You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/01/13 19:53:54 UTC
svn commit: r1872737 [1/2] - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/xml/security/encryption/
main/java/org/apache/xml/security/keys/
main/java/org/apache/xml/security/keys/keyresolver/
main/java/org/apache/xml/security/keys/key...
Author: coheigea
Date: Mon Jan 13 19:53:53 2020
New Revision: 1872737
URL: http://svn.apache.org/viewvc?rev=1872737&view=rev
Log:
SANTUARIO-518 - Refactor KeyResolvers. They are now all thread-safe.
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/encryption/BaltimoreEncTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/encryption/BobKeyResolver.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyResolverTest.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Mon Jan 13 19:53:53 2020
@@ -1738,13 +1738,7 @@ public class XMLCipher {
if (ki != null) {
try {
// Add an EncryptedKey resolver
- EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
- if (internalKeyResolvers != null) {
- int size = internalKeyResolvers.size();
- for (int i = 0; i < size; i++) {
- resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
- }
- }
+ EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek, internalKeyResolvers);
ki.registerInternalKeyResolver(resolver);
ki.setSecureValidation(secureValidation);
key = ki.getSecretKey();
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/KeyInfo.java Mon Jan 13 19:53:53 2020
@@ -850,7 +850,6 @@ public class KeyInfo extends SignatureEl
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
@@ -858,7 +857,7 @@ public class KeyInfo extends SignatureEl
for (StorageResolver storage : storageResolvers) {
PublicKey pk =
keyResolver.engineLookupAndResolvePublicKey(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (pk != null) {
@@ -881,7 +880,6 @@ public class KeyInfo extends SignatureEl
PublicKey getPublicKeyFromInternalResolvers() throws KeyResolverException {
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
@@ -889,7 +887,7 @@ public class KeyInfo extends SignatureEl
for (StorageResolver storage : storageResolvers) {
PublicKey pk =
keyResolver.engineLookupAndResolvePublicKey(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (pk != null) {
@@ -951,7 +949,6 @@ public class KeyInfo extends SignatureEl
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
X509Certificate cert = applyCurrentResolver(uri, keyResolver);
if (cert != null) {
return cert;
@@ -969,7 +966,7 @@ public class KeyInfo extends SignatureEl
for (StorageResolver storage : storageResolvers) {
X509Certificate cert =
keyResolver.engineLookupResolveX509Certificate(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (cert != null) {
@@ -997,7 +994,6 @@ public class KeyInfo extends SignatureEl
String uri = this.getBaseURI();
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
- keyResolver.setSecureValidation(secureValidation);
X509Certificate cert = applyCurrentResolver(uri, keyResolver);
if (cert != null) {
return cert;
@@ -1044,7 +1040,6 @@ public class KeyInfo extends SignatureEl
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
@@ -1053,7 +1048,7 @@ public class KeyInfo extends SignatureEl
for (StorageResolver storage : storageResolvers) {
SecretKey sk =
keyResolver.engineLookupAndResolveSecretKey(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (sk != null) {
@@ -1077,7 +1072,6 @@ public class KeyInfo extends SignatureEl
SecretKey getSecretKeyFromInternalResolvers() throws KeyResolverException {
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
@@ -1085,7 +1079,7 @@ public class KeyInfo extends SignatureEl
for (StorageResolver storage : storageResolvers) {
SecretKey sk =
keyResolver.engineLookupAndResolveSecretKey(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (sk != null) {
@@ -1134,7 +1128,6 @@ public class KeyInfo extends SignatureEl
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
@@ -1144,7 +1137,7 @@ public class KeyInfo extends SignatureEl
// since they cannot return private keys
PrivateKey pk =
keyResolver.engineLookupAndResolvePrivateKey(
- (Element) currentChild, uri, null
+ (Element) currentChild, uri, null, secureValidation
);
if (pk != null) {
@@ -1166,7 +1159,6 @@ public class KeyInfo extends SignatureEl
PrivateKey getPrivateKeyFromInternalResolvers() throws KeyResolverException {
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
@@ -1175,7 +1167,7 @@ public class KeyInfo extends SignatureEl
// since they cannot return private keys
PrivateKey pk =
keyResolver.engineLookupAndResolvePrivateKey(
- (Element) currentChild, uri, null
+ (Element) currentChild, uri, null, secureValidation
);
if (pk != null) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java Mon Jan 13 19:53:53 2020
@@ -25,7 +25,8 @@ import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
-import javax.crypto.SecretKey;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.apache.xml.security.keys.keyresolver.implementations.DEREncodedKeyValueResolver;
import org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver;
@@ -41,8 +42,6 @@ import org.apache.xml.security.keys.keyr
import org.apache.xml.security.keys.storage.StorageResolver;
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.apache.xml.security.utils.JavaUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
/**
* KeyResolver is factory class for subclass of KeyResolverSpi that
@@ -53,20 +52,7 @@ public class KeyResolver {
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(KeyResolver.class);
- /** Field resolverVector */
- private static List<KeyResolver> resolverVector = new CopyOnWriteArrayList<>();
-
- /** Field resolverSpi */
- private final KeyResolverSpi resolverSpi;
-
- /**
- * Constructor.
