You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/01/24 10:05:19 UTC
svn commit: r1873101 - in
/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption:
AbstractSerializer.java DocumentSerializer.java Serializer.java
TransformSerializer.java XMLCipher.java
Author: coheigea
Date: Fri Jan 24 10:05:19 2020
New Revision: 1873101
URL: http://svn.apache.org/viewvc?rev=1873101&view=rev
Log:
Refactor of Seralizers to remove secureValidation property
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java?rev=1873101&r1=1873100&r2=1873101&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java Fri Jan 24 10:05:19 2020
@@ -40,7 +40,6 @@ import org.w3c.dom.NodeList;
public abstract class AbstractSerializer implements Serializer {
private Canonicalizer canon;
- protected boolean secureValidation;
public void setCanonicalizer(Canonicalizer canon) {
this.canon = canon;
@@ -153,22 +152,6 @@ public abstract class AbstractSerializer
}
}
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public abstract Node deserialize(String source, Node ctx) throws XMLEncryptionException;
-
- /**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public abstract Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException;
-
protected static byte[] createContext(byte[] source, Node ctx) throws XMLEncryptionException {
// Create the context to parse the document against
try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
@@ -244,12 +227,4 @@ public abstract class AbstractSerializer
return sb.toString();
}
- public boolean isSecureValidation() {
- return secureValidation;
- }
-
- public void setSecureValidation(boolean secureValidation) {
- this.secureValidation = secureValidation;
- }
-
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java?rev=1873101&r1=1873100&r2=1873101&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java Fri Jan 24 10:05:19 2020
@@ -21,7 +21,6 @@ package org.apache.xml.security.encrypti
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
import javax.xml.parsers.ParserConfigurationException;
@@ -40,34 +39,25 @@ public class DocumentSerializer extends
/**
* @param source
* @param ctx
+ * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException {
+ public Node deserialize(byte[] source, Node ctx, boolean secureValidation) throws XMLEncryptionException, IOException {
byte[] fragment = createContext(source, ctx);
try (InputStream is = new ByteArrayInputStream(fragment)) {
- return deserialize(ctx, is);
+ return deserialize(ctx, is, secureValidation);
}
}
/**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public Node deserialize(String source, Node ctx) throws XMLEncryptionException {
- String fragment = createContext(source, ctx);
- return deserialize(ctx, new ByteArrayInputStream(fragment.getBytes(StandardCharsets.UTF_8)));
- }
-
- /**
* @param ctx
* @param inputStream
+ * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- private Node deserialize(Node ctx, InputStream inputStream) throws XMLEncryptionException {
+ private Node deserialize(Node ctx, InputStream inputStream, boolean secureValidation) throws XMLEncryptionException {
try {
Document d = XMLUtils.read(inputStream, secureValidation);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java?rev=1873101&r1=1873100&r2=1873101&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/Serializer.java Fri Jan 24 10:05:19 2020
@@ -68,8 +68,9 @@ public interface Serializer {
/**
* @param source
* @param ctx
+ * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException;
+ Node deserialize(byte[] source, Node ctx, boolean secureValidation) throws XMLEncryptionException, IOException;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java?rev=1873101&r1=1873100&r2=1873101&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java Fri Jan 24 10:05:19 2020
@@ -21,7 +21,6 @@ package org.apache.xml.security.encrypti
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.io.StringReader;
import javax.xml.XMLConstants;
import javax.xml.transform.Source;
