Mercurial > hg > openjdk > jdk8u > jdk
changeset 14105:4d586f39fed3 jdk8u272-b04
8217878: ENVELOPING XML signature no longer works in JDK 11
8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
Summary: Backout and restore previous XML signature marshalling implementation
Reviewed-by: weijun
line wrap: on
line diff
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java Tue Mar 05 08:24:58 2019 -0500 @@ -148,7 +148,8 @@ * @return String with Base64 encoding */ public static final String encode(BigInteger big) { - return encode(getBytes(big, big.bitLength())); + byte[] bytes = XMLUtils.getBytes(big, big.bitLength()); + return XMLUtils.encodeToString(bytes); } /** @@ -214,9 +215,9 @@ * @return a decoded BigInteger * @throws Base64DecodingException */ - public static BigInteger decodeBigIntegerFromString(String base64str) - throws Base64DecodingException { - return new BigInteger(1, Base64.decode(base64str)); + public static final BigInteger decodeBigIntegerFromText(Text text) + throws Base64DecodingException { + return new BigInteger(1, Base64.decode(text.getData())); } /**
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java Tue Mar 05 08:24:58 2019 -0500 @@ -28,6 +28,7 @@ import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; +import java.util.Base64; import java.util.HashSet; import java.util.Iterator; import java.util.List; @@ -443,6 +444,25 @@ } } + public static String encodeToString(byte[] bytes) { + if (ignoreLineBreaks) { + return Base64.getEncoder().encodeToString(bytes); + } + return Base64.getMimeEncoder().encodeToString(bytes); + } + + public static byte[] decode(String encodedString) { + return Base64.getMimeDecoder().decode(encodedString); + } + + public static byte[] decode(byte[] encodedBytes) { + return Base64.getMimeDecoder().decode(encodedBytes); + } + + public static boolean isIgnoreLineBreaks() { + return ignoreLineBreaks; + } + /** * Method convertNodelistToSet *
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/AbstractDOMSignatureMethod.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/AbstractDOMSignatureMethod.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,19 +29,23 @@ import java.security.SignatureException; import java.security.spec.AlgorithmParameterSpec; import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.SignedInfo; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.XMLSignatureException; import javax.xml.crypto.dsig.XMLSignContext; import javax.xml.crypto.dsig.XMLValidateContext; import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; +import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; /** * An abstract class representing a SignatureMethod. Subclasses implement * a specific XML DSig signature algorithm. */ -abstract class AbstractDOMSignatureMethod extends BaseStructure +abstract class AbstractDOMSignatureMethod extends DOMStructure implements SignatureMethod { // denotes the type of signature algorithm @@ -65,7 +69,7 @@ * as the passed in signature is improperly encoded * @throws XMLSignatureException if an unexpected error occurs */ - abstract boolean verify(Key key, DOMSignedInfo si, byte[] sig, + abstract boolean verify(Key key, SignedInfo si, byte[] sig, XMLValidateContext context) throws InvalidKeyException, SignatureException, XMLSignatureException; @@ -83,7 +87,7 @@ * the wrong type, or parameters are missing, etc * @throws XMLSignatureException if an unexpected error occurs */ - abstract byte[] sign(Key key, DOMSignedInfo si, XMLSignContext context) + abstract byte[] sign(Key key, SignedInfo si, XMLSignContext context) throws InvalidKeyException, XMLSignatureException; /** @@ -101,16 +105,21 @@ * This method invokes the {@link #marshalParams marshalParams} * method to marshal any algorithm-specific parameters. */ - public void marshal(XmlWriter xwriter, String dsPrefix) + @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { - xwriter.writeStartElement(dsPrefix, "SignatureMethod", XMLSignature.XMLNS); - xwriter.writeAttribute("", "", "Algorithm", getAlgorithm()); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + + Element smElem = DOMUtils.createElement(ownerDoc, "SignatureMethod", + XMLSignature.XMLNS, dsPrefix); + DOMUtils.setAttribute(smElem, "Algorithm", getAlgorithm()); if (getParameterSpec() != null) { - marshalParams(xwriter, dsPrefix); + marshalParams(smElem, dsPrefix); } - xwriter.writeEndElement(); // "SignatureMethod" + + parent.appendChild(smElem); } /** @@ -123,7 +132,7 @@ * @param paramsPrefix the algorithm parameters prefix to use * @throws MarshalException if the parameters cannot be marshalled */ - void marshalParams(XmlWriter xwriter, String paramsPrefix) + void marshalParams(Element parent, String paramsPrefix) throws MarshalException { throw new MarshalException("no parameters should " +
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java Tue Mar 05 08:24:58 2019 -0500 @@ -69,7 +69,6 @@ return params; } - @Override public void init(XMLStructure parent, XMLCryptoContext context) throws InvalidAlgorithmParameterException { @@ -88,7 +87,6 @@ ownerDoc = DOMUtils.getOwnerDocument(transformElem); } - @Override public void marshalParams(XMLStructure parent, XMLCryptoContext context) throws MarshalException {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java Tue Mar 05 08:24:58 2019 -0500 @@ -45,7 +45,6 @@ this.xi = xi; } - @Override public XMLSignatureInput getXMLSignatureInput() { return xi; }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java Tue Mar 05 08:24:58 2019 -0500 @@ -67,7 +67,6 @@ return params; } - @Override public void init(XMLStructure parent, XMLCryptoContext context) throws InvalidAlgorithmParameterException { @@ -86,7 +85,6 @@ ownerDoc = DOMUtils.getOwnerDocument(transformElem); } - @Override public void marshalParams(XMLStructure parent, XMLCryptoContext context) throws MarshalException { @@ -105,7 +103,6 @@ ownerDoc = DOMUtils.getOwnerDocument(transformElem); } - @Override public Data transform(Data data, XMLCryptoContext xc) throws TransformException { @@ -115,7 +112,6 @@ return transformIt(data, xc, null); } - @Override public Data transform(Data data, XMLCryptoContext xc, OutputStream os) throws TransformException { @@ -206,7 +202,6 @@ } } - @Override public final boolean isFeatureSupported(String feature) { if (feature == null) { throw new NullPointerException();
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/BaseStructure.java Tue Jun 19 08:06:35 2018 +0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,49 +0,0 @@ -/* - * reserved comment block - * DO NOT REMOVE OR ALTER! - */ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.jcp.xml.dsig.internal.dom; - -import javax.xml.crypto.XMLStructure; - -import org.w3c.dom.Node; - -public abstract class BaseStructure implements XMLStructure { - - /** - * Just return the text of the immediate child of a node. - * - * @param node - * @return the text of a Node - */ - public static String textOfNode(Node node) { - return node.getFirstChild().getNodeValue(); - } - - public final boolean isFeatureSupported(String feature) { - if (feature == null) { - throw new NullPointerException(); - } else { - return false; - } - } - -}
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14N11Method.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14N11Method.java Tue Mar 05 08:24:58 2019 -0500 @@ -48,7 +48,6 @@ public static final String C14N_11_WITH_COMMENTS = "http://www.w3.org/2006/12/xml-c14n11#WithComments"; - @Override public void init(TransformParameterSpec params) throws InvalidAlgorithmParameterException { if (params != null) { @@ -57,7 +56,6 @@ } } - @Override public Data transform(Data data, XMLCryptoContext xc) throws TransformException {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java Tue Mar 05 08:24:58 2019 -0500 @@ -44,7 +44,6 @@ */ public final class DOMCanonicalXMLC14NMethod extends ApacheCanonicalizer { - @Override public void init(TransformParameterSpec params) throws InvalidAlgorithmParameterException { if (params != null) { @@ -53,7 +52,6 @@ } } - @Override public Data transform(Data data, XMLCryptoContext xc) throws TransformException {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java Tue Mar 05 08:24:58 2019 -0500 @@ -0,0 +1,101 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +/* + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + */ +/* + * $Id$ + */ +package org.jcp.xml.dsig.internal.dom; + +import java.math.BigInteger; +import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; + +import com.sun.org.apache.xml.internal.security.utils.XMLUtils; +import org.w3c.dom.Node; +import org.w3c.dom.Text; + +/** + * A DOM-based representation of the XML <code>CryptoBinary</code> simple type + * as defined in the W3C specification for XML-Signature Syntax and Processing. + * The XML Schema Definition is defined as: + * + * <xmp> + * <simpleType name="CryptoBinary"> + * <restriction base = "base64Binary"> + * </restriction> + * </simpleType> + * </xmp> + * + * @author Sean Mullan + */ +public final class DOMCryptoBinary extends DOMStructure { + + private final BigInteger bigNum; + private final String value; + + /** + * Create a <code>DOMCryptoBinary</code> instance from the specified + * <code>BigInteger</code> + * + * @param bigNum the arbitrary-length integer + * @throws NullPointerException if <code>bigNum</code> is <code>null</code> + */ + public DOMCryptoBinary(BigInteger bigNum) { + if (bigNum == null) { + throw new NullPointerException("bigNum is null"); + } + this.bigNum = bigNum; + // convert to bitstring + byte[] bytes = XMLUtils.getBytes(bigNum, bigNum.bitLength()); + value = XMLUtils.encodeToString(bytes); + } + + /** + * Creates a <code>DOMCryptoBinary</code> from a node. + * + * @param cbNode a CryptoBinary text node + * @throws MarshalException if value cannot be decoded (invalid format) + */ + public DOMCryptoBinary(Node cbNode) throws MarshalException { + value = cbNode.getNodeValue(); + try { + bigNum = new BigInteger(1, XMLUtils.decode(((Text) cbNode).getData())); + } catch (Exception ex) { + throw new MarshalException(ex); + } + } + + /** + * Returns the <code>BigInteger</code> that this object contains. + * + * @return the <code>BigInteger</code> that this object contains + */ + public BigInteger getBigNum() { + return bigNum; + } + + @Override + public void marshal(Node parent, String prefix, DOMCryptoContext context) + throws MarshalException { + parent.appendChild + (DOMUtils.getOwnerDocument(parent).createTextNode(value)); + } +}
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,18 +29,21 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.*; import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec; import java.security.InvalidAlgorithmParameterException; import java.security.spec.AlgorithmParameterSpec; +import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; /** * DOM-based abstract implementation of DigestMethod. * */ -public abstract class DOMDigestMethod extends BaseStructure +public abstract class DOMDigestMethod extends DOMStructure implements DigestMethod { static final String SHA224 = @@ -127,7 +130,6 @@ } } - @Override public final AlgorithmParameterSpec getParameterSpec() { return params; } @@ -155,17 +157,21 @@ * This method invokes the abstract {@link #marshalParams marshalParams} * method to marshal any algorithm-specific parameters. */ - public static void marshal(XmlWriter xwriter, DigestMethod digest, String prefix) + @Override + public void marshal(Node parent, String prefix, DOMCryptoContext context) throws MarshalException { - xwriter.writeStartElement(prefix, "DigestMethod", XMLSignature.XMLNS); - xwriter.writeAttribute("", "", "Algorithm", digest.getAlgorithm()); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + + Element dmElem = DOMUtils.createElement(ownerDoc, "DigestMethod", + XMLSignature.XMLNS, prefix); + DOMUtils.setAttribute(dmElem, "Algorithm", getAlgorithm()); - // this is totally over-engineered - nothing implements marshalParams. - if (digest.getParameterSpec() != null && digest instanceof DOMDigestMethod) { - ( (DOMDigestMethod) digest).marshalParams(xwriter, prefix); + if (params != null) { + marshalParams(dmElem, prefix); } - xwriter.writeEndElement(); // "DigestMethod" + + parent.appendChild(dmElem); } @Override @@ -206,7 +212,7 @@ * @param the namespace prefix to use * @throws MarshalException if the parameters cannot be marshalled */ - void marshalParams(XmlWriter xwriter, String prefix) + void marshalParams(Element parent, String prefix) throws MarshalException { throw new MarshalException("no parameters should " + @@ -228,11 +234,9 @@ SHA1(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return DigestMethod.SHA1; } - @Override String getMessageDigestAlgorithm() { return "SHA-1"; } @@ -264,11 +268,9 @@ SHA256(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return DigestMethod.SHA256; } - @Override String getMessageDigestAlgorithm() { return "SHA-256"; } @@ -282,11 +284,9 @@ SHA384(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return SHA384; } - @Override String getMessageDigestAlgorithm() { return "SHA-384"; } @@ -300,11 +300,9 @@ SHA512(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return DigestMethod.SHA512; } - @Override String getMessageDigestAlgorithm() { return "SHA-512"; }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java Tue Mar 05 08:24:58 2019 -0500 @@ -38,7 +38,6 @@ */ public final class DOMEnvelopedTransform extends ApacheTransform { - @Override public void init(TransformParameterSpec params) throws InvalidAlgorithmParameterException { if (params != null) {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java Tue Mar 05 08:24:58 2019 -0500 @@ -50,7 +50,6 @@ */ public final class DOMExcC14NMethod extends ApacheCanonicalizer { - @Override public void init(TransformParameterSpec params) throws InvalidAlgorithmParameterException { @@ -63,7 +62,6 @@ } } - @Override public void init(XMLStructure