You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/01/28 13:21:20 UTC
svn commit: r1873251 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/encryption/
test/java/org/apache/xml/security/test/dom/encryption/
Author: coheigea
Date: Tue Jan 28 13:21:19 2020
New Revision: 1873251
URL: http://svn.apache.org/viewvc?rev=1873251&view=rev
Log:
SANTUARIO-522 - Make Serializer final in XMLCipher
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java?rev=1873251&r1=1873250&r2=1873251&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java Tue Jan 28 13:21:19 2020
@@ -27,6 +27,7 @@ import java.util.HashMap;
import java.util.Map;
import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
@@ -39,10 +40,12 @@ import org.w3c.dom.NodeList;
*/
public abstract class AbstractSerializer implements Serializer {
- private Canonicalizer canon;
+ private final Canonicalizer canon;
+ protected final boolean secureValidation;
- public void setCanonicalizer(Canonicalizer canon) {
- this.canon = canon;
+ protected AbstractSerializer(String canonAlg, boolean secureValidation) throws InvalidCanonicalizerException {
+ this.canon = Canonicalizer.getInstance(canonAlg);
+ this.secureValidation = secureValidation;
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java?rev=1873251&r1=1873250&r2=1873251&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java Tue Jan 28 13:21:19 2020
@@ -24,6 +24,8 @@ import java.io.InputStream;
import javax.xml.parsers.ParserConfigurationException;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
@@ -36,28 +38,34 @@ import org.xml.sax.SAXException;
*/
public class DocumentSerializer extends AbstractSerializer {
+ public DocumentSerializer(boolean secureValidation) throws InvalidCanonicalizerException {
+ this(Canonicalizer.ALGO_ID_C14N_PHYSICAL, secureValidation);
+ }
+
+ public DocumentSerializer(String canonAlg, boolean secureValidation) throws InvalidCanonicalizerException {
+ super(canonAlg, secureValidation);
+ }
+
/**
* @param source
* @param ctx
- * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- public Node deserialize(byte[] source, Node ctx, boolean secureValidation) throws XMLEncryptionException, IOException {
+ public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException {
byte[] fragment = createContext(source, ctx);
try (InputStream is = new ByteArrayInputStream(fragment)) {
- return deserialize(ctx, is, secureValidation);
+ return deserialize(ctx, is);
}
}
/**
* @param ctx
* @param inputStream
- * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- private Node deserialize(Node ctx, InputStream inputStream, boolean secureValidation) throws XMLEncryptionException {
+ private Node deserialize(Node ctx, InputStream inputStream) throws XMLEncryptionException {
try {
Document d = XMLUtils.read(inputStream, secureValidation);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java?rev=1873251&r1=1873250&r2=1873251&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java Tue Jan 28 13:21:19 2020
@@ -20,7 +20,6 @@ package org.apache.xml.security.encrypti
import java.io.IOException;
-import org.apache.xml.security.c14n.Canonicalizer;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -31,11 +30,6 @@ import org.w3c.dom.NodeList;
public interface Serializer {
/**
- * Set the Canonicalizer object to use.
- */
- void setCanonicalizer(Canonicalizer canon);
-
- /**
* Returns a <code>byte[]</code> representation of the specified
* <code>Element</code>.