- *
- * @param keyResolverSpi a KeyResolverSpi instance
- */
- private KeyResolver(KeyResolverSpi keyResolverSpi) {
- resolverSpi = keyResolverSpi;
- }
+ private static List<KeyResolverSpi> resolverList = new CopyOnWriteArrayList<>();
/**
* Method length
@@ -74,7 +60,7 @@ public class KeyResolver {
* @return the length of resolvers registered
*/
public static int length() {
- return resolverVector.size();
+ return resolverList.size();
}
/**
@@ -83,14 +69,15 @@ public class KeyResolver {
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return The certificate represented by the element.
*
* @throws KeyResolverException
*/
public static final X509Certificate getX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- for (KeyResolver resolver : resolverVector) {
+ for (KeyResolverSpi resolver : resolverList) {
if (resolver == null) {
Object[] exArgs = {
element != null
@@ -102,7 +89,7 @@ public class KeyResolver {
}
LOG.debug("check resolvability by class {}", resolver.getClass());
- X509Certificate cert = resolver.resolveX509Certificate(element, baseURI, storage);
+ X509Certificate cert = resolver.engineLookupResolveX509Certificate(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert;
}
@@ -122,14 +109,15 @@ public class KeyResolver {
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return the public key contained in the element
*
* @throws KeyResolverException
*/
public static final PublicKey getPublicKey(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- for (KeyResolver resolver : resolverVector) {
+ for (KeyResolverSpi resolver : resolverList) {
if (resolver == null) {
Object[] exArgs = {
element != null
@@ -141,7 +129,7 @@ public class KeyResolver {
}
LOG.debug("check resolvability by class {}", resolver.getClass());
- PublicKey cert = resolver.resolvePublicKey(element, baseURI, storage);
+ PublicKey cert = resolver.engineLookupAndResolvePublicKey(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert;
}
@@ -165,19 +153,17 @@ public class KeyResolver {
* underlying collection is a CopyOnWriteArrayList.
*
* @param className
- * @param globalResolver Whether the KeyResolverSpi is a global resolver or not
* @throws InstantiationException
* @throws IllegalAccessException
* @throws ClassNotFoundException
* @throws SecurityException if a security manager is installed and the
* caller does not have permission to register the key resolver
*/
- public static void register(String className, boolean globalResolver)
+ public static void register(String className)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
JavaUtils.checkRegisterPermission();
KeyResolverSpi keyResolverSpi =
(KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
- keyResolverSpi.setGlobalResolver(globalResolver);
register(keyResolverSpi, false);
}
@@ -191,17 +177,15 @@ public class KeyResolver {
* underlying collection is a CopyOnWriteArrayList.