parent, XMLCryptoContext context) throws InvalidAlgorithmParameterException { @@ -109,12 +107,20 @@ return; } - XmlWriterToTree xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), transformElem); - - String prefix = - DOMUtils.getNSPrefix(context, CanonicalizationMethod.EXCLUSIVE); - xwriter.writeStartElement(prefix, "InclusiveNamespaces", CanonicalizationMethod.EXCLUSIVE); - xwriter.writeNamespace(prefix, CanonicalizationMethod.EXCLUSIVE); + String prefix = DOMUtils.getNSPrefix(context, + CanonicalizationMethod.EXCLUSIVE); + Element eElem = DOMUtils.createElement(ownerDoc, + "InclusiveNamespaces", + CanonicalizationMethod.EXCLUSIVE, + prefix); + if (prefix == null || prefix.length() == 0) { + eElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", + CanonicalizationMethod.EXCLUSIVE); + } else { + eElem.setAttributeNS("http://www.w3.org/2000/xmlns/", + "xmlns:" + prefix, + CanonicalizationMethod.EXCLUSIVE); + } ExcC14NParameterSpec params = (ExcC14NParameterSpec)spec; StringBuffer prefixListAttr = new StringBuffer(""); @@ -126,16 +132,15 @@ prefixListAttr.append(" "); } } - xwriter.writeAttribute("", "", "PrefixList", prefixListAttr.toString()); + DOMUtils.setAttribute(eElem, "PrefixList", prefixListAttr.toString()); this.inclusiveNamespaces = prefixListAttr.toString(); - xwriter.writeEndElement(); // "InclusiveNamespaces" + transformElem.appendChild(eElem); } public String getParamsNSURI() { return CanonicalizationMethod.EXCLUSIVE; } - @Override public Data transform(Data data, XMLCryptoContext xc) throws TransformException {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java Tue Mar 05 08:24:58 2019 -0500 @@ -42,6 +42,7 @@ import java.security.spec.AlgorithmParameterSpec; import javax.crypto.Mac; import javax.crypto.SecretKey; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.jcp.xml.dsig.internal.MacOutputStream; @@ -117,30 +118,32 @@ } } - @Override public final AlgorithmParameterSpec getParameterSpec() { return params; } - @Override SignatureMethodParameterSpec unmarshalParams(Element paramsElem) throws MarshalException { - outputLength = Integer.parseInt(textOfNode(paramsElem)); + outputLength = Integer.parseInt(paramsElem.getFirstChild().getNodeValue()); outputLengthSet = true; LOG.debug("unmarshalled outputLength: {}", outputLength); return new HMACParameterSpec(outputLength); } - @Override - void marshalParams(XmlWriter xwriter, String prefix) + void marshalParams(Element parent, String prefix) throws MarshalException { - xwriter.writeTextElement(prefix, "HMACOutputLength", XMLSignature.XMLNS, String.valueOf(outputLength)); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + Element hmacElem = DOMUtils.createElement(ownerDoc, "HMACOutputLength", + XMLSignature.XMLNS, prefix); + hmacElem.appendChild(ownerDoc.createTextNode + (String.valueOf(outputLength))); + + parent.appendChild(hmacElem); } - @Override - boolean verify(Key key, DOMSignedInfo si, byte[] sig, + boolean verify(Key key, SignedInfo si, byte[] sig, XMLValidateContext context) throws InvalidKeyException, SignatureException, XMLSignatureException { @@ -162,14 +165,13 @@ ("HMACOutputLength must not be less than " + getDigestLength()); } hmac.init(key); - si.canonicalize(context, new MacOutputStream(hmac)); + ((DOMSignedInfo)si).canonicalize(context, new MacOutputStream(hmac)); byte[] result = hmac.doFinal(); return MessageDigest.isEqual(sig, result); } - @Override - byte[] sign(Key key, DOMSignedInfo si, XMLSignContext context) + byte[] sign(Key key, SignedInfo si, XMLSignContext context) throws InvalidKeyException, XMLSignatureException { if (key == null || si == null) { @@ -190,11 +192,10 @@ ("HMACOutputLength must not be less than " + getDigestLength()); } hmac.init(key); - si.canonicalize(context, new MacOutputStream(hmac)); + ((DOMSignedInfo)si).canonicalize(context, new MacOutputStream(hmac)); return hmac.doFinal(); } - @Override boolean paramsEqual(AlgorithmParameterSpec spec) { if (getParameterSpec() == spec) { return true; @@ -207,7 +208,6 @@ return outputLength == ospec.getOutputLength(); } - @Override Type getAlgorithmType() { return Type.HMAC; } @@ -225,15 +225,12 @@ SHA1(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return SignatureMethod.HMAC_SHA1; } - @Override String getJCAAlgorithm() { return "HmacSHA1"; } - @Override int getDigestLength() { return 160; } @@ -269,15 +266,12 @@ SHA256(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return HMAC_SHA256; } - @Override String getJCAAlgorithm() { return "HmacSHA256"; } - @Override int getDigestLength() { return 256; } @@ -291,15 +285,12 @@ SHA384(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return HMAC_SHA384; } - @Override String getJCAAlgorithm() { return "HmacSHA384"; } - @Override int getDigestLength() { return 384; } @@ -313,15 +304,12 @@ SHA512(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return HMAC_SHA512; } - @Override String getJCAAlgorithm() { return "HmacSHA512"; } - @Override int getDigestLength() { return 512; }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java Tue Mar 05 08:24:58 2019 -0500 @@ -36,10 +36,13 @@ import javax.xml.crypto.MarshalException; import javax.xml.crypto.XMLCryptoContext; import javax.xml.crypto.XMLStructure; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.dom.DOMSignContext; import javax.xml.crypto.dsig.keyinfo.KeyInfo; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -47,7 +50,7 @@ * DOM-based implementation of KeyInfo. * */ -public final class DOMKeyInfo extends BaseStructure implements KeyInfo { +public final class DOMKeyInfo extends DOMStructure implements KeyInfo { private final String id; private final List<XMLStructure> keyInfoTypes; @@ -101,7 +104,14 @@ Provider provider) throws MarshalException { - id = DOMUtils.getIdAttributeValue(kiElem, "Id"); + // get Id attribute, if specified + Attr attr = kiElem.getAttributeNodeNS(null, "Id"); + if (attr != null) { + id = attr.getValue(); + kiElem.setIdAttributeNode(attr, true); + } else { + id = null; + } // get all children nodes List<XMLStructure> content = new ArrayList<>(); @@ -134,17 +144,14 @@ keyInfoTypes = Collections.unmodifiableList(content); } - @Override public String getId() { return id; } - @Override public List<XMLStructure> getContent() { return keyInfoTypes; } - @Override public void marshal(XMLStructure parent, XMLCryptoContext context) throws MarshalException { @@ -155,44 +162,62 @@ throw new ClassCastException("parent must be of type DOMStructure"); } - internalMarshal( (javax.xml.crypto.dom.DOMStructure) parent, context); - } - - private void internalMarshal(javax.xml.crypto.dom.DOMStructure parent, XMLCryptoContext context) - throws MarshalException { - Node pNode = parent.getNode(); + Node pNode = ((javax.xml.crypto.dom.DOMStructure)parent).getNode(); String dsPrefix = DOMUtils.getSignaturePrefix(context); + Element kiElem = DOMUtils.createElement + (DOMUtils.getOwnerDocument(pNode), "KeyInfo", + XMLSignature.XMLNS, dsPrefix); + if (dsPrefix == null || dsPrefix.length() == 0) { + kiElem.setAttributeNS("http://www.w3.org/2000/xmlns/", + "xmlns", XMLSignature.XMLNS); + } else { + kiElem.setAttributeNS("http://www.w3.org/2000/xmlns/", + "xmlns:" + dsPrefix, XMLSignature.XMLNS); + } Node nextSibling = null; if (context instanceof DOMSignContext) { nextSibling = ((DOMSignContext)context).getNextSibling(); } - - XmlWriterToTree xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), pNode, nextSibling); - marshalInternal(xwriter, this, dsPrefix, context, true); + marshal(pNode, kiElem, nextSibling, dsPrefix, (DOMCryptoContext)context); } - public static void marshal(XmlWriter xwriter, KeyInfo ki, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - marshalInternal(xwriter, ki, dsPrefix, context, false); + @Override + public void marshal(Node parent, String dsPrefix, + DOMCryptoContext context) + throws MarshalException + { + marshal(parent, null, dsPrefix, context); } - private static void marshalInternal(XmlWriter xwriter, KeyInfo ki, - String dsPrefix, XMLCryptoContext context, boolean declareNamespace) throws MarshalException { + public void marshal(Node parent, Node nextSibling, String dsPrefix, + DOMCryptoContext context) + throws MarshalException + { + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + Element kiElem = DOMUtils.createElement(ownerDoc, "KeyInfo", + XMLSignature.XMLNS, dsPrefix); + marshal(parent, kiElem, nextSibling, dsPrefix, context); + } - xwriter.writeStartElement(dsPrefix, "KeyInfo", XMLSignature.XMLNS); - if (declareNamespace) { - xwriter.writeNamespace(dsPrefix, XMLSignature.XMLNS); + private void marshal(Node parent, Element kiElem, Node nextSibling, + String dsPrefix, DOMCryptoContext context) + throws MarshalException + { + // create and append KeyInfoType elements + for (XMLStructure kiType : keyInfoTypes) { + if (kiType instanceof DOMStructure) { + ((DOMStructure)kiType).marshal(kiElem, dsPrefix, context); + } else { + DOMUtils.appendChild(kiElem, + ((javax.xml.crypto.dom.DOMStructure)kiType).getNode()); + } } - xwriter.writeIdAttribute("", "", "Id", ki.getId()); - // create and append KeyInfoType elements - List<XMLStructure> keyInfoTypes = getContent(ki); - for (XMLStructure kiType : keyInfoTypes) { - xwriter.marshalStructure(kiType, dsPrefix, context); - } + // append id attribute + DOMUtils.setAttributeID(kiElem, "Id", id); - xwriter.writeEndElement(); // "KeyInfo" + parent.insertBefore(kiElem, nextSibling); } @Override
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java Tue Mar 05 08:24:58 2019 -0500 @@ -31,15 +31,24 @@ import java.math.BigInteger; import java.security.KeyException; import java.security.PublicKey; +import java.security.interfaces.ECPublicKey; import java.security.interfaces.DSAPublicKey; -import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPublicKey; import java.util.List; -import javax.xml.crypto.*; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.URIDereferencer; +import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.XMLSignature; -import javax.xml.crypto.dsig.keyinfo.*; +import javax.xml.crypto.dsig.keyinfo.KeyInfo; +import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory; +import javax.xml.crypto.dsig.keyinfo.KeyName; +import javax.xml.crypto.dsig.keyinfo.KeyValue; +import javax.xml.crypto.dsig.keyinfo.PGPData; +import javax.xml.crypto.dsig.keyinfo.RetrievalMethod; +import javax.xml.crypto.dsig.keyinfo.X509Data; +import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -53,24 +62,20 @@ public DOMKeyInfoFactory() { } - @Override @SuppressWarnings("rawtypes") public KeyInfo newKeyInfo(List content) { return newKeyInfo(content, null); } - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public KeyInfo newKeyInfo(List content, String id) { return new DOMKeyInfo(content, id); } - @Override public KeyName newKeyName(String name) { return new DOMKeyName(name); } - @Override public KeyValue newKeyValue(PublicKey key) throws KeyException { String algorithm = key.getAlgorithm(); if ("DSA".equals(algorithm)) { @@ -84,30 +89,25 @@ } } - @Override public PGPData newPGPData(byte[] keyId) { return newPGPData(keyId, null, null); } - @Override @SuppressWarnings({ "rawtypes", "unchecked" }) public PGPData newPGPData(byte[] keyId, byte[] keyPacket, List other) { return new DOMPGPData(keyId, keyPacket, other); } - @Override - @SuppressWarnings({ "unchecked", "rawtypes" }) + @SuppressWarnings({ "rawtypes", "unchecked" }) public PGPData newPGPData(byte[] keyPacket, List other) { return new DOMPGPData(keyPacket, other); } - @Override public RetrievalMethod newRetrievalMethod(String uri) { return newRetrievalMethod(uri, null, null); } - @Override - @SuppressWarnings({ "unchecked", "rawtypes" }) + @SuppressWarnings({ "rawtypes", "unchecked" }) public RetrievalMethod newRetrievalMethod(String uri, String type, List transforms) { if (uri == null) { @@ -116,8 +116,7 @@ return new DOMRetrievalMethod(uri, type, transforms); } - @Override - @SuppressWarnings("rawtypes") + @SuppressWarnings({ "rawtypes" }) public X509Data newX509Data(List content) { return new DOMX509Data(content); } @@ -128,7 +127,6 @@ return new DOMX509IssuerSerial(issuerName, serialNumber); } - @Override public boolean isFeatureSupported(String feature) { if (feature == null) { throw new NullPointerException(); @@ -137,7 +135,6 @@ } } - @Override public URIDereferencer getURIDereferencer() { return DOMURIDereferencer.INSTANCE; }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java Tue Mar 05 08:24:58 2019 -0500 @@ -28,15 +28,20 @@ */ package org.jcp.xml.dsig.internal.dom; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dom.DOMCryptoContext; +import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.keyinfo.KeyName; +import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; /** * DOM-based implementation of KeyName. * */ -public final class DOMKeyName extends BaseStructure implements KeyName { +public final class DOMKeyName extends DOMStructure implements KeyName { private final String name; @@ -59,12 +64,23 @@ * @param knElem a KeyName element */ public DOMKeyName(Element knElem) { - name = textOfNode(knElem); + name = knElem.getFirstChild().getNodeValue(); + } + + public String getName() { + return name; } @Override - public String getName() { - return name; + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) + throws MarshalException + { + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + // prepend namespace prefix, if necessary + Element knElem = DOMUtils.createElement(ownerDoc, "KeyName", + XMLSignature.XMLNS, dsPrefix); + knElem.appendChild(ownerDoc.createTextNode(name)); + parent.appendChild(knElem); } @Override
