You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/06/12 14:59:30 UTC
svn commit: r1602147 -
/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/
Author: coheigea
Date: Thu Jun 12 12:59:29 2014
New Revision: 1602147
URL: http://svn.apache.org/r1602147
Log:
[SANTUARIO-350] - Unmarshalling from existing elements doesn't enforce syntax & semantic requirements
Conflicts:
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java
src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
Modified:
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfo.java Thu Jun 12 12:59:29 2014
@@ -112,16 +112,17 @@ public final class DOMKeyInfo extends DO
}
Element childElem = (Element)child;
String localName = childElem.getLocalName();
- if (localName.equals("X509Data")) {
+ String namespace = childElem.getNamespaceURI();
+ if (localName.equals("X509Data") && XMLSignature.XMLNS.equals(namespace)) {
content.add(new DOMX509Data(childElem));
- } else if (localName.equals("KeyName")) {
+ } else if (localName.equals("KeyName") && XMLSignature.XMLNS.equals(namespace)) {
content.add(new DOMKeyName(childElem));
- } else if (localName.equals("KeyValue")) {
+ } else if (localName.equals("KeyValue") && XMLSignature.XMLNS.equals(namespace)) {
content.add(DOMKeyValue.unmarshal(childElem));
- } else if (localName.equals("RetrievalMethod")) {
+ } else if (localName.equals("RetrievalMethod") && XMLSignature.XMLNS.equals(namespace)) {
content.add(new DOMRetrievalMethod(childElem,
context, provider));
- } else if (localName.equals("PGPData")) {
+ } else if (localName.equals("PGPData") && XMLSignature.XMLNS.equals(namespace)) {
content.add(new DOMPGPData(childElem));
} else { //may be MgmtData, SPKIData or element from other namespace
content.add(new javax.xml.crypto.dom.DOMStructure((childElem)));
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java Thu Jun 12 12:59:29 2014
@@ -28,9 +28,12 @@ import java.math.BigInteger;
import java.security.KeyException;
import java.security.PublicKey;
import java.util.List;
+
import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
+import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.keyinfo.*;
+
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -143,14 +146,15 @@ public final class DOMKeyInfoFactory ext
// check tag
String tag = element.getLocalName();
- if (tag == null) {
+ String namespace = element.getNamespaceURI();
+ if (tag == null || namespace == null) {
throw new MarshalException("Document implementation must " +
"support DOM Level 2 and be namespace aware");
}
- if (tag.equals("KeyInfo")) {
+ if (tag.equals("KeyInfo") && XMLSignature.XMLNS.equals(namespace)) {
return new DOMKeyInfo(element, new UnmarshalContext(), getProvider());
} else {
- throw new MarshalException("invalid KeyInfo tag: " + tag);
+ throw new MarshalException("invalid KeyInfo tag: " + namespace + ":" + tag);
}
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java Thu Jun 12 12:59:29 2014
@@ -30,6 +30,14 @@ import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
+
+
+
+
+
+
+
+
// import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
@@ -89,11 +97,16 @@ public abstract class DOMKeyValue extend
static KeyValue unmarshal(Element kvElem) throws MarshalException {
Element kvtElem = DOMUtils.getFirstChildElement(kvElem);
- if (kvtElem.getLocalName().equals("DSAKeyValue")) {
+ if (kvtElem == null) {
+ throw new MarshalException("KeyValue must contain at least one type");
+ }
+
+ String namespace = kvtElem.getNamespaceURI();
+ if (kvtElem.getLocalName().equals("DSAKeyValue") && XMLSignature.XMLNS.equals(namespace)) {
return new DSA(kvtElem);
- } else if (kvtElem.getLocalName().equals("RSAKeyValue")) {
+ } else if (kvtElem.getLocalName().equals("RSAKeyValue") && XMLSignature.XMLNS.equals(namespace)) {
return new RSA(kvtElem);
- } else if (kvtElem.getLocalName().equals("ECKeyValue")) {
+ } else if (kvtElem.getLocalName().equals("ECKeyValue") && XMLDSIG_11_XMLNS.equals(namespace)) {
return new EC(kvtElem);
} else {
return new Unknown(kvtElem);
@@ -217,10 +230,12 @@ public abstract class DOMKeyValue extend
