- private static X509Certificate getRawCertificate(XMLSignatureInput resource)
- throws CanonicalizationException, IOException, CertificateException {
- byte inputBytes[] = resource.getBytes();
- // if the resource stores a raw certificate, we have to handle it
- CertificateFactory certFact =
- CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
- X509Certificate cert = (X509Certificate)
- certFact.generateCertificate(new ByteArrayInputStream(inputBytes));
- return cert;
- }
-
- /**
- * Resolves the input from the given retrieval method
- * @return
- * @throws XMLSecurityException
- */
- private static XMLSignatureInput resolveInput(
- RetrievalMethod rm, String baseURI, boolean secureValidation
- ) throws XMLSecurityException {
- Attr uri = rm.getURIAttr();
- // Apply the transforms
- Transforms transforms = rm.getTransforms();
- ResourceResolver resRes = ResourceResolver.getInstance(uri, baseURI, secureValidation);
- XMLSignatureInput resource = resRes.resolve(uri, baseURI);
- if (transforms != null) {
- if (log.isDebugEnabled()) {
- log.debug("We have Transforms");
- }
- resource = transforms.performTransforms(resource);
- }
- return resource;
- }
-
- /**
- * Parses a byte array and returns the parsed Element.
- *
- * @param bytes
- * @return the Document Element after parsing bytes
- * @throws KeyResolverException if something goes wrong
- */
- private static Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
- try {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- DocumentBuilder db = dbf.newDocumentBuilder();
- Document doc = db.parse(new ByteArrayInputStream(bytes));
- return doc.getDocumentElement();
- } catch (SAXException ex) {
- throw new KeyResolverException("empty", ex);
- } catch (IOException ex) {
- throw new KeyResolverException("empty", ex);
- } catch (ParserConfigurationException ex) {
- throw new KeyResolverException("empty", ex);
- }
- }
-
- /**
- * Method engineResolveSecretKey
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) {
- return null;
- }
-
- private static Element getDocumentElement(Set<Node> set) {
- Iterator<Node> it = set.iterator();
- Element e = null;
- while (it.hasNext()) {
- Node currentNode = it.next();
- if (currentNode != null && Node.ELEMENT_NODE == currentNode.getNodeType()) {
- e = (Element) currentNode;
- break;
- }
- }
- List<Node> parents = new ArrayList<Node>();
-
- // Obtain all the parents of the elemnt
- while (e != null) {
- parents.add(e);
- Node n = e.getParentNode();
- if (n == null || Node.ELEMENT_NODE != n.getNodeType()) {
- break;
- }
- e = (Element) n;
- }
- // Visit them in reverse order.
- ListIterator<Node> it2 = parents.listIterator(parents.size()-1);
- Element ele = null;
- while (it2.hasPrevious()) {
- ele = (Element) it2.previous();
- if (set.contains(ele)) {
- return ele;
- }
- }
- return null;
- }
-}
+++ /dev/null
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import javax.crypto.SecretKey;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * Resolves a SecretKey within a KeyStore based on the KeyName.
- * The KeyName is the key entry alias within the KeyStore.
- */
-public class SecretKeyResolver extends KeyResolverSpi
-{
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SecretKeyResolver.class.getName());
-
- private KeyStore keyStore;
- private char[] password;
-
- /**
- * Constructor.
- */
- public SecretKeyResolver(KeyStore keyStore, char[] password) {
- this.keyStore = keyStore;
- this.password = password;
- }
-
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
- return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME);
- }
-
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return null;
- }
-
- /**
- * Method engineResolveX509Certificate
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return null;
- }
-
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName() + "?");
- }
-
- if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
- String keyName = element.getFirstChild().getNodeValue();
- try {
- Key key = keyStore.getKey(keyName, password);
- if (key instanceof SecretKey) {
- return (SecretKey) key;
- }
- } catch (Exception e) {
- log.debug("Cannot recover the key", e);
- }
- }
-
- log.debug("I can't");
- return null;
- }
-
- /**
- * Method engineResolvePrivateKey
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return null;
- }
-}
+++ /dev/null
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import javax.crypto.SecretKey;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * Resolves a single Key based on the KeyName.
- */
-public class SingleKeyResolver extends KeyResolverSpi
-{
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SingleKeyResolver.class.getName());
-
- private String keyName;
- private PublicKey publicKey;
- private PrivateKey privateKey;
- private SecretKey secretKey;
-
- /**
- * Constructor.
- * @param keyName
- * @param publicKey
- */
- public SingleKeyResolver(String keyName, PublicKey publicKey) {
- this.keyName = keyName;
- this.publicKey = publicKey;
- }
-
- /**
- * Constructor.
- * @param keyName
- * @param privateKey
- */
- public SingleKeyResolver(String keyName, PrivateKey privateKey) {
- this.keyName = keyName;
- this.privateKey = privateKey;
- }
-
- /**
- * Constructor.
- * @param keyName
- * @param secretKey
- */
- public SingleKeyResolver(String keyName, SecretKey secretKey) {
- this.keyName = keyName;
- this.secretKey = secretKey;
- }
-
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
- return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME);
- }
-
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName() + "?");
- }
-
- if (publicKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
- String name = element.getFirstChild().getNodeValue();
- if (keyName.equals(name)) {
- return publicKey;
- }
- }
-
- log.debug("I can't");
- return null;
- }
-
- /**
- * Method engineResolveX509Certificate
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return null;
- }
-
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName() + "?");
- }
-
- if (secretKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
- String name = element.getFirstChild().getNodeValue();
- if (keyName.equals(name)) {
- return secretKey;
- }
- }
-
- log.debug("I can't");
- return null;
- }
-
- /**
- * Method engineResolvePrivateKey
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName() + "?");
- }
-
- if (privateKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
- String name = element.getFirstChild().getNodeValue();
- if (keyName.equals(name)) {
- return privateKey;
- }
- }
-
- log.debug("I can't");
- return null;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * Resolves Certificates which are directly contained inside a
- * <CODE>ds:X509Certificate</CODE> Element.
- *
- * @author $Author: coheigea $
- */
-public class X509CertificateResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(X509CertificateResolver.class);
-
- /**
- * Method engineResolvePublicKey
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage
- ) throws KeyResolverException {
-
- X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, BaseURI, storage);
-
- if (cert != null) {
- return cert.getPublicKey();
- }
-
- return null;
- }
-
- /**
- * Method engineResolveX509Certificate
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String BaseURI, StorageResolver storage
- ) throws KeyResolverException {
-
- try {
- Element[] els =
- XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509CERTIFICATE);
- if ((els == null) || (els.length == 0)) {
- Element el =
- XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_X509DATA, 0);
- if (el != null) {
- return engineLookupResolveX509Certificate(el, BaseURI, storage);
- }
- return null;
- }
-
- // populate Object array
- for (int i = 0; i < els.length; i++) {
- XMLX509Certificate xmlCert = new XMLX509Certificate(els[i], BaseURI);
- X509Certificate cert = xmlCert.getX509Certificate();
- if (cert != null) {
- return cert;
- }
- }
- return null;
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", ex);
- }
- throw new KeyResolverException("generic.EmptyMessage", ex);
- }
- }
-
- /**
- * Method engineResolveSecretKey
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String BaseURI, StorageResolver storage
- ) {
- return null;
- }
-}
+++ /dev/null
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PublicKey;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Iterator;
-
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.keys.content.x509.XMLX509Digest;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * KeyResolverSpi implementation which resolves public keys and X.509 certificates from a
- * <code>dsig11:X509Digest</code> element.
- *
- * @author Brent Putman (putmanb@georgetown.edu)
- */
-public class X509DigestResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(X509DigestResolver.class);
-
- /** {@inheritDoc}. */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
- if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
- try {
- X509Data x509Data = new X509Data(element, baseURI);
- return x509Data.containsDigest();
- } catch (XMLSecurityException e) {
- return false;
- }
- } else {
- return false;
- }
- }
-
- /** {@inheritDoc}. */
- public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
-
- X509Certificate cert = this.engineLookupResolveX509Certificate(element, baseURI, storage);
-
- if (cert != null) {
- return cert.getPublicKey();
- }
-
- return null;
- }
-
- /** {@inheritDoc}. */
- public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
-
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName());
- }
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
- try {
- return resolveCertificate(element, baseURI, storage);
- } catch (XMLSecurityException e) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", e);
- }
- }
-
- return null;
- }
-
- /** {@inheritDoc}. */
- public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
- throws KeyResolverException {
- return null;
- }
-
- /**
- * Resolves from the storage resolver the actual certificate represented by the digest.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return
- * @throws XMLSecurityException
- */
- private X509Certificate resolveCertificate(Element element, String baseURI, StorageResolver storage)
- throws XMLSecurityException {
-
- XMLX509Digest x509Digests[] = null;
-
- Element x509childNodes[] = XMLUtils.selectDs11Nodes(element.getFirstChild(), Constants._TAG_X509DIGEST);
-
- if (x509childNodes == null || x509childNodes.length <= 0) {
- return null;
- }
-
- try {
- checkStorage(storage);
-
- x509Digests = new XMLX509Digest[x509childNodes.length];
-
- for (int i = 0; i < x509childNodes.length; i++) {
- x509Digests[i] = new XMLX509Digest(x509childNodes[i], baseURI);
- }
-
- Iterator<Certificate> storageIterator = storage.getIterator();
- while (storageIterator.hasNext()) {
- X509Certificate cert = (X509Certificate) storageIterator.next();
-
- for (int i = 0; i < x509Digests.length; i++) {
- XMLX509Digest keyInfoDigest = x509Digests[i];
- byte[] certDigestBytes = XMLX509Digest.getDigestBytesFromCert(cert, keyInfoDigest.getAlgorithm());
-
- if (Arrays.equals(keyInfoDigest.getDigestBytes(), certDigestBytes)) {
- if (log.isDebugEnabled()) {
- log.debug("Found certificate with: " + cert.getSubjectX500Principal().getName());
- }
- return cert;
- }
-
- }
- }
-
- } catch (XMLSecurityException ex) {
- throw new KeyResolverException("empty", ex);
- }
-
- return null;
- }
-
- /**
- * Method checkSrorage
- *
- * @param storage
- * @throws KeyResolverException
- */
- private void checkStorage(StorageResolver storage) throws KeyResolverException {
- if (storage == null) {
- Object exArgs[] = { Constants._TAG_X509DIGEST };
- KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
- if (log.isDebugEnabled()) {
- log.debug("", ex);
- }
- throw ex;
- }
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PublicKey;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.Iterator;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.utils.Constants;
-import org.w3c.dom.Element;
-
-public class X509IssuerSerialResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(X509IssuerSerialResolver.class);
-
-
- /** @inheritDoc */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
-
- X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, baseURI, storage);
-
- if (cert != null) {
- return cert.getPublicKey();
- }
-
- return null;
- }
-
- /** @inheritDoc */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName() + "?");
- }
-
- X509Data x509data = null;
- try {
- x509data = new X509Data(element, baseURI);
- } catch (XMLSignatureException ex) {
- if (log.isDebugEnabled()) {
- log.debug("I can't");
- }
- return null;
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug("I can't");
- }
- return null;
- }
-
- if (!x509data.containsIssuerSerial()) {
- return null;
- }
- try {
- if (storage == null) {
- Object exArgs[] = { Constants._TAG_X509ISSUERSERIAL };
- KeyResolverException ex =
- new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
-
- if (log.isDebugEnabled()) {
- log.debug("", ex);
- }
- throw ex;
- }
-
- int noOfISS = x509data.lengthIssuerSerial();
-
- Iterator<Certificate> storageIterator = storage.getIterator();
- while (storageIterator.hasNext()) {
- X509Certificate cert = (X509Certificate)storageIterator.next();
- XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
-
- if (log.isDebugEnabled()) {
- log.debug("Found Certificate Issuer: " + certSerial.getIssuerName());
- log.debug("Found Certificate Serial: " + certSerial.getSerialNumber().toString());
- }
-
- for (int i = 0; i < noOfISS; i++) {
- XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
-
- if (log.isDebugEnabled()) {
- log.debug("Found Element Issuer: "
- + xmliss.getIssuerName());
- log.debug("Found Element Serial: "
- + xmliss.getSerialNumber().toString());
- }
-
- if (certSerial.equals(xmliss)) {
- if (log.isDebugEnabled()) {
- log.debug("match !!! ");
- }
- return cert;
- }
- if (log.isDebugEnabled()) {
- log.debug("no match...");
- }
- }
- }
-
- return null;
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", ex);
- }
-
- throw new KeyResolverException("generic.EmptyMessage", ex);
- }
- }
-
- /** @inheritDoc */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) {
- return null;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PublicKey;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.Iterator;
-
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.x509.XMLX509SKI;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-public class X509SKIResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(X509SKIResolver.class);
-
-
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
-
- X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, baseURI, storage);
-
- if (cert != null) {
- return cert.getPublicKey();
- }
-
- return null;
- }
-
- /**
- * Method engineResolveX509Certificate
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName() + "?");
- }
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
- if (log.isDebugEnabled()) {
- log.debug("I can't");
- }
- return null;
- }
- /** Field _x509childObject[] */
- XMLX509SKI x509childObject[] = null;
-
- Element x509childNodes[] = null;
- x509childNodes = XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SKI);
-
- if (!((x509childNodes != null) && (x509childNodes.length > 0))) {
- if (log.isDebugEnabled()) {
- log.debug("I can't");
- }
- return null;
- }
- try {
- if (storage == null) {
- Object exArgs[] = { Constants._TAG_X509SKI };
- KeyResolverException ex =
- new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
-
- if (log.isDebugEnabled()) {
- log.debug("", ex);
- }
-
- throw ex;
- }
-
- x509childObject = new XMLX509SKI[x509childNodes.length];
-
- for (int i = 0; i < x509childNodes.length; i++) {
- x509childObject[i] = new XMLX509SKI(x509childNodes[i], baseURI);
- }
-
- Iterator<Certificate> storageIterator = storage.getIterator();
- while (storageIterator.hasNext()) {
- X509Certificate cert = (X509Certificate)storageIterator.next();
- XMLX509SKI certSKI = new XMLX509SKI(element.getOwnerDocument(), cert);
-
- for (int i = 0; i < x509childObject.length; i++) {
- if (certSKI.equals(x509childObject[i])) {
- if (log.isDebugEnabled()) {
- log.debug("Return PublicKey from " + cert.getSubjectX500Principal().getName());
- }
-
- return cert;
- }
- }
- }
- } catch (XMLSecurityException ex) {
- throw new KeyResolverException("empty", ex);
- }
-
- return null;
- }
-
- /**
- * Method engineResolveSecretKey
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- *
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) {
- return null;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.keyresolver.implementations;
-
-import java.security.PublicKey;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.Iterator;
-
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.content.x509.XMLX509SubjectName;
-import org.apache.xml.security.keys.keyresolver.KeyResolverException;
-import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
-import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-public class X509SubjectNameResolver extends KeyResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(X509SubjectNameResolver.class);
-
-
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
-
- X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, baseURI, storage);
-
- if (cert != null) {
- return cert.getPublicKey();
- }
-
- return null;
- }
-
- /**
- * Method engineResolveX509Certificate
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- if (log.isDebugEnabled()) {
- log.debug("Can I resolve " + element.getTagName() + "?");
- }
- Element[] x509childNodes = null;
- XMLX509SubjectName x509childObject[] = null;
-
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
- if (log.isDebugEnabled()) {
- log.debug("I can't");
- }
- return null;
- }
- x509childNodes =
- XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SUBJECTNAME);
-
- if (!((x509childNodes != null)
- && (x509childNodes.length > 0))) {
- if (log.isDebugEnabled()) {
- log.debug("I can't");
- }
- return null;
- }
-
- try {
- if (storage == null) {
- Object exArgs[] = { Constants._TAG_X509SUBJECTNAME };
- KeyResolverException ex =
- new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
-
- if (log.isDebugEnabled()) {
- log.debug("", ex);
- }
-
- throw ex;
- }
-
- x509childObject = new XMLX509SubjectName[x509childNodes.length];
-
- for (int i = 0; i < x509childNodes.length; i++) {
- x509childObject[i] = new XMLX509SubjectName(x509childNodes[i], baseURI);
- }
-
- Iterator<Certificate> storageIterator = storage.getIterator();
- while (storageIterator.hasNext()) {
- X509Certificate cert = (X509Certificate)storageIterator.next();
- XMLX509SubjectName certSN =
- new XMLX509SubjectName(element.getOwnerDocument(), cert);
-
- if (log.isDebugEnabled()) {
- log.debug("Found Certificate SN: " + certSN.getSubjectName());
- }
-
- for (int i = 0; i < x509childObject.length; i++) {
- if (log.isDebugEnabled()) {
- log.debug("Found Element SN: "
- + x509childObject[i].getSubjectName());
- }
-
- if (certSN.equals(x509childObject[i])) {
- if (log.isDebugEnabled()) {
- log.debug("match !!! ");
- }
-
- return cert;
- }
- if (log.isDebugEnabled()) {
- log.debug("no match...");
- }
- }
- }
-
- return null;
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug("XMLSecurityException", ex);
- }
-
- throw new KeyResolverException("generic.EmptyMessage", ex);
- }
- }
-
- /**
- * Method engineResolveSecretKey
- * @inheritDoc
- * @param element
- * @param baseURI
- * @param storage
- *
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) {
- return null;
- }
-}
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-implementations for retrieval of certificates and public keys from elements.
-</P></BODY></HTML>
\ No newline at end of file
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-the resolver framework for retrieval of certificates and public keys from elements.
-</P></BODY></HTML>
\ No newline at end of file
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-general key related material.
-</P></BODY></HTML>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.storage;
-
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.NoSuchElementException;
-
-import org.apache.xml.security.keys.storage.implementations.KeyStoreResolver;
-import org.apache.xml.security.keys.storage.implementations.SingleCertificateResolver;
-
-/**
- * This class collects customized resolvers for Certificates.
- */
-public class StorageResolver {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(StorageResolver.class);
-
- /** Field storageResolvers */
- private List<StorageResolverSpi> storageResolvers = null;
-
- /**
- * Constructor StorageResolver
- *
- */
- public StorageResolver() {}
-
- /**
- * Constructor StorageResolver
- *
- * @param resolver
- */
- public StorageResolver(StorageResolverSpi resolver) {
- this.add(resolver);
- }
-
- /**
- * Method addResolver
- *
- * @param resolver
- */
- public void add(StorageResolverSpi resolver) {
- if (storageResolvers == null) {
- storageResolvers = new ArrayList<StorageResolverSpi>();
- }
- this.storageResolvers.add(resolver);
- }
-
- /**
- * Constructor StorageResolver
- *
- * @param keyStore
- */
- public StorageResolver(KeyStore keyStore) {
- this.add(keyStore);
- }
-
- /**
- * Method addKeyStore
- *
- * @param keyStore
- */
- public void add(KeyStore keyStore) {
- try {
- this.add(new KeyStoreResolver(keyStore));
- } catch (StorageResolverException ex) {
- log.error("Could not add KeyStore because of: ", ex);
- }
- }
-
- /**
- * Constructor StorageResolver
- *
- * @param x509certificate
- */
- public StorageResolver(X509Certificate x509certificate) {
- this.add(x509certificate);
- }
-
- /**
- * Method addCertificate
- *
- * @param x509certificate
- */
- public void add(X509Certificate x509certificate) {
- this.add(new SingleCertificateResolver(x509certificate));
- }
-
- /**
- * Method getIterator
- * @return the iterator for the resolvers.
- */
- public Iterator<Certificate> getIterator() {
- return new StorageResolverIterator(this.storageResolvers.iterator());
- }
-
- /**
- * Class StorageResolverIterator
- * This iterates over all the Certificates found in all the resolvers.
- */
- static class StorageResolverIterator implements Iterator<Certificate> {
-
- /** Field resolvers */
- Iterator<StorageResolverSpi> resolvers = null;
-
- /** Field currentResolver */
- Iterator<Certificate> currentResolver = null;
-
- /**
- * Constructor StorageResolverIterator
- *
- * @param resolvers
- */
- public StorageResolverIterator(Iterator<StorageResolverSpi> resolvers) {
- this.resolvers = resolvers;
- currentResolver = findNextResolver();
- }
-
- /** @inheritDoc */
- public boolean hasNext() {
- if (currentResolver == null) {
- return false;
- }
-
- if (currentResolver.hasNext()) {
- return true;
- }
-
- currentResolver = findNextResolver();
- return (currentResolver != null);
- }
-
- /** @inheritDoc */
- public Certificate next() {
- if (hasNext()) {
- return currentResolver.next();
- }
-
- throw new NoSuchElementException();
- }
-
- /**
- * Method remove
- */
- public void remove() {
- throw new UnsupportedOperationException("Can't remove keys from KeyStore");
- }
-
- // Find the next storage with at least one element and return its Iterator
- private Iterator<Certificate> findNextResolver() {
- while (resolvers.hasNext()) {
- StorageResolverSpi resolverSpi = resolvers.next();
- Iterator<Certificate> iter = resolverSpi.getIterator();
- if (iter.hasNext()) {
- return iter;
- }
- }
-
- return null;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.storage;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-
-public class StorageResolverException extends XMLSecurityException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor StorageResolverException
- *
- */
- public StorageResolverException() {
- super();
- }
-
- /**
- * Constructor StorageResolverException
- *
- * @param msgID
- */
- public StorageResolverException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor StorageResolverException
- *
- * @param msgID
- * @param exArgs
- */
- public StorageResolverException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor StorageResolverException
- *
- * @param msgID
- * @param originalException
- */
- public StorageResolverException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor StorageResolverException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public StorageResolverException(String msgID, Object exArgs[],
- Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.storage;
-
-import java.security.cert.Certificate;
-import java.util.Iterator;
-
-public abstract class StorageResolverSpi {
-
- /**
- * Method getIterator
- *
- * @return the iterator for the storage
- */
- public abstract Iterator<Certificate> getIterator();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.storage.implementations;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.apache.xml.security.keys.storage.StorageResolverException;
-import org.apache.xml.security.keys.storage.StorageResolverSpi;
-import org.apache.xml.security.utils.Base64;
-
-/**
- * This {@link StorageResolverSpi} makes all raw (binary) {@link X509Certificate}s
- * which reside as files in a single directory available to the
- * {@link org.apache.xml.security.keys.storage.StorageResolver}.
- */
-public class CertsInFilesystemDirectoryResolver extends StorageResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(
- CertsInFilesystemDirectoryResolver.class
- );
-
- /** Field merlinsCertificatesDir */
- private String merlinsCertificatesDir = null;
-
- /** Field certs */
- private List<X509Certificate> certs = new ArrayList<X509Certificate>();
-
- /**
- * @param directoryName
- * @throws StorageResolverException
- */
- public CertsInFilesystemDirectoryResolver(String directoryName)
- throws StorageResolverException {
- this.merlinsCertificatesDir = directoryName;
-
- this.readCertsFromHarddrive();
- }
-
- /**
- * Method readCertsFromHarddrive
- *
- * @throws StorageResolverException
- */
- private void readCertsFromHarddrive() throws StorageResolverException {
-
- File certDir = new File(this.merlinsCertificatesDir);
- List<String> al = new ArrayList<String>();
- String[] names = certDir.list();
-
- for (int i = 0; i < names.length; i++) {
- String currentFileName = names[i];
-
- if (currentFileName.endsWith(".crt")) {
- al.add(names[i]);
- }
- }
-
- CertificateFactory cf = null;
-
- try {
- cf = CertificateFactory.getInstance("X.509");
- } catch (CertificateException ex) {
- throw new StorageResolverException("empty", ex);
- }
-
- if (cf == null) {
- throw new StorageResolverException("empty");
- }
-
- for (int i = 0; i < al.size(); i++) {
- String filename = certDir.getAbsolutePath() + File.separator + (String) al.get(i);
- File file = new File(filename);
- boolean added = false;
- String dn = null;
-
- FileInputStream fis = null;
- try {
- fis = new FileInputStream(file);
- X509Certificate cert =
- (X509Certificate) cf.generateCertificate(fis);
-
- //add to ArrayList
- cert.checkValidity();
- this.certs.add(cert);
-
- dn = cert.getSubjectX500Principal().getName();
- added = true;
- } catch (FileNotFoundException ex) {
- if (log.isDebugEnabled()) {
- log.debug("Could not add certificate from file " + filename, ex);
- }
- } catch (CertificateNotYetValidException ex) {
- if (log.isDebugEnabled()) {
- log.debug("Could not add certificate from file " + filename, ex);
- }
- } catch (CertificateExpiredException ex) {
- if (log.isDebugEnabled()) {
- log.debug("Could not add certificate from file " + filename, ex);
- }
- } catch (CertificateException ex) {
- if (log.isDebugEnabled()) {
- log.debug("Could not add certificate from file " + filename, ex);
- }
- } finally {
- try {
- if (fis != null) {
- fis.close();
- }
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug("Could not add certificate from file " + filename, ex);
- }
- }
- }
-
- if (added && log.isDebugEnabled()) {
- log.debug("Added certificate: " + dn);
- }
- }
- }
-
- /** @inheritDoc */
- public Iterator<Certificate> getIterator() {
- return new FilesystemIterator(this.certs);
- }
-
- /**
- * Class FilesystemIterator
- */
- private static class FilesystemIterator implements Iterator<Certificate> {
-
- /** Field certs */
- List<X509Certificate> certs = null;
-
- /** Field i */
- int i;
-
- /**
- * Constructor FilesystemIterator
- *
- * @param certs
- */
- public FilesystemIterator(List<X509Certificate> certs) {
- this.certs = certs;
- this.i = 0;
- }
-
- /** @inheritDoc */
- public boolean hasNext() {
- return (this.i < this.certs.size());
- }
-
- /** @inheritDoc */
- public Certificate next() {
- return this.certs.get(this.i++);
- }
-
- /**
- * Method remove
- *
- */
- public void remove() {
- throw new UnsupportedOperationException("Can't remove keys from KeyStore");
- }
- }
-
- /**
- * Method main
- *
- * @param unused
- * @throws Exception
- */
- public static void main(String unused[]) throws Exception {
-
- CertsInFilesystemDirectoryResolver krs =
- new CertsInFilesystemDirectoryResolver(
- "data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs");
-
- for (Iterator<Certificate> i = krs.getIterator(); i.hasNext(); ) {
- X509Certificate cert = (X509Certificate) i.next();
- byte[] ski =
- org.apache.xml.security.keys.content.x509.XMLX509SKI.getSKIBytesFromCert(cert);
-
- System.out.println();
- System.out.println("Base64(SKI())= \""
- + Base64.encode(ski) + "\"");
- System.out.println("cert.getSerialNumber()= \""
- + cert.getSerialNumber().toString() + "\"");
- System.out.println("cert.getSubjectX500Principal().getName()= \""
- + cert.getSubjectX500Principal().getName() + "\"");
- System.out.println("cert.getIssuerX500Principal().getName()= \""
- + cert.getIssuerX500Principal().getName() + "\"");
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.storage.implementations;
-
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.Certificate;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.NoSuchElementException;
-
-import org.apache.xml.security.keys.storage.StorageResolverException;
-import org.apache.xml.security.keys.storage.StorageResolverSpi;
-
-/**
- * Makes the Certificates from a JAVA {@link KeyStore} object available to the
- * {@link org.apache.xml.security.keys.storage.StorageResolver}.
- */
-public class KeyStoreResolver extends StorageResolverSpi {
-
- /** Field keyStore */
- private KeyStore keyStore = null;
-
- /**
- * Constructor KeyStoreResolver
- *
- * @param keyStore is the keystore which contains the Certificates
- * @throws StorageResolverException
- */
- public KeyStoreResolver(KeyStore keyStore) throws StorageResolverException {
- this.keyStore = keyStore;
- // Do a quick check on the keystore
- try {
- keyStore.aliases();
- } catch (KeyStoreException ex) {
- throw new StorageResolverException("generic.EmptyMessage", ex);
- }
- }
-
- /** @inheritDoc */
- public Iterator<Certificate> getIterator() {
- return new KeyStoreIterator(this.keyStore);
- }
-
- /**
- * Class KeyStoreIterator
- */
- static class KeyStoreIterator implements Iterator<Certificate> {
-
- /** Field keyStore */
- KeyStore keyStore = null;
-
- /** Field aliases */
- Enumeration<String> aliases = null;
-
- /** Field nextCert */
- Certificate nextCert = null;
-
- /**
- * Constructor KeyStoreIterator
- *
- * @param keyStore
- */
- public KeyStoreIterator(KeyStore keyStore) {
- try {
- this.keyStore = keyStore;
- this.aliases = this.keyStore.aliases();
- } catch (KeyStoreException ex) {
- // empty Enumeration
- this.aliases = new Enumeration<String>() {
- public boolean hasMoreElements() {
- return false;
- }
- public String nextElement() {
- return null;
- }
- };
- }
- }
-
- /** @inheritDoc */
- public boolean hasNext() {
- if (nextCert == null) {
- nextCert = findNextCert();
- }
-
- return (nextCert != null);
- }
-
- /** @inheritDoc */
- public Certificate next() {
- if (nextCert == null) {
- // maybe caller did not call hasNext()
- nextCert = findNextCert();
-
- if (nextCert == null) {
- throw new NoSuchElementException();
- }
- }
-
- Certificate ret = nextCert;
- nextCert = null;
- return ret;
- }
-
- /**
- * Method remove
- */
- public void remove() {
- throw new UnsupportedOperationException("Can't remove keys from KeyStore");
- }
-
- // Find the next entry that contains a certificate and return it.
- // In particular, this skips over entries containing symmetric keys.
- private Certificate findNextCert() {
- while (this.aliases.hasMoreElements()) {
- String alias = this.aliases.nextElement();
- try {
- Certificate cert = this.keyStore.getCertificate(alias);
- if (cert != null) {
- return cert;
- }
- } catch (KeyStoreException ex) {
- return null;
- }
- }
-
- return null;
- }
-
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.keys.storage.implementations;
-
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.Iterator;
-import java.util.NoSuchElementException;
-
-import org.apache.xml.security.keys.storage.StorageResolverSpi;
-
-/**
- * This {@link StorageResolverSpi} makes a single {@link X509Certificate}
- * available to the {@link org.apache.xml.security.keys.storage.StorageResolver}.
- */
-public class SingleCertificateResolver extends StorageResolverSpi {
-
- /** Field certificate */
- private X509Certificate certificate = null;
-
- /**
- * @param x509cert the single {@link X509Certificate}
- */
- public SingleCertificateResolver(X509Certificate x509cert) {
- this.certificate = x509cert;
- }
-
- /** @inheritDoc */
- public Iterator<Certificate> getIterator() {
- return new InternalIterator(this.certificate);
- }
-
- /**
- * Class InternalIterator
- */
- static class InternalIterator implements Iterator<Certificate> {
-
- /** Field alreadyReturned */
- boolean alreadyReturned = false;
-
- /** Field certificate */
- X509Certificate certificate = null;
-
- /**
- * Constructor InternalIterator
- *
- * @param x509cert
- */
- public InternalIterator(X509Certificate x509cert) {
- this.certificate = x509cert;
- }
-
- /** @inheritDoc */
- public boolean hasNext() {
- return !this.alreadyReturned;
- }
-
- /** @inheritDoc */
- public Certificate next() {
- if (this.alreadyReturned) {
- throw new NoSuchElementException();
- }
- this.alreadyReturned = true;
- return this.certificate;
- }
-
- /**
- * Method remove
- */
- public void remove() {
- throw new UnsupportedOperationException("Can't remove keys from KeyStore");
- }
- }
-}
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-implementations of resolvers for retrieval for certificates and public keys from user-specified locations.
-</P></BODY></HTML>
\ No newline at end of file
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-a resolver framework for certificates and public keys from user-specified locations.
-</P></BODY></HTML>
\ No newline at end of file
+++ /dev/null
-<HTML>
- <HEAD>
- <TITLE>org.apache.xml.security</TITLE>
- </HEAD>
- <BODY>
- <H1>Canonical XML and XML Signature Implementation</H1>
- <H2>Needs the following packages</H2>
- <UL>
- <LI>Xerces v2.0.0 <A HREF="http://xml.apache.org/dist/xerces-j/">http://xml.apache.org/dist/xerces-j/</A></LI>
- <LI>Xalan 2.2.0 <A HREF="http://xml.apache.org/dist/xalan-j/">http://xml.apache.org/dist/xalan-j/</A></LI>
- <LI>JUnit 3.7 <A HREF="http://download.sourceforge.net/junit/junit3.7.zip">http://download.sourceforge.net/junit/junit3.5.zip</A></LI>
- <LI>Jakarta Log4J 1.1.2 <A HREF="http://jakarta.apache.org/log4j/">http://jakarta.apache.org/log4j/</A></LI>
- <LI>ANT <A HREF="http://jakarta.apache.org/builds/jakarta-ant/release/">http://jakarta.apache.org/builds/jakarta-ant/release/</A></LI>
- </UL>
- <H1>Packages</H1>
- <UL>
- <LI>{@link org.apache.xml.security.algorithms} contains algorithm factories </LI>
- <LI>{@link org.apache.xml.security.c14n} contains Canonicalization related material and algorithms </LI>
- <LI>{@link org.apache.xml.security.exceptions} contains all exceptions used by this library </LI>
- <LI>{@link org.apache.xml.security.keys} contains key related material </LI>
- <LI>{@link org.apache.xml.security.signature} contains the XML Signature specific classes </LI>
- <LI>{@link org.apache.xml.security.transforms} XML Signature transformations </LI>
- <LI>{@link org.apache.xml.security.utils} contains all utility classes </LI>
- </UL>
- <H2>Support</H2>
- <P>See <A HREF="http://xml.apache.org/security/">the xml-security project</A> for further assistence</P>
- <H2>Author</H2>
- <P>Christian Geuer-Pollmann geuer-pollmann@nue.et-inf.uni-siegen.de<BR>
- University of Siegen<BR>
- Institute for Data Communications Systems<BR>
- </P>
- </BODY>
-</HTML>
+++ /dev/null
-<?xml version='1.0' encoding='UTF-8' ?>\r
-\r
-<!ELEMENT Configuration (CanonicalizationMethods , TransformAlgorithms , JCEAlgorithmMappings , Log4J , ResourceBundles , UnitTests , ResourceResolvers , KeyResolvers)>\r
-\r
-<!ATTLIST Configuration xmlns CDATA #FIXED 'http://www.xmlsecurity.org/NS/#configuration' \r
-target CDATA #IMPLIED>\r
-<!ELEMENT CanonicalizationMethods (CanonicalizationMethod+)>\r
-\r
-<!ATTLIST CanonicalizationMethods JAVACLASS CDATA #FIXED 'org.apache.xml.security.c14n.Canonicalizer' >\r
-<!ELEMENT CanonicalizationMethod EMPTY>\r
-\r
-<!ATTLIST CanonicalizationMethod URI CDATA #REQUIRED\r
- JAVACLASS CDATA #REQUIRED >\r
-<!ELEMENT TransformAlgorithms (TransformAlgorithm+)>\r
-\r
-<!ATTLIST TransformAlgorithms JAVACLASS CDATA #FIXED 'org.apache.xml.security.transforms.Transform' >\r
-<!ELEMENT TransformAlgorithm EMPTY>\r
-\r
-<!ATTLIST TransformAlgorithm URI CDATA #REQUIRED\r
- JAVACLASS CDATA #REQUIRED >\r
-<!ELEMENT JCEAlgorithmMappings (Providers , Algorithms)>\r
-\r
-<!ELEMENT Providers (Provider+)>\r
-\r
-<!ELEMENT Provider EMPTY>\r
-\r
-<!ATTLIST Provider Id ID #REQUIRED\r
- Class CDATA #REQUIRED\r
- Info CDATA #IMPLIED\r
- ProviderURL CDATA #IMPLIED >\r
-<!ELEMENT Algorithms (Algorithm+)>\r
-\r
-<!ELEMENT Algorithm (ProviderAlgo+)>\r
-\r
-<!ATTLIST Algorithm URI CDATA #REQUIRED\r
- Description CDATA #IMPLIED\r
- AlgorithmClass CDATA #IMPLIED >\r
-<!ELEMENT ProviderAlgo EMPTY>\r
-\r
-<!ATTLIST ProviderAlgo ProviderId IDREF #REQUIRED\r
- JCEName CDATA #REQUIRED\r
- JCEAlias CDATA #IMPLIED >\r
-<!ELEMENT Log4J EMPTY>\r
-\r
-<!ATTLIST Log4J configFile CDATA 'data/log4j.xml' >\r
-<!ELEMENT ResourceBundles (ResourceBundle+)>\r
-\r
-<!ATTLIST ResourceBundles defaultLanguageCode CDATA 'de'\r
- defaultCountryCode CDATA 'DE' >\r
-<!ELEMENT ResourceBundle EMPTY>\r
-\r
-<!ATTLIST ResourceBundle LanguageCode CDATA #REQUIRED\r
- CountryCode CDATA #REQUIRED\r
- LOCATION CDATA #REQUIRED >\r
-<!ELEMENT UnitTests (UnitTest+)>\r
-\r
-<!ATTLIST UnitTests JAVACLASS CDATA #FIXED 'org.apache.xml.security.test.AllTests' >\r
-<!ELEMENT ResourceResolvers (Resolver+)>\r
-\r
-<!ELEMENT Resolver EMPTY>\r
-\r
-<!ATTLIST Resolver JAVACLASS CDATA #REQUIRED\r
- DESCRIPTION CDATA #IMPLIED >\r
-<!ELEMENT KeyResolvers (KeyResolver+)>\r
-<!ATTLIST KeyResolvers JAVACLASS CDATA #FIXED 'org.apache.xml.security.keys.KeyResolver' >\r
-\r
-<!ELEMENT KeyResolver EMPTY>\r
-\r
-<!ATTLIST KeyResolver URI CDATA #REQUIRED\r
- JAVACLASS CDATA #REQUIRED >\r
-<!ELEMENT UnitTest (#PCDATA)>\r
-\r
-<!ATTLIST UnitTest JAVACLASS CDATA #REQUIRED >\r
+++ /dev/null
-<?xml version="1.0"?>\r
-<!--\r
-<!DOCTYPE Configuration SYSTEM "config.dtd">\r
--->\r
-<!-- This configuration file is used for configuration of the org.apache.xml.security package -->\r
-<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/#configuration">\r
- <CanonicalizationMethods>\r
- <CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"\r
- JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments" />\r
- <CanonicalizationMethod URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"\r
- JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments" />\r
-\r
- <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#"\r
- JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments"/>\r
- <CanonicalizationMethod URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"\r
- JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments"/>\r
- <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11"
- JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments"/>
- <CanonicalizationMethod URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"
- JAVACLASS="org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments"/>
- </CanonicalizationMethods>\r
- <TransformAlgorithms>\r
- <!-- Base64 -->\r
- <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#base64"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformBase64Decode" />\r
- <!-- c14n omitting comments -->\r
- <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N" />\r
- <!-- c14n with comments -->\r
- <TransformAlgorithm URI="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NWithComments" />\r
- <!-- c14n 1.1 omitting comments -->\r
- <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11" />\r
- <!-- c14n 1.1 with comments -->\r
- <TransformAlgorithm URI="http://www.w3.org/2006/12/xml-c14n11#WithComments"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments" />\r
- <!-- exclusive c14n omitting comments -->\r
- <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusive" />\r
- <!-- exclusive c14n with comments -->\r
- <TransformAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments" />\r
-\r
- <!-- XPath transform -->\r
- <TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xpath-19991116"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXPath" />\r
- <!-- enveloped signature -->\r
- <TransformAlgorithm URI="http://www.w3.org/2000/09/xmldsig#enveloped-signature"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" />\r
- <!-- XSLT -->\r
- <TransformAlgorithm URI="http://www.w3.org/TR/1999/REC-xslt-19991116"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXSLT" />\r
- <!-- XPath version 2 -->\r
- <TransformAlgorithm URI="http://www.w3.org/2002/06/xmldsig-filter2"\r
- JAVACLASS="org.apache.xml.security.transforms.implementations.TransformXPath2Filter" />\r
- </TransformAlgorithms>\r
- <SignatureAlgorithms>\r
- <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureDSA" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1" />\r
-\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA384" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA512" />\r
-\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384" />\r
- <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"\r
- JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512" />\r
- </SignatureAlgorithms>\r
- <JCEAlgorithmMappings>\r
- <Algorithms>\r
- <!-- MessageDigest Algorithms -->\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5"\r
- Description="MD5 message digest from RFC 1321"\r
- AlgorithmClass="MessageDigest"\r
- RequirementLevel="NOT RECOMMENDED"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="MD5"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160"\r
- Description="RIPEMD-160 message digest"\r
- AlgorithmClass="MessageDigest"\r
- RequirementLevel="OPTIONAL"\r
- JCEName="RIPEMD160"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"\r
- Description="SHA-1 message digest"\r
- AlgorithmClass="MessageDigest"\r
- RequirementLevel="REQUIRED"\r
- JCEName="SHA-1"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha256"\r
- Description="SHA-1 message digest with 256 bit"\r
- AlgorithmClass="MessageDigest"\r
- RequirementLevel="RECOMMENDED"\r
- JCEName="SHA-256"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#sha384"\r
- Description="SHA message digest with 384 bit"\r
- AlgorithmClass="MessageDigest"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="SHA-384"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512"\r
- Description="SHA-1 message digest with 512 bit"\r
- AlgorithmClass="MessageDigest"\r
- RequirementLevel="OPTIONAL"\r
- JCEName="SHA-512"/>\r
-\r
- <!-- Signature Algorithms -->\r
- <Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1"\r
- Description="Digital Signature Algorithm with SHA-1 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="REQUIRED"\r
- JCEName="SHA1withDSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"\r
- Description="RSA Signature with MD5 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="NOT RECOMMENDED"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="MD5withRSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"\r
- Description="RSA Signature with RIPEMD-160 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="RIPEMD160withRSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"\r
- Description="RSA Signature with SHA-1 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="RECOMMENDED"\r
- JCEName="SHA1withRSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"\r
- Description="RSA Signature with SHA-256 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="SHA256withRSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"\r
- Description="RSA Signature with SHA-384 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="SHA384withRSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"\r
- Description="RSA Signature with SHA-512 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="SHA512withRSA"/>\r
- \r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"\r
- Description="ECDSA Signature with SHA-1 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="SHA1withECDSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"\r
- Description="ECDSA Signature with SHA-256 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="SHA256withECDSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"\r
- Description="ECDSA Signature with SHA-384 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="SHA384withECDSA"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"\r
- Description="ECDSA Signature with SHA-512 message digest"\r
- AlgorithmClass="Signature"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="SHA512withECDSA"/>\r
-\r
- <!-- MAC Algorithms -->\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"\r
- Description="Message Authentication code using MD5"\r
- AlgorithmClass="Mac"\r
- RequirementLevel="NOT RECOMMENDED"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="HmacMD5"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"\r
- Description="Message Authentication code using RIPEMD-160"\r
- AlgorithmClass="Mac"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="HMACRIPEMD160"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"\r
- Description="Message Authentication code using SHA1"\r
- AlgorithmClass="Mac"\r
- RequirementLevel="REQUIRED"\r
- JCEName="HmacSHA1"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"\r
- Description="Message Authentication code using SHA-256"\r
- AlgorithmClass="Mac"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="HmacSHA256"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"\r
- Description="Message Authentication code using SHA-384"\r
- AlgorithmClass="Mac"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="HmacSHA384"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"\r
- Description="Message Authentication code using SHA-512"\r
- AlgorithmClass="Mac"\r
- RequirementLevel="OPTIONAL"\r
- SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"\r
- JCEName="HmacSHA512"/>\r
-\r
- <!-- Block encryption Algorithms -->\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"\r
- Description="Block encryption using Triple-DES"\r
- AlgorithmClass="BlockEncryption"\r
- RequirementLevel="REQUIRED"\r
- KeyLength="192"\r
- RequiredKey="DESede"\r
- JCEName="DESede/CBC/ISO10126Padding"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes128-cbc"\r
- Description="Block encryption using AES with a key length of 128 bit"\r
- AlgorithmClass="BlockEncryption"\r
- RequirementLevel="REQUIRED"\r
- KeyLength="128"\r
- RequiredKey="AES"\r
- JCEName="AES/CBC/ISO10126Padding"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes192-cbc"\r
- Description="Block encryption using AES with a key length of 192 bit"\r
- AlgorithmClass="BlockEncryption"\r
- RequirementLevel="OPTIONAL"\r
- KeyLength="192"\r
- RequiredKey="AES"\r
- JCEName="AES/CBC/ISO10126Padding"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#aes256-cbc"\r
- Description="Block encryption using AES with a key length of 256 bit"\r
- AlgorithmClass="BlockEncryption"\r
- RequirementLevel="REQUIRED"\r
- KeyLength="256"\r
- RequiredKey="AES"\r
- JCEName="AES/CBC/ISO10126Padding"/>\r
- \r
- <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes128-gcm"\r
- Description="Block encryption using AES with a key length of 128 bit in GCM"\r
- AlgorithmClass="BlockEncryption"\r
- RequirementLevel="OPTIONAL"\r
- KeyLength="128"\r
- RequiredKey="AES"\r
- JCEName="AES/GCM/NoPadding"/>\r
- \r
- <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes192-gcm"\r
- Description="Block encryption using AES with a key length of 192 bit in GCM"\r
- AlgorithmClass="BlockEncryption"\r
- RequirementLevel="OPTIONAL"\r
- KeyLength="192"\r
- RequiredKey="AES"\r
- JCEName="AES/GCM/NoPadding"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2009/xmlenc11#aes256-gcm"\r
- Description="Block encryption using AES with a key length of 256 bit in GCM"\r
- AlgorithmClass="BlockEncryption"\r
- RequirementLevel="OPTIONAL"\r
- KeyLength="256"\r
- RequiredKey="AES"\r
- JCEName="AES/GCM/NoPadding"/>\r
- \r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-1_5"\r
- Description="Key Transport RSA-v1.5"\r
- AlgorithmClass="KeyTransport"\r
- RequirementLevel="REQUIRED"\r
- RequiredKey="RSA"\r
- JCEName="RSA/ECB/PKCS1Padding"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"\r
- Description="Key Transport RSA-OAEP"\r
- AlgorithmClass="KeyTransport"\r
- RequirementLevel="REQUIRED"\r
- RequiredKey="RSA"\r
- JCEName="RSA/ECB/OAEPPadding"/>\r
- \r
- <Algorithm URI="http://www.w3.org/2009/xmlenc11#rsa-oaep"\r
- Description="Key Transport RSA-OAEP"\r
- AlgorithmClass="KeyTransport"\r
- RequirementLevel="OPTIONAL"\r
- RequiredKey="RSA"\r
- JCEName="RSA/ECB/OAEPPadding"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#dh"\r
- Description="Key Agreement Diffie-Hellman"\r
- AlgorithmClass="KeyAgreement"\r
- RequirementLevel="OPTIONAL"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-tripledes"\r
- Description="Symmetric Key Wrap using Triple DES"\r
- AlgorithmClass="SymmetricKeyWrap"\r
- RequirementLevel="REQUIRED"\r
- KeyLength="192"\r
- RequiredKey="DESede"\r
- JCEName="DESedeWrap"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes128"\r
- Description="Symmetric Key Wrap using AES with a key length of 128 bit"\r
- AlgorithmClass="SymmetricKeyWrap"\r
- RequirementLevel="REQUIRED"\r
- KeyLength="128"\r
- RequiredKey="AES"\r
- JCEName="AESWrap"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes192"\r
- Description="Symmetric Key Wrap using AES with a key length of 192 bit"\r
- AlgorithmClass="SymmetricKeyWrap"\r
- RequirementLevel="OPTIONAL"\r
- KeyLength="192"\r
- RequiredKey="AES"\r
- JCEName="AESWrap"/>\r
-\r
- <Algorithm URI="http://www.w3.org/2001/04/xmlenc#kw-aes256"\r
- Description="Symmetric Key Wrap using AES with a key length of 256 bit"\r
- AlgorithmClass="SymmetricKeyWrap"\r
- RequirementLevel="REQUIRED"\r
- KeyLength="256"\r
- RequiredKey="AES"\r
- JCEName="AESWrap"/>\r
-\r
- </Algorithms>\r
- </JCEAlgorithmMappings>\r
- <ResourceBundles defaultLanguageCode="en" defaultCountryCode="US"/>\r
- <ResourceResolvers>\r
- <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP"\r
- DESCRIPTION="A simple resolver for requests to HTTP space" />\r
- <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem"\r
- DESCRIPTION="A simple resolver for requests to the local file system" />\r
- <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverFragment"\r
- DESCRIPTION="A simple resolver for requests of same-document URIs" />\r
- <Resolver JAVACLASS="org.apache.xml.security.utils.resolver.implementations.ResolverXPointer"\r
- DESCRIPTION="A simple resolver for requests of XPointer fragments" />\r
- </ResourceResolvers>\r
- <KeyResolver>\r
- <!-- This section contains a list of KeyResolvers that are available in\r
- every KeyInfo object -->\r
- <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver"\r
- DESCRIPTION="Can extract RSA public keys" />\r
- <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver"\r
- DESCRIPTION="Can extract DSA public keys" />\r
- <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver"\r
- DESCRIPTION="Can extract public keys from X509 certificates" />\r
- <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver"\r
- DESCRIPTION="Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages" />\r
- <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver"\r
- DESCRIPTION="Resolves keys and certificates using ResourceResolvers" />\r
- <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver"\r
- DESCRIPTION="Uses an X509 SubjectName to retrieve a certificate from the storages" />\r
- <Resolver JAVACLASS="org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver"\r
- DESCRIPTION="Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages" />\r
- </KeyResolver>\r
- \r
- <PrefixMappings>\r
- <!-- Many classes create Elements which are in a specific namespace;\r
- here, the prefixes for these namespaces are defined. But this\r
- can also be overwritten using the ElementProxy#setDefaultPrefix()\r
- method. You can even set all prefixes to "" so that the corresponding\r
- elements are created using the default namespace -->\r
- <PrefixMapping namespace="http://www.w3.org/2000/09/xmldsig#"\r
- prefix="ds" />\r
- <PrefixMapping namespace="http://www.w3.org/2001/04/xmlenc#"\r
- prefix="xenc" />\r
- <PrefixMapping namespace="http://www.xmlsecurity.org/experimental#"\r
- prefix="experimental" />\r
- <PrefixMapping namespace="http://www.w3.org/2002/04/xmldsig-filter2"\r
- prefix="dsig-xpath-old" />\r
- <PrefixMapping namespace="http://www.w3.org/2002/06/xmldsig-filter2"\r
- prefix="dsig-xpath" />\r
- <PrefixMapping namespace="http://www.w3.org/2001/10/xml-exc-c14n#"\r
- prefix="ec" />\r
- <PrefixMapping namespace="http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter"\r
- prefix="xx" />\r
- </PrefixMappings>\r
-</Configuration>\r
+++ /dev/null
-<HTML> <HEAD> </HEAD> <BODY> <P>
-software configuration and internationalization ({@link org.apache.xml.security.utils.I18n}).
-</P></BODY> </HTML>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>\r
-<!-- edited with XML Spy v4.3 U (http://www.xmlspy.com) by XMLSpy v4 (Altova) -->\r
-<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.1.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.1.1#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" xsi:schemaLocation="http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd">\r
- <xsd:element name="Any" type="AnyType"/>\r
- <xsd:complexType name="AnyType" mixed="true">\r
- <xsd:sequence>\r
- <xsd:any namespace="##any"/>\r
- </xsd:sequence>\r
- <xsd:anyAttribute namespace="##any"/>\r
- </xsd:complexType>\r
- <xsd:element name="ObjectIdentifier" type="ObjectIdentifierType"/>\r
- <xsd:complexType name="ObjectIdentifierType">\r
- <xsd:sequence>\r
- <xsd:element name="Identifier" type="IdentifierType"/>\r
- <xsd:element name="Description" type="xsd:string" minOccurs="0"/>\r
- <xsd:element name="DocumentationReferences" type="DocumentationReferencesType" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="IdentifierType">\r
- <xsd:simpleContent>\r
- <xsd:extension base="xsd:anyURI">\r
- <xsd:attribute name="Qualifier" type="QualifierType" use="optional"/>\r
- </xsd:extension>\r
- </xsd:simpleContent>\r
- </xsd:complexType>\r
- <xsd:simpleType name="QualifierType">\r
- <xsd:restriction base="xsd:string">\r
- <xsd:enumeration value="OIDAsURI"/>\r
- <xsd:enumeration value="OIDAsURN"/>\r
- </xsd:restriction>\r
- </xsd:simpleType>\r
- <xsd:complexType name="DocumentationReferencesType">\r
- <xsd:sequence maxOccurs="unbounded">\r
- <xsd:element name="DocumentationReference" type="xsd:anyURI"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="EncapsulatedPKIData" type="EncapsulatedPKIDataType"/>\r
- <xsd:complexType name="EncapsulatedPKIDataType">\r
- <xsd:simpleContent>\r
- <xsd:extension base="xsd:base64Binary">\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:extension>\r
- </xsd:simpleContent>\r
- </xsd:complexType>\r
- <xsd:element name="TimeStamp" type="TimeStampType"/>\r
- <xsd:complexType name="TimeStampType">\r
- <xsd:sequence>\r
- <xsd:element name="HashDataInfo" type="HashDataInfoType" maxOccurs="unbounded"/>\r
- <xsd:choice>\r
- <xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/>\r
- <xsd:element name="XMLTimeStamp" type="AnyType"/>\r
- </xsd:choice>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="HashDataInfoType">\r
- <xsd:sequence>\r
- <xsd:element name="Transforms" type="ds:TransformsType" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="uri" type="xsd:anyURI" use="required"/>\r
- </xsd:complexType>\r
- <xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/>\r
- <xsd:complexType name="QualifyingPropertiesType">\r
- <xsd:sequence>\r
- <xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/>\r
- <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="Target" type="xsd:anyURI" use="required"/>\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:element name="SignedProperties" type="SignedPropertiesType"/>\r
- <xsd:complexType name="SignedPropertiesType">\r
- <xsd:sequence>\r
- <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>\r
- <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:element name="UnsignedProperties" type="UnsignedPropertiesType"/>\r
- <xsd:complexType name="UnsignedPropertiesType">\r
- <xsd:sequence>\r
- <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType" minOccurs="0"/>\r
- <xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>\r
- <xsd:complexType name="SignedSignaturePropertiesType">\r
- <xsd:sequence>\r
- <xsd:element name="SigningTime" type="xsd:dateTime"/>\r
- <xsd:element name="SigningCertificate" type="CertIDListType"/>\r
- <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>\r
- <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" minOccurs="0"/>\r
- <xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType"/>\r
- <xsd:complexType name="SignedDataObjectPropertiesType">\r
- <xsd:sequence>\r
- <xsd:element name="DataObjectFormat" type="DataObjectFormatType" minOccurs="0" maxOccurs="unbounded"/>\r
- <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType" minOccurs="0" maxOccurs="unbounded"/>\r
- <xsd:element name="AllDataObjectsTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>\r
- <xsd:element name="IndividualDataObjectsTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType"/>\r
- <xsd:complexType name="UnsignedSignaturePropertiesType">\r
- <xsd:sequence>\r
- <xsd:element name="CounterSignature" type="CounterSignatureType" minOccurs="0" maxOccurs="unbounded"/>\r
- <xsd:element name="SignatureTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>\r
- <xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType" minOccurs="0"/>\r
- <xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType" minOccurs="0"/>\r
- <xsd:choice>\r
- <xsd:element name="SigAndRefsTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>\r
- <xsd:element name="RefsOnlyTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>\r
- </xsd:choice>\r
- <xsd:element name="CertificateValues" type="CertificateValuesType" minOccurs="0"/>\r
- <xsd:element name="RevocationValues" type="RevocationValuesType" minOccurs="0"/>\r
- <xsd:element name="ArchiveTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType"/>\r
- <xsd:complexType name="UnsignedDataObjectPropertiesType">\r
- <xsd:sequence>\r
- <xsd:element name="UnsignedDataObjectProperty" type="AnyType" minOccurs="0" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="QualifyingPropertiesReference" type="QualifyingPropertiesReferenceType"/>\r
- <xsd:complexType name="QualifyingPropertiesReferenceType">\r
- <xsd:sequence>\r
- <xsd:element name="Transforms" type="ds:TransformsType" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:element name="SigningTime" type="xsd:dateTime"/>\r
- <xsd:element name="SigningCertificate" type="CertIDListType"/>\r
- <xsd:complexType name="CertIDListType">\r
- <xsd:sequence>\r
- <xsd:element name="Cert" type="CertIDType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="CertIDType">\r
- <xsd:sequence>\r
- <xsd:element name="CertDigest" type="DigestAlgAndValueType"/>\r
- <xsd:element name="IssuerSerial" type="ds:X509IssuerSerialType"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="DigestAlgAndValueType">\r
- <xsd:sequence>\r
- <xsd:element name="DigestMethod" type="ds:DigestMethodType"/>\r
- <xsd:element name="DigestValue" type="ds:DigestValueType"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>\r
- <xsd:complexType name="SignaturePolicyIdentifierType">\r
- <xsd:choice>\r
- <xsd:element name="SignaturePolicyId" type="SignaturePolicyIdType"/>\r
- <xsd:element name="SignaturePolicyImplied"/>\r
- </xsd:choice>\r
- </xsd:complexType>\r
- <xsd:complexType name="SignaturePolicyIdType">\r
- <xsd:sequence>\r
- <xsd:element name="SigPolicyId" type="ObjectIdentifierType"/>\r
- <xsd:element ref="ds:Transforms" minOccurs="0"/>\r
- <xsd:element name="SigPolicyHash" type="DigestAlgAndValueType"/>\r
- <xsd:element name="SigPolicyQualifiers" type="SigPolicyQualifiersListType" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="SigPolicyQualifiersListType">\r
- <xsd:sequence>\r
- <xsd:element name="SigPolicyQualifier" type="AnyType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="SPURI" type="xsd:anyURI"/>\r
- <xsd:element name="SPUserNotice" type="SPUserNoticeType"/>\r
- <xsd:complexType name="SPUserNoticeType">\r
- <xsd:sequence>\r
- <xsd:element name="NoticeRef" type="NoticeReferenceType" minOccurs="0"/>\r
- <xsd:element name="ExplicitText" type="xsd:string" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="NoticeReferenceType">\r
- <xsd:sequence>\r
- <xsd:element name="Organization" type="xsd:string"/>\r
- <xsd:element name="NoticeNumbers" type="IntegerListType"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="IntegerListType">\r
- <xsd:sequence>\r
- <xsd:element name="int" type="xsd:integer" minOccurs="0" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="CounterSignature" type="CounterSignatureType"/>\r
- <xsd:complexType name="CounterSignatureType">\r
- <xsd:sequence>\r
- <xsd:element ref="ds:Signature"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="DataObjectFormat" type="DataObjectFormatType"/>\r
- <xsd:complexType name="DataObjectFormatType">\r
- <xsd:sequence>\r
- <xsd:element name="Description" type="xsd:string" minOccurs="0"/>\r
- <xsd:element name="ObjectIdentifier" type="ObjectIdentifierType" minOccurs="0"/>\r
- <xsd:element name="MimeType" type="xsd:string" minOccurs="0"/>\r
- <xsd:element name="Encoding" type="xsd:anyURI" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="ObjectReference" type="xsd:anyURI" use="required"/>\r
- </xsd:complexType>\r
- <xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType"/>\r
- <xsd:complexType name="CommitmentTypeIndicationType">\r
- <xsd:sequence>\r
- <xsd:element name="CommitmentTypeId" type="ObjectIdentifierType"/>\r
- <xsd:choice>\r
- <xsd:element name="ObjectReference" type="xsd:anyURI" minOccurs="0" maxOccurs="unbounded"/>\r
- <xsd:element name="AllSignedDataObjects"/>\r
- </xsd:choice>\r
- <xsd:element name="CommitmentTypeQualifiers" type="CommitmentTypeQualifiersListType" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="CommitmentTypeQualifiersListType">\r
- <xsd:sequence>\r
- <xsd:element name="CommitmentTypeQualifier" type="AnyType" minOccurs="0" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType"/>\r
- <xsd:complexType name="SignatureProductionPlaceType">\r
- <xsd:sequence>\r
- <xsd:element name="City" type="xsd:string" minOccurs="0"/>\r
- <xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/>\r
- <xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/>\r
- <xsd:element name="CountryName" type="xsd:string" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="SignerRole" type="SignerRoleType"/>\r
- <xsd:complexType name="SignerRoleType">\r
- <xsd:sequence>\r
- <xsd:element name="ClaimedRoles" type="ClaimedRolesListType" minOccurs="0"/>\r
- <xsd:element name="CertifiedRoles" type="CertifiedRolesListType" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="ClaimedRolesListType">\r
- <xsd:sequence>\r
- <xsd:element name="ClaimedRole" type="AnyType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="CertifiedRolesListType">\r
- <xsd:sequence>\r
- <xsd:element name="CertifiedRole" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="AllDataObjectsTimeStamp" type="TimeStampType"/>\r
- <xsd:element name="IndividualDataObjectsTimeStamp" type="TimeStampType"/>\r
- <xsd:element name="SignatureTimeStamp" type="TimeStampType"/>\r
- <xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/>\r
- <xsd:complexType name="CompleteCertificateRefsType">\r
- <xsd:sequence>\r
- <xsd:element name="CertRefs" type="CertIDListType"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/>\r
- <xsd:complexType name="CompleteRevocationRefsType">\r
- <xsd:sequence>\r
- <xsd:element name="CRLRefs" type="CRLRefsType" minOccurs="0"/>\r
- <xsd:element name="OCSPRefs" type="OCSPRefsType" minOccurs="0"/>\r
- <xsd:element name="OtherRefs" type="OtherCertStatusRefsType" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:complexType name="CRLRefsType">\r
- <xsd:sequence>\r
- <xsd:element name="CRLRef" type="CRLRefType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="CRLRefType">\r
- <xsd:sequence>\r
- <xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType"/>\r
- <xsd:element name="CRLIdentifier" type="CRLIdentifierType" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="CRLIdentifierType">\r
- <xsd:sequence>\r
- <xsd:element name="Issuer" type="xsd:string"/>\r
- <xsd:element name="IssueTime" type="xsd:dateTime"/>\r
- <xsd:element name="Number" type="xsd:integer" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:complexType name="OCSPRefsType">\r
- <xsd:sequence>\r
- <xsd:element name="OCSPRef" type="OCSPRefType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="OCSPRefType">\r
- <xsd:sequence>\r
- <xsd:element name="OCSPIdentifier" type="OCSPIdentifierType"/>\r
- <xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType" minOccurs="0"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="OCSPIdentifierType">\r
- <xsd:sequence>\r
- <xsd:element name="ResponderID" type="xsd:string"/>\r
- <xsd:element name="ProducedAt" type="xsd:dateTime"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:complexType name="OtherCertStatusRefsType">\r
- <xsd:sequence>\r
- <xsd:element name="OtherRef" type="AnyType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="SigAndRefsTimeStamp" type="TimeStampType"/>\r
- <xsd:element name="RefsOnlyTimeStamp" type="TimeStampType"/>\r
- <xsd:element name="CertificateValues" type="CertificateValuesType"/>\r
- <xsd:complexType name="CertificateValuesType">\r
- <xsd:choice minOccurs="0" maxOccurs="unbounded">\r
- <xsd:element name="EncapsulatedX509Certificate" type="EncapsulatedPKIDataType"/>\r
- <xsd:element name="OtherCertificate" type="AnyType"/>\r
- </xsd:choice>\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:element name="RevocationValues" type="RevocationValuesType"/>\r
- <xsd:complexType name="RevocationValuesType">\r
- <xsd:sequence>\r
- <xsd:element name="CRLValues" type="CRLValuesType" minOccurs="0"/>\r
- <xsd:element name="OCSPValues" type="OCSPValuesType" minOccurs="0"/>\r
- <xsd:element name="OtherValues" type="OtherCertStatusValuesType" minOccurs="0"/>\r
- </xsd:sequence>\r
- <xsd:attribute name="Id" type="xsd:ID" use="optional"/>\r
- </xsd:complexType>\r
- <xsd:complexType name="CRLValuesType">\r
- <xsd:sequence>\r
- <xsd:element name="EncapsulatedCRLValue" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="OCSPValuesType">\r
- <xsd:sequence>\r
- <xsd:element name="EncapsulatedOCSPValue" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:complexType name="OtherCertStatusValuesType">\r
- <xsd:sequence>\r
- <xsd:element name="OtherValue" type="AnyType" maxOccurs="unbounded"/>\r
- </xsd:sequence>\r
- </xsd:complexType>\r
- <xsd:element name="ArchiveTimeStamp" type="TimeStampType"/>\r
-</xsd:schema>\r
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- http://www.xml.com/lpt/a/2002/01/23/relaxng.html -->
-<!-- http://www.oasis-open.org/committees/relax-ng/tutorial-20011203.html -->
-<!-- http://www.zvon.org/xxl/XMLSchemaTutorial/Output/ser_wildcards_st8.html -->
-<!-- http://lists.oasis-open.org/archives/relax-ng-comment/200206/maillist.html -->
-
-<grammar xmlns='http://relaxng.org/ns/structure/1.0'
- xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- ns="http://www.w3.org/2001/04/xmlenc#"
- datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-
- <include href="http://www.w3.org/Signature/Drafts/xmldsig-core/xmldsig-core-schema.rng">
- <!-- Used for DigestMethod, KeyInfoType and anyThing -->
- <!-- Since xmldsig-core also has a start, I have to include it
- in the include for redefinition. -->
- <start>
- <choice>
- <!-- We get to define the permissible root elements! -->
- <element name="EncryptedData"><ref name="EncryptedDataType"/></element>
- <element name="EncryptedKey"><ref name="EncryptedKeyType"/></element>
- </choice>
- </start>
-
- <define name='anyThing'>
- <zeroOrMore>
- <choice>
- <text/>
- <element>
- <anyName>
- <except>
- <nsName/>
- <nsName ns='http://www.w3.org/2000/09/xmldsig#'/>
- </except>
- </anyName>
- <ref name='anyThing'/>
- <zeroOrMore>
- <attribute>
- <anyName/>
- </attribute>
- </zeroOrMore>
- </element>
- </choice>
- </zeroOrMore>
- </define>
-
-
- </include>
-
- <!-- Import definitions from the xmldsig rng -->
-
- <define name="KeyInfoType" combine="interleave">
- <zeroOrMore>
- <choice>
- <element name="EncryptedKey"><ref name="EncryptedKeyType"/></element>
- <element name="AgreementMethod"><ref name="AgreementMethodType"/></element>
- </choice>
- </zeroOrMore>
- </define>
-
- <define name="DigestMethodType" combine="choice">
- <notAllowed/>
- </define>
-
- <define name="TransformType" combine="choice">
- <notAllowed/>
- </define>
-
- <!-- Now redefined in the include statement
- <define name="anyThing" combine="choice">
- <notAllowed/>
- </define>
- -->
-
- <!-- End import -->
-
-
- <define name="EncryptedDataType">
- <ref name="EncryptedType"/>
- </define>
-
-
- <define name="EncryptedKeyType">
- <ref name="EncryptedType"/>
- <optional><element name='ReferenceList'>
- <ref name="ReferenceListType"/></element>
- </optional>
- <optional><element name='CarriedKeyName'><data type="string"/></element></optional>
- <optional><attribute name='Recipient'> <data type="string"/></attribute></optional>
- </define>
-
-
- <define name="EncryptedType">
- <element name="EncryptionMethod"><ref name="EncryptionMethodType"/></element>
- <optional>
- <element name="KeyInfo" ns="http://www.w3.org/2000/09/xmldsig#">
- <ref name="KeyInfoType"/>
- </element>
- </optional>
- <optional>
- <element name="CipherData"><ref name="CipherDataType"/></element>
- </optional>
- <optional>
- <element name="EncryptionProperties"><ref name="EncryptionPropertiesType"/></element>
- </optional>
- <optional><attribute name="Id"><data type="ID"/></attribute></optional>
- <optional><attribute name="Type"><data type="anyURI"/></attribute></optional>
- <optional><attribute name="MimeType"><data type="string"/></attribute></optional>
- <optional><attribute name="Encoding"><data type="anyURI"/></attribute></optional>
- <optional><attribute name='xsi:schemaLocation'/></optional>
- </define>
-
- <define name="EncryptionMethodType">
- <zeroOrMore>
- <choice>
- <element name="KeySize">
- <data type="integer"/>
- </element>
- <element name="OAEPparams">
- <data type="base64Binary"/>
- </element>
- <text/>
- <element name='DigestMethod' ns="http://www.w3.org/2000/09/xmldsig#">
- <ref name="DigestMethodType"/>
- </element>
- </choice>
- </zeroOrMore>
- <attribute name="Algorithm"><data type="anyURI"/></attribute>
- </define>
-
-
- <define name="AgreementMethodType">
- <zeroOrMore>
- <choice>
- <element name="KA-Nonce">
- <data type="base64Binary"/>
- </element>
- <element name='DigestMethod' ns="http://www.w3.org/2000/09/xmldsig#">
- <ref name="DigestMethodType"/>
- </element>
- <text/>
- <element>
- <nsName ns="http://www.w3.org/2000/09/xmldsig#"/>
- <ref name="anyThing"/>
- </element>
- <element name="OriginatorKeyInfo"><ref name="KeyInfoType"/></element>
- <element name="RecipientKeyInfo"><ref name="KeyInfoType"/></element>
- </choice>
- </zeroOrMore>
- <attribute name="Algorithm"><data type="anyURI"/></attribute>
- </define>
-
-
- <define name="ReferenceListType">
- <oneOrMore>
- <choice>
- <element name="DataReference">
- <text/>
- <attribute name="URI"><data type="anyURI"/></attribute>
- </element>
- <element name="KeyReference">
- <text/>
- <attribute name="URI"><data type="anyURI"/></attribute>
- </element>
- </choice>
- </oneOrMore>
- </define>
-
-
- <define name="CipherDataType">
- <choice>
- <element name="CipherValue"><data type="base64Binary"/></element>
- <element name="CipherReference">
- <element name="Transforms">
- <oneOrMore>
- <element name='Transform' ns="http://www.w3.org/2000/09/xmldsig#">
- <ref name='TransformType'/>
- </element>
- </oneOrMore>
- </element>
- <attribute name="URI">
- <data type="anyURI"/>
- </attribute>
- </element>
- </choice>
- </define>
-
-
- <define name="EncryptionPropertiesType">
- <element name="EncryptionProperty">
- <zeroOrMore>
- <element>
- <anyName/>
- <text/>
- </element>
- </zeroOrMore>
- <optional>
- <attribute name="Target">
- <data type="anyURI"/>
- </attribute>
- </optional>
- <optional>
- <attribute name="Id">
- <data type="ID"/>
- </attribute>
- </optional>
- </element>
-
- <optional>
- <attribute name="Id">
- <data type="ID"/>
- </attribute>
- </optional>
- <zeroOrMore>
- <attribute><nsName ns="http://www.w3.org/XML/1998/namespace"/></attribute>
- </zeroOrMore>
- </define>
-
-</grammar>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE schema PUBLIC "-//W3C//DTD XMLSchema 200102//EN"
- "http://www.w3.org/2001/XMLSchema.dtd"
- [
- <!ATTLIST schema
- xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#'
- xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'>
- <!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'>
- <!ENTITY % p ''>
- <!ENTITY % s ''>
- ]>
-
-<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
- xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
- xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
- targetNamespace='http://www.w3.org/2001/04/xmlenc#'
- elementFormDefault='qualified'>
-
- <import namespace='http://www.w3.org/2000/09/xmldsig#'
- schemaLocation='http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd'/>
-
- <complexType name='EncryptedType' abstract='true'>
- <sequence>
- <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
- minOccurs='0'/>
- <element ref='ds:KeyInfo' minOccurs='0'/>
- <element ref='xenc:CipherData'/>
- <element ref='xenc:EncryptionProperties' minOccurs='0'/>
- </sequence>
- <attribute name='Id' type='ID' use='optional'/>
- <attribute name='Type' type='anyURI' use='optional'/>
- <attribute name='MimeType' type='string' use='optional'/>
- <attribute name='Encoding' type='anyURI' use='optional'/>
- </complexType>
-
- <complexType name='EncryptionMethodType' mixed='true'>
- <sequence>
- <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
- <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
- <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- </sequence>
- <attribute name='Algorithm' type='anyURI' use='required'/>
- </complexType>
-
- <simpleType name='KeySizeType'>
- <restriction base="integer"/>
- </simpleType>
-
- <element name='CipherData' type='xenc:CipherDataType'/>
- <complexType name='CipherDataType'>
- <choice>
- <element name='CipherValue' type='base64Binary'/>
- <element ref='xenc:CipherReference'/>
- </choice>
- </complexType>
-
- <element name='CipherReference' type='xenc:CipherReferenceType'/>
- <complexType name='CipherReferenceType'>
- <choice>
- <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
- </choice>
- <attribute name='URI' type='anyURI' use='required'/>
- </complexType>
-
- <complexType name='TransformsType'>
- <sequence>
- <element ref='ds:Transform' maxOccurs='unbounded'/>
- </sequence>
- </complexType>
-
-
- <element name='EncryptedData' type='xenc:EncryptedDataType'/>
- <complexType name='EncryptedDataType'>
- <complexContent>
- <extension base='xenc:EncryptedType'>
- </extension>
- </complexContent>
- </complexType>
-
- <!-- Children of ds:KeyInfo -->
-
- <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
- <complexType name='EncryptedKeyType'>
- <complexContent>
- <extension base='xenc:EncryptedType'>
- <sequence>
- <element ref='xenc:ReferenceList' minOccurs='0'/>
- <element name='CarriedKeyName' type='string' minOccurs='0'/>
- </sequence>
- <attribute name='Recipient' type='string'
- use='optional'/>
- </extension>
- </complexContent>
- </complexType>
-
- <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
- <complexType name="AgreementMethodType" mixed="true">
- <sequence>
- <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
- <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
- <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
- <!-- End Children of ds:KeyInfo -->
-
- <element name='ReferenceList'>
- <complexType>
- <choice minOccurs='1' maxOccurs='unbounded'>
- <element name='DataReference' type='xenc:ReferenceType'/>
- <element name='KeyReference' type='xenc:ReferenceType'/>
- </choice>
- </complexType>
- </element>
-
- <complexType name='ReferenceType'>
- <sequence>
- <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- </sequence>
- <attribute name='URI' type='anyURI' use='required'/>
- </complexType>
-
-
- <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
- <complexType name='EncryptionPropertiesType'>
- <sequence>
- <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
- </sequence>
- <attribute name='Id' type='ID' use='optional'/>
- </complexType>
-
- <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
- <complexType name='EncryptionPropertyType' mixed='true'>
- <choice maxOccurs='unbounded'>
- <any namespace='##other' processContents='lax'/>
- </choice>
- <attribute name='Target' type='anyURI' use='optional'/>
- <attribute name='Id' type='ID' use='optional'/>
- <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
- </complexType>
-
-</schema>
-
+++ /dev/null
-<!-- DTD for XML Signatures
- http://www.w3.org/2000/09/xmldsig#
- Joseph Reagle $last changed 20001215$
-
- http://www.w3.org/2000/09/xmldsig#
- $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
-
- Copyright 2001 The Internet Society and W3C (Massachusetts Institute
- of Technology, Institut National de Recherche en Informatique et en
- Automatique, Keio University). All Rights Reserved.
- http://www.w3.org/Consortium/Legal/
-
- This document is governed by the W3C Software License [1] as described
- in the FAQ [2].
-
- [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
- [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-
-
-<!--
-
-The following entity declarations enable external/flexible content in
-the Signature content model.
-
-#PCDATA emulates schema string; when combined with element types it
-emulates schema's mixed content type.
-
-%foo.ANY permits the user to include their own element types from
-other namespaces, for example:
- <!ENTITY % KeyValue.ANY '| ecds:ECDSAKeyValue'>
- ...