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,6 +29,7 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.*; import javax.xml.crypto.dsig.keyinfo.KeyValue; @@ -53,16 +54,17 @@ import java.security.spec.KeySpec; import java.security.spec.RSAPublicKeySpec; import java.util.Arrays; -import java.util.Base64; import com.sun.org.apache.xml.internal.security.utils.XMLUtils; +import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; /** * DOM-based implementation of KeyValue. * */ -public abstract class DOMKeyValue<K extends PublicKey> extends BaseStructure implements KeyValue { +public abstract class DOMKeyValue<K extends PublicKey> extends DOMStructure implements KeyValue { private static final String XMLDSIG_11_XMLNS = "http://www.w3.org/2009/xmldsig11#"; @@ -102,7 +104,6 @@ } } - @Override public PublicKey getPublicKey() throws KeyException { if (publicKey == null) { throw new KeyException("can't convert KeyValue to PublicKey"); @@ -111,17 +112,22 @@ } } - public void marshal(XmlWriter xwriter, String dsPrefix, XMLCryptoContext context) + @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + // create KeyValue element - xwriter.writeStartElement(dsPrefix, "KeyValue", XMLSignature.XMLNS); - marshalPublicKey(xwriter, publicKey, dsPrefix, context); - xwriter.writeEndElement(); // "KeyValue" + Element kvElem = DOMUtils.createElement(ownerDoc, "KeyValue", + XMLSignature.XMLNS, dsPrefix); + marshalPublicKey(kvElem, ownerDoc, dsPrefix, context); + + parent.appendChild(kvElem); } - abstract void marshalPublicKey(XmlWriter xwriter, K key, String dsPrefix, - XMLCryptoContext context) throws MarshalException; + abstract void marshalPublicKey(Node parent, Document doc, String dsPrefix, + DOMCryptoContext context) throws MarshalException; abstract K unmarshalKeyValue(Element kvtElem) throws MarshalException; @@ -162,25 +168,13 @@ public static BigInteger decode(Element elem) throws MarshalException { try { - String base64str = BaseStructure.textOfNode(elem); - return new BigInteger(1, Base64.getMimeDecoder().decode(base64str)); + String base64str = elem.getFirstChild().getNodeValue(); + return new BigInteger(1, XMLUtils.decode(base64str)); } catch (Exception ex) { throw new MarshalException(ex); } } - public static void writeBase64BigIntegerElement( - XmlWriter xwriter, String prefix, String localName, String namespaceURI, BigInteger value - ) { - byte[] bytes = XMLUtils.getBytes(value, value.bitLength()); - xwriter.writeTextElement(prefix, localName, namespaceURI, Base64.getMimeEncoder().encodeToString(bytes)); - } - - public static void marshal(XmlWriter xwriter, BigInteger bigNum) { - byte[] bytes = XMLUtils.getBytes(bigNum, bigNum.bitLength()); - xwriter.writeCharacters(Base64.getMimeEncoder().encodeToString(bytes)); - } - @Override public int hashCode() { int result = 17; @@ -193,25 +187,36 @@ static final class RSA extends DOMKeyValue<RSAPublicKey> { // RSAKeyValue CryptoBinaries + private DOMCryptoBinary modulus, exponent; private KeyFactory rsakf; RSA(RSAPublicKey key) throws KeyException { super(key); + RSAPublicKey rkey = key; + exponent = new DOMCryptoBinary(rkey.getPublicExponent()); + modulus = new DOMCryptoBinary(rkey.getModulus()); } RSA(Element elem) throws MarshalException { super(elem); } - @Override - void marshalPublicKey(XmlWriter xwriter, RSAPublicKey publicKey, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - xwriter.writeStartElement(dsPrefix, "RSAKeyValue", XMLSignature.XMLNS); - - writeBase64BigIntegerElement(xwriter, dsPrefix, "Modulus", XMLSignature.XMLNS, publicKey.getModulus()); - writeBase64BigIntegerElement(xwriter, dsPrefix, "Exponent", XMLSignature.XMLNS, publicKey.getPublicExponent()); - - xwriter.writeEndElement(); // "RSAKeyValue" + void marshalPublicKey(Node parent, Document doc, String dsPrefix, + DOMCryptoContext context) throws MarshalException { + Element rsaElem = DOMUtils.createElement(doc, "RSAKeyValue", + XMLSignature.XMLNS, + dsPrefix); + Element modulusElem = DOMUtils.createElement(doc, "Modulus", + XMLSignature.XMLNS, + dsPrefix); + Element exponentElem = DOMUtils.createElement(doc, "Exponent", + XMLSignature.XMLNS, + dsPrefix); + modulus.marshal(modulusElem, dsPrefix, context); + exponent.marshal(exponentElem, dsPrefix, context); + rsaElem.appendChild(modulusElem); + rsaElem.appendChild(exponentElem); + parent.appendChild(rsaElem); } @Override @@ -241,10 +246,17 @@ static final class DSA extends DOMKeyValue<DSAPublicKey> { // DSAKeyValue CryptoBinaries + private DOMCryptoBinary p, q, g, y; //, seed, pgen; private KeyFactory dsakf; DSA(DSAPublicKey key) throws KeyException { super(key); + DSAPublicKey dkey = key; + DSAParams params = dkey.getParams(); + p = new DOMCryptoBinary(params.getP()); + q = new DOMCryptoBinary(params.getQ()); + g = new DOMCryptoBinary(params.getG()); + y = new DOMCryptoBinary(dkey.getY()); } DSA(Element elem) throws MarshalException { @@ -252,21 +264,31 @@ } @Override - void marshalPublicKey(XmlWriter xwriter, DSAPublicKey publicKey, String dsPrefix, - XMLCryptoContext context) + void marshalPublicKey(Node parent, Document doc, String dsPrefix, + DOMCryptoContext context) throws MarshalException { - DSAParams params = publicKey.getParams(); - - xwriter.writeStartElement(dsPrefix, "DSAKeyValue", XMLSignature.XMLNS); - + Element dsaElem = DOMUtils.createElement(doc, "DSAKeyValue", + XMLSignature.XMLNS, + dsPrefix); // parameters J, Seed & PgenCounter are not included - writeBase64BigIntegerElement(xwriter, dsPrefix, "P", XMLSignature.XMLNS, params.getP()); - writeBase64BigIntegerElement(xwriter, dsPrefix, "Q", XMLSignature.XMLNS, params.getQ()); - writeBase64BigIntegerElement(xwriter, dsPrefix, "G", XMLSignature.XMLNS, params.getG()); - writeBase64BigIntegerElement(xwriter, dsPrefix, "Y", XMLSignature.XMLNS, publicKey.getY() ); - - xwriter.writeEndElement(); // "DSAKeyValue" + Element pElem = DOMUtils.createElement(doc, "P", XMLSignature.XMLNS, + dsPrefix); + Element qElem = DOMUtils.createElement(doc, "Q", XMLSignature.XMLNS, + dsPrefix); + Element gElem = DOMUtils.createElement(doc, "G", XMLSignature.XMLNS, + dsPrefix); + Element yElem = DOMUtils.createElement(doc, "Y", XMLSignature.XMLNS, + dsPrefix); + p.marshal(pElem, dsPrefix, context); + q.marshal(qElem, dsPrefix, context); + g.marshal(gElem, dsPrefix, context); + y.marshal(yElem, dsPrefix, context); + dsaElem.appendChild(pElem); + dsaElem.appendChild(qElem); + dsaElem.appendChild(gElem); + dsaElem.appendChild(yElem); + parent.appendChild(dsaElem); } @Override @@ -316,8 +338,7 @@ } static final class EC extends DOMKeyValue<ECPublicKey> { - - // ECKeyValue CryptoBinaries + // ECKeyValue CryptoBinaries private byte[] ecPublicKey; private KeyFactory eckf; private ECParameterSpec ecParams; @@ -460,27 +481,35 @@ } @Override - void marshalPublicKey(XmlWriter xwriter, ECPublicKey publicKey, String dsPrefix, - XMLCryptoContext context) + void marshalPublicKey(Node parent, Document doc, String dsPrefix, + DOMCryptoContext context) throws MarshalException { String prefix = DOMUtils.getNSPrefix(context, XMLDSIG_11_XMLNS); - xwriter.writeStartElement(prefix, "ECKeyValue", XMLDSIG_11_XMLNS); - - xwriter.writeStartElement(prefix, "NamedCurve", XMLDSIG_11_XMLNS); - xwriter.writeNamespace(prefix, XMLDSIG_11_XMLNS); + Element ecKeyValueElem = DOMUtils.createElement(doc, "ECKeyValue", + XMLDSIG_11_XMLNS, + prefix); + Element namedCurveElem = DOMUtils.createElement(doc, "NamedCurve", + XMLDSIG_11_XMLNS, + prefix); + Element publicKeyElem = DOMUtils.createElement(doc, "PublicKey", + XMLDSIG_11_XMLNS, + prefix); String oid = getCurveOid(ecParams); if (oid == null) { throw new MarshalException("Invalid ECParameterSpec"); } - xwriter.writeAttribute("", "", "URI", "urn:oid:" + oid); - xwriter.writeEndElement(); - - xwriter.writeStartElement(prefix, "PublicKey", XMLDSIG_11_XMLNS); - String encoded = Base64.getMimeEncoder().encodeToString(ecPublicKey); - xwriter.writeCharacters(encoded); - xwriter.writeEndElement(); // "PublicKey" - xwriter.writeEndElement(); // "ECKeyValue" + DOMUtils.setAttribute(namedCurveElem, "URI", "urn:oid:" + oid); + String qname = (prefix == null || prefix.length() == 0) + ? "xmlns" : "xmlns:" + prefix; + namedCurveElem.setAttributeNS("http://www.w3.org/2000/xmlns/", + qname, XMLDSIG_11_XMLNS); + ecKeyValueElem.appendChild(namedCurveElem); + String encoded = XMLUtils.encodeToString(ecPublicKey); + publicKeyElem.appendChild + (DOMUtils.getOwnerDocument(publicKeyElem).createTextNode(encoded)); + ecKeyValueElem.appendChild(publicKeyElem); + parent.appendChild(ecKeyValueElem); } @Override @@ -526,7 +555,7 @@ try { String content = XMLUtils.getFullTextChildrenFromElement(curElem); - ecPoint = decodePoint(Base64.getMimeDecoder().decode(content), + ecPoint = decodePoint(XMLUtils.decode(content), ecParams.getCurve()); } catch (IOException ioe) { throw new MarshalException("Invalid EC Point", ioe); @@ -574,21 +603,23 @@ } static final class Unknown extends DOMKeyValue<PublicKey> { - private XMLStructure externalPublicKey; + private javax.xml.crypto.dom.DOMStructure externalPublicKey; Unknown(Element elem) throws MarshalException { super(elem); } + @Override PublicKey unmarshalKeyValue(Element kvElem) throws MarshalException { externalPublicKey = new javax.xml.crypto.dom.DOMStructure(kvElem); return null; } + @Override - void marshalPublicKey(XmlWriter xwriter, PublicKey publicKey, String dsPrefix, - XMLCryptoContext context) + void marshalPublicKey(Node parent, Document doc, String dsPrefix, + DOMCryptoContext context) throws MarshalException { - xwriter.marshalStructure(externalPublicKey, dsPrefix, context); + parent.appendChild(externalPublicKey.getNode()); } } }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,18 +29,21 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.*; import java.security.Provider; import java.util.*; +import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; /** * DOM-based implementation of Manifest. * */ -public final class DOMManifest extends BaseStructure implements Manifest { +public final class DOMManifest extends DOMStructure implements Manifest { private final List<Reference> references; private final String id; @@ -58,7 +61,7 @@ * @throws ClassCastException if {@code references} contains any * entries that are not of type {@link Reference} */ - public DOMManifest(List<DOMReference> references, String id) { + public DOMManifest(List<? extends Reference> references, String id) { if (references == null) { throw new NullPointerException("references cannot be null"); } @@ -114,7 +117,6 @@ this.references = Collections.unmodifiableList(refs); } - @Override public String getId() { return id; } @@ -129,18 +131,21 @@ return references; } - public static void marshal(XmlWriter xwriter, Manifest manif, String dsPrefix, XMLCryptoContext context) - throws MarshalException { - xwriter.writeStartElement(dsPrefix, "Manifest", XMLSignature.XMLNS); - xwriter.writeIdAttribute("", "", "Id", manif.getId()); + @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) + throws MarshalException + { + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + Element manElem = DOMUtils.createElement(ownerDoc, "Manifest", + XMLSignature.XMLNS, dsPrefix); + + DOMUtils.setAttributeID(manElem, "Id", id); // add references - @SuppressWarnings("unchecked") - List<Reference> references = manif.getReferences(); for (Reference ref : references) { - ((DOMReference)ref).marshal(xwriter, dsPrefix, context); + ((DOMReference)ref).marshal(manElem, dsPrefix, context); } - xwriter.writeEndElement(); // "Manifest" + parent.appendChild(manElem); } @Override
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java Tue Mar 05 08:24:58 2019 -0500 @@ -31,9 +31,11 @@ import java.util.*; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.keyinfo.PGPData; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -43,7 +45,7 @@ * DOM-based implementation of PGPData. * */ -public final class DOMPGPData extends BaseStructure implements PGPData { +public final class DOMPGPData extends DOMStructure implements PGPData { private final byte[] keyId; private final byte[] keyPacket; @@ -156,10 +158,10 @@ String namespace = childElem.getNamespaceURI(); if ("PGPKeyID".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { String content = XMLUtils.getFullTextChildrenFromElement(childElem); - pgpKeyId = Base64.getMimeDecoder().decode(content); + pgpKeyId = XMLUtils.decode(content); } else if ("PGPKeyPacket".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { String content = XMLUtils.getFullTextChildrenFromElement(childElem); - pgpKeyPacket = Base64.getMimeDecoder().decode(content); + pgpKeyPacket = XMLUtils.decode(content); } else { other.add (new javax.xml.crypto.dom.DOMStructure(childElem)); @@ -172,21 +174,56 @@ this.externalElements = Collections.unmodifiableList(other); } - @Override public byte[] getKeyId() { return keyId == null ? null : keyId.clone(); } - @Override public byte[] getKeyPacket() { return keyPacket == null ? null : keyPacket.clone(); } - @Override public List<XMLStructure> getExternalElements() { return externalElements; } + @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) + throws MarshalException + { + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + Element pdElem = DOMUtils.createElement(ownerDoc, "PGPData", + XMLSignature.XMLNS, dsPrefix); + + // create and append PGPKeyID element + if (keyId != null) { + Element keyIdElem = DOMUtils.createElement(ownerDoc, "PGPKeyID", + XMLSignature.XMLNS, + dsPrefix); + keyIdElem.appendChild + (ownerDoc.createTextNode(XMLUtils.encodeToString(keyId))); + pdElem.appendChild(keyIdElem); + } + + // create and append PGPKeyPacket element + if (keyPacket != null) { + Element keyPktElem = DOMUtils.createElement(ownerDoc, + "PGPKeyPacket", + XMLSignature.XMLNS, + dsPrefix); + keyPktElem.appendChild + (ownerDoc.createTextNode(XMLUtils.encodeToString(keyPacket))); + pdElem.appendChild(keyPktElem); + } + + // create and append any elements + for (XMLStructure extElem : externalElements) { + DOMUtils.appendChild(pdElem, ((javax.xml.crypto.dom.DOMStructure) + extElem).getNode()); + } + + parent.appendChild(pdElem); + } + /** * We assume packets use the new format packet syntax, as specified in * section 4 of RFC 2440.