}
}
Element modulusElem = DOMUtils.getFirstChildElement(kvtElem,
- "Modulus");
+ "Modulus",
+ XMLSignature.XMLNS);
modulus = new DOMCryptoBinary(modulusElem.getFirstChild());
Element exponentElem = DOMUtils.getNextSiblingElement(modulusElem,
- "Exponent");
+ "Exponent",
+ XMLSignature.XMLNS);
exponent = new DOMCryptoBinary(exponentElem.getFirstChild());
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus.getBigNum(),
exponent.getBigNum());
@@ -286,19 +301,25 @@ public abstract class DOMKeyValue extend
}
}
Element curElem = DOMUtils.getFirstChildElement(kvtElem);
+ if (curElem == null) {
+ throw new MarshalException("KeyValue must contain at least one type");
+ }
// check for P and Q
- if (curElem.getLocalName().equals("P")) {
+ if (curElem.getLocalName().equals("P") && XMLSignature.XMLNS.equals(curElem.getNamespaceURI())) {
p = new DOMCryptoBinary(curElem.getFirstChild());
- curElem = DOMUtils.getNextSiblingElement(curElem, "Q");
+ curElem = DOMUtils.getNextSiblingElement(curElem, "Q", XMLSignature.XMLNS);
q = new DOMCryptoBinary(curElem.getFirstChild());
curElem = DOMUtils.getNextSiblingElement(curElem);
}
- if (curElem.getLocalName().equals("G")) {
+ if (curElem != null
+ && curElem.getLocalName().equals("G") && XMLSignature.XMLNS.equals(curElem.getNamespaceURI())) {
g = new DOMCryptoBinary(curElem.getFirstChild());
curElem = DOMUtils.getNextSiblingElement(curElem, "Y");
}
- y = new DOMCryptoBinary(curElem.getFirstChild());
- curElem = DOMUtils.getNextSiblingElement(curElem);
+ if (curElem != null) {
+ y = new DOMCryptoBinary(curElem.getFirstChild());
+ curElem = DOMUtils.getNextSiblingElement(curElem);
+ }
if (curElem != null && curElem.getLocalName().equals("J")) {
j = new DOMCryptoBinary(curElem.getFirstChild());
// curElem = DOMUtils.getNextSiblingElement(curElem);
@@ -437,10 +458,16 @@ public abstract class DOMKeyValue extend
}
ECParameterSpec ecParams = null;
Element curElem = DOMUtils.getFirstChildElement(kvtElem);
- if (curElem.getLocalName().equals("ECParameters")) {
+ if (curElem == null) {
+ throw new MarshalException("KeyValue must contain at least one type");
+ }
+
+ if (curElem.getLocalName().equals("ECParameters")
+ && XMLDSIG_11_XMLNS.equals(curElem.getNamespaceURI())) {
throw new UnsupportedOperationException
("ECParameters not supported");
- } else if (curElem.getLocalName().equals("NamedCurve")) {
+ } else if (curElem.getLocalName().equals("NamedCurve")
+ && XMLDSIG_11_XMLNS.equals(curElem.getNamespaceURI())) {
String uri = DOMUtils.getAttributeValue(curElem, "URI");
// strip off "urn:oid"
if (uri.startsWith("urn:oid:")) {
@@ -460,7 +487,7 @@ public abstract class DOMKeyValue extend
} else {
throw new MarshalException("Invalid ECKeyValue");
}
- curElem = DOMUtils.getNextSiblingElement(curElem, "PublicKey");
+ curElem = DOMUtils.getNextSiblingElement(curElem, "PublicKey", XMLDSIG_11_XMLNS);
ECPoint ecPoint = null;
try {
Object[] args = new Object[] { Base64.decode(curElem),
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMManifest.java Thu Jun 12 12:59:29 2014
@@ -97,16 +97,17 @@ public final class DOMManifest extends D
boolean secVal = Utils.secureValidation(context);
- Element refElem = DOMUtils.getFirstChildElement(manElem, "Reference");
+ Element refElem = DOMUtils.getFirstChildElement(manElem, "Reference", XMLSignature.XMLNS);
List<Reference> refs = new ArrayList<Reference>();
refs.add(new DOMReference(refElem, context, provider));
refElem = DOMUtils.getNextSiblingElement(refElem);
while (refElem != null) {
String localName = refElem.getLocalName();
- if (!localName.equals("Reference")) {
+ String namespace = refElem.getNamespaceURI();
+ if (!localName.equals("Reference") || !XMLSignature.XMLNS.equals(namespace)) {
throw new MarshalException("Invalid element name: " +
- localName + ", expected Reference");
+ namespace + ":" + localName + ", expected Reference");
}
refs.add(new DOMReference(refElem, context, provider));
if (secVal && (refs.size() > DOMSignedInfo.MAXIMUM_REFERENCE_COUNT)) {