- <!ELEMENT ecds:ECDSAKeyValue (#PCDATA) >
-
--->
-
-<!ENTITY % Object.ANY ''>
-<!ENTITY % Method.ANY ''>
-<!ENTITY % Transform.ANY ''>
-<!ENTITY % SignatureProperty.ANY ''>
-<!ENTITY % KeyInfo.ANY ''>
-<!ENTITY % KeyValue.ANY ''>
-<!ENTITY % PGPData.ANY ''>
-<!ENTITY % X509Data.ANY ''>
-<!ENTITY % SPKIData.ANY ''>
-
-
-
-<!-- Start Core Signature declarations, these should NOT be altered -->
-
-<!ELEMENT Signature (SignedInfo, SignatureValue, KeyInfo?, Object*) >
-<!ATTLIST Signature
- xmlns CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'
- Id ID #IMPLIED >
-
-<!ELEMENT SignatureValue (#PCDATA) >
-<!ATTLIST SignatureValue
- Id ID #IMPLIED>
-
-<!ELEMENT SignedInfo (CanonicalizationMethod,
- SignatureMethod, Reference+) >
-<!ATTLIST SignedInfo
- Id ID #IMPLIED
->
-
-<!ELEMENT CanonicalizationMethod (#PCDATA %Method.ANY;)* >
-<!ATTLIST CanonicalizationMethod
- Algorithm CDATA #REQUIRED >
-
-<!ELEMENT SignatureMethod (#PCDATA|HMACOutputLength %Method.ANY;)* >
-<!ATTLIST SignatureMethod
- Algorithm CDATA #REQUIRED >
-
-<!ELEMENT Reference (Transforms?, DigestMethod, DigestValue) >
-<!ATTLIST Reference
- Id ID #IMPLIED
- URI CDATA #IMPLIED
- Type CDATA #IMPLIED>
-
-
-<!ELEMENT Transforms (Transform+)>
-
-<!ELEMENT Transform (#PCDATA|XPath %Transform.ANY;)* >
-<!ATTLIST Transform
- Algorithm CDATA #REQUIRED >
-
-<!ELEMENT XPath (#PCDATA) >
-
-<!ELEMENT DigestMethod (#PCDATA %Method.ANY;)* >
-<!ATTLIST DigestMethod
- Algorithm CDATA #REQUIRED >
-
-<!ELEMENT DigestValue (#PCDATA) >
-
-<!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod|
- X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* >
-<!ATTLIST KeyInfo
- Id ID #IMPLIED >
-
-<!-- Key Information -->
-
-<!ELEMENT KeyName (#PCDATA) >
-<!ELEMENT KeyValue (#PCDATA|DSAKeyValue|RSAKeyValue %KeyValue.ANY;)* >
-<!ELEMENT MgmtData (#PCDATA) >
-
-<!ELEMENT RetrievalMethod (Transforms?) >
-<!ATTLIST RetrievalMethod
- URI CDATA #REQUIRED
- Type CDATA #IMPLIED >
-
-<!-- X.509 Data -->
-
-<!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
- X509Certificate | X509CRL )+ %X509Data.ANY;)>
-<!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
-<!ELEMENT X509IssuerName (#PCDATA) >
-<!ELEMENT X509SubjectName (#PCDATA) >
-<!ELEMENT X509SerialNumber (#PCDATA) >
-<!ELEMENT X509SKI (#PCDATA) >
-<!ELEMENT X509Certificate (#PCDATA) >
-<!ELEMENT X509CRL (#PCDATA) >
-
-<!-- PGPData -->
-
-<!ELEMENT PGPData ((PGPKeyID, PGPKeyPacket?) | (PGPKeyPacket) %PGPData.ANY;) >
-<!ELEMENT PGPKeyPacket (#PCDATA) >
-<!ELEMENT PGPKeyID (#PCDATA) >
-
-<!-- SPKI Data -->
-
-<!ELEMENT SPKIData (SPKISexp %SPKIData.ANY;) >
-<!ELEMENT SPKISexp (#PCDATA) >
-
-<!-- Extensible Content -->
-
-<!ELEMENT Object (#PCDATA|Signature|SignatureProperties|Manifest %Object.ANY;)* >
-<!ATTLIST Object
- Id ID #IMPLIED
- MimeType CDATA #IMPLIED
- Encoding CDATA #IMPLIED >
-
-<!ELEMENT Manifest (Reference+) >
-<!ATTLIST Manifest
- Id ID #IMPLIED >
-
-<!ELEMENT SignatureProperties (SignatureProperty+) >
-<!ATTLIST SignatureProperties
- Id ID #IMPLIED >
-
-<!ELEMENT SignatureProperty (#PCDATA %SignatureProperty.ANY;)* >
-<!ATTLIST SignatureProperty
- Target CDATA #REQUIRED
- Id ID #IMPLIED >
-
-<!-- Algorithm Parameters -->
-
-<!ELEMENT HMACOutputLength (#PCDATA) >
-
-<!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
-<!ELEMENT P (#PCDATA) >
-<!ELEMENT Q (#PCDATA) >
-<!ELEMENT G (#PCDATA) >
-<!ELEMENT Y (#PCDATA) >
-<!ELEMENT J (#PCDATA) >
-<!ELEMENT Seed (#PCDATA) >
-<!ELEMENT PgenCounter (#PCDATA) >
-
-<!ELEMENT RSAKeyValue (Modulus, Exponent) >
-<!ELEMENT Modulus (#PCDATA) >
-<!ELEMENT Exponent (#PCDATA) >
-
+++ /dev/null
-<?xml version='1.0' encoding='UTF-8'?>
-<!-- http://www.xml.com/lpt/a/2002/01/23/relaxng.html -->
-<!-- http://www.oasis-open.org/committees/relax-ng/tutorial-20011203.html -->
-<!-- http://www.zvon.org/xxl/XMLSchemaTutorial/Output/ser_wildcards_st8.html -->
-<!-- http://lists.oasis-open.org/archives/relax-ng-comment/200206/maillist.html -->
-
-<grammar xmlns='http://relaxng.org/ns/structure/1.0'
- xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
- xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
- ns='http://www.w3.org/2000/09/xmldsig#'
- datatypeLibrary='http://www.w3.org/2001/XMLSchema-datatypes'>
-
- <start>
- <element name='Signature'><ref name='SignatureType'/></element>
- </start>
-
- <define name='CryptoBinary'>
- <data type='base64Binary'/>
- </define>
-
- <define name='SignatureType'>
- <element name='SignedInfo'><ref name='SignedInfoType'/></element>
- <element name='SignatureValue'><ref name='SignatureValueType'/></element>
- <optional><element name='KeyInfo'><ref name='KeyInfoType'/></element></optional>
- <zeroOrMore><element name='Object'><ref name='ObjectType'/></element></zeroOrMore>
- <optional><attribute name='Id'><data type='ID'/></attribute></optional>
- <optional><attribute name='xsi:schemaLocation'/></optional>
- </define>
-
- <define name='SignatureValueType'>
- <data type='base64Binary'/>
- <optional><attribute name='Id'><data type='ID'/></attribute></optional>
- </define>
-
-<!-- Start SignedInfo -->
-
- <define name='SignedInfoType'>
- <element name='CanonicalizationMethod'><ref name='CanonicalizationMethodType'/></element>
- <element name='SignatureMethod'><ref name='SignatureMethodType'/></element>
- <optional><element name='KeyInfo'><ref name='KeyInfoType'/></element></optional>
- <oneOrMore><element name='Reference'><ref name='ReferenceType'/></element></oneOrMore>
- <optional><attribute name='Id'><data type='ID'/></attribute></optional>
- </define>
-
- <define name='CanonicalizationMethodType'>
- <zeroOrMore><ref name='anyThing'/></zeroOrMore>
- <optional><attribute name='Algorithm'><data type='anyURI'/></attribute></optional>
- </define>
-
-
- <define name='SignatureMethodType'>
- <optional><element name='HMACOutputLength'><data type='integer'/></element></optional>
- <zeroOrMore><ref name='anyThing'/></zeroOrMore>
- <optional><attribute name='Algorithm'><data type='anyURI'/></attribute></optional>
- </define>
-
-<!-- Start Reference -->
-
- <define name='ReferenceType'>
- <optional><element name='Transforms'><ref name='TransformsType'/></element></optional>
- <element name='DigestMethod'><ref name='DigestMethodType'/></element>
- <element name='DigestValue'><ref name='DigestValueType'/></element>
- <optional><attribute name='Type'><data type='anyURI'/></attribute></optional>
- <optional><attribute name='URI'><data type='anyURI'/></attribute></optional>
- <optional><attribute name='Id'><data type='ID'/></attribute></optional>
- </define>
-
- <define name='TransformsType'>
- <oneOrMore><element name='Transform'><ref name='TransformType'/></element></oneOrMore>
- </define>
-
- <define name='TransformType'>
- <optional><element name='XPath'><data type='string'/></element></optional>
- <zeroOrMore><ref name='anyThing'/></zeroOrMore>
- <attribute name='Algorithm'><data type='anyURI'/></attribute>
- </define>
-
-<!-- End Reference -->
-
- <define name='DigestMethodType'>
- <zeroOrMore><ref name='anyThing'/></zeroOrMore>
- <attribute name='Algorithm'><data type='anyURI'/></attribute>
- </define>
-
- <define name='DigestValueType'>
- <data type='base64Binary'/>
- </define>
-
-<!-- End SignedInfo -->
-
-<!-- Start KeyInfo -->
-
- <define name='KeyInfoType'>
- <oneOrMore>
- <choice>
- <element name='KeyName'><data type='string'/></element>
- <element name='KeyValue'><ref name='KeyValueType'/></element>
- <element name='RetrievalMethod'><ref name='RetrievalMethodType'/></element>
- <element name='X509Data'><ref name='X509DataType'/></element>
- <element name='PGPData'><ref name='PGPDataType'/></element>
- <element name='SPKIData'><ref name='SPKIDataType'/></element>
- <element name='MgmtData'><data type='string'/></element>
- <ref name='anyThing'/>
- </choice>
- </oneOrMore>
- <optional><attribute name='Id'><data type='ID'/></attribute></optional>
-</define>
-
- <define name='KeyValueType'>
- <choice>
- <text/>
- <element name='DSAKeyValue'><ref name='DSAKeyValueType'/></element>
- <element name='RSAKeyValue'><ref name='RSAKeyValueType'/></element>
- <ref name='anyThing'/>
- </choice>
- </define>
-
- <define name='RetrievalMethodType'>
- <optional><element name='Transforms'><ref name='TransformsType'/></element></optional>
- <optional><attribute name='Type'><data type='anyURI'/></attribute></optional>
- <optional><attribute name='URI'><data type='anyURI'/></attribute></optional>
- </define>
-
-<!-- Start X509Data -->
-
- <define name='X509DataType'>
- <oneOrMore>
- <choice>
- <element name='X509IssuerSerial'>
- <element name='X509IssuerName'>
- <data type='string'/>
- </element>
- <element name='X509SerialNumber'>
- <data type='integer'/>
- </element>
- </element>
- <element name='X509SKI'>
- <data type='base64Binary'/>
- </element>
- <element name='X509SubjectName'>
- <data type='string'/>
- </element>
- <element name='X509Certificate'>
- <data type='base64Binary'/>
- </element>
- <element name='X509CRL'>
- <data type='base64Binary'/>
- </element>
- <ref name='anyThing'/>
- </choice>
- </oneOrMore>
- </define>
-
-<!-- End X509Data -->
-
-<!-- Begin PGPData -->
-
- <define name='PGPDataType'>
- <choice>
- <group>
- <element name='PGPKeyID'>
- <data type='base64Binary'/>
- </element>
- <optional>
- <element name='PGPKeyPacket'>
- <data type='base64Binary'/>
- </element>
- </optional>
- <zeroOrMore>
- <ref name='anyThing'/>
- </zeroOrMore>
- </group>
- <group>
- <element name='PGPKeyPacket'>
- <data type='base64Binary'/>
- </element>
- <zeroOrMore>
- <ref name='anyThing'/>
- </zeroOrMore>
- </group>
- </choice>
- </define>
-
-<!-- End PGPData -->
-
-<!-- Begin SPKIData -->
-
- <define name='SPKIDataType'>
- <oneOrMore>
- <element name='SPKISexp'>
- <data type='base64Binary'/>
- </element>
- <optional>
- <ref name='anyThing'/>
- </optional>
- </oneOrMore>
- </define>
-
-<!-- End SPKIData -->
-
-<!-- End KeyInfo -->
-
-
-<!-- Start Object (Manifest, SignatureProperty) -->
-
- <define name='ObjectType'>
- <zeroOrMore>
- <choice>
- <element name='Manifest'><ref name='ManifestType'/></element>
- <element name='SignatureProperties'><ref name='SignaturePropertiesType'/></element>
- <ref name='anyThing'/>
- </choice>
- </zeroOrMore>
- <optional>
- <attribute name='Encoding'>
- <data type='anyURI'/>
- </attribute>
- </optional>
- <optional>
- <attribute name='MimeType'>
- <data type='string'/>
- </attribute>
- </optional>
- <optional>
- <attribute name='Id'>
- <data type='ID'/>
- </attribute>
- </optional>
- </define>
-
- <define name='ManifestType'>
- <oneOrMore>
- <element name='Reference'><ref name='ReferenceType'/></element>
- </oneOrMore>
- <optional><attribute name='Id'><data type='ID'/></attribute></optional>
- </define>
-
- <define name='SignaturePropertiesType'>
- <oneOrMore>
- <element name='SignatureProperty'><ref name='SignaturePropertyType'/></element>
- </oneOrMore>
- <optional>
- <attribute name='Id'>
- <data type='ID'/>
- </attribute>
- </optional>
- </define>
-
- <define name='SignaturePropertyType'>
- <oneOrMore><ref name='anyThing'/></oneOrMore>
- <optional>
- <attribute name='Id'>
- <data type='ID'/>
- </attribute>
- </optional>
- <attribute name='Target'>
- <data type='anyURI'/>
- </attribute>
- </define>
-
-<!-- End Object (Manifest, SignatureProperty) -->
-
-
-<!-- Start KeyValue Element-types -->
-
- <define name='DSAKeyValueType'>
- <optional>
- <element name='P'>
- <ref name='CryptoBinary'/>
- </element>
- <element name='Q'>
- <ref name='CryptoBinary'/>
- </element>
- </optional>
- <optional>
- <element name='G'>
- <ref name='CryptoBinary'/>
- </element>
- </optional>
- <element name='Y'>
- <ref name='CryptoBinary'/>
- </element>
- <optional>
- <element name='J'>
- <ref name='CryptoBinary'/>
- </element>
- </optional>
- <optional>
- <element name='Seed'>
- <ref name='CryptoBinary'/>
- </element>
- <element name='PgenCounter'>
- <ref name='CryptoBinary'/>
- </element>
- </optional>
- </define>
-
- <define name='RSAKeyValueType'>
- <element name='Modulus'>
- <ref name='CryptoBinary'/>
- </element>
- <element name='Exponent'>
- <ref name='CryptoBinary'/>
- </element>
- </define>
-
-
-<!-- End KeyValue Element-types -->
-
-<!-- End Signature -->
-
-
- <!-- This should emulate the ANY content model under lax validation -->
- <define name='anyThing'>
- <zeroOrMore>
- <choice>
- <text/>
- <element>
- <!-- "except" provided for DTD compatibility -->
- <!-- [1] ns='http://www.oasis-open.org/committees/relax-ng/compatibility.html#id' -->
- <anyName>
- <except>
- <nsName/>
- <!-- <nsName ns='http://www.w3.org/2001/04/xmlenc#'/> -->
- </except>
- </anyName>
- <ref name='anyThing'/>
- <zeroOrMore>
- <attribute>
- <anyName/>
- </attribute>
- </zeroOrMore>
- </element>
- </choice>
- </zeroOrMore>
- </define>
-
-
-</grammar>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE schema
- PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
- [
- <!ATTLIST schema
- xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
- <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
- <!ENTITY % p ''>
- <!ENTITY % s ''>
- ]>
-
-<!-- Schema for XML Signatures
- http://www.w3.org/2000/09/xmldsig#
- $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
-
- Copyright 2001 The Internet Society and W3C (Massachusetts Institute
- of Technology, Institut National de Recherche en Informatique et en
- Automatique, Keio University). All Rights Reserved.
- http://www.w3.org/Consortium/Legal/
-
- This document is governed by the W3C Software License [1] as described
- in the FAQ [2].
-
- [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
- [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-
-
-<schema xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- targetNamespace="http://www.w3.org/2000/09/xmldsig#"
- version="0.1" elementFormDefault="qualified">
-
-<!-- Basic Types Defined for Signatures -->
-
-<simpleType name="CryptoBinary">
- <restriction base="base64Binary">
- </restriction>
-</simpleType>
-
-<!-- Start Signature -->
-
-<element name="Signature" type="ds:SignatureType"/>
-<complexType name="SignatureType">
- <sequence>
- <element ref="ds:SignedInfo"/>
- <element ref="ds:SignatureValue"/>
- <element ref="ds:KeyInfo" minOccurs="0"/>
- <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureValue" type="ds:SignatureValueType"/>
- <complexType name="SignatureValueType">
- <simpleContent>
- <extension base="base64Binary">
- <attribute name="Id" type="ID" use="optional"/>
- </extension>
- </simpleContent>
- </complexType>
-
-<!-- Start SignedInfo -->
-
-<element name="SignedInfo" type="ds:SignedInfoType"/>
-<complexType name="SignedInfoType">
- <sequence>
- <element ref="ds:CanonicalizationMethod"/>
- <element ref="ds:SignatureMethod"/>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
- <complexType name="CanonicalizationMethodType" mixed="true">
- <sequence>
- <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
- <element name="SignatureMethod" type="ds:SignatureMethodType"/>
- <complexType name="SignatureMethodType" mixed="true">
- <sequence>
- <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
- <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) external namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- Start Reference -->
-
-<element name="Reference" type="ds:ReferenceType"/>
-<complexType name="ReferenceType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- <element ref="ds:DigestMethod"/>
- <element ref="ds:DigestValue"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="URI" type="anyURI" use="optional"/>
- <attribute name="Type" type="anyURI" use="optional"/>
-</complexType>
-
- <element name="Transforms" type="ds:TransformsType"/>
- <complexType name="TransformsType">
- <sequence>
- <element ref="ds:Transform" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
-
- <element name="Transform" type="ds:TransformType"/>
- <complexType name="TransformType" mixed="true">
- <choice minOccurs="0" maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- <element name="XPath" type="string"/>
- </choice>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- End Reference -->
-
-<element name="DigestMethod" type="ds:DigestMethodType"/>
-<complexType name="DigestMethodType" mixed="true">
- <sequence>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
-</complexType>
-
-<element name="DigestValue" type="ds:DigestValueType"/>
-<simpleType name="DigestValueType">
- <restriction base="base64Binary"/>
-</simpleType>
-
-<!-- End SignedInfo -->
-
-<!-- Start KeyInfo -->
-
-<element name="KeyInfo" type="ds:KeyInfoType"/>
-<complexType name="KeyInfoType" mixed="true">
- <choice maxOccurs="unbounded">
- <element ref="ds:KeyName"/>
- <element ref="ds:KeyValue"/>
- <element ref="ds:RetrievalMethod"/>
- <element ref="ds:X509Data"/>
- <element ref="ds:PGPData"/>
- <element ref="ds:SPKIData"/>
- <element ref="ds:MgmtData"/>
- <any processContents="lax" namespace="##other"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- </choice>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="KeyName" type="string"/>
- <element name="MgmtData" type="string"/>
-
- <element name="KeyValue" type="ds:KeyValueType"/>
- <complexType name="KeyValueType" mixed="true">
- <choice>
- <element ref="ds:DSAKeyValue"/>
- <element ref="ds:RSAKeyValue"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
-
- <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
- <complexType name="RetrievalMethodType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- </sequence>
- <attribute name="URI" type="anyURI"/>
- <attribute name="Type" type="anyURI" use="optional"/>
- </complexType>
-
-<!-- Start X509Data -->
-
-<element name="X509Data" type="ds:X509DataType"/>
-<complexType name="X509DataType">
- <sequence maxOccurs="unbounded">
- <choice>
- <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
- <element name="X509SKI" type="base64Binary"/>
- <element name="X509SubjectName" type="string"/>
- <element name="X509Certificate" type="base64Binary"/>
- <element name="X509CRL" type="base64Binary"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </sequence>
-</complexType>
-
-<complexType name="X509IssuerSerialType">
- <sequence>
- <element name="X509IssuerName" type="string"/>
- <element name="X509SerialNumber" type="integer"/>
- </sequence>
-</complexType>
-
-<!-- End X509Data -->
-
-<!-- Begin PGPData -->
-
-<element name="PGPData" type="ds:PGPDataType"/>
-<complexType name="PGPDataType">
- <choice>
- <sequence>
- <element name="PGPKeyID" type="base64Binary"/>
- <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- <sequence>
- <element name="PGPKeyPacket" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- </choice>
-</complexType>
-
-<!-- End PGPData -->
-
-<!-- Begin SPKIData -->
-
-<element name="SPKIData" type="ds:SPKIDataType"/>
-<complexType name="SPKIDataType">
- <sequence maxOccurs="unbounded">
- <element name="SPKISexp" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"/>
- </sequence>
-</complexType>
-
-<!-- End SPKIData -->
-
-<!-- End KeyInfo -->
-
-<!-- Start Object (Manifest, SignatureProperty) -->
-
-<element name="Object" type="ds:ObjectType"/>
-<complexType name="ObjectType" mixed="true">
- <sequence minOccurs="0" maxOccurs="unbounded">
- <any namespace="##any" processContents="lax"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
- <attribute name="Encoding" type="anyURI" use="optional"/>
-</complexType>
-
-<element name="Manifest" type="ds:ManifestType"/>
-<complexType name="ManifestType">
- <sequence>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
-<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
-<complexType name="SignaturePropertiesType">
- <sequence>
- <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
- <complexType name="SignaturePropertyType" mixed="true">
- <choice maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (1,unbounded) namespaces -->
- </choice>
- <attribute name="Target" type="anyURI" use="required"/>
- <attribute name="Id" type="ID" use="optional"/>
- </complexType>
-
-<!-- End Object (Manifest, SignatureProperty) -->
-
-<!-- Start Algorithm Parameters -->
-
-<simpleType name="HMACOutputLengthType">
- <restriction base="integer"/>
-</simpleType>
-
-<!-- Start KeyValue Element-types -->
-
-<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
-<complexType name="DSAKeyValueType">
- <sequence>
- <sequence minOccurs="0">
- <element name="P" type="ds:CryptoBinary"/>
- <element name="Q" type="ds:CryptoBinary"/>
- </sequence>
- <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- <element name="Y" type="ds:CryptoBinary"/>
- <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
- <sequence minOccurs="0">
- <element name="Seed" type="ds:CryptoBinary"/>
- <element name="PgenCounter" type="ds:CryptoBinary"/>
- </sequence>
- </sequence>
-</complexType>
-
-<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
-<complexType name="RSAKeyValueType">
- <sequence>
- <element name="Modulus" type="ds:CryptoBinary"/>
- <element name="Exponent" type="ds:CryptoBinary"/>
- </sequence>
-</complexType>
-
-<!-- End KeyValue Element-types -->
-
-<!-- End Signature -->
-
-</schema>
+++ /dev/null
-algorithm.alreadyRegistered = URI {0} wurde bereits an die Klasse {1} gebunden\r
-algorithm.classDoesNotExist = Kann URI {0} nicht für Klasse {1} registrieren weil sie nicht existiert\r
-algorithm.ClassDoesNotExist = Klasse {0} existiert nicht\r
-algorithm.extendsWrongClass = Kann URI {0} nicht für Klasse {1} registrieren weil sie nicht {2} extended\r
-algorithms.CannotUseAlgorithmParameterSpecOnDSA = Sorry, but you cannot use a AlgorithmParameterSpec object for creating DSA signatures.\r
-algorithms.CannotUseAlgorithmParameterSpecOnRSA = Sorry, but you cannot use a AlgorithmParameterSpec object for creating RSA signatures.\r
-algorithms.CannotUseSecureRandomOnMAC = Sorry, but you cannot use a SecureRandom object for creating MACs.\r
-algorithms.HMACOutputLengthMin = HMACOutputLength must not be less than {0}
-algorithms.HMACOutputLengthOnlyForHMAC = A HMACOutputLength can only be specified for HMAC integrity algorithms\r
-algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verfügbar. Original Nachricht war: {1}\r
-algorithms.NoSuchMap = The algorithm URI "{0}" could not be mapped to a JCE algorithm\r
-algorithms.NoSuchProvider = The specified Provider {0} does not exist. Original Message was: {1}\r
-algorithms.operationOnlyVerification = A public key can only used for verification of a signature.\r
-algorithms.WrongKeyForThisOperation = Sorry, you supplied the wrong key type for this operation! You supplied a {0} but a {1} is needed.\r
-attributeValueIllegal = The attribute {0} has value {1} but must be {2}\r
-c14n.Canonicalizer.Exception = Exception während Kanonisierung: Original Nachricht war {0}\r
-c14n.Canonicalizer.IllegalNode = Unzulässiger NodeType {0}, NodeName lautete {1}\r
-c14n.Canonicalizer.NoSuchCanonicalizer = Kein Canonicalizer mit dem URI {0} gefunden\r
-c14n.Canonicalizer.ParserConfigurationException = ParserConfigurationException während Kanonisierung: Original Nachricht war {0}\r
-c14n.Canonicalizer.RelativeNamespace = Das Element {0} hat einen relativen Namespace: {1}="{2}"\r
-c14n.Canonicalizer.SAXException = SAXException während Kanonisierung: Original Nachricht war {0}\r
-c14n.Canonicalizer.TraversalNotSupported = Das DOM Dokument unterstützt keine Traversal {0}\r
-c14n.Canonicalizer.UnsupportedEncoding = Unbekannte Kodierung {0}\r
-c14n.Canonicalizer.UnsupportedOperation = This canonicalizer does not support this operation\r
-c14n.XMLUtils.circumventBug2650forgotten = The tree has not been prepared for canonicalization using XMLUtils#circumventBug2650(Document)\r
-certificate.noSki.lowVersion = Certificate cannot contain a SubjectKeyIdentifier because it is only X509v{0}\r
-certificate.noSki.notOctetString = Certificates SubjectKeyIdentifier is not a OctetString\r
-certificate.noSki.null = Certificate does not contain a SubjectKeyIdentifier\r
-defaultNamespaceCannotBeSetHere = Default namespace cannot be set here\r
-ElementProxy.nullElement = Kann einen ElementProxy aus einem null Argument erzeugen\r
-empty = {0}\r
-encryption.algorithmCannotBeUsedForEncryptedData = encryption.algorithmCannotBeUsedForEncryptedData {0}\r
-encryption.algorithmCannotEatInitParams = encryption.algorithmCannotEatInitParams\r
-encryption.algorithmCannotEncryptDecrypt = encryption.algorithmCannotEncryptDecrypt\r
-encryption.algorithmCannotWrapUnWrap = encryption.algorithmCannotWrapUnWrap\r
-encryption.ExplicitKeySizeMismatch = The xenc:KeySize element requests a key size of {0} bit but the algorithm implements {1} bit\r
-encryption.nonceLongerThanDecryptedPlaintext = The given nonce is longer than the available plaintext. I Cannot strip away this.\r
-encryption.RSAOAEP.dataHashWrong = data hash wrong\r
-encryption.RSAOAEP.dataStartWrong = data wrong start {0}\r
-encryption.RSAOAEP.dataTooShort = data too short\r
-encryption.RSAPKCS15.blockTruncated = block truncated\r
-encryption.RSAPKCS15.noDataInBlock = no data in block\r
-encryption.RSAPKCS15.unknownBlockType = unknown block type\r
-encryption.nokey = No Key Encryption Key loaded and cannot determine using key resolvers\r
-endorsed.jdk1.4.0 = Since it seems that nobody reads our installation notes, we must do it in the exception messages. Hope you read them. You did NOT use the endorsed mechanism from JDK 1.4 properly; look at <http://xml.apache.org/security/Java/installation.html> how to solve this problem.\r
-errorMessages.InvalidDigestValueException = Ungültige Signatur: Reference Validation fehlgeschlagen.\r
-errorMessages.InvalidSignatureValueException = Ungültige Signatur: Core Validation fehlgeschlagen.\r
-errorMessages.IOException = Datei oder Resource kann nicht gelesen werden.\r
-errorMessages.MissingKeyFailureException = Verifizieren fehlgeschlagen, weil der öffentliche Schlüssel (public key) nicht verfügbar ist. Resourcen via addResource() hinzufügen und erneut verifizieren.\r
-errorMessages.MissingResourceFailureException = Verifizieren fehlgeschlagen, weil Resourcen nicht verfügbar sind. Resourcen via addResource() hinzufügen und erneut verifizieren.\r
-errorMessages.NoSuchAlgorithmException = Unbekannter Algorithmus {0}\r
-errorMessages.NotYetImplementedException = Funktionalität noch nicht implementiert.\r
-errorMessages.XMLSignatureException = Verifizieren aus unbekanntem Grund fehlgeschlagen.\r
-decoding.divisible.four = It should be divisible by four\r
-decoding.general = Error while decoding\r
-FileKeyStorageImpl.addToDefaultFromRemoteNotImplemented = Method addToDefaultFromRemote() not yet implemented.\r
-FileKeyStorageImpl.NoCert.Context = Not found such a X509Certificate including context {0}\r
-FileKeyStorageImpl.NoCert.IssNameSerNo = Not found such a X509Certificate with IssuerName {0} and serial number {1}\r
-FileKeyStorageImpl.NoCert.SubjName = Not found such a X509Certificate including SubjectName {0}\r
-generic.dontHaveConstructionElement = I do not have a construction Element\r
-generic.EmptyMessage = {0}\r
-generic.NotYetImplemented = {0} Leider noch nicht implementiert ;-((\r
-java.security.InvalidKeyException = Ungültiger Schlüssel\r
-java.security.NoSuchProviderException = Unbekannter oder nicht unterstützter Provider\r
-java.security.UnknownKeyType = Unbekannter oder nicht unterstützter Key type {0}\r
-KeyInfo.needKeyResolver = Es müssen mehrere KeyResolver registriert sein\r
-KeyInfo.nokey = Kann keinen Schlüssel aus {0} gewinnen\r
-KeyInfo.noKey = Kann keinen öffentlichen Schlüssel finden\r
-KeyInfo.wrongNumberOfObject = Benötige {0} keyObjects\r
-KeyInfo.wrongUse = Dieses Objekt wird verwendet, um {0} zu gewinnen\r
-keyResolver.alreadyRegistered = Die Klasse {1} wurde bereits registriert für {0}\r
-KeyResolver.needStorageResolver = Need a StorageResolver to retrieve a Certificate from a {0}\r
-KeyResoverSpiImpl.cannotGetCert = Cannot get the Certificate that include or in {1} in implement class {0}\r
-KeyResoverSpiImpl.elementGeneration = Cannot make {1} element in implement class {0}\r
-KeyResoverSpiImpl.getPoublicKey = Cannot get the public key from implement class {0}\r
-KeyResoverSpiImpl.InvalidElement = Cannot set (2) Element in implement class {0}\r
-KeyResoverSpiImpl.keyStore = KeyStorage error in implement class {0}\r
-KeyResoverSpiImpl.need.Element = {1} type of Element is needed in implement class {0}\r
-KeyResoverSpiImpl.wrongCRLElement = Cannot make CRL from {1} in implement class {0}\r
-KeyResoverSpiImpl.wrongKeyObject = Need {1} type of KeyObject for generation Element in implement class{0}\r
-KeyResoverSpiImpl.wrongNumberOfObject = Need {1} keyObject in implement class {0}\r
-KeyStore.alreadyRegistered = {0} Class has already been registered for {1}\r
-KeyStore.register = {1} type class register error in class {0}\r
-KeyStore.registerStore.register = Registeration error for type {0}\r
-KeyValue.IllegalArgument = Cannot create a {0} from {1}\r
-namespacePrefixAlreadyUsedByOtherURI = Namespace {0} already used by other URI {1}\r
-notYetInitialized = Das Modul {0} ist noch nicht initialisiert\r
-prefix.AlreadyAssigned = Sie binden den Prefix {0} an den Namespace {1} aber er ist bereits an {2} zugewiesen\r
-signature.Canonicalizer.UnknownCanonicalizer = Unbekannter Canonicalizer. Kein Handler installiert für URI {0}\r
-signature.DSA.invalidFormat = Invalid ASN.1 encoding of the DSA signature\r
-signature.Generation.signBeforeGetValue = You have to XMLSignature.sign(java.security.PrivateKey) first\r
-signature.Reference.ForbiddenResolver = It is forbidden to access resolver {0} when secure validation is enabled\r
-signature.signatureAlgorithm = It is forbidden to use algorithm {0} when secure validation is enabled\r
-signature.signaturePropertyHasNoTarget = Das Target Attribut der SignatureProperty muss gesetzt sein\r
-signature.tooManyReferences = {0} references are contained in the Manifest, maximum {1} are allowed with secure validation\r
-signature.tooManyTransforms = {0} transforms are contained in the Reference, maximum {1} are allowed with secure validation\r
-signature.Transform.ErrorDuringTransform = Während der Transformation {0} trat eine {1} auf.\r
-signature.Transform.ForbiddenTransform = Transform {0} is forbidden when secure validation is enabled\r
-signature.Transform.NotYetImplemented = Transform {0} noch nicht implementiert\r
-signature.Transform.NullPointerTransform = Null pointer als URI übergeben. Programmierfehler?\r
-signature.Transform.UnknownTransform = Unbekannte Transformation. Kein Handler installiert für URI {0}\r
-signature.Util.BignumNonPositive = bigInteger.signum() muß positiv sein\r
-signature.Util.NonTextNode = Kein Text Node\r
-signature.Util.TooManyChilds = Zu viele Child-Elemente vom Type {0} in {1}\r
-signature.Verification.certificateError = Zertifikatsfehler\r
-signature.Verification.IndexOutOfBounds = Index {0} illegal. We only have {1} References\r
-signature.Verification.internalError = Interner Fehler\r
-signature.Verification.InvalidDigestOrReference = Ungültiger Digest Wert oder Reference Element {0}\r
-signature.Verification.keyStore = Öffnen des KeyStore fehlgeschlagen\r
-signature.Verification.MissingID = Cannot resolve element with ID {0}\r
-signature.Verification.MissingResources = Kann die externe Resource {0} nicht auflösen\r
-signature.Verification.MultipleIDs = Multiple Elements with the same ID {0} were detected\r
-signature.Verification.NoSignatureElement = Input Dokument enthält kein {0} Element mit dem Namespace {1}\r
-signature.Verification.Reference.NoInput = Die Reference für den URI {0} hat keinen XMLSignatureInput erhalten.\r
-signature.Verification.SignatureError = Signatur Fehler\r
-signature.XMLSignatureInput.MissingConstuctor = Kann aus der Klasse {0} keinen XMLSignatureInput erzeugen\r
-signature.XMLSignatureInput.SerializeDOM = Input mit einem DOM Dokument initialisiert. Muß mit C14N serialisiert werden\r
-transform.Init.IllegalContextArgument = Unzulässiges Kontext Argument der Klasse {0}. Muss String, org.w3c.dom.NodeList oder java.io.InputStream sein.\r
-transform.init.NotInitialized =\r
-transform.init.wrongURI = Initialisiert mit dem falschen URI. Das sollte nie passieren. Die Transformation implementiert {0} aber {1} wurde bei der Instantiierung verwendet.\r
-utils.Base64.IllegalBitlength = Ungültige Bytelänge; Muss ein vielfaches von 4 sein\r
-utils.resolver.noClass = Could not find a resolver for URI {0} and Base {1}\r
-xml.WrongContent = Kann {0} nicht finden in {1}\r
-xml.WrongElement = Kann kein {0} aus einem {1} Element erzeugen\r
-xpath.funcHere.documentsDiffer = Der XPath ist nicht im selben Dokument wie der Kontext Node\r
-xpath.funcHere.noXPathContext = Try to evaluate an XPath which uses the here() function but XPath is not inside an ds:XPath Element. XPath was : {0}\r
+++ /dev/null
-algorithm.alreadyRegistered = URI {0} already assigned to class {1}\r
-algorithm.classDoesNotExist = Cannot register URI {0} to class {1} because this class does not exist in CLASSPATH\r
-algorithm.ClassDoesNotExist = Class {0} does not exist\r
-algorithm.extendsWrongClass = Cannot register URI {0} to class {1} because it does not extend {2}\r
-algorithms.CannotUseAlgorithmParameterSpecOnDSA = Sorry, but you cannot use a AlgorithmParameterSpec object for creating DSA signatures.\r
-algorithms.CannotUseAlgorithmParameterSpecOnRSA = Sorry, but you cannot use a AlgorithmParameterSpec object for creating RSA signatures.\r
-algorithms.CannotUseSecureRandomOnMAC = Sorry, but you cannot use a SecureRandom object for creating MACs.\r
-algorithms.HMACOutputLengthMin = HMACOutputLength must not be less than {0}
-algorithms.HMACOutputLengthOnlyForHMAC = A HMACOutputLength can only be specified for HMAC integrity algorithms\r
-algorithms.NoSuchAlgorithm = The requested algorithm {0} does not exist. Original Message was: {1}\r
-algorithms.NoSuchMap = The algorithm URI "{0}" could not be mapped to a JCE algorithm\r
-algorithms.NoSuchProvider = The specified Provider {0} does not exist. Original Message was: {1}\r
-algorithms.operationOnlyVerification = A public key can only used for verification of a signature.\r
-algorithms.WrongKeyForThisOperation = Sorry, you supplied the wrong key type for this operation! You supplied a {0} but a {1} is needed.\r
-attributeValueIllegal = The attribute {0} has value {1} but must be {2}\r
-c14n.Canonicalizer.Exception = Exception during Canonicalization: Original Message was {0}\r
-c14n.Canonicalizer.IllegalNode = Illegal node type {0}, node name was {1}\r
-c14n.Canonicalizer.NoSuchCanonicalizer = No canonicalizer found with URI {0}\r
-c14n.Canonicalizer.ParserConfigurationException = ParserConfigurationException during Canonicalization: Original Message was {0}\r
-c14n.Canonicalizer.RelativeNamespace = Element {0} has a relative namespace: {1}="{2}"\r
-c14n.Canonicalizer.SAXException = SAXException during Canonicalization: Original Message was {0}\r
-c14n.Canonicalizer.TraversalNotSupported = This DOM document does not support Traversal {0}\r
-c14n.Canonicalizer.UnsupportedEncoding = Unsupported encoding {0}\r
-c14n.Canonicalizer.UnsupportedOperation = This canonicalizer does not support this operation\r
-c14n.XMLUtils.circumventBug2650forgotten = The tree has not been prepared for canonicalization using XMLUtils#circumventBug2650(Document)\r
-certificate.noSki.lowVersion = Certificate cannot contain a SubjectKeyIdentifier because it is only X509v{0}\r
-certificate.noSki.notOctetString = Certificates SubjectKeyIdentifier is not a OctetString\r
-certificate.noSki.null = Certificate does not contain a SubjectKeyIdentifier\r
-defaultNamespaceCannotBeSetHere = Default namespace cannot be set here\r
-ElementProxy.nullElement = Cannot create an ElementProxy from a null argument\r
-empty = {0}\r
-encryption.algorithmCannotBeUsedForEncryptedData = encryption.algorithmCannotBeUsedForEncryptedData {0}\r
-encryption.algorithmCannotEatInitParams = encryption.algorithmCannotEatInitParams\r
-encryption.algorithmCannotEncryptDecrypt = encryption.algorithmCannotEncryptDecrypt\r
-encryption.algorithmCannotWrapUnWrap = encryption.algorithmCannotWrapUnWrap\r
-encryption.ExplicitKeySizeMismatch = The xenc:KeySize element requests a key size of {0} bit but the algorithm implements {1} bit\r
-encryption.nonceLongerThanDecryptedPlaintext = The given nonce is longer than the available plaintext. I Cannot strip away this.\r
-encryption.RSAOAEP.dataHashWrong = data hash wrong\r
-encryption.RSAOAEP.dataStartWrong = data wrong start {0}\r
-encryption.RSAOAEP.dataTooShort = data too short\r
-encryption.RSAPKCS15.blockTruncated = block truncated\r
-encryption.RSAPKCS15.noDataInBlock = no data in block\r
-encryption.RSAPKCS15.unknownBlockType = unknown block type\r
-encryption.nokey = No Key Encryption Key loaded and cannot determine using key resolvers\r
-endorsed.jdk1.4.0 = Since it seems that nobody reads our installation notes, we must do it in the exception messages. Hope you read them. You did NOT use the endorsed mechanism from JDK 1.4 properly; look at <http://xml.apache.org/security/Java/installation.html> how to solve this problem.\r
-errorMessages.InvalidDigestValueException = INVALID signature -- check reference resolution.\r
-errorMessages.InvalidSignatureValueException = INVALID signature -- core validation failed.\r
-errorMessages.IOException = Other file I/O and similar exceptions.\r
-errorMessages.MissingKeyFailureException = Cannot verify because of missing public key. Provide it via addResource and try again.\r
-errorMessages.MissingResourceFailureException = Cannot verify because of unresolved references. Provide it via addResource and try again.\r
-errorMessages.NoSuchAlgorithmException = Unknown Algorithm {0}\r
-errorMessages.NotYetImplementedException = Functionality not yet there.\r
-errorMessages.XMLSignatureException = Verification failed for some other reason.\r
-decoding.divisible.four = It should be divisible by four\r
-decoding.general = Error while decoding\r
-FileKeyStorageImpl.addToDefaultFromRemoteNotImplemented = Method addToDefaultFromRemote() not yet implemented.\r
-FileKeyStorageImpl.NoCert.Context = Not found such a X509Certificate including context {0}\r
-FileKeyStorageImpl.NoCert.IssNameSerNo = Not found such a X509Certificate with IssuerName {0} and serial number {1}\r
-FileKeyStorageImpl.NoCert.SubjName = Not found such a X509Certificate including SubjectName {0}\r
-generic.dontHaveConstructionElement = I do not have a construction Element\r
-generic.EmptyMessage = {0}\r
-generic.NotYetImplemented = {0} Not YET implemented ;-((\r
-java.security.InvalidKeyException = Invalid key\r
-java.security.NoSuchProviderException = Unknown or unsupported provider\r
-java.security.UnknownKeyType = Unknown or unsupported key type {0}\r
-KeyInfo.needKeyResolver = More than one keyResovler have to be registered\r
-KeyInfo.nokey = Cannot get key from {0}\r
-KeyInfo.noKey = Cannot get the public key\r
-KeyInfo.wrongNumberOfObject = Need {0} keyObjects\r
-KeyInfo.wrongUse = This object was made for getting {0}\r
-keyResolver.alreadyRegistered = {1} class has already been registered for {0}\r
-KeyResolver.needStorageResolver = Need a StorageResolver to retrieve a Certificate from a {0}\r
-KeyResoverSpiImpl.cannotGetCert = Cannot get the Certificate that include or in {1} in implement class {0}\r
-KeyResoverSpiImpl.elementGeneration = Cannot make {1} element in implement class {0}\r
-KeyResoverSpiImpl.getPoublicKey = Cannot get the public key from implement class {0}\r
-KeyResoverSpiImpl.InvalidElement = Cannot set (2) Element in implement class {0}\r
-KeyResoverSpiImpl.keyStore = KeyStorage error in implement class {0}\r
-KeyResoverSpiImpl.need.Element = {1} type of Element is needed in implement class {0}\r
-KeyResoverSpiImpl.wrongCRLElement = Cannot make CRL from {1} in implement class {0}\r
-KeyResoverSpiImpl.wrongKeyObject = Need {1} type of KeyObject for generation Element in implement class{0}\r
-KeyResoverSpiImpl.wrongNumberOfObject = Need {1} keyObject in implement class {0}\r
-KeyStore.alreadyRegistered = {0} Class has already been registered for {1}\r
-KeyStore.register = {1} type class register error in class {0}\r
-KeyStore.registerStore.register = Registeration error for type {0}\r
-KeyValue.IllegalArgument = Cannot create a {0} from {1}\r
-namespacePrefixAlreadyUsedByOtherURI = Namespace prefix {0} already used by other URI {1}\r
-notYetInitialized = The module {0} is not yet initialized\r
-prefix.AlreadyAssigned = You want to assign {0} as prefix for namespace {1} but it is already assigned for {2}\r
-signature.Canonicalizer.UnknownCanonicalizer = Unknown canonicalizer. No handler installed for URI {0}\r
-signature.DSA.invalidFormat = Invalid ASN.1 encoding of the DSA signature\r
-signature.Generation.signBeforeGetValue = You have to XMLSignature.sign(java.security.PrivateKey) first\r
-signature.Reference.ForbiddenResolver = It is forbidden to access resolver {0} when secure validation is enabled\r
-signature.signatureAlgorithm = It is forbidden to use algorithm {0} when secure validation is enabled\r
-signature.signaturePropertyHasNoTarget = The Target attribute of the SignatureProperty must be set\r
-signature.tooManyReferences = {0} references are contained in the Manifest, maximum {1} are allowed with secure validation\r
-signature.tooManyTransforms = {0} transforms are contained in the Reference, maximum {1} are allowed with secure validation\r
-signature.Transform.ErrorDuringTransform = A {1} was thrown during the {0} transform\r
-signature.Transform.ForbiddenTransform = Transform {0} is forbidden when secure validation is enabled\r
-signature.Transform.NotYetImplemented = Transform {0} not yet implemented\r
-signature.Transform.NullPointerTransform = Null pointer as URI. Programming bug?\r
-signature.Transform.UnknownTransform = Unknown transformation. No handler installed for URI {0}\r
-signature.Transform.node = Current Node: {0}\r
-signature.Transform.nodeAndType = Current Node: {0}, type: {1} \r
-signature.Util.BignumNonPositive = bigInteger.signum() must be positive\r
-signature.Util.NonTextNode = Not a text node\r
-signature.Util.TooManyChilds = Too many childs of Type {0} in {1}\r
-signature.Verification.certificateError = Certificate error\r
-signature.Verification.IndexOutOfBounds = Index {0} illegal. We only have {1} References\r
-signature.Verification.internalError = Internal error\r
-signature.Verification.InvalidDigestOrReference = Invalid digest of reference {0}\r
-signature.Verification.keyStore = KeyStore error\r
-signature.Verification.MissingID = Cannot resolve element with ID {0}\r
-signature.Verification.MissingResources = Cannot resolve external resource {0}\r
-signature.Verification.MultipleIDs = Multiple Elements with the same ID {0} were detected\r
-signature.Verification.NoSignatureElement = Input document contains no {0} Element in namespace {1}\r
-signature.Verification.Reference.NoInput = The Reference for URI {0} has no XMLSignatureInput\r
-signature.Verification.SignatureError = Signature error\r
-signature.XMLSignatureInput.MissingConstuctor = Cannot construct a XMLSignatureInput from class {0}\r
-signature.XMLSignatureInput.SerializeDOM = Input initialized with DOM Element. Use Canonicalization to serialize it\r
-signature.XMLSignatureInput.nodesetReference = Unable to convert to nodeset the reference\r
-transform.Init.IllegalContextArgument = Invalid context argument of class {0}. Must be String, org.w3c.dom.NodeList or java.io.InputStream.\r
-transform.init.NotInitialized =\r
-transform.init.wrongURI = Initialized with wrong URI. How could this happen? We implement {0} but {1} was used during initialization\r
-transform.envelopedSignatureTransformNotInSignatureElement = Enveloped Transform cannot find Signature element
-utils.Base64.IllegalBitlength = Illegal byte length; Data to be decoded must be a multiple of 4\r
-Base64Decoding = Error while decoding\r
-utils.resolver.noClass = Could not find a resolver for URI {0} and Base {1}\r
-xml.WrongContent = Cannot find {0} in {1}\r
-xml.WrongElement = Cannot create a {0} from a {1} element\r
-xpath.funcHere.documentsDiffer = The XPath is not in the same document as the context node\r
-xpath.funcHere.noXPathContext = Try to evaluate an XPath which uses the here() function but XPath is not inside an ds:XPath Element. XPath was : {0}\r
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-/**
- * Raised when the computed hash value doesn't match the given <i>DigestValue</i>.
- * Additional human readable info is passed to the constructor -- this being the benefit
- * of raising an exception or returning a value.
- *
- * @author Christian Geuer-Pollmann
- */
-public class InvalidDigestValueException extends XMLSignatureException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor InvalidDigestValueException
- *
- */
- public InvalidDigestValueException() {
- super();
- }
-
- /**
- * Constructor InvalidDigestValueException
- *
- * @param msgID
- */
- public InvalidDigestValueException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor InvalidDigestValueException
- *
- * @param msgID
- * @param exArgs
- */
- public InvalidDigestValueException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor InvalidDigestValueException
- *
- * @param msgID
- * @param originalException
- */
- public InvalidDigestValueException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor InvalidDigestValueException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public InvalidDigestValueException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-/**
- * Raised if testing the signature value over <i>DigestValue</i> fails because of invalid signature.
- *
- * @see InvalidDigestValueException MissingKeyFailureException MissingResourceFailureException
- * @author Christian Geuer-Pollmann
- */
-public class InvalidSignatureValueException extends XMLSignatureException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor InvalidSignatureValueException
- *
- */
- public InvalidSignatureValueException() {
- super();
- }
-
- /**
- * Constructor InvalidSignatureValueException
- *
- * @param msgID
- */
- public InvalidSignatureValueException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor InvalidSignatureValueException
- *
- * @param msgID
- * @param exArgs
- */
- public InvalidSignatureValueException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor InvalidSignatureValueException
- *
- * @param msgID
- * @param originalException
- */
- public InvalidSignatureValueException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor InvalidSignatureValueException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public InvalidSignatureValueException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileWriter;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.I18n;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolver;
-import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
-import org.w3c.dom.Attr;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-/**
- * Handles <code><ds:Manifest></code> elements.
- * <p>
- * This element holds the <code>Reference</code> elements
- * </p>
- */
-public class Manifest extends SignatureElementProxy {
-
- /**
- * The maximum number of references per Manifest, if secure validation is
- * enabled.
- */
- public static final int MAXIMUM_REFERENCE_COUNT = 30;
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
- .getLog(Manifest.class);
-
- /** Field references */
- private List<Reference> references;
- private Element[] referencesEl;
-
- /** Field verificationResults[] */
- private boolean verificationResults[] = null;
-
- /** Field resolverProperties */
- private Map<String, String> resolverProperties = null;
-
- /** Field perManifestResolvers */
- private List<ResourceResolver> perManifestResolvers = null;
-
- private boolean secureValidation;
-
- /**
- * Constructs {@link Manifest}
- *
- * @param doc
- * the {@link Document} in which <code>XMLsignature</code> is
- * placed
- */
- public Manifest(Document doc) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
-
- this.references = new ArrayList<Reference>();
- }
-
- /**
- * Constructor Manifest
- *
- * @param element
- * @param baseURI
- * @throws XMLSecurityException
- */
- public Manifest(Element element, String baseURI)
- throws XMLSecurityException {
- this(element, baseURI, false);
-
- }
-
- /**
- * Constructor Manifest
- *
- * @param element
- * @param baseURI
- * @param secureValidation
- * @throws XMLSecurityException
- */
- public Manifest(Element element, String baseURI, boolean secureValidation)
- throws XMLSecurityException {
- super(element, baseURI);
-
- Attr attr = element.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- element.setIdAttributeNode(attr, true);
- }
- this.secureValidation = secureValidation;
-
- // check out Reference children
- this.referencesEl = XMLUtils.selectDsNodes(
- this.constructionElement.getFirstChild(),
- Constants._TAG_REFERENCE);
- int le = this.referencesEl.length;
- if (le == 0) {
- // At least one Reference must be present. Bad.
- Object exArgs[] = { Constants._TAG_REFERENCE,
- Constants._TAG_MANIFEST };
-
- throw new DOMException(DOMException.WRONG_DOCUMENT_ERR,
- I18n.translate("xml.WrongContent", exArgs));
- }
-
- if (secureValidation && le > MAXIMUM_REFERENCE_COUNT) {
- Object exArgs[] = { le, MAXIMUM_REFERENCE_COUNT };
-
- throw new XMLSecurityException("signature.tooManyReferences",
- exArgs);
- }
-
- // create List
- this.references = new ArrayList<Reference>(le);
-
- for (int i = 0; i < le; i++) {
- Element refElem = referencesEl[i];
- Attr refAttr = refElem.getAttributeNodeNS(null, "Id");
- if (refAttr != null) {
- refElem.setIdAttributeNode(refAttr, true);
- }
- this.references.add(null);
- }
- }
-
- /**
- * This <code>addDocument</code> method is used to add a new resource to the
- * signed info. A {@link org.apache.xml.security.signature.Reference} is
- * built from the supplied values.
- *
- * @param baseURI
- * the URI of the resource where the XML instance was stored
- * @param referenceURI
- * <code>URI</code> attribute in <code>Reference</code> for
- * specifying where data is
- * @param transforms
- * org.apache.xml.security.signature.Transforms object with an
- * ordered list of transformations to be performed.
- * @param digestURI
- * The digest algorithm URI to be used.
- * @param referenceId
- * @param referenceType
- * @throws XMLSignatureException
- */
- public void addDocument(String baseURI, String referenceURI,
- Transforms transforms, String digestURI, String referenceId,
- String referenceType) throws XMLSignatureException {
- // the this.doc is handed implicitly by the this.getOwnerDocument()
- Reference ref = new Reference(this.doc, baseURI, referenceURI, this,
- transforms, digestURI);
-
- if (referenceId != null) {
- ref.setId(referenceId);
- }
-
- if (referenceType != null) {
- ref.setType(referenceType);
- }
-
- // add Reference object to our cache vector
- this.references.add(ref);
-
- // add the Element of the Reference object to the Manifest/SignedInfo
- this.constructionElement.appendChild(ref.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * The calculation of the DigestValues in the References must be after the
- * References are already added to the document and during the signing
- * process. This ensures that all necessary data is in place.
- *
- * @throws ReferenceNotInitializedException
- * @throws XMLSignatureException
- */
- public void generateDigestValues() throws XMLSignatureException,
- ReferenceNotInitializedException {
- for (int i = 0; i < this.getLength(); i++) {
- // update the cached Reference object, the Element content is
- // automatically updated
- Reference currentRef = this.references.get(i);
- currentRef.generateDigestValue();
- }
- }
-
- /*
- * INFO: This is modified by sunggun.jung
- */
- public void generateDigestValuesForRDS(String path)
- throws XMLSignatureException, ReferenceNotInitializedException,
- IOException {
-
- String tempManifestPath = path.concat("/.manifest.tmp");
- File tempManifestFile = new File(tempManifestPath);
-
- String tempString;
- String[] stArray;
-
- BufferedReader inRds = null;
- FileWriter fd = null;
-
- HashMap<String, String> hash = new HashMap<String, String>();
- LinkedList<String> deletedList = new LinkedList<String>();
-
- try {
- if (tempManifestFile.isFile() == true
- && tempManifestFile.length() != 0) {
-
- inRds = new BufferedReader(new FileReader(tempManifestFile));
-
- /*
- * INFO: If not contain '__DEL__DELETED' in '.manifest.tmp', remember both path key and digest value
- */
- while ((tempString = inRds.readLine()) != null) {
- // System.out.println(tempString);
- stArray = tempString.split("__DEL__");
-
- if (stArray.length != 2) {
- throw new IllegalStateException(
- ".manifest.tmp file broken. Cache value must contain '__DEL__'. Error Line = "
- + tempString);
- }
-
- if (stArray[1].equals("DELETED")) {
- deletedList.add(tempString);
- } else {
- hash.put(stArray[0], stArray[1]);
- }
- }
-
- inRds.close();
-
- if (tempManifestFile.getParentFile().canWrite() != true) {
- throw new IllegalStateException(
- "Your account does not have sufficient permission to write. Target directory = "
- + tempManifestFile.getParentFile());
- }
-
- if (tempManifestFile.canWrite() != true) {
- tempManifestFile.setWritable(true);
- }
-
- /*
- * INFO: rewrite the '.manifest.tmp'
- */
- fd = new FileWriter(tempManifestFile, false);
-
- /*
- * INFO: generate digest values by map
- */
- for (int i = 0; i < this.getLength(); i++) {
- Reference currentRef = this.references.get(i);
- String tempURI = currentRef.getURI();
-
- boolean bIsCached = hash.containsKey(tempURI);
-
- if (bIsCached == true) {
- /*
- * INFO: If not property, use the cached digest value.
- */
- if (tempURI.contains("#prop") == true) {
- currentRef.generateDigestValue();
- } else {
- String savedHashValue = (String) hash.get(tempURI);
- currentRef.generateDigestValue(savedHashValue);
- fd.write(tempURI + "__DEL__"
- + currentRef.getDigestValueBase64Encoded()
- + '\n');
- }
- } else {
- /*
- * INFO: If don't have the reference in manifest, add it.
- * The data format is 'AbsolutePath__DEL__RelativePath'.
- * The 'AbsolutePath' is processed to digest value, 'RelativePath' is mapped a reference.
- */
- if (tempURI.contains("#prop") == true) {
- currentRef.generateDigestValue();
- } else if (tempURI.contains("__DEL__") == true) {
- String[] stArrayDelta = tempURI.split("__DEL__");
-
- String absoulteUri = org.apache.commons.httpclient.util.URIUtil
- .decode(stArrayDelta[0]);
- String relativeUri = stArrayDelta[1];
- // System.out.println("\nDelta target = "
- // + absoulteUri + " , URI Path = "
- // + relativeUri);
- String hashValueb64 = currentRef
- .calculateDigestBase64Endoed(absoulteUri);
- // System.out.println("Delta target's hash value = "
- // + hashValueb64);
- currentRef.generateDigestValue(hashValueb64);
- currentRef.setURI(relativeUri);
-
- fd.write(currentRef.getURI() + "__DEL__"
- + currentRef.getDigestValueBase64Encoded()
- + '\n');
- } else {
- throw new IllegalStateException(
- "The URI for hash value broken. Line = "
- + tempURI);
- // System.out
- // .println(tempURI
- // +
- // " is not contained .manifest.tmp. Even not exist as 'to be hashed' status!!");
- }
- }
- }
-
- /*
- * INFO: remember deleted item for transaction
- */
- int size = deletedList.size();
- for (int i = 0; i < size; i++) {
- fd.write(deletedList.get(i) + '\n');
- }
-
- fd.flush();
- fd.close();
- } else {
- throw new IllegalStateException(
- ".manifest.tmp file doesn't exist!");
- }
- } catch (IOException e) {
- e.printStackTrace();
- } catch (IllegalStateException e) {
- e.printStackTrace();
- } finally {
- try {
- if (inRds != null) {
- inRds.close();
- }
- if (fd != null) {
- fd.close();
- }
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- }
- }
- }
-
- /*
- * INFO: This is modified by sunggun.jung
- */
- public void generateDigestValuesAndWriteSnapshot(String path)
- throws XMLSignatureException, ReferenceNotInitializedException,
- IOException {
-
- String tempManifestPath = path.concat("/.manifest.tmp");
- File tempManifestFile = new File(tempManifestPath);
- FileWriter fd = null;
-
- try {
- if (tempManifestFile.getParentFile().canWrite() != true) {
- throw new IllegalStateException(
- "Your account does not have sufficient permission to write. Target directory = "
- + tempManifestFile.getParentFile());
- }
-
- if (tempManifestFile.canWrite() != true) {
- tempManifestFile.setWritable(true);
- }
-
- fd = new FileWriter(tempManifestFile, false);
-
- for (int i = 0; i < this.getLength(); i++) {
- /*
- * INFO: Original code are below 2 lines
- */
- Reference currentRef = this.references.get(i);
- currentRef.generateDigestValue();
-
- String tempURI = currentRef.getURI();
- // String refPath = org.apache.commons.httpclient.util.URIUtil
- // .decode(tempURI);
-
- // String tempURI = currentRef.getURI();
- // String tempPath = path.concat("/" + tempURI);
- // String refPath = org.apache.commons.httpclient.util.URIUtil
- // .decode(tempPath);
-
- if (tempURI.contains("#prop") == true) {
- continue;
- }
- fd.write(tempURI + "__DEL__"
- + currentRef.getDigestValueBase64Encoded() + '\n');
- }
- fd.flush();
- fd.close();
- } catch (IOException e) {
- e.printStackTrace();
- throw e;
- } finally {
- try {
- if (fd != null) {
- // fd.flush();
- fd.close();
- }
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- throw ex;
- }
- }
- }
-
- /**
- * Return the nonnegative number of added references.
- *
- * @return the number of references
- */
- public int getLength() {
- return this.references.size();
- }
-
- /**
- * Return the <it>i</it><sup>th</sup> reference. Valid <code>i</code> values
- * are 0 to <code>{link@ getSize}-1</code>.
- *
- * @param i
- * Index of the requested {@link Reference}
- * @return the <it>i</it><sup>th</sup> reference
- * @throws XMLSecurityException
- */
- public Reference item(int i) throws XMLSecurityException {
- if (this.references.get(i) == null) {
- // not yet constructed, so _we_ have to
- Reference ref = new Reference(referencesEl[i], this.baseURI, this,
- secureValidation);
-
- this.references.set(i, ref);
- }
-
- return this.references.get(i);
- }
-
- /**
- * Sets the <code>Id</code> attribute
- *
- * @param Id
- * the <code>Id</code> attribute in <code>ds:Manifest</code>
- */
- public void setId(String Id) {
- if (Id != null) {
- this.constructionElement
- .setAttributeNS(null, Constants._ATT_ID, Id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID,
- true);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute
- *
- * @return the <code>Id</code> attribute in <code>ds:Manifest</code>
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /**
- * Used to do a <A
- * HREF="http://www.w3.org/TR/xmldsig-core/#def-ValidationReference"
- * >reference validation</A> of all enclosed references using the
- * {@link Reference#verify} method.
- *
- * <p>
- * This step loops through all {@link Reference}s and does verify the hash
- * values. If one or more verifications fail, the method returns
- * <code>false</code>. If <i>all</i> verifications are successful, it
- * returns <code>true</code>. The results of the individual reference
- * validations are available by using the
- * {@link #getVerificationResult(int)} method
- *
- * @return true if all References verify, false if one or more do not
- * verify.
- * @throws MissingResourceFailureException
- * if a {@link Reference} does not verify (throws a
- * {@link org.apache.xml.security.signature.ReferenceNotInitializedException}
- * because of an uninitialized {@link XMLSignatureInput}
- * @see org.apache.xml.security.signature.Reference#verify
- * @see org.apache.xml.security.signature.SignedInfo#verify()
- * @see org.apache.xml.security.signature.MissingResourceFailureException
- * @throws XMLSecurityException
- */
- public boolean verifyReferences() throws MissingResourceFailureException,
- XMLSecurityException {
- return this.verifyReferences(false);
- }
-
- /**
- * Used to do a <A
- * HREF="http://www.w3.org/TR/xmldsig-core/#def-ValidationReference"
- * >reference validation</A> of all enclosed references using the
- * {@link Reference#verify} method.
- *
- * <p>
- * This step loops through all {@link Reference}s and does verify the hash
- * values. If one or more verifications fail, the method returns
- * <code>false</code>. If <i>all</i> verifications are successful, it
- * returns <code>true</code>. The results of the individual reference
- * validations are available by using the
- * {@link #getVerificationResult(int)} method
- *
- * @param followManifests
- * @return true if all References verify, false if one or more do not
- * verify.
- * @throws MissingResourceFailureException
- * if a {@link Reference} does not verify (throws a
- * {@link org.apache.xml.security.signature.ReferenceNotInitializedException}
- * because of an uninitialized {@link XMLSignatureInput}
- * @see org.apache.xml.security.signature.Reference#verify
- * @see org.apache.xml.security.signature.SignedInfo#verify(boolean)
- * @see org.apache.xml.security.signature.MissingResourceFailureException
- * @throws XMLSecurityException
- */
- public boolean verifyReferences(boolean followManifests)
- throws MissingResourceFailureException, XMLSecurityException {
- if (referencesEl == null) {
- this.referencesEl = XMLUtils.selectDsNodes(
- this.constructionElement.getFirstChild(),
- Constants._TAG_REFERENCE);
- }
- if (log.isDebugEnabled()) {
- log.debug("verify " + referencesEl.length + " References");
- log.debug("I am " + (followManifests ? "" : "not")
- + " requested to follow nested Manifests");
- }
- if (referencesEl.length == 0) {
- throw new XMLSecurityException("empty");
- }
- if (secureValidation && referencesEl.length > MAXIMUM_REFERENCE_COUNT) {
- Object exArgs[] = { referencesEl.length, MAXIMUM_REFERENCE_COUNT };
-
- throw new XMLSecurityException("signature.tooManyReferences",
- exArgs);
- }
-
- this.verificationResults = new boolean[referencesEl.length];
- boolean verify = true;
- for (int i = 0; i < this.referencesEl.length; i++) {
- Reference currentRef = new Reference(referencesEl[i], this.baseURI,
- this, secureValidation);
-
- this.references.set(i, currentRef);
-
- // if only one item does not verify, the whole verification fails
- try {
- boolean currentRefVerified = currentRef.verify();
-
- this.setVerificationResult(i, currentRefVerified);
-
- if (!currentRefVerified) {
- verify = false;
- }
- if (log.isDebugEnabled()) {
- log.debug("The Reference has Type " + currentRef.getType());
- }
-
- // was verification successful till now and do we want to verify
- // the Manifest?
- if (verify && followManifests
- && currentRef.typeIsReferenceToManifest()) {
- if (log.isDebugEnabled()) {
- log.debug("We have to follow a nested Manifest");
- }
-
- try {
- XMLSignatureInput signedManifestNodes = currentRef
- .dereferenceURIandPerformTransforms(null);
- Set<Node> nl = signedManifestNodes.getNodeSet();
- Manifest referencedManifest = null;
- Iterator<Node> nlIterator = nl.iterator();
-
- findManifest: while (nlIterator.hasNext()) {
- Node n = nlIterator.next();
-
- if ((n.getNodeType() == Node.ELEMENT_NODE)
- && ((Element) n).getNamespaceURI().equals(
- Constants.SignatureSpecNS)
- && ((Element) n).getLocalName().equals(
- Constants._TAG_MANIFEST)) {
- try {
- referencedManifest = new Manifest(
- (Element) n,
- signedManifestNodes.getSourceURI(),
- secureValidation);
- break findManifest;
- } catch (XMLSecurityException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- // Hm, seems not to be a ds:Manifest
- }
- }
- }
-
- if (referencedManifest == null) {
- // The Reference stated that it points to a
- // ds:Manifest
- // but we did not find a ds:Manifest in the signed
- // area
- throw new MissingResourceFailureException("empty",
- currentRef);
- }
-
- referencedManifest.perManifestResolvers = this.perManifestResolvers;
- referencedManifest.resolverProperties = this.resolverProperties;
-
- boolean referencedManifestValid = referencedManifest
- .verifyReferences(followManifests);
-
- if (!referencedManifestValid) {
- verify = false;
-
- log.warn("The nested Manifest was invalid (bad)");
- } else {
- if (log.isDebugEnabled()) {
- log.debug("The nested Manifest was valid (good)");
- }
- }
- } catch (IOException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- } catch (ParserConfigurationException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- } catch (SAXException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- }
- }
- } catch (ReferenceNotInitializedException ex) {
- Object exArgs[] = { currentRef.getURI() };
-
- throw new MissingResourceFailureException(
- "signature.Verification.Reference.NoInput", exArgs, ex,
- currentRef);
- }
- }
-
- return verify;
- }
-
- /**
- * Method setVerificationResult
- *
- * @param index
- * @param verify
- */
- private void setVerificationResult(int index, boolean verify) {
- if (this.verificationResults == null) {
- this.verificationResults = new boolean[this.getLength()];
- }
-
- this.verificationResults[index] = verify;
- }
-
- /**
- * After verifying a {@link Manifest} or a {@link SignedInfo} using the
- * {@link Manifest#verifyReferences()} or {@link SignedInfo#verify()}
- * methods, the individual results can be retrieved with this method.
- *
- * @param index
- * an index of into a {@link Manifest} or a {@link SignedInfo}
- * @return the results of reference validation at the specified index
- * @throws XMLSecurityException
- */
- public boolean getVerificationResult(int index) throws XMLSecurityException {
- if ((index < 0) || (index > this.getLength() - 1)) {
- Object exArgs[] = { Integer.toString(index),
- Integer.toString(this.getLength()) };
- Exception e = new IndexOutOfBoundsException(I18n.translate(
- "signature.Verification.IndexOutOfBounds", exArgs));
-
- throw new XMLSecurityException("generic.EmptyMessage", e);
- }
-
- if (this.verificationResults == null) {
- try {
- this.verifyReferences();
- } catch (Exception ex) {
- throw new XMLSecurityException("generic.EmptyMessage", ex);
- }
- }
-
- return this.verificationResults[index];
- }
-
- /**
- * Adds Resource Resolver for retrieving resources at specified
- * <code>URI</code> attribute in <code>reference</code> element
- *
- * @param resolver
- * {@link ResourceResolver} can provide the implemenatin subclass
- * of {@link ResourceResolverSpi} for retrieving resource.
- */
- public void addResourceResolver(ResourceResolver resolver) {
- if (resolver == null) {
- return;
- }
- if (perManifestResolvers == null) {
- perManifestResolvers = new ArrayList<ResourceResolver>();
- }
- this.perManifestResolvers.add(resolver);
- }
-
- /**
- * Adds Resource Resolver for retrieving resources at specified
- * <code>URI</code> attribute in <code>reference</code> element
- *
- * @param resolverSpi
- * the implementation subclass of {@link ResourceResolverSpi} for
- * retrieving the resource.
- */
- public void addResourceResolver(ResourceResolverSpi resolverSpi) {
- if (resolverSpi == null) {
- return;
- }
- if (perManifestResolvers == null) {
- perManifestResolvers = new ArrayList<ResourceResolver>();
- }
- perManifestResolvers.add(new ResourceResolver(resolverSpi));
- }
-
- /**
- * Get the Per-Manifest Resolver List
- *
- * @return the per-manifest Resolver List
- */
- public List<ResourceResolver> getPerManifestResolvers() {
- return perManifestResolvers;
- }
-
- /**
- * Get the resolver property map
- *
- * @return the resolver property map
- */
- public Map<String, String> getResolverProperties() {
- return resolverProperties;
- }
-
- /**
- * Used to pass parameters like proxy servers etc to the ResourceResolver
- * implementation.
- *
- * @param key
- * the key
- * @param value
- * the value
- */
- public void setResolverProperty(String key, String value) {
- if (resolverProperties == null) {
- resolverProperties = new HashMap<String, String>(10);
- }
- this.resolverProperties.put(key, value);
- }
-
- /**
- * Returns the value at specified key
- *
- * @param key
- * the key
- * @return the value
- */
- public String getResolverProperty(String key) {
- return this.resolverProperties.get(key);
- }
-
- /**
- * Method getSignedContentItem
- *
- * @param i
- * @return The signed content of the i reference.
- *
- * @throws XMLSignatureException
- */
- public byte[] getSignedContentItem(int i) throws XMLSignatureException {
- try {
- return this.getReferencedContentAfterTransformsItem(i).getBytes();
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (CanonicalizationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Method getReferencedContentPriorTransformsItem
- *
- * @param i
- * @return The contents before transformation of the reference i.
- * @throws XMLSecurityException
- */
- public XMLSignatureInput getReferencedContentBeforeTransformsItem(int i)
- throws XMLSecurityException {
- return this.item(i).getContentsBeforeTransformation();
- }
-
- /**
- * Method getReferencedContentAfterTransformsItem
- *
- * @param i
- * @return The contents after transformation of the reference i.
- * @throws XMLSecurityException
- */
- public XMLSignatureInput getReferencedContentAfterTransformsItem(int i)
- throws XMLSecurityException {
- return this.item(i).getContentsAfterTransformation();
- }
-
- /**
- * Method getSignedContentLength
- *
- * @return The number of references contained in this reference.
- */
- public int getSignedContentLength() {
- return this.getLength();
- }
-
- /**
- * Method getBaseLocalName
- *
- * @inheritDoc
- */
- public String getBaseLocalName() {
- return Constants._TAG_MANIFEST;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-/**
- * Thrown by {@link org.apache.xml.security.signature.SignedInfo#verify()} when
- * testing the signature fails because of uninitialized
- * {@link org.apache.xml.security.signature.Reference}s.
- *
- * @author Christian Geuer-Pollmann
- * @see ReferenceNotInitializedException
- */
-public class MissingResourceFailureException extends XMLSignatureException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /** Field uninitializedReference */
- private Reference uninitializedReference = null;
-
- /**
- * MissingKeyResourceFailureException constructor.
- * @param msgID
- * @param reference
- * @see #getReference
- */
- public MissingResourceFailureException(String msgID, Reference reference) {
- super(msgID);
-
- this.uninitializedReference = reference;
- }
-
- /**
- * Constructor MissingResourceFailureException
- *
- * @param msgID
- * @param exArgs
- * @param reference
- * @see #getReference
- */
- public MissingResourceFailureException(String msgID, Object exArgs[], Reference reference) {
- super(msgID, exArgs);
-
- this.uninitializedReference = reference;
- }
-
- /**
- * Constructor MissingResourceFailureException
- *
- * @param msgID
- * @param originalException
- * @param reference
- * @see #getReference
- */
- public MissingResourceFailureException(
- String msgID, Exception originalException, Reference reference
- ) {
- super(msgID, originalException);
-
- this.uninitializedReference = reference;
- }
-
- /**
- * Constructor MissingResourceFailureException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- * @param reference
- * @see #getReference
- */
- public MissingResourceFailureException(
- String msgID, Object exArgs[], Exception originalException, Reference reference
- ) {
- super(msgID, exArgs, originalException);
-
- this.uninitializedReference = reference;
- }
-
- /**
- * used to set the uninitialized {@link org.apache.xml.security.signature.Reference}
- *
- * @param reference the Reference object
- * @see #getReference
- */
- public void setReference(Reference reference) {
- this.uninitializedReference = reference;
- }
-
- /**
- * used to get the uninitialized {@link org.apache.xml.security.signature.Reference}
- *
- * This allows to supply the correct {@link org.apache.xml.security.signature.XMLSignatureInput}
- * to the {@link org.apache.xml.security.signature.Reference} to try again verification.
- *
- * @return the Reference object
- * @see #setReference
- */
- public Reference getReference() {
- return this.uninitializedReference;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import org.w3c.dom.Node;
-
-/**
- * An interface to tell to the c14n if a node is included or not in the output
- */
-public interface NodeFilter {
-
- /**
- * Tells if a node must be output in c14n.
- * @param n
- * @return 1 if the node should be output.
- * 0 if node must not be output,
- * -1 if the node and all it's child must not be output.
- *
- */
- int isNodeInclude(Node n);
-
- /**
- * Tells if a node must be output in a c14n.
- * The caller must assured that this method is always call
- * in document order. The implementations can use this
- * restriction to optimize the transformation.
- * @param n
- * @param level the relative level in the tree
- * @return 1 if the node should be output.
- * 0 if node must not be output,
- * -1 if the node and all it's child must not be output.
- */
- int isNodeIncludeDO(Node n, int level);
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-
-/**
- * Handles <code><ds:Object></code> elements
- * <code>Object<code> {@link Element} supply facility which can contain any kind data
- *
- * @author Christian Geuer-Pollmann
- * $todo$ if we remove childen, the boolean values are not updated
- */
-public class ObjectContainer extends SignatureElementProxy {
-
- /**
- * Constructs {@link ObjectContainer}
- *
- * @param doc the {@link Document} in which <code>Object</code> element is placed
- */
- public ObjectContainer(Document doc) {
- super(doc);
- }
-
- /**
- * Constructs {@link ObjectContainer} from {@link Element}
- *
- * @param element is <code>Object</code> element
- * @param baseURI the URI of the resource where the XML instance was stored
- * @throws XMLSecurityException
- */
- public ObjectContainer(Element element, String baseURI) throws XMLSecurityException {
- super(element, baseURI);
- }
-
- /**
- * Sets the <code>Id</code> attribute
- *
- * @param Id <code>Id</code> attribute
- */
- public void setId(String Id) {
- if (Id != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute
- *
- * @return the <code>Id</code> attribute
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /**
- * Sets the <code>MimeType</code> attribute
- *
- * @param MimeType the <code>MimeType</code> attribute
- */
- public void setMimeType(String MimeType) {
- if (MimeType != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_MIMETYPE, MimeType);
- }
- }
-
- /**
- * Returns the <code>MimeType</code> attribute
- *
- * @return the <code>MimeType</code> attribute
- */
- public String getMimeType() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_MIMETYPE);
- }
-
- /**
- * Sets the <code>Encoding</code> attribute
- *
- * @param Encoding the <code>Encoding</code> attribute
- */
- public void setEncoding(String Encoding) {
- if (Encoding != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ENCODING, Encoding);
- }
- }
-
- /**
- * Returns the <code>Encoding</code> attribute
- *
- * @return the <code>Encoding</code> attribute
- */
- public String getEncoding() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ENCODING);
- }
-
- /**
- * Adds child Node
- *
- * @param node child Node
- * @return the new node in the tree.
- */
- public Node appendChild(Node node) {
- return this.constructionElement.appendChild(node);
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_OBJECT;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.FileInputStream;
-import java.security.AccessController;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedAction;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.reference.ReferenceData;
-import org.apache.xml.security.signature.reference.ReferenceNodeSetData;
-import org.apache.xml.security.signature.reference.ReferenceOctetStreamData;
-import org.apache.xml.security.signature.reference.ReferenceSubTreeData;
-import org.apache.xml.security.transforms.InvalidTransformException;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.transforms.params.InclusiveNamespaces;
-import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.DigesterOutputStream;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolver;
-import org.apache.xml.security.utils.resolver.ResourceResolverException;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.Text;
-
-/**
- * Handles <code><ds:Reference></code> elements.
- *
- * This includes:
- *
- * Constuct a <CODE>ds:Reference</CODE> from an {@link org.w3c.dom.Element}.