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java Tue Mar 05 08:24:58 2019 -0500 @@ -37,6 +37,7 @@ import javax.xml.crypto.*; import javax.xml.crypto.dsig.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dom.DOMURIReference; import java.io.*; @@ -46,6 +47,7 @@ import java.util.*; import org.w3c.dom.Attr; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -54,6 +56,7 @@ import org.jcp.xml.dsig.internal.DigesterOutputStream; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream; +import com.sun.org.apache.xml.internal.security.utils.XMLUtils; /** * DOM-based implementation of Reference. @@ -242,7 +245,7 @@ // unmarshal DigestValue Element dvElem = DOMUtils.getNextSiblingElement(dmElem, "DigestValue", XMLSignature.XMLNS); String content = XMLUtils.getFullTextChildrenFromElement(dvElem); - this.digestValue = Base64.getMimeDecoder().decode(content); + this.digestValue = XMLUtils.decode(content); // check for extra elements if (DOMUtils.getNextSiblingElement(dvElem) != null) { @@ -252,7 +255,14 @@ // unmarshal attributes this.uri = DOMUtils.getAttributeValue(refElem, "URI"); - this.id = DOMUtils.getIdAttributeValue(refElem, "Id"); + + Attr attr = refElem.getAttributeNodeNS(null, "Id"); + if (attr != null) { + this.id = attr.getValue(); + refElem.setIdAttributeNode(attr, true); + } else { + this.id = null; + } this.type = DOMUtils.getAttributeValue(refElem, "Type"); this.here = refElem.getAttributeNodeNS(null, "URI"); @@ -263,76 +273,80 @@ this.provider = provider; } - @Override public DigestMethod getDigestMethod() { return digestMethod; } - @Override public String getId() { return id; } - @Override public String getURI() { return uri; } - @Override public String getType() { return type; } - @Override public List<Transform> getTransforms() { return Collections.unmodifiableList(allTransforms); } - @Override public byte[] getDigestValue() { return digestValue == null ? null : digestValue.clone(); } - @Override public byte[] getCalculatedDigestValue() { return calcDigestValue == null ? null : calcDigestValue.clone(); } @Override - public void marshal(XmlWriter xwriter, String dsPrefix, XMLCryptoContext context) + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { LOG.debug("Marshalling Reference"); - xwriter.writeStartElement(dsPrefix, "Reference", XMLSignature.XMLNS); - XMLStructure refStruct = xwriter.getCurrentNodeAsStructure(); - refElem = (Element) ((javax.xml.crypto.dom.DOMStructure) refStruct).getNode(); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + refElem = DOMUtils.createElement(ownerDoc, "Reference", + XMLSignature.XMLNS, dsPrefix); // set attributes - xwriter.writeIdAttribute("", "", "Id", id); - here = xwriter.writeAttribute("", "", "URI", uri); - xwriter.writeAttribute("", "", "Type", type); + DOMUtils.setAttributeID(refElem, "Id", id); + DOMUtils.setAttribute(refElem, "URI", uri); + DOMUtils.setAttribute(refElem, "Type", type); // create and append Transforms element if (!allTransforms.isEmpty()) { - xwriter.writeStartElement(dsPrefix, "Transforms", XMLSignature.XMLNS); + Element transformsElem = DOMUtils.createElement(ownerDoc, + "Transforms", + XMLSignature.XMLNS, + dsPrefix); + refElem.appendChild(transformsElem); for (Transform transform : allTransforms) { - xwriter.marshalStructure(transform, dsPrefix, context); + ((DOMStructure)transform).marshal(transformsElem, + dsPrefix, context); } - xwriter.writeEndElement(); // "Transforms" } // create and append DigestMethod element - DOMDigestMethod.marshal(xwriter, digestMethod, dsPrefix); + ((DOMDigestMethod)digestMethod).marshal(refElem, dsPrefix, context); // create and append DigestValue element LOG.debug("Adding digestValueElem"); - xwriter.writeStartElement(dsPrefix, "DigestValue", XMLSignature.XMLNS); + Element digestValueElem = DOMUtils.createElement(ownerDoc, + "DigestValue", + XMLSignature.XMLNS, + dsPrefix); if (digestValue != null) { - xwriter.writeCharacters(Base64.getMimeEncoder().encodeToString(digestValue)); + digestValueElem.appendChild + (ownerDoc.createTextNode(XMLUtils.encodeToString(digestValue))); + } - xwriter.writeEndElement(); // "DigestValue" - xwriter.writeEndElement(); // "Reference" + refElem.appendChild(digestValueElem); + + parent.appendChild(refElem); + here = refElem.getAttributeNodeNS(null, "URI"); } public void digest(XMLSignContext signContext) @@ -347,7 +361,7 @@ digestValue = transform(data, signContext); // insert digestValue into DigestValue element - String encodedDV = Base64.getMimeEncoder().encodeToString(digestValue); + String encodedDV = XMLUtils.encodeToString(digestValue); LOG.debug("Reference object uri = {}", uri); Element digestElem = DOMUtils.getLastChildElement(refElem); if (digestElem == null) { @@ -361,7 +375,6 @@ LOG.debug("Reference digesting completed"); } - @Override public boolean validate(XMLValidateContext validateContext) throws XMLSignatureException { @@ -375,8 +388,8 @@ calcDigestValue = transform(data, validateContext); if (LOG.isDebugEnabled()) { - LOG.debug("Expected digest: " + Base64.getMimeEncoder().encodeToString(digestValue)); - LOG.debug("Actual digest: " + Base64.getMimeEncoder().encodeToString(calcDigestValue)); + LOG.debug("Expected digest: " + XMLUtils.encodeToString(digestValue)); + LOG.debug("Actual digest: " + XMLUtils.encodeToString(calcDigestValue)); } validationStatus = Arrays.equals(digestValue, calcDigestValue); @@ -384,12 +397,10 @@ return validationStatus; } - @Override public Data getDereferencedData() { return derefData; } - @Override public InputStream getDigestInputStream() { return dis; } @@ -516,8 +527,8 @@ } else { transformsElem = DOMUtils.getFirstChildElement(refElem); } - XmlWriter xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), transformsElem); - t.marshal(xwriter, dsPrefix, context); + t.marshal(transformsElem, dsPrefix, + (DOMCryptoContext)context); allTransforms.add(t); xi.updateOutputStream(os, true); } else { @@ -550,7 +561,6 @@ } } - @Override public Node getHere() { return here; } @@ -614,7 +624,6 @@ try { final Set<Node> s = xsi.getNodeSet(); return new NodeSetData() { - @Override public Iterator<Node> iterator() { return s.iterator(); } }; } catch (Exception e) {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java Tue Mar 05 08:24:58 2019 -0500 @@ -52,6 +52,7 @@ import javax.xml.crypto.URIReferenceException; import javax.xml.crypto.XMLCryptoContext; import javax.xml.crypto.XMLStructure; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dom.DOMURIReference; import javax.xml.crypto.dsig.Transform; import javax.xml.crypto.dsig.XMLSignature; @@ -179,50 +180,53 @@ } } - @Override public String getURI() { return uri; } - @Override public String getType() { return type; } - @Override public List<Transform> getTransforms() { return transforms; } @Override - public void marshal(XmlWriter xwriter, String dsPrefix, XMLCryptoContext context) + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { - xwriter.writeStartElement(dsPrefix, "RetrievalMethod", XMLSignature.XMLNS); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + Element rmElem = DOMUtils.createElement(ownerDoc, "RetrievalMethod", + XMLSignature.XMLNS, dsPrefix); - // TODO - see whether it is important to capture the "here" attribute as part of the - // marshalling - do any of the tests fail? // add URI and Type attributes - here = xwriter.writeAttribute("", "", "URI", uri); - xwriter.writeAttribute("", "", "Type", type); + DOMUtils.setAttribute(rmElem, "URI", uri); + DOMUtils.setAttribute(rmElem, "Type", type); // add Transforms elements if (!transforms.isEmpty()) { - xwriter.writeStartElement(dsPrefix, "Transforms", XMLSignature.XMLNS); + Element transformsElem = DOMUtils.createElement(ownerDoc, + "Transforms", + XMLSignature.XMLNS, + dsPrefix); + rmElem.appendChild(transformsElem); for (Transform transform : transforms) { - ((DOMTransform)transform).marshal(xwriter, dsPrefix, context); + ((DOMTransform)transform).marshal(transformsElem, + dsPrefix, context); } - xwriter.writeEndElement(); // "Transforms" } - xwriter.writeEndElement(); // "RetrievalMethod" + + parent.appendChild(rmElem); + + // save here node + here = rmElem.getAttributeNodeNS(null, "URI"); } - @Override public Node getHere() { return here; } - @Override public Data dereference(XMLCryptoContext context) throws URIReferenceException { @@ -244,7 +248,7 @@ // pass dereferenced data through Transforms try { for (Transform transform : transforms) { - data = transform.transform(data, context); + data = ((DOMTransform)transform).transform(data, context); } } catch (Exception e) { throw new URIReferenceException(e);
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java Tue Mar 05 08:24:58 2019 -0500 @@ -196,7 +196,6 @@ } } - @Override public final AlgorithmParameterSpec getParameterSpec() { return params; } @@ -218,8 +217,7 @@ : Signature.getInstance(getJCAAlgorithm(), p); } - @Override - boolean verify(Key key, DOMSignedInfo si, byte[] sig, + boolean verify(Key key, SignedInfo si, byte[] sig, XMLValidateContext context) throws InvalidKeyException, SignatureException, XMLSignatureException { @@ -247,7 +245,7 @@ LOG.debug("Signature Bytes length: {}", sig.length); try (SignerOutputStream outputStream = new SignerOutputStream(signature)) { - si.canonicalize(context, outputStream); + ((DOMSignedInfo)si).canonicalize(context, outputStream); Type type = getAlgorithmType(); if (type == Type.DSA) { int size = ((DSAKey)key).getParams().getQ().bitLength(); @@ -292,8 +290,7 @@ } } - @Override - byte[] sign(Key key, DOMSignedInfo si, XMLSignContext context) + byte[] sign(Key key, SignedInfo si, XMLSignContext context) throws InvalidKeyException, XMLSignatureException { if (key == null || si == null) { @@ -319,7 +316,7 @@ LOG.debug("JCA Algorithm: {}", getJCAAlgorithm()); try (SignerOutputStream outputStream = new SignerOutputStream(signature)) { - si.canonicalize(context, outputStream); + ((DOMSignedInfo)si).canonicalize(context, outputStream); Type type = getAlgorithmType(); if (type == Type.DSA) { int size = ((DSAKey)key).getParams().getQ().bitLength(); @@ -401,15 +398,12 @@ SHA224withRSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return RSA_SHA224; } - @Override String getJCAAlgorithm() { return "SHA224withRSA"; } - @Override Type getAlgorithmType() { return Type.RSA; } @@ -423,15 +417,12 @@ SHA256withRSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return RSA_SHA256; } - @Override String getJCAAlgorithm() { return "SHA256withRSA"; } - @Override Type getAlgorithmType() { return Type.RSA; } @@ -445,15 +436,12 @@ SHA384withRSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return RSA_SHA384; } - @Override String getJCAAlgorithm() { return "SHA384withRSA"; } - @Override Type getAlgorithmType() { return Type.RSA; } @@ -467,15 +455,12 @@ SHA512withRSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return RSA_SHA512; } - @Override String getJCAAlgorithm() { return "SHA512withRSA"; } - @Override Type getAlgorithmType() { return Type.RSA; } @@ -688,15 +673,12 @@ SHA1withDSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return SignatureMethod.DSA_SHA1; } - @Override String getJCAAlgorithm() { return "SHA1withDSA"; } - @Override Type getAlgorithmType() { return Type.DSA; } @@ -729,15 +711,12 @@ SHA1withECDSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return ECDSA_SHA1; } - @Override String getJCAAlgorithm() { return "SHA1withECDSA"; } - @Override Type getAlgorithmType() { return Type.ECDSA; } @@ -773,15 +752,12 @@ SHA256withECDSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return ECDSA_SHA256; } - @Override String getJCAAlgorithm() { return "SHA256withECDSA"; } - @Override Type getAlgorithmType() { return Type.ECDSA; } @@ -795,15 +771,12 @@ SHA384withECDSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return ECDSA_SHA384; } - @Override String getJCAAlgorithm() { return "SHA384withECDSA"; } - @Override Type getAlgorithmType() { return Type.ECDSA; } @@ -817,15 +790,12 @@ SHA512withECDSA(Element dmElem) throws MarshalException { super(dmElem); } - @Override public String getAlgorithm() { return ECDSA_SHA512; } - @Override String getJCAAlgorithm() { return "SHA512withECDSA"; } - @Override Type getAlgorithmType() { return Type.ECDSA; }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,10 +29,13 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.*; import java.util.*; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -40,7 +43,7 @@ * DOM-based implementation of SignatureProperties. * */ -public final class DOMSignatureProperties extends BaseStructure +public final class DOMSignatureProperties extends DOMStructure implements SignatureProperties { private final String id; @@ -58,7 +61,7 @@ * @throws IllegalArgumentException if {@code properties} is empty * @throws NullPointerException if {@code properties} */ - public DOMSignatureProperties(List<DOMSignatureProperty> properties, + public DOMSignatureProperties(List<? extends SignatureProperty> properties, String id) { if (properties == null) { @@ -88,7 +91,13 @@ throws MarshalException { // unmarshal attributes - id = DOMUtils.getIdAttributeValue(propsElem, "Id"); + Attr attr = propsElem.getAttributeNodeNS(null, "Id"); + if (attr != null) { + id = attr.getValue(); + propsElem.setIdAttributeNode(attr, true); + } else { + id = null; + } List<SignatureProperty> newProperties = new ArrayList<>(); Node firstChild = propsElem.getFirstChild(); @@ -111,32 +120,34 @@ } } - @Override public List<SignatureProperty> getProperties() { return properties; } - @Override public String getId() { return id; } - public static void marshal(XmlWriter xwriter, SignatureProperties sigProps, String dsPrefix, XMLCryptoContext context) + @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { - xwriter.writeStartElement(dsPrefix, "SignatureProperties", XMLSignature.XMLNS); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + Element propsElem = DOMUtils.createElement(ownerDoc, + "SignatureProperties", + XMLSignature.XMLNS, + dsPrefix); // set attributes - xwriter.writeIdAttribute("", "", "Id", sigProps.getId()); + DOMUtils.setAttributeID(propsElem, "Id", id); // create and append any properties - @SuppressWarnings("unchecked") - List<SignatureProperty> properties = sigProps.getProperties(); for (SignatureProperty property : properties) { - DOMSignatureProperty.marshal(xwriter, property, dsPrefix, context); + ((DOMSignatureProperty)property).marshal(propsElem, dsPrefix, + context); } - xwriter.writeEndElement(); // "SignatureProperties" + parent.appendChild(propsElem); } @Override