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java Thu Jun 12 12:59:29 2014
@@ -25,6 +25,7 @@
package org.apache.jcp.xml.dsig.internal.dom;
import java.util.*;
+
import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.*;
@@ -33,7 +34,6 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
@@ -153,10 +153,11 @@ public final class DOMPGPData extends DO
if (n.getNodeType() == Node.ELEMENT_NODE) {
Element childElem = (Element)n;
String localName = childElem.getLocalName();
+ String namespace = childElem.getNamespaceURI();
try {
- if (localName.equals("PGPKeyID")) {
+ if (localName.equals("PGPKeyID") && XMLSignature.XMLNS.equals(namespace)) {
keyId = Base64.decode(childElem);
- } else if (localName.equals("PGPKeyPacket")){
+ } else if (localName.equals("PGPKeyPacket") && XMLSignature.XMLNS.equals(namespace)) {
keyPacket = Base64.decode(childElem);
} else {
other.add
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java Thu Jun 12 12:59:29 2014
@@ -41,11 +41,11 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.security.*;
import java.util.*;
+
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
import org.apache.jcp.xml.dsig.internal.DigesterOutputStream;
import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
import org.apache.xml.security.exceptions.Base64DecodingException;
@@ -199,14 +199,17 @@ public final class DOMReference extends
// unmarshal Transforms, if specified
Element nextSibling = DOMUtils.getFirstChildElement(refElem);
List<Transform> transforms = new ArrayList<Transform>(5);
- if (nextSibling.getLocalName().equals("Transforms")) {
+ if (nextSibling.getLocalName().equals("Transforms")
+ && XMLSignature.XMLNS.equals(nextSibling.getNamespaceURI())) {
Element transformElem = DOMUtils.getFirstChildElement(nextSibling,
- "Transform");
+ "Transform",
+ XMLSignature.XMLNS);
transforms.add(new DOMTransform(transformElem, context, provider));
transformElem = DOMUtils.getNextSiblingElement(transformElem);
while (transformElem != null) {
String localName = transformElem.getLocalName();
- if (!localName.equals("Transform")) {
+ String namespace = transformElem.getNamespaceURI();
+ if (!localName.equals("Transform") || !XMLSignature.XMLNS.equals(namespace)) {
throw new MarshalException(
"Invalid element name: " + localName +
", expected Transform");
@@ -222,7 +225,8 @@ public final class DOMReference extends
}
nextSibling = DOMUtils.getNextSiblingElement(nextSibling);
}
- if (!nextSibling.getLocalName().equals("DigestMethod")) {
+ if (!nextSibling.getLocalName().equals("DigestMethod")
+ && XMLSignature.XMLNS.equals(nextSibling.getNamespaceURI())) {
throw new MarshalException("Invalid element name: " +
nextSibling.getLocalName() +
", expected DigestMethod");
@@ -240,7 +244,7 @@ public final class DOMReference extends
}
// unmarshal DigestValue
- Element dvElem = DOMUtils.getNextSiblingElement(dmElem, "DigestValue");
+ Element dvElem = DOMUtils.getNextSiblingElement(dmElem, "DigestValue", XMLSignature.XMLNS);
try {
this.digestValue = Base64.decode(dvElem);
} catch (Base64DecodingException bde) {
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java Thu Jun 12 12:59:29 2014
@@ -133,17 +133,17 @@ public final class DOMRetrievalMethod ex
if (transformsElem != null) {
String localName = transformsElem.getLocalName();
- if (!localName.equals("Transforms")) {
+ String namespace = transformsElem.getNamespaceURI();
+ if (!localName.equals("Transforms") || !XMLSignature.XMLNS.equals(namespace)) {
throw new MarshalException("Invalid element name: " +
- localName + ", expected Transforms");
+ namespace + ":" + localName + ", expected Transforms");
}
Element transformElem =
- DOMUtils.getFirstChildElement(transformsElem, "Transform");
- transforms.add(new DOMTransform(transformElem, context, provider));
- transformElem = DOMUtils.getNextSiblingElement(transformElem);
+ DOMUtils.getFirstChildElement(transformsElem, "Transform", XMLSignature.XMLNS);
while (transformElem != null) {
String name = transformElem.getLocalName();
- if (!name.equals("Transform")) {
+ namespace = transformElem.getNamespaceURI();