- *
- * <p>Create a new reference</p>
- * <pre>
- * Document doc;
- * MessageDigestAlgorithm sha1 = MessageDigestAlgorithm.getInstance("http://#sha1");
- * Reference ref = new Reference(new XMLSignatureInput(new FileInputStream("1.gif"),
- * "http://localhost/1.gif",
- * (Transforms) null, sha1);
- * Element refElem = ref.toElement(doc);
- * </pre>
- *
- * <p>Verify a reference</p>
- * <pre>
- * Element refElem = doc.getElement("Reference"); // PSEUDO
- * Reference ref = new Reference(refElem);
- * String url = ref.getURI();
- * ref.setData(new XMLSignatureInput(new FileInputStream(url)));
- * if (ref.verify()) {
- * System.out.println("verified");
- * }
- * </pre>
- *
- * <pre>
- * <element name="Reference" type="ds:ReferenceType"/>
- * <complexType name="ReferenceType">
- * <sequence>
- * <element ref="ds:Transforms" minOccurs="0"/>
- * <element ref="ds:DigestMethod"/>
- * <element ref="ds:DigestValue"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
- * <attribute name="URI" type="anyURI" use="optional"/>
- * <attribute name="Type" type="anyURI" use="optional"/>
- * </complexType>
- * </pre>
- *
- * @author Christian Geuer-Pollmann
- * @see ObjectContainer
- * @see Manifest
- */
-public class Reference extends SignatureElementProxy {
-
- /** Field OBJECT_URI */
- public static final String OBJECT_URI = Constants.SignatureSpecNS + Constants._TAG_OBJECT;
-
- /** Field MANIFEST_URI */
- public static final String MANIFEST_URI = Constants.SignatureSpecNS + Constants._TAG_MANIFEST;
-
- /**
- * The maximum number of transforms per reference, if secure validation is enabled.
- */
- public static final int MAXIMUM_TRANSFORM_COUNT = 5;
-
- private boolean secureValidation;
-
- /**
- * Look up useC14N11 system property. If true, an explicit C14N11 transform
- * will be added if necessary when generating the signature. See section
- * 3.1.1 of http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ for more info.
- */
- private static boolean useC14N11 = ((Boolean)
- AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
- public Boolean run() {
- return Boolean.valueOf(Boolean.getBoolean("org.apache.xml.security.useC14N11"));
- }
- })).booleanValue();
-
- /** {@link org.apache.commons.logging} logging facility */
- private static final org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(Reference.class);
-
- private Manifest manifest;
- private XMLSignatureInput transformsOutput;
-
- private Transforms transforms;
-
- private Element digestMethodElem;
-
- private Element digestValueElement;
-
- private ReferenceData referenceData;
-
- private String digestValueBase64Encoded;
-
- /**
- * Constructor Reference
- *
- * @param doc the {@link Document} in which <code>XMLsignature</code> is placed
- * @param baseURI the URI of the resource where the XML instance will be stored
- * @param referenceURI URI indicate where is data which will digested
- * @param manifest
- * @param transforms {@link Transforms} applied to data
- * @param messageDigestAlgorithm {@link MessageDigestAlgorithm Digest algorithm} which is
- * applied to the data
- * TODO should we throw XMLSignatureException if MessageDigestAlgoURI is wrong?
- * @throws XMLSignatureException
- */
- protected Reference(
- Document doc, String baseURI, String referenceURI, Manifest manifest,
- Transforms transforms, String messageDigestAlgorithm
- ) throws XMLSignatureException {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
-
- this.baseURI = baseURI;
- this.manifest = manifest;
-
- this.setURI(referenceURI);
-
- // important: The ds:Reference must be added to the associated ds:Manifest
- // or ds:SignedInfo _before_ the this.resolverResult() is called.
- // this.manifest.appendChild(this.constructionElement);
- // this.manifest.appendChild(this.doc.createTextNode("\n"));
-
- if (transforms != null) {
- this.transforms=transforms;
- this.constructionElement.appendChild(transforms.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
- MessageDigestAlgorithm mda =
- MessageDigestAlgorithm.getInstance(this.doc, messageDigestAlgorithm);
-
- digestMethodElem = mda.getElement();
- this.constructionElement.appendChild(digestMethodElem);
- XMLUtils.addReturnToElement(this.constructionElement);
-
- digestValueElement =
- XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_DIGESTVALUE);
-
- this.constructionElement.appendChild(digestValueElement);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
-
- /**
- * Build a {@link Reference} from an {@link Element}
- *
- * @param element <code>Reference</code> element
- * @param baseURI the URI of the resource where the XML instance was stored
- * @param manifest is the {@link Manifest} of {@link SignedInfo} in which the Reference occurs.
- * We need this because the Manifest has the individual {@link ResourceResolver}s which have
- * been set by the user
- * @throws XMLSecurityException
- */
- protected Reference(Element element, String baseURI, Manifest manifest) throws XMLSecurityException {
- this(element, baseURI, manifest, false);
- }
-
- /**
- * Build a {@link Reference} from an {@link Element}
- *
- * @param element <code>Reference</code> element
- * @param baseURI the URI of the resource where the XML instance was stored
- * @param manifest is the {@link Manifest} of {@link SignedInfo} in which the Reference occurs.
- * @param secureValidation whether secure validation is enabled or not
- * We need this because the Manifest has the individual {@link ResourceResolver}s which have
- * been set by the user
- * @throws XMLSecurityException
- */
- protected Reference(Element element, String baseURI, Manifest manifest, boolean secureValidation)
- throws XMLSecurityException {
- super(element, baseURI);
- this.secureValidation = secureValidation;
- this.baseURI = baseURI;
- Element el = XMLUtils.getNextElement(element.getFirstChild());
- if (Constants._TAG_TRANSFORMS.equals(el.getLocalName())
- && Constants.SignatureSpecNS.equals(el.getNamespaceURI())) {
- transforms = new Transforms(el, this.baseURI);
- transforms.setSecureValidation(secureValidation);
- if (secureValidation && transforms.getLength() > MAXIMUM_TRANSFORM_COUNT) {
- Object exArgs[] = { transforms.getLength(), MAXIMUM_TRANSFORM_COUNT };
-
- throw new XMLSecurityException("signature.tooManyTransforms", exArgs);
- }
- el = XMLUtils.getNextElement(el.getNextSibling());
- }
- digestMethodElem = el;
- digestValueElement = XMLUtils.getNextElement(digestMethodElem.getNextSibling());
- this.manifest = manifest;
- }
-
- /**
- * Returns {@link MessageDigestAlgorithm}
- *
- *
- * @return {@link MessageDigestAlgorithm}
- *
- * @throws XMLSignatureException
- */
- public MessageDigestAlgorithm getMessageDigestAlgorithm() throws XMLSignatureException {
- if (digestMethodElem == null) {
- return null;
- }
-
- String uri = digestMethodElem.getAttributeNS(null, Constants._ATT_ALGORITHM);
-
- if (uri == null) {
- return null;
- }
-
- if (secureValidation && MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5.equals(uri)) {
- Object exArgs[] = { uri };
-
- throw new XMLSignatureException("signature.signatureAlgorithm", exArgs);
- }
-
- return MessageDigestAlgorithm.getInstance(this.doc, uri);
- }
-
- /**
- * Sets the <code>URI</code> of this <code>Reference</code> element
- *
- * @param uri the <code>URI</code> of this <code>Reference</code> element
- */
- public void setURI(String uri) {
- if (uri != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_URI, uri);
- }
- }
-
- /**
- * Returns the <code>URI</code> of this <code>Reference</code> element
- *
- * @return URI the <code>URI</code> of this <code>Reference</code> element
- */
- public String getURI() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_URI);
- }
-
- /**
- * Sets the <code>Id</code> attribute of this <code>Reference</code> element
- *
- * @param id the <code>Id</code> attribute of this <code>Reference</code> element
- */
- public void setId(String id) {
- if (id != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute of this <code>Reference</code> element
- *
- * @return Id the <code>Id</code> attribute of this <code>Reference</code> element
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /**
- * Sets the <code>type</code> atttibute of the Reference indicate whether an
- * <code>ds:Object</code>, <code>ds:SignatureProperty</code>, or <code>ds:Manifest</code>
- * element.
- *
- * @param type the <code>type</code> attribute of the Reference
- */
- public void setType(String type) {
- if (type != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_TYPE, type);
- }
- }
-
- /**
- * Return the <code>type</code> atttibute of the Reference indicate whether an
- * <code>ds:Object</code>, <code>ds:SignatureProperty</code>, or <code>ds:Manifest</code>
- * element
- *
- * @return the <code>type</code> attribute of the Reference
- */
- public String getType() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_TYPE);
- }
-
- private void setDigestValueBase64Encoded(String value) {
- this.digestValueBase64Encoded = value;
- }
-
- public String getDigestValueBase64Encoded() {
- return this.digestValueBase64Encoded;
- }
-
- /**
- * Method isReferenceToObject
- *
- * This returns true if the <CODE>Type</CODE> attribute of the
- * <CODE>Reference</CODE> element points to a <CODE>#Object</CODE> element
- *
- * @return true if the Reference type indicates that this Reference points to an
- * <code>Object</code>
- */
- public boolean typeIsReferenceToObject() {
- if (Reference.OBJECT_URI.equals(this.getType())) {
- return true;
- }
-
- return false;
- }
-
- /**
- * Method isReferenceToManifest
- *
- * This returns true if the <CODE>Type</CODE> attribute of the
- * <CODE>Reference</CODE> element points to a <CODE>#Manifest</CODE> element
- *
- * @return true if the Reference type indicates that this Reference points to a
- * {@link Manifest}
- */
- public boolean typeIsReferenceToManifest() {
- if (Reference.MANIFEST_URI.equals(this.getType())) {
- return true;
- }
-
- return false;
- }
-
- /**
- * Method setDigestValueElement
- *
- * @param digestValue
- */
- private void setDigestValueElement(byte[] digestValue) {
- Node n = digestValueElement.getFirstChild();
- while (n != null) {
- digestValueElement.removeChild(n);
- n = n.getNextSibling();
- }
-
- String base64codedValue = Base64.encode(digestValue);
- this.setDigestValueBase64Encoded(base64codedValue);
-
- Text t = this.doc.createTextNode(base64codedValue);
-
- digestValueElement.appendChild(t);
- }
-
- private void setDigestValueElement(String base64encodedDigestValue) {
- Node n = digestValueElement.getFirstChild();
- while (n != null) {
- digestValueElement.removeChild(n);
- n = n.getNextSibling();
- }
- Text t = this.doc.createTextNode(base64encodedDigestValue);
- digestValueElement.appendChild(t);
-
- this.setDigestValueBase64Encoded(base64encodedDigestValue);
- }
-
-
- /**
- * Method generateDigestValue
- *
- * @throws ReferenceNotInitializedException
- * @throws XMLSignatureException
- */
- public void generateDigestValue()
- throws XMLSignatureException, ReferenceNotInitializedException {
- this.setDigestValueElement(this.calculateDigest(false));
- }
-
- /*
- * INFO: this is added by sunggun.jung
- */
- public void generateDigestValue(String targetValue)
- throws XMLSignatureException, ReferenceNotInitializedException {
- this.setDigestValueElement(targetValue);
- }
-
-
- /**
- * Returns the XMLSignatureInput which is created by de-referencing the URI attribute.
- * @return the XMLSignatureInput of the source of this reference
- * @throws ReferenceNotInitializedException If the resolver found any
- * problem resolving the reference
- */
- public XMLSignatureInput getContentsBeforeTransformation()
- throws ReferenceNotInitializedException {
- try {
- Attr uriAttr =
- this.constructionElement.getAttributeNodeNS(null, Constants._ATT_URI);
-
- ResourceResolver resolver =
- ResourceResolver.getInstance(
- uriAttr, this.baseURI, this.manifest.getPerManifestResolvers(), secureValidation
- );
- resolver.addProperties(this.manifest.getResolverProperties());
-
- return resolver.resolve(uriAttr, this.baseURI);
- } catch (ResourceResolverException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- }
- }
-
- private XMLSignatureInput getContentsAfterTransformation(
- XMLSignatureInput input, OutputStream os
- ) throws XMLSignatureException {
- try {
- Transforms transforms = this.getTransforms();
- XMLSignatureInput output = null;
-
- if (transforms != null) {
- output = transforms.performTransforms(input, os);
- this.transformsOutput = output;//new XMLSignatureInput(output.getBytes());
-
- //this.transformsOutput.setSourceURI(output.getSourceURI());
- } else {
- output = input;
- }
-
- return output;
- } catch (ResourceResolverException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (CanonicalizationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (TransformationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Returns the XMLSignatureInput which is the result of the Transforms.
- * @return a XMLSignatureInput with all transformations applied.
- * @throws XMLSignatureException
- */
- public XMLSignatureInput getContentsAfterTransformation()
- throws XMLSignatureException {
- XMLSignatureInput input = this.getContentsBeforeTransformation();
- cacheDereferencedElement(input);
-
- return this.getContentsAfterTransformation(input, null);
- }
-
- /**
- * This method returns the XMLSignatureInput which represents the node set before
- * some kind of canonicalization is applied for the first time.
- * @return Gets a the node doing everything till the first c14n is needed
- *
- * @throws XMLSignatureException
- */
- public XMLSignatureInput getNodesetBeforeFirstCanonicalization()
- throws XMLSignatureException {
- try {
- XMLSignatureInput input = this.getContentsBeforeTransformation();
- cacheDereferencedElement(input);
- XMLSignatureInput output = input;
- Transforms transforms = this.getTransforms();
-
- if (transforms != null) {
- doTransforms: for (int i = 0; i < transforms.getLength(); i++) {
- Transform t = transforms.item(i);
- String uri = t.getURI();
-
- if (uri.equals(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)
- || uri.equals(Transforms.TRANSFORM_C14N_EXCL_WITH_COMMENTS)
- || uri.equals(Transforms.TRANSFORM_C14N_OMIT_COMMENTS)
- || uri.equals(Transforms.TRANSFORM_C14N_WITH_COMMENTS)) {
- break doTransforms;
- }
-
- output = t.performTransform(output, null);
- }
-
- output.setSourceURI(input.getSourceURI());
- }
- return output;
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (ResourceResolverException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (CanonicalizationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (TransformationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Method getHTMLRepresentation
- * @return The HTML of the transformation
- * @throws XMLSignatureException
- */
- public String getHTMLRepresentation() throws XMLSignatureException {
- try {
- XMLSignatureInput nodes = this.getNodesetBeforeFirstCanonicalization();
-
- Transforms transforms = this.getTransforms();
- Transform c14nTransform = null;
-
- if (transforms != null) {
- doTransforms: for (int i = 0; i < transforms.getLength(); i++) {
- Transform t = transforms.item(i);
- String uri = t.getURI();
-
- if (uri.equals(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)
- || uri.equals(Transforms.TRANSFORM_C14N_EXCL_WITH_COMMENTS)) {
- c14nTransform = t;
- break doTransforms;
- }
- }
- }
-
- Set<String> inclusiveNamespaces = new HashSet<String>();
- if (c14nTransform != null
- && (c14nTransform.length(
- InclusiveNamespaces.ExclusiveCanonicalizationNamespace,
- InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES) == 1)) {
-
- // there is one InclusiveNamespaces element
- InclusiveNamespaces in =
- new InclusiveNamespaces(
- XMLUtils.selectNode(
- c14nTransform.getElement().getFirstChild(),
- InclusiveNamespaces.ExclusiveCanonicalizationNamespace,
- InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES,
- 0
- ), this.getBaseURI());
-
- inclusiveNamespaces =
- InclusiveNamespaces.prefixStr2Set(in.getInclusiveNamespaces());
- }
-
- return nodes.getHTMLRepresentation(inclusiveNamespaces);
- } catch (TransformationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (InvalidTransformException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * This method only works works after a call to verify.
- * @return the transformed output(i.e. what is going to be digested).
- */
- public XMLSignatureInput getTransformsOutput() {
- return this.transformsOutput;
- }
-
- /**
- * Get the ReferenceData that corresponds to the cached representation of the dereferenced
- * object before transformation.
- */
- public ReferenceData getReferenceData() {
- return referenceData;
- }
-
- /**
- * This method returns the {@link XMLSignatureInput} which is referenced by the
- * <CODE>URI</CODE> Attribute.
- * @param os where to write the transformation can be null.
- * @return the element to digest
- *
- * @throws XMLSignatureException
- * @see Manifest#verifyReferences()
- */
- protected XMLSignatureInput dereferenceURIandPerformTransforms(OutputStream os)
- throws XMLSignatureException {
- try {
- XMLSignatureInput input = this.getContentsBeforeTransformation();
- cacheDereferencedElement(input);
-
- XMLSignatureInput output = this.getContentsAfterTransformation(input, os);
- this.transformsOutput = output;
- return output;
- } catch (XMLSecurityException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- }
- }
-
- /**
- * Store the dereferenced Element(s) so that it/they can be retrieved later.
- */
- private void cacheDereferencedElement(XMLSignatureInput input) {
- if (input.isNodeSet()) {
- try {
- final Set<Node> s = input.getNodeSet();
- referenceData = new ReferenceNodeSetData() {
- public Iterator<Node> iterator() { return s.iterator(); }
- };
- } catch (Exception e) {
- // log a warning
- log.warn("cannot cache dereferenced data: " + e);
- }
- } else if (input.isElement()) {
- referenceData = new ReferenceSubTreeData
- (input.getSubNode(), input.isExcludeComments());
- } else if (input.isOctetStream() || input.isByteArray()) {
- try {
- referenceData = new ReferenceOctetStreamData
- (input.getOctetStream(), input.getSourceURI(),
- input.getMIMEType());
- } catch (IOException ioe) {
- // log a warning
- log.warn("cannot cache dereferenced data: " + ioe);
- }
- }
- }
-
- /**
- * Method getTransforms
- *
- * @return The transforms that applied this reference.
- * @throws InvalidTransformException
- * @throws TransformationException
- * @throws XMLSecurityException
- * @throws XMLSignatureException
- */
- public Transforms getTransforms()
- throws XMLSignatureException, InvalidTransformException,
- TransformationException, XMLSecurityException {
- return transforms;
- }
-
- /**
- * Method getReferencedBytes
- *
- * @return the bytes that will be used to generated digest.
- * @throws ReferenceNotInitializedException
- * @throws XMLSignatureException
- */
- public byte[] getReferencedBytes()
- throws ReferenceNotInitializedException, XMLSignatureException {
- try {
- XMLSignatureInput output = this.dereferenceURIandPerformTransforms(null);
- return output.getBytes();
- } catch (IOException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- } catch (CanonicalizationException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- }
- }
-
-
- /**
- * Method calculateDigest
- *
- * @param validating true if validating the reference
- * @return reference Calculate the digest of this reference.
- * @throws ReferenceNotInitializedException
- * @throws XMLSignatureException
- */
- private byte[] calculateDigest(boolean validating)
- throws ReferenceNotInitializedException, XMLSignatureException {
- OutputStream os = null;
- try {
- MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
-
- mda.reset();
- DigesterOutputStream diOs = new DigesterOutputStream(mda);
- os = new UnsyncBufferedOutputStream(diOs);
- XMLSignatureInput output = this.dereferenceURIandPerformTransforms(os);
- // if signing and c14n11 property == true explicitly add
- // C14N11 transform if needed
- if (Reference.useC14N11 && !validating && !output.isOutputStreamSet()
- && !output.isOctetStream()) {
- if (transforms == null) {
- transforms = new Transforms(this.doc);
- transforms.setSecureValidation(secureValidation);
- this.constructionElement.insertBefore(transforms.getElement(), digestMethodElem);
- }
- transforms.addTransform(Transforms.TRANSFORM_C14N11_OMIT_COMMENTS);
- output.updateOutputStream(os, true);
- } else {
- output.updateOutputStream(os);
- }
- os.flush();
-
- if (output.getOctetStreamReal() != null) {
- output.getOctetStreamReal().close();
- }
-
- //this.getReferencedBytes(diOs);
- //mda.update(data);
-
- return diOs.getDigestValue();
- } catch (XMLSecurityException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- } catch (IOException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- } finally {
- if (os != null) {
- try {
- os.close();
- } catch (IOException ex) {
- throw new ReferenceNotInitializedException("empty", ex);
- }
- }
- }
- }
-
- /*
- * INFO: this is added by sunggun.jung
- */
- /**
- * Method calculateDigest
- *
- * @param validating true if validating the reference
- * @return reference Calculate the digest of this reference.
- * @throws IOException
- * @throws ReferenceNotInitializedException
- * @throws XMLSignatureException
- */
- public String calculateDigestBase64Endoed(String absoulteUrl) throws IOException {
- String SHA = "";
-
- FileInputStream fis = null;
-
- try{
- MessageDigest sha = MessageDigest.getInstance("SHA-256");
-
- fis = new FileInputStream(absoulteUrl);
-
- byte[] dataBytes = new byte[1024];
-
- int nread = 0;
-
- while ((nread = fis.read(dataBytes)) != -1)
- {
- sha.update(dataBytes, 0, nread);
- }
-
- byte[] shabytes = sha.digest();
-
-// StringBuffer sb = new StringBuffer();
-// for (int i = 0 ; i < shabytes.length ; i++) {
-// sb.append(Integer.toString((shabytes[i]&0xff) + 0x100, 16).substring(1));
-// }
-
-// System.out.println("Hex format : " + sb.toString());
- SHA = Base64.encode(shabytes);
-// System.out.println("Base64 format : " + SHA);
-
- fis.close();
-
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- SHA = null;
- } finally {
- try {
- if (fis != null) {
- fis.close();
- }
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- }
- }
- return SHA;
- }
-
-
- /**
- * Returns the digest value.
- *
- * @return the digest value.
- * @throws Base64DecodingException if Reference contains no proper base64 encoded data.
- * @throws XMLSecurityException if the Reference does not contain a DigestValue element
- */
- public byte[] getDigestValue() throws Base64DecodingException, XMLSecurityException {
- if (digestValueElement == null) {
- // The required element is not in the XML!
- Object[] exArgs ={ Constants._TAG_DIGESTVALUE, Constants.SignatureSpecNS };
- throw new XMLSecurityException(
- "signature.Verification.NoSignatureElement", exArgs
- );
- }
- return Base64.decode(digestValueElement);
- }
-
-
- /**
- * Tests reference validation is success or false
- *
- * @return true if reference validation is success, otherwise false
- * @throws ReferenceNotInitializedException
- * @throws XMLSecurityException
- */
- public boolean verify()
- throws ReferenceNotInitializedException, XMLSecurityException {
- byte[] elemDig = this.getDigestValue();
- byte[] calcDig = this.calculateDigest(true);
- boolean equal = MessageDigestAlgorithm.isEqual(elemDig, calcDig);
-
- if (!equal) {
- log.warn("Verification failed for URI \"" + this.getURI() + "\"");
- log.warn("Expected Digest: " + Base64.encode(elemDig));
- log.warn("Actual Digest: " + Base64.encode(calcDig));
- } else {
- if (log.isDebugEnabled()) {
- log.debug("Verification successful for URI \"" + this.getURI() + "\"");
- }
- }
-
- return equal;
- }
-
- /**
- * Method getBaseLocalName
- * @inheritDoc
- */
- public String getBaseLocalName() {
- return Constants._TAG_REFERENCE;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-/**
- * Raised if verifying a {@link org.apache.xml.security.signature.Reference} fails
- * because of an uninitialized {@link org.apache.xml.security.signature.XMLSignatureInput}
- *
- * @author Christian Geuer-Pollmann
- */
-public class ReferenceNotInitializedException extends XMLSignatureException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor ReferenceNotInitializedException
- *
- */
- public ReferenceNotInitializedException() {
- super();
- }
-
- /**
- * Constructor ReferenceNotInitializedException
- *
- * @param msgID
- */
- public ReferenceNotInitializedException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor ReferenceNotInitializedException
- *
- * @param msgID
- * @param exArgs
- */
- public ReferenceNotInitializedException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor ReferenceNotInitializedException
- *
- * @param msgID
- * @param originalException
- */
- public ReferenceNotInitializedException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor ReferenceNotInitializedException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public ReferenceNotInitializedException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Handles <code><ds:SignatureProperties></code> elements
- * This Element holds {@link SignatureProperty} that contian additional information items
- * concerning the generation of the signature.
- * for example, data-time stamp, serial number of cryptographic hardware.
- *
- * @author Christian Geuer-Pollmann
- */
-public class SignatureProperties extends SignatureElementProxy {
-
- /**
- * Constructor SignatureProperties
- *
- * @param doc
- */
- public SignatureProperties(Document doc) {
- super(doc);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Constructs {@link SignatureProperties} from {@link Element}
- * @param element <code>SignatureProperties</code> element
- * @param BaseURI the URI of the resource where the XML instance was stored
- * @throws XMLSecurityException
- */
- public SignatureProperties(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
-
- Attr attr = element.getAttributeNodeNS(null, "Id");
- if (attr != null) {
- element.setIdAttributeNode(attr, true);
- }
-
- int length = getLength();
- for (int i = 0; i < length; i++) {
- Element propertyElem =
- XMLUtils.selectDsNode(this.constructionElement, Constants._TAG_SIGNATUREPROPERTY, i);
- Attr propertyAttr = propertyElem.getAttributeNodeNS(null, "Id");
- if (propertyAttr != null) {
- propertyElem.setIdAttributeNode(propertyAttr, true);
- }
- }
- }
-
- /**
- * Return the nonnegative number of added SignatureProperty elements.
- *
- * @return the number of SignatureProperty elements
- */
- public int getLength() {
- Element[] propertyElems =
- XMLUtils.selectDsNodes(this.constructionElement, Constants._TAG_SIGNATUREPROPERTY);
-
- return propertyElems.length;
- }
-
- /**
- * Return the <it>i</it><sup>th</sup> SignatureProperty. Valid <code>i</code>
- * values are 0 to <code>{link@ getSize}-1</code>.
- *
- * @param i Index of the requested {@link SignatureProperty}
- * @return the <it>i</it><sup>th</sup> SignatureProperty
- * @throws XMLSignatureException
- */
- public SignatureProperty item(int i) throws XMLSignatureException {
- try {
- Element propertyElem =
- XMLUtils.selectDsNode(this.constructionElement, Constants._TAG_SIGNATUREPROPERTY, i);
-
- if (propertyElem == null) {
- return null;
- }
- return new SignatureProperty(propertyElem, this.baseURI);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Sets the <code>Id</code> attribute
- *
- * @param Id the <code>Id</code> attribute
- */
- public void setId(String Id) {
- if (Id != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute
- *
- * @return the <code>Id</code> attribute
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /**
- * Method addSignatureProperty
- *
- * @param sp
- */
- public void addSignatureProperty(SignatureProperty sp) {
- this.constructionElement.appendChild(sp.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_SIGNATUREPROPERTIES;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * Handles <code><ds:SignatureProperty></code> elements
- * Additional information item concerning the generation of the signature(s) can
- * be placed in this Element
- *
- * @author Christian Geuer-Pollmann
- */
-public class SignatureProperty extends SignatureElementProxy {
-
- /**
- * Constructs{@link SignatureProperty} using specified <code>target</code> attribute
- *
- * @param doc the {@link Document} in which <code>XMLsignature</code> is placed
- * @param target the <code>target</code> attribute references the <code>Signature</code>
- * element to which the property applies SignatureProperty
- */
- public SignatureProperty(Document doc, String target) {
- this(doc, target, null);
- }
-
- /**
- * Constructs {@link SignatureProperty} using sepcified <code>target</code> attribute and
- * <code>id</code> attribute
- *
- * @param doc the {@link Document} in which <code>XMLsignature</code> is placed
- * @param target the <code>target</code> attribute references the <code>Signature</code>
- * element to which the property applies
- * @param id the <code>id</code> will be specified by {@link Reference#getURI} in validation
- */
- public SignatureProperty(Document doc, String target, String id) {
- super(doc);
-
- this.setTarget(target);
- this.setId(id);
- }
-
- /**
- * Constructs a {@link SignatureProperty} from an {@link Element}
- * @param element <code>SignatureProperty</code> element
- * @param BaseURI the URI of the resource where the XML instance was stored
- * @throws XMLSecurityException
- */
- public SignatureProperty(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Sets the <code>id</code> attribute
- *
- * @param id the <code>id</code> attribute
- */
- public void setId(String id) {
- if (id != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
- }
- }
-
- /**
- * Returns the <code>id</code> attribute
- *
- * @return the <code>id</code> attribute
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /**
- * Sets the <code>target</code> attribute
- *
- * @param target the <code>target</code> attribute
- */
- public void setTarget(String target) {
- if (target != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_TARGET, target);
- }
- }
-
- /**
- * Returns the <code>target</code> attribute
- *
- * @return the <code>target</code> attribute
- */
- public String getTarget() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_TARGET);
- }
-
- /**
- * Method appendChild
- *
- * @param node
- * @return the node in this element.
- */
- public Node appendChild(Node node) {
- return this.constructionElement.appendChild(node);
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_SIGNATUREPROPERTY;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-import javax.xml.XMLConstants;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.algorithms.SignatureAlgorithm;
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.transforms.params.InclusiveNamespaces;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-/**
- * Handles <code><ds:SignedInfo></code> elements
- * This <code>SignedInfo<code> element includes the canonicalization algorithm,
- * a signature algorithm, and one or more references.
- *
- * @author Christian Geuer-Pollmann
- */
-public class SignedInfo extends Manifest {
-
- /** Field signatureAlgorithm */
- private SignatureAlgorithm signatureAlgorithm = null;
-
- /** Field c14nizedBytes */
- private byte[] c14nizedBytes = null;
-
- private Element c14nMethod;
- private Element signatureMethod;
-
- /**
- * Overwrites {@link Manifest#addDocument} because it creates another
- * Element.
- *
- * @param doc the {@link Document} in which <code>XMLsignature</code> will
- * be placed
- * @throws XMLSecurityException
- */
- public SignedInfo(Document doc) throws XMLSecurityException {
- this(doc, XMLSignature.ALGO_ID_SIGNATURE_DSA,
- Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
- }
-
- /**
- * Constructs {@link SignedInfo} using given Canonicalization algorithm and
- * Signature algorithm.
- *
- * @param doc <code>SignedInfo</code> is placed in this document
- * @param signatureMethodURI URI representation of the Digest and
- * Signature algorithm
- * @param canonicalizationMethodURI URI representation of the
- * Canonicalization method
- * @throws XMLSecurityException
- */
- public SignedInfo(
- Document doc, String signatureMethodURI, String canonicalizationMethodURI
- ) throws XMLSecurityException {
- this(doc, signatureMethodURI, 0, canonicalizationMethodURI);
- }
-
- /**
- * Constructor SignedInfo
- *
- * @param doc <code>SignedInfo</code> is placed in this document
- * @param signatureMethodURI URI representation of the Digest and
- * Signature algorithm
- * @param hMACOutputLength
- * @param canonicalizationMethodURI URI representation of the
- * Canonicalization method
- * @throws XMLSecurityException
- */
- public SignedInfo(
- Document doc, String signatureMethodURI,
- int hMACOutputLength, String canonicalizationMethodURI
- ) throws XMLSecurityException {
- super(doc);
-
- c14nMethod =
- XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_CANONICALIZATIONMETHOD);
-
- c14nMethod.setAttributeNS(null, Constants._ATT_ALGORITHM, canonicalizationMethodURI);
- this.constructionElement.appendChild(c14nMethod);
- XMLUtils.addReturnToElement(this.constructionElement);
-
- if (hMACOutputLength > 0) {
- this.signatureAlgorithm =
- new SignatureAlgorithm(this.doc, signatureMethodURI, hMACOutputLength);
- } else {
- this.signatureAlgorithm = new SignatureAlgorithm(this.doc, signatureMethodURI);
- }
-
- signatureMethod = this.signatureAlgorithm.getElement();
- this.constructionElement.appendChild(signatureMethod);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * @param doc
- * @param signatureMethodElem
- * @param canonicalizationMethodElem
- * @throws XMLSecurityException
- */
- public SignedInfo(
- Document doc, Element signatureMethodElem, Element canonicalizationMethodElem
- ) throws XMLSecurityException {
- super(doc);
- // Check this?
- this.c14nMethod = canonicalizationMethodElem;
- this.constructionElement.appendChild(c14nMethod);
- XMLUtils.addReturnToElement(this.constructionElement);
-
- this.signatureAlgorithm =
- new SignatureAlgorithm(signatureMethodElem, null);
-
- signatureMethod = this.signatureAlgorithm.getElement();
- this.constructionElement.appendChild(signatureMethod);
-
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Build a {@link SignedInfo} from an {@link Element}
- *
- * @param element <code>SignedInfo</code>
- * @param baseURI the URI of the resource where the XML instance was stored
- * @throws XMLSecurityException
- * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">
- * Question</A>
- * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">
- * Answer</A>
- */
- public SignedInfo(Element element, String baseURI) throws XMLSecurityException {
- this(element, baseURI, false);
- }
-
- /**
- * Build a {@link SignedInfo} from an {@link Element}
- *
- * @param element <code>SignedInfo</code>
- * @param baseURI the URI of the resource where the XML instance was stored
- * @param secureValidation whether secure validation is enabled or not
- * @throws XMLSecurityException
- * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0033.html">
- * Question</A>
- * @see <A HREF="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html">
- * Answer</A>
- */
- public SignedInfo(
- Element element, String baseURI, boolean secureValidation
- ) throws XMLSecurityException {
- // Parse the Reference children and Id attribute in the Manifest
- super(reparseSignedInfoElem(element), baseURI, secureValidation);
-
- c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
- signatureMethod = XMLUtils.getNextElement(c14nMethod.getNextSibling());
- this.signatureAlgorithm =
- new SignatureAlgorithm(signatureMethod, this.getBaseURI(), secureValidation);
- }
-
- private static Element reparseSignedInfoElem(Element element)
- throws XMLSecurityException {
- /*
- * If a custom canonicalizationMethod is used, canonicalize
- * ds:SignedInfo, reparse it into a new document
- * and replace the original not-canonicalized ds:SignedInfo by
- * the re-parsed canonicalized one.
- */
- Element c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
- String c14nMethodURI =
- c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
- if (!(c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS) ||
- c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS))) {
- // the c14n is not a secure one and can rewrite the URIs or like
- // so reparse the SignedInfo to be sure
- try {
- Canonicalizer c14nizer =
- Canonicalizer.getInstance(c14nMethodURI);
-
- byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element);
- javax.xml.parsers.DocumentBuilderFactory dbf =
- javax.xml.parsers.DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
- Document newdoc =
- db.parse(new ByteArrayInputStream(c14nizedBytes));
- Node imported =
- element.getOwnerDocument().importNode(newdoc.getDocumentElement(), true);
-
- element.getParentNode().replaceChild(imported, element);
-
- return (Element) imported;
- } catch (ParserConfigurationException ex) {
- throw new XMLSecurityException("empty", ex);
- } catch (IOException ex) {
- throw new XMLSecurityException("empty", ex);
- } catch (SAXException ex) {
- throw new XMLSecurityException("empty", ex);
- }
- }
- return element;
- }
-
- /**
- * Tests core validation process
- *
- * @return true if verification was successful
- * @throws MissingResourceFailureException
- * @throws XMLSecurityException
- */
- public boolean verify()
- throws MissingResourceFailureException, XMLSecurityException {
- return super.verifyReferences(false);
- }
-
- /**
- * Tests core validation process
- *
- * @param followManifests defines whether the verification process has to verify referenced <CODE>ds:Manifest</CODE>s, too
- * @return true if verification was successful
- * @throws MissingResourceFailureException
- * @throws XMLSecurityException
- */
- public boolean verify(boolean followManifests)
- throws MissingResourceFailureException, XMLSecurityException {
- return super.verifyReferences(followManifests);
- }
-
- /**
- * Returns getCanonicalizedOctetStream
- *
- * @return the canonicalization result octet stream of <code>SignedInfo</code> element
- * @throws CanonicalizationException
- * @throws InvalidCanonicalizerException
- * @throws XMLSecurityException
- */
- public byte[] getCanonicalizedOctetStream()
- throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException {
- if (this.c14nizedBytes == null) {
- Canonicalizer c14nizer =
- Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
-
- this.c14nizedBytes =
- c14nizer.canonicalizeSubtree(this.constructionElement);
- }
-
- // make defensive copy
- return (byte[]) this.c14nizedBytes.clone();
- }
-
- /**
- * Output the C14n stream to the given OutputStream.
- * @param os
- * @throws CanonicalizationException
- * @throws InvalidCanonicalizerException
- * @throws XMLSecurityException
- */
- public void signInOctetStream(OutputStream os)
- throws CanonicalizationException, InvalidCanonicalizerException, XMLSecurityException {
- if (this.c14nizedBytes == null) {
- Canonicalizer c14nizer =
- Canonicalizer.getInstance(this.getCanonicalizationMethodURI());
- c14nizer.setWriter(os);
- String inclusiveNamespaces = this.getInclusiveNamespaces();
-
- if (inclusiveNamespaces == null) {
- c14nizer.canonicalizeSubtree(this.constructionElement);
- } else {
- c14nizer.canonicalizeSubtree(this.constructionElement, inclusiveNamespaces);
- }
- } else {
- try {
- os.write(this.c14nizedBytes);
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
- }
-
- /**
- * Returns the Canonicalization method URI
- *
- * @return the Canonicalization method URI
- */
- public String getCanonicalizationMethodURI() {
- return c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
- }
-
- /**
- * Returns the Signature method URI
- *
- * @return the Signature method URI
- */
- public String getSignatureMethodURI() {
- Element signatureElement = this.getSignatureMethodElement();
-
- if (signatureElement != null) {
- return signatureElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
- }
-
- return null;
- }
-
- /**
- * Method getSignatureMethodElement
- * @return returns the SignatureMethod Element
- *
- */
- public Element getSignatureMethodElement() {
- return signatureMethod;
- }
-
- /**
- * Creates a SecretKey for the appropriate Mac algorithm based on a
- * byte[] array password.
- *
- * @param secretKeyBytes
- * @return the secret key for the SignedInfo element.
- */
- public SecretKey createSecretKey(byte[] secretKeyBytes) {
- return new SecretKeySpec(secretKeyBytes, this.signatureAlgorithm.getJCEAlgorithmString());
- }
-
- protected SignatureAlgorithm getSignatureAlgorithm() {
- return signatureAlgorithm;
- }
-
- /**
- * Method getBaseLocalName
- * @inheritDoc
- *
- */
- public String getBaseLocalName() {
- return Constants._TAG_SIGNEDINFO;
- }
-
- public String getInclusiveNamespaces() {
- String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
- if (!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") ||
- c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) {
- return null;
- }
-
- Element inclusiveElement = XMLUtils.getNextElement(c14nMethod.getFirstChild());
-
- if (inclusiveElement != null) {
- try {
- String inclusiveNamespaces =
- new InclusiveNamespaces(
- inclusiveElement,
- InclusiveNamespaces.ExclusiveCanonicalizationNamespace
- ).getInclusiveNamespaces();
- return inclusiveNamespaces;
- } catch (XMLSecurityException e) {
- return null;
- }
- }
- return null;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.Key;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-
-import javax.crypto.SecretKey;
-
-import org.apache.xml.security.algorithms.SignatureAlgorithm;
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.KeyInfo;
-import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.I18n;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.SignerOutputStream;
-import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolver;
-import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.Text;
-
-/**
- * Handles <code><ds:Signature></code> elements.
- * This is the main class that deals with creating and verifying signatures.
- *
- * <p>There are 2 types of constructors for this class. The ones that take a
- * document, baseURI and 1 or more Java Objects. This is mostly used for
- * signing purposes.
- * The other constructor is the one that takes a DOM Element and a baseURI.
- * This is used mostly with for verifying, when you have a SignatureElement.
- *
- * There are a few different types of methods:
- * <ul><li>The addDocument* methods are used to add References with optional
- * transforms during signing. </li>
- * <li>addKeyInfo* methods are to add Certificates and Keys to the
- * KeyInfo tags during signing. </li>
- * <li>appendObject allows a user to add any XML Structure as an
- * ObjectContainer during signing.</li>
- * <li>sign and checkSignatureValue methods are used to sign and validate the
- * signature. </li></ul>
- */
-public final class XMLSignature extends SignatureElementProxy {
-
- /** MAC - Required HMAC-SHA1 */
- public static final String ALGO_ID_MAC_HMAC_SHA1 =
- Constants.SignatureSpecNS + "hmac-sha1";
-
- /** Signature - Required DSAwithSHA1 (DSS) */
- public static final String ALGO_ID_SIGNATURE_DSA =
- Constants.SignatureSpecNS + "dsa-sha1";
-
- /** Signature - Recommended RSAwithSHA1 */
- public static final String ALGO_ID_SIGNATURE_RSA =
- Constants.SignatureSpecNS + "rsa-sha1";
-
- /** Signature - Recommended RSAwithSHA1 */
- public static final String ALGO_ID_SIGNATURE_RSA_SHA1 =
- Constants.SignatureSpecNS + "rsa-sha1";
-
- /** Signature - NOT Recommended RSAwithMD5 */
- public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
- Constants.MoreAlgorithmsSpecNS + "rsa-md5";
-
- /** Signature - Optional RSAwithRIPEMD160 */
- public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 =
- Constants.MoreAlgorithmsSpecNS + "rsa-ripemd160";
-
- /** Signature - Optional RSAwithSHA256 */
- public static final String ALGO_ID_SIGNATURE_RSA_SHA256 =
- Constants.MoreAlgorithmsSpecNS + "rsa-sha256";
-
- /** Signature - Optional RSAwithSHA384 */
- public static final String ALGO_ID_SIGNATURE_RSA_SHA384 =
- Constants.MoreAlgorithmsSpecNS + "rsa-sha384";
-
- /** Signature - Optional RSAwithSHA512 */
- public static final String ALGO_ID_SIGNATURE_RSA_SHA512 =
- Constants.MoreAlgorithmsSpecNS + "rsa-sha512";
-
- /** HMAC - NOT Recommended HMAC-MD5 */
- public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =
- Constants.MoreAlgorithmsSpecNS + "hmac-md5";
-
- /** HMAC - Optional HMAC-RIPEMD160 */
- public static final String ALGO_ID_MAC_HMAC_RIPEMD160 =
- Constants.MoreAlgorithmsSpecNS + "hmac-ripemd160";
-
- /** HMAC - Optional HMAC-SHA256 */
- public static final String ALGO_ID_MAC_HMAC_SHA256 =
- Constants.MoreAlgorithmsSpecNS + "hmac-sha256";
-
- /** HMAC - Optional HMAC-SHA284 */
- public static final String ALGO_ID_MAC_HMAC_SHA384 =
- Constants.MoreAlgorithmsSpecNS + "hmac-sha384";
-
- /** HMAC - Optional HMAC-SHA512 */
- public static final String ALGO_ID_MAC_HMAC_SHA512 =
- Constants.MoreAlgorithmsSpecNS + "hmac-sha512";
-
- /**Signature - Optional ECDSAwithSHA1 */
- public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 =
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
-
- /**Signature - Optional ECDSAwithSHA256 */
- public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 =
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
-
- /**Signature - Optional ECDSAwithSHA384 */
- public static final String ALGO_ID_SIGNATURE_ECDSA_SHA384 =
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
-
- /**Signature - Optional ECDSAwithSHA512 */
- public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 =
- "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(XMLSignature.class);
-
- /** ds:Signature.ds:SignedInfo element */
- private SignedInfo signedInfo;
-
- /** ds:Signature.ds:KeyInfo */
- private KeyInfo keyInfo;
-
- /**
- * Checking the digests in References in a Signature are mandatory, but for
- * References inside a Manifest it is application specific. This boolean is
- * to indicate that the References inside Manifests should be validated.
- */
- private boolean followManifestsDuringValidation = false;
-
- private Element signatureValueElement;
-
- private static final int MODE_SIGN = 0;
- private static final int MODE_VERIFY = 1;
- private int state = MODE_SIGN;
-
- /**
- * This creates a new <CODE>ds:Signature</CODE> Element and adds an empty
- * <CODE>ds:SignedInfo</CODE>.
- * The <code>ds:SignedInfo</code> is initialized with the specified Signature
- * algorithm and Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS which is REQUIRED
- * by the spec. This method's main use is for creating a new signature.
- *
- * @param doc Document in which the signature will be appended after creation.
- * @param baseURI URI to be used as context for all relative URIs.
- * @param signatureMethodURI signature algorithm to use.
- * @throws XMLSecurityException
- */
- public XMLSignature(Document doc, String baseURI, String signatureMethodURI)
- throws XMLSecurityException {
- this(doc, baseURI, signatureMethodURI, 0, Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
- }
-
- /**
- * Constructor XMLSignature
- *
- * @param doc
- * @param baseURI
- * @param signatureMethodURI the Signature method to be used.
- * @param hmacOutputLength
- * @throws XMLSecurityException
- */
- public XMLSignature(Document doc, String baseURI, String signatureMethodURI,
- int hmacOutputLength) throws XMLSecurityException {
- this(
- doc, baseURI, signatureMethodURI, hmacOutputLength,
- Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS
- );
- }
-
- /**
- * Constructor XMLSignature
- *
- * @param doc
- * @param baseURI
- * @param signatureMethodURI the Signature method to be used.
- * @param canonicalizationMethodURI the canonicalization algorithm to be
- * used to c14nize the SignedInfo element.
- * @throws XMLSecurityException
- */
- public XMLSignature(
- Document doc,
- String baseURI,
- String signatureMethodURI,
- String canonicalizationMethodURI
- ) throws XMLSecurityException {
- this(doc, baseURI, signatureMethodURI, 0, canonicalizationMethodURI);
- }
-
- /**
- * Constructor XMLSignature
- *
- * @param doc
- * @param baseURI
- * @param signatureMethodURI
- * @param hmacOutputLength
- * @param canonicalizationMethodURI
- * @throws XMLSecurityException
- */
- public XMLSignature(
- Document doc,
- String baseURI,
- String signatureMethodURI,
- int hmacOutputLength,
- String canonicalizationMethodURI
- ) throws XMLSecurityException {
- super(doc);
-
- String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
- if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {
- this.constructionElement.setAttributeNS(
- Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS
- );
- } else {
- this.constructionElement.setAttributeNS(
- Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS
- );
- }
- XMLUtils.addReturnToElement(this.constructionElement);
-
- this.baseURI = baseURI;
- this.signedInfo =
- new SignedInfo(
- this.doc, signatureMethodURI, hmacOutputLength, canonicalizationMethodURI
- );
-
- this.constructionElement.appendChild(this.signedInfo.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
-
- // create an empty SignatureValue; this is filled by setSignatureValueElement
- signatureValueElement =
- XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_SIGNATUREVALUE);
-
- this.constructionElement.appendChild(signatureValueElement);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Creates a XMLSignature in a Document
- * @param doc
- * @param baseURI
- * @param SignatureMethodElem
- * @param CanonicalizationMethodElem
- * @throws XMLSecurityException
- */
- public XMLSignature(
- Document doc,
- String baseURI,
- Element SignatureMethodElem,
- Element CanonicalizationMethodElem
- ) throws XMLSecurityException {
- super(doc);
-
- String xmlnsDsPrefix = getDefaultPrefix(Constants.SignatureSpecNS);
- if (xmlnsDsPrefix == null || xmlnsDsPrefix.length() == 0) {
- this.constructionElement.setAttributeNS(
- Constants.NamespaceSpecNS, "xmlns", Constants.SignatureSpecNS
- );
- } else {
- this.constructionElement.setAttributeNS(
- Constants.NamespaceSpecNS, "xmlns:" + xmlnsDsPrefix, Constants.SignatureSpecNS
- );
- }
- XMLUtils.addReturnToElement(this.constructionElement);
-
- this.baseURI = baseURI;
- this.signedInfo =
- new SignedInfo(this.doc, SignatureMethodElem, CanonicalizationMethodElem);
-
- this.constructionElement.appendChild(this.signedInfo.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
-
- // create an empty SignatureValue; this is filled by setSignatureValueElement
- signatureValueElement =
- XMLUtils.createElementInSignatureSpace(this.doc, Constants._TAG_SIGNATUREVALUE);
-
- this.constructionElement.appendChild(signatureValueElement);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * This will parse the element and construct the Java Objects.
- * That will allow a user to validate the signature.
- *
- * @param element ds:Signature element that contains the whole signature
- * @param baseURI URI to be prepended to all relative URIs
- * @throws XMLSecurityException
- * @throws XMLSignatureException if the signature is badly formatted
- */
- public XMLSignature(Element element, String baseURI)
- throws XMLSignatureException, XMLSecurityException {
- this(element, baseURI, false);
- }
-
- /**
- * This will parse the element and construct the Java Objects.
- * That will allow a user to validate the signature.
- *
- * @param element ds:Signature element that contains the whole signature
- * @param baseURI URI to be prepended to all relative URIs
- * @param secureValidation whether secure secureValidation is enabled or not
- * @throws XMLSecurityException
- * @throws XMLSignatureException if the signature is badly formatted
- */
- public XMLSignature(Element element, String baseURI, boolean secureValidation)
- throws XMLSignatureException, XMLSecurityException {
- super(element, baseURI);
-
- // check out SignedInfo child
- Element signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());
-
- // check to see if it is there
- if (signedInfoElem == null) {
- Object exArgs[] = { Constants._TAG_SIGNEDINFO, Constants._TAG_SIGNATURE };
- throw new XMLSignatureException("xml.WrongContent", exArgs);
- }
-
- // create a SignedInfo object from that element
- this.signedInfo = new SignedInfo(signedInfoElem, baseURI, secureValidation);
- // get signedInfoElem again in case it has changed
- signedInfoElem = XMLUtils.getNextElement(element.getFirstChild());
-
- // check out SignatureValue child
- this.signatureValueElement =
- XMLUtils.getNextElement(signedInfoElem.getNextSibling());
-
- // check to see if it exists
- if (signatureValueElement == null) {
- Object exArgs[] = { Constants._TAG_SIGNATUREVALUE, Constants._TAG_SIGNATURE };
- throw new XMLSignatureException("xml.WrongContent", exArgs);
- }
- Attr signatureValueAttr = signatureValueElement.getAttributeNodeNS(null, "Id");
- if (signatureValueAttr != null) {
- signatureValueElement.setIdAttributeNode(signatureValueAttr, true);
- }
-
- // <element ref="ds:KeyInfo" minOccurs="0"/>
- Element keyInfoElem =
- XMLUtils.getNextElement(signatureValueElement.getNextSibling());
-
- // If it exists use it, but it's not mandatory
- if (keyInfoElem != null
- && keyInfoElem.getNamespaceURI().equals(Constants.SignatureSpecNS)
- && keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) {
- this.keyInfo = new KeyInfo(keyInfoElem, baseURI);
- this.keyInfo.setSecureValidation(secureValidation);
- }
-
- // <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
- Element objectElem =
- XMLUtils.getNextElement(signatureValueElement.getNextSibling());
- while (objectElem != null) {
- Attr objectAttr = objectElem.getAttributeNodeNS(null, "Id");
- if (objectAttr != null) {
- objectElem.setIdAttributeNode(objectAttr, true);
- }
-
- NodeList nodes = objectElem.getChildNodes();
- int length = nodes.getLength();
- // Register Ids of the Object child elements
- for (int i = 0; i < length; i++) {
- Node child = nodes.item(i);
- if (child.getNodeType() == Node.ELEMENT_NODE) {
- Element childElem = (Element)child;
- String tag = childElem.getLocalName();
- if (tag.equals("Manifest")) {
- new Manifest(childElem, baseURI);
- } else if (tag.equals("SignatureProperties")) {
- new SignatureProperties(childElem, baseURI);
- }
- }
- }
-
- objectElem = XMLUtils.getNextElement(objectElem.getNextSibling());
- }
-
- this.state = MODE_VERIFY;
- }
-
- /**
- * Sets the <code>Id</code> attribute
- *
- * @param id Id value for the id attribute on the Signature Element
- */
- public void setId(String id) {
- if (id != null) {
- this.constructionElement.setAttributeNS(null, Constants._ATT_ID, id);
- this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
- }
- }
-
- /**
- * Returns the <code>Id</code> attribute
- *
- * @return the <code>Id</code> attribute
- */
- public String getId() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
- }
-
- /**
- * Returns the completely parsed <code>SignedInfo</code> object.
- *
- * @return the completely parsed <code>SignedInfo</code> object.
- */
- public SignedInfo getSignedInfo() {
- return this.signedInfo;
- }
-
- /**
- * Returns the octet value of the SignatureValue element.
- * Throws an XMLSignatureException if it has no or wrong content.
- *
- * @return the value of the SignatureValue element.
- * @throws XMLSignatureException If there is no content
- */
- public byte[] getSignatureValue() throws XMLSignatureException {
- try {
- return Base64.decode(signatureValueElement);
- } catch (Base64DecodingException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Base64 encodes and sets the bytes as the content of the SignatureValue
- * Node.
- *
- * @param bytes bytes to be used by SignatureValue before Base64 encoding
- */
- private void setSignatureValueElement(byte[] bytes) {
-
- while (signatureValueElement.hasChildNodes()) {
- signatureValueElement.removeChild(signatureValueElement.getFirstChild());
- }
-
- String base64codedValue = Base64.encode(bytes);
-
- if (base64codedValue.length() > 76 && !XMLUtils.ignoreLineBreaks()) {
- base64codedValue = "\n" + base64codedValue + "\n";
- }
-
- Text t = this.doc.createTextNode(base64codedValue);
- signatureValueElement.appendChild(t);
- }
-
- /**
- * Returns the KeyInfo child. If we are in signing mode and the KeyInfo
- * does not exist yet, it is created on demand and added to the Signature.
- * <br>
- * This allows to add arbitrary content to the KeyInfo during signing.
- *
- * @return the KeyInfo object
- */
- public KeyInfo getKeyInfo() {
- // check to see if we are signing and if we have to create a keyinfo
- if (this.state == MODE_SIGN && this.keyInfo == null) {
-
- // create the KeyInfo
- this.keyInfo = new KeyInfo(this.doc);
-
- // get the Element from KeyInfo
- Element keyInfoElement = this.keyInfo.getElement();
- Element firstObject =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, 0
- );
-
- if (firstObject != null) {
- // add it before the object
- this.constructionElement.insertBefore(keyInfoElement, firstObject);
- XMLUtils.addReturnBeforeChild(this.constructionElement, firstObject);
- } else {
- // add it as the last element to the signature
- this.constructionElement.appendChild(keyInfoElement);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
- }
-
- return this.keyInfo;
- }
-
- /**
- * Appends an Object (not a <code>java.lang.Object</code> but an Object
- * element) to the Signature. Please note that this is only possible
- * when signing.
- *
- * @param object ds:Object to be appended.
- * @throws XMLSignatureException When this object is used to verify.
- */
- public void appendObject(ObjectContainer object) throws XMLSignatureException {
- //try {
- //if (this.state != MODE_SIGN) {
- // throw new XMLSignatureException(
- // "signature.operationOnlyBeforeSign");
- //}
-
- this.constructionElement.appendChild(object.getElement());
- XMLUtils.addReturnToElement(this.constructionElement);
- //} catch (XMLSecurityException ex) {
- // throw new XMLSignatureException("empty", ex);
- //}
- }
-
- /**
- * Returns the <code>i<code>th <code>ds:Object</code> child of the signature
- * or null if no such <code>ds:Object</code> element exists.
- *
- * @param i
- * @return the <code>i<code>th <code>ds:Object</code> child of the signature
- * or null if no such <code>ds:Object</code> element exists.
- */
- public ObjectContainer getObjectItem(int i) {
- Element objElem =
- XMLUtils.selectDsNode(
- this.constructionElement.getFirstChild(), Constants._TAG_OBJECT, i
- );
-
- try {
- return new ObjectContainer(objElem, this.baseURI);
- } catch (XMLSecurityException ex) {
- return null;
- }
- }
-
- /**
- * Returns the number of all <code>ds:Object</code> elements.
- *
- * @return the number of all <code>ds:Object</code> elements.
- */
- public int getObjectLength() {
- return this.length(Constants.SignatureSpecNS, Constants._TAG_OBJECT);
- }
-
- /**
- * Digests all References in the SignedInfo, calculates the signature value
- * and sets it in the SignatureValue Element.
- *
- * @param signingKey the {@link java.security.PrivateKey} or
- * {@link javax.crypto.SecretKey} that is used to sign.
- * @throws XMLSignatureException
- */
- public void sign(Key signingKey) throws XMLSignatureException {
-
- if (signingKey instanceof PublicKey) {
- throw new IllegalArgumentException(
- I18n.translate("algorithms.operationOnlyVerification")
- );
- }
-
- try {
- //Create a SignatureAlgorithm object
- SignedInfo si = this.getSignedInfo();
- SignatureAlgorithm sa = si.getSignatureAlgorithm();
- OutputStream so = null;
- try {
- // initialize SignatureAlgorithm for signing
- sa.initSign(signingKey);
-
- // generate digest values for all References in this SignedInfo
- si.generateDigestValues();
- so = new UnsyncBufferedOutputStream(new SignerOutputStream(sa));
- // get the canonicalized bytes from SignedInfo
- si.signInOctetStream(so);
- } catch (XMLSecurityException ex) {
- throw ex;
- } finally {
- if (so != null) {
- try {
- so.close();
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- }
- }
- }
-
- // set them on the SignatureValue element
- this.setSignatureValueElement(sa.sign());
- } catch (XMLSignatureException ex) {
- throw ex;
- } catch (CanonicalizationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /*
- * INFO: This is made by sunggun.jung. This is modified for RDS
- */
- /**
- * Digests all References in the SignedInfo, calculates the signature value
- * and sets it in the SignatureValue Element.
- *
- * @param signingKey the {@link java.security.PrivateKey} or
- * {@link javax.crypto.SecretKey} that is used to sign.
- * @throws XMLSignatureException
- */
- public void sign(Key signingKey, String dirPath, boolean isRDS) throws XMLSignatureException {
-
- if (signingKey instanceof PublicKey) {
- throw new IllegalArgumentException(
- I18n.translate("algorithms.operationOnlyVerification")
- );
- }
-
- try {
- //Create a SignatureAlgorithm object
- SignedInfo si = this.getSignedInfo();
- SignatureAlgorithm sa = si.getSignatureAlgorithm();
- OutputStream so = null;
- try {
- // initialize SignatureAlgorithm for signing
- sa.initSign(signingKey);
-
- /*
- * INFO: for RDS
- */
- // generate digest values for all References in this SignedInfo
- try {
- if (isRDS == true)
- si.generateDigestValuesForRDS(dirPath);
- else
- si.generateDigestValuesAndWriteSnapshot(dirPath);
- } catch (IOException e) {
- e.printStackTrace();
- }
- so = new UnsyncBufferedOutputStream(new SignerOutputStream(sa));
- // get the canonicalized bytes from SignedInfo
- si.signInOctetStream(so);
- } catch (XMLSecurityException ex) {
- throw ex;
- } finally {
- if (so != null) {
- try {
- so.close();
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- }
- }
- }
-
- // set them on the SignatureValue element
- this.setSignatureValueElement(sa.sign());
- } catch (XMLSignatureException ex) {
- throw ex;
- } catch (CanonicalizationException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new XMLSignatureException("empty", ex);
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
-
- /**
- * Adds a {@link ResourceResolver} to enable the retrieval of resources.
- *
- * @param resolver
- */
- public void addResourceResolver(ResourceResolver resolver) {
- this.getSignedInfo().addResourceResolver(resolver);
- }
-
- /**
- * Adds a {@link ResourceResolverSpi} to enable the retrieval of resources.
- *
- * @param resolver
- */
- public void addResourceResolver(ResourceResolverSpi resolver) {
- this.getSignedInfo().addResourceResolver(resolver);
- }
-
- /**
- * Extracts the public key from the certificate and verifies if the signature
- * is valid by re-digesting all References, comparing those against the
- * stored DigestValues and then checking to see if the Signatures match on
- * the SignedInfo.
- *
- * @param cert Certificate that contains the public key part of the keypair
- * that was used to sign.
- * @return true if the signature is valid, false otherwise
- * @throws XMLSignatureException
- */
- public boolean checkSignatureValue(X509Certificate cert)
- throws XMLSignatureException {
- // see if cert is null
- if (cert != null) {
- // check the values with the public key from the cert
- return this.checkSignatureValue(cert.getPublicKey());
- }
-
- Object exArgs[] = { "Didn't get a certificate" };
- throw new XMLSignatureException("empty", exArgs);
- }
-
- /**
- * Verifies if the signature is valid by redigesting all References,
- * comparing those against the stored DigestValues and then checking to see
- * if the Signatures match on the SignedInfo.
- *
- * @param pk {@link java.security.PublicKey} part of the keypair or
- * {@link javax.crypto.SecretKey} that was used to sign
- * @return true if the signature is valid, false otherwise
- * @throws XMLSignatureException
- */
- public boolean checkSignatureValue(Key pk) throws XMLSignatureException {
- //COMMENT: pk suggests it can only be a public key?
- //check to see if the key is not null
- if (pk == null) {
- Object exArgs[] = { "Didn't get a key" };
- throw new XMLSignatureException("empty", exArgs);
- }
- // all references inside the signedinfo need to be dereferenced and
- // digested again to see if the outcome matches the stored value in the
- // SignedInfo.
- // If followManifestsDuringValidation is true it will do the same for
- // References inside a Manifest.
- try {
- SignedInfo si = this.getSignedInfo();
- //create a SignatureAlgorithms from the SignatureMethod inside
- //SignedInfo. This is used to validate the signature.
- SignatureAlgorithm sa = si.getSignatureAlgorithm();
- if (log.isDebugEnabled()) {
- log.debug("signatureMethodURI = " + sa.getAlgorithmURI());
- log.debug("jceSigAlgorithm = " + sa.getJCEAlgorithmString());
- log.debug("jceSigProvider = " + sa.getJCEProviderName());
- log.debug("PublicKey = " + pk);
- }
- byte sigBytes[] = null;
- try {
- sa.initVerify(pk);
-
- // Get the canonicalized (normalized) SignedInfo
- SignerOutputStream so = new SignerOutputStream(sa);
- OutputStream bos = new UnsyncBufferedOutputStream(so);
-
- si.signInOctetStream(bos);
- bos.close();
- // retrieve the byte[] from the stored signature
- sigBytes = this.getSignatureValue();
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- // Impossible...
- } catch (XMLSecurityException ex) {
- throw ex;
- }
-
- // have SignatureAlgorithm sign the input bytes and compare them to
- // the bytes that were stored in the signature.
- if (!sa.verify(sigBytes)) {
- log.warn("Signature verification failed.");
- return false;
- }
-
- return si.verify(this.followManifestsDuringValidation);
- } catch (XMLSignatureException ex) {
- throw ex;
- } catch (XMLSecurityException ex) {
- throw new XMLSignatureException("empty", ex);
- }
- }
-
- /**
- * Add a Reference with full parameters to this Signature
- *
- * @param referenceURI URI of the resource to be signed. Can be null in
- * which case the dereferencing is application specific. Can be "" in which
- * it's the parent node (or parent document?). There can only be one "" in
- * each signature.
- * @param trans Optional list of transformations to be done before digesting
- * @param digestURI Mandatory URI of the digesting algorithm to use.
- * @param referenceId Optional id attribute for this Reference
- * @param referenceType Optional mimetype for the URI
- * @throws XMLSignatureException
- */
- public void addDocument(
- String referenceURI,
- Transforms trans,
- String digestURI,
- String referenceId,
- String referenceType
- ) throws XMLSignatureException {
- this.signedInfo.addDocument(
- this.baseURI, referenceURI, trans, digestURI, referenceId, referenceType
- );
- }
-
- /**
- * This method is a proxy method for the {@link Manifest#addDocument} method.
- *
- * @param referenceURI URI according to the XML Signature specification.
- * @param trans List of transformations to be applied.
- * @param digestURI URI of the digest algorithm to be used.
- * @see Manifest#addDocument
- * @throws XMLSignatureException
- */
- public void addDocument(
- String referenceURI,
- Transforms trans,
- String digestURI
- ) throws XMLSignatureException {
- this.signedInfo.addDocument(this.baseURI, referenceURI, trans, digestURI, null, null);
- }
-
- /**
- * Adds a Reference with just the URI and the transforms. This used the
- * SHA1 algorithm as a default digest algorithm.
- *
- * @param referenceURI URI according to the XML Signature specification.
- * @param trans List of transformations to be applied.
- * @throws XMLSignatureException
- */
- public void addDocument(String referenceURI, Transforms trans)
- throws XMLSignatureException {
- this.signedInfo.addDocument(
- this.baseURI, referenceURI, trans, Constants.ALGO_ID_DIGEST_SHA1, null, null
- );
- }
-
- /**
- * Add a Reference with just this URI. It uses SHA1 by default as the digest
- * algorithm
- *
- * @param referenceURI URI according to the XML Signature specification.
- * @throws XMLSignatureException
- */
- public void addDocument(String referenceURI) throws XMLSignatureException {
- this.signedInfo.addDocument(
- this.baseURI, referenceURI, null, Constants.ALGO_ID_DIGEST_SHA1, null, null
- );
- }
-
- /**
- * Add an X509 Certificate to the KeyInfo. This will include the whole cert
- * inside X509Data/X509Certificate tags.
- *
- * @param cert Certificate to be included. This should be the certificate of
- * the key that was used to sign.
- * @throws XMLSecurityException
- */
- public void addKeyInfo(X509Certificate cert) throws XMLSecurityException {
- X509Data x509data = new X509Data(this.doc);
-
- x509data.addCertificate(cert);
- this.getKeyInfo().add(x509data);
- }
-
- /**
- * Add this public key to the KeyInfo. This will include the complete key in
- * the KeyInfo structure.
- *
- * @param pk
- */
- public void addKeyInfo(PublicKey pk) {
- this.getKeyInfo().add(pk);
- }
-
- /**
- * Proxy method for {@link SignedInfo#createSecretKey(byte[])}. If you want
- * to create a MAC, this method helps you to obtain the
- * {@link javax.crypto.SecretKey} from octets.
- *
- * @param secretKeyBytes
- * @return the secret key created.
- * @see SignedInfo#createSecretKey(byte[])
- */
- public SecretKey createSecretKey(byte[] secretKeyBytes) {
- return this.getSignedInfo().createSecretKey(secretKeyBytes);
- }
-
- /**
- * Signal wether Manifest should be automatically validated.
- * Checking the digests in References in a Signature are mandatory, but for
- * References inside a Manifest it is application specific. This boolean is
- * to indicate that the References inside Manifests should be validated.
- *
- * @param followManifests
- * @see <a href="http://www.w3.org/TR/xmldsig-core/#sec-CoreValidation">
- * Core validation section in the XML Signature Rec.</a>
- */
- public void setFollowNestedManifests(boolean followManifests) {
- this.followManifestsDuringValidation = followManifests;
- }
-
- /**
- * Get the local name of this element
- *
- * @return Constants._TAG_SIGNATURE
- */
- public String getBaseLocalName() {
- return Constants._TAG_SIGNATURE;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-/**
- * All XML Signature related exceptions inherit herefrom.
- *
- * @see MissingResourceFailureException InvalidDigestValueException InvalidSignatureValueException
- * @author Christian Geuer-Pollmann
- */
-public class XMLSignatureException extends XMLSecurityException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor XMLSignatureException
- *
- */
- public XMLSignatureException() {
- super();
- }
-
- /**
- * Constructor XMLSignatureException
- *
- * @param msgID
- */
- public XMLSignatureException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor XMLSignatureException
- *
- * @param msgID
- * @param exArgs
- */
- public XMLSignatureException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor XMLSignatureException
- *
- * @param msgID
- * @param originalException
- */
- public XMLSignatureException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor XMLSignatureException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public XMLSignatureException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.implementations.CanonicalizerBase;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments;
-import org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments;
-import org.apache.xml.security.exceptions.XMLSecurityRuntimeException;
-import org.apache.xml.security.utils.JavaUtils;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-/**
- * Class XMLSignatureInput
- *
- * @author Christian Geuer-Pollmann
- * $todo$ check whether an XMLSignatureInput can be _both_, octet stream _and_ node set?
- */
-public class XMLSignatureInput {
- /*
- * The XMLSignature Input can be either:
- * A byteArray like with/or without InputStream.
- * Or a nodeSet like defined either:
- * * as a collection of nodes
- * * or as subnode excluding or not comments and excluding or
- * not other nodes.
- */
-
- /**
- * Some InputStreams do not support the {@link java.io.InputStream#reset}
- * method, so we read it in completely and work on our Proxy.
- */
- private InputStream inputOctetStreamProxy = null;
- /**
- * The original NodeSet for this XMLSignatureInput
- */
- private Set<Node> inputNodeSet = null;
- /**
- * The original Element
- */
- private Node subNode = null;
- /**
- * Exclude Node *for enveloped transformations*
- */
- private Node excludeNode = null;
- /**
- *
- */
- private boolean excludeComments = false;
-
- private boolean isNodeSet = false;
- /**
- * A cached bytes
- */
- private byte[] bytes = null;
-
- /**
- * Some Transforms may require explicit MIME type, charset (IANA registered
- * "character set"), or other such information concerning the data they are
- * receiving from an earlier Transform or the source data, although no
- * Transform algorithm specified in this document needs such explicit
- * information. Such data characteristics are provided as parameters to the
- * Transform algorithm and should be described in the specification for the
- * algorithm.
- */
- private String mimeType = null;
-
- /**
- * Field sourceURI
- */
- private String sourceURI = null;
-
- /**
- * Node Filter list.
- */
- private List<NodeFilter> nodeFilters = new ArrayList<NodeFilter>();
-
- private boolean needsToBeExpanded = false;
- private OutputStream outputStream = null;
-
- private DocumentBuilderFactory dfactory;
-
- /**
- * Construct a XMLSignatureInput from an octet array.
- * <p>
- * This is a comfort method, which internally converts the byte[] array into
- * an InputStream
- * <p>NOTE: no defensive copy</p>
- * @param inputOctets an octet array which including XML document or node
- */
- public XMLSignatureInput(byte[] inputOctets) {
- // NO defensive copy
- this.bytes = inputOctets;
- }
-
- /**
- * Constructs a <code>XMLSignatureInput</code> from an octet stream. The
- * stream is directly read.
- *
- * @param inputOctetStream
- */
- public XMLSignatureInput(InputStream inputOctetStream) {
- this.inputOctetStreamProxy = inputOctetStream;
- }
-
- /**
- * Construct a XMLSignatureInput from a subtree rooted by rootNode. This
- * method included the node and <I>all</I> his descendants in the output.
- *
- * @param rootNode
- */
- public XMLSignatureInput(Node rootNode) {
- this.subNode = rootNode;
- }
-
- /**
- * Constructor XMLSignatureInput
- *
- * @param inputNodeSet
- */
- public XMLSignatureInput(Set<Node> inputNodeSet) {
- this.inputNodeSet = inputNodeSet;
- }
-
- /**
- * Check if the structure needs to be expanded.
- * @return true if so.
- */
- public boolean isNeedsToBeExpanded() {
- return needsToBeExpanded;
- }
-
- /**
- * Set if the structure needs to be expanded.
- * @param needsToBeExpanded true if so.
- */
- public void setNeedsToBeExpanded(boolean needsToBeExpanded) {
- this.needsToBeExpanded = needsToBeExpanded;
- }
-
- /**
- * Returns the node set from input which was specified as the parameter of
- * {@link XMLSignatureInput} constructor
- *
- * @return the node set
- * @throws SAXException
- * @throws IOException
- * @throws ParserConfigurationException
- * @throws CanonicalizationException
- */
- public Set<Node> getNodeSet() throws CanonicalizationException, ParserConfigurationException,
- IOException, SAXException {
- return getNodeSet(false);
- }
-
- /**
- * Get the Input NodeSet.
- * @return the Input NodeSet.
- */
- public Set<Node> getInputNodeSet() {
- return inputNodeSet;
- }
-
- /**
- * Returns the node set from input which was specified as the parameter of
- * {@link XMLSignatureInput} constructor
- * @param circumvent
- *
- * @return the node set
- * @throws SAXException
- * @throws IOException
- * @throws ParserConfigurationException
- * @throws CanonicalizationException
- */
- public Set<Node> getNodeSet(boolean circumvent) throws ParserConfigurationException,
- IOException, SAXException, CanonicalizationException {
- if (inputNodeSet != null) {
- return inputNodeSet;
- }
- if (inputOctetStreamProxy == null && subNode != null) {
- if (circumvent) {
- XMLUtils.circumventBug2650(XMLUtils.getOwnerDocument(subNode));
- }
- inputNodeSet = new HashSet<Node>();
- XMLUtils.getSet(subNode, inputNodeSet, excludeNode, excludeComments);
- return inputNodeSet;
- } else if (isOctetStream()) {
- convertToNodes();
- Set<Node> result = new HashSet<Node>();
- XMLUtils.getSet(subNode, result, null, false);
- return result;
- }
-
- throw new RuntimeException("getNodeSet() called but no input data present");
- }
-
- /**
- * Returns the Octet stream(byte Stream) from input which was specified as
- * the parameter of {@link XMLSignatureInput} constructor
- *
- * @return the Octet stream(byte Stream) from input which was specified as
- * the parameter of {@link XMLSignatureInput} constructor
- * @throws IOException
- */
- public InputStream getOctetStream() throws IOException {
- if (inputOctetStreamProxy != null) {
- return inputOctetStreamProxy;
- }
-
- if (bytes != null) {
- inputOctetStreamProxy = new ByteArrayInputStream(bytes);
- return inputOctetStreamProxy;
- }
-
- return null;
- }
-
- /**
- * @return real octet stream
- */
- public InputStream getOctetStreamReal() {
- return inputOctetStreamProxy;
- }
-
- /**
- * Returns the byte array from input which was specified as the parameter of
- * {@link XMLSignatureInput} constructor
- *
- * @return the byte[] from input which was specified as the parameter of
- * {@link XMLSignatureInput} constructor
- *
- * @throws CanonicalizationException
- * @throws IOException
- */
- public byte[] getBytes() throws IOException, CanonicalizationException {
- byte[] inputBytes = getBytesFromInputStream();
- if (inputBytes != null) {
- return inputBytes;
- }
- Canonicalizer20010315OmitComments c14nizer = new Canonicalizer20010315OmitComments();
- bytes = c14nizer.engineCanonicalize(this);
- return bytes;
- }
-
- /**
- * Determines if the object has been set up with a Node set
- *
- * @return true if the object has been set up with a Node set
- */
- public boolean isNodeSet() {
- return ((inputOctetStreamProxy == null
- && inputNodeSet != null) || isNodeSet);
- }
-
- /**
- * Determines if the object has been set up with an Element
- *
- * @return true if the object has been set up with an Element
- */
- public boolean isElement() {
- return (inputOctetStreamProxy == null && subNode != null
- && inputNodeSet == null && !isNodeSet);
- }
-
- /**
- * Determines if the object has been set up with an octet stream
- *
- * @return true if the object has been set up with an octet stream
- */
- public boolean isOctetStream() {
- return ((inputOctetStreamProxy != null || bytes != null)
- && (inputNodeSet == null && subNode == null));
- }
-
- /**
- * Determines if {@link #setOutputStream} has been called with a
- * non-null OutputStream.
- *
- * @return true if {@link #setOutputStream} has been called with a
- * non-null OutputStream
- */
- public boolean isOutputStreamSet() {
- return outputStream != null;
- }
-
- /**
- * Determines if the object has been set up with a ByteArray
- *
- * @return true is the object has been set up with an octet stream
- */
- public boolean isByteArray() {
- return (bytes != null && (this.inputNodeSet == null && subNode == null));
- }
-
- /**
- * Is the object correctly set up?
- *
- * @return true if the object has been set up correctly
- */
- public boolean isInitialized() {
- return isOctetStream() || isNodeSet();
- }
-
- /**
- * Returns mimeType
- *
- * @return mimeType
- */
- public String getMIMEType() {
- return mimeType;
- }
-
- /**
- * Sets mimeType
- *
- * @param mimeType
- */
- public void setMIMEType(String mimeType) {
- this.mimeType = mimeType;
- }
-
- /**
- * Return SourceURI
- *
- * @return SourceURI
- */
- public String getSourceURI() {
- return sourceURI;
- }
-
- /**
- * Sets SourceURI
- *
- * @param sourceURI
- */
- public void setSourceURI(String sourceURI) {
- this.sourceURI = sourceURI;
- }
-
- /**
- * Method toString
- * @inheritDoc
- */
- public String toString() {
- if (isNodeSet()) {
- return "XMLSignatureInput/NodeSet/" + inputNodeSet.size()
- + " nodes/" + getSourceURI();
- }
- if (isElement()) {
- return "XMLSignatureInput/Element/" + subNode
- + " exclude "+ excludeNode + " comments:"
- + excludeComments +"/" + getSourceURI();
- }
- try {
- return "XMLSignatureInput/OctetStream/" + getBytes().length
- + " octets/" + getSourceURI();
- } catch (IOException iex) {
- return "XMLSignatureInput/OctetStream//" + getSourceURI();
- } catch (CanonicalizationException cex) {
- return "XMLSignatureInput/OctetStream//" + getSourceURI();
- }
- }
-
- /**
- * Method getHTMLRepresentation
- *
- * @throws XMLSignatureException
- * @return The HTML representation for this XMLSignature
- */
- public String getHTMLRepresentation() throws XMLSignatureException {
- XMLSignatureInputDebugger db = new XMLSignatureInputDebugger(this);
- return db.getHTMLRepresentation();
- }
-
- /**
- * Method getHTMLRepresentation
- *
- * @param inclusiveNamespaces
- * @throws XMLSignatureException
- * @return The HTML representation for this XMLSignature
- */
- public String getHTMLRepresentation(Set<String> inclusiveNamespaces)
- throws XMLSignatureException {
- XMLSignatureInputDebugger db =
- new XMLSignatureInputDebugger(this, inclusiveNamespaces);
- return db.getHTMLRepresentation();
- }
-
- /**
- * Gets the exclude node of this XMLSignatureInput
- * @return Returns the excludeNode.
