You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by ra...@apache.org on 2006/02/26 18:35:52 UTC
svn commit: r381125 - in
/xml/security/trunk/src/org/apache/xml/security/keys: ./ keyresolver/
keyresolver/implementations/
Author: raul
Date: Sun Feb 26 09:35:50 2006
New Revision: 381125
URL: http://svn.apache.org/viewcvs?rev=381125&view=rev
Log:
Fixed BUG 38605.
Refactored the way keyresolver works instead of
calling canResolve/resolveX only resolveX is used
and if it returns null it means it cannot resolve.
Modified:
xml/security/trunk/src/org/apache/xml/security/keys/KeyInfo.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
Modified: xml/security/trunk/src/org/apache/xml/security/keys/KeyInfo.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/KeyInfo.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/KeyInfo.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/KeyInfo.java Sun Feb 26 09:35:50 2006
@@ -262,7 +262,7 @@
*
* @param URI
* @param transforms
- * @param Type
+ * @param Type
*/
public void addRetrievalMethod(String URI, Transforms transforms,
String Type) {
@@ -732,6 +732,7 @@
for (int i = 0; i < KeyResolver.length(); i++) {
KeyResolver keyResolver = KeyResolver.item(i);
Node currentChild=this._constructionElement.getFirstChild();
+ String uri= this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
if (this._storageResolvers.size() == 0) {
@@ -739,33 +740,26 @@
// if we do not have storage resolvers, we verify with null
StorageResolver storage = null;
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- PublicKey pk =
- keyResolver.resolvePublicKey((Element) currentChild,
- this.getBaseURI(),
+ PublicKey pk =
+ keyResolver.resolvePublicKey((Element) currentChild,
+ uri ,
storage);
-
- if (pk != null) {
- return pk;
- }
+ if (pk != null) {
+ return pk;
}
} else {
for (int k = 0; k < this._storageResolvers.size(); k++) {
StorageResolver storage =
(StorageResolver) this._storageResolvers.get(k);
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- PublicKey pk =
+ PublicKey pk =
keyResolver.resolvePublicKey((Element) currentChild,
- this.getBaseURI(),
+ uri,
storage);
- if (pk != null) {
- return pk;
- }
- }
+ if (pk != null) {
+ return pk;
+ }
}
}
}
@@ -789,6 +783,7 @@
log.debug("Try " + keyResolver.getClass().getName());
Node currentChild=this._constructionElement.getFirstChild();
+ String uri=this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
if (this._storageResolvers.size() == 0) {
@@ -796,34 +791,23 @@
// if we do not have storage resolvers, we verify with null
StorageResolver storage = null;
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- PublicKey pk =
- keyResolver
- .engineResolvePublicKey((Element) currentChild, this
- .getBaseURI(), storage);
+ PublicKey pk =
+ keyResolver
+ .engineResolvePublicKey((Element) currentChild, uri, storage);
- if (pk != null) {
+ if (pk != null) {
return pk;
- }
- }
+ }
} else {
for (int k = 0; k < this._storageResolvers.size(); k++) {
StorageResolver storage =
(StorageResolver) this._storageResolvers.get(k);
+ PublicKey pk = keyResolver
+ .engineResolvePublicKey((Element) currentChild, uri, storage);
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- PublicKey pk = keyResolver
- .engineResolvePublicKey((Element) currentChild, this
- .getBaseURI(), storage);
-
- if (pk != null) {
- return pk;
- }
- }
+ if (pk != null) {
+ return pk;
+ }
}
}
}
@@ -884,7 +868,7 @@
if (log.isDebugEnabled())
log.debug("Start getX509CertificateFromStaticResolvers() with "
+ KeyResolver.length() + " resolvers");
-
+ String uri=this.getBaseURI();
for (int i = 0; i < KeyResolver.length(); i++) {
KeyResolver keyResolver = KeyResolver.item(i);
Node currentChild=this._constructionElement.getFirstChild();
@@ -894,32 +878,24 @@
// if we do not have storage resolvers, we verify with null
StorageResolver storage = null;
+ X509Certificate cert =
+ keyResolver
+ .resolveX509Certificate((Element) currentChild, uri , storage);
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- X509Certificate cert =
- keyResolver
- .resolveX509Certificate((Element) currentChild, this
- .getBaseURI(), storage);
-
- if (cert != null) {
- return cert;
- }
+ if (cert != null) {
+ return cert;
}
} else {
for (int k = 0; k < this._storageResolvers.size(); k++) {