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,10 +29,13 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.*; import java.util.*; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -40,7 +43,7 @@ * DOM-based implementation of SignatureProperty. * */ -public final class DOMSignatureProperty extends BaseStructure +public final class DOMSignatureProperty extends DOMStructure implements SignatureProperty { private final String id; @@ -96,7 +99,13 @@ if (target == null) { throw new MarshalException("target cannot be null"); } - id = DOMUtils.getIdAttributeValue(propElem, "Id"); + Attr attr = propElem.getAttributeNodeNS(null, "Id"); + if (attr != null) { + id = attr.getValue(); + propElem.setIdAttributeNode(attr, true); + } else { + id = null; + } List<XMLStructure> newContent = new ArrayList<>(); Node firstChild = propElem.getFirstChild(); @@ -111,37 +120,37 @@ } } - @Override public List<XMLStructure> getContent() { return content; } - @Override public String getId() { return id; } - @Override public String getTarget() { return target; } - public static void marshal(XmlWriter xwriter, SignatureProperty sigProp, String dsPrefix, XMLCryptoContext context) + @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { - xwriter.writeStartElement(dsPrefix, "SignatureProperty", XMLSignature.XMLNS); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + Element propElem = DOMUtils.createElement(ownerDoc, "SignatureProperty", + XMLSignature.XMLNS, dsPrefix); // set attributes - xwriter.writeIdAttribute("", "", "Id", sigProp.getId()); - xwriter.writeAttribute("", "", "Target", sigProp.getTarget()); + DOMUtils.setAttributeID(propElem, "Id", id); + DOMUtils.setAttribute(propElem, "Target", target); // create and append any elements and mixed content - List<XMLStructure> content = getContent(sigProp); for (XMLStructure property : content) { - xwriter.marshalStructure(property, dsPrefix, context); + DOMUtils.appendChild(propElem, + ((javax.xml.crypto.dom.DOMStructure)property).getNode()); } - xwriter.writeEndElement(); // "SignatureProperty" + parent.appendChild(propElem); } @Override @@ -176,10 +185,6 @@ return result; } - @SuppressWarnings("unchecked") - private static List<XMLStructure> getContent(SignatureProperty prop) { - return prop.getContent(); - } private boolean equalsContent(List<XMLStructure> otherContent) { int osize = otherContent.size(); if (content.size() != osize) {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,6 +29,7 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.*; import java.io.ByteArrayInputStream; @@ -39,8 +40,11 @@ import java.security.Provider; import java.util.*; +import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream; +import com.sun.org.apache.xml.internal.security.utils.XMLUtils; /** * DOM-based implementation of SignedInfo. @@ -55,6 +59,7 @@ private CanonicalizationMethod canonicalizationMethod; private SignatureMethod signatureMethod; private String id; + private Document ownerDoc; private Element localSiElem; private InputStream canonData; @@ -123,6 +128,7 @@ public DOMSignedInfo(Element siElem, XMLCryptoContext context, Provider provider) throws MarshalException { localSiElem = siElem; + ownerDoc = siElem.getOwnerDocument(); // get Id attribute, if specified id = DOMUtils.getAttributeValue(siElem, "Id"); @@ -175,27 +181,22 @@ references = Collections.unmodifiableList(refList); } - @Override public CanonicalizationMethod getCanonicalizationMethod() { return canonicalizationMethod; } - @Override public SignatureMethod getSignatureMethod() { return signatureMethod; } - @Override public String getId() { return id; } - @Override public List<Reference> getReferences() { return references; } - @Override public InputStream getCanonicalizedData() { return canonData; } @@ -223,7 +224,7 @@ sb.append((char)signedInfoBytes[i]); } LOG.debug(sb.toString()); - LOG.debug("Data to be signed/verified:" + Base64.getMimeEncoder().encodeToString(signedInfoBytes)); + LOG.debug("Data to be signed/verified:" + XMLUtils.encodeToString(signedInfoBytes)); } this.canonData = new ByteArrayInputStream(signedInfoBytes); @@ -236,32 +237,31 @@ } @Override - public void marshal(XmlWriter xwriter, String dsPrefix, XMLCryptoContext context) + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { - xwriter.writeStartElement(dsPrefix, "SignedInfo", XMLSignature.XMLNS); - XMLStructure siStruct = xwriter.getCurrentNodeAsStructure(); - localSiElem = (Element) ((javax.xml.crypto.dom.DOMStructure) siStruct).getNode(); - - // append Id attribute - xwriter.writeIdAttribute("", "", "Id", id); + ownerDoc = DOMUtils.getOwnerDocument(parent); + Element siElem = DOMUtils.createElement(ownerDoc, "SignedInfo", + XMLSignature.XMLNS, dsPrefix); // create and append CanonicalizationMethod element DOMCanonicalizationMethod dcm = (DOMCanonicalizationMethod)canonicalizationMethod; - dcm.marshal(xwriter, dsPrefix, context); + dcm.marshal(siElem, dsPrefix, context); // create and append SignatureMethod element - ((AbstractDOMSignatureMethod)signatureMethod).marshal(xwriter, dsPrefix); + ((DOMStructure)signatureMethod).marshal(siElem, dsPrefix, context); // create and append Reference elements for (Reference reference : references) { - // TODO - either suppress warning here, or figure out how to get rid of the cast. - DOMReference domRef = (DOMReference)reference; - domRef.marshal(xwriter, dsPrefix, context); + ((DOMReference)reference).marshal(siElem, dsPrefix, context); } - xwriter.writeEndElement(); // "SignedInfo" + // append Id attribute + DOMUtils.setAttributeID(siElem, "Id", id); + + parent.appendChild(siElem); + localSiElem = siElem; } @Override
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,13 +29,24 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.MarshalException; -import javax.xml.crypto.XMLCryptoContext; +import javax.xml.crypto.XMLStructure; +import javax.xml.crypto.dom.DOMCryptoContext; +import org.w3c.dom.Node; /** * DOM-based abstract implementation of XMLStructure. * */ -public abstract class DOMStructure extends BaseStructure { +public abstract class DOMStructure implements XMLStructure { - public abstract void marshal(XmlWriter xwriter, String dsPrefix, XMLCryptoContext context) throws MarshalException; + public final boolean isFeatureSupported(String feature) { + if (feature == null) { + throw new NullPointerException(); + } else { + return false; + } + } + + public abstract void marshal(Node parent, String dsPrefix, + DOMCryptoContext context) throws MarshalException; }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java Tue Mar 05 08:24:58 2019 -0500 @@ -82,7 +82,6 @@ this.withComments = !excludeComments; } - @Override public boolean hasNext() { if (nodeSet == null) { nodeSet = dereferenceSameDocumentURI(root); @@ -91,7 +90,6 @@ return li.hasNext(); } - @Override public Node next() { if (nodeSet == null) { nodeSet = dereferenceSameDocumentURI(root); @@ -104,7 +102,6 @@ } } - @Override public void remove() { throw new UnsupportedOperationException(); }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java Tue Mar 05 08:24:58 2019 -0500 @@ -37,12 +37,14 @@ import javax.xml.crypto.Data; import javax.xml.crypto.MarshalException; import javax.xml.crypto.XMLCryptoContext; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.Transform; import javax.xml.crypto.dsig.TransformException; import javax.xml.crypto.dsig.TransformService; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.dom.DOMSignContext; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -50,7 +52,7 @@ * DOM-based abstract implementation of Transform. * */ -public class DOMTransform extends BaseStructure implements Transform { +public class DOMTransform extends DOMStructure implements Transform { protected TransformService spi; @@ -74,6 +76,7 @@ throws MarshalException { String algorithm = DOMUtils.getAttributeValue(transElem, "Algorithm"); + if (provider == null) { try { spi = TransformService.getInstance(algorithm, "DOM"); @@ -98,12 +101,10 @@ } } - @Override public final AlgorithmParameterSpec getParameterSpec() { return spi.getParameterSpec(); } - @Override public final String getAlgorithm() { return spi.getAlgorithm(); } @@ -111,18 +112,29 @@ /** * This method marshals any algorithm-specific parameters. */ - public void marshal(XmlWriter xwriter, String dsPrefix, XMLCryptoContext context) + @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { - String parentLocalName = xwriter.getCurrentLocalName(); - String localName = "Transforms".equals(parentLocalName) ? "Transform" : "CanonicalizationMethod"; - xwriter.writeStartElement(dsPrefix, localName, XMLSignature.XMLNS); - xwriter.writeAttribute("", "", "Algorithm", getAlgorithm()); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); - javax.xml.crypto.XMLStructure xmlStruct = xwriter.getCurrentNodeAsStructure(); - spi.marshalParams(xmlStruct, context); + Element transformElem = null; + if (parent.getLocalName().equals("Transforms")) { + transformElem = DOMUtils.createElement(ownerDoc, "Transform", + XMLSignature.XMLNS, + dsPrefix); + } else { + transformElem = DOMUtils.createElement(ownerDoc, + "CanonicalizationMethod", + XMLSignature.XMLNS, + dsPrefix); + } + DOMUtils.setAttribute(transformElem, "Algorithm", getAlgorithm()); - xwriter.writeEndElement(); // "Transforms" or "CanonicalizationMethod" + spi.marshalParams(new javax.xml.crypto.dom.DOMStructure(transformElem), + context); + + parent.appendChild(transformElem); } /** @@ -136,7 +148,6 @@ * @throws XMLSignatureException if an unexpected error occurs while * executing the transform */ - @Override public Data transform(Data data, XMLCryptoContext xc) throws TransformException { @@ -156,7 +167,6 @@ * @throws XMLSignatureException if an unexpected error occurs while * executing the transform */ - @Override public Data transform(Data data, XMLCryptoContext xc, OutputStream os) throws TransformException { @@ -210,9 +220,8 @@ Data transform(Data data, XMLCryptoContext xc, DOMSignContext context) throws MarshalException, TransformException { - Node parent = context.getParent(); - XmlWriter xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), parent); - marshal(xwriter, DOMUtils.getSignaturePrefix(context), context); + marshal(context.getParent(), + DOMUtils.getSignaturePrefix(context), context); return transform(data, xc); } }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java Tue Mar 05 08:24:58 2019 -0500 @@ -54,7 +54,6 @@ Init.init(); } - @Override public Data dereference(URIReference uriRef, XMLCryptoContext context) throws URIReferenceException {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java Tue Mar 05 08:24:58 2019 -0500 @@ -92,7 +92,9 @@ public static Element createElement(Document doc, String tag, String nsURI, String prefix) { - return doc.createElementNS(nsURI, getQNameString(prefix, tag)); + String qName = (prefix == null || prefix.length() == 0) + ? tag : prefix + ":" + tag; + return doc.createElementNS(nsURI, qName); } /** @@ -335,25 +337,20 @@ this.nl = nl; } - @Override public int size() { return nl.getLength(); } - @Override public Iterator<Node> iterator() { return new Iterator<Node>() { private int index; - @Override public void remove() { throw new UnsupportedOperationException(); } - @Override public Node next() { if (!hasNext()) { throw new NoSuchElementException(); } return nl.item(index++); } - @Override public boolean hasNext() { return index < nl.getLength(); }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java Tue Mar 05 08:24:58 2019 -0500 @@ -34,10 +34,13 @@ import java.util.*; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.*; import javax.xml.crypto.dsig.keyinfo.X509Data; +import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial; import javax.security.auth.x500.X500Principal; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -48,7 +51,7 @@ * */ //@@@ check for illegal combinations of data violating MUSTs in W3c spec -public final class DOMX509Data extends BaseStructure implements X509Data { +public final class DOMX509Data extends DOMStructure implements X509Data { private final List<Object> content; private CertificateFactory cf; @@ -113,7 +116,7 @@ newContent.add(childElem.getFirstChild().getNodeValue()); } else if ("X509SKI".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { String content = XMLUtils.getFullTextChildrenFromElement(childElem); - newContent.add(Base64.getMimeDecoder().decode(content)); + newContent.add(XMLUtils.decode(content)); } else if ("X509CRL".equals(localName) && XMLSignature.XMLNS.equals(namespace)) { newContent.add(unmarshalX509CRL(childElem)); } else { @@ -125,68 +128,89 @@ this.content = Collections.unmodifiableList(newContent); } - @Override public List<Object> getContent() { return content; } - public static void marshal(XmlWriter xwriter, X509Data x509Data, String dsPrefix, XMLCryptoContext context) + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { - xwriter.writeStartElement(dsPrefix, "X509Data", XMLSignature.XMLNS); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + Element xdElem = DOMUtils.createElement(ownerDoc, "X509Data", + XMLSignature.XMLNS, dsPrefix); - List<?> content = x509Data.getContent(); // append children and preserve order for (int i = 0, size = content.size(); i < size; i++) { Object object = content.get(i); if (object instanceof X509Certificate) { - marshalCert(xwriter, (X509Certificate) object, dsPrefix); + marshalCert((X509Certificate)object,xdElem,ownerDoc,dsPrefix); } else if (object instanceof XMLStructure) { - xwriter.marshalStructure((XMLStructure) object, dsPrefix, context); + if (object instanceof X509IssuerSerial) { + ((DOMX509IssuerSerial)object).marshal + (xdElem, dsPrefix, context); + } else { + javax.xml.crypto.dom.DOMStructure domContent = + (javax.xml.crypto.dom.DOMStructure)object; + DOMUtils.appendChild(xdElem, domContent.getNode()); + } } else if (object instanceof byte[]) { - marshalSKI(xwriter, (byte[]) object, dsPrefix); + marshalSKI((byte[])object, xdElem, ownerDoc, dsPrefix); } else if (object instanceof String) { - marshalSubjectName(xwriter, (String) object, dsPrefix); + marshalSubjectName((String)object, xdElem, ownerDoc,dsPrefix); } else if (object instanceof X509CRL) { - marshalCRL(xwriter, (X509CRL) object, dsPrefix); + marshalCRL((X509CRL)object, xdElem, ownerDoc, dsPrefix); } } - xwriter.writeEndElement(); // "X509Data" + + parent.appendChild(xdElem); } - private static void marshalSKI(XmlWriter xwriter, byte[] skid, String dsPrefix) + private void marshalSKI(byte[] skid, Node parent, Document doc, + String dsPrefix) { - xwriter.writeTextElement(dsPrefix, "X509SKI", XMLSignature.XMLNS, - Base64.getMimeEncoder().encodeToString(skid)); + Element skidElem = DOMUtils.createElement(doc, "X509SKI", + XMLSignature.XMLNS, dsPrefix); + skidElem.appendChild(doc.createTextNode(XMLUtils.encodeToString(skid))); + parent.appendChild(skidElem); } - private static void marshalSubjectName(XmlWriter xwriter, String name, String dsPrefix) + private void marshalSubjectName(String name, Node parent, Document doc, + String dsPrefix) { - xwriter.writeTextElement(dsPrefix, "X509SubjectName", XMLSignature.XMLNS, name); + Element snElem = DOMUtils.createElement(doc, "X509SubjectName", + XMLSignature.XMLNS, dsPrefix); + snElem.appendChild(doc.createTextNode(name)); + parent.appendChild(snElem); } - private static void marshalCert(XmlWriter xwriter, X509Certificate cert, String dsPrefix) + private void marshalCert(X509Certificate cert, Node parent, Document doc, + String dsPrefix) throws MarshalException { + Element certElem = DOMUtils.createElement(doc, "X509Certificate", + XMLSignature.XMLNS, dsPrefix); try { - byte[] encoded = cert.getEncoded(); - xwriter.writeTextElement(dsPrefix, "X509Certificate", XMLSignature.XMLNS, - Base64.getMimeEncoder().encodeToString(encoded)); + certElem.appendChild(doc.createTextNode + (XMLUtils.encodeToString(cert.getEncoded()))); } catch (CertificateEncodingException e) { throw new MarshalException("Error encoding X509Certificate", e); } + parent.appendChild(certElem); } - private static void marshalCRL(XmlWriter xwriter, X509CRL crl, String dsPrefix) + private void marshalCRL(X509CRL crl, Node parent, Document