- */
- public Node getExcludeNode() {
- return excludeNode;
- }
-
- /**
- * Sets the exclude node of this XMLSignatureInput
- * @param excludeNode The excludeNode to set.
- */
- public void setExcludeNode(Node excludeNode) {
- this.excludeNode = excludeNode;
- }
-
- /**
- * Gets the node of this XMLSignatureInput
- * @return The excludeNode set.
- */
- public Node getSubNode() {
- return subNode;
- }
-
- /**
- * @return Returns the excludeComments.
- */
- public boolean isExcludeComments() {
- return excludeComments;
- }
-
- /**
- * @param excludeComments The excludeComments to set.
- */
- public void setExcludeComments(boolean excludeComments) {
- this.excludeComments = excludeComments;
- }
-
- /**
- * @param diOs
- * @throws IOException
- * @throws CanonicalizationException
- */
- public void updateOutputStream(OutputStream diOs)
- throws CanonicalizationException, IOException {
- updateOutputStream(diOs, false);
- }
-
- public void updateOutputStream(OutputStream diOs, boolean c14n11)
- throws CanonicalizationException, IOException {
- if (diOs == outputStream) {
- return;
- }
- if (bytes != null) {
- diOs.write(bytes);
- } else if (inputOctetStreamProxy == null) {
- CanonicalizerBase c14nizer = null;
- if (c14n11) {
- c14nizer = new Canonicalizer11_OmitComments();
- } else {
- c14nizer = new Canonicalizer20010315OmitComments();
- }
- c14nizer.setWriter(diOs);
- c14nizer.engineCanonicalize(this);
- } else {
- byte[] buffer = new byte[4 * 1024];
- int bytesread = 0;
- try {
- while ((bytesread = inputOctetStreamProxy.read(buffer)) != -1) {
- diOs.write(buffer, 0, bytesread);
- }
- } catch (IOException ex) {
- inputOctetStreamProxy.close();
- throw ex;
- }
- }
- }
-
- /**
- * @param os
- */
- public void setOutputStream(OutputStream os) {
- outputStream = os;
- }
-
- private byte[] getBytesFromInputStream() throws IOException {
- if (bytes != null) {
- return bytes;
- }
- if (inputOctetStreamProxy == null) {
- return null;
- }
- try {
- bytes = JavaUtils.getBytesFromStream(inputOctetStreamProxy);
- } finally {
- inputOctetStreamProxy.close();
- }
- return bytes;
- }
-
- /**
- * @param filter
- */
- public void addNodeFilter(NodeFilter filter) {
- if (isOctetStream()) {
- try {
- convertToNodes();
- } catch (Exception e) {
- throw new XMLSecurityRuntimeException(
- "signature.XMLSignatureInput.nodesetReference", e
- );
- }
- }
- nodeFilters.add(filter);
- }
-
- /**
- * @return the node filters
- */
- public List<NodeFilter> getNodeFilters() {
- return nodeFilters;
- }
-
- /**
- * @param b
- */
- public void setNodeSet(boolean b) {
- isNodeSet = b;
- }
-
- void convertToNodes() throws CanonicalizationException,
- ParserConfigurationException, IOException, SAXException {
- if (dfactory == null) {
- dfactory = DocumentBuilderFactory.newInstance();
- dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- dfactory.setValidating(false);
- dfactory.setNamespaceAware(true);
- }
- DocumentBuilder db = dfactory.newDocumentBuilder();
- // select all nodes, also the comments.
- try {
- db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
-
- Document doc = db.parse(this.getOctetStream());
- this.subNode = doc;
- } catch (SAXException ex) {
- // if a not-wellformed nodeset exists, put a container around it...
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
- baos.write("<container>".getBytes("UTF-8"));
- baos.write(this.getBytes());
- baos.write("</container>".getBytes("UTF-8"));
-
- byte result[] = baos.toByteArray();
- Document document = db.parse(new ByteArrayInputStream(result));
- this.subNode = document.getDocumentElement().getFirstChild().getFirstChild();
- } finally {
- if (this.inputOctetStreamProxy != null) {
- this.inputOctetStreamProxy.close();
- }
- this.inputOctetStreamProxy = null;
- this.bytes = null;
- }
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.signature;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.io.Writer;
-import java.util.Arrays;
-import java.util.Set;
-
-import org.apache.xml.security.c14n.helper.AttrCompare;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Comment;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.ProcessingInstruction;
-
-/**
- * Class XMLSignatureInputDebugger
- */
-public class XMLSignatureInputDebugger {
-
- /** Field _xmlSignatureInput */
- private Set<Node> xpathNodeSet;
-
- private Set<String> inclusiveNamespaces;
-
- /** Field doc */
- private Document doc = null;
-
- /** Field writer */
- private Writer writer = null;
-
- /** The HTML Prefix* */
- static final String HTMLPrefix =
- "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"
- + "<html>\n"
- + "<head>\n"
- + "<title>Caninical XML node set</title>\n"
- + "<style type=\"text/css\">\n"
- + "<!-- \n"
- + ".INCLUDED { \n"
- + " color: #000000; \n"
- + " background-color: \n"
- + " #FFFFFF; \n"
- + " font-weight: bold; } \n"
- + ".EXCLUDED { \n"
- + " color: #666666; \n"
- + " background-color: \n"
- + " #999999; } \n"
- + ".INCLUDEDINCLUSIVENAMESPACE { \n"
- + " color: #0000FF; \n"
- + " background-color: #FFFFFF; \n"
- + " font-weight: bold; \n"
- + " font-style: italic; } \n"
- + ".EXCLUDEDINCLUSIVENAMESPACE { \n"
- + " color: #0000FF; \n"
- + " background-color: #999999; \n"
- + " font-style: italic; } \n"
- + "--> \n"
- + "</style> \n"
- + "</head>\n"
- + "<body bgcolor=\"#999999\">\n"
- + "<h1>Explanation of the output</h1>\n"
- + "<p>The following text contains the nodeset of the given Reference before it is canonicalized. There exist four different styles to indicate how a given node is treated.</p>\n"
- + "<ul>\n"
- + "<li class=\"INCLUDED\">A node which is in the node set is labeled using the INCLUDED style.</li>\n"
- + "<li class=\"EXCLUDED\">A node which is <em>NOT</em> in the node set is labeled EXCLUDED style.</li>\n"
- + "<li class=\"INCLUDEDINCLUSIVENAMESPACE\">A namespace which is in the node set AND in the InclusiveNamespaces PrefixList is labeled using the INCLUDEDINCLUSIVENAMESPACE style.</li>\n"
- + "<li class=\"EXCLUDEDINCLUSIVENAMESPACE\">A namespace which is in NOT the node set AND in the InclusiveNamespaces PrefixList is labeled using the INCLUDEDINCLUSIVENAMESPACE style.</li>\n"
- + "</ul>\n" + "<h1>Output</h1>\n" + "<pre>\n";
-
- /** HTML Suffix * */
- static final String HTMLSuffix = "</pre></body></html>";
-
- static final String HTMLExcludePrefix = "<span class=\"EXCLUDED\">";
-
- static final String HTMLIncludePrefix = "<span class=\"INCLUDED\">";
-
- static final String HTMLIncludeOrExcludeSuffix = "</span>";
-
- static final String HTMLIncludedInclusiveNamespacePrefix = "<span class=\"INCLUDEDINCLUSIVENAMESPACE\">";
-
- static final String HTMLExcludedInclusiveNamespacePrefix = "<span class=\"EXCLUDEDINCLUSIVENAMESPACE\">";
-
- private static final int NODE_BEFORE_DOCUMENT_ELEMENT = -1;
-
- private static final int NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT = 0;
-
- private static final int NODE_AFTER_DOCUMENT_ELEMENT = 1;
-
- static final AttrCompare ATTR_COMPARE = new AttrCompare();
-
- /**
- * Constructor XMLSignatureInputDebugger
- *
- * @param xmlSignatureInput the signature to pretty print
- */
- public XMLSignatureInputDebugger(XMLSignatureInput xmlSignatureInput) {
- if (!xmlSignatureInput.isNodeSet()) {
- this.xpathNodeSet = null;
- } else {
- this.xpathNodeSet = xmlSignatureInput.getInputNodeSet();
- }
- }
-
- /**
- * Constructor XMLSignatureInputDebugger
- *
- * @param xmlSignatureInput the signatur to pretty print
- * @param inclusiveNamespace
- */
- public XMLSignatureInputDebugger(
- XMLSignatureInput xmlSignatureInput,
- Set<String> inclusiveNamespace
- ) {
- this(xmlSignatureInput);
- this.inclusiveNamespaces = inclusiveNamespace;
- }
-
- /**
- * Method getHTMLRepresentation
- *
- * @return The HTML Representation.
- * @throws XMLSignatureException
- */
- public String getHTMLRepresentation() throws XMLSignatureException {
- if ((this.xpathNodeSet == null) || (this.xpathNodeSet.size() == 0)) {
- return HTMLPrefix + "<blink>no node set, sorry</blink>" + HTMLSuffix;
- }
-
- // get only a single node as anchor to fetch the owner document
- Node n = (Node) this.xpathNodeSet.iterator().next();
-
- this.doc = XMLUtils.getOwnerDocument(n);
-
- try {
- this.writer = new StringWriter();
-
- this.canonicalizeXPathNodeSet(this.doc);
- this.writer.close();
-
- return this.writer.toString();
- } catch (IOException ex) {
- throw new XMLSignatureException("empty", ex);
- } finally {
- this.xpathNodeSet = null;
- this.doc = null;
- this.writer = null;
- }
- }
-
- /**
- * Method canonicalizeXPathNodeSet
- *
- * @param currentNode
- * @throws XMLSignatureException
- * @throws IOException
- */
- private void canonicalizeXPathNodeSet(Node currentNode)
- throws XMLSignatureException, IOException {
-
- int currentNodeType = currentNode.getNodeType();
- switch (currentNodeType) {
-
-
- case Node.ENTITY_NODE:
- case Node.NOTATION_NODE:
- case Node.DOCUMENT_FRAGMENT_NODE:
- case Node.ATTRIBUTE_NODE:
- throw new XMLSignatureException("empty");
- case Node.DOCUMENT_NODE:
- this.writer.write(HTMLPrefix);
-
- for (Node currentChild = currentNode.getFirstChild();
- currentChild != null; currentChild = currentChild.getNextSibling()) {
- this.canonicalizeXPathNodeSet(currentChild);
- }
-
- this.writer.write(HTMLSuffix);
- break;
-
- case Node.COMMENT_NODE:
- if (this.xpathNodeSet.contains(currentNode)) {
- this.writer.write(HTMLIncludePrefix);
- } else {
- this.writer.write(HTMLExcludePrefix);
- }
-
- int position = getPositionRelativeToDocumentElement(currentNode);
-
- if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
- this.writer.write("\n");
- }
-
- this.outputCommentToWriter((Comment) currentNode);
-
- if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
- this.writer.write("\n");
- }
-
- this.writer.write(HTMLIncludeOrExcludeSuffix);
- break;
-
- case Node.PROCESSING_INSTRUCTION_NODE:
- if (this.xpathNodeSet.contains(currentNode)) {
- this.writer.write(HTMLIncludePrefix);
- } else {
- this.writer.write(HTMLExcludePrefix);
- }
-
- position = getPositionRelativeToDocumentElement(currentNode);
-
- if (position == NODE_AFTER_DOCUMENT_ELEMENT) {
- this.writer.write("\n");
- }
-
- this.outputPItoWriter((ProcessingInstruction) currentNode);
-
- if (position == NODE_BEFORE_DOCUMENT_ELEMENT) {
- this.writer.write("\n");
- }
-
- this.writer.write(HTMLIncludeOrExcludeSuffix);
- break;
-
- case Node.TEXT_NODE:
- case Node.CDATA_SECTION_NODE:
- if (this.xpathNodeSet.contains(currentNode)) {
- this.writer.write(HTMLIncludePrefix);
- } else {
- this.writer.write(HTMLExcludePrefix);
- }
-
- outputTextToWriter(currentNode.getNodeValue());
-
- for (Node nextSibling = currentNode.getNextSibling();
- (nextSibling != null)
- && ((nextSibling.getNodeType() == Node.TEXT_NODE)
- || (nextSibling.getNodeType() == Node.CDATA_SECTION_NODE));
- nextSibling = nextSibling.getNextSibling()) {
- /*
- * The XPath data model allows to select only the first of a
- * sequence of mixed text and CDATA nodes. But we must output
- * them all, so we must search:
- *
- * @see http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6329
- */
- this.outputTextToWriter(nextSibling.getNodeValue());
- }
-
- this.writer.write(HTMLIncludeOrExcludeSuffix);
- break;
-
- case Node.ELEMENT_NODE:
- Element currentElement = (Element) currentNode;
-
- if (this.xpathNodeSet.contains(currentNode)) {
- this.writer.write(HTMLIncludePrefix);
- } else {
- this.writer.write(HTMLExcludePrefix);
- }
-
- this.writer.write("<");
- this.writer.write(currentElement.getTagName());
-
- this.writer.write(HTMLIncludeOrExcludeSuffix);
-
- // we output all Attrs which are available
- NamedNodeMap attrs = currentElement.getAttributes();
- int attrsLength = attrs.getLength();
- Attr attrs2[] = new Attr[attrsLength];
-
- for (int i = 0; i < attrsLength; i++) {
- attrs2[i] = (Attr)attrs.item(i);
- }
-
- Arrays.sort(attrs2, ATTR_COMPARE);
- Object attrs3[] = attrs2;
-
- for (int i = 0; i < attrsLength; i++) {
- Attr a = (Attr) attrs3[i];
- boolean included = this.xpathNodeSet.contains(a);
- boolean inclusive = this.inclusiveNamespaces.contains(a.getName());
-
- if (included) {
- if (inclusive) {
- // included and inclusive
- this.writer.write(HTMLIncludedInclusiveNamespacePrefix);
- } else {
- // included and not inclusive
- this.writer.write(HTMLIncludePrefix);
- }
- } else {
- if (inclusive) {
- // excluded and inclusive
- this.writer.write(HTMLExcludedInclusiveNamespacePrefix);
- } else {
- // excluded and not inclusive
- this.writer.write(HTMLExcludePrefix);
- }
- }
-
- this.outputAttrToWriter(a.getNodeName(), a.getNodeValue());
- this.writer.write(HTMLIncludeOrExcludeSuffix);
- }
-
- if (this.xpathNodeSet.contains(currentNode)) {
- this.writer.write(HTMLIncludePrefix);
- } else {
- this.writer.write(HTMLExcludePrefix);
- }
-
- this.writer.write(">");
-
- this.writer.write(HTMLIncludeOrExcludeSuffix);
-
- // traversal
- for (Node currentChild = currentNode.getFirstChild();
- currentChild != null;
- currentChild = currentChild.getNextSibling()) {
- this.canonicalizeXPathNodeSet(currentChild);
- }
-
- if (this.xpathNodeSet.contains(currentNode)) {
- this.writer.write(HTMLIncludePrefix);
- } else {
- this.writer.write(HTMLExcludePrefix);
- }
-
- this.writer.write("</");
- this.writer.write(currentElement.getTagName());
- this.writer.write(">");
-
- this.writer.write(HTMLIncludeOrExcludeSuffix);
- break;
-
- case Node.DOCUMENT_TYPE_NODE:
- default:
- break;
- }
- }
-
- /**
- * Checks whether a Comment or ProcessingInstruction is before or after the
- * document element. This is needed for prepending or appending "\n"s.
- *
- * @param currentNode
- * comment or pi to check
- * @return NODE_BEFORE_DOCUMENT_ELEMENT,
- * NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT or
- * NODE_AFTER_DOCUMENT_ELEMENT
- * @see #NODE_BEFORE_DOCUMENT_ELEMENT
- * @see #NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT
- * @see #NODE_AFTER_DOCUMENT_ELEMENT
- */
- private int getPositionRelativeToDocumentElement(Node currentNode) {
- if (currentNode == null) {
- return NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- }
-
- Document doc = currentNode.getOwnerDocument();
-
- if (currentNode.getParentNode() != doc) {
- return NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- }
-
- Element documentElement = doc.getDocumentElement();
-
- if (documentElement == null) {
- return NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- }
-
- if (documentElement == currentNode) {
- return NODE_NOT_BEFORE_OR_AFTER_DOCUMENT_ELEMENT;
- }
-
- for (Node x = currentNode; x != null; x = x.getNextSibling()) {
- if (x == documentElement) {
- return NODE_BEFORE_DOCUMENT_ELEMENT;
- }
- }
-
- return NODE_AFTER_DOCUMENT_ELEMENT;
- }
-
- /**
- * Normalizes an {@link Attr}ibute value
- *
- * The string value of the node is modified by replacing
- * <UL>
- * <LI>all ampersands (&) with <CODE>&amp;</CODE></LI>
- * <LI>all open angle brackets (<) with <CODE>&lt;</CODE></LI>
- * <LI>all quotation mark characters with <CODE>&quot;</CODE></LI>
- * <LI>and the whitespace characters <CODE>#x9</CODE>, #xA, and #xD,
- * with character references. The character references are written in
- * uppercase hexadecimal with no leading zeroes (for example, <CODE>#xD</CODE>
- * is represented by the character reference <CODE>&#xD;</CODE>)</LI>
- * </UL>
- *
- * @param name
- * @param value
- * @throws IOException
- */
- private void outputAttrToWriter(String name, String value) throws IOException {
- this.writer.write(" ");
- this.writer.write(name);
- this.writer.write("=\"");
-
- int length = value.length();
-
- for (int i = 0; i < length; i++) {
- char c = value.charAt(i);
-
- switch (c) {
-
- case '&':
- this.writer.write("&amp;");
- break;
-
- case '<':
- this.writer.write("&lt;");
- break;
-
- case '"':
- this.writer.write("&quot;");
- break;
-
- case 0x09: // '\t'
- this.writer.write("&#x9;");
- break;
-
- case 0x0A: // '\n'
- this.writer.write("&#xA;");
- break;
-
- case 0x0D: // '\r'
- this.writer.write("&#xD;");
- break;
-
- default:
- this.writer.write(c);
- break;
- }
- }
-
- this.writer.write("\"");
- }
-
- /**
- * Normalizes a {@link org.w3c.dom.Comment} value
- *
- * @param currentPI
- * @throws IOException
- */
- private void outputPItoWriter(ProcessingInstruction currentPI) throws IOException {
-
- if (currentPI == null) {
- return;
- }
-
- this.writer.write("<?");
-
- String target = currentPI.getTarget();
- int length = target.length();
-
- for (int i = 0; i < length; i++) {
- char c = target.charAt(i);
-
- switch (c) {
-
- case 0x0D:
- this.writer.write("&#xD;");
- break;
-
- case ' ':
- this.writer.write("·");
- break;
-
- case '\n':
- this.writer.write("¶\n");
- break;
-
- default:
- this.writer.write(c);
- break;
- }
- }
-
- String data = currentPI.getData();
-
- length = data.length();
-
- if (length > 0) {
- this.writer.write(" ");
-
- for (int i = 0; i < length; i++) {
- char c = data.charAt(i);
-
- switch (c) {
-
- case 0x0D:
- this.writer.write("&#xD;");
- break;
-
- default:
- this.writer.write(c);
- break;
- }
- }
- }
-
- this.writer.write("?>");
- }
-
- /**
- * Method outputCommentToWriter
- *
- * @param currentComment
- * @throws IOException
- */
- private void outputCommentToWriter(Comment currentComment) throws IOException {
-
- if (currentComment == null) {
- return;
- }
-
- this.writer.write("<!--");
-
- String data = currentComment.getData();
- int length = data.length();
-
- for (int i = 0; i < length; i++) {
- char c = data.charAt(i);
-
- switch (c) {
-
- case 0x0D:
- this.writer.write("&#xD;");
- break;
-
- case ' ':
- this.writer.write("·");
- break;
-
- case '\n':
- this.writer.write("¶\n");
- break;
-
- default:
- this.writer.write(c);
- break;
- }
- }
-
- this.writer.write("-->");
- }
-
- /**
- * Method outputTextToWriter
- *
- * @param text
- * @throws IOException
- */
- private void outputTextToWriter(String text) throws IOException {
- if (text == null) {
- return;
- }
-
- int length = text.length();
-
- for (int i = 0; i < length; i++) {
- char c = text.charAt(i);
-
- switch (c) {
-
- case '&':
- this.writer.write("&amp;");
- break;
-
- case '<':
- this.writer.write("&lt;");
- break;
-
- case '>':
- this.writer.write("&gt;");
- break;
-
- case 0xD:
- this.writer.write("&#xD;");
- break;
-
- case ' ':
- this.writer.write("·");
- break;
-
- case '\n':
- this.writer.write("¶\n");
- break;
-
- default:
- this.writer.write(c);
- break;
- }
- }
- }
-}
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-XML Signature specific classes.
-</P></BODY></HTML>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id$
- */
-package org.apache.xml.security.signature.reference;
-
-/**
- * An abstract representation of the result of dereferencing a ds:Reference URI.
- */
-public interface ReferenceData { }
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id$
- */
-package org.apache.xml.security.signature.reference;
-
-import java.util.Iterator;
-
-import org.w3c.dom.Node;
-
-/**
- * An abstract representation of a <code>ReferenceData</code> type containing a node-set.
- */
-public interface ReferenceNodeSetData extends ReferenceData {
-
- /**
- * Returns a read-only iterator over the nodes contained in this
- * <code>NodeSetData</code> in
- * <a href="http://www.w3.org/TR/1999/REC-xpath-19991116#dt-document-order">
- * document order</a>. Attempts to modify the returned iterator
- * via the <code>remove</code> method throw
- * <code>UnsupportedOperationException</code>.
- *
- * @return an <code>Iterator</code> over the nodes in this
- * <code>NodeSetData</code> in document order
- */
- Iterator<Node> iterator();
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id$
- */
-package org.apache.xml.security.signature.reference;
-
-import java.io.InputStream;
-
-/**
- * A representation of a <code>ReferenceData</code> type containing an OctetStream.
- */
-public class ReferenceOctetStreamData implements ReferenceData {
- private InputStream octetStream;
- private String uri;
- private String mimeType;
-
- /**
- * Creates a new <code>ReferenceOctetStreamData</code>.
- *
- * @param octetStream the input stream containing the octets
- * @throws NullPointerException if <code>octetStream</code> is
- * <code>null</code>
- */
- public ReferenceOctetStreamData(InputStream octetStream) {
- if (octetStream == null) {
- throw new NullPointerException("octetStream is null");
- }
- this.octetStream = octetStream;
- }
-
- /**
- * Creates a new <code>ReferenceOctetStreamData</code>.
- *
- * @param octetStream the input stream containing the octets
- * @param uri the URI String identifying the data object (may be
- * <code>null</code>)
- * @param mimeType the MIME type associated with the data object (may be
- * <code>null</code>)
- * @throws NullPointerException if <code>octetStream</code> is
- * <code>null</code>
- */
- public ReferenceOctetStreamData(InputStream octetStream, String uri,
- String mimeType) {
- if (octetStream == null) {
- throw new NullPointerException("octetStream is null");
- }
- this.octetStream = octetStream;
- this.uri = uri;
- this.mimeType = mimeType;
- }
-
- /**
- * Returns the input stream of this <code>ReferenceOctetStreamData</code>.
- *
- * @return the input stream of this <code>ReferenceOctetStreamData</code>.
- */
- public InputStream getOctetStream() {
- return octetStream;
- }
-
- /**
- * Returns the URI String identifying the data object represented by this
- * <code>ReferenceOctetStreamData</code>.
- *
- * @return the URI String or <code>null</code> if not applicable
- */
- public String getURI() {
- return uri;
- }
-
- /**
- * Returns the MIME type associated with the data object represented by this
- * <code>ReferenceOctetStreamData</code>.
- *
- * @return the MIME type or <code>null</code> if not applicable
- */
- public String getMimeType() {
- return mimeType;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
- */
-/*
- * $Id$
- */
-package org.apache.xml.security.signature.reference;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.NoSuchElementException;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-
-/**
- * A representation of a <code>ReferenceNodeSetData</code> type containing a node-set.
- * This is a subtype of NodeSetData that represents a dereferenced
- * same-document URI as the root of a subdocument. The main reason is
- * for efficiency and performance, as some transforms can operate
- * directly on the subdocument and there is no need to convert it
- * first to an XPath node-set.
- */
-public class ReferenceSubTreeData implements ReferenceNodeSetData {
-
- private boolean excludeComments;
- private Node root;
-
- public ReferenceSubTreeData(Node root, boolean excludeComments) {
- this.root = root;
- this.excludeComments = excludeComments;
- }
-
- public Iterator<Node> iterator() {
- return new DelayedNodeIterator(root, excludeComments);
- }
-
- public Node getRoot() {
- return root;
- }
-
- public boolean excludeComments() {
- return excludeComments;
- }
-
- /**
- * This is an Iterator that contains a backing node-set that is
- * not populated until the caller first attempts to advance the iterator.
- */
- static class DelayedNodeIterator implements Iterator<Node> {
- private Node root;
- private List<Node> nodeSet;
- private ListIterator<Node> li;
- private boolean withComments;
-
- DelayedNodeIterator(Node root, boolean excludeComments) {
- this.root = root;
- this.withComments = !excludeComments;
- }
-
- public boolean hasNext() {
- if (nodeSet == null) {
- nodeSet = dereferenceSameDocumentURI(root);
- li = nodeSet.listIterator();
- }
- return li.hasNext();
- }
-
- public Node next() {
- if (nodeSet == null) {
- nodeSet = dereferenceSameDocumentURI(root);
- li = nodeSet.listIterator();
- }
- if (li.hasNext()) {
- return li.next();
- } else {
- throw new NoSuchElementException();
- }
- }
-
- public void remove() {
- throw new UnsupportedOperationException();
- }
-
- /**
- * Dereferences a same-document URI fragment.
- *
- * @param node the node (document or element) referenced by the
- * URI fragment. If null, returns an empty set.
- * @return a set of nodes (minus any comment nodes)
- */
- private List<Node> dereferenceSameDocumentURI(Node node) {
- List<Node> nodeSet = new ArrayList<Node>();
- if (node != null) {
- nodeSetMinusCommentNodes(node, nodeSet, null);
- }
- return nodeSet;
- }
-
- /**
- * Recursively traverses the subtree, and returns an XPath-equivalent
- * node-set of all nodes traversed, excluding any comment nodes,
- * if specified.
- *
- * @param node the node to traverse
- * @param nodeSet the set of nodes traversed so far
- * @param the previous sibling node
- */
- @SuppressWarnings("fallthrough")
- private void nodeSetMinusCommentNodes(Node node, List<Node> nodeSet,
- Node prevSibling)
- {
- switch (node.getNodeType()) {
- case Node.ELEMENT_NODE :
- NamedNodeMap attrs = node.getAttributes();
- if (attrs != null) {
- for (int i = 0, len = attrs.getLength(); i < len; i++) {
- nodeSet.add(attrs.item(i));
- }
- }
- nodeSet.add(node);
- Node pSibling = null;
- for (Node child = node.getFirstChild(); child != null;
- child = child.getNextSibling()) {
- nodeSetMinusCommentNodes(child, nodeSet, pSibling);
- pSibling = child;
- }
- break;
- case Node.DOCUMENT_NODE :
- pSibling = null;
- for (Node child = node.getFirstChild(); child != null;
- child = child.getNextSibling()) {
- nodeSetMinusCommentNodes(child, nodeSet, pSibling);
- pSibling = child;
- }
- break;
- case Node.TEXT_NODE :
- case Node.CDATA_SECTION_NODE:
- // emulate XPath which only returns the first node in
- // contiguous text/cdata nodes
- if (prevSibling != null &&
- (prevSibling.getNodeType() == Node.TEXT_NODE ||
- prevSibling.getNodeType() == Node.CDATA_SECTION_NODE)) {
- return;
- }
- nodeSet.add(node);
- break;
- case Node.PROCESSING_INSTRUCTION_NODE :
- nodeSet.add(node);
- break;
- case Node.COMMENT_NODE:
- if (withComments) {
- nodeSet.add(node);
- }
- }
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-/**
- *
- * @author Christian Geuer-Pollmann
- */
-public class InvalidTransformException extends XMLSecurityException {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor InvalidTransformException
- *
- */
- public InvalidTransformException() {
- super();
- }
-
- /**
- * Constructor InvalidTransformException
- *
- * @param msgId
- */
- public InvalidTransformException(String msgId) {
- super(msgId);
- }
-
- /**
- * Constructor InvalidTransformException
- *
- * @param msgId
- * @param exArgs
- */
- public InvalidTransformException(String msgId, Object exArgs[]) {
- super(msgId, exArgs);
- }
-
- /**
- * Constructor InvalidTransformException
- *
- * @param msgId
- * @param originalException
- */
- public InvalidTransformException(String msgId, Exception originalException) {
- super(msgId, originalException);
- }
-
- /**
- * Constructor InvalidTransformException
- *
- * @param msgId
- * @param exArgs
- * @param originalException
- */
- public InvalidTransformException(String msgId, Object exArgs[], Exception originalException) {
- super(msgId, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.Map;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.exceptions.AlgorithmAlreadyRegisteredException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.implementations.TransformBase64Decode;
-import org.apache.xml.security.transforms.implementations.TransformC14N;
-import org.apache.xml.security.transforms.implementations.TransformC14N11;
-import org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments;
-import org.apache.xml.security.transforms.implementations.TransformC14NExclusive;
-import org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments;
-import org.apache.xml.security.transforms.implementations.TransformC14NWithComments;
-import org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature;
-import org.apache.xml.security.transforms.implementations.TransformXPath;
-import org.apache.xml.security.transforms.implementations.TransformXPath2Filter;
-import org.apache.xml.security.transforms.implementations.TransformXSLT;
-import org.apache.xml.security.utils.ClassLoaderUtils;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.HelperNodeList;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-
-/**
- * Implements the behaviour of the <code>ds:Transform</code> element.
- *
- * This <code>Transform</code>(Factory) class acts as the Factory and Proxy of
- * the implementing class that supports the functionality of <a
- * href=http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg>a Transform
- * algorithm</a>.
- * Implements the Factory and Proxy pattern for ds:Transform algorithms.
- *
- * @author Christian Geuer-Pollmann
- * @see Transforms
- * @see TransformSpi
- */
-public final class Transform extends SignatureElementProxy {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(Transform.class);
-
- /** All available Transform classes are registered here */
- private static Map<String, Class<? extends TransformSpi>> transformSpiHash =
- new ConcurrentHashMap<String, Class<? extends TransformSpi>>();
-
- private final TransformSpi transformSpi;
-
- /**
- * Generates a Transform object that implements the specified
- * <code>Transform algorithm</code> URI.
- *
- * @param doc the proxy {@link Document}
- * @param algorithmURI <code>Transform algorithm</code> URI representation,
- * such as specified in
- * <a href=http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg>Transform algorithm </a>
- * @throws InvalidTransformException
- */
- public Transform(Document doc, String algorithmURI) throws InvalidTransformException {
- this(doc, algorithmURI, (NodeList)null);
- }
-
- /**
- * Generates a Transform object that implements the specified
- * <code>Transform algorithm</code> URI.
- *
- * @param algorithmURI <code>Transform algorithm</code> URI representation,
- * such as specified in
- * <a href=http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg>Transform algorithm </a>
- * @param contextChild the child element of <code>Transform</code> element
- * @param doc the proxy {@link Document}
- * @throws InvalidTransformException
- */
- public Transform(Document doc, String algorithmURI, Element contextChild)
- throws InvalidTransformException {
- super(doc);
- HelperNodeList contextNodes = null;
-
- if (contextChild != null) {
- contextNodes = new HelperNodeList();
-
- XMLUtils.addReturnToElement(doc, contextNodes);
- contextNodes.appendChild(contextChild);
- XMLUtils.addReturnToElement(doc, contextNodes);
- }
-
- transformSpi = initializeTransform(algorithmURI, contextNodes);
- }
-
- /**
- * Constructs {@link Transform}
- *
- * @param doc the {@link Document} in which <code>Transform</code> will be
- * placed
- * @param algorithmURI URI representation of <code>Transform algorithm</code>
- * @param contextNodes the child node list of <code>Transform</code> element
- * @throws InvalidTransformException
- */
- public Transform(Document doc, String algorithmURI, NodeList contextNodes)
- throws InvalidTransformException {
- super(doc);
- transformSpi = initializeTransform(algorithmURI, contextNodes);
- }
-
- /**
- * @param element <code>ds:Transform</code> element
- * @param BaseURI the URI of the resource where the XML instance was stored
- * @throws InvalidTransformException
- * @throws TransformationException
- * @throws XMLSecurityException
- */
- public Transform(Element element, String BaseURI)
- throws InvalidTransformException, TransformationException, XMLSecurityException {
- super(element, BaseURI);
-
- // retrieve Algorithm Attribute from ds:Transform
- String algorithmURI = element.getAttributeNS(null, Constants._ATT_ALGORITHM);
-
- if (algorithmURI == null || algorithmURI.length() == 0) {
- Object exArgs[] = { Constants._ATT_ALGORITHM, Constants._TAG_TRANSFORM };
- throw new TransformationException("xml.WrongContent", exArgs);
- }
-
- Class<? extends TransformSpi> transformSpiClass = transformSpiHash.get(algorithmURI);
- if (transformSpiClass == null) {
- Object exArgs[] = { algorithmURI };
- throw new InvalidTransformException("signature.Transform.UnknownTransform", exArgs);
- }
- try {
- transformSpi = transformSpiClass.newInstance();
- } catch (InstantiationException ex) {
- Object exArgs[] = { algorithmURI };
- throw new InvalidTransformException(
- "signature.Transform.UnknownTransform", exArgs, ex
- );
- } catch (IllegalAccessException ex) {
- Object exArgs[] = { algorithmURI };
- throw new InvalidTransformException(
- "signature.Transform.UnknownTransform", exArgs, ex
- );
- }
- }
-
- /**
- * Registers implementing class of the Transform algorithm with algorithmURI
- *
- * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>
- * @param implementingClass <code>implementingClass</code> the implementing
- * class of {@link TransformSpi}
- * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
- * is already registered
- */
- @SuppressWarnings("unchecked")
- public static void register(String algorithmURI, String implementingClass)
- throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
- InvalidTransformException {
- // are we already registered?
- Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
- if (transformSpi != null) {
- Object exArgs[] = { algorithmURI, transformSpi };
- throw new AlgorithmAlreadyRegisteredException("algorithm.alreadyRegistered", exArgs);
- }
- Class<? extends TransformSpi> transformSpiClass =
- (Class<? extends TransformSpi>)
- ClassLoaderUtils.loadClass(implementingClass, Transform.class);
- transformSpiHash.put(algorithmURI, transformSpiClass);
- }
-
- /**
- * Registers implementing class of the Transform algorithm with algorithmURI
- *
- * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>
- * @param implementingClass <code>implementingClass</code> the implementing
- * class of {@link TransformSpi}
- * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
- * is already registered
- */
- public static void register(String algorithmURI, Class<? extends TransformSpi> implementingClass)
- throws AlgorithmAlreadyRegisteredException {
- // are we already registered?
- Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
- if (transformSpi != null) {
- Object exArgs[] = { algorithmURI, transformSpi };
- throw new AlgorithmAlreadyRegisteredException("algorithm.alreadyRegistered", exArgs);
- }
- transformSpiHash.put(algorithmURI, implementingClass);
- }
-
- /**
- * This method registers the default algorithms.
- */
- public static void registerDefaultAlgorithms() {
- transformSpiHash.put(
- Transforms.TRANSFORM_BASE64_DECODE, TransformBase64Decode.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_C14N_OMIT_COMMENTS, TransformC14N.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_C14N_WITH_COMMENTS, TransformC14NWithComments.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_C14N11_OMIT_COMMENTS, TransformC14N11.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_C14N11_WITH_COMMENTS, TransformC14N11_WithComments.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS, TransformC14NExclusive.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_C14N_EXCL_WITH_COMMENTS, TransformC14NExclusiveWithComments.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_XPATH, TransformXPath.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_ENVELOPED_SIGNATURE, TransformEnvelopedSignature.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_XSLT, TransformXSLT.class
- );
- transformSpiHash.put(
- Transforms.TRANSFORM_XPATH2FILTER, TransformXPath2Filter.class
- );
- }
-
- /**
- * Returns the URI representation of Transformation algorithm
- *
- * @return the URI representation of Transformation algorithm
- */
- public String getURI() {
- return this.constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
- }
-
- /**
- * Transforms the input, and generates {@link XMLSignatureInput} as output.
- *
- * @param input input {@link XMLSignatureInput} which can supplied Octet
- * Stream and NodeSet as Input of Transformation
- * @return the {@link XMLSignatureInput} class as the result of
- * transformation
- * @throws CanonicalizationException
- * @throws IOException
- * @throws InvalidCanonicalizerException
- * @throws TransformationException
- */
- public XMLSignatureInput performTransform(XMLSignatureInput input)
- throws IOException, CanonicalizationException,
- InvalidCanonicalizerException, TransformationException {
- return performTransform(input, null);
- }
-
- /**
- * Transforms the input, and generates {@link XMLSignatureInput} as output.
- *
- * @param input input {@link XMLSignatureInput} which can supplied Octect
- * Stream and NodeSet as Input of Transformation
- * @param os where to output the result of the last transformation
- * @return the {@link XMLSignatureInput} class as the result of
- * transformation
- * @throws CanonicalizationException
- * @throws IOException
- * @throws InvalidCanonicalizerException
- * @throws TransformationException
- */
- public XMLSignatureInput performTransform(
- XMLSignatureInput input, OutputStream os
- ) throws IOException, CanonicalizationException,
- InvalidCanonicalizerException, TransformationException {
- XMLSignatureInput result = null;
-
- try {
- result = transformSpi.enginePerformTransform(input, os, this);
- } catch (ParserConfigurationException ex) {
- Object exArgs[] = { this.getURI(), "ParserConfigurationException" };
- throw new CanonicalizationException(
- "signature.Transform.ErrorDuringTransform", exArgs, ex);
- } catch (SAXException ex) {
- Object exArgs[] = { this.getURI(), "SAXException" };
- throw new CanonicalizationException(
- "signature.Transform.ErrorDuringTransform", exArgs, ex);
- }
-
- return result;
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_TRANSFORM;
- }
-
- /**
- * Initialize the transform object.
- */
- private TransformSpi initializeTransform(String algorithmURI, NodeList contextNodes)
- throws InvalidTransformException {
-
- this.constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM, algorithmURI);
-
- Class<? extends TransformSpi> transformSpiClass = transformSpiHash.get(algorithmURI);
- if (transformSpiClass == null) {
- Object exArgs[] = { algorithmURI };
- throw new InvalidTransformException("signature.Transform.UnknownTransform", exArgs);
- }
- TransformSpi newTransformSpi = null;
- try {
- newTransformSpi = transformSpiClass.newInstance();
- } catch (InstantiationException ex) {
- Object exArgs[] = { algorithmURI };
- throw new InvalidTransformException(
- "signature.Transform.UnknownTransform", exArgs, ex
- );
- } catch (IllegalAccessException ex) {
- Object exArgs[] = { algorithmURI };
- throw new InvalidTransformException(
- "signature.Transform.UnknownTransform", exArgs, ex
- );
- }
-
- if (log.isDebugEnabled()) {
- log.debug("Create URI \"" + algorithmURI + "\" class \""
- + newTransformSpi.getClass() + "\"");
- log.debug("The NodeList is " + contextNodes);
- }
-
- // give it to the current document
- if (contextNodes != null) {
- for (int i = 0; i < contextNodes.getLength(); i++) {
- this.constructionElement.appendChild(contextNodes.item(i).cloneNode(true));
- }
- }
- return newTransformSpi;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.xml.security.transforms;
-
-public interface TransformParam {
-}
\ No newline at end of file
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.xml.sax.SAXException;
-
-/**
- * Base class which all Transform algorithms extend. The common methods that
- * have to be overridden are the
- * {@link #enginePerformTransform(XMLSignatureInput, Transform)} method.
- *
- * @author Christian Geuer-Pollmann
- */
-public abstract class TransformSpi {
-
- /**
- * The mega method which MUST be implemented by the Transformation Algorithm.
- *
- * @param input {@link XMLSignatureInput} as the input of transformation
- * @param os where to output this transformation.
- * @param transformObject the Transform object
- * @return {@link XMLSignatureInput} as the result of transformation
- * @throws CanonicalizationException
- * @throws IOException
- * @throws InvalidCanonicalizerException
- * @throws ParserConfigurationException
- * @throws SAXException
- * @throws TransformationException
- */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws IOException, CanonicalizationException, InvalidCanonicalizerException,
- TransformationException, ParserConfigurationException, SAXException {
- throw new UnsupportedOperationException();
- }
-
- /**
- * The mega method which MUST be implemented by the Transformation Algorithm.
- * In order to be compatible with preexisting Transform implementations,
- * by default this implementation invokes the deprecated, thread-unsafe
- * methods. Subclasses should override this with a thread-safe
- * implementation.
- *
- * @param input {@link XMLSignatureInput} as the input of transformation
- * @param transformObject the Transform object
- * @return {@link XMLSignatureInput} as the result of transformation
- * @throws CanonicalizationException
- * @throws IOException
- * @throws InvalidCanonicalizerException
- * @throws ParserConfigurationException
- * @throws SAXException
- * @throws TransformationException
- */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, Transform transformObject
- ) throws IOException, CanonicalizationException, InvalidCanonicalizerException,
- TransformationException, ParserConfigurationException, SAXException {
- return enginePerformTransform(input, null, transformObject);
- }
-
- /**
- * The mega method which MUST be implemented by the Transformation Algorithm.
- * @param input {@link XMLSignatureInput} as the input of transformation
- * @return {@link XMLSignatureInput} as the result of transformation
- * @throws CanonicalizationException
- * @throws IOException
- * @throws InvalidCanonicalizerException
- * @throws ParserConfigurationException
- * @throws SAXException
- * @throws TransformationException
- */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input
- ) throws IOException, CanonicalizationException, InvalidCanonicalizerException,
- TransformationException, ParserConfigurationException, SAXException {
- return enginePerformTransform(input, null);
- }
-
- /**
- * Returns the URI representation of <code>Transformation algorithm</code>
- *
- * @return the URI representation of <code>Transformation algorithm</code>
- */
- protected abstract String engineGetURI();
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-
-/**
- *
- * @author Christian Geuer-Pollmann
- */
-public class TransformationException extends XMLSecurityException {
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * Constructor TransformationException
- *
- */
- public TransformationException() {
- super();
- }
-
- /**
- * Constructor TransformationException
- *
- * @param msgID
- */
- public TransformationException(String msgID) {
- super(msgID);
- }
-
- /**
- * Constructor TransformationException
- *
- * @param msgID
- * @param exArgs
- */
- public TransformationException(String msgID, Object exArgs[]) {
- super(msgID, exArgs);
- }
-
- /**
- * Constructor TransformationException
- *
- * @param msgID
- * @param originalException
- */
- public TransformationException(String msgID, Exception originalException) {
- super(msgID, originalException);
- }
-
- /**
- * Constructor TransformationException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- */
- public TransformationException(String msgID, Object exArgs[], Exception originalException) {
- super(msgID, exArgs, originalException);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignatureException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-/**
- * Holder of the {@link org.apache.xml.security.transforms.Transform} steps to
- * be performed on the data.
- * The input to the first Transform is the result of dereferencing the
- * <code>URI</code> attribute of the <code>Reference</code> element.
- * The output from the last Transform is the input for the
- * <code>DigestMethod algorithm</code>
- *
- * @author Christian Geuer-Pollmann
- * @see Transform
- * @see org.apache.xml.security.signature.Reference
- */
-public class Transforms extends SignatureElementProxy {
-
- /** Canonicalization - Required Canonical XML (omits comments) */
- public static final String TRANSFORM_C14N_OMIT_COMMENTS
- = Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
-
- /** Canonicalization - Recommended Canonical XML with Comments */
- public static final String TRANSFORM_C14N_WITH_COMMENTS
- = Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
-
- /** Canonicalization - Required Canonical XML 1.1 (omits comments) */
- public static final String TRANSFORM_C14N11_OMIT_COMMENTS
- = Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS;
-
- /** Canonicalization - Recommended Canonical XML 1.1 with Comments */
- public static final String TRANSFORM_C14N11_WITH_COMMENTS
- = Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS;
-
- /** Canonicalization - Required Exclusive Canonicalization (omits comments) */
- public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS
- = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
-
- /** Canonicalization - Recommended Exclusive Canonicalization with Comments */
- public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS
- = Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
-
- /** Transform - Optional XSLT */
- public static final String TRANSFORM_XSLT
- = "http://www.w3.org/TR/1999/REC-xslt-19991116";
-
- /** Transform - Required base64 decoding */
- public static final String TRANSFORM_BASE64_DECODE
- = Constants.SignatureSpecNS + "base64";
-
- /** Transform - Recommended XPath */
- public static final String TRANSFORM_XPATH
- = "http://www.w3.org/TR/1999/REC-xpath-19991116";
-
- /** Transform - Required Enveloped Signature */
- public static final String TRANSFORM_ENVELOPED_SIGNATURE
- = Constants.SignatureSpecNS + "enveloped-signature";
-
- /** Transform - XPointer */
- public static final String TRANSFORM_XPOINTER
- = "http://www.w3.org/TR/2001/WD-xptr-20010108";
-
- /** Transform - XPath Filter */
- public static final String TRANSFORM_XPATH2FILTER
- = "http://www.w3.org/2002/06/xmldsig-filter2";
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(Transforms.class);
-
- private Element[] transforms;
-
- protected Transforms() { };
-
- private boolean secureValidation;
-
- /**
- * Constructs {@link Transforms}.
- *
- * @param doc the {@link Document} in which <code>XMLSignature</code> will
- * be placed
- */
- public Transforms(Document doc) {
- super(doc);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Constructs {@link Transforms} from {@link Element} which is
- * <code>Transforms</code> Element
- *
- * @param element is <code>Transforms</code> element
- * @param BaseURI the URI where the XML instance was stored
- * @throws DOMException
- * @throws InvalidTransformException
- * @throws TransformationException
- * @throws XMLSecurityException
- * @throws XMLSignatureException
- */
- public Transforms(Element element, String BaseURI)
- throws DOMException, XMLSignatureException, InvalidTransformException,
- TransformationException, XMLSecurityException {
- super(element, BaseURI);
-
- int numberOfTransformElems = this.getLength();
-
- if (numberOfTransformElems == 0) {
- // At least one Transform element must be present. Bad.
- Object exArgs[] = { Constants._TAG_TRANSFORM, Constants._TAG_TRANSFORMS };
-
- throw new TransformationException("xml.WrongContent", exArgs);
- }
- }
-
- /**
- * Set whether secure validation is enabled or not. The default is false.
- */
- public void setSecureValidation(boolean secureValidation) {
- this.secureValidation = secureValidation;
- }
-
- /**
- * Adds the <code>Transform</code> with the specified <code>Transform
- * algorithm URI</code>
- *
- * @param transformURI the URI form of transform that indicates which
- * transformation is applied to data
- * @throws TransformationException
- */
- public void addTransform(String transformURI) throws TransformationException {
- try {
- if (log.isDebugEnabled()) {
- log.debug("Transforms.addTransform(" + transformURI + ")");
- }
-
- Transform transform = new Transform(this.doc, transformURI);
-
- this.addTransform(transform);
- } catch (InvalidTransformException ex) {
- throw new TransformationException("empty", ex);
- }
- }
-
- /**
- * Adds the <code>Transform</code> with the specified <code>Transform
- * algorithm URI</code>
- *
- * @param transformURI the URI form of transform that indicates which
- * transformation is applied to data
- * @param contextElement
- * @throws TransformationException
- */
- public void addTransform(String transformURI, Element contextElement)
- throws TransformationException {
- try {
- if (log.isDebugEnabled()) {
- log.debug("Transforms.addTransform(" + transformURI + ")");
- }
-
- Transform transform = new Transform(this.doc, transformURI, contextElement);
-
- this.addTransform(transform);
- } catch (InvalidTransformException ex) {
- throw new TransformationException("empty", ex);
- }
- }
-
- /**
- * Adds the <code>Transform</code> with the specified <code>Transform
- * algorithm URI</code>.
- *
- * @param transformURI the URI form of transform that indicates which
- * transformation is applied to data
- * @param contextNodes
- * @throws TransformationException
- */
- public void addTransform(String transformURI, NodeList contextNodes)
- throws TransformationException {
-
- try {
- Transform transform = new Transform(this.doc, transformURI, contextNodes);
- this.addTransform(transform);
- } catch (InvalidTransformException ex) {
- throw new TransformationException("empty", ex);
- }
- }
-
- /**
- * Adds a user-provided Transform step.
- *
- * @param transform {@link Transform} object
- */
- private void addTransform(Transform transform) {
- if (log.isDebugEnabled()) {
- log.debug("Transforms.addTransform(" + transform.getURI() + ")");
- }
-
- Element transformElement = transform.getElement();
-
- this.constructionElement.appendChild(transformElement);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Applies all included <code>Transform</code>s to xmlSignatureInput and
- * returns the result of these transformations.
- *
- * @param xmlSignatureInput the input for the <code>Transform</code>s
- * @return the result of the <code>Transforms</code>
- * @throws TransformationException
- */
- public XMLSignatureInput performTransforms(
- XMLSignatureInput xmlSignatureInput
- ) throws TransformationException {
- return performTransforms(xmlSignatureInput, null);
- }
-
- /**
- * Applies all included <code>Transform</code>s to xmlSignatureInput and
- * returns the result of these transformations.
- *
- * @param xmlSignatureInput the input for the <code>Transform</code>s
- * @param os where to output the last transformation.
- * @return the result of the <code>Transforms</code>
- * @throws TransformationException
- */
- public XMLSignatureInput performTransforms(
- XMLSignatureInput xmlSignatureInput, OutputStream os
- ) throws TransformationException {
- try {
- int last = this.getLength() - 1;
- for (int i = 0; i < last; i++) {
- Transform t = this.item(i);
- String uri = t.getURI();
- if (log.isDebugEnabled()) {
- log.debug("Perform the (" + i + ")th " + uri + " transform");
- }
- checkSecureValidation(t);
- xmlSignatureInput = t.performTransform(xmlSignatureInput);
- }
- if (last >= 0) {
- Transform t = this.item(last);
- checkSecureValidation(t);
- xmlSignatureInput = t.performTransform(xmlSignatureInput, os);
- }
-
- return xmlSignatureInput;
- } catch (IOException ex) {
- throw new TransformationException("empty", ex);
- } catch (CanonicalizationException ex) {
- throw new TransformationException("empty", ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new TransformationException("empty", ex);
- }
- }
-
- private void checkSecureValidation(Transform transform) throws TransformationException {
- String uri = transform.getURI();
- if (secureValidation && Transforms.TRANSFORM_XSLT.equals(uri)) {
- Object exArgs[] = { uri };
-
- throw new TransformationException(
- "signature.Transform.ForbiddenTransform", exArgs
- );
- }
- }
-
- /**
- * Return the nonnegative number of transformations.
- *
- * @return the number of transformations
- */
- public int getLength() {
- if (transforms == null) {
- transforms =
- XMLUtils.selectDsNodes(this.constructionElement.getFirstChild(), "Transform");
- }
- return transforms.length;
- }
-
- /**
- * Return the <it>i</it><sup>th</sup> <code>{@link Transform}</code>.
- * Valid <code>i</code> values are 0 to <code>{@link #getLength}-1</code>.
- *
- * @param i index of {@link Transform} to return
- * @return the <it>i</it><sup>th</sup> Transform
- * @throws TransformationException
- */
- public Transform item(int i) throws TransformationException {
- try {
- if (transforms == null) {
- transforms =
- XMLUtils.selectDsNodes(this.constructionElement.getFirstChild(), "Transform");
- }
- return new Transform(transforms[i], this.baseURI);
- } catch (XMLSecurityException ex) {
- throw new TransformationException("empty", ex);
- }
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_TRANSFORMS;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import javax.xml.transform.TransformerException;
-
-import org.apache.xml.dtm.DTM;
-import org.apache.xml.security.utils.I18n;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xpath.NodeSetDTM;
-import org.apache.xpath.XPathContext;
-import org.apache.xpath.functions.Function;
-import org.apache.xpath.objects.XNodeSet;
-import org.apache.xpath.objects.XObject;
-import org.apache.xpath.res.XPATHErrorResources;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-
-/**
- * The 'here()' function returns a node-set containing the attribute or
- * processing instruction node or the parent element of the text node
- * that directly bears the XPath expression. This expression results
- * in an error if the containing XPath expression does not appear in the
- * same XML document against which the XPath expression is being evaluated.
- *
- * Mainpart is stolen from FuncId.java
- *
- * This does crash under Xalan2.2.D7 and works under Xalan2.2.D9
- *
- * To get this baby to work, a special trick has to be used. The function needs
- * access to the Node where the XPath expression has been defined. This is done
- * by constructing a {@link FuncHere} which has this Node as 'owner'.
- *
- * @see "http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#function-here"
- */
-public class FuncHere extends Function {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * The here function returns a node-set containing the attribute or
- * processing instruction node or the parent element of the text node
- * that directly bears the XPath expression. This expression results
- * in an error if the containing XPath expression does not appear in the
- * same XML document against which the XPath expression is being evaluated.
- *
- * @param xctxt
- * @return the xobject
- * @throws javax.xml.transform.TransformerException
- */
- public XObject execute(XPathContext xctxt)
- throws javax.xml.transform.TransformerException {
-
- Node xpathOwnerNode = (Node) xctxt.getOwnerObject();
-
- if (xpathOwnerNode == null) {
- return null;
- }
-
- int xpathOwnerNodeDTM = xctxt.getDTMHandleFromNode(xpathOwnerNode);
-
- int currentNode = xctxt.getCurrentNode();
- DTM dtm = xctxt.getDTM(currentNode);
- int docContext = dtm.getDocument();
-
- if (DTM.NULL == docContext) {
- error(xctxt, XPATHErrorResources.ER_CONTEXT_HAS_NO_OWNERDOC, null);
- }
-
- {
- // check whether currentNode and the node containing the XPath expression
- // are in the same document
- Document currentDoc =
- XMLUtils.getOwnerDocument(dtm.getNode(currentNode));
- Document xpathOwnerDoc = XMLUtils.getOwnerDocument(xpathOwnerNode);
-
- if (currentDoc != xpathOwnerDoc) {
- throw new TransformerException(I18n.translate("xpath.funcHere.documentsDiffer"));
- }
- }
-
- XNodeSet nodes = new XNodeSet(xctxt.getDTMManager());
- NodeSetDTM nodeSet = nodes.mutableNodeset();
-
- {
- int hereNode = DTM.NULL;
-
- switch (dtm.getNodeType(xpathOwnerNodeDTM)) {
-
- case Node.ATTRIBUTE_NODE :
- case Node.PROCESSING_INSTRUCTION_NODE : {
- // returns a node-set containing the attribute / processing instruction node
- hereNode = xpathOwnerNodeDTM;
-
- nodeSet.addNode(hereNode);
-
- break;
- }
- case Node.TEXT_NODE : {
- // returns a node-set containing the parent element of the
- // text node that directly bears the XPath expression
- hereNode = dtm.getParent(xpathOwnerNodeDTM);
-
- nodeSet.addNode(hereNode);
-
- break;
- }
- default :
- break;
- }
- }
-
- /** $todo$ Do I have to do this detach() call? */
- nodeSet.detach();
-
- return nodes;
- }
-
- /**
- * No arguments to process, so this does nothing.
- * @param vars
- * @param globalsSize
- */
- public void fixupVariables(java.util.Vector vars, int globalsSize) {
- // do nothing
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Base64;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.Text;
-import org.xml.sax.SAXException;
-
-/**
- * Implements the <CODE>http://www.w3.org/2000/09/xmldsig#base64</CODE> decoding
- * transform.
- *
- * <p>The normative specification for base64 decoding transforms is
- * <A HREF="http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/#ref-MIME">[MIME]</A>.
- * The base64 Transform element has no content. The input
- * is decoded by the algorithms. This transform is useful if an
- * application needs to sign the raw data associated with the encoded
- * content of an element. </p>
- *
- * <p>This transform requires an octet stream for input.
- * If an XPath node-set (or sufficiently functional alternative) is
- * given as input, then it is converted to an octet stream by
- * performing operations logically equivalent to 1) applying an XPath
- * transform with expression self::text(), then 2) taking the string-value
- * of the node-set. Thus, if an XML element is identified by a barename
- * XPointer in the Reference URI, and its content consists solely of base64
- * encoded character data, then this transform automatically strips away the
- * start and end tags of the identified element and any of its descendant
- * elements as well as any descendant comments and processing instructions.
- * The output of this transform is an octet stream.</p>
- *
- * @author Christian Geuer-Pollmann
- * @see org.apache.xml.security.utils.Base64
- */
-public class TransformBase64Decode extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_BASE64_DECODE;
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return TransformBase64Decode.implementedTransformURI;
- }
-
- /**
- * Method enginePerformTransform
- *
- * @param input
- * @return {@link XMLSignatureInput} as the result of transformation
- * @inheritDoc
- * @throws CanonicalizationException
- * @throws IOException
- * @throws TransformationException
- */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, Transform transformObject
- ) throws IOException, CanonicalizationException, TransformationException {
- return enginePerformTransform(input, null, transformObject);
- }
-
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws IOException, CanonicalizationException, TransformationException {
- try {
- if (input.isElement()) {
- Node el = input.getSubNode();
- if (input.getSubNode().getNodeType() == Node.TEXT_NODE) {
- el = el.getParentNode();
- }
- StringBuilder sb = new StringBuilder();
- traverseElement((Element)el, sb);
- if (os == null) {
- byte[] decodedBytes = Base64.decode(sb.toString());
- return new XMLSignatureInput(decodedBytes);
- }
- Base64.decode(sb.toString(), os);
- XMLSignatureInput output = new XMLSignatureInput((byte[])null);
- output.setOutputStream(os);
- return output;
- }
-
- if (input.isOctetStream() || input.isNodeSet()) {
- if (os == null) {
- byte[] base64Bytes = input.getBytes();
- byte[] decodedBytes = Base64.decode(base64Bytes);
- return new XMLSignatureInput(decodedBytes);
- }
- if (input.isByteArray() || input.isNodeSet()) {
- Base64.decode(input.getBytes(), os);
- } else {
- Base64.decode(new BufferedInputStream(input.getOctetStreamReal()), os);
- }
- XMLSignatureInput output = new XMLSignatureInput((byte[])null);
- output.setOutputStream(os);
- return output;
- }
-
- try {
- //Exceptional case there is current not text case testing this(Before it was a
- //a common case).
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- Document doc =
- dbf.newDocumentBuilder().parse(input.getOctetStream());
-
- Element rootNode = doc.getDocumentElement();
- StringBuilder sb = new StringBuilder();
- traverseElement(rootNode, sb);
- byte[] decodedBytes = Base64.decode(sb.toString());
- return new XMLSignatureInput(decodedBytes);
- } catch (ParserConfigurationException e) {
- throw new TransformationException("c14n.Canonicalizer.Exception",e);
- } catch (SAXException e) {
- throw new TransformationException("SAX exception", e);
- }
- } catch (Base64DecodingException e) {
- throw new TransformationException("Base64Decoding", e);
- }
- }
-
- void traverseElement(org.w3c.dom.Element node, StringBuilder sb) {
- Node sibling = node.getFirstChild();
- while (sibling != null) {
- switch (sibling.getNodeType()) {
- case Node.ELEMENT_NODE:
- traverseElement((Element)sibling, sb);
- break;
- case Node.TEXT_NODE:
- sb.append(((Text)sibling).getData());
- }
- sibling = sibling.getNextSibling();
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.Transforms;
-
-/**
- * Implements the <CODE>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</CODE>
- * transform.
- *
- * @author Christian Geuer-Pollmann
- */
-public class TransformC14N extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_C14N_OMIT_COMMENTS;
-
- /**
- * @inheritDoc
- */
- protected String engineGetURI() {
- return TransformC14N.implementedTransformURI;
- }
-
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws CanonicalizationException {
- Canonicalizer20010315OmitComments c14n = new Canonicalizer20010315OmitComments();
- if (os != null) {
- c14n.setWriter(os);
- }
- byte[] result = null;
- result = c14n.engineCanonicalize(input);
- XMLSignatureInput output = new XMLSignatureInput(result);
- if (os != null) {
- output.setOutputStream(os);
- }
- return output;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.Transforms;
-
-/**
- * Implements the <CODE>http://www.w3.org/2006/12/xml-c14n11</CODE>
- * (C14N 1.1) transform.
- *
- * @author Sean Mullan
- */
-public class TransformC14N11 extends TransformSpi {
-
- protected String engineGetURI() {
- return Transforms.TRANSFORM_C14N11_OMIT_COMMENTS;
- }
-
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transform
- ) throws CanonicalizationException {
- Canonicalizer11_OmitComments c14n = new Canonicalizer11_OmitComments();
- if (os != null) {
- c14n.setWriter(os);
- }
- byte[] result = null;
- result = c14n.engineCanonicalize(input);
- XMLSignatureInput output = new XMLSignatureInput(result);
- if (os != null) {
- output.setOutputStream(os);
- }
- return output;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.Transforms;
-
-/**
- * Implements the <CODE>http://www.w3.org/2006/12/xml-c14n-11#WithComments</CODE>
- * (C14N 1.1 With Comments) transform.
- *
- * @author Sean Mullan
- */
-public class TransformC14N11_WithComments extends TransformSpi {
-
- protected String engineGetURI() {
- return Transforms.TRANSFORM_C14N11_WITH_COMMENTS;
- }
-
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transform
- ) throws CanonicalizationException {
-
- Canonicalizer11_WithComments c14n = new Canonicalizer11_WithComments();
- if (os != null) {
- c14n.setWriter(os);
- }
-
- byte[] result = null;
- result = c14n.engineCanonicalize(input);
- XMLSignatureInput output = new XMLSignatureInput(result);
- if (os != null) {
- output.setOutputStream(os);
- }
- return output;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.transforms.params.InclusiveNamespaces;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * Class TransformC14NExclusive
- *
- */
-public class TransformC14NExclusive extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return implementedTransformURI;
- }
-
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws CanonicalizationException {
- try {
- String inclusiveNamespaces = null;
-
- if (transformObject.length(
- InclusiveNamespaces.ExclusiveCanonicalizationNamespace,
- InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES) == 1
- ) {
- Element inclusiveElement =
- XMLUtils.selectNode(
- transformObject.getElement().getFirstChild(),
- InclusiveNamespaces.ExclusiveCanonicalizationNamespace,
- InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES,
- 0
- );
-
- inclusiveNamespaces =
- new InclusiveNamespaces(
- inclusiveElement, transformObject.getBaseURI()).getInclusiveNamespaces();
- }
-
- Canonicalizer20010315ExclOmitComments c14n =
- new Canonicalizer20010315ExclOmitComments();
- if (os != null) {
- c14n.setWriter(os);
- }
- byte[] result = c14n.engineCanonicalize(input, inclusiveNamespaces);
-
- XMLSignatureInput output = new XMLSignatureInput(result);
- if (os != null) {
- output.setOutputStream(os);
- }
- return output;
- } catch (XMLSecurityException ex) {
- throw new CanonicalizationException("empty", ex);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.transforms.params.InclusiveNamespaces;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * Implements the <CODE>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</CODE>
- * transform.
- *
- * @author Christian Geuer-Pollmann
- */
-public class TransformC14NExclusiveWithComments extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_C14N_EXCL_WITH_COMMENTS;
-
- /**
- * Method engineGetURI
- *@inheritDoc
- *
- */
- protected String engineGetURI() {
- return implementedTransformURI;
- }
-
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws CanonicalizationException {
- try {
- String inclusiveNamespaces = null;
-
- if (transformObject.length(
- InclusiveNamespaces.ExclusiveCanonicalizationNamespace,
- InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES) == 1
- ) {
- Element inclusiveElement =
- XMLUtils.selectNode(
- transformObject.getElement().getFirstChild(),
- InclusiveNamespaces.ExclusiveCanonicalizationNamespace,
- InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES,
- 0
- );
-
- inclusiveNamespaces =
- new InclusiveNamespaces(
- inclusiveElement, transformObject.getBaseURI()
- ).getInclusiveNamespaces();
- }
-
- Canonicalizer20010315ExclWithComments c14n =
- new Canonicalizer20010315ExclWithComments();
- if (os != null) {
- c14n.setWriter(os);
- }
- byte[] result = c14n.engineCanonicalize(input, inclusiveNamespaces);
- XMLSignatureInput output = new XMLSignatureInput(result);
-
- return output;
- } catch (XMLSecurityException ex) {
- throw new CanonicalizationException("empty", ex);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.Transforms;
-
-/**
- * Implements the <CODE>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments</CODE>
- * transform.
- *
- * @author Christian Geuer-Pollmann
- */
-public class TransformC14NWithComments extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_C14N_WITH_COMMENTS;
-
- /** @inheritDoc */
- protected String engineGetURI() {
- return implementedTransformURI;
- }
-
- /** @inheritDoc */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws CanonicalizationException {
-
- Canonicalizer20010315WithComments c14n = new Canonicalizer20010315WithComments();
- if (os != null) {
- c14n.setWriter(os);
- }
-
- byte[] result = null;
- result = c14n.engineCanonicalize(input);
- XMLSignatureInput output = new XMLSignatureInput(result);
- if (os != null) {
- output.setOutputStream(os);
- }
- return output;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import org.apache.xml.security.signature.NodeFilter;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * Implements the <CODE>http://www.w3.org/2000/09/xmldsig#enveloped-signature</CODE>
- * transform.
- *
- * @author Christian Geuer-Pollmann
- */
-public class TransformEnvelopedSignature extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_ENVELOPED_SIGNATURE;
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return implementedTransformURI;
- }
-
- /**
- * @inheritDoc
- */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws TransformationException {
- /**
- * If the actual input is an octet stream, then the application MUST
- * convert the octet stream to an XPath node-set suitable for use by
- * Canonical XML with Comments. (A subsequent application of the
- * REQUIRED Canonical XML algorithm would strip away these comments.)
- *
- * ...
- *
- * The evaluation of this expression includes all of the document's nodes
- * (including comments) in the node-set representing the octet stream.
- */
-
- Node signatureElement = transformObject.getElement();
-
- signatureElement = searchSignatureElement(signatureElement);
- input.setExcludeNode(signatureElement);
- input.addNodeFilter(new EnvelopedNodeFilter(signatureElement));
- return input;
- }
-
- /**
- * @param signatureElement
- * @return the node that is the signature
- * @throws TransformationException
- */
- private static Node searchSignatureElement(Node signatureElement)
- throws TransformationException {
- boolean found = false;
-
- while (true) {
- if (signatureElement == null
- || signatureElement.getNodeType() == Node.DOCUMENT_NODE) {
- break;
- }
- Element el = (Element) signatureElement;
- if (el.getNamespaceURI().equals(Constants.SignatureSpecNS)
- && el.getLocalName().equals(Constants._TAG_SIGNATURE)) {
- found = true;
- break;
- }
-
- signatureElement = signatureElement.getParentNode();
- }
-
- if (!found) {
- throw new TransformationException(
- "transform.envelopedSignatureTransformNotInSignatureElement");
- }
- return signatureElement;
- }
-
- static class EnvelopedNodeFilter implements NodeFilter {
-
- Node exclude;
-
- EnvelopedNodeFilter(Node n) {
- exclude = n;
- }
-
- public int isNodeIncludeDO(Node n, int level) {
- if (n == exclude) {
- return -1;
- }
- return 1;
- }
-
- /**
- * @see org.apache.xml.security.signature.NodeFilter#isNodeInclude(org.w3c.dom.Node)
- */
- public int isNodeInclude(Node n) {
- if (n == exclude || XMLUtils.isDescendantOrSelf(exclude, n)) {
- return -1;
- }
- return 1;
- //return !XMLUtils.isDescendantOrSelf(exclude,n);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import javax.xml.transform.TransformerException;
-
-import org.apache.xml.security.exceptions.XMLSecurityRuntimeException;
-import org.apache.xml.security.signature.NodeFilter;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.XPathAPI;
-import org.apache.xml.security.utils.XPathFactory;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * Class TransformXPath
- *
- * Implements the <CODE>http://www.w3.org/TR/1999/REC-xpath-19991116</CODE>
- * transform.
- *
- * @author Christian Geuer-Pollmann
- * @see <a href="http://www.w3.org/TR/1999/REC-xpath-19991116">XPath</a>
- *
- */
-public class TransformXPath extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI = Transforms.TRANSFORM_XPATH;
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return implementedTransformURI;
- }
-
- /**
- * Method enginePerformTransform
- * @inheritDoc
- * @param input
- *
- * @throws TransformationException
- */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws TransformationException {
- try {
- /**
- * If the actual input is an octet stream, then the application MUST
- * convert the octet stream to an XPath node-set suitable for use by
- * Canonical XML with Comments. (A subsequent application of the
- * REQUIRED Canonical XML algorithm would strip away these comments.)
- *
- * ...
- *
- * The evaluation of this expression includes all of the document's nodes
- * (including comments) in the node-set representing the octet stream.
- */
- Element xpathElement =
- XMLUtils.selectDsNode(
- transformObject.getElement().getFirstChild(), Constants._TAG_XPATH, 0);
-
- if (xpathElement == null) {
- Object exArgs[] = { "ds:XPath", "Transform" };
-
- throw new TransformationException("xml.WrongContent", exArgs);
- }
- Node xpathnode = xpathElement.getChildNodes().item(0);
- String str = XMLUtils.getStrFromNode(xpathnode);
- input.setNeedsToBeExpanded(needsCircumvent(str));
- if (xpathnode == null) {
- throw new DOMException(
- DOMException.HIERARCHY_REQUEST_ERR, "Text must be in ds:Xpath"
- );
- }
-
- XPathFactory xpathFactory = XPathFactory.newInstance();
- XPathAPI xpathAPIInstance = xpathFactory.newXPathAPI();
- input.addNodeFilter(new XPathNodeFilter(xpathElement, xpathnode, str, xpathAPIInstance));
- input.setNodeSet(true);
- return input;
- } catch (DOMException ex) {
- throw new TransformationException("empty", ex);
- }
- }
-
- /**
- * @param str
- * @return true if needs to be circumvent for bug.
- */
- private boolean needsCircumvent(String str) {
- return (str.indexOf("namespace") != -1) || (str.indexOf("name()") != -1);
- }
-
- static class XPathNodeFilter implements NodeFilter {
-
- XPathAPI xPathAPI;
- Node xpathnode;
- Element xpathElement;
- String str;
-
- XPathNodeFilter(Element xpathElement, Node xpathnode, String str, XPathAPI xPathAPI) {
- this.xpathnode = xpathnode;
- this.str = str;
- this.xpathElement = xpathElement;
- this.xPathAPI = xPathAPI;
- }
-
- /**
- * @see org.apache.xml.security.signature.NodeFilter#isNodeInclude(org.w3c.dom.Node)
- */
- public int isNodeInclude(Node currentNode) {
- try {
- boolean include = xPathAPI.evaluate(currentNode, xpathnode, str, xpathElement);
- if (include) {
- return 1;
- }
- return 0;
- } catch (TransformerException e) {
- Object[] eArgs = {currentNode};
- throw new XMLSecurityRuntimeException("signature.Transform.node", eArgs, e);
- } catch (Exception e) {
- Object[] eArgs = {currentNode, Short.valueOf(currentNode.getNodeType())};
- throw new XMLSecurityRuntimeException("signature.Transform.nodeAndType",eArgs, e);
- }
- }
-
- public int isNodeIncludeDO(Node n, int level) {
- return isNodeInclude(n);
- }
-
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.NodeFilter;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.transforms.params.XPath2FilterContainer;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.XPathAPI;
-import org.apache.xml.security.utils.XPathFactory;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-
-/**
- * Implements the <I>XML Signature XPath Filter v2.0</I>
- *
- * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
- */
-public class TransformXPath2Filter extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_XPATH2FILTER;
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return implementedTransformURI;
- }
-
- /**
- * Method enginePerformTransform
- * @inheritDoc
- * @param input
- *
- * @throws TransformationException
- */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws TransformationException {
- try {
- List<NodeList> unionNodes = new ArrayList<NodeList>();
- List<NodeList> subtractNodes = new ArrayList<NodeList>();
- List<NodeList> intersectNodes = new ArrayList<NodeList>();
-
- Element[] xpathElements =
- XMLUtils.selectNodes(
- transformObject.getElement().getFirstChild(),
- XPath2FilterContainer.XPathFilter2NS,
- XPath2FilterContainer._TAG_XPATH2
- );
- if (xpathElements.length == 0) {
- Object exArgs[] = { Transforms.TRANSFORM_XPATH2FILTER, "XPath" };
-
- throw new TransformationException("xml.WrongContent", exArgs);
- }
-
- Document inputDoc = null;
- if (input.getSubNode() != null) {
- inputDoc = XMLUtils.getOwnerDocument(input.getSubNode());
- } else {
- inputDoc = XMLUtils.getOwnerDocument(input.getNodeSet());
- }
-
- for (int i = 0; i < xpathElements.length; i++) {
- Element xpathElement = xpathElements[i];
-
- XPath2FilterContainer xpathContainer =
- XPath2FilterContainer.newInstance(xpathElement, input.getSourceURI());
-
- String str =
- XMLUtils.getStrFromNode(xpathContainer.getXPathFilterTextNode());
-
- XPathFactory xpathFactory = XPathFactory.newInstance();
- XPathAPI xpathAPIInstance = xpathFactory.newXPathAPI();
-
- NodeList subtreeRoots =
- xpathAPIInstance.selectNodeList(
- inputDoc,
- xpathContainer.getXPathFilterTextNode(),
- str,
- xpathContainer.getElement());
- if (xpathContainer.isIntersect()) {
- intersectNodes.add(subtreeRoots);
- } else if (xpathContainer.isSubtract()) {
- subtractNodes.add(subtreeRoots);
- } else if (xpathContainer.isUnion()) {
- unionNodes.add(subtreeRoots);
- }
- }
-
- input.addNodeFilter(
- new XPath2NodeFilter(unionNodes, subtractNodes, intersectNodes)
- );
- input.setNodeSet(true);
- return input;
- } catch (TransformerException ex) {
- throw new TransformationException("empty", ex);
- } catch (DOMException ex) {
- throw new TransformationException("empty", ex);
- } catch (CanonicalizationException ex) {
- throw new TransformationException("empty", ex);
- } catch (InvalidCanonicalizerException ex) {
- throw new TransformationException("empty", ex);
- } catch (XMLSecurityException ex) {
- throw new TransformationException("empty", ex);
- } catch (SAXException ex) {
- throw new TransformationException("empty", ex);
- } catch (IOException ex) {
- throw new TransformationException("empty", ex);
- } catch (ParserConfigurationException ex) {
- throw new TransformationException("empty", ex);
- }
- }
-}
-
-class XPath2NodeFilter implements NodeFilter {
-
- boolean hasUnionFilter;
- boolean hasSubtractFilter;
- boolean hasIntersectFilter;
- Set<Node> unionNodes;
- Set<Node> subtractNodes;
- Set<Node> intersectNodes;
- int inSubtract = -1;
- int inIntersect = -1;
- int inUnion = -1;
-
- XPath2NodeFilter(List<NodeList> unionNodes, List<NodeList> subtractNodes,
- List<NodeList> intersectNodes) {
- hasUnionFilter = !unionNodes.isEmpty();
- this.unionNodes = convertNodeListToSet(unionNodes);
- hasSubtractFilter = !subtractNodes.isEmpty();
- this.subtractNodes = convertNodeListToSet(subtractNodes);
- hasIntersectFilter = !intersectNodes.isEmpty();
- this.intersectNodes = convertNodeListToSet(intersectNodes);
- }
-
- /**
- * @see org.apache.xml.security.signature.NodeFilter#isNodeInclude(org.w3c.dom.Node)
- */
- public int isNodeInclude(Node currentNode) {
- int result = 1;
-
- if (hasSubtractFilter && rooted(currentNode, subtractNodes)) {
- result = -1;
- } else if (hasIntersectFilter && !rooted(currentNode, intersectNodes)) {
- result = 0;
- }
-
- //TODO OPTIMIZE
- if (result == 1) {
- return 1;
- }
- if (hasUnionFilter) {
- if (rooted(currentNode, unionNodes)) {
- return 1;
- }
- result = 0;
- }
- return result;
- }
-
- public int isNodeIncludeDO(Node n, int level) {
- int result = 1;
- if (hasSubtractFilter) {
- if ((inSubtract == -1) || (level <= inSubtract)) {
- if (inList(n, subtractNodes)) {
- inSubtract = level;
- } else {
- inSubtract = -1;
- }
- }
- if (inSubtract != -1){
- result = -1;
- }
- }
- if (result != -1 && hasIntersectFilter
- && ((inIntersect == -1) || (level <= inIntersect))) {
- if (!inList(n, intersectNodes)) {
- inIntersect = -1;
- result = 0;
- } else {
- inIntersect = level;
- }
- }
-
- if (level <= inUnion) {
- inUnion = -1;
- }
- if (result == 1) {
- return 1;
- }
- if (hasUnionFilter) {
- if ((inUnion == -1) && inList(n, unionNodes)) {
- inUnion = level;
- }
- if (inUnion != -1) {
- return 1;
- }
- result=0;
- }
-
- return result;
- }
-
- /**
- * Method rooted
- * @param currentNode
- * @param nodeList
- *
- * @return if rooted bye the rootnodes
- */
- static boolean rooted(Node currentNode, Set<Node> nodeList) {
- if (nodeList.isEmpty()) {
- return false;
- }
- if (nodeList.contains(currentNode)) {
- return true;
- }
- for (Node rootNode : nodeList) {
- if (XMLUtils.isDescendantOrSelf(rootNode, currentNode)) {
- return true;
- }
- }
- return false;
- }
-
- /**
- * Method rooted
- * @param currentNode
- * @param nodeList
- *
- * @return if rooted bye the rootnodes
- */
- static boolean inList(Node currentNode, Set<Node> nodeList) {
- return nodeList.contains(currentNode);
- }
-
- private static Set<Node> convertNodeListToSet(List<NodeList> l) {
- Set<Node> result = new HashSet<Node>();
- for (NodeList rootNodes : l) {
- int length = rootNodes.getLength();
-
- for (int i = 0; i < length; i++) {
- Node rootNode = rootNodes.item(i);
- result.add(rootNode);
- }
- }
- return result;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.OutputStream;
-
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
-
-/**
- * Class TransformXPointer
- *
- * @author Christian Geuer-Pollmann
- */
-public class TransformXPointer extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_XPOINTER;
-
-
- /** @inheritDoc */
- protected String engineGetURI() {
- return implementedTransformURI;
- }
-
- /**
- * Method enginePerformTransform
- *
- * @param input
- * @return {@link XMLSignatureInput} as the result of transformation
- * @throws TransformationException
- */
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream os, Transform transformObject
- ) throws TransformationException {
-
- Object exArgs[] = { implementedTransformURI };
-
- throw new TransformationException("signature.Transform.NotYetImplemented", exArgs);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.implementations;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.xml.XMLConstants;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.transform.stream.StreamSource;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.TransformSpi;
-import org.apache.xml.security.transforms.TransformationException;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Element;
-
-/**
- * Class TransformXSLT
- *
- * Implements the <CODE>http://www.w3.org/TR/1999/REC-xslt-19991116</CODE>
- * transform.