StorageResolver storage =
(StorageResolver) this._storageResolvers.get(k);
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- X509Certificate cert = keyResolver
- .resolveX509Certificate((Element) currentChild, this
- .getBaseURI(), storage);
+ X509Certificate cert = keyResolver
+ .resolveX509Certificate((Element) currentChild, this
+ .getBaseURI(), storage);
- if (cert != null) {
+ if (cert != null) {
return cert;
- }
}
}
}
@@ -948,6 +924,7 @@
log.debug("Try " + keyResolver.getClass().getName());
Node currentChild=this._constructionElement.getFirstChild();
+ String uri=this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
if (this._storageResolvers.size() == 0) {
@@ -955,35 +932,27 @@
// if we do not have storage resolvers, we verify with null
StorageResolver storage = null;
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- X509Certificate cert =
+ X509Certificate cert =
keyResolver.engineResolveX509Certificate(
- (Element) currentChild, this.getBaseURI(), storage);
+ (Element) currentChild, uri, storage);
if (cert != null) {
return cert;
- }
- }
+ }
} else {
for (int k = 0; k < this._storageResolvers.size(); k++) {
StorageResolver storage =
(StorageResolver) this._storageResolvers.get(k);
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- X509Certificate cert =
+ X509Certificate cert =
keyResolver.engineResolveX509Certificate(
- (Element) currentChild, this.getBaseURI(),
+ (Element) currentChild, uri,
storage);
- if (cert != null) {
+ if (cert != null) {
return cert;
- }
- }
- }
+ }
+ }
}
}
currentChild=currentChild.getNextSibling();
@@ -1035,6 +1004,7 @@
KeyResolver keyResolver = KeyResolver.item(i);
Node currentChild=this._constructionElement.getFirstChild();
+ String uri=this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
if (this._storageResolvers.size() == 0) {
@@ -1042,33 +1012,27 @@
// if we do not have storage resolvers, we verify with null
StorageResolver storage = null;
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- SecretKey sk =
+ SecretKey sk =
keyResolver.resolveSecretKey((Element) currentChild,
- this.getBaseURI(),
+ uri,
storage);
- if (sk != null) {
- return sk;
- }
- }
+ if (sk != null) {
+ return sk;
+ }
} else {
for (int k = 0; k < this._storageResolvers.size(); k++) {
StorageResolver storage =
(StorageResolver) this._storageResolvers.get(k);
- if (keyResolver.canResolve((Element) currentChild,
- this.getBaseURI(), storage)) {
- SecretKey sk =
+ SecretKey sk =
keyResolver.resolveSecretKey((Element) currentChild,
- this.getBaseURI(),
+ uri,
storage);
- if (sk != null) {
- return sk;
- }
- }
+ if (sk != null) {
+ return sk;
+ }
}
}
}
@@ -1093,6 +1057,7 @@
log.debug("Try " + keyResolver.getClass().getName());
Node currentChild=this._constructionElement.getFirstChild();
+ String uri=this.getBaseURI();
while (currentChild!=null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
if (this._storageResolvers.size() == 0) {
@@ -1100,36 +1065,25 @@
// if we do not have storage resolvers, we verify with null
StorageResolver storage = null;
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- SecretKey sk =
+ SecretKey sk =
keyResolver
- .engineResolveSecretKey((Element) currentChild, this
- .getBaseURI(), storage);
-
- if (sk != null) {
- return sk;
- }
- }
+ .engineResolveSecretKey((Element) currentChild, uri, storage);
+ if (sk != null) {
+ return sk;
+ }
} else {
for (int k = 0; k < this._storageResolvers.size(); k++) {
StorageResolver storage =
(StorageResolver) this._storageResolvers.get(k);
- if (keyResolver.engineCanResolve((Element) currentChild,
- this.getBaseURI(),
- storage)) {
- SecretKey sk = keyResolver
- .engineResolveSecretKey((Element) currentChild, this
- .getBaseURI(), storage);
-
- if (sk != null) {
- return sk;
- }
- }
- }
- }
+ SecretKey sk = keyResolver
+ .engineResolveSecretKey((Element) currentChild, uri, storage);
+
+ if (sk != null) {
+ return sk;
+ }
+ }
+ }
}
currentChild=currentChild.getNextSibling();
}
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolver.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolver.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolver.java Sun Feb 26 09:35:50 2006
@@ -103,11 +103,11 @@
* @param element
* @param BaseURI
* @param storage
- * @return the instance that happends to implement the thing.