*
* @param className
- * @param globalResolver Whether the KeyResolverSpi is a global resolver or not
* @throws SecurityException if a security manager is installed and the
* caller does not have permission to register the key resolver
*/
- public static void registerAtStart(String className, boolean globalResolver) {
+ public static void registerAtStart(String className) {
JavaUtils.checkRegisterPermission();
KeyResolverSpi keyResolverSpi = null;
Exception ex = null;
try {
keyResolverSpi = (KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
- keyResolverSpi.setGlobalResolver(globalResolver);
register(keyResolverSpi, true);
} catch (ClassNotFoundException e) {
ex = e;
@@ -236,11 +220,10 @@ public class KeyResolver {
boolean start
) {
JavaUtils.checkRegisterPermission();
- KeyResolver resolver = new KeyResolver(keyResolverSpi);
if (start) {
- resolverVector.add(0, resolver);
+ resolverList.add(0, keyResolverSpi);
} else {
- resolverVector.add(resolver);
+ resolverList.add(keyResolverSpi);
}
}
@@ -263,14 +246,13 @@ public class KeyResolver {
public static void registerClassNames(List<String> classNames)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
JavaUtils.checkRegisterPermission();
- List<KeyResolver> keyResolverList = new ArrayList<>(classNames.size());
+ List<KeyResolverSpi> keyResolverList = new ArrayList<>(classNames.size());
for (String className : classNames) {
KeyResolverSpi keyResolverSpi =
(KeyResolverSpi)ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
- keyResolverSpi.setGlobalResolver(false);
- keyResolverList.add(new KeyResolver(keyResolverSpi));
+ keyResolverList.add(keyResolverSpi);
}
- resolverVector.addAll(keyResolverList);
+ resolverList.addAll(keyResolverList);
}
/**
@@ -278,116 +260,30 @@ public class KeyResolver {
*/
public static void registerDefaultResolvers() {
- List<KeyResolver> keyResolverList = new ArrayList<>();
- keyResolverList.add(new KeyResolver(new RSAKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new DSAKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new X509CertificateResolver()));
- keyResolverList.add(new KeyResolver(new X509SKIResolver()));
- keyResolverList.add(new KeyResolver(new RetrievalMethodResolver()));
- keyResolverList.add(new KeyResolver(new X509SubjectNameResolver()));
- keyResolverList.add(new KeyResolver(new X509IssuerSerialResolver()));
- keyResolverList.add(new KeyResolver(new DEREncodedKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new KeyInfoReferenceResolver()));
- keyResolverList.add(new KeyResolver(new X509DigestResolver()));
- keyResolverList.add(new KeyResolver(new ECKeyValueResolver()));
-
- resolverVector.addAll(keyResolverList);
- }
-
- /**
- * Method resolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved public key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public PublicKey resolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupAndResolvePublicKey(element, baseURI, storage);
- }
+ List<KeyResolverSpi> keyResolverList = new ArrayList<>();
+ keyResolverList.add(new RSAKeyValueResolver());
+ keyResolverList.add(new DSAKeyValueResolver());
+ keyResolverList.add(new X509CertificateResolver());
+ keyResolverList.add(new X509SKIResolver());
+ keyResolverList.add(new RetrievalMethodResolver());
+ keyResolverList.add(new X509SubjectNameResolver());
+ keyResolverList.add(new X509IssuerSerialResolver());
+ keyResolverList.add(new DEREncodedKeyValueResolver());
+ keyResolverList.add(new KeyInfoReferenceResolver());
+ keyResolverList.add(new X509DigestResolver());
+ keyResolverList.add(new ECKeyValueResolver());
- /**
- * Method resolveX509Certificate
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved X509certificate key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public X509Certificate resolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupResolveX509Certificate(element, baseURI, storage);
- }
-
- /**
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key from the registered from the elements
- * @throws KeyResolverException
- */
- public SecretKey resolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupAndResolveSecretKey(element, baseURI, storage);
- }
-
- /**
- * Method setProperty
- *
- * @param key
- * @param value
- */
- public void setProperty(String key, String value) {
- resolverSpi.engineSetProperty(key, value);
- }
-
- /**
- * Method getProperty
- *
- * @param key
- * @return the property set for this resolver
- */
- public String getProperty(String key) {
- return resolverSpi.engineGetProperty(key);
- }
-
-
- /**
- * Method understandsProperty
- *
- * @param propertyToTest
- * @return true if the resolver understands property propertyToTest
- */
- public boolean understandsProperty(String propertyToTest) {
- return resolverSpi.understandsProperty(propertyToTest);
- }
-
-
- /**
- * Method resolverClassName
- *
- * @return the name of the resolver.
- */
- public String resolverClassName() {
- return resolverSpi.getClass().getName();
+ resolverList.addAll(keyResolverList);
}
/**
* Iterate over the KeyResolverSpi instances
*/
static class ResolverIterator implements Iterator<KeyResolverSpi> {
- List<KeyResolver> res;
- Iterator<KeyResolver> it;
+ private List<KeyResolverSpi> res;
+ private Iterator<KeyResolverSpi> it;
- public ResolverIterator(List<KeyResolver> list) {
+ public ResolverIterator(List<KeyResolverSpi> list) {
res = list;
it = res.iterator();
}
@@ -397,12 +293,12 @@ public class KeyResolver {
}
public KeyResolverSpi next() {
- KeyResolver resolver = it.next();
+ KeyResolverSpi resolver = it.next();
if (resolver == null) {
throw new RuntimeException("utils.resolver.noClass");
}
- return resolver.resolverSpi;
+ return resolver;
}
public void remove() {
@@ -411,6 +307,6 @@ public class KeyResolver {
}
public static Iterator<KeyResolverSpi> iterator() {
- return new ResolverIterator(resolverVector);
+ return new ResolverIterator(resolverList);
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java Mon Jan 13 19:53:53 2020
@@ -24,7 +24,6 @@ import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.HashMap;
import javax.crypto.SecretKey;
import javax.xml.parsers.ParserConfigurationException;
@@ -36,7 +35,7 @@ import org.w3c.dom.Element;
import org.xml.sax.SAXException;
/**
- * This class is an abstract class for a child KeyInfo Element.