- *
- * @author Christian Geuer-Pollmann
- */
-public class TransformXSLT extends TransformSpi {
-
- /** Field implementedTransformURI */
- public static final String implementedTransformURI =
- Transforms.TRANSFORM_XSLT;
-
- static final String XSLTSpecNS = "http://www.w3.org/1999/XSL/Transform";
- static final String defaultXSLTSpecNSprefix = "xslt";
- static final String XSLTSTYLESHEET = "stylesheet";
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(TransformXSLT.class);
-
- /**
- * Method engineGetURI
- *
- * @inheritDoc
- */
- protected String engineGetURI() {
- return implementedTransformURI;
- }
-
- protected XMLSignatureInput enginePerformTransform(
- XMLSignatureInput input, OutputStream baos, Transform transformObject
- ) throws IOException, TransformationException {
- try {
- Element transformElement = transformObject.getElement();
-
- Element xsltElement =
- XMLUtils.selectNode(transformElement.getFirstChild(), XSLTSpecNS, "stylesheet", 0);
-
- if (xsltElement == null) {
- Object exArgs[] = { "xslt:stylesheet", "Transform" };
-
- throw new TransformationException("xml.WrongContent", exArgs);
- }
-
- TransformerFactory tFactory = TransformerFactory.newInstance();
- // Process XSLT stylesheets in a secure manner
- tFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
- /*
- * This transform requires an octet stream as input. If the actual
- * input is an XPath node-set, then the signature application should
- * attempt to convert it to octets (apply Canonical XML]) as described
- * in the Reference Processing Model (section 4.3.3.2).
- */
- Source xmlSource =
- new StreamSource(new ByteArrayInputStream(input.getBytes()));
- Source stylesheet;
-
- /*
- * This complicated transformation of the stylesheet itself is necessary
- * because of the need to get the pure style sheet. If we simply say
- * Source stylesheet = new DOMSource(this.xsltElement);
- * whereby this.xsltElement is not the rootElement of the Document,
- * this causes problems;
- * so we convert the stylesheet to byte[] and use this as input stream
- */
- {
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- Transformer transformer = tFactory.newTransformer();
- DOMSource source = new DOMSource(xsltElement);
- StreamResult result = new StreamResult(os);
-
- transformer.transform(source, result);
-
- stylesheet =
- new StreamSource(new ByteArrayInputStream(os.toByteArray()));
- }
-
- Transformer transformer = tFactory.newTransformer(stylesheet);
-
- // Force Xalan to use \n as line separator on all OSes. This
- // avoids OS specific signature validation failures due to line
- // separator differences in the transformed output. Unfortunately,
- // this is not a standard JAXP property so will not work with non-Xalan
- // implementations.
- try {
- transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", "\n");
- } catch (Exception e) {
- log.warn("Unable to set Xalan line-separator property: " + e.getMessage());
- }
-
- if (baos == null) {
- ByteArrayOutputStream baos1 = new ByteArrayOutputStream();
- StreamResult outputTarget = new StreamResult(baos1);
- transformer.transform(xmlSource, outputTarget);
- return new XMLSignatureInput(baos1.toByteArray());
- }
- StreamResult outputTarget = new StreamResult(baos);
-
- transformer.transform(xmlSource, outputTarget);
- XMLSignatureInput output = new XMLSignatureInput((byte[])null);
- output.setOutputStream(baos);
- return output;
- } catch (XMLSecurityException ex) {
- Object exArgs[] = { ex.getMessage() };
-
- throw new TransformationException("generic.EmptyMessage", exArgs, ex);
- } catch (TransformerConfigurationException ex) {
- Object exArgs[] = { ex.getMessage() };
-
- throw new TransformationException("generic.EmptyMessage", exArgs, ex);
- } catch (TransformerException ex) {
- Object exArgs[] = { ex.getMessage() };
-
- throw new TransformationException("generic.EmptyMessage", exArgs, ex);
- }
- }
-}
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-implementations of XML Signature transforms.
-</P></BODY></HTML>
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-the framework for XML Signature transforms.
-</P></BODY></HTML>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.params;
-
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.transforms.TransformParam;
-import org.apache.xml.security.utils.ElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * This Object serves as Content for the ds:Transforms for exclusive
- * Canonicalization.
- * <BR />
- * It implements the {@link Element} interface
- * and can be used directly in a DOM tree.
- *
- * @author Christian Geuer-Pollmann
- */
-public class InclusiveNamespaces extends ElementProxy implements TransformParam {
-
- /** Field _TAG_EC_INCLUSIVENAMESPACES */
- public static final String _TAG_EC_INCLUSIVENAMESPACES =
- "InclusiveNamespaces";
-
- /** Field _ATT_EC_PREFIXLIST */
- public static final String _ATT_EC_PREFIXLIST = "PrefixList";
-
- /** Field ExclusiveCanonicalizationNamespace */
- public static final String ExclusiveCanonicalizationNamespace =
- "http://www.w3.org/2001/10/xml-exc-c14n#";
-
- /**
- * Constructor XPathContainer
- *
- * @param doc
- * @param prefixList
- */
- public InclusiveNamespaces(Document doc, String prefixList) {
- this(doc, InclusiveNamespaces.prefixStr2Set(prefixList));
- }
-
- /**
- * Constructor InclusiveNamespaces
- *
- * @param doc
- * @param prefixes
- */
- public InclusiveNamespaces(Document doc, Set<String> prefixes) {
- super(doc);
-
- SortedSet<String> prefixList = null;
- if (prefixes instanceof SortedSet<?>) {
- prefixList = (SortedSet<String>)prefixes;
- } else {
- prefixList = new TreeSet<String>(prefixes);
- }
-
- StringBuilder sb = new StringBuilder();
- for (String prefix : prefixList) {
- if (prefix.equals("xmlns")) {
- sb.append("#default ");
- } else {
- sb.append(prefix + " ");
- }
- }
-
- this.constructionElement.setAttributeNS(
- null, InclusiveNamespaces._ATT_EC_PREFIXLIST, sb.toString().trim());
- }
-
- /**
- * Constructor InclusiveNamespaces
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public InclusiveNamespaces(Element element, String BaseURI)
- throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Method getInclusiveNamespaces
- *
- * @return The Inclusive Namespace string
- */
- public String getInclusiveNamespaces() {
- return this.constructionElement.getAttributeNS(null, InclusiveNamespaces._ATT_EC_PREFIXLIST);
- }
-
- /**
- * Decodes the <code>inclusiveNamespaces</code> String and returns all
- * selected namespace prefixes as a Set. The <code>#default</code>
- * namespace token is represented as an empty namespace prefix
- * (<code>"xmlns"</code>).
- * <BR/>
- * The String <code>inclusiveNamespaces=" xenc ds #default"</code>
- * is returned as a Set containing the following Strings:
- * <UL>
- * <LI><code>xmlns</code></LI>
- * <LI><code>xenc</code></LI>
- * <LI><code>ds</code></LI>
- * </UL>
- *
- * @param inclusiveNamespaces
- * @return A set to string
- */
- public static SortedSet<String> prefixStr2Set(String inclusiveNamespaces) {
- SortedSet<String> prefixes = new TreeSet<String>();
-
- if ((inclusiveNamespaces == null) || (inclusiveNamespaces.length() == 0)) {
- return prefixes;
- }
-
- String[] tokens = inclusiveNamespaces.split("\\s");
- for (String prefix : tokens) {
- if (prefix.equals("#default")) {
- prefixes.add("xmlns");
- } else {
- prefixes.add(prefix);
- }
- }
-
- return prefixes;
- }
-
- /**
- * Method getBaseNamespace
- *
- * @inheritDoc
- */
- public String getBaseNamespace() {
- return InclusiveNamespaces.ExclusiveCanonicalizationNamespace;
- }
-
- /**
- * Method getBaseLocalName
- *
- * @inheritDoc
- */
- public String getBaseLocalName() {
- return InclusiveNamespaces._TAG_EC_INCLUSIVENAMESPACES;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.params;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.transforms.TransformParam;
-import org.apache.xml.security.utils.ElementProxy;
-import org.apache.xml.security.utils.HelperNodeList;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * Implements the parameters for the <A
- * HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0</A>.
- *
- * @author $Author: coheigea $
- * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
- */
-public class XPath2FilterContainer extends ElementProxy implements TransformParam {
-
- /** Field _ATT_FILTER */
- private static final String _ATT_FILTER = "Filter";
-
- /** Field _ATT_FILTER_VALUE_INTERSECT */
- private static final String _ATT_FILTER_VALUE_INTERSECT = "intersect";
-
- /** Field _ATT_FILTER_VALUE_SUBTRACT */
- private static final String _ATT_FILTER_VALUE_SUBTRACT = "subtract";
-
- /** Field _ATT_FILTER_VALUE_UNION */
- private static final String _ATT_FILTER_VALUE_UNION = "union";
-
- /** Field INTERSECT */
- public static final String INTERSECT =
- XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT;
-
- /** Field SUBTRACT */
- public static final String SUBTRACT =
- XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT;
-
- /** Field UNION */
- public static final String UNION =
- XPath2FilterContainer._ATT_FILTER_VALUE_UNION;
-
- /** Field _TAG_XPATH2 */
- public static final String _TAG_XPATH2 = "XPath";
-
- /** Field XPathFiler2NS */
- public static final String XPathFilter2NS =
- "http://www.w3.org/2002/06/xmldsig-filter2";
-
- /**
- * Constructor XPath2FilterContainer
- *
- */
- private XPath2FilterContainer() {
- // no instantiation
- }
-
- /**
- * Constructor XPath2FilterContainer
- *
- * @param doc
- * @param xpath2filter
- * @param filterType
- */
- private XPath2FilterContainer(Document doc, String xpath2filter, String filterType) {
- super(doc);
-
- this.constructionElement.setAttributeNS(
- null, XPath2FilterContainer._ATT_FILTER, filterType);
- this.constructionElement.appendChild(doc.createTextNode(xpath2filter));
- }
-
- /**
- * Constructor XPath2FilterContainer
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- private XPath2FilterContainer(Element element, String BaseURI) throws XMLSecurityException {
-
- super(element, BaseURI);
-
- String filterStr =
- this.constructionElement.getAttributeNS(null, XPath2FilterContainer._ATT_FILTER);
-
- if (!filterStr.equals(XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT)
- && !filterStr.equals(XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT)
- && !filterStr.equals(XPath2FilterContainer._ATT_FILTER_VALUE_UNION)) {
- Object exArgs[] = { XPath2FilterContainer._ATT_FILTER, filterStr,
- XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT
- + ", "
- + XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT
- + " or "
- + XPath2FilterContainer._ATT_FILTER_VALUE_UNION };
-
- throw new XMLSecurityException("attributeValueIllegal", exArgs);
- }
- }
-
- /**
- * Creates a new XPath2FilterContainer with the filter type "intersect".
- *
- * @param doc
- * @param xpath2filter
- * @return the filter.
- */
- public static XPath2FilterContainer newInstanceIntersect(
- Document doc, String xpath2filter
- ) {
- return new XPath2FilterContainer(
- doc, xpath2filter, XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT);
- }
-
- /**
- * Creates a new XPath2FilterContainer with the filter type "subtract".
- *
- * @param doc
- * @param xpath2filter
- * @return the filter.
- */
- public static XPath2FilterContainer newInstanceSubtract(Document doc, String xpath2filter) {
- return new XPath2FilterContainer(
- doc, xpath2filter, XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT);
- }
-
- /**
- * Creates a new XPath2FilterContainer with the filter type "union".
- *
- * @param doc
- * @param xpath2filter
- * @return the filter
- */
- public static XPath2FilterContainer newInstanceUnion(Document doc, String xpath2filter) {
- return new XPath2FilterContainer(
- doc, xpath2filter, XPath2FilterContainer._ATT_FILTER_VALUE_UNION);
- }
-
- /**
- * Method newInstances
- *
- * @param doc
- * @param params
- * @return the nodelist with the data
- */
- public static NodeList newInstances(Document doc, String[][] params) {
- HelperNodeList nl = new HelperNodeList();
-
- XMLUtils.addReturnToElement(doc, nl);
-
- for (int i = 0; i < params.length; i++) {
- String type = params[i][0];
- String xpath = params[i][1];
-
- if (!(type.equals(XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT)
- || type.equals(XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT)
- || type.equals(XPath2FilterContainer._ATT_FILTER_VALUE_UNION))) {
- throw new IllegalArgumentException("The type(" + i + ")=\"" + type
- + "\" is illegal");
- }
-
- XPath2FilterContainer c = new XPath2FilterContainer(doc, xpath, type);
-
- nl.appendChild(c.getElement());
- XMLUtils.addReturnToElement(doc, nl);
- }
-
- return nl;
- }
-
- /**
- * Creates a XPath2FilterContainer from an existing Element; needed for verification.
- *
- * @param element
- * @param BaseURI
- * @return the filter
- *
- * @throws XMLSecurityException
- */
- public static XPath2FilterContainer newInstance(
- Element element, String BaseURI
- ) throws XMLSecurityException {
- return new XPath2FilterContainer(element, BaseURI);
- }
-
- /**
- * Returns <code>true</code> if the <code>Filter</code> attribute has value "intersect".
- *
- * @return <code>true</code> if the <code>Filter</code> attribute has value "intersect".
- */
- public boolean isIntersect() {
- return this.constructionElement.getAttributeNS(
- null, XPath2FilterContainer._ATT_FILTER
- ).equals(XPath2FilterContainer._ATT_FILTER_VALUE_INTERSECT);
- }
-
- /**
- * Returns <code>true</code> if the <code>Filter</code> attribute has value "subtract".
- *
- * @return <code>true</code> if the <code>Filter</code> attribute has value "subtract".
- */
- public boolean isSubtract() {
- return this.constructionElement.getAttributeNS(
- null, XPath2FilterContainer._ATT_FILTER
- ).equals(XPath2FilterContainer._ATT_FILTER_VALUE_SUBTRACT);
- }
-
- /**
- * Returns <code>true</code> if the <code>Filter</code> attribute has value "union".
- *
- * @return <code>true</code> if the <code>Filter</code> attribute has value "union".
- */
- public boolean isUnion() {
- return this.constructionElement.getAttributeNS(
- null, XPath2FilterContainer._ATT_FILTER
- ).equals(XPath2FilterContainer._ATT_FILTER_VALUE_UNION);
- }
-
- /**
- * Returns the XPath 2 Filter String
- *
- * @return the XPath 2 Filter String
- */
- public String getXPathFilterStr() {
- return this.getTextFromTextChild();
- }
-
- /**
- * Returns the first Text node which contains information from the XPath 2
- * Filter String. We must use this stupid hook to enable the here() function
- * to work.
- *
- * $todo$ I dunno whether this crashes: <XPath> here()<!-- comment -->/ds:Signature[1]</XPath>
- * @return the first Text node which contains information from the XPath 2 Filter String
- */
- public Node getXPathFilterTextNode() {
-
- NodeList children = this.constructionElement.getChildNodes();
- int length = children.getLength();
-
- for (int i = 0; i < length; i++) {
- if (children.item(i).getNodeType() == Node.TEXT_NODE) {
- return children.item(i);
- }
- }
-
- return null;
- }
-
- /**
- * Method getBaseLocalName
- *
- * @return the XPATH2 tag
- */
- public final String getBaseLocalName() {
- return XPath2FilterContainer._TAG_XPATH2;
- }
-
- /**
- * Method getBaseNamespace
- *
- * @return XPATH2 tag namespace
- */
- public final String getBaseNamespace() {
- return XPath2FilterContainer.XPathFilter2NS;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.params;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.transforms.TransformParam;
-import org.apache.xml.security.utils.ElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * Implements the parameters for the <A
- * HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0</A>.
- *
- * @author $Author: coheigea $
- * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
- */
-public class XPath2FilterContainer04 extends ElementProxy implements TransformParam {
-
- /** Field _ATT_FILTER */
- private static final String _ATT_FILTER = "Filter";
-
- /** Field _ATT_FILTER_VALUE_INTERSECT */
- private static final String _ATT_FILTER_VALUE_INTERSECT = "intersect";
-
- /** Field _ATT_FILTER_VALUE_SUBTRACT */
- private static final String _ATT_FILTER_VALUE_SUBTRACT = "subtract";
-
- /** Field _ATT_FILTER_VALUE_UNION */
- private static final String _ATT_FILTER_VALUE_UNION = "union";
-
- /** Field _TAG_XPATH2 */
- public static final String _TAG_XPATH2 = "XPath";
-
- /** Field XPathFiler2NS */
- public static final String XPathFilter2NS =
- "http://www.w3.org/2002/04/xmldsig-filter2";
-
- /**
- * Constructor XPath2FilterContainer04
- *
- */
- private XPath2FilterContainer04() {
-
- // no instantiation
- }
-
- /**
- * Constructor XPath2FilterContainer04
- *
- * @param doc
- * @param xpath2filter
- * @param filterType
- */
- private XPath2FilterContainer04(Document doc, String xpath2filter, String filterType) {
- super(doc);
-
- this.constructionElement.setAttributeNS(
- null, XPath2FilterContainer04._ATT_FILTER, filterType);
-
- if ((xpath2filter.length() > 2)
- && (!Character.isWhitespace(xpath2filter.charAt(0)))) {
- XMLUtils.addReturnToElement(this.constructionElement);
- this.constructionElement.appendChild(doc.createTextNode(xpath2filter));
- XMLUtils.addReturnToElement(this.constructionElement);
- } else {
- this.constructionElement.appendChild(doc.createTextNode(xpath2filter));
- }
- }
-
- /**
- * Constructor XPath2FilterContainer04
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- private XPath2FilterContainer04(Element element, String BaseURI)
- throws XMLSecurityException {
-
- super(element, BaseURI);
-
- String filterStr =
- this.constructionElement.getAttributeNS(null, XPath2FilterContainer04._ATT_FILTER);
-
- if (!filterStr.equals(XPath2FilterContainer04._ATT_FILTER_VALUE_INTERSECT)
- && !filterStr.equals(XPath2FilterContainer04._ATT_FILTER_VALUE_SUBTRACT)
- && !filterStr.equals(XPath2FilterContainer04._ATT_FILTER_VALUE_UNION)) {
- Object exArgs[] = { XPath2FilterContainer04._ATT_FILTER, filterStr,
- XPath2FilterContainer04._ATT_FILTER_VALUE_INTERSECT
- + ", "
- + XPath2FilterContainer04._ATT_FILTER_VALUE_SUBTRACT
- + " or "
- + XPath2FilterContainer04._ATT_FILTER_VALUE_UNION };
-
- throw new XMLSecurityException("attributeValueIllegal", exArgs);
- }
- }
-
- /**
- * Creates a new XPath2FilterContainer04 with the filter type "intersect".
- *
- * @param doc
- * @param xpath2filter
- * @return the instance
- */
- public static XPath2FilterContainer04 newInstanceIntersect(
- Document doc, String xpath2filter
- ) {
- return new XPath2FilterContainer04(
- doc, xpath2filter, XPath2FilterContainer04._ATT_FILTER_VALUE_INTERSECT);
- }
-
- /**
- * Creates a new XPath2FilterContainer04 with the filter type "subtract".
- *
- * @param doc
- * @param xpath2filter
- * @return the instance
- */
- public static XPath2FilterContainer04 newInstanceSubtract(
- Document doc, String xpath2filter
- ) {
- return new XPath2FilterContainer04(
- doc, xpath2filter, XPath2FilterContainer04._ATT_FILTER_VALUE_SUBTRACT);
- }
-
- /**
- * Creates a new XPath2FilterContainer04 with the filter type "union".
- *
- * @param doc
- * @param xpath2filter
- * @return the instance
- */
- public static XPath2FilterContainer04 newInstanceUnion(
- Document doc, String xpath2filter
- ) {
- return new XPath2FilterContainer04(
- doc, xpath2filter, XPath2FilterContainer04._ATT_FILTER_VALUE_UNION);
- }
-
- /**
- * Creates a XPath2FilterContainer04 from an existing Element; needed for verification.
- *
- * @param element
- * @param BaseURI
- * @return the instance
- *
- * @throws XMLSecurityException
- */
- public static XPath2FilterContainer04 newInstance(
- Element element, String BaseURI
- ) throws XMLSecurityException {
- return new XPath2FilterContainer04(element, BaseURI);
- }
-
- /**
- * Returns <code>true</code> if the <code>Filter</code> attribute has value "intersect".
- *
- * @return <code>true</code> if the <code>Filter</code> attribute has value "intersect".
- */
- public boolean isIntersect() {
- return this.constructionElement.getAttributeNS(
- null, XPath2FilterContainer04._ATT_FILTER
- ).equals(XPath2FilterContainer04._ATT_FILTER_VALUE_INTERSECT);
- }
-
- /**
- * Returns <code>true</code> if the <code>Filter</code> attribute has value "subtract".
- *
- * @return <code>true</code> if the <code>Filter</code> attribute has value "subtract".
- */
- public boolean isSubtract() {
- return this.constructionElement.getAttributeNS(
- null, XPath2FilterContainer04._ATT_FILTER
- ).equals(XPath2FilterContainer04._ATT_FILTER_VALUE_SUBTRACT);
- }
-
- /**
- * Returns <code>true</code> if the <code>Filter</code> attribute has value "union".
- *
- * @return <code>true</code> if the <code>Filter</code> attribute has value "union".
- */
- public boolean isUnion() {
- return this.constructionElement.getAttributeNS(
- null, XPath2FilterContainer04._ATT_FILTER
- ).equals(XPath2FilterContainer04._ATT_FILTER_VALUE_UNION);
- }
-
- /**
- * Returns the XPath 2 Filter String
- *
- * @return the XPath 2 Filter String
- */
- public String getXPathFilterStr() {
- return this.getTextFromTextChild();
- }
-
- /**
- * Returns the first Text node which contains information from the XPath 2
- * Filter String. We must use this stupid hook to enable the here() function
- * to work.
- *
- * $todo$ I dunno whether this crashes: <XPath> here()<!-- comment -->/ds:Signature[1]</XPath>
- * @return the first Text node which contains information from the XPath 2 Filter String
- */
- public Node getXPathFilterTextNode() {
- NodeList children = this.constructionElement.getChildNodes();
- int length = children.getLength();
-
- for (int i = 0; i < length; i++) {
- if (children.item(i).getNodeType() == Node.TEXT_NODE) {
- return children.item(i);
- }
- }
-
- return null;
- }
-
- /** @inheritDoc */
- public final String getBaseLocalName() {
- return XPath2FilterContainer04._TAG_XPATH2;
- }
-
- /** @inheritDoc */
- public final String getBaseNamespace() {
- return XPath2FilterContainer04.XPathFilter2NS;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.params;
-
-
-import org.apache.xml.security.transforms.TransformParam;
-import org.apache.xml.security.utils.Constants;
-import org.apache.xml.security.utils.SignatureElementProxy;
-import org.w3c.dom.Document;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.Text;
-
-/**
- * This Object serves both as namespace prefix resolver and as container for
- * the <CODE>ds:XPath</CODE> Element. It implements the {@link org.w3c.dom.Element} interface
- * and can be used directly in a DOM tree.
- *
- * @author Christian Geuer-Pollmann
- */
-public class XPathContainer extends SignatureElementProxy implements TransformParam {
-
- /**
- * Constructor XPathContainer
- *
- * @param doc
- */
- public XPathContainer(Document doc) {
- super(doc);
- }
-
- /**
- * Sets the TEXT value of the <CODE>ds:XPath</CODE> Element.
- *
- * @param xpath
- */
- public void setXPath(String xpath) {
- if (this.constructionElement.getChildNodes() != null) {
- NodeList nl = this.constructionElement.getChildNodes();
-
- for (int i = 0; i < nl.getLength(); i++) {
- this.constructionElement.removeChild(nl.item(i));
- }
- }
-
- Text xpathText = this.doc.createTextNode(xpath);
- this.constructionElement.appendChild(xpathText);
- }
-
- /**
- * Returns the TEXT value of the <CODE>ds:XPath</CODE> Element.
- *
- * @return the TEXT value of the <CODE>ds:XPath</CODE> Element.
- */
- public String getXPath() {
- return this.getTextFromTextChild();
- }
-
- /** @inheritDoc */
- public String getBaseLocalName() {
- return Constants._TAG_XPATH;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.transforms.params;
-
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.transforms.TransformParam;
-import org.apache.xml.security.utils.ElementProxy;
-import org.apache.xml.security.utils.XMLUtils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * Implements the parameters for a custom Transform which has a better performance
- * than the xfilter2.
- *
- * @author $Author: coheigea $
- */
-public class XPathFilterCHGPContainer extends ElementProxy implements TransformParam {
-
- public static final String TRANSFORM_XPATHFILTERCHGP =
- "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter";
-
- /** Field _ATT_FILTER_VALUE_INTERSECT */
- private static final String _TAG_INCLUDE_BUT_SEARCH = "IncludeButSearch";
-
- /** Field _ATT_FILTER_VALUE_SUBTRACT */
- private static final String _TAG_EXCLUDE_BUT_SEARCH = "ExcludeButSearch";
-
- /** Field _ATT_FILTER_VALUE_UNION */
- private static final String _TAG_EXCLUDE = "Exclude";
-
- /** Field _TAG_XPATHCHGP */
- public static final String _TAG_XPATHCHGP = "XPathAlternative";
-
- /** Field _ATT_INCLUDESLASH */
- public static final String _ATT_INCLUDESLASH = "IncludeSlashPolicy";
-
- /** Field IncludeSlash */
- public static final boolean IncludeSlash = true;
-
- /** Field ExcludeSlash */
- public static final boolean ExcludeSlash = false;
-
- /**
- * Constructor XPathFilterCHGPContainer
- *
- */
- private XPathFilterCHGPContainer() {
- // no instantiation
- }
-
- /**
- * Constructor XPathFilterCHGPContainer
- *
- * @param doc
- * @param includeSlashPolicy
- * @param includeButSearch
- * @param excludeButSearch
- * @param exclude
- */
- private XPathFilterCHGPContainer(
- Document doc, boolean includeSlashPolicy, String includeButSearch,
- String excludeButSearch, String exclude
- ) {
- super(doc);
-
- if (includeSlashPolicy) {
- this.constructionElement.setAttributeNS(
- null, XPathFilterCHGPContainer._ATT_INCLUDESLASH, "true"
- );
- } else {
- this.constructionElement.setAttributeNS(
- null, XPathFilterCHGPContainer._ATT_INCLUDESLASH, "false"
- );
- }
-
- if ((includeButSearch != null) && (includeButSearch.trim().length() > 0)) {
- Element includeButSearchElem =
- ElementProxy.createElementForFamily(
- doc, this.getBaseNamespace(), XPathFilterCHGPContainer._TAG_INCLUDE_BUT_SEARCH
- );
-
- includeButSearchElem.appendChild(
- this.doc.createTextNode(indentXPathText(includeButSearch))
- );
- XMLUtils.addReturnToElement(this.constructionElement);
- this.constructionElement.appendChild(includeButSearchElem);
- }
-
- if ((excludeButSearch != null) && (excludeButSearch.trim().length() > 0)) {
- Element excludeButSearchElem =
- ElementProxy.createElementForFamily(
- doc, this.getBaseNamespace(), XPathFilterCHGPContainer._TAG_EXCLUDE_BUT_SEARCH
- );
-
- excludeButSearchElem.appendChild(
- this.doc.createTextNode(indentXPathText(excludeButSearch)));
-
- XMLUtils.addReturnToElement(this.constructionElement);
- this.constructionElement.appendChild(excludeButSearchElem);
- }
-
- if ((exclude != null) && (exclude.trim().length() > 0)) {
- Element excludeElem =
- ElementProxy.createElementForFamily(
- doc, this.getBaseNamespace(), XPathFilterCHGPContainer._TAG_EXCLUDE);
-
- excludeElem.appendChild(this.doc.createTextNode(indentXPathText(exclude)));
- XMLUtils.addReturnToElement(this.constructionElement);
- this.constructionElement.appendChild(excludeElem);
- }
-
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method indentXPathText
- *
- * @param xp
- * @return the string with enters
- */
- static String indentXPathText(String xp) {
- if ((xp.length() > 2) && (!Character.isWhitespace(xp.charAt(0)))) {
- return "\n" + xp + "\n";
- }
- return xp;
- }
-
- /**
- * Constructor XPathFilterCHGPContainer
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- private XPathFilterCHGPContainer(Element element, String BaseURI)
- throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /**
- * Creates a new XPathFilterCHGPContainer; needed for generation.
- *
- * @param doc
- * @param includeSlashPolicy
- * @param includeButSearch
- * @param excludeButSearch
- * @param exclude
- * @return the created object
- */
- public static XPathFilterCHGPContainer getInstance(
- Document doc, boolean includeSlashPolicy, String includeButSearch,
- String excludeButSearch, String exclude
- ) {
- return new XPathFilterCHGPContainer(
- doc, includeSlashPolicy, includeButSearch, excludeButSearch, exclude);
- }
-
- /**
- * Creates a XPathFilterCHGPContainer from an existing Element; needed for verification.
- *
- * @param element
- * @param BaseURI
- *
- * @throws XMLSecurityException
- * @return the created object.
- */
- public static XPathFilterCHGPContainer getInstance(
- Element element, String BaseURI
- ) throws XMLSecurityException {
- return new XPathFilterCHGPContainer(element, BaseURI);
- }
-
- /**
- * Method getXStr
- *
- * @param type
- * @return The Xstr
- */
- private String getXStr(String type) {
- if (this.length(this.getBaseNamespace(), type) != 1) {
- return "";
- }
-
- Element xElem =
- XMLUtils.selectNode(
- this.constructionElement.getFirstChild(), this.getBaseNamespace(), type, 0
- );
-
- return XMLUtils.getFullTextChildrenFromElement(xElem);
- }
-
- /**
- * Method getIncludeButSearch
- *
- * @return the string
- */
- public String getIncludeButSearch() {
- return this.getXStr(XPathFilterCHGPContainer._TAG_INCLUDE_BUT_SEARCH);
- }
-
- /**
- * Method getExcludeButSearch
- *
- * @return the string
- */
- public String getExcludeButSearch() {
- return this.getXStr(XPathFilterCHGPContainer._TAG_EXCLUDE_BUT_SEARCH);
- }
-
- /**
- * Method getExclude
- *
- * @return the string
- */
- public String getExclude() {
- return this.getXStr(XPathFilterCHGPContainer._TAG_EXCLUDE);
- }
-
- /**
- * Method getIncludeSlashPolicy
- *
- * @return the string
- */
- public boolean getIncludeSlashPolicy() {
- return this.constructionElement.getAttributeNS(
- null, XPathFilterCHGPContainer._ATT_INCLUDESLASH).equals("true");
- }
-
- /**
- * Returns the first Text node which contains information from the XPath
- * Filter String. We must use this stupid hook to enable the here() function
- * to work.
- *
- * $todo$ I dunno whether this crashes: <XPath> he<!-- comment -->re()/ds:Signature[1]</XPath>
- * @param type
- * @return the first Text node which contains information from the XPath 2 Filter String
- */
- private Node getHereContextNode(String type) {
-
- if (this.length(this.getBaseNamespace(), type) != 1) {
- return null;
- }
-
- return XMLUtils.selectNodeText(
- this.constructionElement.getFirstChild(), this.getBaseNamespace(), type, 0
- );
- }
-
- /**
- * Method getHereContextNodeIncludeButSearch
- *
- * @return the string
- */
- public Node getHereContextNodeIncludeButSearch() {
- return this.getHereContextNode(XPathFilterCHGPContainer._TAG_INCLUDE_BUT_SEARCH);
- }
-
- /**
- * Method getHereContextNodeExcludeButSearch
- *
- * @return the string
- */
- public Node getHereContextNodeExcludeButSearch() {
- return this.getHereContextNode(XPathFilterCHGPContainer._TAG_EXCLUDE_BUT_SEARCH);
- }
-
- /**
- * Method getHereContextNodeExclude
- *
- * @return the string
- */
- public Node getHereContextNodeExclude() {
- return this.getHereContextNode(XPathFilterCHGPContainer._TAG_EXCLUDE);
- }
-
- /**
- * Method getBaseLocalName
- *
- * @inheritDoc
- */
- public final String getBaseLocalName() {
- return XPathFilterCHGPContainer._TAG_XPATHCHGP;
- }
-
- /**
- * Method getBaseNamespace
- *
- * @inheritDoc
- */
- public final String getBaseNamespace() {
- return TRANSFORM_XPATHFILTERCHGP;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.math.BigInteger;
-
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.Text;
-
-/**
- * Implementation of MIME's Base64 encoding and decoding conversions.
- * Optimized code. (raw version taken from oreilly.jonathan.util,
- * and currently org.apache.xerces.ds.util.Base64)
- *
- * @author Raul Benito(Of the xerces copy, and little adaptations).
- * @author Anli Shundi
- * @author Christian Geuer-Pollmann
- * @see <A HREF="ftp://ftp.isi.edu/in-notes/rfc2045.txt">RFC 2045</A>
- * @see org.apache.xml.security.transforms.implementations.TransformBase64Decode
- */
-public class Base64 {
-
- /** Field BASE64DEFAULTLENGTH */
- public static final int BASE64DEFAULTLENGTH = 76;
-
- private static final int BASELENGTH = 255;
- private static final int LOOKUPLENGTH = 64;
- private static final int TWENTYFOURBITGROUP = 24;
- private static final int EIGHTBIT = 8;
- private static final int SIXTEENBIT = 16;
- private static final int FOURBYTE = 4;
- private static final int SIGN = -128;
- private static final char PAD = '=';
- private static final byte [] base64Alphabet = new byte[BASELENGTH];
- private static final char [] lookUpBase64Alphabet = new char[LOOKUPLENGTH];
-
- static {
- for (int i = 0; i < BASELENGTH; i++) {
- base64Alphabet[i] = -1;
- }
- for (int i = 'Z'; i >= 'A'; i--) {
- base64Alphabet[i] = (byte) (i - 'A');
- }
- for (int i = 'z'; i>= 'a'; i--) {
- base64Alphabet[i] = (byte) (i - 'a' + 26);
- }
-
- for (int i = '9'; i >= '0'; i--) {
- base64Alphabet[i] = (byte) (i - '0' + 52);
- }
-
- base64Alphabet['+'] = 62;
- base64Alphabet['/'] = 63;
-
- for (int i = 0; i <= 25; i++) {
- lookUpBase64Alphabet[i] = (char)('A' + i);
- }
-
- for (int i = 26, j = 0; i <= 51; i++, j++) {
- lookUpBase64Alphabet[i] = (char)('a' + j);
- }
-
- for (int i = 52, j = 0; i <= 61; i++, j++) {
- lookUpBase64Alphabet[i] = (char)('0' + j);
- }
- lookUpBase64Alphabet[62] = '+';
- lookUpBase64Alphabet[63] = '/';
- }
-
- private Base64() {
- // we don't allow instantiation
- }
-
- /**
- * Returns a byte-array representation of a <code>{@link BigInteger}<code>.
- * No sign-bit is output.
- *
- * <b>N.B.:</B> <code>{@link BigInteger}<code>'s toByteArray
- * returns eventually longer arrays because of the leading sign-bit.
- *
- * @param big <code>BigInteger<code> to be converted
- * @param bitlen <code>int<code> the desired length in bits of the representation
- * @return a byte array with <code>bitlen</code> bits of <code>big</code>
- */
- static final byte[] getBytes(BigInteger big, int bitlen) {
-
- //round bitlen
- bitlen = ((bitlen + 7) >> 3) << 3;
-
- if (bitlen < big.bitLength()) {
- throw new IllegalArgumentException(I18n.translate("utils.Base64.IllegalBitlength"));
- }
-
- byte[] bigBytes = big.toByteArray();
-
- if (((big.bitLength() % 8) != 0)
- && (((big.bitLength() / 8) + 1) == (bitlen / 8))) {
- return bigBytes;
- }
-
- // some copying needed
- int startSrc = 0; // no need to skip anything
- int bigLen = bigBytes.length; //valid length of the string
-
- if ((big.bitLength() % 8) == 0) { // correct values
- startSrc = 1; // skip sign bit
-
- bigLen--; // valid length of the string
- }
-
- int startDst = bitlen / 8 - bigLen; //pad with leading nulls
- byte[] resizedBytes = new byte[bitlen / 8];
-
- System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, bigLen);
-
- return resizedBytes;
- }
-
- /**
- * Encode in Base64 the given <code>{@link BigInteger}<code>.
- *
- * @param big
- * @return String with Base64 encoding
- */
- public static final String encode(BigInteger big) {
- return encode(getBytes(big, big.bitLength()));
- }
-
- /**
- * Returns a byte-array representation of a <code>{@link BigInteger}<code>.
- * No sign-bit is output.
- *
- * <b>N.B.:</B> <code>{@link BigInteger}<code>'s toByteArray
- * returns eventually longer arrays because of the leading sign-bit.
- *
- * @param big <code>BigInteger<code> to be converted
- * @param bitlen <code>int<code> the desired length in bits of the representation
- * @return a byte array with <code>bitlen</code> bits of <code>big</code>
- */
- public static final byte[] encode(BigInteger big, int bitlen) {
-
- //round bitlen
- bitlen = ((bitlen + 7) >> 3) << 3;
-
- if (bitlen < big.bitLength()) {
- throw new IllegalArgumentException(I18n.translate("utils.Base64.IllegalBitlength"));
- }
-
- byte[] bigBytes = big.toByteArray();
-
- if (((big.bitLength() % 8) != 0)
- && (((big.bitLength() / 8) + 1) == (bitlen / 8))) {
- return bigBytes;
- }
-
- // some copying needed
- int startSrc = 0; // no need to skip anything
- int bigLen = bigBytes.length; //valid length of the string
-
- if ((big.bitLength() % 8) == 0) { // correct values
- startSrc = 1; // skip sign bit
-
- bigLen--; // valid length of the string
- }
-
- int startDst = bitlen / 8 - bigLen; //pad with leading nulls
- byte[] resizedBytes = new byte[bitlen / 8];
-
- System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, bigLen);
-
- return resizedBytes;
- }
-
- /**
- * Method decodeBigIntegerFromElement
- *
- * @param element
- * @return the biginteger obtained from the node
- * @throws Base64DecodingException
- */
- public static final BigInteger decodeBigIntegerFromElement(Element element)
- throws Base64DecodingException {
- return new BigInteger(1, Base64.decode(element));
- }
-
- /**
- * Method decodeBigIntegerFromText
- *
- * @param text
- * @return the biginter obtained from the text node
- * @throws Base64DecodingException
- */
- public static final BigInteger decodeBigIntegerFromText(Text text)
- throws Base64DecodingException {
- return new BigInteger(1, Base64.decode(text.getData()));
- }
-
- /**
- * This method takes an (empty) Element and a BigInteger and adds the
- * base64 encoded BigInteger to the Element.
- *
- * @param element
- * @param biginteger
- */
- public static final void fillElementWithBigInteger(Element element, BigInteger biginteger) {
-
- String encodedInt = encode(biginteger);
-
- if (!XMLUtils.ignoreLineBreaks() && encodedInt.length() > BASE64DEFAULTLENGTH) {
- encodedInt = "\n" + encodedInt + "\n";
- }
-
- Document doc = element.getOwnerDocument();
- Text text = doc.createTextNode(encodedInt);
-
- element.appendChild(text);
- }
-
- /**
- * Method decode
- *
- * Takes the <CODE>Text</CODE> children of the Element and interprets
- * them as input for the <CODE>Base64.decode()</CODE> function.
- *
- * @param element
- * @return the byte obtained of the decoding the element
- * $todo$ not tested yet
- * @throws Base64DecodingException
- */
- public static final byte[] decode(Element element) throws Base64DecodingException {
-
- Node sibling = element.getFirstChild();
- StringBuffer sb = new StringBuffer();
-
- while (sibling != null) {
- if (sibling.getNodeType() == Node.TEXT_NODE) {
- Text t = (Text) sibling;
-
- sb.append(t.getData());
- }
- sibling = sibling.getNextSibling();
- }
-
- return decode(sb.toString());
- }
-
- /**
- * Method encodeToElement
- *
- * @param doc
- * @param localName
- * @param bytes
- * @return an Element with the base64 encoded in the text.
- *
- */
- public static final Element encodeToElement(Document doc, String localName, byte[] bytes) {
- Element el = XMLUtils.createElementInSignatureSpace(doc, localName);
- Text text = doc.createTextNode(encode(bytes));
-
- el.appendChild(text);
-
- return el;
- }
-
- /**
- * Method decode
- *
- * @param base64
- * @return the UTF bytes of the base64
- * @throws Base64DecodingException
- *
- */
- public static final byte[] decode(byte[] base64) throws Base64DecodingException {
- return decodeInternal(base64, -1);
- }
-
- /**
- * Encode a byte array and fold lines at the standard 76th character unless
- * ignore line breaks property is set.
- *
- * @param binaryData <code>byte[]<code> to be base64 encoded
- * @return the <code>String<code> with encoded data
- */
- public static final String encode(byte[] binaryData) {
- return XMLUtils.ignoreLineBreaks()
- ? encode(binaryData, Integer.MAX_VALUE)
- : encode(binaryData, BASE64DEFAULTLENGTH);
- }
-
- /**
- * Base64 decode the lines from the reader and return an InputStream
- * with the bytes.
- *
- * @param reader
- * @return InputStream with the decoded bytes
- * @exception IOException passes what the reader throws
- * @throws IOException
- * @throws Base64DecodingException
- */
- public static final byte[] decode(BufferedReader reader)
- throws IOException, Base64DecodingException {
-
- byte[] retBytes = null;
- UnsyncByteArrayOutputStream baos = null;
- try {
- baos = new UnsyncByteArrayOutputStream();
- String line;
-
- while (null != (line = reader.readLine())) {
- byte[] bytes = decode(line);
- baos.write(bytes);
- }
- retBytes = baos.toByteArray();
- } finally {
- baos.close();
- }
-
- return retBytes;
- }
-
- protected static final boolean isWhiteSpace(byte octect) {
- return (octect == 0x20 || octect == 0xd || octect == 0xa || octect == 0x9);
- }
-
- protected static final boolean isPad(byte octect) {
- return (octect == PAD);
- }
-
- /**
- * Encodes hex octets into Base64
- *
- * @param binaryData Array containing binaryData
- * @return Encoded Base64 array
- */
- /**
- * Encode a byte array in Base64 format and return an optionally
- * wrapped line.
- *
- * @param binaryData <code>byte[]</code> data to be encoded
- * @param length <code>int<code> length of wrapped lines; No wrapping if less than 4.
- * @return a <code>String</code> with encoded data
- */
- public static final String encode(byte[] binaryData,int length) {
- if (length < 4) {
- length = Integer.MAX_VALUE;
- }
-
- if (binaryData == null) {
- return null;
- }
-
- int lengthDataBits = binaryData.length * EIGHTBIT;
- if (lengthDataBits == 0) {
- return "";
- }
-
- int fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
- int numberTriplets = lengthDataBits / TWENTYFOURBITGROUP;
- int numberQuartet = fewerThan24bits != 0 ? numberTriplets + 1 : numberTriplets;
- int quartesPerLine = length / 4;
- int numberLines = (numberQuartet - 1) / quartesPerLine;
- char encodedData[] = null;
-
- encodedData = new char[numberQuartet * 4 + numberLines];
-
- byte k = 0, l = 0, b1 = 0, b2 = 0, b3 = 0;
- int encodedIndex = 0;
- int dataIndex = 0;
- int i = 0;
-
- for (int line = 0; line < numberLines; line++) {
- for (int quartet = 0; quartet < 19; quartet++) {
- b1 = binaryData[dataIndex++];
- b2 = binaryData[dataIndex++];
- b3 = binaryData[dataIndex++];
-
- l = (byte)(b2 & 0x0f);
- k = (byte)(b1 & 0x03);
-
- byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2): (byte)((b1) >> 2 ^ 0xc0);
-
- byte val2 = ((b2 & SIGN) == 0) ? (byte)(b2 >> 4) : (byte)((b2) >> 4 ^ 0xf0);
- byte val3 = ((b3 & SIGN) == 0) ? (byte)(b3 >> 6) : (byte)((b3) >> 6 ^ 0xfc);
-
-
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[(l << 2) | val3];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[b3 & 0x3f];
-
- i++;
- }
- encodedData[encodedIndex++] = 0xa;
- }
-
- for (; i < numberTriplets; i++) {
- b1 = binaryData[dataIndex++];
- b2 = binaryData[dataIndex++];
- b3 = binaryData[dataIndex++];
-
- l = (byte)(b2 & 0x0f);
- k = (byte)(b1 & 0x03);
-
- byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2) : (byte)((b1) >> 2 ^ 0xc0);
-
- byte val2 = ((b2 & SIGN) == 0) ? (byte)(b2 >> 4) : (byte)((b2) >> 4 ^ 0xf0);
- byte val3 = ((b3 & SIGN) == 0) ? (byte)(b3 >> 6) : (byte)((b3) >> 6 ^ 0xfc);
-
-
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[(l << 2) | val3];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[b3 & 0x3f];
- }
-
- // form integral number of 6-bit groups
- if (fewerThan24bits == EIGHTBIT) {
- b1 = binaryData[dataIndex];
- k = (byte) (b1 &0x03);
- byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2):(byte)((b1) >> 2 ^ 0xc0);
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[k << 4];
- encodedData[encodedIndex++] = PAD;
- encodedData[encodedIndex++] = PAD;
- } else if (fewerThan24bits == SIXTEENBIT) {
- b1 = binaryData[dataIndex];
- b2 = binaryData[dataIndex +1 ];
- l = ( byte ) (b2 & 0x0f);
- k = ( byte ) (b1 & 0x03);
-
- byte val1 = ((b1 & SIGN) == 0) ? (byte)(b1 >> 2) : (byte)((b1) >> 2 ^ 0xc0);
- byte val2 = ((b2 & SIGN) == 0) ? (byte)(b2 >> 4) : (byte)((b2) >> 4 ^ 0xf0);
-
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];
- encodedData[encodedIndex++] = lookUpBase64Alphabet[l << 2];
- encodedData[encodedIndex++] = PAD;
- }
-
- //encodedData[encodedIndex] = 0xa;
-
- return new String(encodedData);
- }
-
- /**
- * Decodes Base64 data into octets
- *
- * @param encoded String containing base64 encoded data
- * @return byte array containing the decoded data
- * @throws Base64DecodingException if there is a problem decoding the data
- */
- public static final byte[] decode(String encoded) throws Base64DecodingException {
- if (encoded == null) {
- return null;
- }
- byte[] bytes = new byte[encoded.length()];
- int len = getBytesInternal(encoded, bytes);
- return decodeInternal(bytes, len);
- }
-
- protected static final int getBytesInternal(String s, byte[] result) {
- int length = s.length();
-
- int newSize = 0;
- for (int i = 0; i < length; i++) {
- byte dataS = (byte)s.charAt(i);
- if (!isWhiteSpace(dataS)) {
- result[newSize++] = dataS;
- }
- }
- return newSize;
- }
-
- protected static final byte[] decodeInternal(byte[] base64Data, int len)
- throws Base64DecodingException {
- // remove white spaces
- if (len == -1) {
- len = removeWhiteSpace(base64Data);
- }
-
- if (len % FOURBYTE != 0) {
- throw new Base64DecodingException("decoding.divisible.four");
- //should be divisible by four
- }
-
- int numberQuadruple = (len / FOURBYTE);
-
- if (numberQuadruple == 0) {
- return new byte[0];
- }
-
- byte decodedData[] = null;
- byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
-
- int i = 0;
- int encodedIndex = 0;
- int dataIndex = 0;
-
- //decodedData = new byte[ (numberQuadruple)*3];
- dataIndex = (numberQuadruple - 1) * 4;
- encodedIndex = (numberQuadruple - 1) * 3;
- //first last bits.
- b1 = base64Alphabet[base64Data[dataIndex++]];
- b2 = base64Alphabet[base64Data[dataIndex++]];
- if ((b1==-1) || (b2==-1)) {
- //if found "no data" just return null
- throw new Base64DecodingException("decoding.general");
- }
-
-
- byte d3, d4;
- b3 = base64Alphabet[d3 = base64Data[dataIndex++]];
- b4 = base64Alphabet[d4 = base64Data[dataIndex++]];
- if ((b3 == -1) || (b4 == -1) ) {
- //Check if they are PAD characters
- if (isPad(d3) && isPad(d4)) { //Two PAD e.g. 3c[Pad][Pad]
- if ((b2 & 0xf) != 0) { //last 4 bits should be zero
- throw new Base64DecodingException("decoding.general");
- }
- decodedData = new byte[encodedIndex + 1];
- decodedData[encodedIndex] = (byte)(b1 << 2 | b2 >> 4) ;
- } else if (!isPad(d3) && isPad(d4)) { //One PAD e.g. 3cQ[Pad]
- if ((b3 & 0x3) != 0) { //last 2 bits should be zero
- throw new Base64DecodingException("decoding.general");
- }
- decodedData = new byte[encodedIndex + 2];
- decodedData[encodedIndex++] = (byte)(b1 << 2 | b2 >> 4);
- decodedData[encodedIndex] = (byte)(((b2 & 0xf) << 4) |((b3 >> 2) & 0xf));
- } else {
- //an error like "3c[Pad]r", "3cdX", "3cXd", "3cXX" where X is non data
- throw new Base64DecodingException("decoding.general");
- }
- } else {
- //No PAD e.g 3cQl
- decodedData = new byte[encodedIndex+3];
- decodedData[encodedIndex++] = (byte)(b1 << 2 | b2 >> 4) ;
- decodedData[encodedIndex++] = (byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
- decodedData[encodedIndex++] = (byte)(b3 << 6 | b4);
- }
- encodedIndex = 0;
- dataIndex = 0;
- //the begin
- for (i = numberQuadruple - 1; i > 0; i--) {
- b1 = base64Alphabet[base64Data[dataIndex++]];
- b2 = base64Alphabet[base64Data[dataIndex++]];
- b3 = base64Alphabet[base64Data[dataIndex++]];
- b4 = base64Alphabet[base64Data[dataIndex++]];
-
- if ((b1 == -1) ||
- (b2 == -1) ||
- (b3 == -1) ||
- (b4 == -1)) {
- //if found "no data" just return null
- throw new Base64DecodingException("decoding.general");
- }
-
- decodedData[encodedIndex++] = (byte)(b1 << 2 | b2 >> 4) ;
- decodedData[encodedIndex++] = (byte)(((b2 & 0xf) << 4) |((b3 >> 2) & 0xf));
- decodedData[encodedIndex++] = (byte)(b3 << 6 | b4 );
- }
- return decodedData;
- }
-
- /**
- * Decodes Base64 data into outputstream
- *
- * @param base64Data String containing Base64 data
- * @param os the outputstream
- * @throws IOException
- * @throws Base64DecodingException
- */
- public static final void decode(String base64Data, OutputStream os)
- throws Base64DecodingException, IOException {
- byte[] bytes = new byte[base64Data.length()];
- int len = getBytesInternal(base64Data, bytes);
- decode(bytes,os,len);
- }
-
- /**
- * Decodes Base64 data into outputstream
- *
- * @param base64Data Byte array containing Base64 data
- * @param os the outputstream
- * @throws IOException
- * @throws Base64DecodingException
- */
- public static final void decode(byte[] base64Data, OutputStream os)
- throws Base64DecodingException, IOException {
- decode(base64Data,os,-1);
- }
-
- protected static final void decode(byte[] base64Data, OutputStream os, int len)
- throws Base64DecodingException, IOException {
- // remove white spaces
- if (len == -1) {
- len = removeWhiteSpace(base64Data);
- }
-
- if (len % FOURBYTE != 0) {
- throw new Base64DecodingException("decoding.divisible.four");
- //should be divisible by four
- }
-
- int numberQuadruple = (len / FOURBYTE);
-
- if (numberQuadruple == 0) {
- return;
- }
-
- //byte decodedData[] = null;
- byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
-
- int i = 0;
- int dataIndex = 0;
-
- //the begin
- for (i=numberQuadruple - 1; i > 0; i--) {
- b1 = base64Alphabet[base64Data[dataIndex++]];
- b2 = base64Alphabet[base64Data[dataIndex++]];
- b3 = base64Alphabet[base64Data[dataIndex++]];
- b4 = base64Alphabet[base64Data[dataIndex++]];
- if ((b1 == -1) ||
- (b2 == -1) ||
- (b3 == -1) ||
- (b4 == -1) ) {
- //if found "no data" just return null
- throw new Base64DecodingException("decoding.general");
- }
-
- os.write((byte)(b1 << 2 | b2 >> 4));
- os.write((byte)(((b2 & 0xf) << 4 ) | ((b3 >> 2) & 0xf)));
- os.write( (byte)(b3 << 6 | b4));
- }
- b1 = base64Alphabet[base64Data[dataIndex++]];
- b2 = base64Alphabet[base64Data[dataIndex++]];
-
- // first last bits.
- if ((b1 == -1) || (b2 == -1) ) {
- //if found "no data" just return null
- throw new Base64DecodingException("decoding.general");
- }
-
- byte d3, d4;
- b3 = base64Alphabet[d3 = base64Data[dataIndex++]];
- b4 = base64Alphabet[d4 = base64Data[dataIndex++]];
- if ((b3 == -1 ) || (b4 == -1) ) { //Check if they are PAD characters
- if (isPad(d3) && isPad(d4)) { //Two PAD e.g. 3c[Pad][Pad]
- if ((b2 & 0xf) != 0) { //last 4 bits should be zero
- throw new Base64DecodingException("decoding.general");
- }
- os.write((byte)(b1 << 2 | b2 >> 4));
- } else if (!isPad(d3) && isPad(d4)) { //One PAD e.g. 3cQ[Pad]
- if ((b3 & 0x3 ) != 0) { //last 2 bits should be zero
- throw new Base64DecodingException("decoding.general");
- }
- os.write((byte)(b1 << 2 | b2 >> 4));
- os.write((byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
- } else {
- //an error like "3c[Pad]r", "3cdX", "3cXd", "3cXX" where X is non data
- throw new Base64DecodingException("decoding.general");
- }
- } else {
- //No PAD e.g 3cQl
- os.write((byte)(b1 << 2 | b2 >> 4));
- os.write( (byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
- os.write((byte)(b3 << 6 | b4));
- }
- }
-
- /**
- * Decodes Base64 data into outputstream
- *
- * @param is containing Base64 data
- * @param os the outputstream
- * @throws IOException
- * @throws Base64DecodingException
- */
- public static final void decode(InputStream is, OutputStream os)
- throws Base64DecodingException, IOException {
- //byte decodedData[] = null;
- byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
-
- int index=0;
- byte[] data = new byte[4];
- int read;
- //the begin
- while ((read = is.read()) > 0) {
- byte readed = (byte)read;
- if (isWhiteSpace(readed)) {
- continue;
- }
- if (isPad(readed)) {
- data[index++] = readed;
- if (index == 3) {
- data[index++] = (byte)is.read();
- }
- break;
- }
-
- if ((data[index++] = readed) == -1) {
- //if found "no data" just return null
- throw new Base64DecodingException("decoding.general");
- }
-
- if (index != 4) {
- continue;
- }
- index = 0;
- b1 = base64Alphabet[data[0]];
- b2 = base64Alphabet[data[1]];
- b3 = base64Alphabet[data[2]];
- b4 = base64Alphabet[data[3]];
-
- os.write((byte)(b1 << 2 | b2 >> 4));
- os.write((byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
- os.write((byte)(b3 << 6 | b4));
- }
-
- byte d1 = data[0], d2 = data[1], d3 = data[2], d4 = data[3];
- b1 = base64Alphabet[d1];
- b2 = base64Alphabet[d2];
- b3 = base64Alphabet[d3];
- b4 = base64Alphabet[d4];
- if ((b3 == -1) || (b4 == -1)) { //Check if they are PAD characters
- if (isPad(d3) && isPad(d4)) { //Two PAD e.g. 3c[Pad][Pad]
- if ((b2 & 0xf) != 0) { //last 4 bits should be zero
- throw new Base64DecodingException("decoding.general");
- }
- os.write((byte)(b1 << 2 | b2 >> 4));
- } else if (!isPad(d3) && isPad(d4)) { //One PAD e.g. 3cQ[Pad]
- b3 = base64Alphabet[d3];
- if ((b3 & 0x3) != 0) { //last 2 bits should be zero
- throw new Base64DecodingException("decoding.general");
- }
- os.write((byte)(b1 << 2 | b2 >> 4));
- os.write((byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
- } else {
- //an error like "3c[Pad]r", "3cdX", "3cXd", "3cXX" where X is non data
- throw new Base64DecodingException("decoding.general");
- }
- } else {
- //No PAD e.g 3cQl
- os.write((byte)(b1 << 2 | b2 >> 4));
- os.write((byte)(((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)));
- os.write((byte)(b3 << 6 | b4));
- }
- }
-
- /**
- * remove WhiteSpace from MIME containing encoded Base64 data.
- *
- * @param data the byte array of base64 data (with WS)
- * @return the new length
- */
- protected static final int removeWhiteSpace(byte[] data) {
- if (data == null) {
- return 0;
- }
-
- // count characters that's not whitespace
- int newSize = 0;
- int len = data.length;
- for (int i = 0; i < len; i++) {
- byte dataS = data[i];
- if (!isWhiteSpace(dataS)) {
- data[newSize++] = dataS;
- }
- }
- return newSize;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.xml.security.utils;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-
-/**
- * This class is extremely useful for loading resources and classes in a fault
- * tolerant manner that works across different applications servers. Do not
- * touch this unless you're a grizzled classloading guru veteran who is going to
- * verify any change on 6 different application servers.
- */
-public final class ClassLoaderUtils {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static final org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ClassLoaderUtils.class);
-
- private ClassLoaderUtils() {
- }
-
- /**
- * Load a given resource. <p/> This method will try to load the resource
- * using the following methods (in order):
- * <ul>
- * <li>From Thread.currentThread().getContextClassLoader()
- * <li>From ClassLoaderUtil.class.getClassLoader()
- * <li>callingClass.getClassLoader()
- * </ul>
- *
- * @param resourceName The name of the resource to load
- * @param callingClass The Class object of the calling object
- */
- public static URL getResource(String resourceName, Class<?> callingClass) {
- URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
- if (url == null && resourceName.startsWith("/")) {
- //certain classloaders need it without the leading /
- url =
- Thread.currentThread().getContextClassLoader().getResource(
- resourceName.substring(1)
- );
- }
-
- ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
- if (cluClassloader == null) {
- cluClassloader = ClassLoader.getSystemClassLoader();
- }
- if (url == null) {
- url = cluClassloader.getResource(resourceName);
- }
- if (url == null && resourceName.startsWith("/")) {
- //certain classloaders need it without the leading /
- url = cluClassloader.getResource(resourceName.substring(1));
- }
-
- if (url == null) {
- ClassLoader cl = callingClass.getClassLoader();
-
- if (cl != null) {
- url = cl.getResource(resourceName);
- }
- }
-
- if (url == null) {
- url = callingClass.getResource(resourceName);
- }
-
- if ((url == null) && (resourceName != null) && (resourceName.charAt(0) != '/')) {
- return getResource('/' + resourceName, callingClass);
- }
-
- return url;
- }
-
- /**
- * Load a given resources. <p/> This method will try to load the resources
- * using the following methods (in order):
- * <ul>
- * <li>From Thread.currentThread().getContextClassLoader()
- * <li>From ClassLoaderUtil.class.getClassLoader()
- * <li>callingClass.getClassLoader()
- * </ul>
- *
- * @param resourceName The name of the resource to load
- * @param callingClass The Class object of the calling object
- */
- public static List<URL> getResources(String resourceName, Class<?> callingClass) {
- List<URL> ret = new ArrayList<URL>();
- Enumeration<URL> urls = new Enumeration<URL>() {
- public boolean hasMoreElements() {
- return false;
- }
- public URL nextElement() {
- return null;
- }
-
- };
- try {
- urls = Thread.currentThread().getContextClassLoader().getResources(resourceName);
- } catch (IOException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- //ignore
- }
- if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
- //certain classloaders need it without the leading /
- try {
- urls =
- Thread.currentThread().getContextClassLoader().getResources(
- resourceName.substring(1)
- );
- } catch (IOException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- // ignore
- }
- }
-
- ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
- if (cluClassloader == null) {
- cluClassloader = ClassLoader.getSystemClassLoader();
- }
- if (!urls.hasMoreElements()) {
- try {
- urls = cluClassloader.getResources(resourceName);
- } catch (IOException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- // ignore
- }
- }
- if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
- //certain classloaders need it without the leading /
- try {
- urls = cluClassloader.getResources(resourceName.substring(1));
- } catch (IOException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- // ignore
- }
- }
-
- if (!urls.hasMoreElements()) {
- ClassLoader cl = callingClass.getClassLoader();
-
- if (cl != null) {
- try {
- urls = cl.getResources(resourceName);
- } catch (IOException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- // ignore
- }
- }
- }
-
- if (!urls.hasMoreElements()) {
- URL url = callingClass.getResource(resourceName);
- if (url != null) {
- ret.add(url);
- }
- }
- while (urls.hasMoreElements()) {
- ret.add(urls.nextElement());
- }
-
-
- if (ret.isEmpty() && (resourceName != null) && (resourceName.charAt(0) != '/')) {
- return getResources('/' + resourceName, callingClass);
- }
- return ret;
- }
-
-
- /**
- * This is a convenience method to load a resource as a stream. <p/> The
- * algorithm used to find the resource is given in getResource()
- *
- * @param resourceName The name of the resource to load
- * @param callingClass The Class object of the calling object
- */
- public static InputStream getResourceAsStream(String resourceName, Class<?> callingClass) {
- URL url = getResource(resourceName, callingClass);
-
- try {
- return (url != null) ? url.openStream() : null;
- } catch (IOException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- return null;
- }
- }
-
- /**
- * Load a class with a given name. <p/> It will try to load the class in the
- * following order:
- * <ul>
- * <li>From Thread.currentThread().getContextClassLoader()
- * <li>Using the basic Class.forName()
- * <li>From ClassLoaderUtil.class.getClassLoader()
- * <li>From the callingClass.getClassLoader()
- * </ul>
- *
- * @param className The name of the class to load
- * @param callingClass The Class object of the calling object
- * @throws ClassNotFoundException If the class cannot be found anywhere.
- */
- public static Class<?> loadClass(String className, Class<?> callingClass)
- throws ClassNotFoundException {
- try {
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
-
- if (cl != null) {
- return cl.loadClass(className);
- }
- } catch (ClassNotFoundException e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- //ignore
- }
- return loadClass2(className, callingClass);
- }
-
- private static Class<?> loadClass2(String className, Class<?> callingClass)
- throws ClassNotFoundException {
- try {
- return Class.forName(className);
- } catch (ClassNotFoundException ex) {
- try {
- if (ClassLoaderUtils.class.getClassLoader() != null) {
- return ClassLoaderUtils.class.getClassLoader().loadClass(className);
- }
- } catch (ClassNotFoundException exc) {
- if (callingClass != null && callingClass.getClassLoader() != null) {
- return callingClass.getClassLoader().loadClass(className);
- }
- }
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- throw ex;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-/**
- * Provides all constants and some translation functions for i18n.
- *
- * For the used Algorithm identifiers and Namespaces, look at the
- * <A HREF="http://www.w3.org/TR/xmldsig-core/#sec-TransformAlg">XML
- * Signature specification</A>.
- *
- * @author $Author: coheigea $
- */
-public class Constants {
-
- /** Field configurationFile */
- public static final String configurationFile = "data/websig.conf";
-
- /** Field configurationFileNew */
- public static final String configurationFileNew = ".xmlsecurityconfig";
-
- /** Field exceptionMessagesResourceBundleDir */
- public static final String exceptionMessagesResourceBundleDir =
- "org/apache/xml/security/resource";
-
- /** Field exceptionMessagesResourceBundleBase is the location of the <CODE>ResourceBundle</CODE> */
- public static final String exceptionMessagesResourceBundleBase =
- exceptionMessagesResourceBundleDir + "/" + "xmlsecurity";
-
- /**
- * The URL of the
- * <A HREF="http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/">XML Signature specification</A>
- */
- public static final String SIGNATURESPECIFICATION_URL =
- "http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/";
-
- /**
- * The namespace of the
- * <A HREF="http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/">XML Signature specification</A>
- */
- public static final String SignatureSpecNS = "http://www.w3.org/2000/09/xmldsig#";
-
- /**
- * The namespace of the
- * <A HREF="http://www.w3.org/TR/xmldsig-core1/">XML Signature specification</A>
- */
- public static final String SignatureSpec11NS = "http://www.w3.org/2009/xmldsig11#";
-
- /** The URL for more algorithms **/
- public static final String MoreAlgorithmsSpecNS = "http://www.w3.org/2001/04/xmldsig-more#";
-
- /** The URI for XML spec*/
- public static final String XML_LANG_SPACE_SpecNS = "http://www.w3.org/XML/1998/namespace";
-
- /** The URI for XMLNS spec*/
- public static final String NamespaceSpecNS = "http://www.w3.org/2000/xmlns/";
-
- /** Tag of Attr Algorithm**/
- public static final String _ATT_ALGORITHM = "Algorithm";
-
- /** Tag of Attr URI**/
- public static final String _ATT_URI = "URI";
-
- /** Tag of Attr Type**/
- public static final String _ATT_TYPE = "Type";
-
- /** Tag of Attr Id**/
- public static final String _ATT_ID = "Id";
-
- /** Tag of Attr MimeType**/
- public static final String _ATT_MIMETYPE = "MimeType";
-
- /** Tag of Attr Encoding**/
- public static final String _ATT_ENCODING = "Encoding";
-
- /** Tag of Attr Target**/
- public static final String _ATT_TARGET = "Target";
-
- // KeyInfo (KeyName|KeyValue|RetrievalMethod|X509Data|PGPData|SPKIData|MgmtData)
- // KeyValue (DSAKeyValue|RSAKeyValue)
- // DSAKeyValue (P, Q, G, Y, J?, (Seed, PgenCounter)?)
- // RSAKeyValue (Modulus, Exponent)
- // RetrievalMethod (Transforms?)
- // X509Data ((X509IssuerSerial | X509SKI | X509SubjectName | X509Certificate)+ | X509CRL)
- // X509IssuerSerial (X509IssuerName, X509SerialNumber)
- // PGPData ((PGPKeyID, PGPKeyPacket?) | (PGPKeyPacket))
- // SPKIData (SPKISexp)
-
- /** Tag of Element CanonicalizationMethod **/
- public static final String _TAG_CANONICALIZATIONMETHOD = "CanonicalizationMethod";
-
- /** Tag of Element DigestMethod **/
- public static final String _TAG_DIGESTMETHOD = "DigestMethod";
-
- /** Tag of Element DigestValue **/
- public static final String _TAG_DIGESTVALUE = "DigestValue";
-
- /** Tag of Element Manifest **/
- public static final String _TAG_MANIFEST = "Manifest";
-
- /** Tag of Element Methods **/
- public static final String _TAG_METHODS = "Methods";
-
- /** Tag of Element Object **/
- public static final String _TAG_OBJECT = "Object";
-
- /** Tag of Element Reference **/
- public static final String _TAG_REFERENCE = "Reference";
-
- /** Tag of Element Signature **/
- public static final String _TAG_SIGNATURE = "Signature";
-
- /** Tag of Element SignatureMethod **/
- public static final String _TAG_SIGNATUREMETHOD = "SignatureMethod";
-
- /** Tag of Element HMACOutputLength **/
- public static final String _TAG_HMACOUTPUTLENGTH = "HMACOutputLength";
-
- /** Tag of Element SignatureProperties **/
- public static final String _TAG_SIGNATUREPROPERTIES = "SignatureProperties";
-
- /** Tag of Element SignatureProperty **/
- public static final String _TAG_SIGNATUREPROPERTY = "SignatureProperty";
-
- /** Tag of Element SignatureValue **/
- public static final String _TAG_SIGNATUREVALUE = "SignatureValue";
-
- /** Tag of Element SignedInfo **/
- public static final String _TAG_SIGNEDINFO = "SignedInfo";
-
- /** Tag of Element Transform **/
- public static final String _TAG_TRANSFORM = "Transform";
-
- /** Tag of Element Transforms **/
- public static final String _TAG_TRANSFORMS = "Transforms";
-
- /** Tag of Element XPath **/
- public static final String _TAG_XPATH = "XPath";
-
- /** Tag of Element KeyInfo **/
- public static final String _TAG_KEYINFO = "KeyInfo";
-
- /** Tag of Element KeyName **/
- public static final String _TAG_KEYNAME = "KeyName";
-
- /** Tag of Element KeyValue **/
- public static final String _TAG_KEYVALUE = "KeyValue";
-
- /** Tag of Element RetrievalMethod **/
- public static final String _TAG_RETRIEVALMETHOD = "RetrievalMethod";
-
- /** Tag of Element X509Data **/
- public static final String _TAG_X509DATA = "X509Data";
-
- /** Tag of Element PGPData **/
- public static final String _TAG_PGPDATA = "PGPData";
-
- /** Tag of Element SPKIData **/
- public static final String _TAG_SPKIDATA = "SPKIData";
-
- /** Tag of Element MgmtData **/
- public static final String _TAG_MGMTDATA = "MgmtData";
-
- /** Tag of Element RSAKeyValue **/
- public static final String _TAG_RSAKEYVALUE = "RSAKeyValue";
-
- /** Tag of Element Exponent **/
- public static final String _TAG_EXPONENT = "Exponent";
-
- /** Tag of Element Modulus **/
- public static final String _TAG_MODULUS = "Modulus";
-
- /** Tag of Element DSAKeyValue **/
- public static final String _TAG_DSAKEYVALUE = "DSAKeyValue";
-
- /** Tag of Element P **/
- public static final String _TAG_P = "P";
-
- /** Tag of Element Q **/
- public static final String _TAG_Q = "Q";
-
- /** Tag of Element G **/
- public static final String _TAG_G = "G";
-
- /** Tag of Element Y **/
- public static final String _TAG_Y = "Y";
-
- /** Tag of Element J **/
- public static final String _TAG_J = "J";
-
- /** Tag of Element Seed **/
- public static final String _TAG_SEED = "Seed";
-
- /** Tag of Element PgenCounter **/
- public static final String _TAG_PGENCOUNTER = "PgenCounter";
-
- /** Tag of Element rawX509Certificate **/
- public static final String _TAG_RAWX509CERTIFICATE = "rawX509Certificate";
-
- /** Tag of Element X509IssuerSerial **/
- public static final String _TAG_X509ISSUERSERIAL= "X509IssuerSerial";
-
- /** Tag of Element X509SKI **/
- public static final String _TAG_X509SKI = "X509SKI";
-
- /** Tag of Element X509SubjectName **/
- public static final String _TAG_X509SUBJECTNAME = "X509SubjectName";
-
- /** Tag of Element X509Certificate **/
- public static final String _TAG_X509CERTIFICATE = "X509Certificate";
-
- /** Tag of Element X509CRL **/
- public static final String _TAG_X509CRL = "X509CRL";
-
- /** Tag of Element X509IssuerName **/
- public static final String _TAG_X509ISSUERNAME = "X509IssuerName";
-
- /** Tag of Element X509SerialNumber **/
- public static final String _TAG_X509SERIALNUMBER = "X509SerialNumber";
-
- /** Tag of Element PGPKeyID **/
- public static final String _TAG_PGPKEYID = "PGPKeyID";
-
- /** Tag of Element PGPKeyPacket **/
- public static final String _TAG_PGPKEYPACKET = "PGPKeyPacket";
-
- /** Tag of Element PGPKeyPacket **/
- public static final String _TAG_DERENCODEDKEYVALUE = "DEREncodedKeyValue";
-
- /** Tag of Element PGPKeyPacket **/
- public static final String _TAG_KEYINFOREFERENCE = "KeyInfoReference";
-
- /** Tag of Element PGPKeyPacket **/
- public static final String _TAG_X509DIGEST = "X509Digest";
-
- /** Tag of Element SPKISexp **/
- public static final String _TAG_SPKISEXP = "SPKISexp";
-
- /** Digest - Required SHA1 */
- public static final String ALGO_ID_DIGEST_SHA1 = SignatureSpecNS + "sha1";
-
- /**
- * @see <A HREF="http://www.ietf.org/internet-drafts/draft-blake-wilson-xmldsig-ecdsa-02.txt">
- * draft-blake-wilson-xmldsig-ecdsa-02.txt</A>
- */
- public static final String ALGO_ID_SIGNATURE_ECDSA_CERTICOM =
- "http://www.certicom.com/2000/11/xmlecdsig#ecdsa-sha1";
-
- private Constants() {
- // we don't allow instantiation
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-import javax.xml.namespace.NamespaceContext;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-
-/**
- */
-public class DOMNamespaceContext implements NamespaceContext {
-
- private Map<String, String> namespaceMap = new HashMap<String, String>();
-
- public DOMNamespaceContext(Node contextNode) {
- addNamespaces(contextNode);
- }
-
- public String getNamespaceURI(String arg0) {
- return namespaceMap.get(arg0);
- }
-
- public String getPrefix(String arg0) {
- for (String key : namespaceMap.keySet()) {
- String value = namespaceMap.get(key);
- if (value.equals(arg0)) {
- return key;
- }
- }
- return null;
- }
-
- public Iterator<String> getPrefixes(String arg0) {
- return namespaceMap.keySet().iterator();
- }
-
- private void addNamespaces(Node element) {
- if (element.getParentNode() != null) {
- addNamespaces(element.getParentNode());
- }
- if (element instanceof Element) {
- Element el = (Element)element;
- NamedNodeMap map = el.getAttributes();
- for (int x = 0; x < map.getLength(); x++) {
- Attr attr = (Attr)map.item(x);
- if ("xmlns".equals(attr.getPrefix())) {
- namespaceMap.put(attr.getLocalName(), attr.getValue());
- }
- }
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.io.ByteArrayOutputStream;
-
-import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
-
-/**
- * @author raul
- *
- */
-public class DigesterOutputStream extends ByteArrayOutputStream {
- private static final org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(DigesterOutputStream.class);
-
- final MessageDigestAlgorithm mda;
-
- /**
- * @param mda
- */
- public DigesterOutputStream(MessageDigestAlgorithm mda) {
- this.mda = mda;
- }
-
- /** @inheritDoc */
- public void write(byte[] arg0) {
- write(arg0, 0, arg0.length);
- }
-
- /** @inheritDoc */
- public void write(int arg0) {
- mda.update((byte)arg0);
- }
-
- /** @inheritDoc */
- public void write(byte[] arg0, int arg1, int arg2) {
- if (log.isDebugEnabled()) {
- log.debug("Pre-digested input:");
- StringBuilder sb = new StringBuilder(arg2);
- for (int i = arg1; i < (arg1 + arg2); i++) {
- sb.append((char)arg0[i]);
- }
- log.debug(sb.toString());
- }
- mda.update(arg0, arg1, arg2);
- }
-
- /**
- * @return the digest value
- */
- public byte[] getDigestValue() {
- return mda.digest();
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**@deprecated*/
-public interface ElementChecker {
- /**
- * Check that the element is the one expect
- *
- * @throws XMLSecurityException
- */
- void guaranteeThatElementInCorrectSpace(ElementProxy expected, Element actual)
- throws XMLSecurityException;
-
- boolean isNamespaceElement(Node el, String type, String ns);
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**@deprecated*/
-public abstract class ElementCheckerImpl implements ElementChecker {
-
- public boolean isNamespaceElement(Node el, String type, String ns) {
- if ((el == null) ||
- ns != el.getNamespaceURI() || !el.getLocalName().equals(type)){
- return false;
- }
-
- return true;
- }
-
- /** A checker for DOM that interns NS */
- public static class InternedNsChecker extends ElementCheckerImpl {
- public void guaranteeThatElementInCorrectSpace(
- ElementProxy expected, Element actual
- ) throws XMLSecurityException {
-
- String expectedLocalname = expected.getBaseLocalName();
- String expectedNamespace = expected.getBaseNamespace();
-
- String localnameIS = actual.getLocalName();
- String namespaceIS = actual.getNamespaceURI();
- if ((expectedNamespace != namespaceIS) ||
- !expectedLocalname.equals(localnameIS)) {
- Object exArgs[] = { namespaceIS + ":" + localnameIS,
- expectedNamespace + ":" + expectedLocalname};
- throw new XMLSecurityException("xml.WrongElement", exArgs);
- }
- }
- }
-
- /** A checker for DOM that interns NS */
- public static class FullChecker extends ElementCheckerImpl {
-
- public void guaranteeThatElementInCorrectSpace(
- ElementProxy expected, Element actual
- ) throws XMLSecurityException {
- String expectedLocalname = expected.getBaseLocalName();
- String expectedNamespace = expected.getBaseNamespace();
-
- String localnameIS = actual.getLocalName();
- String namespaceIS = actual.getNamespaceURI();
- if ((!expectedNamespace.equals(namespaceIS)) ||
- !expectedLocalname.equals(localnameIS) ) {
- Object exArgs[] = { namespaceIS + ":" + localnameIS,
- expectedNamespace + ":" + expectedLocalname};
- throw new XMLSecurityException("xml.WrongElement", exArgs);
- }
- }
- }
-
- /** An empty checker if schema checking is used */
- public static class EmptyChecker extends ElementCheckerImpl {
- public void guaranteeThatElementInCorrectSpace(
- ElementProxy expected, Element actual
- ) throws XMLSecurityException {
- // empty
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.math.BigInteger;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.Map;
-
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.Text;
-
-/**
- * This is the base class to all Objects which have a direct 1:1 mapping to an
- * Element in a particular namespace.