+ * @return The certificate represented by the element.
*
* @throws KeyResolverException
*/
- public static final KeyResolver getInstance(
+ public static final X509Certificate getX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
@@ -127,8 +127,9 @@
if (log.isDebugEnabled())
log.debug("check resolvability by class " + resolver.getClass());
- if (resolver.canResolve(element, BaseURI, storage)) {
- return resolver;
+ X509Certificate cert=resolver.resolveX509Certificate(element, BaseURI, storage);
+ if (cert!=null) {
+ return cert;
}
}
@@ -139,6 +140,48 @@
throw new KeyResolverException("utils.resolver.noClass", exArgs);
}
+ /**
+ * Method getInstance
+ *
+ * @param element
+ * @param BaseURI
+ * @param storage
+ * @return the public key contained in the element
+ *
+ * @throws KeyResolverException
+ */
+ public static final PublicKey getPublicKey(
+ Element element, String BaseURI, StorageResolver storage)
+ throws KeyResolverException {
+
+ for (int i = 0; i < KeyResolver._resolverVector.size(); i++) {
+ KeyResolver resolver=
+ (KeyResolver) KeyResolver._resolverVector.get(i);
+
+ if (resolver==null) {
+ Object exArgs[] = {
+ (((element != null)
+ && (element.getNodeType() == Node.ELEMENT_NODE))
+ ? element.getTagName()
+ : "null") };
+
+ throw new KeyResolverException("utils.resolver.noClass", exArgs);
+ }
+ if (log.isDebugEnabled())
+ log.debug("check resolvability by class " + resolver.getClass());
+
+ PublicKey cert=resolver.resolvePublicKey(element, BaseURI, storage);
+ if (cert!=null)
+ return cert;
+ }
+
+ Object exArgs[] = {
+ (((element != null) && (element.getNodeType() == Node.ELEMENT_NODE))
+ ? element.getTagName()
+ : "null") };
+
+ throw new KeyResolverException("utils.resolver.noClass", exArgs);
+ }
/**
* The init() function is called by org.apache.xml.security.Init.init()
@@ -179,34 +222,6 @@
KeyResolver._resolverVector.add(0, className);
}
- /*
- * Method resolve
- *
- * @param element
- *
- * @throws KeyResolverException
- */
-
- /**
- * Method resolveStatic
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return resolve from the static register an element
- *
- * @throws KeyResolverException
- */
- public static PublicKey resolveStatic(
- Element element, String BaseURI, StorageResolver storage)
- throws KeyResolverException {
-
- KeyResolver myResolver = KeyResolver.getInstance(element, BaseURI,
- storage);
-
- return myResolver.resolvePublicKey(element, BaseURI, storage);
- }
-
/**
* Method resolve
*
@@ -293,18 +308,6 @@
return this._resolverSpi.understandsProperty(propertyToTest);
}
- /**
- * Method canResolve
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return true if can resolve the key in the element
- */
- public boolean canResolve(Element element, String BaseURI,
- StorageResolver storage) {
- return this._resolverSpi.engineCanResolve(element, BaseURI, storage);
- }
/**
* Method resolverClassName
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java Sun Feb 26 09:35:50 2006
@@ -45,19 +45,7 @@
/** {@link org.apache.commons.logging} logging facility */
static org.apache.commons.logging.Log log =
org.apache.commons.logging.LogFactory.getLog(KeyResolverSpi.class.getName());
-
- /**
- * This method helps the {@link org.apache.xml.security.utils.resolver.ResourceResolver} to decide whether a
- * {@link org.apache.xml.security.utils.resolver.ResourceResolverSpi} is able to perform the requested action.