doc, + String dsPrefix) throws MarshalException { + Element crlElem = DOMUtils.createElement(doc, "X509CRL", + XMLSignature.XMLNS, dsPrefix); try { - byte[] encoded = crl.getEncoded(); - xwriter.writeTextElement(dsPrefix, "X509CRL", XMLSignature.XMLNS, - Base64.getMimeEncoder().encodeToString(encoded)); + crlElem.appendChild(doc.createTextNode + (XMLUtils.encodeToString(crl.getEncoded()))); } catch (CRLException e) { throw new MarshalException("Error encoding X509CRL", e); } + parent.appendChild(crlElem); } private X509Certificate unmarshalX509Certificate(Element elem) @@ -218,7 +242,7 @@ cf = CertificateFactory.getInstance("X.509"); } String content = XMLUtils.getFullTextChildrenFromElement(elem); - return new ByteArrayInputStream(Base64.getMimeDecoder().decode(content)); + return new ByteArrayInputStream(XMLUtils.decode(content)); } catch (CertificateException e) { throw new MarshalException("Cannot create CertificateFactory", e); }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,20 +29,22 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial; import java.math.BigInteger; import javax.security.auth.x500.X500Principal; - +import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; /** * DOM-based implementation of X509IssuerSerial. * */ -public final class DOMX509IssuerSerial extends BaseStructure +public final class DOMX509IssuerSerial extends DOMStructure implements X509IssuerSerial { private final String issuerName; @@ -89,17 +91,34 @@ serialNumber = new BigInteger(sNElem.getFirstChild().getNodeValue()); } - @Override public String getIssuerName() { return issuerName; } - @Override public BigInteger getSerialNumber() { return serialNumber; } @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) + throws MarshalException + { + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + + Element isElem = DOMUtils.createElement(ownerDoc, "X509IssuerSerial", + XMLSignature.XMLNS, dsPrefix); + Element inElem = DOMUtils.createElement(ownerDoc, "X509IssuerName", + XMLSignature.XMLNS, dsPrefix); + Element snElem = DOMUtils.createElement(ownerDoc, "X509SerialNumber", + XMLSignature.XMLNS, dsPrefix); + inElem.appendChild(ownerDoc.createTextNode(issuerName)); + snElem.appendChild(ownerDoc.createTextNode(serialNumber.toString())); + isElem.appendChild(inElem); + isElem.appendChild(snElem); + parent.appendChild(isElem); + } + + @Override public boolean equals(Object obj) { if (this == obj) { return true;
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java Tue Mar 05 08:24:58 2019 -0500 @@ -29,12 +29,14 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; +import javax.xml.crypto.dom.DOMCryptoContext; import javax.xml.crypto.dsig.*; import java.security.Provider; import java.util.*; import org.w3c.dom.Attr; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; @@ -43,12 +45,13 @@ * DOM-based implementation of XMLObject. * */ -public final class DOMXMLObject extends BaseStructure implements XMLObject { +public final class DOMXMLObject extends DOMStructure implements XMLObject { private final String id; private final String mimeType; private final String encoding; private final List<XMLStructure> content; + private Element objectElem; /** * Creates an {@code XMLObject} from the specified parameters. @@ -142,51 +145,56 @@ } else { this.content = Collections.unmodifiableList(newContent); } + this.objectElem = objElem; } - @Override public List<XMLStructure> getContent() { return content; } - @Override public String getId() { return id; } - @Override public String getMimeType() { return mimeType; } - @Override public String getEncoding() { return encoding; } - public static void marshal(XmlWriter xwriter, XMLObject xmlObj, String dsPrefix, XMLCryptoContext context) + @Override + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) throws MarshalException { - xwriter.writeStartElement(dsPrefix, "Object", XMLSignature.XMLNS); + Document ownerDoc = DOMUtils.getOwnerDocument(parent); + + Element objElem = objectElem != null ? objectElem : null; + if (objElem == null) { + objElem = DOMUtils.createElement(ownerDoc, "Object", + XMLSignature.XMLNS, dsPrefix); - // set attributes - xwriter.writeIdAttribute("", "", "Id", xmlObj.getId()); - xwriter.writeAttribute("", "", "MimeType", xmlObj.getMimeType()); - xwriter.writeAttribute("", "", "Encoding", xmlObj.getEncoding()); + // set attributes + DOMUtils.setAttributeID(objElem, "Id", id); + DOMUtils.setAttribute(objElem, "MimeType", mimeType); + DOMUtils.setAttribute(objElem, "Encoding", encoding); - // create and append any elements and mixed content, if necessary - @SuppressWarnings("unchecked") - List<XMLStructure> content = xmlObj.getContent(); - for (XMLStructure object : content) { - xwriter.marshalStructure(object, dsPrefix, context); + // create and append any elements and mixed content, if necessary + for (XMLStructure object : content) { + if (object instanceof DOMStructure) { + ((DOMStructure)object).marshal(objElem, dsPrefix, context); + } else { + javax.xml.crypto.dom.DOMStructure domObject = + (javax.xml.crypto.dom.DOMStructure)object; + DOMUtils.appendChild(objElem, domObject.getNode()); + } + } } - xwriter.writeEndElement(); // "Object" + + parent.appendChild(objElem); } @SuppressWarnings("unchecked") - public static List<XMLStructure> getXmlObjectContent(XMLObject xo) { - return xo.getContent(); - } - @Override public boolean equals(Object o) { if (this == o) { @@ -208,7 +216,7 @@ : mimeType.equals(oxo.getMimeType()); return idsEqual && encodingsEqual && mimeTypesEqual && - equalsContent(getXmlObjectContent(oxo)); + equalsContent(oxo.getContent()); } @Override
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java Tue Mar 05 08:24:58 2019 -0500 @@ -36,6 +36,7 @@ package org.jcp.xml.dsig.internal.dom; import javax.xml.crypto.*; +import javax.xml.crypto.dom.*; import javax.xml.crypto.dsig.*; import javax.xml.crypto.dsig.dom.DOMSignContext; import javax.xml.crypto.dsig.dom.DOMValidateContext; @@ -46,11 +47,12 @@ import java.security.Provider; import java.util.Collections; import java.util.ArrayList; -import java.util.Base64; import java.util.HashMap; import java.util.List; import java.util.Map; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -70,6 +72,9 @@ private KeyInfo ki; private List<XMLObject> objects; private SignedInfo si; + private Document ownerDoc = null; + private Element localSigElem = null; + private Element sigElem = null; private boolean validationStatus; private boolean validated = false; private KeySelectorResult ksr; @@ -127,7 +132,8 @@ Provider provider) throws MarshalException { - Element localSigElem = sigElem; + localSigElem = sigElem; + ownerDoc = localSigElem.getOwnerDocument(); // get Id attribute, if specified id = DOMUtils.getAttributeValue(localSigElem, "Id"); @@ -171,69 +177,74 @@ } } - @Override public String getId() { return id; } - @Override public KeyInfo getKeyInfo() { return ki; } - @Override public SignedInfo getSignedInfo() { return si; } - @Override public List<XMLObject> getObjects() { return objects; } - @Override public SignatureValue getSignatureValue() { return sv; } - @Override public KeySelectorResult getKeySelectorResult() { return ksr; } @Override - public void marshal(XmlWriter xwriter, String dsPrefix, XMLCryptoContext context) + public void marshal(Node parent, String dsPrefix, DOMCryptoContext context) + throws MarshalException + { + marshal(parent, null, dsPrefix, context); + } + + public void marshal(Node parent, Node nextSibling, String dsPrefix, + DOMCryptoContext context) throws MarshalException { - // rationalize the prefix. - String prefix = dsPrefix; - if (prefix == null) { - prefix = ""; + ownerDoc = DOMUtils.getOwnerDocument(parent); + sigElem = DOMUtils.createElement(ownerDoc, "Signature", + XMLSignature.XMLNS, dsPrefix); + + // append xmlns attribute + if (dsPrefix == null || dsPrefix.length() == 0) { + sigElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", + XMLSignature.XMLNS); + } else { + sigElem.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + + dsPrefix, XMLSignature.XMLNS); } - xwriter.writeStartElement(prefix, "Signature", XMLSignature.XMLNS); - - xwriter.writeNamespace(prefix, XMLSignature.XMLNS); - - // append Id attribute - xwriter.writeIdAttribute("", "", "Id", id); // create and append SignedInfo element - ((DOMSignedInfo) si).marshal(xwriter, prefix, context); + ((DOMSignedInfo)si).marshal(sigElem, dsPrefix, context); // create and append SignatureValue element - ((DOMSignatureValue) sv).marshal(xwriter, prefix, context); + ((DOMSignatureValue)sv).marshal(sigElem, dsPrefix, context); // create and append KeyInfo element if necessary if (ki != null) { - DOMKeyInfo.marshal(xwriter, ki, prefix, context); + ((DOMKeyInfo)ki).marshal(sigElem, null, dsPrefix, context); } // create and append Object elements if necessary - for (XMLObject xmlObj : objects) { - DOMXMLObject.marshal(xwriter, xmlObj, prefix, context); + for (int i = 0, size = objects.size(); i < size; i++) { + ((DOMXMLObject)objects.get(i)).marshal(sigElem, dsPrefix, context); } - xwriter.writeEndElement(); // "Signature" + // append Id attribute + DOMUtils.setAttributeID(sigElem, "Id", id); + + parent.insertBefore(sigElem, nextSibling); } @Override @@ -263,7 +274,7 @@ // validate all References @SuppressWarnings("unchecked") - List<Reference> refs = DOMSignedInfo.getSignedInfoReferences(this.si); + List<Reference> refs = this.si.getReferences(); boolean validateRefs = true; for (int i = 0, size = refs.size(); validateRefs && i < size; i++) { Reference ref = refs.get(i); @@ -286,7 +297,7 @@ for (int i=0, size=objects.size(); validateMans && i < size; i++) { XMLObject xo = objects.get(i); @SuppressWarnings("unchecked") - List<XMLStructure> content = DOMXMLObject.getXmlObjectContent(xo); + List<XMLStructure> content = xo.getContent(); int csize = content.size(); for (int j = 0; validateMans && j < csize; j++) { XMLStructure xs = content.get(j); @@ -294,7 +305,7 @@ LOG.debug("validating manifest"); Manifest man = (Manifest)xs; @SuppressWarnings("unchecked") - List<Reference> manRefs = DOMManifest.getManifestReferences(man); + List<Reference> manRefs = man.getReferences(); int rsize = manRefs.size(); for (int k = 0; validateMans && k < rsize; k++) { Reference ref = manRefs.get(k); @@ -322,13 +333,8 @@ throw new NullPointerException("signContext cannot be null"); } DOMSignContext context = (DOMSignContext)signContext; - Node nextSibling = context.getNextSibling(); - - XmlWriterToTree xwriter = new XmlWriterToTree(Marshaller.getMarshallers(), context.getParent(), nextSibling); - marshal(xwriter, - DOMUtils.getSignaturePrefix(signContext), signContext); - - Element sigElem = xwriter.getCreatedElement(); + marshal(context.getParent(), context.getNextSibling(), + DOMUtils.getSignaturePrefix(context), context); // generate references and signature value List<Reference> allReferences = new ArrayList<>(); @@ -339,20 +345,20 @@ signatureIdMap.put(id, this); signatureIdMap.put(si.getId(), si); @SuppressWarnings("unchecked") - List<Reference> refs = DOMSignedInfo.getSignedInfoReferences(si); + List<Reference> refs = si.getReferences(); for (Reference ref : refs) { signatureIdMap.put(ref.getId(), ref); } for (XMLObject obj : objects) { signatureIdMap.put(obj.getId(), obj); @SuppressWarnings("unchecked") - List<XMLStructure> content = DOMXMLObject.getXmlObjectContent(obj); + List<XMLStructure> content = obj.getContent(); for (XMLStructure xs : content) { if (xs instanceof Manifest) { Manifest man = (Manifest)xs; signatureIdMap.put(man.getId(), man); @SuppressWarnings("unchecked") - List<Reference> manRefs = DOMManifest.getManifestReferences(man); + List<Reference> manRefs = man.getReferences(); for (Reference ref : manRefs) { allReferences.add(ref); signatureIdMap.put(ref.getId(), ref); @@ -395,14 +401,14 @@ // calculate signature value try { - Element sigValue = (Element) sigElem.getElementsByTagNameNS(XMLSignature.XMLNS, "SignatureValue").item(0); - xwriter.resetToNewParent(sigValue); byte[] val = ((AbstractDOMSignatureMethod) - si.getSignatureMethod()).sign(signingKey, (DOMSignedInfo) si, signContext); - ((DOMSignatureValue)sv).setValue(xwriter, val); + si.getSignatureMethod()).sign(signingKey, si, signContext); + ((DOMSignatureValue)sv).setValue(val); } catch (InvalidKeyException ike) { throw new XMLSignatureException(ike); } + + this.localSigElem = sigElem; } @Override @@ -491,6 +497,7 @@ private String id; private byte[] value; private String valueBase64; + private Element sigValueElem; private boolean validated = false; private boolean validationStatus; @@ -503,17 +510,22 @@ { // base64 decode signatureValue String content = XMLUtils.getFullTextChildrenFromElement(sigValueElem); - value = Base64.getMimeDecoder().decode(content); + value = XMLUtils.decode(content); - id = DOMUtils.getIdAttributeValue(sigValueElem, "Id"); + Attr attr = sigValueElem.getAttributeNodeNS(null, "Id"); + if (attr != null) { + id = attr.getValue(); + sigValueElem.setIdAttributeNode(attr, true); + } else { + id = null; + } + this.sigValueElem = sigValueElem; } - @Override public String getId() { return id; } - @Override public byte[] getValue() { return (value == null) ? null : (byte[])value.clone(); } @@ -559,7 +571,7 @@ // canonicalize SignedInfo and verify signature try { validationStatus = ((AbstractDOMSignatureMethod)sm).verify - (validationKey, (DOMSignedInfo) si, value, validateContext); + (validationKey, si, value, validateContext); } catch (Exception e) { throw new XMLSignatureException(e); } @@ -597,29 +609,25 @@ return result; } - @Override - public void marshal(XmlWriter xwriter, String dsPrefix, - XMLCryptoContext context) + public void marshal(Node parent, String dsPrefix, + DOMCryptoContext context) throws MarshalException { - // create SignatureValue element - xwriter.writeStartElement(dsPrefix, "SignatureValue", XMLSignature.XMLNS); + sigValueElem = DOMUtils.createElement(ownerDoc, "SignatureValue", + XMLSignature.XMLNS, dsPrefix); + if (valueBase64 != null) { + sigValueElem.appendChild(ownerDoc.createTextNode(valueBase64)); + } // append Id attribute, if specified - xwriter.writeIdAttribute("", "", "Id", id); - if (valueBase64 != null) { - xwriter.writeCharacters(valueBase64); - } - - xwriter.writeEndElement(); // "SignatureValue" + DOMUtils.setAttributeID(sigValueElem, "Id", id); + parent.appendChild(sigValueElem); } - void setValue(XmlWriter xwriter, byte[] value) { + void setValue(byte[] value) { this.value = value; - valueBase64 = Base64.getMimeEncoder().encodeToString(value); - if (xwriter != null) { - xwriter.writeCharacters(valueBase64); - } + valueBase64 = XMLUtils.encodeToString(value); + sigValueElem.appendChild(ownerDoc.createTextNode(valueBase64)); } } }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java Tue Mar 05 08:24:58 2019 -0500 @@ -54,24 +54,20 @@ */ public DOMXMLSignatureFactory() {} - @Override public XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki) { return new DOMXMLSignature(si, ki, null, null, null); } - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki, List objects, String id, String signatureValueId) { return new DOMXMLSignature(si, ki, objects, id, signatureValueId); } - @Override public Reference newReference(String uri, DigestMethod dm) { return newReference(uri, dm, null, null, null); } - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public