- */
-public abstract class ElementProxy {
-
- protected static final org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ElementProxy.class);
-
- /** Field constructionElement */
- protected Element constructionElement = null;
-
- /** Field baseURI */
- protected String baseURI = null;
-
- /** Field doc */
- protected Document doc = null;
-
- /** Field prefixMappings */
- private static Map<String, String> prefixMappings = new ConcurrentHashMap<String, String>();
-
- /**
- * Constructor ElementProxy
- *
- */
- public ElementProxy() {
- }
-
- /**
- * Constructor ElementProxy
- *
- * @param doc
- */
- public ElementProxy(Document doc) {
- if (doc == null) {
- throw new RuntimeException("Document is null");
- }
-
- this.doc = doc;
- this.constructionElement =
- createElementForFamilyLocal(this.doc, this.getBaseNamespace(), this.getBaseLocalName());
- }
-
- /**
- * Constructor ElementProxy
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public ElementProxy(Element element, String BaseURI) throws XMLSecurityException {
- if (element == null) {
- throw new XMLSecurityException("ElementProxy.nullElement");
- }
-
- if (log.isDebugEnabled()) {
- log.debug("setElement(\"" + element.getTagName() + "\", \"" + BaseURI + "\")");
- }
-
- this.doc = element.getOwnerDocument();
- this.constructionElement = element;
- this.baseURI = BaseURI;
-
- this.guaranteeThatElementInCorrectSpace();
- }
-
- /**
- * Returns the namespace of the Elements of the sub-class.
- *
- * @return the namespace of the Elements of the sub-class.
- */
- public abstract String getBaseNamespace();
-
- /**
- * Returns the localname of the Elements of the sub-class.
- *
- * @return the localname of the Elements of the sub-class.
- */
- public abstract String getBaseLocalName();
-
-
- protected Element createElementForFamilyLocal(
- Document doc, String namespace, String localName
- ) {
- Element result = null;
- if (namespace == null) {
- result = doc.createElementNS(null, localName);
- } else {
- String baseName = this.getBaseNamespace();
- String prefix = ElementProxy.getDefaultPrefix(baseName);
- if ((prefix == null) || (prefix.length() == 0)) {
- result = doc.createElementNS(namespace, localName);
- result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", namespace);
- } else {
- result = doc.createElementNS(namespace, prefix + ":" + localName);
- result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix, namespace);
- }
- }
- return result;
- }
-
-
- /**
- * This method creates an Element in a given namespace with a given localname.
- * It uses the {@link ElementProxy#getDefaultPrefix} method to decide whether
- * a particular prefix is bound to that namespace.
- * <BR />
- * This method was refactored out of the constructor.
- *
- * @param doc
- * @param namespace
- * @param localName
- * @return The element created.
- */
- public static Element createElementForFamily(Document doc, String namespace, String localName) {
- Element result = null;
- String prefix = ElementProxy.getDefaultPrefix(namespace);
-
- if (namespace == null) {
- result = doc.createElementNS(null, localName);
- } else {
- if ((prefix == null) || (prefix.length() == 0)) {
- result = doc.createElementNS(namespace, localName);
- result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", namespace);
- } else {
- result = doc.createElementNS(namespace, prefix + ":" + localName);
- result.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix, namespace);
- }
- }
-
- return result;
- }
-
- /**
- * Method setElement
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public void setElement(Element element, String BaseURI) throws XMLSecurityException {
- if (element == null) {
- throw new XMLSecurityException("ElementProxy.nullElement");
- }
-
- if (log.isDebugEnabled()) {
- log.debug("setElement(" + element.getTagName() + ", \"" + BaseURI + "\"");
- }
-
- this.doc = element.getOwnerDocument();
- this.constructionElement = element;
- this.baseURI = BaseURI;
- }
-
-
- /**
- * Returns the Element which was constructed by the Object.
- *
- * @return the Element which was constructed by the Object.
- */
- public final Element getElement() {
- return this.constructionElement;
- }
-
- /**
- * Returns the Element plus a leading and a trailing CarriageReturn Text node.
- *
- * @return the Element which was constructed by the Object.
- */
- public final NodeList getElementPlusReturns() {
-
- HelperNodeList nl = new HelperNodeList();
-
- nl.appendChild(this.doc.createTextNode("\n"));
- nl.appendChild(this.getElement());
- nl.appendChild(this.doc.createTextNode("\n"));
-
- return nl;
- }
-
- /**
- * Method getDocument
- *
- * @return the Document where this element is contained.
- */
- public Document getDocument() {
- return this.doc;
- }
-
- /**
- * Method getBaseURI
- *
- * @return the base uri of the namespace of this element
- */
- public String getBaseURI() {
- return this.baseURI;
- }
-
- /**
- * Method guaranteeThatElementInCorrectSpace
- *
- * @throws XMLSecurityException
- */
- void guaranteeThatElementInCorrectSpace() throws XMLSecurityException {
-
- String expectedLocalName = this.getBaseLocalName();
- String expectedNamespaceUri = this.getBaseNamespace();
-
- String actualLocalName = this.constructionElement.getLocalName();
- String actualNamespaceUri = this.constructionElement.getNamespaceURI();
-
- if(!expectedNamespaceUri.equals(actualNamespaceUri)
- && !expectedLocalName.equals(actualLocalName)) {
- Object exArgs[] = { actualNamespaceUri + ":" + actualLocalName,
- expectedNamespaceUri + ":" + expectedLocalName};
- throw new XMLSecurityException("xml.WrongElement", exArgs);
- }
- }
-
- /**
- * Method addBigIntegerElement
- *
- * @param bi
- * @param localname
- */
- public void addBigIntegerElement(BigInteger bi, String localname) {
- if (bi != null) {
- Element e = XMLUtils.createElementInSignatureSpace(this.doc, localname);
-
- Base64.fillElementWithBigInteger(e, bi);
- this.constructionElement.appendChild(e);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
- }
-
- /**
- * Method addBase64Element
- *
- * @param bytes
- * @param localname
- */
- public void addBase64Element(byte[] bytes, String localname) {
- if (bytes != null) {
- Element e = Base64.encodeToElement(this.doc, localname, bytes);
-
- this.constructionElement.appendChild(e);
- if (!XMLUtils.ignoreLineBreaks()) {
- this.constructionElement.appendChild(this.doc.createTextNode("\n"));
- }
- }
- }
-
- /**
- * Method addTextElement
- *
- * @param text
- * @param localname
- */
- public void addTextElement(String text, String localname) {
- Element e = XMLUtils.createElementInSignatureSpace(this.doc, localname);
- Text t = this.doc.createTextNode(text);
-
- e.appendChild(t);
- this.constructionElement.appendChild(e);
- XMLUtils.addReturnToElement(this.constructionElement);
- }
-
- /**
- * Method addBase64Text
- *
- * @param bytes
- */
- public void addBase64Text(byte[] bytes) {
- if (bytes != null) {
- Text t = XMLUtils.ignoreLineBreaks()
- ? this.doc.createTextNode(Base64.encode(bytes))
- : this.doc.createTextNode("\n" + Base64.encode(bytes) + "\n");
- this.constructionElement.appendChild(t);
- }
- }
-
- /**
- * Method addText
- *
- * @param text
- */
- public void addText(String text) {
- if (text != null) {
- Text t = this.doc.createTextNode(text);
-
- this.constructionElement.appendChild(t);
- }
- }
-
- /**
- * Method getVal
- *
- * @param localname
- * @param namespace
- * @return The biginteger contained in the given element
- * @throws Base64DecodingException
- */
- public BigInteger getBigIntegerFromChildElement(
- String localname, String namespace
- ) throws Base64DecodingException {
- return Base64.decodeBigIntegerFromText(
- XMLUtils.selectNodeText(
- this.constructionElement.getFirstChild(), namespace, localname, 0
- )
- );
- }
-
- /**
- * Method getBytesFromChildElement
- * @deprecated
- * @param localname
- * @param namespace
- * @return the bytes
- * @throws XMLSecurityException
- */
- public byte[] getBytesFromChildElement(String localname, String namespace)
- throws XMLSecurityException {
- Element e =
- XMLUtils.selectNode(
- this.constructionElement.getFirstChild(), namespace, localname, 0
- );
-
- return Base64.decode(e);
- }
-
- /**
- * Method getTextFromChildElement
- *
- * @param localname
- * @param namespace
- * @return the Text of the textNode
- */
- public String getTextFromChildElement(String localname, String namespace) {
- return XMLUtils.selectNode(
- this.constructionElement.getFirstChild(),
- namespace,
- localname,
- 0).getTextContent();
- }
-
- /**
- * Method getBytesFromTextChild
- *
- * @return The base64 bytes from the text children of this element
- * @throws XMLSecurityException
- */
- public byte[] getBytesFromTextChild() throws XMLSecurityException {
- return Base64.decode(XMLUtils.getFullTextChildrenFromElement(this.constructionElement));
- }
-
- /**
- * Method getTextFromTextChild
- *
- * @return the Text obtained by concatenating all the text nodes of this
- * element
- */
- public String getTextFromTextChild() {
- return XMLUtils.getFullTextChildrenFromElement(this.constructionElement);
- }
-
- /**
- * Method length
- *
- * @param namespace
- * @param localname
- * @return the number of elements {namespace}:localname under this element
- */
- public int length(String namespace, String localname) {
- int number = 0;
- Node sibling = this.constructionElement.getFirstChild();
- while (sibling != null) {
- if (localname.equals(sibling.getLocalName())
- && namespace.equals(sibling.getNamespaceURI())) {
- number++;
- }
- sibling = sibling.getNextSibling();
- }
- return number;
- }
-
- /**
- * Adds an xmlns: definition to the Element. This can be called as follows:
- *
- * <PRE>
- * // set namespace with ds prefix
- * xpathContainer.setXPathNamespaceContext("ds", "http://www.w3.org/2000/09/xmldsig#");
- * xpathContainer.setXPathNamespaceContext("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
- * </PRE>
- *
- * @param prefix
- * @param uri
- * @throws XMLSecurityException
- */
- public void setXPathNamespaceContext(String prefix, String uri)
- throws XMLSecurityException {
- String ns;
-
- if ((prefix == null) || (prefix.length() == 0)) {
- throw new XMLSecurityException("defaultNamespaceCannotBeSetHere");
- } else if (prefix.equals("xmlns")) {
- throw new XMLSecurityException("defaultNamespaceCannotBeSetHere");
- } else if (prefix.startsWith("xmlns:")) {
- ns = prefix;//"xmlns:" + prefix.substring("xmlns:".length());
- } else {
- ns = "xmlns:" + prefix;
- }
-
- Attr a = this.constructionElement.getAttributeNodeNS(Constants.NamespaceSpecNS, ns);
-
- if (a != null) {
- if (!a.getNodeValue().equals(uri)) {
- Object exArgs[] = { ns, this.constructionElement.getAttributeNS(null, ns) };
-
- throw new XMLSecurityException("namespacePrefixAlreadyUsedByOtherURI", exArgs);
- }
- return;
- }
-
- this.constructionElement.setAttributeNS(Constants.NamespaceSpecNS, ns, uri);
- }
-
- /**
- * Method setDefaultPrefix
- *
- * @param namespace
- * @param prefix
- * @throws XMLSecurityException
- */
- public static void setDefaultPrefix(String namespace, String prefix)
- throws XMLSecurityException {
- if (prefixMappings.containsValue(prefix)) {
- String storedPrefix = prefixMappings.get(namespace);
- if (!storedPrefix.equals(prefix)) {
- Object exArgs[] = { prefix, namespace, storedPrefix };
-
- throw new XMLSecurityException("prefix.AlreadyAssigned", exArgs);
- }
- }
-
- if (Constants.SignatureSpecNS.equals(namespace)) {
- XMLUtils.setDsPrefix(prefix);
- }
- if (EncryptionConstants.EncryptionSpecNS.equals(namespace)) {
- XMLUtils.setXencPrefix(prefix);
- }
- prefixMappings.put(namespace, prefix);
- }
-
- /**
- * This method registers the default prefixes.
- */
- public static void registerDefaultPrefixes() throws XMLSecurityException {
- setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
- setDefaultPrefix("http://www.w3.org/2001/04/xmlenc#", "xenc");
- setDefaultPrefix("http://www.w3.org/2009/xmlenc11#", "xenc11");
- setDefaultPrefix("http://www.xmlsecurity.org/experimental#", "experimental");
- setDefaultPrefix("http://www.w3.org/2002/04/xmldsig-filter2", "dsig-xpath-old");
- setDefaultPrefix("http://www.w3.org/2002/06/xmldsig-filter2", "dsig-xpath");
- setDefaultPrefix("http://www.w3.org/2001/10/xml-exc-c14n#", "ec");
- setDefaultPrefix(
- "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter", "xx"
- );
- }
-
- /**
- * Method getDefaultPrefix
- *
- * @param namespace
- * @return the default prefix bind to this element.
- */
- public static String getDefaultPrefix(String namespace) {
- return prefixMappings.get(namespace);
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-public class EncryptionConstants {
- // Attributes that exist in XML Signature in the same way
- /** Tag of Attr Algorithm **/
- public static final String _ATT_ALGORITHM = Constants._ATT_ALGORITHM;
-
- /** Tag of Attr Id**/
- public static final String _ATT_ID = Constants._ATT_ID;
-
- /** Tag of Attr Target **/
- public static final String _ATT_TARGET = Constants._ATT_TARGET;
-
- /** Tag of Attr Type **/
- public static final String _ATT_TYPE = Constants._ATT_TYPE;
-
- /** Tag of Attr URI **/
- public static final String _ATT_URI = Constants._ATT_URI;
-
- // Attributes new in XML Encryption
- /** Tag of Attr encoding **/
- public static final String _ATT_ENCODING = "Encoding";
-
- /** Tag of Attr recipient **/
- public static final String _ATT_RECIPIENT = "Recipient";
-
- /** Tag of Attr mimetype **/
- public static final String _ATT_MIMETYPE = "MimeType";
-
- /** Tag of Element CarriedKeyName **/
- public static final String _TAG_CARRIEDKEYNAME = "CarriedKeyName";
-
- /** Tag of Element CipherData **/
- public static final String _TAG_CIPHERDATA = "CipherData";
-
- /** Tag of Element CipherReference **/
- public static final String _TAG_CIPHERREFERENCE = "CipherReference";
-
- /** Tag of Element CipherValue **/
- public static final String _TAG_CIPHERVALUE = "CipherValue";
-
- /** Tag of Element DataReference **/
- public static final String _TAG_DATAREFERENCE = "DataReference";
-
- /** Tag of Element EncryptedData **/
- public static final String _TAG_ENCRYPTEDDATA = "EncryptedData";
-
- /** Tag of Element EncryptedKey **/
- public static final String _TAG_ENCRYPTEDKEY = "EncryptedKey";
-
- /** Tag of Element EncryptionMethod **/
- public static final String _TAG_ENCRYPTIONMETHOD = "EncryptionMethod";
-
- /** Tag of Element EncryptionProperties **/
- public static final String _TAG_ENCRYPTIONPROPERTIES = "EncryptionProperties";
-
- /** Tag of Element EncryptionProperty **/
- public static final String _TAG_ENCRYPTIONPROPERTY = "EncryptionProperty";
-
- /** Tag of Element KeyReference **/
- public static final String _TAG_KEYREFERENCE = "KeyReference";
-
- /** Tag of Element KeySize **/
- public static final String _TAG_KEYSIZE = "KeySize";
-
- /** Tag of Element OAEPparams **/
- public static final String _TAG_OAEPPARAMS = "OAEPparams";
-
- /** Tag of Element MGF **/
- public static final String _TAG_MGF = "MGF";
-
- /** Tag of Element ReferenceList **/
- public static final String _TAG_REFERENCELIST = "ReferenceList";
-
- /** Tag of Element Transforms **/
- public static final String _TAG_TRANSFORMS = "Transforms";
-
- /** Tag of Element AgreementMethod **/
- public static final String _TAG_AGREEMENTMETHOD = "AgreementMethod";
-
- /** Tag of Element KA-Nonce **/
- public static final String _TAG_KA_NONCE = "KA-Nonce";
-
- /** Tag of Element OriginatorKeyInfo **/
- public static final String _TAG_ORIGINATORKEYINFO = "OriginatorKeyInfo";
-
- /** Tag of Element RecipientKeyInfo **/
- public static final String _TAG_RECIPIENTKEYINFO = "RecipientKeyInfo";
-
- /** Field ENCRYPTIONSPECIFICATION_URL */
- public static final String ENCRYPTIONSPECIFICATION_URL =
- "http://www.w3.org/TR/2001/WD-xmlenc-core-20010626/";
-
- /** The namespace of the
- * <A HREF="http://www.w3.org/TR/2001/WD-xmlenc-core-20010626/">
- * XML Encryption Syntax and Processing</A> */
- public static final String EncryptionSpecNS =
- "http://www.w3.org/2001/04/xmlenc#";
-
- /**
- * The namespace of the XML Encryption 1.1 specification
- */
- public static final String EncryptionSpec11NS =
- "http://www.w3.org/2009/xmlenc11#";
-
- /** URI for content*/
- public static final String TYPE_CONTENT = EncryptionSpecNS + "Content";
-
- /** URI for element*/
- public static final String TYPE_ELEMENT = EncryptionSpecNS + "Element";
-
- /** URI for mediatype*/
- public static final String TYPE_MEDIATYPE =
- "http://www.isi.edu/in-notes/iana/assignments/media-types/";
-
- /** Block Encryption - REQUIRED TRIPLEDES */
- public static final String ALGO_ID_BLOCKCIPHER_TRIPLEDES =
- EncryptionConstants.EncryptionSpecNS + "tripledes-cbc";
-
- /** Block Encryption - REQUIRED AES-128 */
- public static final String ALGO_ID_BLOCKCIPHER_AES128 =
- EncryptionConstants.EncryptionSpecNS + "aes128-cbc";
-
- /** Block Encryption - REQUIRED AES-256 */
- public static final String ALGO_ID_BLOCKCIPHER_AES256 =
- EncryptionConstants.EncryptionSpecNS + "aes256-cbc";
-
- /** Block Encryption - OPTIONAL AES-192 */
- public static final String ALGO_ID_BLOCKCIPHER_AES192 =
- EncryptionConstants.EncryptionSpecNS + "aes192-cbc";
-
- /** Block Encryption - OPTIONAL AES-128-GCM */
- public static final String ALGO_ID_BLOCKCIPHER_AES128_GCM =
- "http://www.w3.org/2009/xmlenc11#aes128-gcm";
-
- /** Block Encryption - OPTIONAL AES-192-GCM */
- public static final String ALGO_ID_BLOCKCIPHER_AES192_GCM =
- "http://www.w3.org/2009/xmlenc11#aes192-gcm";
-
- /** Block Encryption - OPTIONAL AES-256-GCM */
- public static final String ALGO_ID_BLOCKCIPHER_AES256_GCM =
- "http://www.w3.org/2009/xmlenc11#aes256-gcm";
-
- /** Key Transport - REQUIRED RSA-v1.5*/
- public static final String ALGO_ID_KEYTRANSPORT_RSA15 =
- EncryptionConstants.EncryptionSpecNS + "rsa-1_5";
-
- /** Key Transport - REQUIRED RSA-OAEP */
- public static final String ALGO_ID_KEYTRANSPORT_RSAOAEP =
- EncryptionConstants.EncryptionSpecNS + "rsa-oaep-mgf1p";
-
- /** Key Transport - OPTIONAL RSA-OAEP_11 */
- public static final String ALGO_ID_KEYTRANSPORT_RSAOAEP_11 =
- EncryptionConstants.EncryptionSpec11NS + "rsa-oaep";
-
- /** Key Agreement - OPTIONAL Diffie-Hellman */
- public static final String ALGO_ID_KEYAGREEMENT_DH =
- EncryptionConstants.EncryptionSpecNS + "dh";
-
- /** Symmetric Key Wrap - REQUIRED TRIPLEDES KeyWrap */
- public static final String ALGO_ID_KEYWRAP_TRIPLEDES =
- EncryptionConstants.EncryptionSpecNS + "kw-tripledes";
-
- /** Symmetric Key Wrap - REQUIRED AES-128 KeyWrap */
- public static final String ALGO_ID_KEYWRAP_AES128 =
- EncryptionConstants.EncryptionSpecNS + "kw-aes128";
-
- /** Symmetric Key Wrap - REQUIRED AES-256 KeyWrap */
- public static final String ALGO_ID_KEYWRAP_AES256 =
- EncryptionConstants.EncryptionSpecNS + "kw-aes256";
-
- /** Symmetric Key Wrap - OPTIONAL AES-192 KeyWrap */
- public static final String ALGO_ID_KEYWRAP_AES192 =
- EncryptionConstants.EncryptionSpecNS + "kw-aes192";
-
- /** Message Authentication - RECOMMENDED XML Digital Signature */
- public static final String ALGO_ID_AUTHENTICATION_XMLSIGNATURE =
- "http://www.w3.org/TR/2001/CR-xmldsig-core-20010419/";
-
- /** Canonicalization - OPTIONAL Canonical XML with Comments */
- public static final String ALGO_ID_C14N_WITHCOMMENTS =
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
-
- /** Canonicalization - OPTIONAL Canonical XML (omits comments) */
- public static final String ALGO_ID_C14N_OMITCOMMENTS =
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
-
- /** Encoding - REQUIRED base64 */
- public static final String ALGO_ID_ENCODING_BASE64 =
- "http://www.w3.org/2000/09/xmldsig#base64";
-
- /** MGF1 with SHA-1 */
- public static final String MGF1_SHA1 =
- EncryptionConstants.EncryptionSpec11NS + "mgf1sha1";
-
- /** MGF1 with SHA-224 */
- public static final String MGF1_SHA224 =
- EncryptionConstants.EncryptionSpec11NS + "mgf1sha224";
-
- /** MGF1 with SHA-256 */
- public static final String MGF1_SHA256 =
- EncryptionConstants.EncryptionSpec11NS + "mgf1sha256";
-
- /** MGF1 with SHA-384 */
- public static final String MGF1_SHA384 =
- EncryptionConstants.EncryptionSpec11NS + "mgf1sha384";
-
- /** MGF1 with SHA-512 */
- public static final String MGF1_SHA512 =
- EncryptionConstants.EncryptionSpec11NS + "mgf1sha512";
-
-
- private EncryptionConstants() {
- // we don't allow instantiation
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * This is the base object for all objects which map directly to an Element from
- * the xenc spec.
- *
- * @author $Author: coheigea $
- */
-public abstract class EncryptionElementProxy extends ElementProxy {
-
- /**
- * Constructor EncryptionElementProxy
- *
- * @param doc
- */
- public EncryptionElementProxy(Document doc) {
- super(doc);
- }
-
- /**
- * Constructor EncryptionElementProxy
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public EncryptionElementProxy(Element element, String BaseURI)
- throws XMLSecurityException {
- super(element, BaseURI);
- }
-
- /** @inheritDoc */
- public final String getBaseNamespace() {
- return EncryptionConstants.EncryptionSpecNS;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * @author Christian Geuer-Pollmann
- */
-public class HelperNodeList implements NodeList {
-
- /** Field nodes */
- List<Node> nodes = new ArrayList<Node>();
- boolean allNodesMustHaveSameParent = false;
-
- /**
- *
- */
- public HelperNodeList() {
- this(false);
- }
-
-
- /**
- * @param allNodesMustHaveSameParent
- */
- public HelperNodeList(boolean allNodesMustHaveSameParent) {
- this.allNodesMustHaveSameParent = allNodesMustHaveSameParent;
- }
-
- /**
- * Method item
- *
- * @param index
- * @return node with index i
- */
- public Node item(int index) {
- return nodes.get(index);
- }
-
- /**
- * Method getLength
- *
- * @return length of the list
- */
- public int getLength() {
- return nodes.size();
- }
-
- /**
- * Method appendChild
- *
- * @param node
- * @throws IllegalArgumentException
- */
- public void appendChild(Node node) throws IllegalArgumentException {
- if (this.allNodesMustHaveSameParent && this.getLength() > 0
- && this.item(0).getParentNode() != node.getParentNode()) {
- throw new IllegalArgumentException("Nodes have not the same Parent");
- }
- nodes.add(node);
- }
-
- /**
- * @return the document that contains this nodelist
- */
- public Document getOwnerDocument() {
- if (this.getLength() == 0) {
- return null;
- }
- return XMLUtils.getOwnerDocument(this.item(0));
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.text.MessageFormat;
-import java.util.Locale;
-import java.util.ResourceBundle;
-
-/**
- * The Internationalization (I18N) pack.
- *
- * @author Christian Geuer-Pollmann
- */
-public class I18n {
-
- /** Field NOT_INITIALIZED_MSG */
- public static final String NOT_INITIALIZED_MSG =
- "You must initialize the xml-security library correctly before you use it. "
- + "Call the static method \"org.apache.xml.security.Init.init();\" to do that "
- + "before you use any functionality from that library.";
-
- /** Field resourceBundle */
- private static ResourceBundle resourceBundle;
-
- /** Field alreadyInitialized */
- private static boolean alreadyInitialized = false;
-
- /**
- * Constructor I18n
- *
- */
- private I18n() {
- // we don't allow instantiation
- }
-
- /**
- * Method translate
- *
- * translates a message ID into an internationalized String, see alse
- * <CODE>XMLSecurityException.getExceptionMEssage()</CODE>. The strings are
- * stored in the <CODE>ResourceBundle</CODE>, which is identified in
- * <CODE>exceptionMessagesResourceBundleBase</CODE>
- *
- * @param message
- * @param args is an <CODE>Object[]</CODE> array of strings which are inserted into
- * the String which is retrieved from the <CODE>ResouceBundle</CODE>
- * @return message translated
- */
- public static String translate(String message, Object[] args) {
- return getExceptionMessage(message, args);
- }
-
- /**
- * Method translate
- *
- * translates a message ID into an internationalized String, see also
- * <CODE>XMLSecurityException.getExceptionMessage()</CODE>
- *
- * @param message
- * @return message translated
- */
- public static String translate(String message) {
- return getExceptionMessage(message);
- }
-
- /**
- * Method getExceptionMessage
- *
- * @param msgID
- * @return message translated
- *
- */
- public static String getExceptionMessage(String msgID) {
- try {
- return resourceBundle.getString(msgID);
- } catch (Throwable t) {
- if (org.apache.xml.security.Init.isInitialized()) {
- return "No message with ID \"" + msgID
- + "\" found in resource bundle \""
- + Constants.exceptionMessagesResourceBundleBase + "\"";
- }
- return I18n.NOT_INITIALIZED_MSG;
- }
- }
-
- /**
- * Method getExceptionMessage
- *
- * @param msgID
- * @param originalException
- * @return message translated
- */
- public static String getExceptionMessage(String msgID, Exception originalException) {
- try {
- Object exArgs[] = { originalException.getMessage() };
- return MessageFormat.format(resourceBundle.getString(msgID), exArgs);
- } catch (Throwable t) {
- if (org.apache.xml.security.Init.isInitialized()) {
- return "No message with ID \"" + msgID
- + "\" found in resource bundle \""
- + Constants.exceptionMessagesResourceBundleBase
- + "\". Original Exception was a "
- + originalException.getClass().getName() + " and message "
- + originalException.getMessage();
- }
- return I18n.NOT_INITIALIZED_MSG;
- }
- }
-
- /**
- * Method getExceptionMessage
- *
- * @param msgID
- * @param exArgs
- * @return message translated
- */
- public static String getExceptionMessage(String msgID, Object exArgs[]) {
- try {
- return MessageFormat.format(resourceBundle.getString(msgID), exArgs);
- } catch (Throwable t) {
- if (org.apache.xml.security.Init.isInitialized()) {
- return "No message with ID \"" + msgID
- + "\" found in resource bundle \""
- + Constants.exceptionMessagesResourceBundleBase + "\"";
- }
- return I18n.NOT_INITIALIZED_MSG;
- }
- }
-
- /**
- * Method init
- *
- * @param languageCode
- * @param countryCode
- */
- public synchronized static void init(String languageCode, String countryCode) {
- if (alreadyInitialized) {
- return;
- }
-
- I18n.resourceBundle =
- ResourceBundle.getBundle(
- Constants.exceptionMessagesResourceBundleBase,
- new Locale(languageCode, countryCode)
- );
- alreadyInitialized = true;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-
-/**
- * Purpose of this class is to enable the XML Parser to keep track of ID
- * attributes. This is done by 'registering' attributes of type ID at the
- * IdResolver.
- * @deprecated
- */
-public class IdResolver {
-
- private IdResolver() {
- // we don't allow instantiation
- }
-
- /**
- * Method registerElementById
- *
- * @param element the element to register
- * @param id the ID attribute
- */
- public static void registerElementById(Element element, Attr id) {
- element.setIdAttributeNode(id, true);
- }
-
- /**
- * Method getElementById
- *
- * @param doc the document
- * @param id the value of the ID
- * @return the element obtained by the id, or null if it is not found.
- */
- public static Element getElementById(Document doc, String id) {
- return doc.getElementById(id);
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import org.xml.sax.ErrorHandler;
-import org.xml.sax.SAXException;
-import org.xml.sax.SAXParseException;
-
-/**
- * This {@link org.xml.sax.ErrorHandler} does absolutely nothing but log
- * the events.
- *
- * @author Christian Geuer-Pollmann
- */
-public class IgnoreAllErrorHandler implements ErrorHandler {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(IgnoreAllErrorHandler.class);
-
- /** Field throwExceptions */
- private static final boolean warnOnExceptions =
- System.getProperty("org.apache.xml.security.test.warn.on.exceptions", "false").equals("true");
-
- /** Field throwExceptions */
- private static final boolean throwExceptions =
- System.getProperty("org.apache.xml.security.test.throw.exceptions", "false").equals("true");
-
-
- /** @inheritDoc */
- public void warning(SAXParseException ex) throws SAXException {
- if (IgnoreAllErrorHandler.warnOnExceptions) {
- log.warn("", ex);
- }
- if (IgnoreAllErrorHandler.throwExceptions) {
- throw ex;
- }
- }
-
-
- /** @inheritDoc */
- public void error(SAXParseException ex) throws SAXException {
- if (IgnoreAllErrorHandler.warnOnExceptions) {
- log.error("", ex);
- }
- if (IgnoreAllErrorHandler.throwExceptions) {
- throw ex;
- }
- }
-
-
- /** @inheritDoc */
- public void fatalError(SAXParseException ex) throws SAXException {
- if (IgnoreAllErrorHandler.warnOnExceptions) {
- log.warn("", ex);
- }
- if (IgnoreAllErrorHandler.throwExceptions) {
- throw ex;
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import javax.xml.XMLConstants;
-import javax.xml.transform.TransformerException;
-import javax.xml.xpath.XPath;
-import javax.xml.xpath.XPathConstants;
-import javax.xml.xpath.XPathExpression;
-import javax.xml.xpath.XPathExpressionException;
-import javax.xml.xpath.XPathFactory;
-import javax.xml.xpath.XPathFactoryConfigurationException;
-
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * An implementation for XPath evaluation that uses the JDK API.
- */
-public class JDKXPathAPI implements XPathAPI {
-
- private XPathFactory xpf;
-
- private String xpathStr;
-
- private XPathExpression xpathExpression;
-
- /**
- * Use an XPath string to select a nodelist.
- * XPath namespace prefixes are resolved from the namespaceNode.
- *
- * @param contextNode The node to start searching from.
- * @param xpathnode
- * @param str
- * @param namespaceNode The node from which prefixes in the XPath will be resolved to namespaces.
- * @return A NodeIterator, should never be null.
- *
- * @throws TransformerException
- */
- public NodeList selectNodeList(
- Node contextNode, Node xpathnode, String str, Node namespaceNode
- ) throws TransformerException {
- if (!str.equals(xpathStr) || xpathExpression == null) {
- if (xpf == null) {
- xpf = XPathFactory.newInstance();
- try {
- xpf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- } catch (XPathFactoryConfigurationException ex) {
- throw new TransformerException("empty", ex);
- }
- }
- XPath xpath = xpf.newXPath();
- xpath.setNamespaceContext(new DOMNamespaceContext(namespaceNode));
- xpathStr = str;
- try {
- xpathExpression = xpath.compile(xpathStr);
- } catch (XPathExpressionException ex) {
- throw new TransformerException("empty", ex);
- }
- }
- try {
- return (NodeList)xpathExpression.evaluate(contextNode, XPathConstants.NODESET);
- } catch (XPathExpressionException ex) {
- throw new TransformerException("empty", ex);
- }
- }
-
- /**
- * Evaluate an XPath string and return true if the output is to be included or not.
- * @param contextNode The node to start searching from.
- * @param xpathnode The XPath node
- * @param str The XPath expression
- * @param namespaceNode The node from which prefixes in the XPath will be resolved to namespaces.
- */
- public boolean evaluate(Node contextNode, Node xpathnode, String str, Node namespaceNode)
- throws TransformerException {
- if (!str.equals(xpathStr) || xpathExpression == null) {
- if (xpf == null) {
- xpf = XPathFactory.newInstance();
- try {
- xpf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- } catch (XPathFactoryConfigurationException ex) {
- throw new TransformerException("empty", ex);
- }
- }
- XPath xpath = xpf.newXPath();
- xpath.setNamespaceContext(new DOMNamespaceContext(namespaceNode));
- xpathStr = str;
- try {
- xpathExpression = xpath.compile(xpathStr);
- } catch (XPathExpressionException ex) {
- throw new TransformerException("empty", ex);
- }
- }
- try {
- Boolean result = (Boolean)xpathExpression.evaluate(contextNode, XPathConstants.BOOLEAN);
- return result.booleanValue();
- } catch (XPathExpressionException ex) {
- throw new TransformerException("empty", ex);
- }
- }
-
- /**
- * Clear any context information from this object
- */
- public void clear() {
- xpathStr = null;
- xpathExpression = null;
- xpf = null;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-
-/**
- * A Factory to return a JDKXPathAPI instance.
- */
-public class JDKXPathFactory extends XPathFactory {
-
- /**
- * Get a new XPathAPI instance
- */
- public XPathAPI newXPathAPI() {
- return new JDKXPathAPI();
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-/**
- * A collection of different, general-purpose methods for JAVA-specific things
- * @author Christian Geuer-Pollmann
- */
-public class JavaUtils {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(JavaUtils.class);
-
- private JavaUtils() {
- // we don't allow instantiation
- }
-
- /**
- * Method getBytesFromFile
- *
- * @param fileName
- * @return the bytes read from the file
- *
- * @throws FileNotFoundException
- * @throws IOException
- */
- public static byte[] getBytesFromFile(String fileName)
- throws FileNotFoundException, IOException {
-
- byte refBytes[] = null;
-
- FileInputStream fisRef = null;
- UnsyncByteArrayOutputStream baos = null;
- try {
- fisRef = new FileInputStream(fileName);
- baos = new UnsyncByteArrayOutputStream();
- byte buf[] = new byte[1024];
- int len;
-
- while ((len = fisRef.read(buf)) > 0) {
- baos.write(buf, 0, len);
- }
-
- refBytes = baos.toByteArray();
- } finally {
- if (baos != null) {
- baos.close();
- }
- if (fisRef != null) {
- fisRef.close();
- }
- }
-
- return refBytes;
- }
-
- /**
- * Method writeBytesToFilename
- *
- * @param filename
- * @param bytes
- */
- public static void writeBytesToFilename(String filename, byte[] bytes) {
- FileOutputStream fos = null;
- try {
- if (filename != null && bytes != null) {
- File f = new File(filename);
-
- fos = new FileOutputStream(f);
-
- fos.write(bytes);
- fos.close();
- } else {
- if (log.isDebugEnabled()) {
- log.debug("writeBytesToFilename got null byte[] pointed");
- }
- }
- } catch (IOException ex) {
- if (fos != null) {
- try {
- fos.close();
- } catch (IOException ioe) {
- if (log.isDebugEnabled()) {
- log.debug(ioe);
- }
- }
- }
- }
- }
-
- /**
- * This method reads all bytes from the given InputStream till EOF and
- * returns them as a byte array.
- *
- * @param inputStream
- * @return the bytes read from the stream
- *
- * @throws FileNotFoundException
- * @throws IOException
- */
- public static byte[] getBytesFromStream(InputStream inputStream) throws IOException {
- UnsyncByteArrayOutputStream baos = null;
-
- byte[] retBytes = null;
- try {
- baos = new UnsyncByteArrayOutputStream();
- byte buf[] = new byte[4 * 1024];
- int len;
-
- while ((len = inputStream.read(buf)) > 0) {
- baos.write(buf, 0, len);
- }
- retBytes = baos.toByteArray();
- } finally {
- baos.close();
- }
-
- return retBytes;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.io.IOException;
-import java.io.StringReader;
-
-public class RFC2253Parser {
-
- /**
- * Method rfc2253toXMLdsig
- *
- * @param dn
- * @return normalized string
- */
- public static String rfc2253toXMLdsig(String dn) {
- // Transform from RFC1779 to RFC2253
- String normalized = normalize(dn, true);
-
- return rfctoXML(normalized);
- }
-
- /**
- * Method xmldsigtoRFC2253
- *
- * @param dn
- * @return normalized string
- */
- public static String xmldsigtoRFC2253(String dn) {
- // Transform from RFC1779 to RFC2253
- String normalized = normalize(dn, false);
-
- return xmltoRFC(normalized);
- }
-
- /**
- * Method normalize
- *
- * @param dn
- * @return normalized string
- */
- public static String normalize(String dn) {
- return normalize(dn, true);
- }
-
- /**
- * Method normalize
- *
- * @param dn
- * @param toXml
- * @return normalized string
- */
- public static String normalize(String dn, boolean toXml) {
- //if empty string
- if ((dn == null) || dn.equals("")) {
- return "";
- }
-
- try {
- String DN = semicolonToComma(dn);
- StringBuilder sb = new StringBuilder();
- int i = 0;
- int l = 0;
- int k;
-
- //for name component
- for (int j = 0; (k = DN.indexOf(',', j)) >= 0; j = k + 1) {
- l += countQuotes(DN, j, k);
-
- if ((k > 0) && (DN.charAt(k - 1) != '\\') && (l % 2) == 0) {
- sb.append(parseRDN(DN.substring(i, k).trim(), toXml) + ",");
-
- i = k + 1;
- l = 0;
- }
- }
-
- sb.append(parseRDN(trim(DN.substring(i)), toXml));
-
- return sb.toString();
- } catch (IOException ex) {
- return dn;
- }
- }
-
- /**
- * Method parseRDN
- *
- * @param str
- * @param toXml
- * @return normalized string
- * @throws IOException
- */
- static String parseRDN(String str, boolean toXml) throws IOException {
- StringBuilder sb = new StringBuilder();
- int i = 0;
- int l = 0;
- int k;
-
- for (int j = 0; (k = str.indexOf('+', j)) >= 0; j = k + 1) {
- l += countQuotes(str, j, k);
-
- if ((k > 0) && (str.charAt(k - 1) != '\\') && (l % 2) == 0) {
- sb.append(parseATAV(trim(str.substring(i, k)), toXml) + "+");
-
- i = k + 1;
- l = 0;
- }
- }
-
- sb.append(parseATAV(trim(str.substring(i)), toXml));
-
- return sb.toString();
- }
-
- /**
- * Method parseATAV
- *
- * @param str
- * @param toXml
- * @return normalized string
- * @throws IOException
- */
- static String parseATAV(String str, boolean toXml) throws IOException {
- int i = str.indexOf('=');
-
- if ((i == -1) || ((i > 0) && (str.charAt(i - 1) == '\\'))) {
- return str;
- }
- String attrType = normalizeAT(str.substring(0, i));
- // only normalize if value is a String
- String attrValue = null;
- if (attrType.charAt(0) >= '0' && attrType.charAt(0) <= '9') {
- attrValue = str.substring(i + 1);
- } else {
- attrValue = normalizeV(str.substring(i + 1), toXml);
- }
-
- return attrType + "=" + attrValue;
-
- }
-
- /**
- * Method normalizeAT
- *
- * @param str
- * @return normalized string
- */
- static String normalizeAT(String str) {
-
- String at = str.toUpperCase().trim();
-
- if (at.startsWith("OID")) {
- at = at.substring(3);
- }
-
- return at;
- }
-
- /**
- * Method normalizeV
- *
- * @param str
- * @param toXml
- * @return normalized string
- * @throws IOException
- */
- static String normalizeV(String str, boolean toXml) throws IOException {
- String value = trim(str);
-
- if (value.startsWith("\"")) {
- StringBuilder sb = new StringBuilder();
- StringReader sr = new StringReader(value.substring(1, value.length() - 1));
- int i = 0;
- char c;
-
- while ((i = sr.read()) > -1) {
- c = (char) i;
-
- //the following char is defined at 4.Relationship with RFC1779 and LDAPv2 inrfc2253
- if ((c == ',') || (c == '=') || (c == '+') || (c == '<')
- || (c == '>') || (c == '#') || (c == ';')) {
- sb.append('\\');
- }
-
- sb.append(c);
- }
-
- value = trim(sb.toString());
- }
-
- if (toXml) {
- if (value.startsWith("#")) {
- value = '\\' + value;
- }
- } else {
- if (value.startsWith("\\#")) {
- value = value.substring(1);
- }
- }
-
- return value;
- }
-
- /**
- * Method rfctoXML
- *
- * @param string
- * @return normalized string
- */
- static String rfctoXML(String string) {
- try {
- String s = changeLess32toXML(string);
-
- return changeWStoXML(s);
- } catch (Exception e) {
- return string;
- }
- }
-
- /**
- * Method xmltoRFC
- *
- * @param string
- * @return normalized string
- */
- static String xmltoRFC(String string) {
- try {
- String s = changeLess32toRFC(string);
-
- return changeWStoRFC(s);
- } catch (Exception e) {
- return string;
- }
- }
-
- /**
- * Method changeLess32toRFC
- *
- * @param string
- * @return normalized string
- * @throws IOException
- */
- static String changeLess32toRFC(String string) throws IOException {
- StringBuilder sb = new StringBuilder();
- StringReader sr = new StringReader(string);
- int i = 0;
- char c;
-
- while ((i = sr.read()) > -1) {
- c = (char) i;
-
- if (c == '\\') {
- sb.append(c);
-
- char c1 = (char) sr.read();
- char c2 = (char) sr.read();
-
- //65 (A) 97 (a)
- if ((((c1 >= 48) && (c1 <= 57)) || ((c1 >= 65) && (c1 <= 70)) || ((c1 >= 97) && (c1 <= 102)))
- && (((c2 >= 48) && (c2 <= 57))
- || ((c2 >= 65) && (c2 <= 70))
- || ((c2 >= 97) && (c2 <= 102)))) {
- char ch = (char) Byte.parseByte("" + c1 + c2, 16);
-
- sb.append(ch);
- } else {
- sb.append(c1);
- sb.append(c2);
- }
- } else {
- sb.append(c);
- }
- }
-
- return sb.toString();
- }
-
- /**
- * Method changeLess32toXML
- *
- * @param string
- * @return normalized string
- * @throws IOException
- */
- static String changeLess32toXML(String string) throws IOException {
- StringBuilder sb = new StringBuilder();
- StringReader sr = new StringReader(string);
- int i = 0;
-
- while ((i = sr.read()) > -1) {
- if (i < 32) {
- sb.append('\\');
- sb.append(Integer.toHexString(i));
- } else {
- sb.append((char) i);
- }
- }
-
- return sb.toString();
- }
-
- /**
- * Method changeWStoXML
- *
- * @param string
- * @return normalized string
- * @throws IOException
- */
- static String changeWStoXML(String string) throws IOException {
- StringBuilder sb = new StringBuilder();
- StringReader sr = new StringReader(string);
- int i = 0;
- char c;
-
- while ((i = sr.read()) > -1) {
- c = (char) i;
-
- if (c == '\\') {
- char c1 = (char) sr.read();
-
- if (c1 == ' ') {
- sb.append('\\');
-
- String s = "20";
-
- sb.append(s);
- } else {
- sb.append('\\');
- sb.append(c1);
- }
- } else {
- sb.append(c);
- }
- }
-
- return sb.toString();
- }
-
- /**
- * Method changeWStoRFC
- *
- * @param string
- * @return normalized string
- */
- static String changeWStoRFC(String string) {
- StringBuilder sb = new StringBuilder();
- int i = 0;
- int k;
-
- for (int j = 0; (k = string.indexOf("\\20", j)) >= 0; j = k + 3) {
- sb.append(trim(string.substring(i, k)) + "\\ ");
-
- i = k + 3;
- }
-
- sb.append(string.substring(i));
-
- return sb.toString();
- }
-
- /**
- * Method semicolonToComma
- *
- * @param str
- * @return normalized string
- */
- static String semicolonToComma(String str) {
- return removeWSandReplace(str, ";", ",");
- }
-
- /**
- * Method removeWhiteSpace
- *
- * @param str
- * @param symbol
- * @return normalized string
- */
- static String removeWhiteSpace(String str, String symbol) {
- return removeWSandReplace(str, symbol, symbol);
- }
-
- /**
- * Method removeWSandReplace
- *
- * @param str
- * @param symbol
- * @param replace
- * @return normalized string
- */
- static String removeWSandReplace(String str, String symbol, String replace) {
- StringBuilder sb = new StringBuilder();
- int i = 0;
- int l = 0;
- int k;
-
- for (int j = 0; (k = str.indexOf(symbol, j)) >= 0; j = k + 1) {
- l += countQuotes(str, j, k);
-
- if ((k > 0) && (str.charAt(k - 1) != '\\') && (l % 2) == 0) {
- sb.append(trim(str.substring(i, k)) + replace);
-
- i = k + 1;
- l = 0;
- }
- }
-
- sb.append(trim(str.substring(i)));
-
- return sb.toString();
- }
-
- /**
- * Returns the number of Quotation from i to j
- *
- * @param s
- * @param i
- * @param j
- * @return number of quotes
- */
- private static int countQuotes(String s, int i, int j) {
- int k = 0;
-
- for (int l = i; l < j; l++) {
- if (s.charAt(l) == '"') {
- k++;
- }
- }
-
- return k;
- }
-
- //only for the end of a space character occurring at the end of the string from rfc2253
-
- /**
- * Method trim
- *
- * @param str
- * @return the string
- */
- static String trim(String str) {
-
- String trimed = str.trim();
- int i = str.indexOf(trimed) + trimed.length();
-
- if ((str.length() > i) && trimed.endsWith("\\")
- && !trimed.endsWith("\\\\") && (str.charAt(i) == ' ')) {
- trimed = trimed + " ";
- }
-
- return trimed;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Class SignatureElementProxy
- *
- * @author Brent Putman (putmanb@georgetown.edu)
- */
-public abstract class Signature11ElementProxy extends ElementProxy {
-
- protected Signature11ElementProxy() {
- };
-
- /**
- * Constructor Signature11ElementProxy
- *
- * @param doc
- */
- public Signature11ElementProxy(Document doc) {
- if (doc == null) {
- throw new RuntimeException("Document is null");
- }
-
- this.doc = doc;
- this.constructionElement =
- XMLUtils.createElementInSignature11Space(this.doc, this.getBaseLocalName());
- }
-
- /**
- * Constructor Signature11ElementProxy
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public Signature11ElementProxy(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
-
- }
-
- /** @inheritDoc */
- public String getBaseNamespace() {
- return Constants.SignatureSpec11NS;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-/**
- * Class SignatureElementProxy
- *
- * @author $Author: coheigea $
- */
-public abstract class SignatureElementProxy extends ElementProxy {
-
- protected SignatureElementProxy() {
- };
-
- /**
- * Constructor SignatureElementProxy
- *
- * @param doc
- */
- public SignatureElementProxy(Document doc) {
- if (doc == null) {
- throw new RuntimeException("Document is null");
- }
-
- this.doc = doc;
- this.constructionElement =
- XMLUtils.createElementInSignatureSpace(this.doc, this.getBaseLocalName());
- }
-
- /**
- * Constructor SignatureElementProxy
- *
- * @param element
- * @param BaseURI
- * @throws XMLSecurityException
- */
- public SignatureElementProxy(Element element, String BaseURI) throws XMLSecurityException {
- super(element, BaseURI);
-
- }
-
- /** @inheritDoc */
- public String getBaseNamespace() {
- return Constants.SignatureSpecNS;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.io.ByteArrayOutputStream;
-
-import org.apache.xml.security.algorithms.SignatureAlgorithm;
-import org.apache.xml.security.signature.XMLSignatureException;
-
-/**
- * @author raul
- *
- */
-public class SignerOutputStream extends ByteArrayOutputStream {
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(SignerOutputStream.class);
-
- final SignatureAlgorithm sa;
-
- /**
- * @param sa
- */
- public SignerOutputStream(SignatureAlgorithm sa) {
- this.sa = sa;
- }
-
- /** @inheritDoc */
- public void write(byte[] arg0) {
- try {
- sa.update(arg0);
- } catch (XMLSignatureException e) {
- throw new RuntimeException("" + e);
- }
- }
-
- /** @inheritDoc */
- public void write(int arg0) {
- try {
- sa.update((byte)arg0);
- } catch (XMLSignatureException e) {
- throw new RuntimeException("" + e);
- }
- }
-
- /** @inheritDoc */
- public void write(byte[] arg0, int arg1, int arg2) {
- if (log.isDebugEnabled()) {
- log.debug("Canonicalized SignedInfo:");
- StringBuilder sb = new StringBuilder(arg2);
- for (int i = arg1; i < (arg1 + arg2); i++) {
- sb.append((char)arg0[i]);
- }
- log.debug(sb.toString());
- }
- try {
- sa.update(arg0, arg1, arg2);
- } catch (XMLSignatureException e) {
- throw new RuntimeException("" + e);
- }
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-/**
- * A class that buffers without synchronizing its methods
- * @author raul
- */
-public class UnsyncBufferedOutputStream extends OutputStream {
- static final int size = 8*1024;
- private static ThreadLocal<byte[]> bufCache = new ThreadLocal<byte[]>() {
- @Override
- protected synchronized byte[] initialValue() {
- return new byte[size];
- }
- };
-
- int pointer = 0;
- final OutputStream out;
-
- final byte[] buf;
-
- /**
- * Creates a buffered output stream without synchronization
- * @param out the outputstream to buffer
- */
- public UnsyncBufferedOutputStream(OutputStream out) {
- buf = (byte[])bufCache.get();
- this.out = out;
- }
-
- /** @inheritDoc */
- public void write(byte[] arg0) throws IOException {
- write(arg0, 0, arg0.length);
- }
-
- /** @inheritDoc */
- public void write(byte[] arg0, int arg1, int len) throws IOException {
- int newLen = pointer+len;
- if (newLen > size) {
- flushBuffer();
- if (len > size) {
- out.write(arg0, arg1,len);
- return;
- }
- newLen = len;
- }
- System.arraycopy(arg0, arg1, buf, pointer, len);
- pointer = newLen;
- }
-
- private void flushBuffer() throws IOException {
- if (pointer > 0) {
- out.write(buf, 0, pointer);
- }
- pointer = 0;
-
- }
-
- /** @inheritDoc */
- public void write(int arg0) throws IOException {
- if (pointer >= size) {
- flushBuffer();
- }
- buf[pointer++] = (byte)arg0;
-
- }
-
- /** @inheritDoc */
- public void flush() throws IOException {
- flushBuffer();
- out.flush();
- }
-
- /** @inheritDoc */
- public void close() throws IOException {
- flush();
- out.close();
- bufCache.remove();
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.io.IOException;
-import java.io.OutputStream;
-
-/**
- * A simple Unsynced ByteArrayOutputStream
- * @author raul
- *
- */
-public class UnsyncByteArrayOutputStream extends OutputStream {
-
- private static final int INITIAL_SIZE = 8192;
- private static ThreadLocal<byte[]> bufCache = new ThreadLocal<byte[]>() {
- @Override
- protected synchronized byte[] initialValue() {
- return new byte[INITIAL_SIZE];
- }
- };
-
- private byte[] buf;
- private int size = INITIAL_SIZE;
- private int pos = 0;
-
- public UnsyncByteArrayOutputStream() {
- buf = (byte[])bufCache.get();
- }
-
- public void write(byte[] arg0) {
- if ((Integer.MAX_VALUE - pos) < arg0.length) {
- throw new OutOfMemoryError();
- }
- int newPos = pos + arg0.length;
- if (newPos > size) {
- expandSize(newPos);
- }
- System.arraycopy(arg0, 0, buf, pos, arg0.length);
- pos = newPos;
- }
-
- public void write(byte[] arg0, int arg1, int arg2) {
- if ((Integer.MAX_VALUE - pos) < arg2) {
- throw new OutOfMemoryError();
- }
- int newPos = pos + arg2;
- if (newPos > size) {
- expandSize(newPos);
- }
- System.arraycopy(arg0, arg1, buf, pos, arg2);
- pos = newPos;
- }
-
- public void write(int arg0) {
- if ((Integer.MAX_VALUE - pos) == 0) {
- throw new OutOfMemoryError();
- }
- int newPos = pos + 1;
- if (newPos > size) {
- expandSize(newPos);
- }
- buf[pos++] = (byte)arg0;
- }
-
- public byte[] toByteArray() {
- byte result[] = new byte[pos];
- System.arraycopy(buf, 0, result, 0, pos);
- return result;
- }
-
- public void reset() {
- pos = 0;
- bufCache.remove();
- }
-
- @Override
- public void close() throws IOException {
- bufCache.remove();
- }
-
- private void expandSize(int newPos) {
- int newSize = size;
- while (newPos > newSize) {
- newSize = newSize << 1;
- // Deal with overflow
- if (newSize < 0) {
- newSize = Integer.MAX_VALUE;
- }
- }
- byte newBuf[] = new byte[newSize];
- System.arraycopy(buf, 0, newBuf, 0, pos);
- buf = newBuf;
- size = newSize;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import org.apache.xml.security.c14n.CanonicalizationException;
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.InvalidCanonicalizerException;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.ProcessingInstruction;
-import org.w3c.dom.Text;
-
-/**
- * DOM and XML accessibility and comfort functions.
- *
- * @author Christian Geuer-Pollmann
- */
-public class XMLUtils {
-
- private static boolean ignoreLineBreaks =
- AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
- public Boolean run() {
- return Boolean.valueOf(Boolean.getBoolean
- ("org.apache.xml.security.ignoreLineBreaks"));
- }
- }).booleanValue();
-
- private static volatile String dsPrefix = "ds";
- private static volatile String ds11Prefix = "dsig11";
- private static volatile String xencPrefix = "xenc";
- private static volatile String xenc11Prefix = "xenc11";
-
- /** {@link org.apache.commons.logging} logging facility */
- private static final org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(XMLUtils.class);
-
-
- /**
- * Constructor XMLUtils
- *
- */
- private XMLUtils() {
- // we don't allow instantiation
- }
-
- /**
- * Set the prefix for the digital signature namespace
- * @param prefix the new prefix for the digital signature namespace
- */
- public static void setDsPrefix(String prefix) {
- dsPrefix = prefix;
- }
-
- /**
- * Set the prefix for the digital signature 1.1 namespace
- * @param prefix the new prefix for the digital signature 1.1 namespace
- */
- public static void setDs11Prefix(String prefix) {
- ds11Prefix = prefix;
- }
-
- /**
- * Set the prefix for the encryption namespace
- * @param prefix the new prefix for the encryption namespace
- */
- public static void setXencPrefix(String prefix) {
- xencPrefix = prefix;
- }
-
- /**
- * Set the prefix for the encryption namespace 1.1
- * @param prefix the new prefix for the encryption namespace 1.1
- */
- public static void setXenc11Prefix(String prefix) {
- xenc11Prefix = prefix;
- }
-
- public static Element getNextElement(Node el) {
- Node node = el;
- while ((node != null) && (node.getNodeType() != Node.ELEMENT_NODE)) {
- node = node.getNextSibling();
- }
- return (Element)node;
- }
-
- /**
- * @param rootNode
- * @param result
- * @param exclude
- * @param com whether comments or not
- */
- public static void getSet(Node rootNode, Set<Node> result, Node exclude, boolean com) {
- if ((exclude != null) && isDescendantOrSelf(exclude, rootNode)) {
- return;
- }
- getSetRec(rootNode, result, exclude, com);
- }
-
- @SuppressWarnings("fallthrough")
- private static void getSetRec(final Node rootNode, final Set<Node> result,
- final Node exclude, final boolean com) {
- if (rootNode == exclude) {
- return;
- }
- switch (rootNode.getNodeType()) {
- case Node.ELEMENT_NODE:
- result.add(rootNode);
- Element el = (Element)rootNode;
- if (el.hasAttributes()) {
- NamedNodeMap nl = el.getAttributes();
- for (int i = 0;i < nl.getLength(); i++) {
- result.add(nl.item(i));
- }
- }
- //no return keep working
- case Node.DOCUMENT_NODE:
- for (Node r = rootNode.getFirstChild(); r != null; r = r.getNextSibling()) {
- if (r.getNodeType() == Node.TEXT_NODE) {
- result.add(r);
- while ((r != null) && (r.getNodeType() == Node.TEXT_NODE)) {
- r = r.getNextSibling();
- }
- if (r == null) {
- return;
- }
- }
- getSetRec(r, result, exclude, com);
- }
- return;
- case Node.COMMENT_NODE:
- if (com) {
- result.add(rootNode);
- }
- return;
- case Node.DOCUMENT_TYPE_NODE:
- return;
- default:
- result.add(rootNode);
- }
- }
-
-
- /**
- * Outputs a DOM tree to an {@link OutputStream}.
- *
- * @param contextNode root node of the DOM tree
- * @param os the {@link OutputStream}
- */
- public static void outputDOM(Node contextNode, OutputStream os) {
- XMLUtils.outputDOM(contextNode, os, false);
- }
-
- /**
- * Outputs a DOM tree to an {@link OutputStream}. <I>If an Exception is
- * thrown during execution, it's StackTrace is output to System.out, but the
- * Exception is not re-thrown.</I>
- *
- * @param contextNode root node of the DOM tree
- * @param os the {@link OutputStream}
- * @param addPreamble
- */
- public static void outputDOM(Node contextNode, OutputStream os, boolean addPreamble) {
- try {
- if (addPreamble) {
- os.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n".getBytes("UTF-8"));
- }
-
- os.write(Canonicalizer.getInstance(
- Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS).canonicalizeSubtree(contextNode)
- );
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- }
- catch (InvalidCanonicalizerException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- } catch (CanonicalizationException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- }
- }
-
- /**
- * Serializes the <CODE>contextNode</CODE> into the OutputStream, <I>but
- * suppresses all Exceptions</I>.
- * <BR />
- * NOTE: <I>This should only be used for debugging purposes,
- * NOT in a production environment; this method ignores all exceptions,
- * so you won't notice if something goes wrong. If you're asking what is to
- * be used in a production environment, simply use the code inside the
- * <code>try{}</code> statement, but handle the Exceptions appropriately.</I>
- *
- * @param contextNode
- * @param os
- */
- public static void outputDOMc14nWithComments(Node contextNode, OutputStream os) {
- try {
- os.write(Canonicalizer.getInstance(
- Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS).canonicalizeSubtree(contextNode)
- );
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- // throw new RuntimeException(ex.getMessage());
- } catch (InvalidCanonicalizerException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- // throw new RuntimeException(ex.getMessage());
- } catch (CanonicalizationException ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- // throw new RuntimeException(ex.getMessage());
- }
- }
-
- /**
- * Method getFullTextChildrenFromElement
- *
- * @param element
- * @return the string of children
- */
- public static String getFullTextChildrenFromElement(Element element) {
- StringBuilder sb = new StringBuilder();
-
- Node child = element.getFirstChild();
- while (child != null) {
- if (child.getNodeType() == Node.TEXT_NODE) {
- sb.append(((Text)child).getData());
- }
- child = child.getNextSibling();
- }
-
- return sb.toString();
- }
-
- /**
- * Creates an Element in the XML Signature specification namespace.
- *
- * @param doc the factory Document
- * @param elementName the local name of the Element
- * @return the Element
- */
- public static Element createElementInSignatureSpace(Document doc, String elementName) {
- if (doc == null) {
- throw new RuntimeException("Document is null");
- }
-
- if ((dsPrefix == null) || (dsPrefix.length() == 0)) {
- return doc.createElementNS(Constants.SignatureSpecNS, elementName);
- }
- return doc.createElementNS(Constants.SignatureSpecNS, dsPrefix + ":" + elementName);
- }
-
- /**
- * Creates an Element in the XML Signature 1.1 specification namespace.
- *
- * @param doc the factory Document
- * @param elementName the local name of the Element
- * @return the Element
- */
- public static Element createElementInSignature11Space(Document doc, String elementName) {
- if (doc == null) {
- throw new RuntimeException("Document is null");
- }
-
- if ((ds11Prefix == null) || (ds11Prefix.length() == 0)) {
- return doc.createElementNS(Constants.SignatureSpec11NS, elementName);
- }
- return doc.createElementNS(Constants.SignatureSpec11NS, ds11Prefix + ":" + elementName);
- }
-
- /**
- * Creates an Element in the XML Encryption specification namespace.
- *
- * @param doc the factory Document
- * @param elementName the local name of the Element
- * @return the Element
- */
- public static Element createElementInEncryptionSpace(Document doc, String elementName) {
- if (doc == null) {
- throw new RuntimeException("Document is null");
- }
-
- if ((xencPrefix == null) || (xencPrefix.length() == 0)) {
- return doc.createElementNS(EncryptionConstants.EncryptionSpecNS, elementName);
- }
- return
- doc.createElementNS(
- EncryptionConstants.EncryptionSpecNS, xencPrefix + ":" + elementName
- );
- }
-
- /**
- * Creates an Element in the XML Encryption 1.1 specification namespace.
- *
- * @param doc the factory Document
- * @param elementName the local name of the Element
- * @return the Element
- */
- public static Element createElementInEncryption11Space(Document doc, String elementName) {
- if (doc == null) {
- throw new RuntimeException("Document is null");
- }
-
- if ((xenc11Prefix == null) || (xenc11Prefix.length() == 0)) {
- return doc.createElementNS(EncryptionConstants.EncryptionSpec11NS, elementName);
- }
- return
- doc.createElementNS(
- EncryptionConstants.EncryptionSpec11NS, xenc11Prefix + ":" + elementName
- );
- }
-
- /**
- * Returns true if the element is in XML Signature namespace and the local
- * name equals the supplied one.
- *
- * @param element
- * @param localName
- * @return true if the element is in XML Signature namespace and the local name equals
- * the supplied one
- */
- public static boolean elementIsInSignatureSpace(Element element, String localName) {
- if (element == null){
- return false;
- }
-
- return Constants.SignatureSpecNS.equals(element.getNamespaceURI())
- && element.getLocalName().equals(localName);
- }
-
- /**
- * Returns true if the element is in XML Signature 1.1 namespace and the local
- * name equals the supplied one.
- *
- * @param element
- * @param localName
- * @return true if the element is in XML Signature namespace and the local name equals
- * the supplied one
- */
- public static boolean elementIsInSignature11Space(Element element, String localName) {
- if (element == null) {
- return false;
- }
-
- return Constants.SignatureSpec11NS.equals(element.getNamespaceURI())
- && element.getLocalName().equals(localName);
- }
-
- /**
- * Returns true if the element is in XML Encryption namespace and the local
- * name equals the supplied one.
- *
- * @param element
- * @param localName
- * @return true if the element is in XML Encryption namespace and the local name
- * equals the supplied one
- */
- public static boolean elementIsInEncryptionSpace(Element element, String localName) {
- if (element == null){
- return false;
- }
- return EncryptionConstants.EncryptionSpecNS.equals(element.getNamespaceURI())
- && element.getLocalName().equals(localName);
- }
-
- /**
- * Returns true if the element is in XML Encryption 1.1 namespace and the local
- * name equals the supplied one.
- *
- * @param element
- * @param localName
- * @return true if the element is in XML Encryption 1.1 namespace and the local name
- * equals the supplied one
- */
- public static boolean elementIsInEncryption11Space(Element element, String localName) {
- if (element == null){
- return false;
- }
- return EncryptionConstants.EncryptionSpec11NS.equals(element.getNamespaceURI())
- && element.getLocalName().equals(localName);
- }
-
- /**
- * This method returns the owner document of a particular node.
- * This method is necessary because it <I>always</I> returns a
- * {@link Document}. {@link Node#getOwnerDocument} returns <CODE>null</CODE>
- * if the {@link Node} is a {@link Document}.
- *
- * @param node
- * @return the owner document of the node
- */
- public static Document getOwnerDocument(Node node) {
- if (node.getNodeType() == Node.DOCUMENT_NODE) {
- return (Document) node;
- }
- try {
- return node.getOwnerDocument();
- } catch (NullPointerException npe) {
- throw new NullPointerException(I18n.translate("endorsed.jdk1.4.0")
- + " Original message was \""
- + npe.getMessage() + "\"");
- }
- }
-
- /**
- * This method returns the first non-null owner document of the Nodes in this Set.
- * This method is necessary because it <I>always</I> returns a
- * {@link Document}. {@link Node#getOwnerDocument} returns <CODE>null</CODE>
- * if the {@link Node} is a {@link Document}.
- *
- * @param xpathNodeSet
- * @return the owner document
- */
- public static Document getOwnerDocument(Set<Node> xpathNodeSet) {
- NullPointerException npe = null;
- for (Node node : xpathNodeSet) {
- int nodeType = node.getNodeType();
- if (nodeType == Node.DOCUMENT_NODE) {
- return (Document) node;
- }
- try {
- if (nodeType == Node.ATTRIBUTE_NODE) {
- return ((Attr)node).getOwnerElement().getOwnerDocument();
- }
- return node.getOwnerDocument();
- } catch (NullPointerException e) {
- npe = e;
- }
- }
-
- throw new NullPointerException(I18n.translate("endorsed.jdk1.4.0")
- + " Original message was \""
- + (npe == null ? "" : npe.getMessage()) + "\"");
- }
-
- /**
- * Method createDSctx
- *
- * @param doc
- * @param prefix
- * @param namespace
- * @return the element.
- */
- public static Element createDSctx(Document doc, String prefix, String namespace) {
- if ((prefix == null) || (prefix.trim().length() == 0)) {
- throw new IllegalArgumentException("You must supply a prefix");
- }
-
- Element ctx = doc.createElementNS(null, "namespaceContext");
-
- ctx.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix.trim(), namespace);
-
- return ctx;
- }
-
- /**
- * Method addReturnToElement
- *
- * @param e
- */
- public static void addReturnToElement(Element e) {
- if (!ignoreLineBreaks) {
- Document doc = e.getOwnerDocument();
- e.appendChild(doc.createTextNode("\n"));
- }
- }
-
- public static void addReturnToElement(Document doc, HelperNodeList nl) {
- if (!ignoreLineBreaks) {
- nl.appendChild(doc.createTextNode("\n"));
- }
- }
-
- public static void addReturnBeforeChild(Element e, Node child) {
- if (!ignoreLineBreaks) {
- Document doc = e.getOwnerDocument();
- e.insertBefore(doc.createTextNode("\n"), child);
- }
- }
-
- /**
- * Method convertNodelistToSet
- *
- * @param xpathNodeSet
- * @return the set with the nodelist
- */
- public static Set<Node> convertNodelistToSet(NodeList xpathNodeSet) {
- if (xpathNodeSet == null) {
- return new HashSet<Node>();
- }
-
- int length = xpathNodeSet.getLength();
- Set<Node> set = new HashSet<Node>(length);
-
- for (int i = 0; i < length; i++) {
- set.add(xpathNodeSet.item(i));
- }
-
- return set;
- }
-
- /**
- * This method spreads all namespace attributes in a DOM document to their
- * children. This is needed because the XML Signature XPath transform
- * must evaluate the XPath against all nodes in the input, even against
- * XPath namespace nodes. Through a bug in XalanJ2, the namespace nodes are
- * not fully visible in the Xalan XPath model, so we have to do this by
- * hand in DOM spaces so that the nodes become visible in XPath space.
- *
- * @param doc
- * @see <A HREF="http://nagoya.apache.org/bugzilla/show_bug.cgi?id=2650">
- * Namespace axis resolution is not XPath compliant </A>
- */
- public static void circumventBug2650(Document doc) {
-
- Element documentElement = doc.getDocumentElement();
-
- // if the document element has no xmlns definition, we add xmlns=""
- Attr xmlnsAttr =
- documentElement.getAttributeNodeNS(Constants.NamespaceSpecNS, "xmlns");
-
- if (xmlnsAttr == null) {
- documentElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "");
- }
-
- XMLUtils.circumventBug2650internal(doc);
- }
-
- /**
- * This is the work horse for {@link #circumventBug2650}.
- *
- * @param node
- * @see <A HREF="http://nagoya.apache.org/bugzilla/show_bug.cgi?id=2650">
- * Namespace axis resolution is not XPath compliant </A>
- */
- @SuppressWarnings("fallthrough")
- private static void circumventBug2650internal(Node node) {
- Node parent = null;
- Node sibling = null;
- final String namespaceNs = Constants.NamespaceSpecNS;
- do {
- switch (node.getNodeType()) {
- case Node.ELEMENT_NODE :
- Element element = (Element) node;
- if (!element.hasChildNodes()) {
- break;
- }
- if (element.hasAttributes()) {
- NamedNodeMap attributes = element.getAttributes();
- int attributesLength = attributes.getLength();
-
- for (Node child = element.getFirstChild(); child!=null;
- child = child.getNextSibling()) {
-
- if (child.getNodeType() != Node.ELEMENT_NODE) {
- continue;
- }
- Element childElement = (Element) child;
-
- for (int i = 0; i < attributesLength; i++) {
- Attr currentAttr = (Attr) attributes.item(i);
- if (!namespaceNs.equals(currentAttr.getNamespaceURI())) {
- continue;
- }
- if (childElement.hasAttributeNS(namespaceNs,
- currentAttr.getLocalName())) {
- continue;
- }
- childElement.setAttributeNS(namespaceNs,
- currentAttr.getName(),
- currentAttr.getNodeValue());
- }
- }
- }
- case Node.ENTITY_REFERENCE_NODE :
- case Node.DOCUMENT_NODE :
- parent = node;
- sibling = node.getFirstChild();
- break;
- }
- while ((sibling == null) && (parent != null)) {
- sibling = parent.getNextSibling();
- parent = parent.getParentNode();
- }
- if (sibling == null) {
- return;
- }
-
- node = sibling;
- sibling = node.getNextSibling();
- } while (true);
- }
-
- /**
- * @param sibling
- * @param nodeName
- * @param number
- * @return nodes with the constraint
- */
- public static Element selectDsNode(Node sibling, String nodeName, int number) {
- while (sibling != null) {
- if (Constants.SignatureSpecNS.equals(sibling.getNamespaceURI())
- && sibling.getLocalName().equals(nodeName)) {
- if (number == 0){
- return (Element)sibling;
- }
- number--;
- }
- sibling = sibling.getNextSibling();
- }
- return null;
- }
-
- /**
- * @param sibling
- * @param nodeName
- * @param number
- * @return nodes with the constraint
- */
- public static Element selectDs11Node(Node sibling, String nodeName, int number) {
- while (sibling != null) {
- if (Constants.SignatureSpec11NS.equals(sibling.getNamespaceURI())
- && sibling.getLocalName().equals(nodeName)) {
- if (number == 0){
- return (Element)sibling;
- }
- number--;
- }
- sibling = sibling.getNextSibling();
- }
- return null;
- }
-
- /**
- * @param sibling
- * @param nodeName
- * @param number
- * @return nodes with the constrain
- */
- public static Element selectXencNode(Node sibling, String nodeName, int number) {
- while (sibling != null) {
- if (EncryptionConstants.EncryptionSpecNS.equals(sibling.getNamespaceURI())
- && sibling.getLocalName().equals(nodeName)) {
- if (number == 0){
- return (Element)sibling;
- }
- number--;
- }
- sibling = sibling.getNextSibling();
- }
- return null;
- }
-
-
- /**
- * @param sibling
- * @param nodeName
- * @param number
- * @return nodes with the constrain
- */
- public static Text selectDsNodeText(Node sibling, String nodeName, int number) {
- Node n = selectDsNode(sibling,nodeName,number);
- if (n == null) {
- return null;
- }
- n = n.getFirstChild();
- while (n != null && n.getNodeType() != Node.TEXT_NODE) {
- n = n.getNextSibling();
- }
- return (Text)n;
- }
-
- /**
- * @param sibling
- * @param nodeName
- * @param number
- * @return nodes with the constrain
- */
- public static Text selectDs11NodeText(Node sibling, String nodeName, int number) {
- Node n = selectDs11Node(sibling,nodeName,number);
- if (n == null) {
- return null;
- }
- n = n.getFirstChild();
- while (n != null && n.getNodeType() != Node.TEXT_NODE) {
- n = n.getNextSibling();
- }
- return (Text)n;
- }
-
- /**
- * @param sibling
- * @param uri
- * @param nodeName
- * @param number
- * @return nodes with the constrain
- */
- public static Text selectNodeText(Node sibling, String uri, String nodeName, int number) {
- Node n = selectNode(sibling,uri,nodeName,number);
- if (n == null) {
- return null;
- }
- n = n.getFirstChild();
- while (n != null && n.getNodeType() != Node.TEXT_NODE) {
- n = n.getNextSibling();
- }
- return (Text)n;
- }
-
- /**
- * @param sibling
- * @param uri
- * @param nodeName
- * @param number
- * @return nodes with the constrain
- */
- public static Element selectNode(Node sibling, String uri, String nodeName, int number) {
- while (sibling != null) {
- if (sibling.getNamespaceURI() != null && sibling.getNamespaceURI().equals(uri)
- && sibling.getLocalName().equals(nodeName)) {
- if (number == 0){
- return (Element)sibling;
- }
- number--;
- }
- sibling = sibling.getNextSibling();
- }
- return null;
- }
-
- /**
- * @param sibling
- * @param nodeName
- * @return nodes with the constrain
- */
- public static Element[] selectDsNodes(Node sibling, String nodeName) {
- return selectNodes(sibling, Constants.SignatureSpecNS, nodeName);
- }
-
- /**
- * @param sibling
- * @param nodeName
- * @return nodes with the constrain
- */
- public static Element[] selectDs11Nodes(Node sibling, String nodeName) {
- return selectNodes(sibling, Constants.SignatureSpec11NS, nodeName);
- }
-
- /**
- * @param sibling
- * @param uri
- * @param nodeName
- * @return nodes with the constraint
- */
- public static Element[] selectNodes(Node sibling, String uri, String nodeName) {
- List<Element> list = new ArrayList<Element>();
- while (sibling != null) {
- if (sibling.getNamespaceURI() != null && sibling.getNamespaceURI().equals(uri)
- && sibling.getLocalName().equals(nodeName)) {
- list.add((Element)sibling);
- }
- sibling = sibling.getNextSibling();
- }
- return list.toArray(new Element[list.size()]);
- }
-
- /**
- * @param signatureElement
- * @param inputSet
- * @return nodes with the constrain
- */
- public static Set<Node> excludeNodeFromSet(Node signatureElement, Set<Node> inputSet) {
- Set<Node> resultSet = new HashSet<Node>();
- Iterator<Node> iterator = inputSet.iterator();
-
- while (iterator.hasNext()) {
- Node inputNode = iterator.next();
-
- if (!XMLUtils.isDescendantOrSelf(signatureElement, inputNode)) {
- resultSet.add(inputNode);
- }
- }
- return resultSet;
- }
-
- /**
- * Method getStrFromNode
- *
- * @param xpathnode
- * @return the string for the node.