+ * This class is an abstract class to resolve a Key of some kind given a KeyInfo element.
*
* If you want the your KeyResolver, at firstly you must extend this class, and register
* as following in config.xml
@@ -47,20 +46,6 @@ import org.xml.sax.SAXException;
*/
public abstract class KeyResolverSpi {
- /** Field properties */
- protected java.util.Map<String, String> properties;
-
- protected boolean globalResolver = false;
-
- protected boolean secureValidation;
-
- /**
- * Set whether secure validation is enabled or not. The default is false.
- */
- public void setSecureValidation(boolean secureValidation) {
- this.secureValidation = secureValidation;
- }
-
/**
* This method returns whether the KeyResolverSpi is able to perform the requested action.
*
@@ -69,9 +54,7 @@ public abstract class KeyResolverSpi {
* @param storage
* @return whether the KeyResolverSpi is able to perform the requested action.
*/
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
- throw new UnsupportedOperationException();
- }
+ protected abstract boolean engineCanResolve(Element element, String baseURI, StorageResolver storage);
/**
* Method engineResolvePublicKey
@@ -79,15 +62,14 @@ public abstract class KeyResolverSpi {
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved public key from the registered from the element.
*
* @throws KeyResolverException
*/
- public PublicKey engineResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- throw new UnsupportedOperationException();
- }
+ protected abstract PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException;
/**
* Method engineLookupAndResolvePublicKey
@@ -95,32 +77,18 @@ public abstract class KeyResolverSpi {
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved public key from the registered from the element.
*
* @throws KeyResolverException
*/
public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
+ if (!engineCanResolve(element, baseURI, storage)) {
return null;
}
- return tmp.engineResolvePublicKey(element, baseURI, storage);
- }
-
- private KeyResolverSpi cloneIfNeeded() throws KeyResolverException {
- KeyResolverSpi tmp = this;
- if (globalResolver) {
- try {
- tmp = getClass().newInstance();
- } catch (InstantiationException e) {
- throw new KeyResolverException(e, "");
- } catch (IllegalAccessException e) {
- throw new KeyResolverException(e, "");
- }
- }
- return tmp;
+ return engineResolvePublicKey(element, baseURI, storage, secureValidation);
}
/**
@@ -129,15 +97,14 @@ public abstract class KeyResolverSpi {
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved X509Certificate key from the registered from the elements
*
* @throws KeyResolverException
*/
- public X509Certificate engineResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException{
- throw new UnsupportedOperationException();
- }
+ protected abstract X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException;
/**
* Method engineLookupResolveX509Certificate
@@ -145,18 +112,18 @@ public abstract class KeyResolverSpi {
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved X509Certificate key from the registered from the elements
*
* @throws KeyResolverException
*/
public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
+ if (!engineCanResolve(element, baseURI, storage)) {
return null;
}
- return tmp.engineResolveX509Certificate(element, baseURI, storage);
+ return engineResolveX509Certificate(element, baseURI, storage, secureValidation);
}
/**
@@ -165,15 +132,14 @@ public abstract class KeyResolverSpi {
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved SecretKey key from the registered from the elements
*
* @throws KeyResolverException
*/
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException{
- throw new UnsupportedOperationException();
- }
+ protected abstract SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException;
/**
* Method engineLookupAndResolveSecretKey
@@ -181,88 +147,56 @@ public abstract class KeyResolverSpi {
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved SecretKey key from the registered from the elements
*
* @throws KeyResolverException
*/
public SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
+ if (!engineCanResolve(element, baseURI, storage)) {
return null;
}
- return tmp.engineResolveSecretKey(element, baseURI, storage);
+ return engineResolveSecretKey(element, baseURI, storage, secureValidation);
}
/**
- * Method engineLookupAndResolvePrivateKey
+ * Method engineResolvePrivateKey
*
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved PrivateKey key from the registered from the elements
*
* @throws KeyResolverException
*/
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- // This method was added later, it has no equivalent
- // engineResolvePrivateKey() in the old API.