Reference newReference(String uri, DigestMethod dm, List transforms, String type, String id) { @@ -96,7 +92,6 @@ (uri, type, dm, appliedTransforms, result, transforms, id, getProvider()); } - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public Reference newReference(String uri, DigestMethod dm, List transforms, String type, String id, byte[] digestValue) { @@ -107,14 +102,12 @@ (uri, type, dm, null, null, transforms, id, digestValue, getProvider()); } - @Override @SuppressWarnings({ "rawtypes" }) public SignedInfo newSignedInfo(CanonicalizationMethod cm, SignatureMethod sm, List references) { return newSignedInfo(cm, sm, references, null); } - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public SignedInfo newSignedInfo(CanonicalizationMethod cm, SignatureMethod sm, List references, String id) { @@ -122,39 +115,33 @@ } // Object factory methods - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public XMLObject newXMLObject(List content, String id, String mimeType, String encoding) { return new DOMXMLObject(content, id, mimeType, encoding); } - @Override @SuppressWarnings({ "rawtypes" }) public Manifest newManifest(List references) { return newManifest(references, null); } - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public Manifest newManifest(List references, String id) { return new DOMManifest(references, id); } - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public SignatureProperties newSignatureProperties(List props, String id) { return new DOMSignatureProperties(props, id); } - @Override @SuppressWarnings({ "unchecked", "rawtypes" }) public SignatureProperty newSignatureProperty (List info, String target, String id) { return new DOMSignatureProperty(info, target, id); } - @Override public XMLSignature unmarshalXMLSignature(XMLValidateContext context) throws MarshalException { @@ -164,7 +151,6 @@ return unmarshal(((DOMValidateContext) context).getNode(), context); } - @Override public XMLSignature unmarshalXMLSignature(XMLStructure xmlStructure) throws MarshalException { @@ -218,7 +204,6 @@ } } - @Override public boolean isFeatureSupported(String feature) { if (feature == null) { throw new NullPointerException(); @@ -227,7 +212,6 @@ } } - @Override public DigestMethod newDigestMethod(String algorithm, DigestMethodParameterSpec params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { @@ -251,7 +235,6 @@ } } - @Override public SignatureMethod newSignatureMethod(String algorithm, SignatureMethodParameterSpec params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { @@ -317,7 +300,6 @@ } } - @Override public Transform newTransform(String algorithm, TransformParameterSpec params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { @@ -337,7 +319,6 @@ return new DOMTransform(spi); } - @Override public Transform newTransform(String algorithm, XMLStructure params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { @@ -360,7 +341,6 @@ return new DOMTransform(spi); } - @Override public CanonicalizationMethod newCanonicalizationMethod(String algorithm, C14NMethodParameterSpec params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { @@ -379,7 +359,6 @@ return new DOMCanonicalizationMethod(spi); } - @Override public CanonicalizationMethod newCanonicalizationMethod(String algorithm, XMLStructure params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { @@ -402,7 +381,6 @@ return new DOMCanonicalizationMethod(spi); } - @Override public URIDereferencer getURIDereferencer() { return DOMURIDereferencer.INSTANCE; }
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java Tue Mar 05 08:24:58 2019 -0500 @@ -57,7 +57,6 @@ */ public final class DOMXPathFilter2Transform extends ApacheTransform { - @Override public void init(TransformParameterSpec params) throws InvalidAlgorithmParameterException { @@ -70,7 +69,6 @@ this.params = params; } - @Override public void init(XMLStructure parent, XMLCryptoContext context) throws InvalidAlgorithmParameterException { @@ -126,7 +124,6 @@ this.params = new XPathFilter2ParameterSpec(list); } - @Override public void marshalParams(XMLStructure parent, XMLCryptoContext context) throws MarshalException {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java Tue Mar 05 08:24:58 2019 -0500 @@ -60,7 +60,6 @@ this.params = params; } - @Override public void init(XMLStructure parent, XMLCryptoContext context) throws InvalidAlgorithmParameterException { @@ -89,7 +88,6 @@ } } - @Override public void marshalParams(XMLStructure parent, XMLCryptoContext context) throws MarshalException {
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java Tue Jun 19 08:06:35 2018 +0800 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java Tue Mar 05 08:24:58 2019 -0500 @@ -55,7 +55,6 @@ this.params = params; } - @Override public void init(XMLStructure parent, XMLCryptoContext context) throws InvalidAlgorithmParameterException { @@ -68,7 +67,6 @@ (new javax.xml.crypto.dom.DOMStructure(sheet)); } - @Override public void marshalParams(XMLStructure parent, XMLCryptoContext context) throws MarshalException { super.marshalParams(parent, context);
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/Marshaller.java Tue Jun 19 08:06:35 2018 +0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,353 +0,0 @@ -/* - * reserved comment block - * DO NOT REMOVE OR ALTER! - */ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.jcp.xml.dsig.internal.dom; - -import java.util.ArrayList; -import java.util.Base64; -import java.util.List; - -import javax.xml.XMLConstants; -import javax.xml.crypto.MarshalException; -import javax.xml.crypto.XMLCryptoContext; -import javax.xml.crypto.XMLStructure; -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.Manifest; -import javax.xml.crypto.dsig.SignatureProperties; -import javax.xml.crypto.dsig.SignatureProperty; -import javax.xml.crypto.dsig.XMLSignature; -import javax.xml.crypto.dsig.keyinfo.KeyInfo; -import javax.xml.crypto.dsig.keyinfo.KeyName; -import javax.xml.crypto.dsig.keyinfo.KeyValue; -import javax.xml.crypto.dsig.keyinfo.PGPData; -import javax.xml.crypto.dsig.keyinfo.X509Data; -import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial; - -import org.w3c.dom.Attr; -import org.w3c.dom.NamedNodeMap; -import org.w3c.dom.Node; - -/** - * Defines the individual marshallers for each of the different javax.xml.crypto structures. - */ -class Marshaller { - - private Marshaller() { - // complete - } - - public static List<XmlWriter.ToMarshal<? extends XMLStructure>> getMarshallers() { - return MARSHALLERS; - } - - /** - * Marshals a {@link KeyName}. - * - * @param xwriter - * @param keyName - * @param dsPrefix - */ - public static void marshalKeyName(XmlWriter xwriter, KeyName keyName, String dsPrefix) { - xwriter.writeTextElement(dsPrefix, "KeyName", XMLSignature.XMLNS, keyName.getName()); - } - - /** - * Marshals a {@link PGPData} - * - * @param xwriter - * @param pgpData - * @param dsPrefix - * @param context - * @throws MarshalException - */ - public static void marshalPGPData(XmlWriter xwriter, PGPData pgpData, String dsPrefix, XMLCryptoContext context) - throws MarshalException { - xwriter.writeStartElement(dsPrefix, "PGPData", XMLSignature.XMLNS); - - // create and append PGPKeyID element - byte[] keyId = pgpData.getKeyId(); - if (keyId != null) { - xwriter.writeTextElement(dsPrefix, "PGPKeyID", XMLSignature.XMLNS, - Base64.getMimeEncoder().encodeToString(keyId)); - } - - // create and append PGPKeyPacket element - byte[] keyPacket = pgpData.getKeyPacket(); - if (keyPacket != null) { - xwriter.writeTextElement(dsPrefix, "XMLSignature.XMLNS", XMLSignature.XMLNS, - Base64.getMimeEncoder().encodeToString(keyPacket)); - } - - // create and append any elements - @SuppressWarnings("unchecked") - List<XMLStructure> externalElements = pgpData.getExternalElements(); - for (XMLStructure externalItem : externalElements) { - xwriter.marshalStructure(externalItem, dsPrefix, context); - } - - xwriter.writeEndElement(); // "PGPData" - } - - /** - * Marshals an {@link X509IssuerSerial} - * - * @param xwriter - * @param issuerSerial - * @param dsPrefix - */ - public static void marshalX509IssuerSerial(XmlWriter xwriter, X509IssuerSerial issuerSerial, String dsPrefix) { - xwriter.writeStartElement(dsPrefix, "X509IssuerSerial", XMLSignature.XMLNS); - xwriter.writeTextElement(dsPrefix, "X509IssuerName", XMLSignature.XMLNS, - issuerSerial.getIssuerName()); - - xwriter.writeTextElement(dsPrefix, "X509SerialNumber", XMLSignature.XMLNS, - issuerSerial.getSerialNumber().toString()); - - xwriter.writeEndElement(); // "X509IssuerSerial" - } - - private static XmlWriter.ToMarshal<KeyName> Marshal_KeyName = new XmlWriter.ToMarshal<KeyName>(KeyName.class) { - @Override - public void marshalObject(XmlWriter xwriter, KeyName toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - Marshaller.marshalKeyName(xwriter, toMarshal, dsPrefix); - } - }; - - private static XmlWriter.ToMarshal<KeyInfo> Marshal_KeyInfo = new XmlWriter.ToMarshal<KeyInfo>(KeyInfo.class) { - @Override - public void marshalObject(XmlWriter xwriter, KeyInfo toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - DOMKeyInfo.marshal(xwriter, toMarshal, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<KeyValue> Marshal_KeyValue = new XmlWriter.ToMarshal<KeyValue>(KeyValue.class) { - @Override - public void marshalObject(XmlWriter xwriter, KeyValue toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - // Since DOMKeyValue allows for deserializing unrecognized keys, and that - // capability isn't available via the KeyValue interface, this must continue - // to cast to DOMKeyValue. - DOMKeyValue<?> dkv = (DOMKeyValue<?>) toMarshal; - dkv.marshal( xwriter, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<X509IssuerSerial> Marshal_X509IssuerSerial = - new XmlWriter.ToMarshal<X509IssuerSerial>(X509IssuerSerial.class) { - @Override - public void marshalObject(XmlWriter xwriter, X509IssuerSerial toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - Marshaller.marshalX509IssuerSerial( xwriter, toMarshal, dsPrefix); - } - }; - - private static XmlWriter.ToMarshal<X509Data> Marshal_X509Data = - new XmlWriter.ToMarshal<X509Data>(X509Data.class) { - @Override - public void marshalObject(XmlWriter xwriter, X509Data toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - DOMX509Data.marshal( xwriter, toMarshal, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<DigestMethod> Marshal_DigestMethod = - new XmlWriter.ToMarshal<DigestMethod>(DigestMethod.class) { - @Override - public void marshalObject(XmlWriter xwriter, DigestMethod toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - DOMDigestMethod.marshal( xwriter, toMarshal, dsPrefix); - } - }; - - private static XmlWriter.ToMarshal<PGPData> Marshal_PGPData = - new XmlWriter.ToMarshal<PGPData>(PGPData.class) { - @Override - public void marshalObject(XmlWriter xwriter, PGPData toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - Marshaller.marshalPGPData( xwriter, toMarshal, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<SignatureProperty> Marshal_SignatureProperty = - new XmlWriter.ToMarshal<SignatureProperty>(SignatureProperty.class) { - @Override - public void marshalObject(XmlWriter xwriter, SignatureProperty toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - DOMSignatureProperty.marshal(xwriter, toMarshal, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<SignatureProperties> Marshal_SignatureProperties = - new XmlWriter.ToMarshal<SignatureProperties>(SignatureProperties.class) { - @Override - public void marshalObject(XmlWriter xwriter, SignatureProperties toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - DOMSignatureProperties.marshal(xwriter, toMarshal, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<DOMSignatureMethod> Marshal_DOMSignatureMethod = - new XmlWriter.ToMarshal<DOMSignatureMethod>(DOMSignatureMethod.class) { - @Override - public void marshalObject(XmlWriter xwriter, DOMSignatureMethod toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - toMarshal.marshal(xwriter, dsPrefix); - } - }; - - private static XmlWriter.ToMarshal<DOMTransform> Marshal_DOMTransform = - new XmlWriter.ToMarshal<DOMTransform>(DOMTransform.class) { - @Override - public void marshalObject(XmlWriter xwriter, DOMTransform toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - toMarshal.marshal(xwriter, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<Manifest> Marshal_Manifest = - new XmlWriter.ToMarshal<Manifest>(Manifest.class) { - @Override - public void marshalObject(XmlWriter xwriter, Manifest toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - DOMManifest.marshal(xwriter, toMarshal, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<DOMStructure> Marshal_DOMStructure = - new XmlWriter.ToMarshal<DOMStructure>(DOMStructure.class) { - @Override - public void marshalObject(XmlWriter xwriter, DOMStructure toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - toMarshal.marshal(xwriter, dsPrefix, context); - } - }; - - private static XmlWriter.ToMarshal<javax.xml.crypto.dom.DOMStructure> Marshal_JavaXDOMStructure = - new XmlWriter.ToMarshal<javax.xml.crypto.dom.DOMStructure>(javax.xml.crypto.dom.DOMStructure.class) { - @Override - public void marshalObject(XmlWriter xwriter, javax.xml.crypto.dom.DOMStructure toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException { - marshalGenericNode(xwriter, toMarshal); - } - }; - - private static final List<XmlWriter.ToMarshal<? extends XMLStructure>> MARSHALLERS = - new ArrayList<XmlWriter.ToMarshal<? extends XMLStructure>>(); - - static { - MARSHALLERS.add(Marshal_KeyName); - MARSHALLERS.add(Marshal_KeyInfo); - MARSHALLERS.add(Marshal_KeyValue); - MARSHALLERS.add(Marshal_X509IssuerSerial); - MARSHALLERS.add(Marshal_X509Data); - MARSHALLERS.add(Marshal_DigestMethod); - MARSHALLERS.add(Marshal_PGPData); - MARSHALLERS.add(Marshal_SignatureProperty); - MARSHALLERS.add(Marshal_SignatureProperties); - MARSHALLERS.add(Marshal_DOMSignatureMethod); - MARSHALLERS.add(Marshal_DOMTransform); - MARSHALLERS.add(Marshal_Manifest); - MARSHALLERS.add(Marshal_DOMStructure); - MARSHALLERS.add(Marshal_JavaXDOMStructure); - } - - private static void marshalGenericNode(XmlWriter xwriter, javax.xml.crypto.dom.DOMStructure xmlStruct) { - Node node = xmlStruct.getNode(); - - // if it is a namespace, make a copy. - if (DOMUtils.isNamespace(node)) { - xwriter.writeNamespace(node.getLocalName(), node.getTextContent()); - } - else if (Node.ATTRIBUTE_NODE == node.getNodeType() ) { - sendAttributeToWriter(xwriter, (Attr) node); - } - else { - marshalGenericNode(xwriter, node); - } - } - - private static void marshalGenericNode(XmlWriter xwriter, Node node) { - - short nodeType = node.getNodeType(); - if (DOMUtils.isNamespace(node)) { - xwriter.writeNamespace(node.getLocalName(), node.getTextContent()); - } - else if (nodeType == Node.ATTRIBUTE_NODE) { - // if it is an attribute, make a copy. - sendAttributeToWriter(xwriter, (Attr) node); - } - else { - switch (nodeType) { - case Node.ELEMENT_NODE: - xwriter.writeStartElement(node.getPrefix(), node.getLocalName(), node.getNamespaceURI()); - - // emit all the namespaces and attributes. - NamedNodeMap nnm = node.getAttributes(); - for (int idx = 0 ; idx < nnm.getLength() ; idx++) { - Attr attr = (Attr) nnm.item(idx); - // is this a namespace node? - if (XMLConstants.XMLNS_ATTRIBUTE_NS_URI.equals(node.getNamespaceURI())) { - xwriter.writeNamespace(attr.getLocalName(), attr.getValue()); - } - else { - // nope - standard attribute. - sendAttributeToWriter(xwriter, attr); - } - } - // now loop through all the children. - for (Node child = node.getFirstChild() ; child != null ; child = child.getNextSibling()) { - marshalGenericNode(xwriter, child); - } - xwriter.writeEndElement(); - break; - case Node.COMMENT_NODE: - xwriter.writeComment(node.getTextContent()); - break; - case Node.TEXT_NODE: - xwriter.writeCharacters(node.getTextContent()); - break; - default: - // unhandled - don't care to deal with processing instructions. - break; - } - } - } - - private static void sendAttributeToWriter(XmlWriter xwriter, Attr attr) { - if (attr.isId()) { - xwriter.writeIdAttribute(attr.getPrefix(), attr.getNamespaceURI(), - attr.getLocalName(), attr.getTextContent()); - } - else { - if (attr.getNamespaceURI() == null && attr.getLocalName() == null) { - // Level 1 DOM attribute - xwriter.writeAttribute(null, null, attr.getName(), attr.getTextContent()); - } else { - xwriter.writeAttribute(attr.getPrefix(), attr.getNamespaceURI(), attr.getLocalName(), - attr.getTextContent()); - } - } - } - -}