- */
- public static String getStrFromNode(Node xpathnode) {
- if (xpathnode.getNodeType() == Node.TEXT_NODE) {
- // we iterate over all siblings of the context node because eventually,
- // the text is "polluted" with pi's or comments
- StringBuilder sb = new StringBuilder();
-
- for (Node currentSibling = xpathnode.getParentNode().getFirstChild();
- currentSibling != null;
- currentSibling = currentSibling.getNextSibling()) {
- if (currentSibling.getNodeType() == Node.TEXT_NODE) {
- sb.append(((Text) currentSibling).getData());
- }
- }
-
- return sb.toString();
- } else if (xpathnode.getNodeType() == Node.ATTRIBUTE_NODE) {
- return ((Attr) xpathnode).getNodeValue();
- } else if (xpathnode.getNodeType() == Node.PROCESSING_INSTRUCTION_NODE) {
- return ((ProcessingInstruction) xpathnode).getNodeValue();
- }
-
- return null;
- }
-
- /**
- * Returns true if the descendantOrSelf is on the descendant-or-self axis
- * of the context node.
- *
- * @param ctx
- * @param descendantOrSelf
- * @return true if the node is descendant
- */
- public static boolean isDescendantOrSelf(Node ctx, Node descendantOrSelf) {
- if (ctx == descendantOrSelf) {
- return true;
- }
-
- Node parent = descendantOrSelf;
-
- while (true) {
- if (parent == null) {
- return false;
- }
-
- if (parent == ctx) {
- return true;
- }
-
- if (parent.getNodeType() == Node.ATTRIBUTE_NODE) {
- parent = ((Attr) parent).getOwnerElement();
- } else {
- parent = parent.getParentNode();
- }
- }
- }
-
- public static boolean ignoreLineBreaks() {
- return ignoreLineBreaks;
- }
-
- /**
- * Returns the attribute value for the attribute with the specified name.
- * Returns null if there is no such attribute, or
- * the empty string if the attribute value is empty.
- *
- * <p>This works around a limitation of the DOM
- * <code>Element.getAttributeNode</code> method, which does not distinguish
- * between an unspecified attribute and an attribute with a value of
- * "" (it returns "" for both cases).
- *
- * @param elem the element containing the attribute
- * @param name the name of the attribute
- * @return the attribute value (may be null if unspecified)
- */
- public static String getAttributeValue(Element elem, String name) {
- Attr attr = elem.getAttributeNodeNS(null, name);
- return (attr == null) ? null : attr.getValue();
- }
-
- /**
- * This method is a tree-search to help prevent against wrapping attacks. It checks that no
- * two Elements have ID Attributes that match the "value" argument, if this is the case then
- * "false" is returned. Note that a return value of "true" does not necessarily mean that
- * a matching Element has been found, just that no wrapping attack has been detected.
- */
- public static boolean protectAgainstWrappingAttack(Node startNode, String value) {
- Node startParent = startNode.getParentNode();
- Node processedNode = null;
- Element foundElement = null;
-
- String id = value.trim();
- if (id.charAt(0) == '#') {
- id = id.substring(1);
- }
-
- while (startNode != null) {
- if (startNode.getNodeType() == Node.ELEMENT_NODE) {
- Element se = (Element) startNode;
-
- NamedNodeMap attributes = se.getAttributes();
- if (attributes != null) {
- for (int i = 0; i < attributes.getLength(); i++) {
- Attr attr = (Attr)attributes.item(i);
- if (attr.isId() && id.equals(attr.getValue())) {
- if (foundElement == null) {
- // Continue searching to find duplicates
- foundElement = attr.getOwnerElement();
- } else {
- log.debug("Multiple elements with the same 'Id' attribute value!");
- return false;
- }
- }
- }
- }
- }
-
- processedNode = startNode;
- startNode = startNode.getFirstChild();
-
- // no child, this node is done.
- if (startNode == null) {
- // close node processing, get sibling
- startNode = processedNode.getNextSibling();
- }
-
- // no more siblings, get parent, all children
- // of parent are processed.
- while (startNode == null) {
- processedNode = processedNode.getParentNode();
- if (processedNode == startParent) {
- return true;
- }
- // close parent node processing (processed node now)
- startNode = processedNode.getNextSibling();
- }
- }
- return true;
- }
-
- /**
- * This method is a tree-search to help prevent against wrapping attacks. It checks that no other
- * Element than the given "knownElement" argument has an ID attribute that matches the "value"
- * argument, which is the ID value of "knownElement". If this is the case then "false" is returned.
- */
- public static boolean protectAgainstWrappingAttack(
- Node startNode, Element knownElement, String value
- ) {
- Node startParent = startNode.getParentNode();
- Node processedNode = null;
-
- String id = value.trim();
- if (id.charAt(0) == '#') {
- id = id.substring(1);
- }
-
- while (startNode != null) {
- if (startNode.getNodeType() == Node.ELEMENT_NODE) {
- Element se = (Element) startNode;
-
- NamedNodeMap attributes = se.getAttributes();
- if (attributes != null) {
- for (int i = 0; i < attributes.getLength(); i++) {
- Attr attr = (Attr)attributes.item(i);
- if (attr.isId() && id.equals(attr.getValue()) && se != knownElement) {
- log.debug("Multiple elements with the same 'Id' attribute value!");
- return false;
- }
- }
- }
- }
-
- processedNode = startNode;
- startNode = startNode.getFirstChild();
-
- // no child, this node is done.
- if (startNode == null) {
- // close node processing, get sibling
- startNode = processedNode.getNextSibling();
- }
-
- // no more siblings, get parent, all children
- // of parent are processed.
- while (startNode == null) {
- processedNode = processedNode.getParentNode();
- if (processedNode == startParent) {
- return true;
- }
- // close parent node processing (processed node now)
- startNode = processedNode.getNextSibling();
- }
- }
- return true;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * An interface to abstract XPath evaluation
- */
-public interface XPathAPI {
-
- /**
- * Use an XPath string to select a nodelist.
- * XPath namespace prefixes are resolved from the namespaceNode.
- *
- * @param contextNode The node to start searching from.
- * @param xpathnode
- * @param str
- * @param namespaceNode The node from which prefixes in the XPath will be resolved to namespaces.
- * @return A NodeIterator, should never be null.
- *
- * @throws TransformerException
- */
- NodeList selectNodeList(
- Node contextNode, Node xpathnode, String str, Node namespaceNode
- ) throws TransformerException;
-
- /**
- * Evaluate an XPath string and return true if the output is to be included or not.
- * @param contextNode The node to start searching from.
- * @param xpathnode The XPath node
- * @param str The XPath expression
- * @param namespaceNode The node from which prefixes in the XPath will be resolved to namespaces.
- */
- boolean evaluate(Node contextNode, Node xpathnode, String str, Node namespaceNode)
- throws TransformerException;
-
- /**
- * Clear any context information from this object
- */
- void clear();
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-
-/**
- * A Factory to return an XPathAPI instance. If Xalan is available it returns XalanXPathAPI. If not, then
- * it returns JDKXPathAPI.
- */
-public abstract class XPathFactory {
-
- private static boolean xalanInstalled;
-
- static {
- try {
- Class<?> funcTableClass =
- ClassLoaderUtils.loadClass("org.apache.xpath.compiler.FunctionTable", XPathFactory.class);
- if (funcTableClass != null) {
- xalanInstalled = true;
- }
- } catch (Exception e) {
- //ignore
- }
- }
-
- protected synchronized static boolean isXalanInstalled() {
- return xalanInstalled;
- }
-
- /**
- * Get a new XPathFactory instance
- */
- public static XPathFactory newInstance() {
- if (!isXalanInstalled()) {
- return new JDKXPathFactory();
- }
- // Xalan is available
- if (XalanXPathAPI.isInstalled()) {
- return new XalanXPathFactory();
- }
- // Some problem was encountered in fixing up the Xalan FunctionTable so fall back to the
- // JDK implementation
- return new JDKXPathFactory();
- }
-
- /**
- * Get a new XPathAPI instance
- */
- public abstract XPathAPI newXPathAPI();
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-
-import javax.xml.transform.ErrorListener;
-import javax.xml.transform.SourceLocator;
-import javax.xml.transform.TransformerException;
-
-import org.apache.xml.security.transforms.implementations.FuncHere;
-import org.apache.xml.utils.PrefixResolver;
-import org.apache.xml.utils.PrefixResolverDefault;
-import org.apache.xpath.Expression;
-import org.apache.xpath.XPath;
-import org.apache.xpath.XPathContext;
-import org.apache.xpath.compiler.FunctionTable;
-import org.apache.xpath.objects.XObject;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * An implementation of XPathAPI using Xalan. This supports the "here()" function defined in the digital
- * signature spec.
- */
-public class XalanXPathAPI implements XPathAPI {
-
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(XalanXPathAPI.class);
-
- private String xpathStr = null;
-
- private XPath xpath = null;
-
- private static FunctionTable funcTable = null;
-
- private static boolean installed;
-
- private XPathContext context;
-
- static {
- fixupFunctionTable();
- }
-
-
- /**
- * Use an XPath string to select a nodelist.
- * XPath namespace prefixes are resolved from the namespaceNode.
- *
- * @param contextNode The node to start searching from.
- * @param xpathnode
- * @param str
- * @param namespaceNode The node from which prefixes in the XPath will be resolved to namespaces.
- * @return A NodeIterator, should never be null.
- *
- * @throws TransformerException
- */
- public NodeList selectNodeList(
- Node contextNode, Node xpathnode, String str, Node namespaceNode
- ) throws TransformerException {
-
- // Execute the XPath, and have it return the result
- XObject list = eval(contextNode, xpathnode, str, namespaceNode);
-
- // Return a NodeList.
- return list.nodelist();
- }
-
- /**
- * Evaluate an XPath string and return true if the output is to be included or not.
- * @param contextNode The node to start searching from.
- * @param xpathnode The XPath node
- * @param str The XPath expression
- * @param namespaceNode The node from which prefixes in the XPath will be resolved to namespaces.
- */
- public boolean evaluate(Node contextNode, Node xpathnode, String str, Node namespaceNode)
- throws TransformerException {
- XObject object = eval(contextNode, xpathnode, str, namespaceNode);
- return object.bool();
- }
-
- /**
- * Clear any context information from this object
- */
- public void clear() {
- xpathStr = null;
- xpath = null;
- context = null;
- }
-
- public synchronized static boolean isInstalled() {
- return installed;
- }
-
- private XObject eval(Node contextNode, Node xpathnode, String str, Node namespaceNode)
- throws TransformerException {
- if (context == null) {
- context = new XPathContext(xpathnode);
- context.setSecureProcessing(true);
- }
-
- // Create an object to resolve namespace prefixes.
- // XPath namespaces are resolved from the input context node's document element
- // if it is a root node, or else the current context node (for lack of a better
- // resolution space, given the simplicity of this sample code).
- Node resolverNode =
- (namespaceNode.getNodeType() == Node.DOCUMENT_NODE)
- ? ((Document) namespaceNode).getDocumentElement() : namespaceNode;
- PrefixResolverDefault prefixResolver = new PrefixResolverDefault(resolverNode);
-
- if (!str.equals(xpathStr)) {
- if (str.indexOf("here()") > 0) {
- context.reset();
- }
- xpath = createXPath(str, prefixResolver);
- xpathStr = str;
- }
-
- // Execute the XPath, and have it return the result
- int ctxtNode = context.getDTMHandleFromNode(contextNode);
-
- return xpath.execute(context, ctxtNode, prefixResolver);
- }
-
- private XPath createXPath(String str, PrefixResolver prefixResolver) throws TransformerException {
- XPath xpath = null;
- Class<?>[] classes = new Class[]{String.class, SourceLocator.class, PrefixResolver.class, int.class,
- ErrorListener.class, FunctionTable.class};
- Object[] objects =
- new Object[]{str, null, prefixResolver, Integer.valueOf(XPath.SELECT), null, funcTable};
- try {
- Constructor<?> constructor = XPath.class.getConstructor(classes);
- xpath = (XPath) constructor.newInstance(objects);
- } catch (Exception ex) {
- if (log.isDebugEnabled()) {
- log.debug(ex);
- }
- }
- if (xpath == null) {
- xpath = new XPath(str, null, prefixResolver, XPath.SELECT, null);
- }
- return xpath;
- }
-
- private synchronized static void fixupFunctionTable() {
- installed = false;
- if (log.isDebugEnabled()) {
- log.debug("Registering Here function");
- }
- /**
- * Try to register our here() implementation as internal function.
- */
- try {
- Class<?>[] args = {String.class, Expression.class};
- Method installFunction = FunctionTable.class.getMethod("installFunction", args);
- if ((installFunction.getModifiers() & Modifier.STATIC) != 0) {
- Object[] params = {"here", new FuncHere()};
- installFunction.invoke(null, params);
- installed = true;
- }
- } catch (Exception ex) {
- log.debug("Error installing function using the static installFunction method", ex);
- }
- if (!installed) {
- try {
- funcTable = new FunctionTable();
- Class<?>[] args = {String.class, Class.class};
- Method installFunction = FunctionTable.class.getMethod("installFunction", args);
- Object[] params = {"here", FuncHere.class};
- installFunction.invoke(funcTable, params);
- installed = true;
- } catch (Exception ex) {
- log.debug("Error installing function using the static installFunction method", ex);
- }
- }
- if (log.isDebugEnabled()) {
- if (installed) {
- log.debug("Registered class " + FuncHere.class.getName()
- + " for XPath function 'here()' function in internal table");
- } else {
- log.debug("Unable to register class " + FuncHere.class.getName()
- + " for XPath function 'here()' function in internal table");
- }
- }
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils;
-
-
-/**
- * A Factory to return a XalanXPathAPI instance.
- */
-public class XalanXPathFactory extends XPathFactory {
-
- /**
- * Get a new XPathAPI instance
- */
- public XPathAPI newXPathAPI() {
- return new XalanXPathAPI();
- }
-}
+++ /dev/null
-<HTML><HEAD></HEAD><BODY><P>
-general utility classes.
-</P></BODY></HTML>
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils.resolver;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP;
-import org.apache.xml.security.utils.resolver.implementations.ResolverFragment;
-import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
-import org.apache.xml.security.utils.resolver.implementations.ResolverXPointer;
-import org.w3c.dom.Attr;
-
-/**
- * During reference validation, we have to retrieve resources from somewhere.
- * This is done by retrieving a Resolver. The resolver needs two arguments: The
- * URI in which the link to the new resource is defined and the baseURI of the
- * file/entity in which the URI occurs (the baseURI is the same as the SystemId).
- */
-public class ResourceResolver {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ResourceResolver.class);
-
- /** these are the system-wide resolvers */
- private static List<ResourceResolver> resolverList = new ArrayList<ResourceResolver>();
-
- /** Field resolverSpi */
- private final ResourceResolverSpi resolverSpi;
-
- /**
- * Constructor ResourceResolver
- *
- * @param resourceResolver
- */
- public ResourceResolver(ResourceResolverSpi resourceResolver) {
- this.resolverSpi = resourceResolver;
- }
-
- /**
- * Method getInstance
- *
- * @param uri
- * @param baseURI
- * @return the instance
- *
- * @throws ResourceResolverException
- */
- public static final ResourceResolver getInstance(Attr uri, String baseURI)
- throws ResourceResolverException {
- return getInstance(uri, baseURI, false);
- }
-
- /**
- * Method getInstance
- *
- * @param uri
- * @param baseURI
- * @param secureValidation
- * @return the instance
- *
- * @throws ResourceResolverException
- */
- public static final ResourceResolver getInstance(
- Attr uri, String baseURI, boolean secureValidation
- ) throws ResourceResolverException {
- synchronized (resolverList) {
- for (ResourceResolver resolver : resolverList) {
- ResourceResolver resolverTmp = resolver;
- if (!resolver.resolverSpi.engineIsThreadSafe()) {
- try {
- resolverTmp =
- new ResourceResolver(resolver.resolverSpi.getClass().newInstance());
- } catch (InstantiationException e) {
- throw new ResourceResolverException("", e, uri, baseURI);
- } catch (IllegalAccessException e) {
- throw new ResourceResolverException("", e, uri, baseURI);
- }
- }
-
- if (log.isDebugEnabled()) {
- log.debug(
- "check resolvability by class " + resolverTmp.getClass().getName()
- );
- }
-
- resolverTmp.resolverSpi.secureValidation = secureValidation;
- if ((resolverTmp != null) && resolverTmp.canResolve(uri, baseURI)) {
- // Check to see whether the Resolver is allowed
- if (secureValidation
- && (resolverTmp.resolverSpi instanceof ResolverLocalFilesystem
- || resolverTmp.resolverSpi instanceof ResolverDirectHTTP)) {
- Object exArgs[] = { resolverTmp.resolverSpi.getClass().getName() };
- throw new ResourceResolverException(
- "signature.Reference.ForbiddenResolver", exArgs, uri, baseURI
- );
- }
- return resolverTmp;
- }
- }
- }
-
- Object exArgs[] = { ((uri != null) ? uri.getNodeValue() : "null"), baseURI };
-
- throw new ResourceResolverException("utils.resolver.noClass", exArgs, uri, baseURI);
- }
-
- /**
- * Method getInstance
- *
- * @param uri
- * @param baseURI
- * @param individualResolvers
- * @return the instance
- *
- * @throws ResourceResolverException
- */
- public static ResourceResolver getInstance(
- Attr uri, String baseURI, List<ResourceResolver> individualResolvers
- ) throws ResourceResolverException {
- return getInstance(uri, baseURI, individualResolvers, false);
- }
-
- /**
- * Method getInstance
- *
- * @param uri
- * @param baseURI
- * @param individualResolvers
- * @param secureValidation
- * @return the instance
- *
- * @throws ResourceResolverException
- */
- public static ResourceResolver getInstance(
- Attr uri, String baseURI, List<ResourceResolver> individualResolvers, boolean secureValidation
- ) throws ResourceResolverException {
- if (log.isDebugEnabled()) {
- log.debug(
- "I was asked to create a ResourceResolver and got "
- + (individualResolvers == null ? 0 : individualResolvers.size())
- );
- }
-
- // first check the individual Resolvers
- if (individualResolvers != null) {
- for (int i = 0; i < individualResolvers.size(); i++) {
- ResourceResolver resolver = individualResolvers.get(i);
-
- if (resolver != null) {
- if (log.isDebugEnabled()) {
- String currentClass = resolver.resolverSpi.getClass().getName();
- log.debug("check resolvability by class " + currentClass);
- }
-
- resolver.resolverSpi.secureValidation = secureValidation;
- if (resolver.canResolve(uri, baseURI)) {
- return resolver;
- }
- }
- }
- }
-
- return getInstance(uri, baseURI, secureValidation);
- }
-
- /**
- * Registers a ResourceResolverSpi class. This method logs a warning if
- * the class cannot be registered.
- *
- * @param className the name of the ResourceResolverSpi class to be registered
- */
- @SuppressWarnings("unchecked")
- public static void register(String className) {
- try {
- Class<ResourceResolverSpi> resourceResolverClass =
- (Class<ResourceResolverSpi>) Class.forName(className);
- register(resourceResolverClass, false);
- } catch (ClassNotFoundException e) {
- log.warn("Error loading resolver " + className + " disabling it");
- }
- }
-
- /**
- * Registers a ResourceResolverSpi class at the beginning of the provider
- * list. This method logs a warning if the class cannot be registered.
- *
- * @param className the name of the ResourceResolverSpi class to be registered
- */
- @SuppressWarnings("unchecked")
- public static void registerAtStart(String className) {
- try {
- Class<ResourceResolverSpi> resourceResolverClass =
- (Class<ResourceResolverSpi>) Class.forName(className);
- register(resourceResolverClass, true);
- } catch (ClassNotFoundException e) {
- log.warn("Error loading resolver " + className + " disabling it");
- }
- }
-
- /**
- * Registers a ResourceResolverSpi class. This method logs a warning if the class
- * cannot be registered.
- * @param className
- * @param start
- */
- public static void register(Class<? extends ResourceResolverSpi> className, boolean start) {
- try {
- ResourceResolverSpi resourceResolverSpi = className.newInstance();
- register(resourceResolverSpi, start);
- } catch (IllegalAccessException e) {
- log.warn("Error loading resolver " + className + " disabling it");
- } catch (InstantiationException e) {
- log.warn("Error loading resolver " + className + " disabling it");
- }
- }
-
- /**
- * Registers a ResourceResolverSpi instance. This method logs a warning if the class
- * cannot be registered.
- * @param resourceResolverSpi
- * @param start
- */
- public static void register(ResourceResolverSpi resourceResolverSpi, boolean start) {
- synchronized(resolverList) {
- if (start) {
- resolverList.add(0, new ResourceResolver(resourceResolverSpi));
- } else {
- resolverList.add(new ResourceResolver(resourceResolverSpi));
- }
- }
- if (log.isDebugEnabled()) {
- log.debug("Registered resolver: " + resourceResolverSpi.toString());
- }
- }
-
- /**
- * This method registers the default resolvers.
- */
- public static void registerDefaultResolvers() {
- synchronized(resolverList) {
- resolverList.add(new ResourceResolver(new ResolverFragment()));
- resolverList.add(new ResourceResolver(new ResolverLocalFilesystem()));
- resolverList.add(new ResourceResolver(new ResolverXPointer()));
- resolverList.add(new ResourceResolver(new ResolverDirectHTTP()));
- }
- }
-
- /**
- * Method resolve
- *
- * @param uri
- * @param baseURI
- * @return the resource
- *
- * @throws ResourceResolverException
- */
- public XMLSignatureInput resolve(Attr uri, String baseURI)
- throws ResourceResolverException {
- return resolverSpi.engineResolve(uri, baseURI);
- }
-
- /**
- * Method setProperty
- *
- * @param key
- * @param value
- */
- public void setProperty(String key, String value) {
- resolverSpi.engineSetProperty(key, value);
- }
-
- /**
- * Method getProperty
- *
- * @param key
- * @return the value of the property
- */
- public String getProperty(String key) {
- return resolverSpi.engineGetProperty(key);
- }
-
- /**
- * Method addProperties
- *
- * @param properties
- */
- public void addProperties(Map<String, String> properties) {
- resolverSpi.engineAddProperies(properties);
- }
-
- /**
- * Method getPropertyKeys
- *
- * @return all property keys.
- */
- public String[] getPropertyKeys() {
- return resolverSpi.engineGetPropertyKeys();
- }
-
- /**
- * Method understandsProperty
- *
- * @param propertyToTest
- * @return true if the resolver understands the property
- */
- public boolean understandsProperty(String propertyToTest) {
- return resolverSpi.understandsProperty(propertyToTest);
- }
-
- /**
- * Method canResolve
- *
- * @param uri
- * @param baseURI
- * @return true if it can resolve the uri
- */
- private boolean canResolve(Attr uri, String baseURI) {
- return resolverSpi.engineCanResolve(uri, baseURI);
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils.resolver;
-
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.w3c.dom.Attr;
-
-/**
- * This Exception is thrown if something related to the
- * {@link org.apache.xml.security.utils.resolver.ResourceResolver} goes wrong.
- *
- * @author $Author: coheigea $
- */
-public class ResourceResolverException extends XMLSecurityException {
-
- private static final long serialVersionUID = 1L;
-
- private Attr uri = null;
-
- private String baseURI = null;
-
- /**
- * Constructor ResourceResolverException
- *
- * @param msgID
- * @param uri
- * @param baseURI
- */
- public ResourceResolverException(String msgID, Attr uri, String baseURI) {
- super(msgID);
-
- this.uri = uri;
- this.baseURI = baseURI;
- }
-
- /**
- * Constructor ResourceResolverException
- *
- * @param msgID
- * @param exArgs
- * @param uri
- * @param baseURI
- */
- public ResourceResolverException(String msgID, Object exArgs[], Attr uri,
- String baseURI) {
- super(msgID, exArgs);
-
- this.uri = uri;
- this.baseURI = baseURI;
- }
-
- /**
- * Constructor ResourceResolverException
- *
- * @param msgID
- * @param originalException
- * @param uri
- * @param baseURI
- */
- public ResourceResolverException(String msgID, Exception originalException,
- Attr uri, String baseURI) {
- super(msgID, originalException);
-
- this.uri = uri;
- this.baseURI = baseURI;
- }
-
- /**
- * Constructor ResourceResolverException
- *
- * @param msgID
- * @param exArgs
- * @param originalException
- * @param uri
- * @param baseURI
- */
- public ResourceResolverException(String msgID, Object exArgs[],
- Exception originalException, Attr uri,
- String baseURI) {
- super(msgID, exArgs, originalException);
-
- this.uri = uri;
- this.baseURI = baseURI;
- }
-
- /**
- *
- * @param uri
- */
- public void setURI(Attr uri) {
- this.uri = uri;
- }
-
- /**
- *
- * @return the uri
- */
- public Attr getURI() {
- return this.uri;
- }
-
- /**
- *
- * @param baseURI
- */
- public void setbaseURI(String baseURI) {
- this.baseURI = baseURI;
- }
-
- /**
- *
- * @return the baseURI
- */
- public String getbaseURI() {
- return this.baseURI;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils.resolver;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.w3c.dom.Attr;
-
-/**
- * During reference validation, we have to retrieve resources from somewhere.
- *
- * @author $Author: coheigea $
- */
-public abstract class ResourceResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ResourceResolverSpi.class);
-
- /** Field properties */
- protected java.util.Map<String, String> properties = null;
-
- protected boolean secureValidation;
-
- /**
- * This is the workhorse method used to resolve resources.
- *
- * @param uri
- * @param BaseURI
- * @return the resource wrapped around a XMLSignatureInput
- *
- * @throws ResourceResolverException
- */
- public abstract XMLSignatureInput engineResolve(Attr uri, String BaseURI)
- throws ResourceResolverException;
-
- /**
- * Method engineSetProperty
- *
- * @param key
- * @param value
- */
- public void engineSetProperty(String key, String value) {
- if (properties == null) {
- properties = new HashMap<String, String>();
- }
- properties.put(key, value);
- }
-
- /**
- * Method engineGetProperty
- *
- * @param key
- * @return the value of the property
- */
- public String engineGetProperty(String key) {
- if (properties == null) {
- return null;
- }
- return properties.get(key);
- }
-
- /**
- *
- * @param newProperties
- */
- public void engineAddProperies(Map<String, String> newProperties) {
- if (newProperties != null && !newProperties.isEmpty()) {
- if (properties == null) {
- properties = new HashMap<String, String>();
- }
- properties.putAll(newProperties);
- }
- }
-
- /**
- * Tells if the implementation does can be reused by several threads safely.
- * It normally means that the implementation does not have any member, or there is
- * member change between engineCanResolve & engineResolve invocations. Or it maintains all
- * member info in ThreadLocal methods.
- */
- public boolean engineIsThreadSafe() {
- return false;
- }
-
- /**
- * This method helps the {@link ResourceResolver} to decide whether a
- * {@link ResourceResolverSpi} is able to perform the requested action.
- *
- * @param uri
- * @param BaseURI
- * @return true if the engine can resolve the uri
- */
- public abstract boolean engineCanResolve(Attr uri, String BaseURI);
-
- /**
- * Method engineGetPropertyKeys
- *
- * @return the property keys
- */
- public String[] engineGetPropertyKeys() {
- return new String[0];
- }
-
- /**
- * Method understandsProperty
- *
- * @param propertyToTest
- * @return true if understands the property
- */
- public boolean understandsProperty(String propertyToTest) {
- String[] understood = this.engineGetPropertyKeys();
-
- if (understood != null) {
- for (int i = 0; i < understood.length; i++) {
- if (understood[i].equals(propertyToTest)) {
- return true;
- }
- }
- }
-
- return false;
- }
-
-
- /**
- * Fixes a platform dependent filename to standard URI form.
- *
- * @param str The string to fix.
- *
- * @return Returns the fixed URI string.
- */
- public static String fixURI(String str) {
-
- // handle platform dependent strings
- str = str.replace(java.io.File.separatorChar, '/');
-
- if (str.length() >= 4) {
-
- // str =~ /^\W:\/([^/])/ # to speak perl ;-))
- char ch0 = Character.toUpperCase(str.charAt(0));
- char ch1 = str.charAt(1);
- char ch2 = str.charAt(2);
- char ch3 = str.charAt(3);
- boolean isDosFilename = ((('A' <= ch0) && (ch0 <= 'Z'))
- && (ch1 == ':') && (ch2 == '/')
- && (ch3 != '/'));
-
- if (isDosFilename && log.isDebugEnabled()) {
- log.debug("Found DOS filename: " + str);
- }
- }
-
- // Windows fix
- if (str.length() >= 2) {
- char ch1 = str.charAt(1);
-
- if (ch1 == ':') {
- char ch0 = Character.toUpperCase(str.charAt(0));
-
- if (('A' <= ch0) && (ch0 <= 'Z')) {
- str = "/" + str;
- }
- }
- }
-
- // done
- return str;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.xml.security.utils.resolver.implementations;
-
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
-import org.w3c.dom.Attr;
-
-/**
- * @author $Author: coheigea $
- */
-public class ResolverAnonymous extends ResourceResolverSpi {
-
- private XMLSignatureInput input = null;
-
- @Override
- public boolean engineIsThreadSafe() {
- return true;
- }
-
- /**
- * @param filename
- * @throws FileNotFoundException
- * @throws IOException
- */
- public ResolverAnonymous(String filename) throws FileNotFoundException, IOException {
- this.input = new XMLSignatureInput(new FileInputStream(filename));
- }
-
- /**
- * @param is
- */
- public ResolverAnonymous(InputStream is) {
- this.input = new XMLSignatureInput(is);
- }
-
- /** @inheritDoc */
- public XMLSignatureInput engineResolve(Attr uri, String baseURI) {
- return this.input;
- }
-
- /**
- * @inheritDoc
- */
- public boolean engineCanResolve(Attr uri, String baseURI) {
- if (uri == null) {
- return true;
- }
- return false;
- }
-
- /** @inheritDoc */
- public String[] engineGetPropertyKeys() {
- return new String[0];
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils.resolver.implementations;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.InetSocketAddress;
-import java.net.MalformedURLException;
-import java.net.Proxy;
-import java.net.URISyntaxException;
-import java.net.URI;
-import java.net.URL;
-import java.net.URLConnection;
-
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.Base64;
-import org.apache.xml.security.utils.resolver.ResourceResolverException;
-import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
-import org.w3c.dom.Attr;
-
-/**
- * A simple ResourceResolver for HTTP requests. This class handles only 'pure'
- * HTTP URIs which means without a fragment. The Fragment handling is done by the
- * {@link ResolverFragment} class.
- * <BR>
- * If the user has a corporate HTTP proxy which is to be used, the usage can be
- * switched on by setting properties for the resolver:
- * <PRE>
- * resourceResolver.setProperty("http.proxy.host", "proxy.company.com");
- * resourceResolver.setProperty("http.proxy.port", "8080");
- *
- * // if we need a password for the proxy
- * resourceResolver.setProperty("http.proxy.username", "proxyuser3");
- * resourceResolver.setProperty("http.proxy.password", "secretca");
- * </PRE>
- *
- * @author $Author: giger $
- * @see <A HREF="http://www.javaworld.com/javaworld/javatips/jw-javatip42_p.html">Java Tip 42: Write Java apps that work with proxy-based firewalls</A>
- * @see <A HREF="http://java.sun.com/j2se/1.4/docs/guide/net/properties.html">SUN J2SE docs for network properties</A>
- * @see <A HREF="http://metalab.unc.edu/javafaq/javafaq.html#proxy">The JAVA FAQ Question 9.5: How do I make Java work with a proxy server?</A>
- */
-public class ResolverDirectHTTP extends ResourceResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ResolverDirectHTTP.class);
-
- /** Field properties[] */
- private static final String properties[] = {
- "http.proxy.host", "http.proxy.port",
- "http.proxy.username", "http.proxy.password",
- "http.basic.username", "http.basic.password"
- };
-
- /** Field HttpProxyHost */
- private static final int HttpProxyHost = 0;
-
- /** Field HttpProxyPort */
- private static final int HttpProxyPort = 1;
-
- /** Field HttpProxyUser */
- private static final int HttpProxyUser = 2;
-
- /** Field HttpProxyPass */
- private static final int HttpProxyPass = 3;
-
- /** Field HttpProxyUser */
- private static final int HttpBasicUser = 4;
-
- /** Field HttpProxyPass */
- private static final int HttpBasicPass = 5;
-
- @Override
- public boolean engineIsThreadSafe() {
- return true;
- }
-
- /**
- * Method resolve
- *
- * @param uri
- * @param baseURI
- *
- * @throws ResourceResolverException
- * @return
- * $todo$ calculate the correct URI from the attribute and the baseURI
- */
- public XMLSignatureInput engineResolve(Attr uri, String baseURI)
- throws ResourceResolverException {
- try {
-
- // calculate new URI
- URI uriNew = getNewURI(uri.getNodeValue(), baseURI);
- URL url = uriNew.toURL();
- URLConnection urlConnection;
- urlConnection = openConnection(url);
-
- // check if Basic authentication is required
- String auth = urlConnection.getHeaderField("WWW-Authenticate");
-
- if (auth != null && auth.startsWith("Basic")) {
- // do http basic authentication
- String user =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicUser]);
- String pass =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicPass]);
-
- if ((user != null) && (pass != null)) {
- urlConnection = openConnection(url);
-
- String password = user + ":" + pass;
- String encodedPassword = Base64.encode(password.getBytes("ISO-8859-1"));
-
- // set authentication property in the http header
- urlConnection.setRequestProperty("Authorization",
- "Basic " + encodedPassword);
- }
- }
-
- String mimeType = urlConnection.getHeaderField("Content-Type");
- InputStream inputStream = urlConnection.getInputStream();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- byte buf[] = new byte[4096];
- int read = 0;
- int summarized = 0;
-
- while ((read = inputStream.read(buf)) >= 0) {
- baos.write(buf, 0, read);
- summarized += read;
- }
-
- if (log.isDebugEnabled()) {
- log.debug("Fetched " + summarized + " bytes from URI " + uriNew.toString());
- }
-
- XMLSignatureInput result = new XMLSignatureInput(baos.toByteArray());
-
- result.setSourceURI(uriNew.toString());
- result.setMIMEType(mimeType);
-
- return result;
- } catch (URISyntaxException ex) {
- throw new ResourceResolverException("generic.EmptyMessage", ex, uri, baseURI);
- } catch (MalformedURLException ex) {
- throw new ResourceResolverException("generic.EmptyMessage", ex, uri, baseURI);
- } catch (IOException ex) {
- throw new ResourceResolverException("generic.EmptyMessage", ex, uri, baseURI);
- } catch (IllegalArgumentException e) {
- throw new ResourceResolverException("generic.EmptyMessage", e, uri, baseURI);
- }
- }
-
- private URLConnection openConnection(URL url) throws IOException {
-
- String proxyHostProp =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyHost]);
- String proxyPortProp =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPort]);
- String proxyUser =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyUser]);
- String proxyPass =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPass]);
-
- Proxy proxy = null;
- if ((proxyHostProp != null) && (proxyPortProp != null)) {
- int port = Integer.parseInt(proxyPortProp);
- proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHostProp, port));
- }
-
- URLConnection urlConnection;
- if (proxy != null) {
- urlConnection = url.openConnection(proxy);
-
- if ((proxyUser != null) && (proxyPass != null)) {
- String password = proxyUser + ":" + proxyPass;
- String authString = "Basic " + Base64.encode(password.getBytes("ISO-8859-1"));
-
- urlConnection.setRequestProperty("Proxy-Authorization", authString);
- }
- } else {
- urlConnection = url.openConnection();
- }
-
- return urlConnection;
- }
-
- /**
- * We resolve http URIs <I>without</I> fragment...
- *
- * @param uri
- * @param baseURI
- * @return true if can be resolved
- */
- public boolean engineCanResolve(Attr uri, String baseURI) {
- if (uri == null) {
- if (log.isDebugEnabled()) {
- log.debug("quick fail, uri == null");
- }
- return false;
- }
-
- String uriNodeValue = uri.getNodeValue();
-
- if (uriNodeValue.equals("") || (uriNodeValue.charAt(0)=='#')) {
- if (log.isDebugEnabled()) {
- log.debug("quick fail for empty URIs and local ones");
- }
- return false;
- }
-
- if (log.isDebugEnabled()) {
- log.debug("I was asked whether I can resolve " + uriNodeValue);
- }
-
- if (uriNodeValue.startsWith("http:") ||
- (baseURI != null && baseURI.startsWith("http:") )) {
- if (log.isDebugEnabled()) {
- log.debug("I state that I can resolve " + uriNodeValue);
- }
- return true;
- }
-
- if (log.isDebugEnabled()) {
- log.debug("I state that I can't resolve " + uriNodeValue);
- }
-
- return false;
- }
-
- /**
- * @inheritDoc
- */
- public String[] engineGetPropertyKeys() {
- return ResolverDirectHTTP.properties.clone();
- }
-
- private static URI getNewURI(String uri, String baseURI) throws URISyntaxException {
- URI newUri = null;
- if (baseURI == null || "".equals(baseURI)) {
- newUri = new URI(uri);
- } else {
- newUri = new URI(baseURI).resolve(uri);
- }
-
- // if the URI contains a fragment, ignore it
- if (newUri.getFragment() != null) {
- URI uriNewNoFrag =
- new URI(newUri.getScheme(), newUri.getSchemeSpecificPart(), null);
- return uriNewNoFrag;
- }
- return newUri;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils.resolver.implementations;
-
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolverException;
-import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * This resolver is used for resolving same-document URIs like URI="" of URI="#id".
- *
- * @author $Author: coheigea $
- * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel">The Reference processing model in the XML Signature spec</A>
- * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#sec-Same-Document">Same-Document URI-References in the XML Signature spec</A>
- * @see <A HREF="http://www.ietf.org/rfc/rfc2396.txt">Section 4.2 of RFC 2396</A>
- */
-public class ResolverFragment extends ResourceResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ResolverFragment.class);
-
- @Override
- public boolean engineIsThreadSafe() {
- return true;
- }
-
- /**
- * Method engineResolve
- *
- * @inheritDoc
- * @param uri
- * @param baseURI
- */
- public XMLSignatureInput engineResolve(Attr uri, String baseURI)
- throws ResourceResolverException {
-
- String uriNodeValue = uri.getNodeValue();
- Document doc = uri.getOwnerElement().getOwnerDocument();
-
- Node selectedElem = null;
- if (uriNodeValue.equals("")) {
- /*
- * Identifies the node-set (minus any comment nodes) of the XML
- * resource containing the signature
- */
- if (log.isDebugEnabled()) {
- log.debug("ResolverFragment with empty URI (means complete document)");
- }
- selectedElem = doc;
- } else {
- /*
- * URI="#chapter1"
- * Identifies a node-set containing the element with ID attribute
- * value 'chapter1' of the XML resource containing the signature.
- * XML Signature (and its applications) modify this node-set to
- * include the element plus all descendants including namespaces and
- * attributes -- but not comments.
- */
- String id = uriNodeValue.substring(1);
-
- selectedElem = doc.getElementById(id);
- if (selectedElem == null) {
- Object exArgs[] = { id };
- throw new ResourceResolverException(
- "signature.Verification.MissingID", exArgs, uri, baseURI
- );
- }
- if (secureValidation) {
- Element start = uri.getOwnerDocument().getDocumentElement();
- if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
- Object exArgs[] = { id };
- throw new ResourceResolverException(
- "signature.Verification.MultipleIDs", exArgs, uri, baseURI
- );
- }
- }
- if (log.isDebugEnabled()) {
- log.debug(
- "Try to catch an Element with ID " + id + " and Element was " + selectedElem
- );
- }
- }
-
- XMLSignatureInput result = new XMLSignatureInput(selectedElem);
- result.setExcludeComments(true);
-
- result.setMIMEType("text/xml");
- if (baseURI != null && baseURI.length() > 0) {
- result.setSourceURI(baseURI.concat(uri.getNodeValue()));
- } else {
- result.setSourceURI(uri.getNodeValue());
- }
- return result;
- }
-
- /**
- * Method engineCanResolve
- * @inheritDoc
- * @param uri
- * @param baseURI
- */
- public boolean engineCanResolve(Attr uri, String baseURI) {
- if (uri == null) {
- if (log.isDebugEnabled()) {
- log.debug("Quick fail for null uri");
- }
- return false;
- }
-
- String uriNodeValue = uri.getNodeValue();
- if (uriNodeValue.equals("") ||
- ((uriNodeValue.charAt(0) == '#') && !uriNodeValue.startsWith("#xpointer("))
- ) {
- if (log.isDebugEnabled()) {
- log.debug("State I can resolve reference: \"" + uriNodeValue + "\"");
- }
- return true;
- }
- if (log.isDebugEnabled()) {
- log.debug("Do not seem to be able to resolve reference: \"" + uriNodeValue + "\"");
- }
- return false;
- }
-
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils.resolver.implementations;
-
-import java.io.FileInputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URLDecoder;
-import org.apache.commons.httpclient.URIException;
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.resolver.ResourceResolverException;
-import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
-import org.w3c.dom.Attr;
-
-/**
- * A simple ResourceResolver for requests into the local filesystem.
- *
- * @author $Author: coheigea $
- */
-public class ResolverLocalFilesystem extends ResourceResolverSpi {
-
- private static final int FILE_URI_LENGTH = "file:/".length();\r
-\r
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ResolverLocalFilesystem.class);
-
- @Override
- public boolean engineIsThreadSafe() {
- return true;
- }
-
- /**
- * @inheritDoc
- */
- public XMLSignatureInput engineResolve(Attr uri, String baseURI)
- throws ResourceResolverException {
- try {
- // calculate new URI
-
- String fileName = null; \r
- int startIndex = 0;\r
-
- if(baseURI.matches(".*.+")) {
-
- String tempbaseURI = null;
- for(String SplitbaseURI : baseURI.split("\\+"))
- {
- tempbaseURI += "+";
- tempbaseURI += URLDecoder.decode(SplitbaseURI, "UTF-8");
- }
-
- startIndex = tempbaseURI.indexOf("file:");\r
- baseURI = tempbaseURI.substring(startIndex);\r
- }
- else {
- baseURI = URLDecoder.decode(baseURI, "UTF-8");
- }
-
- if(baseURI.matches(".*.+")) {\r
- \r
- String tempbaseURI = null; \r
- for(String SplitbaseURI : baseURI.split("\\+"))\r
- {\r
- tempbaseURI += org.apache.commons.httpclient.util.URIUtil.encodePathQuery("+");\r
- tempbaseURI += org.apache.commons.httpclient.util.URIUtil.encodePathQuery(SplitbaseURI);\r
- }\r
- \r
- startIndex = tempbaseURI.indexOf("file:");\r
- baseURI = tempbaseURI.substring(startIndex);\r
- }\r
- else {\r
- baseURI =org.apache.commons.httpclient.util.URIUtil.encodePathQuery(baseURI);\r
- }\r
-
- URI uriNew = getNewURI(uri.getNodeValue(), baseURI);\r
-
- fileName = ResolverLocalFilesystem\r
- .translateUriToFilename(uriNew.toString());\r
- \r
- FileInputStream inputStream = new FileInputStream(fileName);\r
- XMLSignatureInput result = new XMLSignatureInput(inputStream);\r
-\r
- result.setSourceURI(uriNew.toString());\r
-
-// inputStream.close();\r
-\r
- return result;\r
- } catch (Exception e) {\r
- throw new ResourceResolverException("generic.EmptyMessage", e, uri,\r
- baseURI);\r
- }\r
- }\r
-
- /**
- * Method translateUriToFilename
- *
- * @param uri
- * @return the string of the filename
- * @throws URIException
- */
- private static String translateUriToFilename(String uri) throws URIException {
-
- String subStr = uri.substring(FILE_URI_LENGTH);
-
- subStr = org.apache.commons.httpclient.util.URIUtil.decode(subStr);
-
- if (subStr.charAt(1) == ':') {
- // we're running M$ Windows, so this works fine
- return subStr;
- }
- // we're running some UNIX, so we have to prepend a slash
- return "/" + subStr;
- }
-
- /**
- * @inheritDoc
- */
- public boolean engineCanResolve(Attr uri, String baseURI) {
- if (uri == null) {
- return false;
- }
-
- String uriNodeValue = uri.getNodeValue();
-
- if (uriNodeValue.equals("") || (uriNodeValue.charAt(0)=='#') ||
- uriNodeValue.startsWith("http:")) {
- return false;
- }
-
- try {
- if (log.isDebugEnabled()) {
- log.debug("I was asked whether I can resolve " + uriNodeValue);
- }
-
- if (uriNodeValue.startsWith("file:") || baseURI.startsWith("file:")) {
- if (log.isDebugEnabled()) {
- log.debug("I state that I can resolve " + uriNodeValue);
- }
- return true;
- }
- } catch (Exception e) {
- if (log.isDebugEnabled()) {
- log.debug(e);
- }
- }
-
- if (log.isDebugEnabled()) {
- log.debug("But I can't");
- }
-
- return false;
- }
-
- private static URI getNewURI(String uri, String baseURI) throws URISyntaxException {
- URI newUri = null;
- if (baseURI == null || "".equals(baseURI)) {
- newUri = new URI(uri);
- } else {
- // for processing "?" issue
- //newUri = new URI(baseURI).resolve(uri);
- newUri = new URI(baseURI + uri);
- }
-
- // if the URI contains a fragment, ignore it
- if (newUri.getFragment() != null) {
- URI uriNewNoFrag =
- new URI(newUri.getScheme(), newUri.getSchemeSpecificPart(), null);
- return uriNewNoFrag;
- }
- return newUri;
- }
-}
+++ /dev/null
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.xml.security.utils.resolver.implementations;
-
-import org.apache.xml.security.signature.XMLSignatureInput;
-import org.apache.xml.security.utils.XMLUtils;
-import org.apache.xml.security.utils.resolver.ResourceResolverException;
-import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * Handles barename XPointer Reference URIs.
- * <BR />
- * To retain comments while selecting an element by an identifier ID,
- * use the following full XPointer: URI='#xpointer(id('ID'))'.
- * <BR />
- * To retain comments while selecting the entire document,
- * use the following full XPointer: URI='#xpointer(/)'.
- * This XPointer contains a simple XPath expression that includes
- * the root node, which the second to last step above replaces with all
- * nodes of the parse tree (all descendants, plus all attributes,
- * plus all namespaces nodes).
- *
- * @author $Author: coheigea $
- */
-public class ResolverXPointer extends ResourceResolverSpi {
-
- /** {@link org.apache.commons.logging} logging facility */
- private static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(ResolverXPointer.class);
-
- private static final String XP = "#xpointer(id(";
- private static final int XP_LENGTH = XP.length();
-
- @Override
- public boolean engineIsThreadSafe() {
- return true;
- }
-
- /**
- * @inheritDoc
- */
- public XMLSignatureInput engineResolve(Attr uri, String baseURI)
- throws ResourceResolverException {
-
- Node resultNode = null;
- Document doc = uri.getOwnerElement().getOwnerDocument();
-
- String uriStr = uri.getNodeValue();
- if (isXPointerSlash(uriStr)) {
- resultNode = doc;
- } else if (isXPointerId(uriStr)) {
- String id = getXPointerId(uriStr);
- resultNode = doc.getElementById(id);
-
- if (secureValidation) {
- Element start = uri.getOwnerDocument().getDocumentElement();
- if (!XMLUtils.protectAgainstWrappingAttack(start, id)) {
- Object exArgs[] = { id };
- throw new ResourceResolverException(
- "signature.Verification.MultipleIDs", exArgs, uri, baseURI
- );
- }
- }
-
- if (resultNode == null) {
- Object exArgs[] = { id };
-
- throw new ResourceResolverException(
- "signature.Verification.MissingID", exArgs, uri, baseURI
- );
- }
- }
-
- XMLSignatureInput result = new XMLSignatureInput(resultNode);
-
- result.setMIMEType("text/xml");
- if (baseURI != null && baseURI.length() > 0) {
- result.setSourceURI(baseURI.concat(uri.getNodeValue()));
- } else {
- result.setSourceURI(uri.getNodeValue());
- }
-
- return result;
- }
-
- /**
- * @inheritDoc
- */
- public boolean engineCanResolve(Attr uri, String baseURI) {
- if (uri == null) {
- return false;
- }
- String uriStr = uri.getNodeValue();
- if (isXPointerSlash(uriStr) || isXPointerId(uriStr)) {
- return true;
- }
-
- return false;
- }
-
- /**
- * Method isXPointerSlash
- *
- * @param uri
- * @return true if begins with xpointer
- */
- private static boolean isXPointerSlash(String uri) {
- if (uri.equals("#xpointer(/)")) {
- return true;
- }
-
- return false;
- }
-
- /**
- * Method isXPointerId
- *
- * @param uri
- * @return whether it has an xpointer id
- */
- private static boolean isXPointerId(String uri) {
- if (uri.startsWith(XP) && uri.endsWith("))")) {
- String idPlusDelim = uri.substring(XP_LENGTH, uri.length() - 2);
-
- int idLen = idPlusDelim.length() -1;
- if (((idPlusDelim.charAt(0) == '"') && (idPlusDelim.charAt(idLen) == '"'))
- || ((idPlusDelim.charAt(0) == '\'') && (idPlusDelim.charAt(idLen) == '\''))) {
- if (log.isDebugEnabled()) {
- log.debug("Id = " + idPlusDelim.substring(1, idLen));
- }
- return true;
- }
- }
-
- return false;
- }
-
- /**
- * Method getXPointerId
- *
- * @param uri
- * @return xpointerId to search.
- */
- private static String getXPointerId(String uri) {
- if (uri.startsWith(XP) && uri.endsWith("))")) {
- String idPlusDelim = uri.substring(XP_LENGTH,uri.length() - 2);
-
- int idLen = idPlusDelim.length() -1;
- if (((idPlusDelim.charAt(0) == '"') && (idPlusDelim.charAt(idLen) == '"'))
- || ((idPlusDelim.charAt(0) == '\'') && (idPlusDelim.charAt(idLen) == '\''))) {
- return idPlusDelim.substring(1, idLen);
- }
- }
-
- return null;
- }
-}
+++ /dev/null
-<HTML>
-<HEAD> </HEAD>
-<BODY>
-<P>
-implememtations of different ResourceResolver classes used to resolve ds:Reference URIs.
-</P>
-</BODY>
-</HTML>
+++ /dev/null
-<HTML>
-<HEAD> </HEAD>
-<BODY>
-<P>
-the ResourceResolver classes used to resolve ds:Reference URIs.
-</P>
-</BODY>
-</HTML>
import static org.tizen.common.util.IOUtil.tryClose;
-import hashsign.HashingSigning;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException;
import org.tizen.common.sign.preferences.SigningProfile;
import org.tizen.common.sign.preferences.SigningProfileContainer;
import org.tizen.common.sign.preferences.SigningProfileItem;
+import org.tizen.common.sign.signer.TizenIncrementalSigner;
import org.tizen.common.util.Assert;
import org.tizen.common.util.StringUtil;
protected void checkPkcs12Password(SigningProfileItem item) throws CertificationException {
boolean isCorrectPassword = false;
+ String path = item.getKeyLocation();
try {
char[] pass = item.getPassword();
String password = pass == null ? StringUtil.EMPTY_STRING : new String( pass );
- String path = item.getKeyLocation();
- isCorrectPassword = HashingSigning.CheckPkcs12Password( path, password );
+
+ isCorrectPassword = TizenIncrementalSigner.checkCertificatePassword( path, password );
} catch (FileNotFoundException e) {
- throw new CertificationException( "Certificate file not found", e );
+ throw new CertificationException( "Certificate file not found : " + path, e );
} catch (NoSuchAlgorithmException e) {
throw new CertificationException( "Not supported certificate file format", e );
} catch (CertificateException e) {
throw new CertificationException( "Could not load a certificate for PKCS12 format", e );
} catch (KeyStoreException e) {
throw new CertificationException( "Could not find a keystore", e );
- } catch (IOException e) {
- throw new CertificationException( "Failed to manipulate a certificate", e );
}
if ( !isCorrectPassword ) {
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign.model;
+
+/**
+ * This class is intended for delta model.
+ *
+ * @author JIhoon Song {@literal<jihoon80.song@samsung.com>}
+ */
+public class Delta {
+
+ protected String realPath;
+ protected DeltaState state;
+ protected String uri;
+
+ public Delta(String realPath, DeltaState state, String uri) {
+ this.realPath = realPath;
+ this.state = state;
+ this.uri = uri;
+ }
+
+ public String getRealPath() {
+ return realPath;
+ }
+
+ public DeltaState getState() {
+ return state;
+ }
+
+ public String getUri() {
+ return uri;
+ }
+
+ @Override
+ public String toString() {
+ return new StringBuilder().append( "Delta [realPath=" ).append( realPath )
+ .append( ", state=" ).append( state )
+ .append( ", uri=" ).append( uri ).append( "]" ).toString();
+ }
+}
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign.model;
+
+import org.tizen.common.util.StringUtil;
+
+/**
+ * This class is intended for kinds of delta state
+ *
+ * @author JIhoon Song {@literal<jihoon80.song@samsung.com>}
+ */
+public enum DeltaState {
+ Changed, Deleted, Nothing;
+
+ /**
+ * Get an abbreviation of name<br>
+ * For example, abbreviation of Changed is a 'C'.
+ *
+ * @return abbreviation of name
+ */
+ public char getAbbreviation() {
+ return this.name().charAt( 0 );
+ }
+
+ /**
+ * @param abbreviation name with first character
+ * @return If found, returns an abbreviation. Otherwise, returns Nothing.
+ */
+ public static DeltaState getValue(String abbreviation) {
+ if ( StringUtil.isEmpty( abbreviation ) ) {
+ return DeltaState.Nothing;
+ }
+
+ return getValue( abbreviation.charAt( 0 ) );
+ }
+
+ /**
+ * @param abbreviation first character of name
+ * @return If found, returns an abbreviation. Otherwise, returns Nothing.
+ */
+ public static DeltaState getValue(char abbreviation) {
+ for ( DeltaState state : DeltaState.values() ) {
+ if ( state.getAbbreviation() == abbreviation ) {
+ return state;
+ }
+ }
+
+ return DeltaState.Nothing;
+ }
+}
--- /dev/null
+package org.tizen.common.sign.model;
+
+import java.util.Arrays;
+
+import org.tizen.common.util.Assert;
+
+
+public class ReferenceCache {
+
+ protected String uri;
+ protected byte[] digestValue;
+
+
+ public ReferenceCache(String uri, byte[] digestValue) {
+ Assert.notNull( uri );
+ Assert.notNull( digestValue );
+
+ this.uri = uri;
+ this.digestValue = digestValue;
+ }
+
+ public String getUri() {
+ return this.uri;
+ }
+
+ public byte[] getDigestValue() {
+ return this.digestValue;
+ }
+
+ @Override
+ public String toString() {
+ return new StringBuilder()
+ .append( "uri=").append( uri )
+ .append( ", digestValue=").append( new String( digestValue ) )
+ .toString();
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + Arrays.hashCode(digestValue);
+ result = prime * result + ((uri == null) ? 0 : uri.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ ReferenceCache other = (ReferenceCache) obj;
+ if (!Arrays.equals(digestValue, other.digestValue))
+ return false;
+ if (uri == null) {
+ if (other.uri != null)
+ return false;
+ } else if (!uri.equals(other.uri))
+ return false;
+ return true;
+ }
+}
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign.model;
+
+import java.io.File;
+import java.io.OutputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.math.BigInteger;
+
+import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.signature.Manifest;
+import org.apache.xml.security.signature.Reference;
+import org.apache.xml.security.signature.ReferenceNotInitializedException;
+import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.signature.reference.ReferenceData;
+import org.apache.xml.security.transforms.InvalidTransformException;
+import org.apache.xml.security.transforms.TransformationException;
+import org.apache.xml.security.transforms.Transforms;
+import org.slf4j.Logger;
+import static org.slf4j.LoggerFactory.*;
+
+import org.tizen.common.sign.util.SignatureUtility;
+import org.tizen.common.util.Assert;
+import org.tizen.common.util.ReflectionUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+/**
+ * This class is intended for delegating inner class about the Reference class.<br>
+ * Because this has super class calling problem,
+ * It must be called to the setReference method before an instance is created.
+ *
+ * @author JIhoon Song {@literal<jihoon80.song@samsung.com>}
+ */
+public class ReferenceDelegator extends Reference {
+
+ protected static final Logger logger = getLogger( ReferenceDelegator.class );
+
+ protected static Reference referenceForInit; // for instantiation
+
+ protected Reference reference; // for delegation
+
+ protected byte[] digestValue; // cached digest value
+ protected String realPath; // real path of resource for calculating a digest value.
+
+
+ /**
+ * Set Reference instance for delegation.
+ * It must be called before an instance is created.
+ *
+ * @param reference for delegation
+ */
+ public static void setReference(Reference reference) {
+ Assert.notNull( reference );
+ referenceForInit = reference;
+ }
+
+ /**
+ * Will use a cached value without calculating process.
+ *
+ * @param element an element of delegated reference.
+ * @param baseURI a baseURI of delegated reference.
+ * @param manifest a manifest of delegated reference.
+ * @param digestValue the cached value.
+ * @throws XMLSecurityException
+ */
+ public ReferenceDelegator(Element element, String baseURI,
+ Manifest manifest, byte[] digestValue) throws XMLSecurityException {
+ super(element, baseURI, manifest);
+ this.digestValue = digestValue;
+
+ referenceForInit = null;
+ }
+
+ /**
+ * Will calculate a digest value by the real path
+ *
+ * @param element an element of delegated reference.
+ * @param baseURI a baseURI of delegated reference.
+ * @param manifest a manifest of delegated reference.
+ * @param realPath the real path of resource for calculating a digest value.
+ * @throws XMLSecurityException
+ */
+ public ReferenceDelegator(Element element, String baseURI,
+ Manifest manifest, String realPath) throws XMLSecurityException {
+ super(element, baseURI, manifest);
+ this.realPath = realPath;
+
+ referenceForInit = null;
+ }
+
+ private Reference getReference() {
+ if ( this.reference == null ) {
+ Assert.notNull( referenceForInit, "The setReference method must be called before an instance is created" );
+ this.reference = referenceForInit;
+ }
+
+ return this.reference;
+ }
+
+ @Override
+ public MessageDigestAlgorithm getMessageDigestAlgorithm()
+ throws XMLSignatureException {
+ return getReference().getMessageDigestAlgorithm();
+ }
+
+ @Override
+ public void setURI(String uri) {
+ getReference().setURI(uri);
+ }
+
+ @Override
+ public String getURI() {
+ return getReference().getURI();
+ }
+
+ @Override
+ public void setId(String id) {
+ getReference().setId(id);
+ }
+
+ @Override
+ public String getId() {
+ return getReference().getId();
+ }
+
+ @Override
+ public void setType(String type) {
+ getReference().setType(type);
+ }
+
+ @Override
+ public String getType() {
+ return getReference().getType();
+ }
+
+ @Override
+ public boolean typeIsReferenceToObject() {
+ return getReference().typeIsReferenceToObject();
+ }
+
+ @Override
+ public boolean typeIsReferenceToManifest() {
+ return getReference().typeIsReferenceToManifest();
+ }
+
+ /**
+ * Override the generateDigestValue method for additional purposes.<br>
+ *
+ * If the URI of delegated reference is a signature file, call the original method.<br>
+ * If the real path is exist, replace current URI with it and generate a digest value. and then restore current URI.<br>
+ * Otherwise, replace the digest value of delegated reference with the cached value without the calculating process.
+ *
+ * @see org.apache.xml.security.signature.Reference#generateDigestValue()
+ */
+ @Override
+ public void generateDigestValue() throws XMLSignatureException,
+ ReferenceNotInitializedException {
+ Reference ref = getReference();
+ String uri = ref.getURI();
+
+ if ( SignatureUtility.isSignatureFile( uri ) ) {
+ // Always generate a digest value of signature file.
+ ref.generateDigestValue();
+ } else if ( this.realPath == null ) {
+ // call 'setDigestValueElement( this.digestValue );'
+ Class<?>[] argsType = { byte[].class };
+ Object[] args = { this.digestValue };
+ try {
+ ReflectionUtil.callMethod( ref, "setDigestValueElement", argsType, args, true );
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause();
+ if ( cause instanceof XMLSignatureException ) {
+ throw (XMLSignatureException) cause;
+ } else if ( cause instanceof ReferenceNotInitializedException ) {
+ throw (ReferenceNotInitializedException) cause;
+ }
+
+ throw new IllegalStateException( cause );
+ }
+ } else {
+ // support to the URI of another location.
+ ref.setURI( new File( this.realPath ).toURI().toString() ); // replace the real path
+ ref.generateDigestValue();
+ ref.setURI( uri );
+ }
+ }
+
+ @Override
+ public XMLSignatureInput getContentsBeforeTransformation()
+ throws ReferenceNotInitializedException {
+ return getReference().getContentsBeforeTransformation();
+ }
+
+ @Override
+ public XMLSignatureInput getContentsAfterTransformation()
+ throws XMLSignatureException {
+ return getReference().getContentsAfterTransformation();
+ }
+
+ @Override
+ public XMLSignatureInput getNodesetBeforeFirstCanonicalization()
+ throws XMLSignatureException {
+ return getReference().getNodesetBeforeFirstCanonicalization();
+ }
+
+ @Override
+ public String getHTMLRepresentation() throws XMLSignatureException {
+ return getReference().getHTMLRepresentation();
+ }
+
+ @Override
+ public XMLSignatureInput getTransformsOutput() {
+ return getReference().getTransformsOutput();
+ }
+
+ @Override
+ public ReferenceData getReferenceData() {
+ return getReference().getReferenceData();
+ }
+
+ @Override
+ protected XMLSignatureInput dereferenceURIandPerformTransforms(
+ OutputStream os) throws XMLSignatureException {
+ // call protected method
+ Class<?>[] argsType = { OutputStream.class };
+ Object[] args = { os };
+ try {
+ return (XMLSignatureInput) ReflectionUtil.callMethod( getReference(),
+ "dereferenceURIandPerformTransforms", argsType, args, true );
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause();
+ if ( cause instanceof XMLSignatureException ) {
+ throw (XMLSignatureException) cause;
+ }
+
+ throw new IllegalStateException( cause );
+ }
+ }
+
+ @Override
+ public Transforms getTransforms() throws XMLSignatureException,
+ InvalidTransformException, TransformationException,
+ XMLSecurityException {
+ return getReference().getTransforms();
+ }
+
+ @Override
+ public byte[] getReferencedBytes() throws ReferenceNotInitializedException,
+ XMLSignatureException {
+ return getReference().getReferencedBytes();
+ }
+
+ @Override
+ public byte[] getDigestValue() throws Base64DecodingException,
+ XMLSecurityException {
+ return getReference().getDigestValue();
+ }
+
+ @Override
+ public boolean verify() throws ReferenceNotInitializedException,
+ XMLSecurityException {
+ return getReference().verify();
+ }
+
+ @Override
+ public String getBaseLocalName() {
+ return getReference().getBaseLocalName();
+ }
+
+ @Override
+ public String getBaseNamespace() {
+ return getReference().getBaseNamespace();
+ }
+
+ @Override
+ protected Element createElementForFamilyLocal(Document doc,
+ String namespace, String localName) {
+ // call protected method
+ Class<?>[] argsType = { Document.class, String.class, String.class };
+ Object[] args = { doc, namespace, localName };
+ try {
+ return (Element) ReflectionUtil.callMethod( getReference(),
+ "createElementForFamilyLocal", argsType, args, true );
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause();
+ throw new IllegalStateException( cause );
+ }
+ }
+
+ @Override
+ public void setElement(Element element, String BaseURI)
+ throws XMLSecurityException {
+ getReference().setElement(element, BaseURI);
+ }
+
+ @Override
+ public Document getDocument() {
+ return getReference().getDocument();
+ }
+
+ @Override
+ public String getBaseURI() {
+ return getReference().getBaseURI();
+ }
+
+ @Override
+ public void addBigIntegerElement(BigInteger bi, String localname) {
+ getReference().addBigIntegerElement(bi, localname);
+ }
+
+ @Override
+ public void addBase64Element(byte[] bytes, String localname) {
+ getReference().addBase64Element(bytes, localname);
+ }
+
+ @Override
+ public void addTextElement(String text, String localname) {
+ getReference().addTextElement(text, localname);
+ }
+
+ @Override
+ public void addBase64Text(byte[] bytes) {
+ getReference().addBase64Text(bytes);
+ }
+
+ @Override
+ public void addText(String text) {
+ getReference().addText(text);
+ }
+
+ @Override
+ public BigInteger getBigIntegerFromChildElement(String localname,
+ String namespace) throws Base64DecodingException {
+ return getReference().getBigIntegerFromChildElement(localname, namespace);
+ }
+
+ @Override
+ public byte[] getBytesFromChildElement(String localname, String namespace)
+ throws XMLSecurityException {
+ return getReference().getBytesFromChildElement(localname, namespace);
+ }
+
+ @Override
+ public String getTextFromChildElement(String localname, String namespace) {
+ return getReference().getTextFromChildElement(localname, namespace);
+ }
+
+ @Override
+ public byte[] getBytesFromTextChild() throws XMLSecurityException {
+ return getReference().getBytesFromTextChild();
+ }
+
+ @Override
+ public String getTextFromTextChild() {
+ return getReference().getTextFromTextChild();
+ }
+
+ @Override
+ public int length(String namespace, String localname) {
+ return getReference().length(namespace, localname);
+ }
+
+ @Override
+ public void setXPathNamespaceContext(String prefix, String uri)
+ throws XMLSecurityException {
+ getReference().setXPathNamespaceContext(prefix, uri);
+ }
+
+ @Override
+ protected Object clone() throws CloneNotSupportedException {
+ // call protected method
+ Class<?>[] argsType = {};
+ Object[] args = {};
+ try {
+ return ReflectionUtil.callMethod( getReference(), "clone", argsType, args, true );
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause();
+ if ( cause instanceof CloneNotSupportedException ) {
+ throw (CloneNotSupportedException) cause;
+ }
+
+ throw new IllegalStateException( cause );
+ }
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ return getReference().equals(obj);
+ }
+
+ @Override
+ protected void finalize() throws Throwable {
+ // call protected method
+ Class<?>[] argsType = {};
+ Object[] args = {};
+ try {
+ ReflectionUtil.callMethod( getReference(), "finalize", argsType, args, true );
+ } catch (InvocationTargetException e) {
+ throw e.getCause();
+ }
+ }
+
+ @Override
+ public int hashCode() {
+ return getReference().hashCode();
+ }
+
+ @Override
+ public String toString() {
+ return getReference().toString();
+ }
+
+}
public static final String PROFILES_FILE = "profiles.xml";
- // for XML parser
+ // for profile XML parser
public static final String ROOT_ELEMENT = "profiles";
public static final String ROOT_ATTR_VER = "version";
public static final String PROFILE_ELEMENT = "profile";
public static final String PROFILEITEM_ATTR_ROOTCA = "rootca";
public static final String PROFILEITEM_ATTR_PASS = "password";
+ // for XMLSignature
+ public static String objId = "prop";
+ public static String SignatureProperty = "SignatureProperty";
+ public static String SignatureProperties = "SignatureProperties";
+ public static String distributorTarget = "#DistributorSignature";
+ public static String authorTarget = "#AuthorSignature";
+ public static String roleProperty = "dsp:Role";
+ public static String identifierProperty = "dsp:Identifier";
+ public static String profileProperty = "dsp:Profile";
+ public static String xmlnsURI = "http://www.w3.org/2000/xmlns/";
+ public static String profileURI = "http://www.w3.org/ns/widgets-digsig#profile";
+ public static String distributorRoleURI = "http://www.w3.org/ns/widgets-digsig#role-distributor";
+ public static String authorRoleURI = "http://www.w3.org/ns/widgets-digsig#role-author";
+ public static String signaturePropertiesURI = "http://www.w3.org/2009/xmldsig-properties";
+ public static String signaturePropertiesPrefix = "xmlns:dsp";
+ public static String profile = "profile";
+ public static String identifier = "identifier";
+ public static String role = "role";
+ public static String id = "Id";
+ public static String target = "Target";
}
);
}
- public boolean isAuthorOrdinal(int ordinal) {
+ public static boolean isAuthorOrdinal(int ordinal) {
return ordinal == AUTHOR_ORDINAL;
}
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign.signer;
+
+import java.io.File;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.tizen.common.util.Assert;
+import org.tizen.common.util.IOUtil;
+
+/**
+ * This class is intended for pattern based abstract parser.
+ *
+ * @author JIhoon Song {@literal<jihoon80.song@samsung.com>}
+ */
+public abstract class AbstractResourceParser {
+
+ public static final String DELIMETER = "__DEL__";
+
+ protected final Pattern pattern;
+
+ protected boolean read = false;
+
+
+ /**
+ * Constructor.
+ * This perform to compile a regular expression beforehand
+ */
+ public AbstractResourceParser() {
+ this.pattern = Pattern.compile( getRegExp() );
+ }
+
+ /**
+ * @return If already read successfully, returns true. otherwise, returns false.
+ */
+ public boolean isRead() {
+ return this.read;
+ }
+
+ protected Matcher getMatcher(String content) {
+ return this.pattern.matcher( content );
+ }
+
+ /**
+ * @return a regular expression for parser
+ */
+ protected abstract String getRegExp();
+
+ /**
+ * @return the resource name managed by parser.
+ */
+ public abstract String getResourceName();
+
+ /**
+ * Read contents by InputStreamReader.<br>
+ * This method is called by read(File) method.
+ *
+ * @param isr InputStreamReader
+ * @throws IOException
+ */
+ public abstract void read(InputStreamReader isr) throws IOException;
+
+ /**
+ * Write contents by OutputStreamWriter.<br>
+ * This method is called by write(File) method.
+ *
+ * @param osw OutputStreamWriter
+ * @throws IOException
+ */
+ public abstract void write(OutputStreamWriter osw) throws IOException;
+
+ public void read(File file) throws IOException {
+ Assert.notNull( file );
+
+ InputStreamReader fileReader = null;
+ try {
+ fileReader = new FileReader( file );
+ read( fileReader );
+ } finally {
+ IOUtil.tryClose( fileReader );
+ }
+ }
+
+ public void write(File file) throws IOException {
+ Assert.notNull( file );
+
+ OutputStreamWriter fileWriter = null;
+ try {
+ fileWriter = new FileWriter( file );
+ write( fileWriter );
+ } finally {
+ IOUtil.tryClose( fileWriter );
+ }
+ }
+}
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign.signer;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+
+import org.tizen.common.sign.model.Delta;
+import org.tizen.common.sign.model.DeltaState;
+import org.tizen.common.util.Assert;
+
+
+/**
+ * This class is intended for delta list parser
+ *
+ * @author JIhoon Song {@literal<jihoon80.song@samsung.com>}
+ */
+public class DeltaListResourceParser extends AbstractResourceParser {
+
+ public static final String FILENAME = ".delta.lst";
+ private final String regExp = "^(.+)([C|D])" + DELIMETER + "(.+)$";
+
+ protected final List<Delta> deltas = new ArrayList<Delta>();
+
+
+ public Delta[] getDeltas() {
+ return this.deltas.toArray( new Delta[0] );
+ }
+
+ @Override
+ public void read(InputStreamReader isr) throws IOException {
+ Assert.notNull( isr );
+
+ BufferedReader deltaReader = new BufferedReader( isr );
+
+ // read models
+ List<Delta> list = new ArrayList<Delta>();
+ String line = null;
+ while( ( line = deltaReader.readLine() ) != null ) {
+ Delta parsedDelta = parseDelta( line );
+ if ( validateDelta( parsedDelta, line ) ) {
+ list.add( parsedDelta );
+ }
+ }
+
+ // update internal deltas
+ this.deltas.clear();
+ this.deltas.addAll( list );
+ this.read = true;
+ }
+
+ protected Delta parseDelta(String line) {
+ final Matcher matcher = getMatcher( line );
+ if ( matcher.matches() ) {
+ String realPath = matcher.group( 1 );
+ String stateCharacter = matcher.group( 2 );
+ DeltaState state = DeltaState.getValue( stateCharacter );
+ String uri = matcher.group( 3 );
+
+ return new Delta( realPath, state, uri );
+ }
+
+ return null;
+ }
+
+ protected boolean validateDelta(Delta delta, String line) throws IOException {
+ if ( delta == null ) {
+ throw new IOException( "Failed to parse a delta list resource: " + line );
+ }
+
+ // check a real path whether exist or not
+ if ( ! isExistResource( delta.getRealPath() ) ) {
+ throw new FileNotFoundException( "Couldn't find a resource: " + line );
+ }
+
+ return true;
+ }
+
+ protected boolean isExistResource(String path) {
+ File realFile = new File( path );
+ return realFile.exists();
+ }
+
+ @Override
+ public String getResourceName() {
+ return FILENAME;
+ }
+
+ @Override
+ public void write(OutputStreamWriter osw) throws IOException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ protected String getRegExp() {
+ return regExp;
+ }
+
+}
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign.signer;
+
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.Matcher;
+
+import org.apache.xml.security.Init;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.Base64;
+import org.tizen.common.sign.model.ReferenceCache;
+import org.tizen.common.sign.model.SignatureConstants;
+import org.tizen.common.util.Assert;
+import org.tizen.common.util.StringUtil;
+
+
+/**
+ * This class is intended for parser of cached references.
+ *
+ * @author JIhoon Song {@literal<jihoon80.song@samsung.com>}
+ */
+public class ReferenceCacheParser extends AbstractResourceParser {
+
+ public static final String FILENAME = SignatureConstants.SIGNATURE_META_FILE;
+ private final String regExp = "^(.+)" + DELIMETER + "(.+)$";
+
+ protected final List<ReferenceCache> caches = new ArrayList<ReferenceCache>();
+
+
+ public ReferenceCacheParser() {
+ // initialize for the xmlsec module
+ Init.init();
+ }
+
+ @Override
+ public void read(InputStreamReader isr) throws IOException {
+ Assert.notNull( isr );
+
+ BufferedReader cacheReader = new BufferedReader( isr );
+
+ // read models
+ List<ReferenceCache> list = new ArrayList<ReferenceCache>();
+ String line = null;
+ while( ( line = cacheReader.readLine() ) != null ) {
+ ReferenceCache parsedCache = parseCache( line );
+ validate( parsedCache, line );
+ list.add( parsedCache );
+ }
+
+ // update internal caches
+ this.caches.clear();
+ this.caches.addAll( list );
+ this.read = true;
+ }
+
+ @Override
+ public void write(OutputStreamWriter osw) throws IOException {
+ Assert.notNull( osw );
+
+ BufferedWriter cacheWriter = new BufferedWriter( osw );
+
+ // write models
+ for ( ReferenceCache cache : this.caches ) {
+ cacheWriter.append( cache.getUri() );
+ cacheWriter.append( DELIMETER );
+ cacheWriter.append( Base64.encode( cache.getDigestValue() ) );
+ cacheWriter.newLine();
+ }
+
+ cacheWriter.flush();
+ }
+
+ /**
+ * Update an internal model.<br>
+ * If not exist, add it. otherwise, update it.
+ *
+ * @param cache for update
+ */
+ public void update(ReferenceCache cache) {
+ Assert.notNull( cache );
+ Assert.hasText( cache.getUri() );
+ byte[] digestValue = cache.getDigestValue();
+ Assert.notNull( digestValue );
+ Assert.hasText( new String( digestValue ) );
+
+ for ( ReferenceCache inCache : this.caches ) {
+ if ( inCache.getUri().equals( cache.getUri() ) ) {
+ // update
+ int indexOf = this.caches.indexOf( inCache );
+ this.caches.set( indexOf, cache );
+ return;
+ }
+ }
+
+ // new
+ this.caches.add( cache );
+ }
+
+ /**
+ * Remove a cache with uri.
+ *
+ * @param uri of cache
+ */
+ public void remove(String uri) {
+ Assert.notNull( uri );
+
+ ReferenceCache cache = this.getCache( uri );
+ if ( cache != null ) {
+ this.caches.remove( cache );
+ }
+ }
+
+ public int getSize() {
+ return this.caches.size();
+ }
+
+ /**
+ * @return returns all caches.
+ */
+ public ReferenceCache[] getCaches() {
+ return this.caches.toArray( new ReferenceCache[0] );
+ }
+
+ /**
+ * Get a cache with uri.
+ *
+ * @param uri of cache
+ * @return If found, returns a cache, otherwise, returns null.
