You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2013/09/13 16:06:24 UTC
svn commit: r1522941 - in
/santuario/xml-security-java/trunk/src/main/java/org/apache:
jcp/xml/dsig/internal/dom/ xml/security/ xml/security/c14n/
xml/security/encryption/ xml/security/keys/keyresolver/implementations/
xml/security/signature/ xml/secur...
Author: coheigea
Date: Fri Sep 13 14:06:24 2013
New Revision: 1522941
URL: http://svn.apache.org/r1522941
Log:
Move all DocumentBuilderFactory calls to a single utility method
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java Fri Sep 13 14:06:24 2013
@@ -37,7 +37,6 @@ import java.net.URISyntaxException;
import java.security.Provider;
import java.util.*;
-import javax.xml.XMLConstants;
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.DOMURIReference;
@@ -233,10 +232,8 @@ public final class DOMRetrievalMethod ex
{
try {
ApacheData data = (ApacheData)dereference(context);
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- DocumentBuilder db = dbf.newDocumentBuilder();
+ DocumentBuilder db =
+ org.apache.xml.security.utils.XMLUtils.createDocumentBuilder(false);
Document doc = db.parse(new ByteArrayInputStream
(data.getXMLSignatureInput().getBytes()));
Element kiElem = doc.getDocumentElement();
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java Fri Sep 13 14:06:24 2013
@@ -24,9 +24,7 @@ import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
-import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
@@ -158,13 +156,7 @@ public class Init {
private static void fileInit(InputStream is) {
try {
/* read library configuration file */
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
- dbf.setNamespaceAware(true);
- dbf.setValidating(false);
-
- DocumentBuilder db = dbf.newDocumentBuilder();
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.parse(is);
Node config = doc.getFirstChild();
for (; config != null; config = config.getNextSibling()) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java Fri Sep 13 14:06:24 2013
@@ -25,9 +25,7 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
-import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments;
import org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments;
@@ -37,6 +35,7 @@ import org.apache.xml.security.c14n.impl
import org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments;
import org.apache.xml.security.c14n.implementations.CanonicalizerPhysical;
import org.apache.xml.security.exceptions.AlgorithmAlreadyRegisteredException;
+import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -245,15 +244,9 @@ public class Canonicalizer {
java.io.IOException, org.xml.sax.SAXException, CanonicalizationException {
InputStream bais = new ByteArrayInputStream(inputBytes);
InputSource in = new InputSource(bais);
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
- dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
- dfactory.setNamespaceAware(true);
// needs to validate for ID attribute normalization
- dfactory.setValidating(true);
-
- DocumentBuilder db = dfactory.newDocumentBuilder();
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(true);
/*
* for some of the test vectors from the specification,
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java Fri Sep 13 14:06:24 2013
@@ -22,9 +22,7 @@ import java.io.ByteArrayInputStream;
import java.io.OutputStream;
import java.util.Set;
-import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
@@ -59,13 +57,8 @@ public abstract class CanonicalizerSpi {
java.io.InputStream bais = new ByteArrayInputStream(inputBytes);
InputSource in = new InputSource(bais);
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
- dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
- // needs to validate for ID attribute normalization
- dfactory.setNamespaceAware(true);
-
- DocumentBuilder db = dfactory.newDocumentBuilder();
+
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document document = db.parse(in);
return this.engineCanonicalizeSubTree(document);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java Fri Sep 13 14:06:24 2013
@@ -22,11 +22,10 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
-import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;
@@ -39,8 +38,6 @@ import org.xml.sax.SAXException;
*/
public class DocumentSerializer extends AbstractSerializer {
- protected DocumentBuilderFactory dbf;
-
/**
* @param source
* @param ctx
@@ -71,14 +68,7 @@ public class DocumentSerializer extends
*/
private Node deserialize(Node ctx, InputSource inputSource) throws XMLEncryptionException {
try {
- if (dbf == null) {
- dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
- dbf.setValidating(false);
- }
- DocumentBuilder db = dbf.newDocumentBuilder();