*
@@ -60,9 +54,8 @@ public interface Serializer {
/**
* @param source
* @param ctx
- * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- Node deserialize(byte[] source, Node ctx, boolean secureValidation) throws XMLEncryptionException, IOException;
+ Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java?rev=1873251&r1=1873250&r2=1873251&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java Tue Jan 28 13:21:19 2020
@@ -25,10 +25,13 @@ import java.io.InputStream;
import javax.xml.XMLConstants;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.stream.StreamSource;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Node;
@@ -39,30 +42,47 @@ import org.w3c.dom.Node;
*/
public class TransformSerializer extends AbstractSerializer {
- private TransformerFactory transformerFactory;
+ private final TransformerFactory transformerFactory;
+
+ public TransformSerializer(boolean secureValidation) throws InvalidCanonicalizerException, TransformerConfigurationException {
+ this(Canonicalizer.ALGO_ID_C14N_PHYSICAL, secureValidation);
+ }
+
+ public TransformSerializer(String canonAlg, boolean secureValidation) throws TransformerConfigurationException, InvalidCanonicalizerException {
+ super(canonAlg, secureValidation);
+
+ transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+ if (secureValidation) {
+ try {
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+ } catch (IllegalArgumentException ex) {
+ // ignore
+ }
+ }
+ }
/**
* @param source
* @param ctx
- * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- public Node deserialize(byte[] source, Node ctx, boolean secureValidation) throws XMLEncryptionException, IOException {
+ public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException {
byte[] fragment = createContext(source, ctx);
try (InputStream is = new ByteArrayInputStream(fragment)) {
- return deserialize(ctx, new StreamSource(is), secureValidation);
+ return deserialize(ctx, new StreamSource(is));
}
}
/**
* @param ctx
* @param source
- * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- private Node deserialize(Node ctx, Source source, boolean secureValidation) throws XMLEncryptionException {
+ private Node deserialize(Node ctx, Source source) throws XMLEncryptionException {
try {
Document contextDocument = null;
if (Node.DOCUMENT_NODE == ctx.getNodeType()) {
@@ -71,18 +91,6 @@ public class TransformSerializer extends
contextDocument = ctx.getOwnerDocument();
}
- if (transformerFactory == null) {
- transformerFactory = TransformerFactory.newInstance();
- transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- if (secureValidation) {
- try {
- transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
- transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
- } catch (IllegalArgumentException ex) {
- // ignore
- }
- }
- }
Transformer transformer = transformerFactory.newTransformer();
DOMResult res = new DOMResult();
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1873251&r1=1873250&r2=1873251&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Tue Jan 28 13:21:19 2020
@@ -47,6 +47,7 @@ import javax.crypto.IllegalBlockSizeExce
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
+import javax.xml.transform.TransformerConfigurationException;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
@@ -249,22 +250,19 @@ public class XMLCipher {
private int cipherMode = Integer.MIN_VALUE;
/** URI of algorithm that is being used for cryptographic operation */
- private String algorithm;
+ private final String algorithm;
/** Cryptographic provider requested by caller */
- private String requestedJCEProvider;
-
- /** Holds c14n to serialize, if initialized then _always_ use this c14n to serialize */
- private Canonicalizer canon;
+ private final String requestedJCEProvider;
/** Used for creation of DOM nodes in WRAP and ENCRYPT modes */
private Document contextDocument;
/** Instance of factory used to create XML Encryption objects */
- private Factory factory;
+ private final Factory factory;
/** Serializer class for going to/from UTF-8 */
- private Serializer serializer;
+ private final Serializer serializer;
/** Local copy of user's key */
private Key key;
@@ -289,21 +287,6 @@ public class XMLCipher {
private List<KeyResolverSpi> internalKeyResolvers;
/**
- * Set the Serializer algorithm to use
- */
- public void setSerializer(Serializer serializer) {
- this.serializer = serializer;
- serializer.setCanonicalizer(this.canon);
- }
-
- /**
- * Get the Serializer algorithm to use
- */
- public Serializer getSerializer() {
- return serializer;
- }
-
- /**
* Creates a new <code>XMLCipher</code>.
*
* @param transformation the name of the transformation, e.g.,
@@ -312,15 +295,14 @@ public class XMLCipher {
* is defined in the <code>EncryptionMethod</code> element.
* @param provider the JCE provider that supplies the transformation,
* if null use the default provider.
- * @param canonAlg the name of the c14n algorithm, if
- * <code>null</code> use standard serializer
* @param digestMethod An optional digestMethod to use.