+ if (!name.equals("Transform") || !XMLSignature.XMLNS.equals(namespace)) {
throw new MarshalException("Invalid element name: " +
name + ", expected Transform");
}
@@ -240,7 +240,7 @@ public final class DOMRetrievalMethod ex
// guard against RetrievalMethod loops
if (data instanceof NodeSetData && Utils.secureValidation(context)) {
NodeSetData nsd = (NodeSetData)data;
- Iterator i = nsd.iterator();
+ Iterator<?> i = nsd.iterator();
if (i.hasNext()) {
Node root = (Node)i.next();
if ("RetrievalMethod".equals(root.getLocalName())) {
@@ -265,7 +265,8 @@ public final class DOMRetrievalMethod ex
Document doc = db.parse(new ByteArrayInputStream
(data.getXMLSignatureInput().getBytes()));
Element kiElem = doc.getDocumentElement();
- if (kiElem.getLocalName().equals("X509Data")) {
+ if (kiElem.getLocalName().equals("X509Data")
+ && XMLSignature.XMLNS.equals(kiElem.getNamespaceURI())) {
return new DOMX509Data(kiElem);
} else {
return null; // unsupported
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java Thu Jun 12 12:59:29 2014
@@ -106,8 +106,9 @@ public final class DOMSignaturePropertie
Node child = nodes.item(i);
if (child.getNodeType() == Node.ELEMENT_NODE) {
String name = child.getLocalName();
- if (!name.equals("SignatureProperty")) {
- throw new MarshalException("Invalid element name: " + name +
+ String namespace = child.getNamespaceURI();
+ if (!name.equals("SignatureProperty") || !XMLSignature.XMLNS.equals(namespace)) {
+ throw new MarshalException("Invalid element name: " + namespace + ":" + name +
", expected SignatureProperty");
}
properties.add(new DOMSignatureProperty((Element)child,
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java Thu Jun 12 12:59:29 2014
@@ -147,13 +147,15 @@ public final class DOMSignedInfo extends
// unmarshal CanonicalizationMethod
Element cmElem = DOMUtils.getFirstChildElement(siElem,
- "CanonicalizationMethod");
+ "CanonicalizationMethod",
+ XMLSignature.XMLNS);
canonicalizationMethod = new DOMCanonicalizationMethod(cmElem, context,
provider);
// unmarshal SignatureMethod
Element smElem = DOMUtils.getNextSiblingElement(cmElem,
- "SignatureMethod");
+ "SignatureMethod",
+ XMLSignature.XMLNS);
signatureMethod = DOMSignatureMethod.unmarshal(smElem);
boolean secVal = Utils.secureValidation(context);
@@ -168,15 +170,16 @@ public final class DOMSignedInfo extends
// unmarshal References
ArrayList<Reference> refList = new ArrayList<Reference>(5);
- Element refElem = DOMUtils.getNextSiblingElement(smElem, "Reference");
+ Element refElem = DOMUtils.getNextSiblingElement(smElem, "Reference", XMLSignature.XMLNS);
refList.add(new DOMReference(refElem, context, provider));
refElem = DOMUtils.getNextSiblingElement(refElem);
while (refElem != null) {
String name = refElem.getLocalName();
- if (!name.equals("Reference")) {
+ String namespace = refElem.getNamespaceURI();
+ if (!name.equals("Reference") || !XMLSignature.XMLNS.equals(namespace)) {
throw new MarshalException("Invalid element name: " +
- name + ", expected Reference");
+ namespace + ":" + name + ", expected Reference");
}
refList.add(new DOMReference(refElem, context, provider));
if (secVal && (refList.size() > MAXIMUM_REFERENCE_COUNT)) {
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMUtils.java Thu Jun 12 12:59:29 2014
@@ -137,11 +137,29 @@ public class DOMUtils {
* @throws MarshalException if no such element or the local name is not
* equal to {@code localName}
*/
+ @Deprecated
public static Element getFirstChildElement(Node node, String localName)
throws MarshalException
{
return verifyElement(getFirstChildElement(node), localName);
}
+
+ /**
+ * Returns the first child element of the specified node and checks that
+ * the local name is equal to {@code localName} and the namespace is equal to
+ * {@code namespaceURI}
+ *
+ * @param node the node
+ * @return the first child element of the specified node
+ * @throws NullPointerException if {@code node == null}
+ * @throws MarshalException if no such element or the local name is not
+ * equal to {@code localName}
+ */
