Mercurial > hg > release > icedtea7-forest-2.3 > jdk
view src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java @ 6400:c31a79eedba2
8025026: Enhance canonicalization
Summary: Don't use cached null xmlns definition. Also reviewed by Alexander Fomin <alexander.fomin@oracle.com>
Reviewed-by: mullan, hawtin
| author | xuelei |
|---|---|
| date | Mon, 14 Oct 2013 18:35:40 -0700 |
| parents | 74fc78477907 |
| children |
line wrap: on
line source
/* * reserved comment block * DO NOT REMOVE OR ALTER! */ /* * Copyright 2008 The Apache Software Foundation. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ package com.sun.org.apache.xml.internal.security.c14n.implementations; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; import javax.xml.parsers.ParserConfigurationException; import org.w3c.dom.Attr; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; import org.xml.sax.SAXException; import java.util.logging.Logger; import java.util.logging.Logger; import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException; import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper; import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; import com.sun.org.apache.xml.internal.security.utils.Constants; import com.sun.org.apache.xml.internal.security.utils.XMLUtils; /** * Implements <A HREF="http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/"> * Canonical XML Version 1.1</A>, a W3C Proposed Recommendation from 29 * January 2008. * * @author Sean Mullan * @author Raul Benito * @version $Revision: 1.2 $ */ public abstract class Canonicalizer11 extends CanonicalizerBase { boolean firstCall = true; final SortedSet result = new TreeSet(COMPARE); static final String XMLNS_URI = Constants.NamespaceSpecNS; static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS; static Logger log = Logger.getLogger(Canonicalizer11.class.getName()); static class XmlAttrStack { int currentLevel = 0; int lastlevel = 0; XmlsStackElement cur; static class XmlsStackElement { int level; boolean rendered = false; List nodes = new ArrayList(); }; List levels = new ArrayList(); void push(int level) { currentLevel = level; if (currentLevel == -1) return; cur = null; while (lastlevel >= currentLevel) { levels.remove(levels.size() - 1); if (levels.size() == 0) { lastlevel = 0; return; } lastlevel=((XmlsStackElement)levels.get(levels.size()-1)).level; } } void addXmlnsAttr(Attr n) { if (cur == null) { cur = new XmlsStackElement(); cur.level = currentLevel; levels.add(cur); lastlevel = currentLevel; } cur.nodes.add(n); } void getXmlnsAttr(Collection col) { if (cur == null) { cur = new XmlsStackElement(); cur.level = currentLevel; lastlevel = currentLevel; levels.add(cur); } int size = levels.size() - 2; boolean parentRendered = false; XmlsStackElement e = null; if (size == -1) { parentRendered = true; } else { e = (XmlsStackElement) levels.get(size); if (e.rendered && e.level+1 == currentLevel) parentRendered = true; } if (parentRendered) { col.addAll(cur.nodes); cur.rendered = true; return; } Map loa = new HashMap(); List baseAttrs = new ArrayList(); boolean successiveOmitted = true; for (;size>=0;size--) { e = (XmlsStackElement) levels.get(size); if (e.rendered) { successiveOmitted = false; } Iterator it = e.nodes.iterator(); while (it.hasNext() && successiveOmitted) { Attr n = (Attr) it.next(); if (n.getLocalName().equals("base")) { if (!e.rendered) { baseAttrs.add(n); } } else if (!loa.containsKey(n.getName())) loa.put(n.getName(), n); } } if (!baseAttrs.isEmpty()) { Iterator it = cur.nodes.iterator(); String base = null; Attr baseAttr = null; while (it.hasNext()) { Attr n = (Attr) it.next(); if (n.getLocalName().equals("base")) { base = n.getValue(); baseAttr = n; break; } } it = baseAttrs.iterator(); while (it.hasNext()) { Attr n = (Attr) it.next(); if (base == null) { base = n.getValue(); baseAttr = n; } else { try { base = joinURI(n.getValue(), base); } catch (URISyntaxException ue) { ue.printStackTrace(); } } } if (base != null && base.length() != 0) { baseAttr.setValue(base); col.add(baseAttr); } } cur.rendered = true; col.addAll(loa.values()); } }; XmlAttrStack xmlattrStack = new XmlAttrStack(); /** * Constructor Canonicalizer11 * * @param includeComments */ public Canonicalizer11(boolean includeComments) { super(includeComments); } /** * Returns the Attr[]s to be outputted for the given element. * <br> * The code of this method is a copy of {@link #handleAttributes(Element, * NameSpaceSymbTable)}, * whereas it takes into account that subtree-c14n is -- well -- * subtree-based. * So if the element in question isRoot of c14n, it's parent is not in the * node set, as well as all other ancestors. * * @param E * @param ns * @return the Attr[]s to be outputted * @throws CanonicalizationException */ Iterator handleAttributesSubtree(Element E, NameSpaceSymbTable ns) throws CanonicalizationException { if (!E.hasAttributes() && !firstCall) { return null; } // result will contain the attrs which have to be outputted final SortedSet result = this.result; result.clear(); NamedNodeMap attrs = E.getAttributes(); int attrsLength = attrs.getLength(); for (int i = 0; i < attrsLength; i++) { Attr N = (Attr) attrs.item(i); String NUri = N.getNamespaceURI(); if (XMLNS_URI != NUri) { // It's not a namespace attr node. Add to the result and // continue. result.add(N); continue; } String NName = N.getLocalName(); String NValue = N.getValue(); if (XML.equals(NName) && XML_LANG_URI.equals(NValue)) { // The default mapping for xml must not be output. continue; } Node n = ns.addMappingAndRender(NName, NValue, N); if (n != null) { // Render the ns definition result.add(n); if (C14nHelper.namespaceIsRelative(N)) { Object exArgs[] = {E.getTagName(), NName, N.getNodeValue()}; throw new CanonicalizationException( "c14n.Canonicalizer.RelativeNamespace", exArgs); } } } if (firstCall) { // It is the first node of the subtree // Obtain all the namespaces defined in the parents, and added // to the output. ns.getUnrenderedNodes(result); // output the attributes in the xml namespace. xmlattrStack.getXmlnsAttr(result); firstCall = false; } return result.iterator(); } /** * Returns the Attr[]s to be outputted for the given element. * <br> * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a * DOM which has been prepared using * {@link com.sun.org.apache.xml.internal.security.utils.XMLUtils#circumventBug2650( * org.w3c.dom.Document)}. * * @param E * @param ns * @return the Attr[]s to be outputted * @throws CanonicalizationException */ Iterator handleAttributes(Element E, NameSpaceSymbTable ns) throws CanonicalizationException { // result will contain the attrs which have to be output xmlattrStack.push(ns.getLevel()); boolean isRealVisible = isVisibleDO(E, ns.getLevel()) == 1; NamedNodeMap attrs = null; int attrsLength = 0; if (E.hasAttributes()) { attrs = E.getAttributes(); attrsLength = attrs.getLength(); } SortedSet result = this.result; result.clear(); for (int i = 0; i < attrsLength; i++) { Attr N = (Attr) attrs.item(i); String NUri = N.getNamespaceURI(); if (XMLNS_URI != NUri) { // A non namespace definition node. if (XML_LANG_URI == NUri) { if (N.getLocalName().equals("id")) { if (isRealVisible) { // treat xml:id like any other attribute // (emit it, but don't inherit it) result.add(N); } } else { xmlattrStack.addXmlnsAttr(N); } } else if (isRealVisible) { // The node is visible add the attribute to the list of // output attributes. result.add(N); } // keep working continue; } String NName = N.getLocalName(); String NValue = N.getValue(); if ("xml".equals(NName) && XML_LANG_URI.equals(NValue)) { /* except omit namespace node with local name xml, which defines * the xml prefix, if its string value is * http://www.w3.org/XML/1998/namespace. */ continue; } // add the prefix binding to the ns symb table. // ns.addInclusiveMapping(NName,NValue,N,isRealVisible); if (isVisible(N)) { if (!isRealVisible && ns.removeMappingIfRender(NName)) { continue; } // The xpath select this node output it if needed. // Node n = ns.addMappingAndRenderXNodeSet // (NName, NValue, N, isRealVisible); Node n = ns.addMappingAndRender(NName, NValue, N); if (n != null) { result.add(n); if (C14nHelper.namespaceIsRelative(N)) { Object exArgs[] = { E.getTagName(), NName, N.getNodeValue() }; throw new CanonicalizationException( "c14n.Canonicalizer.RelativeNamespace", exArgs); } } } else { if (isRealVisible && NName != XMLNS) { ns.removeMapping(NName); } else { ns.addMapping(NName, NValue, N); } } } if (isRealVisible) { // The element is visible, handle the xmlns definition Attr xmlns = E.getAttributeNodeNS(XMLNS_URI, XMLNS); Node n = null; if (xmlns == null) { // No xmlns def just get the already defined. n = ns.getMapping(XMLNS); } else if (!isVisible(xmlns)) { // There is a defn but the xmlns is not selected by the xpath. // then xmlns="" n = ns.addMappingAndRender(XMLNS, "", getNullNode(xmlns.getOwnerDocument())); } // output the xmlns def if needed. if (n != null) { result.add(n); } // Float all xml:* attributes of the unselected parent elements to // this one. addXmlAttributes(E,result); xmlattrStack.getXmlnsAttr(result); ns.getUnrenderedNodes(result); } return result.iterator(); } /** * Always throws a CanonicalizationException because this is inclusive c14n. * * @param xpathNodeSet * @param inclusiveNamespaces * @return none it always fails * @throws CanonicalizationException always */ public byte[] engineCanonicalizeXPathNodeSet(Set xpathNodeSet, String inclusiveNamespaces) throws CanonicalizationException { throw new CanonicalizationException( "c14n.Canonicalizer.UnsupportedOperation"); } /** * Always throws a CanonicalizationException because this is inclusive c14n. * * @param rootNode * @param inclusiveNamespaces * @return none it always fails * @throws CanonicalizationException */ public byte[] engineCanonicalizeSubTree(Node rootNode, String inclusiveNamespaces) throws CanonicalizationException { throw new CanonicalizationException( "c14n.Canonicalizer.UnsupportedOperation"); } void circumventBugIfNeeded(XMLSignatureInput input) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException { if (!input.isNeedsToBeExpanded()) return; Document doc = null; if (input.getSubNode() != null) { doc = XMLUtils.getOwnerDocument(input.getSubNode()); } else { doc = XMLUtils.getOwnerDocument(input.getNodeSet()); } XMLUtils.circumventBug2650(doc); } void handleParent(Element e, NameSpaceSymbTable ns) { if (!e.hasAttributes()) { return; } xmlattrStack.push(-1); NamedNodeMap attrs = e.getAttributes(); int attrsLength = attrs.getLength(); for (int i = 0; i < attrsLength; i++) { Attr N = (Attr) attrs.item(i); if (Constants.NamespaceSpecNS != N.getNamespaceURI()) { // Not a namespace definition, ignore. if (XML_LANG_URI == N.getNamespaceURI()) { xmlattrStack.addXmlnsAttr(N); } continue; } String NName = N.getLocalName(); String NValue = N.getNodeValue(); if (XML.equals(NName) && Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) { continue; } ns.addMapping(NName,NValue,N); } } private static String joinURI(String baseURI, String relativeURI) throws URISyntaxException { String bscheme = null; String bauthority = null; String bpath = ""; String bquery = null; String bfragment = null; // Is this correct? // pre-parse the baseURI if (baseURI != null) { if (baseURI.endsWith("..")) { baseURI = baseURI + "/"; } URI base = new URI(baseURI); bscheme = base.getScheme(); bauthority = base.getAuthority(); bpath = base.getPath(); bquery = base.getQuery(); bfragment = base.getFragment(); } URI r = new URI(relativeURI); String rscheme = r.getScheme(); String rauthority = r.getAuthority(); String rpath = r.getPath(); String rquery = r.getQuery(); String rfragment = null; String tscheme, tauthority, tpath, tquery, tfragment; if (rscheme != null && rscheme.equals(bscheme)) { rscheme = null; } if (rscheme != null) { tscheme = rscheme; tauthority = rauthority; tpath = removeDotSegments(rpath); tquery = rquery; } else { if (rauthority != null) { tauthority = rauthority; tpath = removeDotSegments(rpath); tquery = rquery; } else { if (rpath.length() == 0) { tpath = bpath; if (rquery != null) { tquery = rquery; } else { tquery = bquery; } } else { if (rpath.startsWith("/")) { tpath = removeDotSegments(rpath); } else { if (bauthority != null && bpath.length() == 0) { tpath = "/" + rpath; } else { int last = bpath.lastIndexOf('/'); if (last == -1) { tpath = rpath; } else { tpath = bpath.substring(0, last+1) + rpath; } } tpath = removeDotSegments(tpath); } tquery = rquery; } tauthority = bauthority; } tscheme = bscheme; } tfragment = rfragment; return new URI(tscheme, tauthority, tpath, tquery, tfragment).toString(); } private static String removeDotSegments(String path) { log.log(java.util.logging.Level.FINE, "STEP OUTPUT BUFFER\t\tINPUT BUFFER"); // 1. The input buffer is initialized with the now-appended path // components then replace occurrences of "//" in the input buffer // with "/" until no more occurrences of "//" are in the input buffer. String input = path; while (input.indexOf("//") > -1) { input = input.replaceAll("//", "/"); } // Initialize the output buffer with the empty string. StringBuffer output = new StringBuffer(); // If the input buffer starts with a root slash "/" then move this // character to the output buffer. if (input.charAt(0) == '/') { output.append("/"); input = input.substring(1); } printStep("1 ", output.toString(), input); // While the input buffer is not empty, loop as follows while (input.length() != 0) { // 2A. If the input buffer begins with a prefix of "./", // then remove that prefix