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/XmlWriter.java Tue Jun 19 08:06:35 2018 +0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,112 +0,0 @@ -/* - * reserved comment block - * DO NOT REMOVE OR ALTER! - */ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.jcp.xml.dsig.internal.dom; - -import javax.xml.crypto.MarshalException; -import javax.xml.crypto.XMLCryptoContext; -import javax.xml.crypto.XMLStructure; - -import org.w3c.dom.Attr; - -/** - * This interface is used to construct XML via a sequence of API calls. - * - * <p>This is written to be similar to javax.xml.stream.XMLStreamWriter, but - * has slightly different requirements. Specifically, we need to be able to create - * an "ID" type attribute, and get the current node. - * </p> - */ -public interface XmlWriter { - - /** - * Utility class that brings together the class, and the method for marshaling an - * instance of said class. - * - * @param <CLZ> - */ - abstract static class ToMarshal<CLZ extends XMLStructure> { //NOPMD - public final Class<CLZ> clazzToMatch; - - public ToMarshal(Class<CLZ> clazzToMatch) { - this.clazzToMatch = clazzToMatch; - } - - public abstract void marshalObject(XmlWriter xwriter, CLZ toMarshal, String dsPrefix, - XMLCryptoContext context) throws MarshalException; - } - - /** - * - * @param prefix What prefix to use? - * @param localName What local name to use? - * @param namespaceURI What namespace URI? - * - * See also {@link javax.xml.stream.XMLStreamWriter#writeStartElement(String, String, String)} - */ - void writeStartElement(String prefix, String localName, String namespaceURI); - - /** - * See also {@link javax.xml.stream.XMLStreamWriter#writeEndElement()} - */ - void writeEndElement(); - - /** - * Convenience method that writes both a start and end tag, with text contents as - * provided. - * - * @param prefix - * @param localName - * @param namespaceURI - * @param value - */ - void writeTextElement(String prefix, String localName, String namespaceURI, String value); - - void writeNamespace(String prefix, String namespaceURI); - - void writeCharacters(String text); - - void writeComment(String text); - - Attr writeAttribute(String prefix, String namespaceURI, String localName, String value); - - void writeIdAttribute(String prefix, String namespaceURI, String localName, String value); - - /** - * Get the local name of the current element. - * @return the local name of the current element. - */ - String getCurrentLocalName(); - - XMLStructure getCurrentNodeAsStructure(); - - /** - * This method marshals a structure, and relies on implementation specific details for how - * an instance of a particular class maps to the method that actually does the marshaling. - * - * @param toMarshal The object to be marshaled. - * @param dsPrefix The digital signature prefix. - * @param context The context for marshaling. - * @throws MarshalException Thrown if something goes wrong during the marshaling. - */ - void marshalStructure(XMLStructure toMarshal, String dsPrefix, XMLCryptoContext context) throws MarshalException; -}
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/XmlWriterToTree.java Tue Jun 19 08:06:35 2018 +0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,208 +0,0 @@ -/* - * reserved comment block - * DO NOT REMOVE OR ALTER! - */ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.jcp.xml.dsig.internal.dom; - -import java.util.List; - -import javax.xml.XMLConstants; -import javax.xml.crypto.MarshalException; -import javax.xml.crypto.XMLCryptoContext; -import javax.xml.crypto.XMLStructure; -import javax.xml.crypto.dom.DOMStructure; - -import org.w3c.dom.Attr; -import org.w3c.dom.Comment; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.Text; - -/** - * Manifestation of XmlWriter interface designed to write to a tree. - */ -public class XmlWriterToTree implements XmlWriter { - - private Document factory; - - private Element createdElement; - - private Node nextSibling; - - private Node currentNode; - - private List<XmlWriter.ToMarshal<? extends XMLStructure>> m_marshallers; - - public XmlWriterToTree(List<XmlWriter.ToMarshal<? extends XMLStructure>> marshallers, Node parent) { - m_marshallers = marshallers; - factory = parent instanceof Document ? (Document)parent : parent.getOwnerDocument(); - currentNode = parent; - } - - /** - * Reset to a new parent so that the writer can be re-used. - * @param newParent - */ - public void resetToNewParent(Node newParent) { - currentNode = newParent; - createdElement = null; - } - - /** - * Get the root element created with this writer. - * @return the root element created with this writer. - */ - public Element getCreatedElement() { - return createdElement; - } - - /** - * In cases where the serialization is supposed to precede a specific - * element, we add an extra parameter to capture that. Only affects the - * first element insertion (obviously?). - * - * @param marshallers - * @param parent - * @param nextSibling The first element created will be created *before* this element. - */ - public XmlWriterToTree(List<XmlWriter.ToMarshal<? extends XMLStructure>> marshallers, Node parent, Node nextSibling) { - this(marshallers, parent); - this.nextSibling = nextSibling; - } - - @Override - public void writeStartElement(String prefix, String localName, String namespaceURI) { - if ("".equals(namespaceURI)) { - // Map global namespace from StAX to DOM - namespaceURI = null; - } - - Element newElem = factory.createElementNS(namespaceURI, DOMUtils.getQNameString(prefix, localName)); - if (nextSibling != null) { - newElem = (Element)nextSibling.getParentNode().insertBefore(newElem, nextSibling); - } - else { - newElem = (Element)currentNode.appendChild(newElem); - } - nextSibling = null; - currentNode = newElem; - - if (createdElement == null) { - createdElement = newElem; - } - } - - @Override - public void writeEndElement() { - currentNode = currentNode.getParentNode(); - } - - - @Override - public void writeTextElement(String prefix, String localName, String namespaceURI, String value) { - writeStartElement(prefix, localName, namespaceURI); - writeCharacters(value); - writeEndElement(); - } - - @Override - public void writeNamespace(String prefix, String namespaceURI) { - if ("".equals(prefix) || prefix == null) { - writeAttribute(null, XMLConstants.XMLNS_ATTRIBUTE_NS_URI, "xmlns", namespaceURI); - } - else { - writeAttribute("xmlns", XMLConstants.XMLNS_ATTRIBUTE_NS_URI, prefix, namespaceURI); - } - } - - @Override - public void writeCharacters(String text) { - Text textNode = factory.createTextNode(text); - currentNode.appendChild(textNode); - } - - - @Override - public void writeComment(String text) { - Comment commentNode = factory.createComment(text); - currentNode.appendChild(commentNode); - } - - @Override - public Attr writeAttribute(String prefix, String namespaceURI, String localName, String value) { - - Attr result = null; - if (value != null) { - if ("".equals(namespaceURI)) { - // Map global namespace from StAX to DOM - namespaceURI = null; - } - - result = factory.createAttributeNS(namespaceURI, DOMUtils.getQNameString(prefix, localName)); - result.setTextContent(value); - if (! (currentNode instanceof Element)) { - throw new IllegalStateException( - "Attempting to add an attribute to something other than an element node. Node is " - + currentNode.toString()); - } - ( (Element)currentNode).setAttributeNodeNS(result); - } - return result; - } - - @Override - public void writeIdAttribute(String prefix, String namespaceURI, String localName, String value) { - if (value == null) { - return; - } - Attr newAttr = writeAttribute(prefix, namespaceURI, localName, value); - ( (Element)currentNode).setIdAttributeNode(newAttr, true); - } - - - @Override - public String getCurrentLocalName() { - return currentNode.getLocalName(); - } - - @Override - public XMLStructure getCurrentNodeAsStructure() { - return new DOMStructure(currentNode); - } - - @Override - public void marshalStructure(XMLStructure toMarshal, String dsPrefix, XMLCryptoContext context) throws MarshalException { - - // look for the first isInstance match, and marshal to that. - for (int idx = 0 ; idx < m_marshallers.size() ; idx++) { - @SuppressWarnings("unchecked") - XmlWriter.ToMarshal<XMLStructure> marshaller = (ToMarshal<XMLStructure>) m_marshallers.get(idx); - if (marshaller.clazzToMatch.isInstance(toMarshal)) { - marshaller.marshalObject(this, toMarshal, dsPrefix, context); - return; - } - } - throw new IllegalArgumentException("Unable to marshal unexpected object of class " + toMarshal.getClass().toString()); - } - - -}
--- a/test/javax/xml/crypto/dsig/GenerationTests.java Tue Jun 19 08:06:35 2018 +0800 +++ b/test/javax/xml/crypto/dsig/GenerationTests.java Tue Mar 05 08:24:58 2019 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,7 +24,7 @@ /** * @test * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 - * 8038349 8046724 8074784 8079693 8177334 8210736 + * 8038349 8046724 8074784 8079693 8177334 8210736 8217878 * @summary Basic unit tests for generating XML Signatures with JSR 105 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java * X509KeySelector.java GenerationTests.java @@ -123,8 +123,12 @@ private final static String CRL = DATA_DIR + System.getProperty("file.separator") + "certs" + System.getProperty("file.separator") + "crl"; + // XML Document with a DOCTYPE declaration private final static String ENVELOPE = DATA_DIR + System.getProperty("file.separator") + "envelope.xml"; + // XML Document without a DOCTYPE declaration + private final static String ENVELOPE2 = + DATA_DIR + System.getProperty("file.separator") + "envelope2.xml"; private static URIDereferencer httpUd = null; private final static String STYLESHEET = "http://www.w3.org/TR/xml-stylesheet"; @@ -311,6 +315,10 @@ test_create_signature_reference_dependency(); test_create_signature_with_attr_in_no_namespace(); test_create_signature_with_empty_id(); + test_create_signature_enveloping_over_doc(ENVELOPE, true); + test_create_signature_enveloping_over_doc(ENVELOPE2, true); + test_create_signature_enveloping_over_doc(ENVELOPE, false); + test_create_signature_enveloping_dom_level1(); // run tests for detached signatures with local http server try (Http server = Http.startServer()) { @@ -979,6 +987,109 @@ "signature", null); DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc); sig.sign(dsc); + + System.out.println(); + } + + static void test_create_signature_enveloping_over_doc(String filename, + boolean pass) throws Exception + { + System.out.println("* Generating signature-enveloping-over-doc.xml"); + + // create reference + Reference ref = fac.newReference("#object", sha256); + + // create SignedInfo + SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha256, + Collections.singletonList(ref)); + + // create object + Document doc = null; + try (FileInputStream fis = new FileInputStream(filename)) { + doc = db.parse(fis); + } + DOMStructure ds = pass ? new DOMStructure(doc.getDocumentElement()) + : new DOMStructure(doc); + XMLObject obj = fac.newXMLObject(Collections.singletonList(ds), + "object", null, "UTF-8"); + + // This creates an enveloping signature over the entire XML Document + XMLSignature sig = fac.newXMLSignature(si, rsa, + Collections.singletonList(obj), + "signature", null); + DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 1024), doc); + try { + sig.sign(dsc); + if (!pass) { + // A Document node can only exist at the root of the doc so this + // should fail + throw new Exception("Test unexpectedly passed"); + } + } catch (Exception e) { + if (!pass) { + System.out.println("Test failed as expected: " + e); + } else { + throw e; + } + } + + if (pass) { + DOMValidateContext dvc = new DOMValidateContext + (getPublicKey("RSA", 1024), doc.getDocumentElement()); + XMLSignature sig2 = fac.unmarshalXMLSignature(dvc); + + if (sig.equals(sig2) == false) { + throw new Exception + ("Unmarshalled signature is not equal to generated signature"); + } + if (sig2.validate(dvc) == false) { + throw new Exception("Validation of generated signature failed"); + } + } + + System.out.println(); + } + + static void test_create_signature_enveloping_dom_level1() throws Exception { + System.out.println("* Generating signature-enveloping-dom-level1.xml"); + + // create reference + Reference ref = fac.newReference("#object", sha256); + + // create SignedInfo + SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha256, + Collections.singletonList(ref)); + + // create object using DOM Level 1 methods + Document doc = db.newDocument(); + Element child = doc.createElement("Child"); + child.setAttribute("Version", "1.0"); + child.setAttribute("Id", "child"); + child.setIdAttribute("Id", true); + child.appendChild(doc.createComment("Comment")); + XMLObject obj = fac.newXMLObject( + Collections.singletonList(new DOMStructure(child)), + "object", null, "UTF-8"); + + XMLSignature sig = fac.newXMLSignature(si, rsa, + Collections.singletonList(obj), + "signature", null); + DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 1024), doc); + sig.sign(dsc); + + DOMValidateContext dvc = new DOMValidateContext + (getPublicKey("RSA", 1024), doc.getDocumentElement()); + XMLSignature sig2 = fac.unmarshalXMLSignature(dvc); + + if (sig.equals(sig2) == false) { + throw new Exception + ("Unmarshalled signature is not equal to generated signature"); + } + if (sig2.validate(dvc) == false) { + throw new Exception("Validation of generated signature failed"); + } + + System.out.println(); } static void test_create_signature() throws Exception {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/xml/crypto/dsig/data/envelope2.xml Tue Mar 05 08:24:58 2019 -0500 @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Preamble --> +<Envelope xmlns:foo="http://example.org/foo" xmlns="http://example.org/usps"> + <DearSir>foo</DearSir> + <Body>bar</Body> + <YoursSincerely> + </YoursSincerely> + <PostScript>bar</PostScript> + <Notaries xmlns="" Id="notaries"> + <Notary name="Great, A. T." /> + <Notary name="Hun, A. T." /> + </Notaries> + <!-- Commentary --> +</Envelope> +<!-- Postamble -->