+ public static Element getFirstChildElement(Node node, String localName, String namespaceURI)
+ throws MarshalException
+ {
+ return verifyElement(getFirstChildElement(node), localName, namespaceURI);
+ }
private static Element verifyElement(Element elem, String localName)
throws MarshalException
@@ -156,6 +174,22 @@ public class DOMUtils {
}
return elem;
}
+
+ private static Element verifyElement(Element elem, String localName, String namespaceURI)
+ throws MarshalException
+ {
+ if (elem == null) {
+ throw new MarshalException("Missing " + localName + " element");
+ }
+ String name = elem.getLocalName();
+ String namespace = elem.getNamespaceURI();
+ if (!name.equals(localName) || namespace == null && namespaceURI != null
+ || namespace != null && !namespace.equals(namespaceURI)) {
+ throw new MarshalException("Invalid element name: " +
+ namespace + ":" + name + ", expected " + namespaceURI + ":" + localName);
+ }
+ return elem;
+ }
/**
* Returns the last child element of the specified node, or null if there
@@ -190,7 +224,7 @@ public class DOMUtils {
}
return (Element)sibling;
}
-
+
/**
* Returns the next sibling element of the specified node and checks that
* the local name is equal to {@code localName}.
@@ -201,10 +235,28 @@ public class DOMUtils {
* @throws MarshalException if no such element or the local name is not
* equal to {@code localName}
*/
+ @Deprecated
public static Element getNextSiblingElement(Node node, String localName)
throws MarshalException
{
return verifyElement(getNextSiblingElement(node), localName);
+ }
+
+ /**
+ * Returns the next sibling element of the specified node and checks that
+ * the local name is equal to {@code localName} and the namespace is equal to
+ * {@code namespaceURI}
+ *
+ * @param node the node
+ * @return the next sibling element of the specified node
+ * @throws NullPointerException if {@code node == null}
+ * @throws MarshalException if no such element or the local name is not
+ * equal to {@code localName}
+ */
+ public static Element getNextSiblingElement(Node node, String localName, String namespaceURI)
+ throws MarshalException
+ {
+ return verifyElement(getNextSiblingElement(node), localName, namespaceURI);
}
/**
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java Thu Jun 12 12:59:29 2014
@@ -27,6 +27,7 @@ package org.apache.jcp.xml.dsig.internal
import java.io.ByteArrayInputStream;
import java.security.cert.*;
import java.util.*;
+
import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.*;
@@ -37,7 +38,6 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
@@ -110,19 +110,20 @@ public final class DOMX509Data extends D
Element childElem = (Element)child;
String localName = childElem.getLocalName();
- if (localName.equals("X509Certificate")) {
+ String namespace = childElem.getNamespaceURI();
+ if (localName.equals("X509Certificate") && XMLSignature.XMLNS.equals(namespace)) {
content.add(unmarshalX509Certificate(childElem));
- } else if (localName.equals("X509IssuerSerial")) {
+ } else if (localName.equals("X509IssuerSerial") && XMLSignature.XMLNS.equals(namespace)) {
content.add(new DOMX509IssuerSerial(childElem));
- } else if (localName.equals("X509SubjectName")) {
+ } else if (localName.equals("X509SubjectName") && XMLSignature.XMLNS.equals(namespace)) {
content.add(childElem.getFirstChild().getNodeValue());
- } else if (localName.equals("X509SKI")) {
+ } else if (localName.equals("X509SKI") && XMLSignature.XMLNS.equals(namespace)) {
try {
content.add(Base64.decode(childElem));
} catch (Base64DecodingException bde) {
throw new MarshalException("cannot decode X509SKI", bde);
}
- } else if (localName.equals("X509CRL")) {
+ } else if (localName.equals("X509CRL") && XMLSignature.XMLNS.equals(namespace)) {
content.add(unmarshalX509CRL(childElem));
} else {
content.add(new javax.xml.crypto.dom.DOMStructure(childElem));
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java Thu Jun 12 12:59:29 2014
@@ -30,6 +30,7 @@ import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
import java.math.BigInteger;
+