- // We cannot throw UnsupportedOperationException because
- // KeyResolverSpi implementations who don't know about
- // this method would stop the search too early.
- return null;
- }
+ protected abstract PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException;
/**
- * Method engineSetProperty
+ * Method engineLookupAndResolvePrivateKey
*
- * @param key
- * @param value
- */
- public void engineSetProperty(String key, String value) {
- if (properties == null) {
- properties = new HashMap<>();
- }
- properties.put(key, value);
- }
-
- /**
- * Method engineGetProperty
+ * @param element
+ * @param baseURI
+ * @param storage
+ * @param secureValidation
+ * @return resolved PrivateKey key from the registered from the elements
*
- * @param key
- * @return obtain the property appointed by key
+ * @throws KeyResolverException
*/
- public String engineGetProperty(String key) {
- if (properties == null) {
+ public PrivateKey engineLookupAndResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException {
+ if (!engineCanResolve(element, baseURI, storage)) {
return null;
}
-
- return properties.get(key);
+ return engineResolvePrivateKey(element, baseURI, storage, secureValidation);
}
/**
- * Method understandsProperty
- *
- * @param propertyToTest
- * @return true if understood the property
- */
- public boolean understandsProperty(String propertyToTest) {
- if (properties == null) {
- return false;
- }
-
- return properties.get(propertyToTest) != null;
- }
-
- public void setGlobalResolver(boolean globalResolver) {
- this.globalResolver = globalResolver;
- }
-
-
- /**
* Parses a byte array and returns the parsed Element.
*
* @param bytes
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java Mon Jan 13 19:53:53 2020
@@ -43,21 +43,16 @@ public class DEREncodedKeyValueResolver
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(DEREncodedKeyValueResolver.class);
- /** {{@inheritDoc}}. */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_DERENCODEDKEYVALUE);
}
- /** {{@inheritDoc}}. */
- public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
-
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
DEREncodedKeyValue derKeyValue = new DEREncodedKeyValue(element, baseURI);
return derKeyValue.getPublicKey();
@@ -68,24 +63,33 @@ public class DEREncodedKeyValueResolver
return null;
}
- /** {{@inheritDoc}}. */
- public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
return null;
}
- /** {{@inheritDoc}}. */
- public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
return null;
}
- /** {{@inheritDoc}}. */
- public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
return null;
}
-
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java Mon Jan 13 19:53:53 2020
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -34,17 +35,17 @@ public class DSAKeyValueResolver extends
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(DSAKeyValueResolver.class);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE)
+ || XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_DSAKEYVALUE);
+ }
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
if (element == null) {
return null;
@@ -80,15 +81,25 @@ public class DSAKeyValueResolver extends
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java Mon Jan 13 19:53:53 2020
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -34,17 +35,17 @@ public class ECKeyValueResolver extends
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(ECKeyValueResolver.class);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE)
+ || XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_ECKEYVALUE);
+ }
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
if (element == null) {
return null;
@@ -78,15 +79,25 @@ public class ECKeyValueResolver extends
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java Mon Jan 13 19:53:53 2020
@@ -19,9 +19,11 @@
package org.apache.xml.security.keys.keyresolver.implementations;
import java.security.Key;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
@@ -51,60 +53,63 @@ public class EncryptedKeyResolver extend
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(RSAKeyValueResolver.class);
- private Key kek;
- private String algorithm;
- private List<KeyResolverSpi> internalKeyResolvers;
+ private final Key kek;
+ private final String algorithm;
+ private final List<KeyResolverSpi> internalKeyResolvers;
/**
* Constructor for use when a KEK needs to be derived from a KeyInfo
* list
* @param algorithm
+ * @param internalKeyResolvers
*/
- public EncryptedKeyResolver(String algorithm) {
- kek = null;
- this.algorithm = algorithm;
+ public EncryptedKeyResolver(String algorithm, List<KeyResolverSpi> internalKeyResolvers) {
+ this(algorithm, null, internalKeyResolvers);
}
/**
* Constructor used for when a KEK has been set
* @param algorithm
* @param kek
+ * @param internalKeyResolvers
*/
- public EncryptedKeyResolver(String algorithm, Key kek) {
+ public EncryptedKeyResolver(String algorithm, Key kek, List<KeyResolverSpi> internalKeyResolvers) {
this.algorithm = algorithm;
this.kek = kek;
+ if (internalKeyResolvers != null) {
+ this.internalKeyResolvers = new ArrayList<>(internalKeyResolvers);
+ } else {
+ this.internalKeyResolvers = Collections.emptyList();
+ }
}
- /**
- * This method is used to add a custom {@link KeyResolverSpi} to help
- * resolve the KEK.