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return true if can resolve the key in the element
- */
- abstract public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage);
-
+
/**
* Method engineResolvePublicKey
*
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java Sun Feb 26 09:35:50 2006
@@ -36,43 +36,7 @@
* @author $Author$
*/
public class DSAKeyValueResolver extends KeyResolverSpi {
-
- /** Field _dsaKeyElement */
- private Element _dsaKeyElement = null;
-
- /** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
-
- if (element == null) {
- return false;
- }
-
- boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_KEYVALUE);
- boolean isDSAKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_DSAKEYVALUE);
-
- if (isKeyValue) {
-
- this._dsaKeyElement =
- XMLUtils.selectDsNode(element.getFirstChild(),Constants._TAG_DSAKEYVALUE,0);
-
- if (this._dsaKeyElement != null) {
- return true;
- }
- } else if (isDSAKeyValue) {
-
- // this trick is needed to allow the RetrievalMethodResolver to eat a
- // ds:DSAKeyValue directly (without KeyValue)
- this._dsaKeyElement = element;
-
- return true;
- }
-
- return false;
- }
-
+
/**
* Method engineResolvePublicKey
*
@@ -83,18 +47,30 @@
*/
public PublicKey engineResolvePublicKey(
Element element, String BaseURI, StorageResolver storage) {
+ if (element == null) {
+ return null;
+ }
+ Element dsaKeyElement=null;
+ boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_KEYVALUE);
+ boolean isDSAKeyValue = XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_DSAKEYVALUE);
+
+ if (isKeyValue) {
+ dsaKeyElement =
+ XMLUtils.selectDsNode(element.getFirstChild(),Constants._TAG_DSAKEYVALUE,0);
+ } else if (isDSAKeyValue) {
+ // this trick is needed to allow the RetrievalMethodResolver to eat a
+ // ds:DSAKeyValue directly (without KeyValue)
+ dsaKeyElement = element;
+ }
- if (this._dsaKeyElement == null) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
-
- if (!weCanResolve || (this._dsaKeyElement == null)) {
- return null;
- }
+ if (dsaKeyElement == null) {
+ return null;
}
try {
- DSAKeyValue dsaKeyValue = new DSAKeyValue(this._dsaKeyElement,
+ DSAKeyValue dsaKeyValue = new DSAKeyValue(dsaKeyElement,
BaseURI);
PublicKey pk = dsaKeyValue.getPublicKey();
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java Sun Feb 26 09:35:50 2006
@@ -51,8 +51,7 @@
org.apache.commons.logging.LogFactory.getLog(
RSAKeyValueResolver.class.getName());
-
- Key _key;
+
Key _kek;
String _algorithm;
@@ -61,8 +60,7 @@
* list
* @param algorithm
*/
- public EncryptedKeyResolver(String algorithm) {
- _key = null;
+ public EncryptedKeyResolver(String algorithm) {
_kek = null;
_algorithm=algorithm;
}
@@ -73,49 +71,12 @@
* @param kek
*/
- public EncryptedKeyResolver(String algorithm, Key kek) {
- _key = null;
+ public EncryptedKeyResolver(String algorithm, Key kek) {
_algorithm = algorithm;
_kek = kek;
}
-
- /**
- * Method engineCanResolve
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return true if can resolve the key in the element
- *
- */
-
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (log.isDebugEnabled())
- log.debug("EncryptedKeyResolver - Can I resolve " + element.getTagName());
-
- if (element == null) {
- return false;
- }
-
- boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
- EncryptionConstants._TAG_ENCRYPTEDKEY);
-
- if (isEncryptedKey) {
- log.debug("Passed an Encrypted Key");
- try {
- XMLCipher cipher = XMLCipher.getInstance();
- cipher.init(XMLCipher.UNWRAP_MODE, _kek);
- EncryptedKey ek = cipher.loadEncryptedKey(element);
- _key = cipher.decryptKey(ek, _algorithm);
- }
- catch (Exception e) {}
- }
-
- return (_key != null);
- }
-
+
/** @inheritDoc */
public PublicKey engineResolvePublicKey(
Element element, String BaseURI, StorageResolver storage) {
@@ -132,6 +93,28 @@
/** @inheritDoc */
public javax.crypto.SecretKey engineResolveSecretKey(
Element element, String BaseURI, StorageResolver storage) {
- return (SecretKey) _key;
+ SecretKey key=null;
+ if (log.isDebugEnabled())
+ log.debug("EncryptedKeyResolver - Can I resolve " + element.getTagName());
+
+ if (element == null) {
+ return null;
+ }
+