+ * @param serializer A Serializer instance to use
*/
private XMLCipher(
String transformation,
String provider,
- String canonAlg,
- String digestMethod
+ String digestMethod,
+ Serializer serializer
) throws XMLEncryptionException {
LOG.debug("Constructing XMLCipher...");
@@ -330,31 +312,27 @@ public class XMLCipher {
requestedJCEProvider = provider;
digestAlg = digestMethod;
- // Create a canonicalizer - used when serializing DOM to octets
- // prior to encryption (and for the reverse)
+ this.serializer = serializer;
- try {
- if (canonAlg == null) {
- // The default is to preserve the physical representation.
- this.canon = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_PHYSICAL);
- } else {
- this.canon = Canonicalizer.getInstance(canonAlg);
- }
- } catch (InvalidCanonicalizerException ice) {
- throw new XMLEncryptionException(ice);
+ if (transformation != null) {
+ contextCipher = constructCipher(transformation, digestMethod);
}
+ }
+
+ private static Serializer createSerializer(boolean secureValidation) throws XMLEncryptionException {
+ return createSerializer(null, secureValidation);
+ }
+
+ private static Serializer createSerializer(String canonAlg, boolean secureValidation) throws XMLEncryptionException {
+ String c14nAlg = canonAlg != null ? canonAlg : Canonicalizer.ALGO_ID_C14N_PHYSICAL;
- if (serializer == null) {
+ try {
if (HAVE_FUNCTIONAL_IDENTITY_TRANSFORMER) {
- serializer = new TransformSerializer();
- } else {
- serializer = new DocumentSerializer();
+ return new TransformSerializer(c14nAlg, secureValidation);
}
- }
- serializer.setCanonicalizer(this.canon);
-
- if (transformation != null) {
- contextCipher = constructCipher(transformation, digestMethod);
+ return new DocumentSerializer(c14nAlg, secureValidation);
+ } catch (InvalidCanonicalizerException | TransformerConfigurationException e) {
+ throw new XMLEncryptionException(e);
}
}
@@ -438,7 +416,25 @@ public class XMLCipher {
public static XMLCipher getInstance(String transformation) throws XMLEncryptionException {
LOG.debug("Getting XMLCipher with transformation");
validateTransformation(transformation);
- return new XMLCipher(transformation, null, null, null);
+ return new XMLCipher(transformation, null, null, createSerializer(true));
+ }
+
+ /**
+ * Returns an <code>XMLCipher</code> that implements the specified
+ * transformation, operates on the specified context document and serializes
+ * the document with the specified serializer before it
+ * encrypts the document.
+ * <p>
+ *
+ * @param transformation the name of the transformation
+ * @param serializer A custom Serializer instance
+ * @return the XMLCipher
+ * @throws XMLEncryptionException
+ */
+ public static XMLCipher getInstance(String transformation, Serializer serializer) throws XMLEncryptionException {
+ LOG.debug("Getting XMLCipher with transformation");
+ validateTransformation(transformation);
+ return new XMLCipher(transformation, null, null, serializer);
}
/**
@@ -458,7 +454,7 @@ public class XMLCipher {
throws XMLEncryptionException {
LOG.debug("Getting XMLCipher with transformation and c14n algorithm");
validateTransformation(transformation);
- return new XMLCipher(transformation, null, canon, null);
+ return new XMLCipher(transformation, null, null, createSerializer(canon, true));
}
/**
@@ -479,7 +475,7 @@ public class XMLCipher {
throws XMLEncryptionException {
LOG.debug("Getting XMLCipher with transformation and c14n algorithm");
validateTransformation(transformation);
- return new XMLCipher(transformation, null, canon, digestMethod);
+ return new XMLCipher(transformation, null, digestMethod, createSerializer(canon, true));
}
/**
@@ -498,7 +494,7 @@ public class XMLCipher {
throw new NullPointerException("Provider unexpectedly null..");
}
validateTransformation(transformation);
- return new XMLCipher(transformation, provider, null, null);
+ return new XMLCipher(transformation, provider, null, createSerializer(true));
}
/**
@@ -523,7 +519,7 @@ public class XMLCipher {
throw new NullPointerException("Provider unexpectedly null..");
}
validateTransformation(transformation);
- return new XMLCipher(transformation, provider, canon, null);
+ return new XMLCipher(transformation, provider, null, createSerializer(canon, true));
}
/**
@@ -549,7 +545,31 @@ public class XMLCipher {
throw new NullPointerException("Provider unexpectedly null..");
}
validateTransformation(transformation);
- return new XMLCipher(transformation, provider, canon, digestMethod);
+ return new XMLCipher(transformation, provider, digestMethod, createSerializer(canon, true));
+ }
+
+ /**
+ * Returns an <code>XMLCipher</code> that implements the specified
+ * transformation, operates on the specified context document and serializes
+ * the document with the specified Serializer before it encrypts the document.