@@ -45,34 +44,25 @@ public class TransformSerializer extends
/**
* @param source
* @param ctx
+ * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException {
+ public Node deserialize(byte[] source, Node ctx, boolean secureValidation) throws XMLEncryptionException, IOException {
byte[] fragment = createContext(source, ctx);
try (InputStream is = new ByteArrayInputStream(fragment)) {
- return deserialize(ctx, new StreamSource(is));
+ return deserialize(ctx, new StreamSource(is), secureValidation);
}
}
/**
- * @param source
- * @param ctx
- * @return the Node resulting from the parse of the source
- * @throws XMLEncryptionException
- */
- public Node deserialize(String source, Node ctx) throws XMLEncryptionException {
- String fragment = createContext(source, ctx);
- return deserialize(ctx, new StreamSource(new StringReader(fragment)));
- }
-
- /**
* @param ctx
* @param source
+ * @param secureValidation
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- private Node deserialize(Node ctx, Source source) throws XMLEncryptionException {
+ private Node deserialize(Node ctx, Source source, boolean secureValidation) throws XMLEncryptionException {
try {
Document contextDocument = null;
if (Node.DOCUMENT_NODE == ctx.getNodeType()) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1873101&r1=1873100&r2=1873101&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Fri Jan 24 10:05:19 2020
@@ -232,13 +232,13 @@ public class XMLCipher {
public static final int WRAP_MODE = Cipher.WRAP_MODE;
private static final String ENC_ALGORITHMS = TRIPLEDES + "\n" +
- AES_128 + "\n" + AES_256 + "\n" + AES_192 + "\n" + RSA_v1dot5 + "\n" +
- RSA_OAEP + "\n" + RSA_OAEP_11 + "\n" + TRIPLEDES_KeyWrap + "\n" +
- AES_128_KeyWrap + "\n" + AES_256_KeyWrap + "\n" + AES_192_KeyWrap + "\n" +
- AES_128_GCM + "\n" + AES_192_GCM + "\n" + AES_256_GCM + "\n" + SEED_128 + "\n" +
- CAMELLIA_128 + "\n" + CAMELLIA_192 + "\n" + CAMELLIA_256 + "\n" +
- CAMELLIA_128_KeyWrap + "\n" + CAMELLIA_192_KeyWrap + "\n" + CAMELLIA_256_KeyWrap + "\n" +
- SEED_128_KeyWrap + "\n";
+ AES_128 + "\n" + AES_256 + "\n" + AES_192 + "\n" + RSA_v1dot5 + "\n" +
+ RSA_OAEP + "\n" + RSA_OAEP_11 + "\n" + TRIPLEDES_KeyWrap + "\n" +
+ AES_128_KeyWrap + "\n" + AES_256_KeyWrap + "\n" + AES_192_KeyWrap + "\n" +
+ AES_128_GCM + "\n" + AES_192_GCM + "\n" + AES_256_GCM + "\n" + SEED_128 + "\n" +
+ CAMELLIA_128 + "\n" + CAMELLIA_192 + "\n" + CAMELLIA_256 + "\n" +
+ CAMELLIA_128_KeyWrap + "\n" + CAMELLIA_192_KeyWrap + "\n" + CAMELLIA_256_KeyWrap + "\n" +
+ SEED_128_KeyWrap + "\n";
private static final boolean HAVE_FUNCTIONAL_IDENTITY_TRANSFORMER = haveFunctionalIdentityTransformer();
@@ -1090,9 +1090,6 @@ public class XMLCipher {
if (algorithm == null) {
throw new XMLEncryptionException("empty", "XMLCipher instance without transformation specified");
}
- if (serializer instanceof AbstractSerializer) {
- ((AbstractSerializer)serializer).setSecureValidation(secureValidation);
- }
if (element != null && element.getParentNode() == null) {
throw new XMLEncryptionException("empty", "The element can't be serialized as it has no parent");
}
@@ -1655,9 +1652,6 @@ public class XMLCipher {
*/
private Document decryptElement(Element element) throws XMLEncryptionException {
LOG.debug("Decrypting element...");
- if (serializer instanceof AbstractSerializer) {
- ((AbstractSerializer)serializer).setSecureValidation(secureValidation);
- }
if (element != null && element.getParentNode() == null) {
throw new XMLEncryptionException("empty", "The element can't be serialized as it has no parent");
@@ -1675,7 +1669,7 @@ public class XMLCipher {
Node sourceParent = element.getParentNode();
try {
- Node decryptedNode = serializer.deserialize(octets, sourceParent);
+ Node decryptedNode = serializer.deserialize(octets, sourceParent, secureValidation);
// The de-serialiser returns a node whose children we need to take on.
if (sourceParent != null && Node.DOCUMENT_NODE == sourceParent.getNodeType()) {