from the input buffer // else if the input buffer begins with a prefix of "../", then // if also the output does not contain the root slash "/" only, // then move this prefix to the end of the output buffer else // remove that prefix if (input.startsWith("./")) { input = input.substring(2); printStep("2A", output.toString(), input); } else if (input.startsWith("../")) { input = input.substring(3); if (!output.toString().equals("/")) { output.append("../"); } printStep("2A", output.toString(), input); // 2B. if the input buffer begins with a prefix of "/./" or "/.", // where "." is a complete path segment, then replace that prefix // with "/" in the input buffer; otherwise, } else if (input.startsWith("/./")) { input = input.substring(2); printStep("2B", output.toString(), input); } else if (input.equals("/.")) { // FIXME: what is complete path segment? input = input.replaceFirst("/.", "/"); printStep("2B", output.toString(), input); // 2C. if the input buffer begins with a prefix of "/../" or "/..", // where ".." is a complete path segment, then replace that prefix // with "/" in the input buffer and if also the output buffer is // empty, last segment in the output buffer equals "../" or "..", // where ".." is a complete path segment, then append ".." or "/.." // for the latter case respectively to the output buffer else // remove the last segment and its preceding "/" (if any) from the // output buffer and if hereby the first character in the output // buffer was removed and it was not the root slash then delete a // leading slash from the input buffer; otherwise, } else if (input.startsWith("/../")) { input = input.substring(3); if (output.length() == 0) { output.append("/"); } else if (output.toString().endsWith("../")) { output.append(".."); } else if (output.toString().endsWith("..")) { output.append("/.."); } else { int index = output.lastIndexOf("/"); if (index == -1) { output = new StringBuffer(); if (input.charAt(0) == '/') { input = input.substring(1); } } else { output = output.delete(index, output.length()); } } printStep("2C", output.toString(), input); } else if (input.equals("/..")) { // FIXME: what is complete path segment? input = input.replaceFirst("/..", "/"); if (output.length() == 0) { output.append("/"); } else if (output.toString().endsWith("../")) { output.append(".."); } else if (output.toString().endsWith("..")) { output.append("/.."); } else { int index = output.lastIndexOf("/"); if (index == -1) { output = new StringBuffer(); if (input.charAt(0) == '/') { input = input.substring(1); } } else { output = output.delete(index, output.length()); } } printStep("2C", output.toString(), input); // 2D. if the input buffer consists only of ".", then remove // that from the input buffer else if the input buffer consists // only of ".." and if the output buffer does not contain only // the root slash "/", then move the ".." to the output buffer // else delte it.; otherwise, } else if (input.equals(".")) { input = ""; printStep("2D", output.toString(), input); } else if (input.equals("..")) { if (!output.toString().equals("/")) output.append(".."); input = ""; printStep("2D", output.toString(), input); // 2E. move the first path segment (if any) in the input buffer // to the end of the output buffer, including the initial "/" // character (if any) and any subsequent characters up to, but not // including, the next "/" character or the end of the input buffer. } else { int end = -1; int begin = input.indexOf('/'); if (begin == 0) { end = input.indexOf('/', 1); } else { end = begin; begin = 0; } String segment; if (end == -1) { segment = input.substring(begin); input = ""; } else { segment = input.substring(begin, end); input = input.substring(end); } output.append(segment); printStep("2E", output.toString(), input); } } // 3. Finally, if the only or last segment of the output buffer is // "..", where ".." is a complete path segment not followed by a slash // then append a slash "/". The output buffer is returned as the result // of remove_dot_segments if (output.toString().endsWith("..")) { output.append("/"); printStep("3 ", output.toString(), input); } return output.toString(); } private static void printStep(String step, String output, String input) { if (log.isLoggable(java.util.logging.Level.FINE)) { log.log(java.util.logging.Level.FINE, " " + step + ": " + output); if (output.length() == 0) { log.log(java.util.logging.Level.FINE, "\t\t\t\t" + input); } else { log.log(java.util.logging.Level.FINE, "\t\t\t" + input); } } } }