+ * <p>
+ *
+ * @param transformation the name of the transformation
+ * @param provider the JCE provider that supplies the transformation
+ * @param serializer A custom serializer instance to use
+ * @param digestMethod An optional digestMethod to use
+ * @return the XMLCipher
+ * @throws XMLEncryptionException
+ */
+ public static XMLCipher getProviderInstance(
+ String transformation, String provider, Serializer serializer, String digestMethod
+ ) throws XMLEncryptionException {
+ LOG.debug("Getting XMLCipher with transformation, provider and c14n algorithm");
+ if (null == provider) {
+ throw new NullPointerException("Provider unexpectedly null..");
+ }
+ validateTransformation(transformation);
+ return new XMLCipher(transformation, provider, digestMethod, serializer);
}
/**
@@ -563,7 +583,7 @@ public class XMLCipher {
*/
public static XMLCipher getInstance() throws XMLEncryptionException {
LOG.debug("Getting XMLCipher with no arguments");
- return new XMLCipher(null, null, null, null);
+ return new XMLCipher(null, null, null, createSerializer(true));
}
/**
@@ -581,7 +601,7 @@ public class XMLCipher {
*/
public static XMLCipher getProviderInstance(String provider) throws XMLEncryptionException {
LOG.debug("Getting XMLCipher with provider");
- return new XMLCipher(null, provider, null, null);
+ return new XMLCipher(null, provider, null, createSerializer(true));
}
/**
@@ -1669,7 +1689,7 @@ public class XMLCipher {
Node sourceParent = element.getParentNode();
try {
- Node decryptedNode = serializer.deserialize(octets, sourceParent, secureValidation);
+ Node decryptedNode = serializer.deserialize(octets, sourceParent);
// The de-serialiser returns a node whose children we need to take on.
if (sourceParent != null && Node.DOCUMENT_NODE == sourceParent.getNodeType()) {
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java?rev=1873251&r1=1873250&r2=1873251&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java Tue Jan 28 13:21:19 2020
@@ -143,14 +143,15 @@ public class SignedEncryptedTest {
document = cipher.doFinal(document, element, true);
- XMLCipher deCipher = XMLCipher.getInstance(XMLCipher.AES_128);
- if (transformerFactory != null && deCipher.getSerializer() instanceof TransformSerializer) {
- Field f = deCipher.getSerializer().getClass().getDeclaredField("transformerFactory");
- f.setAccessible(true);
- f.set(deCipher.getSerializer(), transformerFactory);
- }
+ XMLCipher deCipher = null;
if (useDocumentSerializer) {
- deCipher.setSerializer(new DocumentSerializer());
+ deCipher = XMLCipher.getInstance(XMLCipher.AES_128, new DocumentSerializer(true));
+ } else {
+ TransformSerializer serializer = new TransformSerializer(true);
+ Field f = serializer.getClass().getDeclaredField("transformerFactory");
+ f.setAccessible(true);
+ f.set(serializer, transformerFactory);
+ deCipher = XMLCipher.getInstance(XMLCipher.AES_128, serializer);
}
deCipher.init(XMLCipher.DECRYPT_MODE, secretKey);
deCipher.doFinal(document, element, true);