- *
- * @param realKeyResolver
- */
- public void registerInternalKeyResolver(KeyResolverSpi realKeyResolver) {
- if (internalKeyResolvers == null) {
- internalKeyResolvers = new ArrayList<>();
- }
- internalKeyResolvers.add(realKeyResolver);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
}
+
/** {@inheritDoc} */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
if (element == null) {
return null;
@@ -113,26 +118,28 @@ public class EncryptedKeyResolver extend
LOG.debug("EncryptedKeyResolver - Can I resolve {}", element.getTagName());
SecretKey key = null;
- boolean isEncryptedKey =
- XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
- if (isEncryptedKey) {
- LOG.debug("Passed an Encrypted Key");
- try {
- XMLCipher cipher = XMLCipher.getInstance();
- cipher.init(XMLCipher.UNWRAP_MODE, kek);
- if (internalKeyResolvers != null) {
- int size = internalKeyResolvers.size();
- for (int i = 0; i < size; i++) {
- cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
- }
- }
- EncryptedKey ek = cipher.loadEncryptedKey(element);
- key = (SecretKey) cipher.decryptKey(ek, algorithm);
- } catch (XMLEncryptionException e) {
- LOG.debug(e.getMessage(), e);
+ LOG.debug("Passed an Encrypted Key");
+ try {
+ XMLCipher cipher = XMLCipher.getInstance();
+ cipher.init(XMLCipher.UNWRAP_MODE, kek);
+ int size = internalKeyResolvers.size();
+ for (int i = 0; i < size; i++) {
+ cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
}
+ EncryptedKey ek = cipher.loadEncryptedKey(element);
+ key = (SecretKey) cipher.decryptKey(ek, algorithm);
+ } catch (XMLEncryptionException e) {
+ LOG.debug(e.getMessage(), e);
}
return key;
}
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java Mon Jan 13 19:53:53 2020
@@ -52,23 +52,18 @@ public class KeyInfoReferenceResolver ex
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(KeyInfoReferenceResolver.class);
- /** {{@inheritDoc}}. */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_KEYINFOREFERENCE);
}
- /** {{@inheritDoc}}. */
- public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
-
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage, secureValidation);
if (referent != null) {
return referent.getPublicKey();
}
@@ -79,18 +74,12 @@ public class KeyInfoReferenceResolver ex
return null;
}
- /** {{@inheritDoc}}. */
- public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
-
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage, secureValidation);
if (referent != null) {
return referent.getX509Certificate();
}
@@ -101,18 +90,13 @@ public class KeyInfoReferenceResolver ex
return null;
}
- /** {{@inheritDoc}}. */
- public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage, secureValidation);
if (referent != null) {
return referent.getSecretKey();
}
@@ -123,18 +107,13 @@ public class KeyInfoReferenceResolver ex
return null;
}
- /** {{@inheritDoc}}. */
- public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ public PrivateKey engineResolvePrivateKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
- LOG.debug("Can I resolve " + element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage, secureValidation);
if (referent != null) {
return referent.getPrivateKey();
}
@@ -151,10 +130,12 @@ public class KeyInfoReferenceResolver ex
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved
* @throws XMLSecurityException
*/
- private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
+ private KeyInfo resolveReferentKeyInfo(Element element, String baseURI,
+ StorageResolver storage, boolean secureValidation) throws XMLSecurityException {
KeyInfoReference reference = new KeyInfoReference(element, baseURI);
Attr uriAttr = reference.getURIAttr();
@@ -162,7 +143,7 @@ public class KeyInfoReferenceResolver ex
Element referentElement = null;
try {
- referentElement = obtainReferenceElement(resource);
+ referentElement = obtainReferenceElement(resource, secureValidation);
} catch (Exception e) {
LOG.debug("XMLSecurityException", e);
return null;
@@ -173,7 +154,7 @@ public class KeyInfoReferenceResolver ex
return null;
}
- validateReference(referentElement);
+ validateReference(referentElement, secureValidation);
KeyInfo referent = new KeyInfo(referentElement, baseURI);
referent.addStorageResolver(storage);
@@ -184,10 +165,11 @@ public class KeyInfoReferenceResolver ex
* Validate the Element referred to by the KeyInfoReference.