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document d = db.parse(inputSource);
Document contextDocument = null;
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java Fri Sep 13 14:06:24 2013
@@ -7,10 +7,8 @@ import java.security.PublicKey;
import java.security.cert.X509Certificate;
import javax.crypto.SecretKey;
-import javax.xml.XMLConstants;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.c14n.CanonicalizationException;
@@ -267,10 +265,7 @@ public class KeyInfoReferenceResolver ex
*/
private Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
try {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- DocumentBuilder db = dbf.newDocumentBuilder();
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.parse(new ByteArrayInputStream(bytes));
return doc.getDocumentElement();
} catch (SAXException ex) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java Fri Sep 13 14:06:24 2013
@@ -30,9 +30,7 @@ import java.util.List;
import java.util.ListIterator;
import java.util.Set;
-import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.c14n.CanonicalizationException;
@@ -323,10 +321,7 @@ public class RetrievalMethodResolver ext
*/
private static Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
try {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- DocumentBuilder db = dbf.newDocumentBuilder();
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.parse(new ByteArrayInputStream(bytes));
return doc.getDocumentElement();
} catch (SAXException ex) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/SignedInfo.java Fri Sep 13 14:06:24 2013
@@ -23,7 +23,6 @@ import java.io.IOException;
import java.io.OutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
-import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
@@ -210,11 +209,7 @@ public class SignedInfo extends Manifest
Canonicalizer.getInstance(c14nMethodURI);
byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element);
- javax.xml.parsers.DocumentBuilderFactory dbf =
- javax.xml.parsers.DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ javax.xml.parsers.DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document newdoc =
db.parse(new ByteArrayInputStream(c14nizedBytes));
Node imported =
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java Fri Sep 13 14:06:24 2013
@@ -28,9 +28,7 @@ import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
-import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.c14n.CanonicalizationException;
@@ -112,8 +110,6 @@ public class XMLSignatureInput {
private boolean needsToBeExpanded = false;
private OutputStream outputStream = null;
- private DocumentBuilderFactory dfactory;
-
/**
* Construct a XMLSignatureInput from an octet array.
* <p>
@@ -551,13 +547,7 @@ public class XMLSignatureInput {
void convertToNodes() throws CanonicalizationException,
ParserConfigurationException, IOException, SAXException {
- if (dfactory == null) {
- dfactory = DocumentBuilderFactory.newInstance();
- dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- dfactory.setValidating(false);
- dfactory.setNamespaceAware(true);
- }
- DocumentBuilder db = dfactory.newDocumentBuilder();
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
// select all nodes, also the comments.
try {
db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java Fri Sep 13 14:06:24 2013
@@ -22,8 +22,6 @@ import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.OutputStream;
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.c14n.CanonicalizationException;
@@ -34,6 +32,7 @@ import org.apache.xml.security.transform
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -137,10 +136,7 @@ public class TransformBase64Decode exten
try {
//Exceptional case there is current not text case testing this(Before it was a
//a common case).
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- Document doc =
- dbf.newDocumentBuilder().parse(input.getOctetStream());
+ Document doc = XMLUtils.createDocumentBuilder(false).parse(input.getOctetStream());
Element rootNode = doc.getDocumentElement();
StringBuilder sb = new StringBuilder();
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java?rev=1522941&r1=1522940&r2=1522941&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java Fri Sep 13 14:06:24 2013
@@ -28,6 +28,11 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
@@ -1018,5 +1023,14 @@ public class XMLUtils {
}
return true;
}
+
+ public static DocumentBuilder createDocumentBuilder(boolean validating) throws ParserConfigurationException {
+ DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
+ dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+ dfactory.setValidating(validating);
+ dfactory.setNamespaceAware(true);
+
+ return dfactory.newDocumentBuilder();
+ }
}