import javax.security.auth.x500.X500Principal;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -78,9 +79,11 @@ public final class DOMX509IssuerSerial e
*/
public DOMX509IssuerSerial(Element isElem) throws MarshalException {
Element iNElem = DOMUtils.getFirstChildElement(isElem,
- "X509IssuerName");
+ "X509IssuerName",
+ XMLSignature.XMLNS);
Element sNElem = DOMUtils.getNextSiblingElement(iNElem,
- "X509SerialNumber");
+ "X509SerialNumber",
+ XMLSignature.XMLNS);
issuerName = iNElem.getFirstChild().getNodeValue();
serialNumber = new BigInteger(sNElem.getFirstChild().getNodeValue());
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLObject.java Thu Jun 12 12:59:29 2014
@@ -113,13 +113,14 @@ public final class DOMXMLObject extends
if (child.getNodeType() == Node.ELEMENT_NODE) {
Element childElem = (Element)child;
String tag = childElem.getLocalName();
- if (tag.equals("Manifest")) {
+ String namespace = childElem.getNamespaceURI();
+ if (tag.equals("Manifest") && XMLSignature.XMLNS.equals(namespace)) {
content.add(new DOMManifest(childElem, context, provider));
continue;
- } else if (tag.equals("SignatureProperties")) {
+ } else if (tag.equals("SignatureProperties") && XMLSignature.XMLNS.equals(namespace)) {
content.add(new DOMSignatureProperties(childElem, context));
continue;
- } else if (tag.equals("X509Data")) {
+ } else if (tag.equals("X509Data") && XMLSignature.XMLNS.equals(namespace)) {
content.add(new DOMX509Data(childElem));
continue;
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java Thu Jun 12 12:59:29 2014
@@ -135,20 +135,22 @@ public final class DOMXMLSignature exten
// get Id attribute, if specified
id = DOMUtils.getAttributeValue(localSigElem, "Id");
-
// unmarshal SignedInfo
Element siElem = DOMUtils.getFirstChildElement(localSigElem,
- "SignedInfo");
+ "SignedInfo",
+ XMLSignature.XMLNS);
si = new DOMSignedInfo(siElem, context, provider);
// unmarshal SignatureValue
Element sigValElem = DOMUtils.getNextSiblingElement(siElem,
- "SignatureValue");
+ "SignatureValue",
+ XMLSignature.XMLNS);
sv = new DOMSignatureValue(sigValElem, context);
// unmarshal KeyInfo, if specified
Element nextSibling = DOMUtils.getNextSiblingElement(sigValElem);
- if (nextSibling != null && nextSibling.getLocalName().equals("KeyInfo")) {
+ if (nextSibling != null && nextSibling.getLocalName().equals("KeyInfo")
+ && XMLSignature.XMLNS.equals(nextSibling.getNamespaceURI())) {
ki = new DOMKeyInfo(nextSibling, context, provider);
nextSibling = DOMUtils.getNextSiblingElement(nextSibling);
}
@@ -160,8 +162,9 @@ public final class DOMXMLSignature exten
List<XMLObject> tempObjects = new ArrayList<XMLObject>();
while (nextSibling != null) {
String name = nextSibling.getLocalName();
- if (!name.equals("Object")) {
- throw new MarshalException("Invalid element name: " + name +
+ String namespace = nextSibling.getNamespaceURI();
+ if (!name.equals("Object") || !XMLSignature.XMLNS.equals(namespace)) {
+ throw new MarshalException("Invalid element name: " + namespace + ":" + name +
", expected KeyInfo or Object");
}
tempObjects.add(new DOMXMLObject(nextSibling,
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java?rev=1602147&r1=1602146&r2=1602147&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java Thu Jun 12 12:59:29 2014
@@ -34,6 +34,7 @@ import javax.xml.crypto.dsig.spec.*;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
+
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -181,14 +182,15 @@ public final class DOMXMLSignatureFactor
// check tag
String tag = element.getLocalName();
- if (tag == null) {
+ String namespace = element.getNamespaceURI();
+ if (tag == null || namespace == null) {
throw new MarshalException("Document implementation must " +
"support DOM Level 2 and be namespace aware");
}
- if (tag.equals("Signature")) {
+ if (tag.equals("Signature") && XMLSignature.XMLNS.equals(namespace)) {
return new DOMXMLSignature(element, context, getProvider());
} else {
- throw new MarshalException("invalid Signature tag: " + tag);
+ throw new MarshalException("invalid Signature tag: " + namespace + ":" + tag);
}
}