*
* @param referentElement
+ * @param secureValidation
*
* @throws XMLSecurityException
*/
- private void validateReference(Element referentElement) throws XMLSecurityException {
+ private void validateReference(Element referentElement, boolean secureValidation) throws XMLSecurityException {
if (!XMLUtils.elementIsInSignatureSpace(referentElement, Constants._TAG_KEYINFO)) {
Object[] exArgs = { new QName(referentElement.getNamespaceURI(), referentElement.getLocalName()) };
throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.WrongType", exArgs);
@@ -226,6 +208,7 @@ public class KeyInfoReferenceResolver ex
* Resolve the Element effectively represented by the XML signature input source.
*
* @param resource
+ * @param secureValidation
* @return the Element effectively represented by the XML signature input source.
* @throws CanonicalizationException
* @throws ParserConfigurationException
@@ -233,7 +216,7 @@ public class KeyInfoReferenceResolver ex
* @throws SAXException
* @throws KeyResolverException
*/
- private Element obtainReferenceElement(XMLSignatureInput resource)
+ private Element obtainReferenceElement(XMLSignatureInput resource, boolean secureValidation)
throws CanonicalizationException, ParserConfigurationException,
IOException, SAXException, KeyResolverException {
@@ -246,7 +229,7 @@ public class KeyInfoReferenceResolver ex
} else {
// Retrieved resource is a byte stream
byte[] inputBytes = resource.getBytes();
- e = getDocFromBytes(inputBytes, this.secureValidation);
+ e = getDocFromBytes(inputBytes, secureValidation);
}
return e;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java Mon Jan 13 19:53:53 2020
@@ -52,8 +52,8 @@ public class PrivateKeyResolver extends
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(PrivateKeyResolver.class);
- private KeyStore keyStore;
- private char[] password;
+ private final KeyStore keyStore;
+ private final char[] password;
/**
* Constructor.
@@ -63,77 +63,42 @@ public class PrivateKeyResolver extends
this.password = password;
}
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)
|| XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME);
}
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolvePrivateKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ public PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
PrivateKey privKey = resolveX509Data(element, baseURI);
@@ -154,7 +119,6 @@ public class PrivateKeyResolver extends
}
}
- LOG.debug("I can't");
return null;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java Mon Jan 13 19:53:53 2020
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -35,10 +36,17 @@ public class RSAKeyValueResolver extends
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(RSAKeyValueResolver.class);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE)
+ || XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RSAKEYVALUE);
+ }
/** {@inheritDoc} */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
if (element == null) {
return null;
@@ -73,15 +81,25 @@ public class RSAKeyValueResolver extends
}
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java Mon Jan 13 19:53:53 2020
@@ -21,6 +21,7 @@ package org.apache.xml.security.keys.key
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -66,20 +67,17 @@ public class RetrievalMethodResolver ext
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(RetrievalMethodResolver.class);
- /**
- * Method engineResolvePublicKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) {
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
- return null;
- }
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD);
+ }
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
try {
// Create a retrieval method over the given element
RetrievalMethod rm = new RetrievalMethod(element, baseURI);
@@ -115,7 +113,7 @@ public class RetrievalMethodResolver ext
}
}
- return resolveKey(e, baseURI, storage);
+ return resolveKey(e, baseURI, storage, secureValidation);
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
} catch (CertificateException ex) {
@@ -130,19 +128,10 @@ public class RetrievalMethodResolver ext
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage) {
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
- return null;
- }
-
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation) {
try {
RetrievalMethod rm = new RetrievalMethod(element, baseURI);
String type = rm.getType();
@@ -173,7 +162,7 @@ public class RetrievalMethodResolver ext
}
}
- return resolveCertificate(e, baseURI, storage);
+ return resolveCertificate(e, baseURI, storage, secureValidation);
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
} catch (CertificateException ex) {
@@ -197,7 +186,7 @@ public class RetrievalMethodResolver ext
* @throws KeyResolverException
*/
private static X509Certificate resolveCertificate(
- Element e, String baseURI, StorageResolver storage
+ Element e, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
// An element has been provided
if (e != null) {
@@ -205,7 +194,7 @@ public class RetrievalMethodResolver ext
LOG.debug("Now we have a {" + e.getNamespaceURI() + "}"