+ */
+ public ReferenceCache getCache(String uri) {
+ for( ReferenceCache cache : this.caches ) {
+ if ( cache.getUri().equals( uri ) ) {
+ return cache;
+ }
+ }
+
+ return null;
+ }
+
+ protected ReferenceCache parseCache(String line) throws IOException {
+ try {
+ final Matcher matcher = getMatcher( line );
+ if ( matcher.matches() ) {
+ String uri = matcher.group( 1 );
+ String digestString = matcher.group( 2 );
+ return new ReferenceCache( uri, Base64.decode( digestString ) );
+ }
+
+ return null;
+ } catch (Base64DecodingException e) {
+ throw new IOException( e.getMessage(), e );
+ }
+ }
+
+ protected boolean validate(ReferenceCache cache, String line) throws IOException {
+ if ( cache == null ) {
+ throw new IOException( "Failed to parse a reference cache resource: " + line );
+ }
+
+ // check a digest value whether empty or not.
+ if ( Arrays.equals( cache.getDigestValue(), StringUtil.EMPTY_STRING.getBytes() ) ) {
+ throw new IOException( "DigestValue is not correct: " + line );
+ }
+
+ return true;
+ }
+
+ @Override
+ public String getResourceName() {
+ return FILENAME;
+ }
+
+ @Override
+ protected String getRegExp() {
+ return regExp;
+ }
+}
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign.signer;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.httpclient.URIException;
+import org.apache.commons.httpclient.util.URIUtil;
+import org.apache.xml.security.Init;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.content.X509Data;
+import org.apache.xml.security.signature.ObjectContainer;
+import org.apache.xml.security.signature.Reference;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.transforms.TransformationException;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMReader;
+import org.slf4j.Logger;
+import static org.slf4j.LoggerFactory.*;
+
+import org.tizen.common.sign.model.Delta;
+import org.tizen.common.sign.model.ReferenceCache;
+import org.tizen.common.sign.model.ReferenceDelegator;
+import org.tizen.common.sign.model.DeltaState;
+import org.tizen.common.sign.model.SignatureConstants;
+import org.tizen.common.sign.preferences.SigningProfile;
+import org.tizen.common.sign.preferences.SigningProfileItem;
+import org.tizen.common.sign.util.SignatureUtility;
+import org.tizen.common.sign.util.XMLUtil;
+import org.tizen.common.util.Assert;
+import org.tizen.common.util.FilenameUtil;
+import org.tizen.common.util.IOUtil;
+import org.tizen.common.util.ReflectionUtil;
+import org.tizen.common.util.StringUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+/**
+ * This class is intended for support of incremental signing
+ *
+ * @author JIhoon Song {@literal<jihoon80.song@samsung.com>}
+ */
+public class TizenIncrementalSigner {
+
+ protected static final Logger logger = getLogger( TizenIncrementalSigner.class );
+
+ // Reflection constants
+ private static final String REFERENCES_IN_SIGNEDINFO = "references";
+
+ // Signature constants
+ protected static final String PROPERTY_REFERENCE_URI = "#prop";
+ protected static final String KEY_TYPE_PKCS12 = "PKCS12";
+ protected static final int MAX_CHAIN_CERTIFICATES = 3;
+ protected final String[] defaultFilterList = {
+ ReferenceCacheParser.FILENAME,
+ DeltaListResourceParser.FILENAME,
+ };
+
+ // Persistent resource managers
+ protected ReferenceCacheParser cacheParser = new ReferenceCacheParser();
+ protected DeltaListResourceParser deltaParser = new DeltaListResourceParser();
+
+ //
+ protected String rootPath; // root source directory path
+ protected SigningProfile certProfile; // certificate containers
+
+ private XMLSignature signature; // a sign module
+
+
+ /**
+ * Constructor
+ *
+ * @param certProfile for sign model. If null, the use of some methods are restricted.
+ * @param rootPath for sources
+ */
+ public TizenIncrementalSigner(SigningProfile certProfile, String rootPath) {
+ Assert.notNull( rootPath );
+
+ this.certProfile = certProfile;
+ this.rootPath = rootPath;
+
+ initialize();
+ }
+
+ /**
+ * Initialize for pre-process
+ */
+ protected void initialize() {
+ // initialize for the xmlsec module
+ Init.init();
+
+ try {
+ // remove a default namespace prefix like "ns:"
+ XMLSignature.setDefaultPrefix( Constants.SignatureSpecNS, StringUtil.EMPTY_STRING );
+ } catch (XMLSecurityException e) {
+ logger.error( e.getMessage(), e );
+ }
+
+ // TODO: unknown purpose. a related class is PEMReader.
+ Security.addProvider( new BouncyCastleProvider() );
+ }
+
+ /**
+ * Sign by pre-defined items.<br>
+ * If no pre-defined item, assertion occur.
+ *
+ * @param bIncremental if true, act incrementally.
+ * @return returns signed signature values.
+ *
+ * @throws UnrecoverableKeyException if the key cannot be recovered (e.g., the given password is wrong).
+ * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type.
+ * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be found.
+ * @throws CertificateException if any of the certificates in the keystore could not be loaded.
+ * @throws XMLSecurityException if a XMLSignature manipulate error is occurred.
+ * @throws ParserConfigurationException if a DocumentBuilder cannot be created which satisfies the configuration requested.
+ * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
+ */
+ public byte[][] sign(boolean bIncremental) throws
+ UnrecoverableKeyException, KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, XMLSecurityException,
+ ParserConfigurationException, IOException {
+ return sign( bIncremental, null );
+ }
+
+ /**
+ * Sign by pre-defined items.<br>
+ * If no pre-defined item, assertion occur.
+ *
+ * @param bIncremental if true, act incrementally.
+ * @param oss OutputStreams for output.
+ * @return returns signed signature values.
+ *
+ * @throws UnrecoverableKeyException if the key cannot be recovered (e.g., the given password is wrong).
+ * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type.
+ * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be found.
+ * @throws CertificateException if any of the certificates in the keystore could not be loaded.
+ * @throws XMLSecurityException if a XMLSignature manipulate error is occurred.
+ * @throws ParserConfigurationException if a DocumentBuilder cannot be created which satisfies the configuration requested.
+ * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
+ */
+ public byte[][] sign(boolean bIncremental, OutputStream[] oss) throws
+ UnrecoverableKeyException, KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, XMLSecurityException,
+ ParserConfigurationException, IOException {
+
+ Assert.notNull( this.certProfile );
+
+ List<byte[]> result = new ArrayList<byte[]>();
+ int i = 0;
+ for( SigningProfileItem item : this.certProfile.getProfileItems() ) {
+ byte[] signatureValue = null;
+ if ( item != null ) {
+ int ordinal = this.certProfile.getOrdinal( item );
+ if ( oss == null ) {
+ File xmlFile = getXMLFile( item );
+ signatureValue = sign( item, ordinal, xmlFile, bIncremental );
+ } else {
+ signatureValue = sign( item, ordinal, oss[ i ], bIncremental );
+ }
+ }
+ result.add( signatureValue );
+ i++;
+ }
+
+ return result.toArray( new byte[0][] );
+ }
+
+ /**
+ * Sign by given item and write to a file.
+ *
+ * @param item certificates model for one of signature.
+ * @param ordinal for ordered signature.
+ * @param xmlFile signature file. This parent path is a source resource root path for the resource resolver.
+ * @param bIncremental if true, act incrementally.
+ * @return a signed signature value.
+ *
+ * @throws UnrecoverableKeyException if the key cannot be recovered (e.g., the given password is wrong).
+ * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type.
+ * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be found.
+ * @throws CertificateException if any of the certificates in the keystore could not be loaded.
+ * @throws XMLSecurityException if a XMLSignature manipulate error is occurred.
+ * @throws ParserConfigurationException if a DocumentBuilder cannot be created which satisfies the configuration requested.
+ * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
+ */
+ public byte[] sign(SigningProfileItem item, int ordinal, File xmlFile, boolean bIncremental) throws
+ UnrecoverableKeyException, KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, XMLSecurityException,
+ ParserConfigurationException, IOException {
+
+ Assert.notNull( xmlFile );
+
+ OutputStream xmlOs = null;
+ try {
+ xmlOs = new FileOutputStream( xmlFile );
+ return sign( item, ordinal, xmlOs, bIncremental );
+ } finally {
+ IOUtil.tryClose( xmlOs );
+ }
+
+ }
+
+ /**
+ * Sign by given item and write to a given OutputStream.
+ *
+ * @param item certificates model for one of signatures.
+ * @param ordinal for ordered signature.
+ * @param os OutputStream for output.
+ * @param bIncremental if true, act incrementally.
+ * @return a signed signature value.
+ *
+ * @throws UnrecoverableKeyException if the key cannot be recovered (e.g., the given password is wrong).
+ * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type.
+ * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be found.
+ * @throws CertificateException if any of the certificates in the keystore could not be loaded.
+ * @throws XMLSecurityException if a XMLSignature manipulate error is occurred.
+ * @throws ParserConfigurationException if a DocumentBuilder cannot be created which satisfies the configuration requested.
+ * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
+ */
+ public byte[] sign(SigningProfileItem item, int ordinal, OutputStream os, boolean bIncremental) throws
+ UnrecoverableKeyException, KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, XMLSecurityException,
+ ParserConfigurationException, IOException {
+
+ Assert.notNull( item );
+ Assert.isTrue( ordinal >= 0 );
+ Assert.notNull( os );
+
+ if ( bIncremental ) {
+ loadDeltas();
+ }
+
+ // generate document structure
+ Document document = generateStructure( ordinal, bIncremental );
+
+ // load key store
+ KeyStore keyStore = loadKeyStore( item.getKeyLocation(), KEY_TYPE_PKCS12, item.getPassword() );
+ String alias = getFirstAlias( keyStore );
+ if ( alias == null ) {
+ throw new KeyStoreException( "Couldn't find an alias in the key store." );
+ }
+
+ // add certificates to a signature
+ addX509CertificateChain( item, keyStore, alias );
+
+ // get key from key store
+ Key key = keyStore.getKey( alias, item.getPassword() );
+
+ // sign
+ this.signature.sign( key );
+
+ // Important: After writing, the sequence of references will be changed.
+ // It means the signature value is different with fully signed value.
+ List<Reference> refs = interceptReferenceList();
+
+ // write XML
+ writeDocument( document, os );
+
+ // remember cache
+ storeDigestCache( refs );
+
+ return this.signature.getSignatureValue();
+ }
+
+ /**
+ * Generate document structure with reference URIs
+ *
+ * @param ordinal for ordered signature.
+ * @param bIncremental if true, act incrementally.
+ * @return Document with the signature structure
+ * @throws XMLSecurityException if a XMLSignature manipulate error is occurred.
+ * @throws ParserConfigurationException if a DocumentBuilder cannot be created which satisfies the configuration requested.
+ * @throws IOException If cannot manipulate cached resources,
+ */
+ protected Document generateStructure( int ordinal, boolean bIncremental )
+ throws XMLSecurityException, ParserConfigurationException, IOException {
+
+ // create XML Document
+ Document document = XMLUtil.create();
+
+ // create a signature instance
+ this.signature = new XMLSignature(
+ document, // XML document
+ new File( this.rootPath ).toURI().toString(), // file path URI string
+ XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256, // algorithm
+ CanonicalizationMethod.EXCLUSIVE ); // canonicalization
+
+ boolean bAuthor = SigningProfile.isAuthorOrdinal( ordinal );
+ this.signature.setId( bAuthor ? "AuthorSignature" : "DistributorSignature" ); // TODO: is this required?
+ document.appendChild( this.signature.getElement() );
+
+ // Determine the incremental
+ // add resources to a signature
+ if ( bIncremental && getCacheFile().exists() ) {
+ // process incrementally elements
+ List<Reference> refs = interceptReferenceList();
+ if ( refs == null ) {
+ new XMLSecurityException( "Failed to intercept the reference list. Cannot perform incrementally." );
+ }
+ restoreReferenceList( refs, bAuthor );
+ } else {
+ // process all elements
+ List<String> resources = findResources( new File( this.rootPath ), bAuthor );
+ addResources( resources );
+ }
+
+ // add '#prop' element to a signature
+ addPropertyElement( document, bAuthor );
+
+ return document;
+ }
+
+ /**
+ * Load a model resource of deltas for incremental signing.<br>
+ * The read process is performed once;
+ *
+ * @return If succeed, returns true. otherwise returns false.
+ * @throws IOException
+ */
+ protected boolean loadDeltas() throws IOException {
+ if ( ! this.deltaParser.isRead() ) { // read once
+ File deltaFile = getDeltaFile();
+ if ( deltaFile.exists() ) {
+ this.deltaParser.read( getDeltaFile() );
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Load a model resource of cached references for incremental signing.
+ *
+ * @return If succeed, returns true. otherwise returns false.
+ * @throws IOException
+ */
+ protected boolean loadCaches() throws IOException {
+ this.cacheParser.read( getCacheFile() );
+ return true;
+ }
+
+ /**
+ * Restructure reference models in XMLSignature by cached models.
+ * This method perform to load a cache resource.
+ *
+ * @param refs original reference models in XMLSignature.
+ * @param bAuthor current signature type.
+ * @throws XMLSecurityException
+ * @throws IOException
+ */
+ protected void restoreReferenceList(List<Reference> refs, boolean bAuthor)
+ throws XMLSecurityException, IOException {
+
+ // load caches
+ loadCaches();
+
+ // remove deleted resources in cache
+ List<String> deltasInCaches = removeDeltasInCaches();
+
+ // filtering
+ List<String> filtered = new ArrayList<String>();
+ for ( ReferenceCache cache : this.cacheParser.getCaches() ) {
+ String uri = cache.getUri();
+ if ( isFilterResource( uri, bAuthor ) == false ) {
+ filtered.add( uri );
+ }
+ }
+
+ // add URIs to document
+ filtered.addAll( deltasInCaches );
+ addResources( filtered );
+
+ // wrap to delegator
+ List<Reference> delegators = new ArrayList<Reference>();
+ for ( Reference ref : refs ) {
+ String uri = getURIPath( ref );
+ Delta delta = findDeltaReference( ref );
+
+ ReferenceDelegator.setReference( ref );
+ Reference delegator = null;
+ if ( delta != null ) {
+ // create wrapper for regeneration from real path
+ delegator = new ReferenceDelegator(
+ ref.getElement(),
+ ref.getBaseURI(),
+ this.signature.getSignedInfo(),
+ delta.getRealPath() );
+ } else {
+ ReferenceCache rc = this.cacheParser.getCache( uri );
+ if ( rc == null ) {
+ throw new IOException( "Caches are broken. Reference URI is not exist in caches: " + uri );
+ }
+
+ // // create wrapper for restore digest value
+ delegator = new ReferenceDelegator(
+ ref.getElement(),
+ ref.getBaseURI(),
+ this.signature.getSignedInfo(),
+ rc.getDigestValue() );
+ }
+ delegators.add( delegator );
+ }
+
+ // remember new list
+ refs.clear();
+ refs.addAll( delegators );
+ }
+
+ /**
+ * Remove matched deltas in cache models<br>
+ *
+ * @return if have deltas with the Changed state, returns this list.
+ * @throws XMLSignatureException
+ * @throws URIException
+ */
+ protected List<String> removeDeltasInCaches() throws XMLSignatureException, URIException {
+ List<String> list = new ArrayList<String>();
+
+ for ( Delta delta : this.deltaParser.getDeltas() ) {
+ String uri = delta.getUri();
+ this.cacheParser.remove( uri );
+
+ if ( delta.getState() == DeltaState.Changed ) {
+ list.add( uri );
+ }
+ }
+
+ return list;
+ }
+
+ /**
+ * Find a delta with same uri of given reference.
+ *
+ * @param ref Reference
+ * @return If found, returns a delta. otherwise, returns null.
+ * @throws URIException
+ */
+ protected Delta findDeltaReference(Reference ref) throws URIException {
+ String uri = getURIPath( ref );
+
+ for ( Delta delta : this.deltaParser.getDeltas() ) {
+ if ( uri.equals( delta.getUri() ) ) {
+ if ( delta.getState() == DeltaState.Changed ) {
+ return delta;
+ }
+ break;
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Intercept an original reference list attribute in XMLSignature using the java reflection.
+ *
+ * @return the original reference list of XMLSignature. If cannot access, return null.
+ */
+ private List<Reference> interceptReferenceList() {
+ SignedInfo signedInfo = this.signature.getSignedInfo();
+ Object referencesObj =ReflectionUtil.getField( signedInfo, REFERENCES_IN_SIGNEDINFO, true );
+ if ( referencesObj instanceof List<?> ) {
+ return (List<Reference>) referencesObj;
+ }
+
+ return null;
+ }
+
+ /**
+ * Store cached models to a specified file.
+ *
+ * @param refs Reference list. Its digest value must be calculated already.
+ * @throws XMLSecurityException
+ * @throws IOException
+ */
+ protected void storeDigestCache(List<Reference> refs)
+ throws XMLSecurityException, IOException {
+ for ( Reference ref : refs ) {
+ String uri = getURIPath( ref );
+
+ // skip '#prop' reference
+ if ( PROPERTY_REFERENCE_URI.equals( uri ) ) {
+ continue;
+ }
+
+ byte[] digestValue = ref.getDigestValue();
+ this.cacheParser.update( new ReferenceCache( uri, digestValue ) );
+ }
+
+ this.cacheParser.write( getCacheFile() );
+ }
+
+ /**
+ * Check whether be filtered source or not.<br>
+ * Managed resources (eg. .manifest.tmp, .delta.lst) and signature files (eg. author-signature.xml, signature1.xml ...) are filtered.
+ *
+ * @param name
+ * @param bAuthor If false, author signature name is not filtered.
+ * @return If filtered name, returns true. otherwise returns false.
+ */
+ protected boolean isFilterResource(String name, boolean bAuthor) {
+ for( String filter : this.defaultFilterList ) {
+ if ( filter.equals( name ) ) {
+ return true;
+ }
+ }
+
+ // distributor signatures include an author signature.
+ if ( bAuthor && SignatureUtility.isAuthorSignatureFile( name ) ) {
+ return true;
+ }
+
+ // ignore other distributors
+ if ( SignatureUtility.isDistributorSignatureFile( name ) ) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Check whether be filtered source or not.<br>
+ * Managed resources (eg. .manifest.tmp, .delta.lst) and signature files (eg. author-signature.xml, signature1.xml ...) are filtered.
+ *
+ * @param resource
+ * @param bAuthor If false, author signature name is not filtered.
+ * @return If filtered name, returns true. otherwise returns false.
+ */
+ protected boolean isFilterResource(File resource, boolean bAuthor) {
+ String name = resource.getName();
+ return isFilterResource( name, bAuthor );
+ }
+
+ /**
+ * Find relative source paths recursively.
+ *
+ * @param resource root path of sources
+ * @param bAuthor current signature type.
+ * @return relative source path list.
+ * @throws URIException
+ * @throws XMLSignatureException
+ */
+ protected List<String> findResources(File resource, boolean bAuthor)
+ throws URIException, XMLSignatureException {
+ List<String> list = new ArrayList<String>();
+
+ if ( resource.isDirectory() ) {
+ // traverse recursively
+ for ( File child : resource.listFiles() ) {
+ list.addAll( findResources( child, bAuthor ) );
+ }
+ } else {
+ // If not filtered resource, remember a path.
+ if ( isFilterResource( resource, bAuthor ) == false ) {
+ String path = FilenameUtil.getRelativePath( this.rootPath, resource.getPath() );
+ list.add( path );
+ }
+ }
+
+ return list;
+ }
+
+ /**
+ * Get a delta resource file
+ *
+ * @return returns '.delta.lst' file in the root path
+ */
+ protected File getDeltaFile() {
+ return new File( this.rootPath, DeltaListResourceParser.FILENAME );
+ }
+
+ /**
+ * Get a Reference cache resource file
+ *
+ * @return returns '.manifest.tmp' file in the root path
+ */
+ protected File getCacheFile() {
+ return new File( this.rootPath, ReferenceCacheParser.FILENAME );
+ }
+
+ /**
+ * Get a destination file of item.<br>
+ * Because this method determine a name by ordinal of item, a sign model must be required.
+ *
+ * @param item a model item
+ * @return If ordinal is zero, returns 'author-signature.xml' file. otherwise, returns 'signatureX.xml' file. ( the X is an ordinal )
+ */
+ protected File getXMLFile(SigningProfileItem item) {
+ return new File( this.rootPath, getXMLFilename( item ) );
+ }
+
+ /**
+ * Get a destination filename of item.<br>
+ * Because this method determine a name by ordinal of item, a sign model must be required.
+ *
+ * @param item a model item
+ * @return If ordinal is zero, returns 'author-signature.xml'. otherwise, returns 'signatureX.xml'. ( the X is an ordinal )
+ */
+ protected String getXMLFilename(SigningProfileItem item) {
+ Assert.notNull( this.certProfile );
+ Assert.notNull( item );
+
+ // get items ordinal
+ int ordinal = this.certProfile.getOrdinal( item );
+ Assert.isTrue( ordinal != SigningProfile.NOTHING );
+
+ // make filename
+ if ( ordinal == SigningProfile.AUTHOR_ORDINAL ) {
+ return SignatureUtility.getAuthorFilename();
+ } else {
+ return SignatureUtility.getDistributorFilename( ordinal );
+ }
+ }
+
+ /**
+ * Write a document to OutputStream
+ *
+ * @param document signature document instance
+ * @param os OutputStream
+ */
+ protected void writeDocument(Document document, OutputStream os) {
+ XMLUtils.outputDOM( document, os );
+ }
+
+ /**
+ * Load KeyStore from the key file path.
+ *
+ * @param keyFilePath KeyStore file path
+ * @param type KeyStore type. Generally, PKCS12 or JKS are used.
+ * @param password KeyStore password
+ * @return opened KeyStore
+ *
+ * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type.
+ * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be found.
+ * @throws CertificateException if any of the certificates in the keystore could not be loaded.
+ * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
+ */
+ protected static KeyStore loadKeyStore(String keyFilePath, String type, char[] password)
+ throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
+ Assert.notNull( keyFilePath );
+ return loadKeyStore( new File( keyFilePath ), type, password );
+ }
+
+ /**
+ * Load KeyStore from the key file.
+ *
+ * @param keyFile KeyStore file
+ * @param type KeyStore type. Generally, PKCS12 or JKS are used.
+ * @param password KeyStore password
+ * @return opened KeyStore
+ *
+ * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type.
+ * @throws NoSuchAlgorithmException if the algorithm for recovering the key cannot be found.
+ * @throws CertificateException if any of the certificates in the keystore could not be loaded.
+ * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
+ */
+ protected static KeyStore loadKeyStore(File keyFile, String type, char[] password)
+ throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
+ Assert.notNull( keyFile );
+ Assert.notNull( type );
+ Assert.notNull( password );
+
+ KeyStore keyStore = KeyStore.getInstance( type );
+
+ InputStream keyIs = null;
+ try {
+ keyIs = new FileInputStream( keyFile );
+ keyStore.load( keyIs, password );
+ return keyStore;
+ } finally {
+ IOUtil.tryClose( keyIs );
+ }
+ }
+
+ /**
+ * Get a first alias from KeyStore.
+ *
+ * @param keyStore KeyStore
+ * @return returns a first alias in KeyStore. If not found, return null.
+ * @throws KeyStoreException if the keystore has not been initialized (loaded).
+ */
+ protected static String getFirstAlias(KeyStore keyStore) throws KeyStoreException {
+ Assert.notNull( keyStore );
+
+ Enumeration<String> aliases = keyStore.aliases();
+ while( aliases.hasMoreElements() ) {
+ String alias = aliases.nextElement();
+ if ( keyStore.isKeyEntry( alias ) ) {
+ return alias;
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Get a first X509 certificate from the file path.
+ *
+ * @param pemFilePath PEM format file path
+ * @return returns a X509 certificate. If not found, returns null.
+ * @throws IOException
+ */
+ protected X509Certificate getX509Certificate(String pemFilePath) throws IOException {
+ Assert.notNull( pemFilePath );
+
+ InputStreamReader reader = null;
+ PEMReader pemReader = null;
+
+ try {
+ reader = new FileReader( pemFilePath );
+ pemReader = new PEMReader( reader );
+
+ Object object = null;
+ while( ( object = pemReader.readObject() ) != null ) {
+ if ( object instanceof X509Certificate ) {
+ return (X509Certificate) object;
+ }
+ }
+
+ return null;
+ } finally {
+ IOUtil.tryClose( pemReader, reader );
+ }
+ }
+
+ /**
+ * Add certificate chains with item to XMLSignature.
+ *
+ * @param item with CA locations
+ * @param certificateChain in KeyStore
+ * @throws XMLSecurityException
+ * @throws IOException
+ * @throws KeyStoreException
+ */
+ protected void addX509CertificateChain(SigningProfileItem item, KeyStore keyStore, String alias)
+ throws XMLSecurityException, IOException, KeyStoreException {
+ Assert.notNull( this.signature );
+ Assert.notNull( keyStore );
+
+ String[] caPaths = getCertPaths( item ); // get { CA, RootCA } from item
+
+ // get certificates from key store
+ Certificate[] certificateChain = keyStore.getCertificateChain( alias );
+ Assert.notNull( certificateChain );
+ Assert.isTrue( certificateChain.length > 0 );
+
+ /*
+ * add certificate lists
+ *
+ * signature \ in key | certificate[0] | certificate[1] | certificate[2]
+ * chain 1 | certificate[0] | nothing or external CA of item | nothing or external Root CA of item
+ * chain 2 | certificate[0] | certificate[1] | nothing or external Root CA
+ * chain 3 | certificate[0] | certificate[1] | certificate[2]
+ */
+ // add first X509Certificate
+ Assert.isTrue( certificateChain[0] instanceof X509Certificate );
+ this.signature.addKeyInfo( (X509Certificate) certificateChain[ 0 ] );
+
+ // add others
+ X509Data x509Data = this.signature.getKeyInfo().itemX509Data( 0 );
+ for ( int i = 1; i < MAX_CHAIN_CERTIFICATES; i++ ) { // max value is 3. twice operation.
+ if ( certificateChain.length < ( i + 1 ) ) {
+ String path = caPaths[ i - 1 ]; // CA, RootCA, ...
+
+ if ( ! StringUtil.isEmpty( path ) ) {
+ // if the explicit path exist, add it.
+ X509Certificate caX509Certificate = getX509Certificate( path );
+ if ( caX509Certificate != null ) {
+ x509Data.addCertificate( caX509Certificate );
+ } else {
+ throw new XMLSecurityException( "X509Certificate is not found in: " + path );
+ }
+ } else {
+ // if the explicit path is nothing, nothing to do
+ }
+ } else {
+ // add a chained certificate
+ Assert.isTrue( certificateChain[ i ] instanceof X509Certificate );
+ x509Data.addCertificate( (X509Certificate) certificateChain[ i ] );
+ }
+ }
+ }
+
+ /**
+ * Get X509Certificate locations from item
+ *
+ * @param item
+ * @return two locations like {CA, RootCA}.
+ */
+ protected String[] getCertPaths(SigningProfileItem item) {
+ Assert.notNull( item );
+
+ // { CA, RootCA }
+ return new String[] { item.getCAPath(), item.getRootCAPath() };
+ }
+
+ /**
+ * Add reference documents with sorted URI
+ *
+ * @param resources List of URI.
+ * @throws URIException
+ * @throws XMLSignatureException
+ */
+ protected void addResources(List<String> resources) throws
+ URIException, XMLSignatureException {
+
+ Collections.sort( resources );
+ for ( String uri : resources ) {
+ addResource( uri, null );
+ }
+ }
+
+ /**
+ * Add a reference document with URI
+ *
+ * @param uri URI according to the XML Signature specification.
+ * @param trans List of transformations to be applied.
+ * @throws URIException
+ * @throws XMLSignatureException
+ */
+ protected void addResource(String uri, Transforms trans) throws
+ URIException, XMLSignatureException {
+
+ Assert.notNull( signature );
+ Assert.notNull( uri );
+
+ String refUrl = URIUtil.encodePathQuery( uri ); // UNICODE support
+ this.signature.addDocument( refUrl, trans, DigestMethod.SHA256 );
+ }
+
+ /**
+ * get a decoded URI from Reference
+ *
+ * @param ref Reference
+ * @return returns a decoded URI.
+ * @throws URIException
+ */
+ protected String getURIPath(Reference ref) throws URIException {
+ Assert.notNull( ref );
+
+ String encodedURI = ref.getURI();
+ return URIUtil.decode( encodedURI ); // UNICODE support
+ }
+
+ /**
+ * Add a property element to document.<br>
+ * Property root element id is a 'prop', and will be added to Reference URI with '#prop'.
+ *
+ * @param document XML Document
+ * @param isAuthor
+ * @throws XMLSignatureException
+ * @throws TransformationException
+ */
+ protected void addPropertyElement(Document document, boolean isAuthor)
+ throws XMLSignatureException, TransformationException {
+
+ Assert.notNull( this.signature );
+ Assert.notNull( document );
+
+ // create a container
+ ObjectContainer container = new ObjectContainer( document );
+ container.setId( SignatureConstants.objId );
+
+ // create a root element
+ Element properties = document.createElement( SignatureConstants.SignatureProperties );
+ properties.setAttributeNS(
+ SignatureConstants.xmlnsURI,
+ SignatureConstants.signaturePropertiesPrefix,
+ SignatureConstants.signaturePropertiesURI );
+
+ // append sub-elements
+ String signTypeTarget = isAuthor ?
+ SignatureConstants.authorTarget : SignatureConstants.distributorTarget;
+ String signTypeRoleURI = isAuthor ?
+ SignatureConstants.authorRoleURI : SignatureConstants.distributorRoleURI;
+
+ String[][] propertyTypes = {
+ { SignatureConstants.profile, SignatureConstants.profileProperty, SignatureConstants.profileURI }, /* profile */
+ { SignatureConstants.role, SignatureConstants.roleProperty, signTypeRoleURI }, /* role */
+ { SignatureConstants.identifier, SignatureConstants.identifierProperty, null } /* identifier */
+ };
+
+ for ( String[] propertyType : propertyTypes ) {
+ String propertyId = propertyType[0];
+ String propertyName = propertyType[1];
+ String uri = propertyType[2];
+
+ Element profileProperty = createPropertyElement( document, propertyId, signTypeTarget );
+ profileProperty.appendChild( createSubPropertyElement( document, propertyName, uri ) );
+ properties.appendChild( profileProperty );
+ }
+
+ container.appendChild(properties);
+
+ this.signature.appendObject( container );
+
+ // add a transform
+ Transforms transforms = new Transforms( document );
+ transforms.addTransform( Transforms.TRANSFORM_C14N11_OMIT_COMMENTS );
+ this.signature.addDocument( PROPERTY_REFERENCE_URI, transforms, DigestMethod.SHA256 );
+ }
+
+ private Element createSubPropertyElement(Document document, String propertyName, String uri) {
+ Element subProperty = document.createElement( propertyName );
+ if ( uri != null ) {
+ subProperty.setAttribute( Constants._ATT_URI, uri );
+ }
+ return subProperty;
+ }
+
+ private Element createPropertyElement(Document document, String idValue, String targetValue) {
+ Element property = document.createElement( SignatureConstants.SignatureProperty );
+ property.setAttribute( SignatureConstants.id, idValue );
+ property.setAttribute( SignatureConstants.target, targetValue );
+ return property;
+ }
+
+ /**
+ * Check whether the password of certificate in key path is correct or not.
+ *
+ * @param keyPath
+ * @param password
+ * @return If correct password, returns true. otherwise, returns false.
+ *
+ * @throws FileNotFoundException
+ * @throws NoSuchAlgorithmException
+ * @throws CertificateException
+ * @throws KeyStoreException
+ */
+ public static boolean checkCertificatePassword(String keyPath, String password) throws
+ FileNotFoundException, NoSuchAlgorithmException,
+ CertificateException, KeyStoreException {
+ Assert.notNull( keyPath );
+ Assert.notNull( password );
+
+ char[] pwd = password.toCharArray();
+
+ try {
+ // load key store
+ KeyStore keyStore = loadKeyStore( keyPath, KEY_TYPE_PKCS12, pwd );
+ String alias = getFirstAlias( keyStore );
+ if ( alias == null ) {
+ throw new CertificateException( "Couldn't find an alias in the KeyStore." );
+ }
+
+ // get key from key store
+ keyStore.getKey( alias, pwd );
+ return true;
+ } catch(FileNotFoundException e) {
+ throw e;
+ } catch(IOException e) {
+ logger.error( "{} is invalid certificate file or password incorrect.", keyPath );
+ } catch(UnrecoverableKeyException e) {
+ logger.error( "{} is invalid certificate file or password incorrect.", keyPath );
+ }
+
+ return false;
+ }
+}
package org.tizen.common.sign.signer;
-import hashsign.HashingSigning;
+import java.io.File;
-import org.tizen.common.sign.util.SigningPathUtil;
+import org.tizen.common.sign.preferences.SigningProfile;
+import org.tizen.common.sign.preferences.SigningProfileItem;
+import org.tizen.common.sign.util.SignatureUtility;
import org.tizen.common.util.StringUtil;
public class TizenSigner {
String dist2CAPath = args[9];
String dist2RootPath = args[10];
- if(StringUtil.isEmpty(authorCAPath)) {
- authorCAPath = SigningPathUtil.getAuthorCAPath();
- dist1P12Path = SigningPathUtil.getDeveloperKeyPath();
- dist1Pass = SigningPathUtil.DISTRIBUTOR1_PWD;
- dist1CAPath = SigningPathUtil.getDeveloperCAPath();
+// if(StringUtil.isEmpty(authorCAPath)) {
+// authorCAPath = SigningPathUtil.getAuthorCAPath();
+// dist1P12Path = SigningPathUtil.getDeveloperKeyPath();
+// dist1Pass = SigningPathUtil.DISTRIBUTOR1_PWD;
+// dist1CAPath = SigningPathUtil.getDeveloperCAPath();
+// }
+//
+// authorSign(targetDir, authorP12Path, authorPass, authorCAPath, null);
+// distSign(targetDir, dist1P12Path, dist1Pass, dist1CAPath, null, 1);
+// dist2SignWithParameterCheck(targetDir, dist2P12Path, dist2Pass, dist2CAPath, dist2RootPath);
+
+ SigningProfile profile = new SigningProfile( "temp" );
+ if ( StringUtil.isEmpty( authorCAPath ) ) {
+ profile.createProfileItemForDeveloper();
+ } else {
+ profile.createProfileItem(0, authorP12Path, authorPass, authorCAPath, null );
}
+ profile.createProfileItem( 1, dist1P12Path, dist1Pass, dist1CAPath, null );
+ profile.createProfileItem( 2, dist2P12Path, dist2Pass, dist2CAPath, dist2RootPath );
- authorSign(targetDir, authorP12Path, authorPass, authorCAPath, null);
- distSign(targetDir, dist1P12Path, dist1Pass, dist1CAPath, null, 1);
- dist2SignWithParameterCheck(targetDir, dist2P12Path, dist2Pass, dist2CAPath, dist2RootPath);
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( profile, targetDir );
+ signer.sign( false );
}
public static void authorSign(String targetDir, String authorP12Path, String authorPass, String authorCAPath, String rootCaPath) throws Exception{
checkNullParameters(targetDir, authorP12Path, authorPass);
- HashingSigning.AuthorSignature(targetDir, authorP12Path, authorPass, authorCAPath, null);
+// HashingSigning.AuthorSignature(targetDir, authorP12Path, authorPass, authorCAPath, null);
+
+ SigningProfileItem item = new SigningProfileItem();
+ item.setKeyLocation( authorP12Path );
+ item.setPassword( authorPass.toCharArray() );
+ item.setCAPath( authorCAPath );
+ item.setRootCAPath( rootCaPath );
+
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( null, targetDir );
+ String signatureName = SignatureUtility.getAuthorFilename();
+ signer.sign( item, SigningProfile.AUTHOR_ORDINAL, new File( targetDir, signatureName ), false );
}
public static void distSign(String targetDir, String distP12Path, String distPass, String distCAPath, String distRootPath, int distNumber) throws Exception{
checkNullParameters(targetDir, distP12Path, distPass);
- HashingSigning.DistributorSignature(targetDir, distP12Path, distPass, distCAPath, distRootPath, distNumber);
+// HashingSigning.DistributorSignature(targetDir, distP12Path, distPass, distCAPath, distRootPath, distNumber);
+
+ SigningProfileItem item = new SigningProfileItem();
+ item.setKeyLocation( distP12Path );
+ item.setPassword( distPass.toCharArray() );
+ item.setCAPath( distCAPath );
+ item.setRootCAPath( distRootPath );
+
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( null, targetDir );
+ String signatureName = SignatureUtility.getDistributorFilename( distNumber );
+ signer.sign( item, distNumber, new File( targetDir, signatureName ), false );
}
public static void authorIncrementalSign(String targetDir, String authorP12Path, String authorPass, String authorCAPath, String rootCaPath) throws Exception{
checkNullParameters(targetDir, authorP12Path, authorPass);
- HashingSigning.AuthorSignatureRDS(targetDir, authorP12Path, authorPass, authorCAPath, null);
+// HashingSigning.AuthorSignatureRDS(targetDir, authorP12Path, authorPass, authorCAPath, null);
+
+ SigningProfileItem item = new SigningProfileItem();
+ item.setKeyLocation( authorP12Path );
+ item.setPassword( authorPass.toCharArray() );
+ item.setCAPath( authorCAPath );
+ item.setRootCAPath( rootCaPath );
+
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( null, targetDir );
+ String signatureName = SignatureUtility.getAuthorFilename();
+ signer.sign( item, SigningProfile.AUTHOR_ORDINAL, new File( targetDir, signatureName ), true );
}
public static void distIncrementalSign(String targetDir, String distP12Path, String distPass, String distCAPath, String distRootPath, int distNumber) throws Exception{
checkNullParameters(targetDir, distP12Path, distPass);
- HashingSigning.DistributorSignatureRDS(targetDir, distP12Path, distPass, distCAPath, distRootPath, distNumber);
+// HashingSigning.DistributorSignatureRDS(targetDir, distP12Path, distPass, distCAPath, distRootPath, distNumber);
+
+ SigningProfileItem item = new SigningProfileItem();
+ item.setKeyLocation( distP12Path );
+ item.setPassword( distPass.toCharArray() );
+ item.setCAPath( distCAPath );
+ item.setRootCAPath( distRootPath );
+
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( null, targetDir );
+ String signatureName = SignatureUtility.getDistributorFilename( distNumber );
+ signer.sign( item, distNumber, new File( targetDir, signatureName ), true );
}
private static void checkNullParameters(String targetDir, String p12Path, String pass) throws IllegalArgumentException{
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import org.tizen.common.util.Assert;
+
public class SignatureUtility {
public static final String AUTHOR_PREFIX = "author-signature"; //$NON-NLS-1$
}
public static boolean isAuthorSignatureFile(String name) {
- return name.equalsIgnoreCase( AUTHOR_PREFIX + PERIOD + EXTENSION );
+ return getAuthorFilename().equals( name );
}
public static boolean isDistributorSignatureFile(String name) {
return matcher.matches();
}
+ /**
+ * @return returns "author-signature.xml"
+ */
+ public static String getAuthorFilename() {
+ return AUTHOR_PREFIX + PERIOD + EXTENSION;
+ }
+
+ /**
+ * @param ordinal
+ * @return returns "signatureX.xml". 'X' is an ordinal.
+ */
+ public static String getDistributorFilename(int ordinal) {
+ Assert.isTrue( ordinal > 0 );
+ return DISTRIBUTOR_PREFIX + ordinal + PERIOD + EXTENSION;
+ }
}
\ No newline at end of file
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign;
+
+import static org.junit.Assert.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.junit.Test;
+import org.tizen.common.sign.model.Delta;
+import org.tizen.common.sign.model.DeltaState;
+import org.tizen.common.sign.signer.DeltaListResourceParser;
+import org.tizen.common.util.FileUtil;
+
+
+public class DeltaListResourceParserTest {
+
+ protected final String RES_PATH = "testRes";
+
+ protected InputStreamReader getReader(String content) {
+ return new InputStreamReader( new ByteArrayInputStream( content.getBytes() ) );
+ }
+
+ @Test
+ public void testRead() throws Exception {
+ final String testAres = FileUtil.appendPath( RES_PATH , "a.js", false );
+
+ Object[][] TEST_CASES = {
+ // { content, model count, expectedRealPath, expectedState, expectedUri, expectedExceptionClass }
+ { "", 0, null, null, null, null }, // empty
+ { "testRes/a.jsC__DEL__a.js", 1, testAres, DeltaState.Changed, "a.js", null },
+ { "testRes/a.jsD__DEL__b.js", 1, testAres, DeltaState.Deleted, "b.js", null },
+ { "testRes/a.jsD__DEL__", 0, null, null, null, IOException.class }, // no uri
+ { "C__DEL__a.js", 0, null, null, null, IOException.class }, // no real path
+ { "__DEL__a.js", 0, null, null, null, IOException.class }, // no real path & state
+ { "__DEL__", 0, null, null, null, IOException.class }, // only delimiter
+ { "testRes/a.js", 0, null, null, null, IOException.class }, // only real path
+ { "testRes/a.js__DEL__b.js", 0, null, null, null, IOException.class }, // no state
+ { "testRes/a.jsE__DEL__b.js", 0, null, null, null, IOException.class }, // wrong state
+ { "testRes/a.jsN__DEL__b.js", 0, null, null, null, IOException.class }, // Nothing state
+ { "testRes/a.jsC__EL__a.js", 0, null, null, null, IOException.class }, // wrong delimiter
+ { "testRes/a.jsC__DEL_a.js", 0, null, null, null, IOException.class }, // wrong delimiter
+ { " C__DEL__ ", 0, null, null, null, FileNotFoundException.class }, // real path spacing
+ { "testRs/a.jsC__DEL__a.js", 0, null, null, null, FileNotFoundException.class }, // wrong real path
+ };
+
+ for ( Object[] TEST_CASE : TEST_CASES ) {
+ String content = (String) TEST_CASE[0];
+ int cnt = (Integer) TEST_CASE[1];
+ String expected1 = (String) TEST_CASE[2];
+ DeltaState expected2 = (DeltaState) TEST_CASE[3];
+ String expected3 = (String) TEST_CASE[4];
+ Class exception = (Class) TEST_CASE[5];
+
+ InputStreamReader isr = getReader( content );
+ DeltaListResourceParser parser = new DeltaListResourceParser() {
+ @Override
+ protected boolean isExistResource(String path) {
+ return testAres.equals( path );
+ }
+ };
+
+ try {
+ assertFalse( parser.isRead() );
+ parser.read( isr );
+ assertTrue( parser.isRead() );
+ assertTrue( exception == null );
+ } catch(Exception e) {
+ // test exceptions
+ assertEquals( e.getClass(), exception );
+
+ Delta[] deltas = parser.getDeltas();
+ assertTrue( cnt == deltas.length );
+ continue;
+ }
+
+ Delta[] deltas = parser.getDeltas();
+ assertTrue( cnt == deltas.length );
+ for ( Delta delta : deltas ) {
+ assertEquals( expected1, delta.getRealPath() );
+ assertEquals( expected2, delta.getState() );
+ assertEquals( expected3, delta.getUri() );
+ }
+ }
+ }
+
+}
+++ /dev/null
-/*
- * Common
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
- *
- * Contact:
- * Jihoon Song <jihoon80.song@samsung.com>
- * Hyeongseok Heo <hyeongseok.heo@samsung.com>
- * BonYong Lee <bonyong.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Contributors:
- * - S-Core Co., Ltd
- *
- */
-
-package org.tizen.common.sign;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.io.File;
-import java.io.IOException;
-
-import hashsign.HashingSigning;
-
-import org.junit.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.tizen.common.util.FileUtil;
-import org.tizen.common.util.OSChecker;
-
-
-/**
- * Test case for {@link HashingSigning}
- *
- * @author JIhoon Song {@literal<jihoon80.song@samsung.com>}
- */
-public class HashingSigningTest {
-
- protected final Logger logger = LoggerFactory.getLogger( getClass() );
-
- public final String TEST_DIR = "test/test_files";
- public final String NONEXISTFOLDER = "test/test_nonexist";
- public final String TEST_SPECIAL_DIR;
-
- public final String TEST_FILE = "test.txt";
-
- public final String AUTHOR_SIGNATURE = "author-signature.xml";
- public final String DISTRIBUTOR1_SIGNATURE = "signature1.xml";
- public final String DISTRIBUTOR2_SIGNATURE = "signature2.xml";
-
- public final String P12_KEY = "key/samsung.devmode.sdk.cert.p12";
- public final String P12_PASSWORD = "1234";
-
-
- // Constructor
- public HashingSigningTest() {
- // Not allowed special characters :
- // -- Linux : \\ $ ` : #
- // -- Windows : \\ * ? " < > | $ ` : #
-
- if ( OSChecker.isWindows() ) {
- TEST_SPECIAL_DIR = "test/~!@%^&()_+-=[]{};',.";
- } else {
- TEST_SPECIAL_DIR = "test/~!@%^&*()_+|-=[]{};'<>?,.";
- }
- }
-
- protected void createTestFile(String appDirPath) throws IOException {
- if ( appDirPath == null ) {
- return;
- }
-
- // make directory
- File appDir = new File( appDirPath );
- if ( !appDir.exists() ) {
- appDir.mkdirs();
- }
-
- // create test source
- String srcTextFile = FileUtil.appendPath( appDirPath, TEST_FILE );
- FileUtil.createTextFile( new File( srcTextFile ), TEST_FILE, null );
- }
-
- protected void removeTestFile(String appDirPath) {
- if ( appDirPath == null ) {
- return;
- }
-
- File appDir = new File( appDirPath );
- if ( appDir.exists() ) {
- FileUtil.recursiveDelete( appDir );
- }
- }
-
- protected void safeRemoveFile(String path) {
- if ( path == null ) {
- return;
- }
-
- File file = new File( path );
- if ( file.exists() ) {
- file.delete();
- }
- }
-
- /**
- * Test {@link HashingSigning#AuthorSignature(String, String,String, String, String)}
- *
- * @throws Exception in case of failure in test
- *
- * @see HashingSigning#AuthorSignature(String, String,String, String, String)
- */
- @Test
- public void test_signAuthor() throws IOException {
- final Object[][] TEST_CASES = new Object[][] {
- new Object[] { null, null, null, null, null, IllegalStateException.class, null }, // null app path test
- new Object[] { NONEXISTFOLDER, null, null, null, null, null, null }, // non-exist app path test
- new Object[] { TEST_DIR, null, null, null, null, IllegalStateException.class, null }, // null p12 path test
- new Object[] { TEST_DIR, "aaa", null, null, null, null, null }, // wrong p12 path test : silence fail
- new Object[] { TEST_DIR, P12_KEY, null, null, null, null, null }, // null password test : silence fail with NPE stack trace
- new Object[] { TEST_DIR, P12_KEY, "wrong", null, null, IOException.class, null }, // wrong password
- new Object[] { TEST_DIR, P12_KEY, P12_PASSWORD, null, null, null, AUTHOR_SIGNATURE },
- new Object[] { TEST_SPECIAL_DIR, P12_KEY, P12_PASSWORD, null, null, null, AUTHOR_SIGNATURE },
- new Object[] { "test/한글", P12_KEY, P12_PASSWORD, null, null, null, AUTHOR_SIGNATURE },
- };
-
- int test_sequence = 0;
- for ( final Object[] TEST_CASE : TEST_CASES ) {
- final String appDirPath = (String) TEST_CASE[0];
- final String pkContentFilePath = (String) TEST_CASE[1];
- final String pkContentFilePasswd = (String) TEST_CASE[2];
- final String caCertPath = (String) TEST_CASE[3];
- final String rootCertPath = (String) TEST_CASE[4];
- final Object expectedException = TEST_CASE[5];
- final String expectedFile = (String) TEST_CASE[6];
-
- test_sequence++;
-
- // create test directory & source
- if ( !NONEXISTFOLDER.equals( appDirPath ) ) {
- createTestFile( appDirPath );
- }
-
- // get signature file path
- String expectedFilePath = null;
- if ( expectedFile != null ) {
- expectedFilePath = FileUtil.appendPath( appDirPath, expectedFile );
- }
-
- try {
- logger.info( test_sequence + "th test start" );
-
- // run test function
- HashingSigning.AuthorSignature( appDirPath, pkContentFilePath, pkContentFilePasswd, caCertPath, rootCertPath );
-
- // in case of an exception
- if ( expectedException != null ) {
- fail( test_sequence + "th HashingSigning.AuthorSignature() must be throw exception" );
- }
-
- // no exception
- if ( expectedFile != null ) {
- // check a created signature file
- assertTrue( test_sequence + "th Expected file exist : " + expectedFilePath, FileUtil.isExist( expectedFilePath ) );
- } else {
- // not created signature file, but an exception is not occurred.
- // will print exception stack traces in the console
- }
- } catch (Exception e) {
- assertEquals( test_sequence + "th a kind of exceptions : ", expectedException, e.getClass() );
- } finally {
- // crear a created signature file
- safeRemoveFile( expectedFile );
-
- // clear test directory & source
- removeTestFile( appDirPath );
- }
- }
- }
-
- /**
- * Test {@link HashingSigning#DistributorSignature(String, String,String, String, String, int)}
- *
- * @throws Exception in case of failure in test
- *
- * @see HashingSigning#DistributorSignature(String, String,String, String, String, int)
- */
- @Test
- public void test_signDistributor() throws IOException {
- final Object[][] TEST_CASES = new Object[][] {
- new Object[] { null, null, null, null, null, 1, IllegalStateException.class, null }, // null app path test
- new Object[] { NONEXISTFOLDER, null, null, null, null, 1, null, null }, // non-exist app path test
- new Object[] { TEST_DIR, null, null, null, null, 1, IllegalStateException.class, null }, // null p12 path test
- new Object[] { TEST_DIR, "aaa", null, null, null, 1, null, null }, // wrong p12 path test : silence fail
- new Object[] { TEST_DIR, P12_KEY, null, null, null, 1, null, null }, // null password test : silence fail with NPE stack trace
- new Object[] { TEST_DIR, P12_KEY, "wrong", null, null, 1, IOException.class, null }, // wrong password
- new Object[] { TEST_DIR, P12_KEY, P12_PASSWORD, null, null, 1, null, DISTRIBUTOR1_SIGNATURE },
- new Object[] { TEST_SPECIAL_DIR, P12_KEY, P12_PASSWORD, null, null, 1, null, DISTRIBUTOR1_SIGNATURE },
- new Object[] { "test/한글", P12_KEY, P12_PASSWORD, null, null, 1, null, DISTRIBUTOR1_SIGNATURE },
- new Object[] { TEST_DIR, P12_KEY, P12_PASSWORD, null, null, 2, null, DISTRIBUTOR2_SIGNATURE },
- new Object[] { TEST_SPECIAL_DIR, P12_KEY, P12_PASSWORD, null, null, 2, null, DISTRIBUTOR2_SIGNATURE },
- new Object[] { "test/한글", P12_KEY, P12_PASSWORD, null, null, 2, null, DISTRIBUTOR2_SIGNATURE },
- };
-
- int test_sequence = 0;
- for ( final Object[] TEST_CASE : TEST_CASES ) {
- final String appDirPath = (String) TEST_CASE[0];
- final String pkContentFilePath = (String) TEST_CASE[1];
- final String pkContentFilePasswd = (String) TEST_CASE[2];
- final String caCertPath = (String) TEST_CASE[3];
- final String rootCertPath = (String) TEST_CASE[4];
- final int distNumber = (Integer) TEST_CASE[5];
- final Object expectedException = TEST_CASE[6];
- final String expectedFile = (String) TEST_CASE[7];
-
- test_sequence++;
-
- // create test directory & source
- if ( !NONEXISTFOLDER.equals( appDirPath ) ) {
- createTestFile( appDirPath );
- }
-
- // get signature file path
- String expectedFilePath = null;
- if ( expectedFile != null ) {
- expectedFilePath = FileUtil.appendPath( appDirPath, expectedFile );
- }
-
- try {
- logger.info( test_sequence + "th test start" );
-
- // run test function
- HashingSigning.DistributorSignature(appDirPath, pkContentFilePath, pkContentFilePasswd, caCertPath, rootCertPath, distNumber );
-
- // in case of an exception
- if ( expectedException != null ) {
- fail( test_sequence + "th HashingSigning.AuthorSignature() must be throw exception" );
- }
-
- // no exception
- if ( expectedFile != null ) {
- // check a created signature file
- assertTrue( test_sequence + "th Expected file exist : " + expectedFilePath, FileUtil.isExist( expectedFilePath ) );
- } else {
- // not created signature file, but an exception is not occurred.
- // will print exception stack traces in the console
- }
- } catch (Exception e) {
- // test exception
- assertEquals( test_sequence + "th a kind of exceptions : ", expectedException, e.getClass() );
- } finally {
- // crear a created signature file
- safeRemoveFile( expectedFile );
-
- // clear test directory & source
- removeTestFile( appDirPath );
- }
- }
- }
-}
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign;
+
+import static org.junit.Assert.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.Base64;
+
+import org.junit.Test;
+import org.tizen.common.sign.model.ReferenceCache;
+import org.tizen.common.sign.signer.ReferenceCacheParser;
+
+
+public class ReferenceCacheParserTest {
+
+ protected InputStreamReader getReader(String content) {
+ return new InputStreamReader( new ByteArrayInputStream( content.getBytes() ) );
+ }
+ protected String encode(String src) {
+ return new String( Base64.encode( src.getBytes() ) );
+ }
+
+ @Test
+ public void testRead() throws Exception {
+ String value = "abcdefg";
+ String encodedValue = encode( value );
+
+ Object[][] TEST_CASES = {
+ // { content, model count, expectedUri, expectedDigestValue, expectedExceptionClass or cause }
+ { "", 0, null, null, null }, // empty
+ { "a.js__DEL__" + encodedValue, 1, "a.js", value.getBytes(), null },
+ { "__DEL__" + encodedValue, 0, null, null, IOException.class }, // no uri
+ { "a.js__DEL__", 0, null, null, IOException.class }, // no digest
+ { "__DEL__", 0, null, null, IOException.class }, // no uri, digest
+ { "a.js__DL__" + encodedValue, 0, null, null, IOException.class }, // wrong delimiter
+ { "a.js_DEL__" + encodedValue, 0, null, null, IOException.class }, // wrong delimiter
+ { " __DEL__" + encodedValue, 1, " ", value.getBytes(), null }, // uri spacing // TODO: deny?
+ { "a.js__DEL__ ", 0, null, null, IOException.class }, // digest spacing.
+ { "a.js__DEL__" + value, 0, null, null, Base64DecodingException.class }, // wrong digest. IOException with cause
+ };
+
+ for ( Object[] TEST_CASE : TEST_CASES ) {
+ String content = (String) TEST_CASE[0];
+ int cnt = (Integer) TEST_CASE[1];
+ String expected1 = (String) TEST_CASE[2];
+ byte[] expected2 = (byte[]) TEST_CASE[3];
+ Class exception = (Class) TEST_CASE[4];
+
+ InputStreamReader isr = getReader( content );
+ ReferenceCacheParser parser = new ReferenceCacheParser();
+
+ try {
+ assertFalse( parser.isRead() );
+ parser.read( isr );
+ assertTrue( parser.isRead() );
+ assertTrue( exception == null );
+ } catch(Exception e) {
+ // test exceptions
+ if ( e.getCause() != null ) {
+ e = (Exception) e.getCause();
+ }
+ assertEquals( e.getClass(), exception );
+
+ ReferenceCache[] caches = parser.getCaches();
+ assertTrue( cnt == caches.length );
+ continue;
+ }
+
+ ReferenceCache[] caches = parser.getCaches();
+ assertTrue( cnt == caches.length );
+ for ( ReferenceCache cache : caches ) {
+ assertEquals( expected1, cache.getUri() );
+ assertArrayEquals( expected2, cache.getDigestValue() );
+ }
+ }
+ }
+
+ @Test
+ public void testWrite() throws Exception {
+ ReferenceCacheParser parser = new ReferenceCacheParser();
+ assertTrue( parser.getSize() == 0 );
+
+ // test the update method with null
+ try {
+ parser.update( null );
+ fail();
+ } catch (Exception e) {
+ assertTrue( e instanceof IllegalArgumentException );
+ }
+
+ // add a model
+ String testUri = "a";
+ String testValue = "b";
+ ReferenceCache testCache = new ReferenceCache( testUri, testValue.getBytes() );
+ parser.update( testCache );
+ assertTrue( parser.getSize() == 1 );
+
+ // write a model
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ OutputStreamWriter osw = new OutputStreamWriter( baos );
+ parser.write( osw );
+
+ assertTrue( ( "a__DEL__" + encode( testValue ) + "\n" ).equals( baos.toString() ) );
+
+ // read it using another parser
+ ByteArrayInputStream bais = new ByteArrayInputStream( baos.toByteArray() );
+ InputStreamReader isr = new InputStreamReader( bais );
+ ReferenceCacheParser parser2 = new ReferenceCacheParser();
+ parser2.read( isr );
+
+ // test
+ ReferenceCache parsedCache = parser2.getCache( testUri );
+ assertEquals( testCache, parsedCache );
+
+ // test the remove method with null
+ try {
+ parser2.remove( null );
+ fail();
+ } catch (Exception e) {
+ assertTrue( e instanceof IllegalArgumentException );
+ }
+
+ // remove a non-existent cache
+ parser2.remove( "c" );
+ assertTrue( parser2.getSize() == 1 );
+
+ // remove an existent cache
+ parser2.remove( testUri );
+ assertTrue( parser2.getSize() == 0 );
+ }
+}
--- /dev/null
+/*
+ * Common - sign
+ *
+ * Copyright (C) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact:
+ * Jihoon Song <jihoon80.song@samsung.com>
+ * BonYong Lee <bonyong.lee@samsung.com>
+ * Kangho Kim <kh5325.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Contributors:
+ * - S-Core Co., Ltd
+ *
+ */
+package org.tizen.common.sign;
+
+import static org.junit.Assert.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.tizen.common.sign.preferences.SigningProfile;
+import org.tizen.common.sign.preferences.SigningProfileItem;
+import org.tizen.common.sign.signer.DeltaListResourceParser;
+import org.tizen.common.sign.signer.ReferenceCacheParser;
+import org.tizen.common.sign.signer.TizenIncrementalSigner;
+import org.tizen.common.sign.util.SignatureUtility;
+import org.tizen.common.util.FileUtil;
+import org.tizen.common.util.IOUtil;
+
+
+public class TizenIncrementalSignerTest {
+
+ protected final String TESTKEY = this.getClass().getResource( "testKey.p12" ).getPath();
+ protected final String TESTKEY_PWD = "testKey";
+ protected final String PROFILE_NAME = "TestProfile";
+ protected final String TEST_RESOURCE_DIR = "testResForIncrementalSign";
+ protected final String ADDED_SRC = "a.js";
+ protected final String ADDED_SRC2 = "c.js";
+ protected final String ADDED_DEST = "d.js";
+
+ protected final String[][] testResources = {
+ // filename, content
+ { "a.css", "A" },
+ { "a.html", "B" },
+ { "a.js", "C" },
+ { "b.css", "D" },
+ { "b.html", "E" },
+ { "b.js", "F" },
+ { "c.js", "G" },
+ };
+
+ protected final File delta = new File( TEST_RESOURCE_DIR, DeltaListResourceParser.FILENAME );
+ protected final File cache = new File( TEST_RESOURCE_DIR, ReferenceCacheParser.FILENAME );
+
+
+ protected void createDeltaFile(File deltaFile, String content) throws IOException {
+ FileOutputStream os = null;
+ try {
+ os = new FileOutputStream( deltaFile );
+ os.write( content.getBytes() );
+ os.flush();
+ } finally {
+ IOUtil.tryClose( os );
+ }
+ }
+
+ protected void testResult(byte[][] result1, byte[][] result2) {
+ assertTrue( result1.length == result2.length );
+ for ( int i = 0; i < result1.length; i++ ) {
+ assertTrue( i + "th signature values: ", Arrays.equals( result1[ i ], result2[ i ] ) );
+ }
+ }
+
+ protected void setUpForFilesystem() throws IOException {
+ // create a test resource directory
+ File testResDir = new File( TEST_RESOURCE_DIR );
+ if ( ! testResDir.exists() ) {
+ testResDir.mkdirs();
+ }
+
+ // create test resources in directory
+ for ( String[] testResource : this.testResources ) {
+ File testResFile = new File( TEST_RESOURCE_DIR, testResource[0] );
+
+ FileOutputStream fos = null;
+ try {
+ fos = new FileOutputStream( testResFile );
+ fos.write( testResource[1].getBytes() );
+ } finally {
+ IOUtil.tryClose( fos );
+ }
+ }
+ }
+
+ protected void tearDownForFilesystem() {
+ File testResDir = new File( TEST_RESOURCE_DIR );
+ FileUtil.recursiveDelete( testResDir );
+ }
+
+ @Ignore // this is a functionality test.
+ @Test
+ public void testIncrementalSign() throws Exception {
+ SigningProfile profile = new SigningProfile( PROFILE_NAME );
+ profile.createProfileItem( 0, TESTKEY, TESTKEY_PWD, null, null );
+ profile.createProfileItem( 1, TESTKEY, TESTKEY_PWD, null, null );
+ profile.createProfileItem( 2, TESTKEY, TESTKEY_PWD, null, null );
+
+ File src = new File( TEST_RESOURCE_DIR, ADDED_SRC );
+ File src2 = new File( TEST_RESOURCE_DIR, ADDED_SRC2 );
+ File dest = new File( TEST_RESOURCE_DIR, ADDED_DEST );
+
+ try {
+ setUpForFilesystem();
+
+ // fully sign
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result1 = signer.sign( false );
+
+ // incremental sign
+ TizenIncrementalSigner signer2 = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result2 = signer2.sign( true );
+
+ // TEST1
+ testResult( result1, result2 );
+
+ // incremental sign with add delta
+ createDeltaFile( delta, src.getPath() + "C__DEL__" + ADDED_DEST );
+ TizenIncrementalSigner signer3 = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result3 = signer3.sign( true );
+
+ // fully sign with remove delta
+ FileUtil.copyTo( src , dest, false );
+ TizenIncrementalSigner signer4 = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result4 = signer4.sign( false );
+
+ // TEST2
+ testResult( result3, result4 );
+
+ // incremental sign with change delta
+ createDeltaFile( delta, src2.getPath() + "C__DEL__" + ADDED_DEST );
+ TizenIncrementalSigner signer7 = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result7 = signer7.sign( true );
+
+ // fully sign with change delta
+ FileUtil.copyTo( src2 , dest, false );
+ TizenIncrementalSigner signer8 = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result8 = signer8.sign( false );
+
+ // TEST3
+ testResult( result7, result8 );
+
+ // incremental sign with remove delta
+ createDeltaFile( delta, src.getPath() + "D__DEL__" + ADDED_DEST );
+ TizenIncrementalSigner signer5 = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result5 = signer5.sign( true );
+
+ // fully sign with remove delta
+ dest.delete();
+ TizenIncrementalSigner signer6 = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result6 = signer6.sign( false );
+
+ // TEST4
+ testResult( result5, result6 );
+ } finally {
+ // remove an added file for testing
+ if ( dest.exists() ) {
+ dest.delete();
+ }
+
+ tearDownForFilesystem();
+ }
+ }
+
+ @Ignore // this is a functionality test.
+ @Test
+ public void testSignWithProfile() throws Exception {
+ SigningProfile profile = new SigningProfile( PROFILE_NAME );
+ profile.createProfileItem( 0, TESTKEY, TESTKEY_PWD, null, null );
+ // skip the second profile ( signature1.xml )
+ profile.createProfileItem( 2, TESTKEY, TESTKEY_PWD, null, null );
+
+ try {
+ setUpForFilesystem();
+
+ // fully sign
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result1 = signer.sign( false );
+
+ // incremental sign
+ TizenIncrementalSigner signer2 = new TizenIncrementalSigner( profile, TEST_RESOURCE_DIR );
+ byte[][] result2 = signer2.sign( true );
+
+ // TEST1
+ testResult( result1, result2 );
+ } finally {
+ tearDownForFilesystem();
+ }
+ }
+
+ @Test
+ public void testConstructor() throws Exception {
+ try {
+ new TizenIncrementalSigner( null, null );
+ fail();
+ } catch(IllegalArgumentException e) {
+ // test success
+ }
+
+ try {
+ new TizenIncrementalSigner( new SigningProfile( "" ), null );
+ fail();
+ } catch(IllegalArgumentException e) {
+ // test success
+ }
+
+ // no profile, but sign with profile.
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( null, TEST_RESOURCE_DIR );
+ try {
+ signer.sign( false );
+ fail();
+ } catch(IllegalArgumentException e) {
+ // test success
+ }
+
+ // test empty profile
+ TizenIncrementalSigner signer2 = new TizenIncrementalSigner( new SigningProfile( "" ), TEST_RESOURCE_DIR );
+ byte[][] result = signer2.sign( false );
+
+ assertNull( result[0] );
+ assertNull( result[1] );
+ assertNull( result[2] );
+ }
+
+ @Ignore // this is a functionality test
+ @Test
+ public void testCheckPassword() throws Exception {
+ Object[][] TEST_CASES = {
+ // key, password, expected result, expected exception
+ { TESTKEY, TESTKEY_PWD, true, null },
+ { null, null, false, IllegalArgumentException.class },
+ { null, TESTKEY_PWD, false, IllegalArgumentException.class },
+ { "", TESTKEY_PWD, false, FileNotFoundException.class },
+ { "abc", TESTKEY_PWD, false, FileNotFoundException.class },
+ { TESTKEY, null, false, IllegalArgumentException.class },
+ { TESTKEY, "", false, null },
+ { TESTKEY, "abc", false, null },
+ };
+
+ for ( int i = 0, length = TEST_CASES.length; i < length; i++ ) {
+ String key = (String) TEST_CASES[i][0];
+ String pwd = (String) TEST_CASES[i][1];
+ boolean expectedResult = (Boolean) TEST_CASES[i][2];
+ Class expectedException = (Class) TEST_CASES[i][3];
+
+ try {
+ boolean bCheck = TizenIncrementalSigner.checkCertificatePassword( key, pwd );
+ if ( expectedException != null ) {
+ fail( i + "th test" );
+ }
+ assertTrue( i + "th test", bCheck == expectedResult );
+ } catch( Exception e ) {
+ if ( ! e.getClass().equals( expectedException ) ) {
+ fail( i + "th test" );
+ }
+ }
+ }
+ }
+
+ @Test
+ public void testSignWithbInremental() throws Exception {
+ class TizenIncrementalSignerForTest extends TizenIncrementalSigner {
+ public boolean bLoadDeltas = false;
+ public List<String> xmlPathList = new ArrayList<String>();
+
+ public TizenIncrementalSignerForTest(SigningProfile certProfile,
+ String rootPath) {
+ super(certProfile, rootPath);
+ }
+
+ @Override
+ protected boolean loadDeltas() throws IOException {
+ bLoadDeltas = true;
+ return true;
+ }
+
+ @Override
+ public byte[] sign(SigningProfileItem item, int ordinal,
+ File xmlFile, boolean bIncremental)
+ throws UnrecoverableKeyException, KeyStoreException,
+ NoSuchAlgorithmException, CertificateException,
+ XMLSecurityException, ParserConfigurationException,
+ IOException {
+ xmlPathList.add( xmlFile.getName() );
+ return null;
+ }
+ }
+
+ SigningProfile testProfile1 = new SigningProfile( "test1" );
+ testProfile1.setProfileItem( 0, new SigningProfileItem() );
+
+ SigningProfile testProfile2 = new SigningProfile( "test2" );
+ testProfile2.setProfileItem( 1, new SigningProfileItem() );
+
+ SigningProfile testProfile3 = new SigningProfile( "test3" );
+ testProfile3.setProfileItem( 2, new SigningProfileItem() );
+
+ SigningProfile testProfile4 = new SigningProfile( "test4" );
+ testProfile4.setProfileItem( 0, new SigningProfileItem() );
+ testProfile4.setProfileItem( 1, new SigningProfileItem() );
+
+ SigningProfile testProfile5 = new SigningProfile( "test5" );
+ testProfile5.setProfileItem( 1, new SigningProfileItem() );
+ testProfile5.setProfileItem( 2, new SigningProfileItem() );
+
+ SigningProfile testProfile6 = new SigningProfile( "test6" );
+ testProfile6.setProfileItem( 0, new SigningProfileItem() );
+ testProfile6.setProfileItem( 2, new SigningProfileItem() );
+
+ SigningProfile testProfile7 = new SigningProfile( "test7" );
+ testProfile7.setProfileItem( 0, new SigningProfileItem() );
+ testProfile7.setProfileItem( 1, new SigningProfileItem() );
+ testProfile7.setProfileItem( 2, new SigningProfileItem() );
+
+ String authorFilename = SignatureUtility.getAuthorFilename();
+ String distributor1Filename = SignatureUtility.getDistributorFilename( 1 );
+ String distributor2Filename = SignatureUtility.getDistributorFilename( 2 );
+
+ Object[][] TEST_CASES = {
+ // SigningProfile, bIncremental, expectedLoadDeltasCall, expectedMakefiles
+ { new SigningProfile( "" ), false, new String[] {} },
+ { new SigningProfile( "" ), true, new String[] {} },
+ { testProfile1, false, new String[] { authorFilename } },
+ { testProfile1, true, new String[] { authorFilename } },
+ { testProfile2, false, new String[] { distributor1Filename } },
+ { testProfile2, true, new String[] { distributor1Filename } },
+ { testProfile3, false, new String[] { distributor2Filename } },
+ { testProfile3, true, new String[] { distributor2Filename } },
+ { testProfile4, false, new String[] { authorFilename, distributor1Filename } },
+ { testProfile4, true, new String[] { authorFilename, distributor1Filename } },
+ { testProfile5, false, new String[] { distributor1Filename, distributor2Filename } },
+ { testProfile5, true, new String[] { distributor1Filename, distributor2Filename } },
+ { testProfile6, false, new String[] { authorFilename, distributor2Filename } },
+ { testProfile6, true, new String[] { authorFilename, distributor2Filename } },
+ { testProfile7, false, new String[] { authorFilename, distributor1Filename, distributor2Filename } },
+ { testProfile7, true, new String[] { authorFilename, distributor1Filename, distributor2Filename } },
+ };
+
+ for ( Object[] TEST_CASE : TEST_CASES ) {
+ SigningProfile profile = (SigningProfile) TEST_CASE[0];
+ boolean bIncremental = (Boolean) TEST_CASE[1];
+ String[] expectedMakefiles = (String[]) TEST_CASE[2];
+
+ // call tester
+ TizenIncrementalSignerForTest signer = new TizenIncrementalSignerForTest( profile, TEST_RESOURCE_DIR );
+ signer.sign( bIncremental );
+
+ // test value
+ assertArrayEquals( expectedMakefiles, signer.xmlPathList.toArray( new String[0] ) );
+ }
+ }
+
+ @Test
+ public void testSignItemWithOutputStream() throws Exception {
+ TizenIncrementalSigner signer = new TizenIncrementalSigner( new SigningProfile(""), TEST_RESOURCE_DIR );
+
+ Object[][] TEST_CASES = {
+ // SigningProfileItem, ordinal, bIncremental, OutpuStream, expectedByte[] or Exception
+ { null, 0, false, new ByteArrayOutputStream(), IllegalArgumentException.class },
+ { new SigningProfileItem(), -1, false, new ByteArrayOutputStream(), IllegalArgumentException.class },
+ { new SigningProfileItem(), 0, false, null, IllegalArgumentException.class },
+ { null, 0, true, new ByteArrayOutputStream(), IllegalArgumentException.class },
+ { new SigningProfileItem(), -1, true, new ByteArrayOutputStream(), IllegalArgumentException.class },
+ { new SigningProfileItem(), 0, true, null, IllegalArgumentException.class },
+ };
+
+ for ( Object[] TEST_CASE : TEST_CASES ) {
+ SigningProfileItem item = (SigningProfileItem) TEST_CASE[0];
+ int ordinal = (Integer) TEST_CASE[1];
+ boolean bIncremental = (Boolean) TEST_CASE[2];
+ OutputStream os = (OutputStream) TEST_CASE[3];
+
+ if ( TEST_CASE[4] instanceof byte[] ) {
+ byte[] expectedResult = (byte[]) TEST_CASE[4];
+
+ // success test
+ byte[] result = signer.sign( item, ordinal, os, bIncremental);
+
+ // test value
+ assertArrayEquals( expectedResult, result );
+ } else {
+ Class expectedResult = (Class) TEST_CASE[4];
+
+ try {
+ // exception test
+ signer.sign( item, ordinal, os, bIncremental );
+ fail();
+ } catch( Exception e ) {
+ assertEquals( expectedResult, e.getClass() );
+ }
+ }
+ }
+ }
+}
*/\r
package org.tizen.common.util;\r
\r
+import java.lang.reflect.Field;\r
+import java.lang.reflect.InvocationTargetException;\r
+import java.lang.reflect.Method;\r
+\r
import org.slf4j.Logger;\r
import org.slf4j.LoggerFactory;\r
\r
final String className\r
)\r
{\r
- final ClassLoader cl = Thread.currentThread().getContextClassLoader();\r
+ final ClassLoader cl = Thread.currentThread().getContextClassLoader();\r
return tryNewInstance( className, cl );\r
}\r
\r
final ClassLoader loader\r
)\r
{\r
- try\r
+ try\r
{\r
- final Class<?> clazz = loader.loadClass( className );\r
- return (T) clazz.newInstance();\r
+ final Class<?> clazz = loader.loadClass( className );\r
+ return (T) clazz.newInstance();\r
}\r
- catch ( final ClassNotFoundException e )\r
+ catch ( final ClassNotFoundException e )\r
{\r
logger.info( "Class not found:", e );\r
}\r
- catch ( final InstantiationException e )\r
+ catch ( final InstantiationException e )\r
{\r
logger.info( "Fail to instantiate:", e );\r
}\r
- catch ( final IllegalAccessException e )\r
+ catch ( final IllegalAccessException e )\r
{\r
logger.info( "An access of constructor fail:", e );\r
}\r
- return null;\r
+ return null;\r
+ \r
+ }\r
+ \r
+ /**\r
+ * Get a field instance whose the field name of instance is fieldName.<br>\r
+ * This method try to traverse super classes.\r
+ * \r
+ * @param instance the actual instance.\r
+ * @param fieldName the field name of instance.\r
+ * @param force Although inaccessible, can access.\r
+ * @return If get successfully, return a field instance. otherwise, return null.\r
+ */\r
+ public static Object getField(Object instance, String fieldName, boolean force) {\r
+ Assert.notNull( instance );\r
+ \r
+ try {\r
+ Class<?> clazz = instance.getClass();\r
+ \r
+ while( clazz != null ) {\r
+ try {\r
+ Field field = (Field) clazz.getDeclaredField( fieldName );\r
+ if ( force && ! field.isAccessible() ) {\r
+ field.setAccessible( true );\r
+ }\r
+ \r
+ return field.get( instance );\r
+ } catch (NoSuchFieldException e) {\r
+ // If the field is null, try to traverse super classes.\r
+ // and then if not found super class, the clazz is null.\r
+ clazz = clazz.getSuperclass();\r
+ }\r
+ }\r
+ \r
+ logger.debug( "A field is not found." );\r
+ } catch (IllegalArgumentException e) {\r
+ logger.debug( "Failed to get a field from the instance: ", e );\r
+ } catch (IllegalAccessException e) {\r
+ logger.debug( "A field is inaccessible: ", e );\r
+ }\r
+ \r
+ return null;\r
+ }\r
+ \r
+ /**\r
+ * Call a method whose the method name of instance is methodName with parameters.<br>\r
+ * This method try to traverse super classes.\r
+ * \r
+ * @param instance the actual instance.\r
+ * @param methodName the method name of instance.\r
+ * @param paramTypes the type of parameters\r
+ * @param params the parameters\r
+ * @param force Although inaccessible, can access.\r
+ * @return If call successfully, return a return object of method. otherwise, return null.\r
+ * @throws InvocationTargetException If the method of instance throws an exception.\r
+ */\r
+ public static Object callMethod(Object instance, String methodName,\r
+ Class<?>[] paramTypes, Object[] params, boolean force)\r
+ throws InvocationTargetException {\r
+ \r
+ Assert.notNull( instance );\r
+ \r
+ try {\r
+ Class<?> clazz = instance.getClass();\r
+ \r
+ while ( clazz != null ) {\r
+ try {\r
+ Method method = clazz.getDeclaredMethod( methodName, paramTypes );\r
+ if ( force && ! method.isAccessible() ) {\r
+ method.setAccessible( true );\r
+ }\r
+ \r
+ return method.invoke( instance, params );\r
+ } catch (NoSuchMethodException e) {\r
+ clazz = clazz.getSuperclass();\r
+ }\r
+ }\r
+ \r
+ logger.debug( "A method is not found." );\r
+ } catch (IllegalArgumentException e) {\r
+ logger.debug( "Failed to get or call a method from the instance: ", e );\r
+ } catch (IllegalAccessException e) {\r
+ logger.debug( "A method is inaccessible: ", e );\r
+ }\r
\r
+ return null;\r
}\r
}\r
projects / sdk / ide / common-eplugin.git / commitdiff