+ boolean isEncryptedKey = XMLUtils.elementIsInEncryptionSpace(element,
+ EncryptionConstants._TAG_ENCRYPTEDKEY);
+
+ if (isEncryptedKey) {
+ log.debug("Passed an Encrypted Key");
+ try {
+ XMLCipher cipher = XMLCipher.getInstance();
+ cipher.init(XMLCipher.UNWRAP_MODE, _kek);
+ EncryptedKey ek = cipher.loadEncryptedKey(element);
+ key = (SecretKey) cipher.decryptKey(ek, _algorithm);
+ }
+ catch (Exception e) {}
+ }
+
+ return key;
}
}
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java Sun Feb 26 09:35:50 2006
@@ -44,57 +44,38 @@
RSAKeyValueResolver.class.getName());
/** Field _rsaKeyElement */
- private Element _rsaKeyElement = null;
+
/** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (log.isDebugEnabled())
- log.debug("Can I resolve " + element.getTagName());
-
+ public PublicKey engineResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage) {
+ if (log.isDebugEnabled())
+ log.debug("Can I resolve " + element.getTagName());
if (element == null) {
- return false;
+ return null;
}
- boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_KEYVALUE);
- boolean isRSAKeyValue = XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_RSAKEYVALUE);
-
- if (isKeyValue) {
- this._rsaKeyElement = XMLUtils.selectDsNode(element.getFirstChild(),
- Constants._TAG_RSAKEYVALUE, 0);
-
- if (this._rsaKeyElement != null) {
- return true;
- }
- } else if (isRSAKeyValue) {
-
+ boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_KEYVALUE);
+ boolean isRSAKeyValue = XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_RSAKEYVALUE);
+ Element rsaKeyElement=null;
+ if (isKeyValue) {
+ rsaKeyElement = XMLUtils.selectDsNode(element.getFirstChild(),
+ Constants._TAG_RSAKEYVALUE, 0);
+ } else if (isRSAKeyValue) {
// this trick is needed to allow the RetrievalMethodResolver to eat a
// ds:RSAKeyValue directly (without KeyValue)
- this._rsaKeyElement = element;
-
- return true;
- }
-
- return false;
- }
-
- /** @inheritDoc */
- public PublicKey engineResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage) {
-
- if (this._rsaKeyElement == null) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
+ rsaKeyElement = element;
+ }
- if (!weCanResolve || (this._rsaKeyElement == null)) {
- return null;
- }
+
+ if (rsaKeyElement == null) {
+ return null;
}
try {
- RSAKeyValue rsaKeyValue = new RSAKeyValue(this._rsaKeyElement,
+ RSAKeyValue rsaKeyValue = new RSAKeyValue(rsaKeyElement,
BaseURI);
return rsaKeyValue.getPublicKey();
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java Sun Feb 26 09:35:50 2006
@@ -61,26 +61,6 @@
RetrievalMethodResolver.class.getName());
/**
- * Method engineCanResolve
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- *
- */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
-
- if
- (!XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_RETRIEVALMETHOD)) {
- return false;
- }
-
- return true;
- }
-
- /**
* Method engineResolvePublicKey
* @inheritDoc
* @param element
@@ -91,7 +71,10 @@
public PublicKey engineResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
{
-
+ if (!XMLUtils.elementIsInSignatureSpace(element,
+ Constants._TAG_RETRIEVALMETHOD)) {
+ return null;
+ }
try {
RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
Attr uri = rm.getURIAttr();
@@ -145,13 +128,8 @@
+ e.getLocalName() + " Element");
if (e != null) {
- KeyResolver newKeyResolver = KeyResolver.getInstance(getFirstElementChild(e),
+ return KeyResolver.getPublicKey(getFirstElementChild(e),
BaseURI, storage);
-
- if (newKeyResolver != null) {
- return newKeyResolver.resolvePublicKey(getFirstElementChild(e), BaseURI,
- storage);
- }
}
}
}
@@ -234,13 +212,8 @@
+ e.getLocalName() + " Element");
if (e != null) {
- KeyResolver newKeyResolver = KeyResolver.getInstance(getFirstElementChild(e),
+ return KeyResolver.getX509Certificate(/*getFirstElementChild(*/e,
BaseURI, storage);
-
- if (newKeyResolver != null) {
- return newKeyResolver.resolveX509Certificate(getFirstElementChild(e), BaseURI,
- storage);
- }
}
}
}
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java Sun Feb 26 09:35:50 2006
@@ -45,47 +45,7 @@
static org.apache.commons.logging.Log log =
org.apache.commons.logging.LogFactory.getLog(X509CertificateResolver.class.getName());
- /** Field _dsaKeyElement */
- Element[] _x509CertKeyElements = null;
- /**
- * Method engineCanResolve
- * @inheritDoc
- * @param element
- * @param BaseURI
- * @param storage
- *
- */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (log.isDebugEnabled())
- log.debug("Can I resolve " + element.getTagName() + "?");
-
- if (!XMLUtils.elementIsInSignatureSpace(element,
- Constants._TAG_X509DATA)) {
- log.debug("I can't");
-
- return false;
- }
-
-
- this._x509CertKeyElements = XMLUtils.selectDsNodes(element.getFirstChild(),
- Constants._TAG_X509CERTIFICATE);
-
- if ((this._x509CertKeyElements != null)
- && (this._x509CertKeyElements.length > 0)) {
- log.debug("Yes Sir, I can");
-
- return true;
- }
-
- log.debug("I can't");
-
- return false;
- }
-
- /** Field _x509certObject[] */
- XMLX509Certificate _x509certObject[] = null;
/**
* Method engineResolvePublicKey
@@ -124,35 +84,19 @@
throws KeyResolverException {
try {
- if ((this._x509CertKeyElements == null)
- || (this._x509CertKeyElements.length == 0)) {
- boolean weCanResolve = this.engineCanResolve(element, BaseURI,
- storage);
-
- if (!weCanResolve || (this._x509CertKeyElements == null)
- || (this._x509CertKeyElements.length == 0)) {
- return null;
- }
+ Element[] els=XMLUtils.selectDsNodes(element.getFirstChild(),
+ Constants._TAG_X509CERTIFICATE);
+ if ((els == null) || (els.length == 0)) {
+ return null;
}
- this._x509certObject =
- new XMLX509Certificate[this._x509CertKeyElements.length];
-
// populate Object array
- for (int i = 0; i < this._x509CertKeyElements.length; i++) {
- this._x509certObject[i] =
- new XMLX509Certificate(this._x509CertKeyElements[i]
- , BaseURI);
+ for (int i = 0; i < els.length; i++) {
+ XMLX509Certificate xmlCert=new XMLX509Certificate(els[i], BaseURI);
+ X509Certificate cert = xmlCert.getX509Certificate();
+ if (cert!=null)
+ return cert;
}
-
- for (int i = 0; i < this._x509certObject.length; i++) {
- X509Certificate cert = this._x509certObject[i].getX509Certificate();
-
- if (cert != null) {
- return cert;
- }
- }
-
return null;
} catch (XMLSecurityException ex) {
log.debug("XMLSecurityException", ex);
Modified: xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
URL: http://svn.apache.org/viewcvs/xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java?rev=381125&r1=381124&r2=381125&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java Sun Feb 26 09:35:50 2006
@@ -44,38 +44,7 @@
org.apache.commons.logging.LogFactory.getLog(
X509IssuerSerialResolver.class.getName());
- /** @inheritDoc */
- public boolean engineCanResolve(Element element, String BaseURI,
- StorageResolver storage) {
- if (log.isDebugEnabled())
- log.debug("Can I resolve " + element.getTagName() + "?");
-
- X509Data x509data = null;
- try {
- x509data = new X509Data(element, BaseURI);
- } catch (XMLSignatureException ex) {
- log.debug("I can't");
-
- return false;
- } catch (XMLSecurityException ex) {
- log.debug("I can't");
-
- return false;
- }
-
- if (x509data == null) {
- log.debug("I can't");
- return false;
- }
-
- if (x509data.containsIssuerSerial()) {
- return true;
- }
-
- log.debug("I can't");
- return false;
- }
-
+
/** @inheritDoc */
public PublicKey engineResolvePublicKey(
Element element, String BaseURI, StorageResolver storage)
@@ -95,7 +64,28 @@
public X509Certificate engineResolveX509Certificate(
Element element, String BaseURI, StorageResolver storage)
throws KeyResolverException {
+ if (log.isDebugEnabled())
+ log.debug("Can I resolve " + element.getTagName() + "?");
+ X509Data x509data = null;
+ try {
+ x509data = new X509Data(element, BaseURI);
+ } catch (XMLSignatureException ex) {
+ log.debug("I can't");
+ return null;
+ } catch (XMLSecurityException ex) {
+ log.debug("I can't");
+ return null;
+ }
+
+ if (x509data == null) {
+ log.debug("I can't");
+ return null;
+ }
+
+ if (!x509data.containsIssuerSerial()) {
+ return null;
+ }
try {
if (storage == null) {
Object exArgs[] = { Constants._TAG_X509ISSUERSERIAL };
@@ -106,8 +96,7 @@
log.info("", ex);
throw ex;
}
-
- X509Data x509data = new X509Data(element, BaseURI);
+
int noOfISS = x509data.lengthIssuerSerial();
while (storage.hasNext()) {