+ e.getLocalName() + " Element");
}
- return KeyResolver.getX509Certificate(e, baseURI, storage);
+ return KeyResolver.getX509Certificate(e, baseURI, storage, secureValidation);
}
return null;
}
@@ -215,11 +204,12 @@ public class RetrievalMethodResolver ext
* @param e
* @param baseURI
* @param storage
+ * @param secureValidation
* @return a PublicKey from the given information
* @throws KeyResolverException
*/
private static PublicKey resolveKey(
- Element e, String baseURI, StorageResolver storage
+ Element e, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
// An element has been provided
if (e != null) {
@@ -227,7 +217,7 @@ public class RetrievalMethodResolver ext
LOG.debug("Now we have a {" + e.getNamespaceURI() + "}"
+ e.getLocalName() + " Element");
}
- return KeyResolver.getPublicKey(e, baseURI, storage);
+ return KeyResolver.getPublicKey(e, baseURI, storage, secureValidation);
}
return null;
}
@@ -282,15 +272,18 @@ public class RetrievalMethodResolver ext
return resource;
}
- /**
- * Method engineResolveSecretKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ public javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java Mon Jan 13 19:53:53 2020
@@ -40,8 +40,8 @@ public class SecretKeyResolver extends K
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(SecretKeyResolver.class);
- private KeyStore keyStore;
- private char[] password;
+ private final KeyStore keyStore;
+ private final char[] password;
/**
* Constructor.
@@ -51,59 +51,32 @@ public class SecretKeyResolver extends K
this.password = password;
}
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME);
}
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
LOG.debug("Can I resolve {}?", element.getTagName());
@@ -123,18 +96,11 @@ public class SecretKeyResolver extends K
return null;
}
- /**
- * Method engineResolvePrivateKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
return null;
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java Mon Jan 13 19:53:53 2020
@@ -33,13 +33,11 @@ import org.w3c.dom.Element;
* Resolves a single Key based on the KeyName.
*/
public class SingleKeyResolver extends KeyResolverSpi {
- private static final org.slf4j.Logger LOG =
- org.slf4j.LoggerFactory.getLogger(SingleKeyResolver.class);
- private String keyName;
- private PublicKey publicKey;
- private PrivateKey privateKey;
- private SecretKey secretKey;
+ private final String keyName;
+ private final PublicKey publicKey;
+ private final PrivateKey privateKey;
+ private final SecretKey secretKey;
/**
* Constructor.
@@ -49,6 +47,8 @@ public class SingleKeyResolver extends K
public SingleKeyResolver(String keyName, PublicKey publicKey) {
this.keyName = keyName;
this.publicKey = publicKey;
+ privateKey = null;
+ secretKey = null;
}
/**
@@ -59,6 +59,8 @@ public class SingleKeyResolver extends K
public SingleKeyResolver(String keyName, PrivateKey privateKey) {
this.keyName = keyName;
this.privateKey = privateKey;
+ publicKey = null;
+ secretKey = null;
}
/**
@@ -69,110 +71,67 @@ public class SingleKeyResolver extends K
public SingleKeyResolver(String keyName, SecretKey secretKey) {
this.keyName = keyName;
this.secretKey = secretKey;
+ publicKey = null;
+ privateKey = null;
}
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME);
}
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
-
- if (publicKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
+ if (publicKey != null) {
String name = element.getFirstChild().getNodeValue();
if (keyName.equals(name)) {
return publicKey;
}
}
- LOG.debug("I can't");
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
-
- if (secretKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
+ if (secretKey != null) {
String name = element.getFirstChild().getNodeValue();
if (keyName.equals(name)) {
return secretKey;
}
}
- LOG.debug("I can't");
return null;
}
- /**
- * Method engineResolvePrivateKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ public PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
- if (privateKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
+ if (privateKey != null) {
String name = element.getFirstChild().getNodeValue();
if (keyName.equals(name)) {
return privateKey;
}
}
- LOG.debug("I can't");
return null;
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java?rev=1872737&r1=1872736&r2=1872737&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java Mon Jan 13 19:53:53 2020
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -40,21 +41,20 @@ public class X509CertificateResolver ext
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(X509CertificateResolver.class);
- /**
- * Method engineResolvePublicKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return Constants.SignatureSpecNS.equals(element.getNamespaceURI());
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, baseURI, storage);
+ this.engineResolveX509Certificate(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert.getPublicKey();
@@ -63,17 +63,10 @@ public class X509CertificateResolver ext
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
try {
@@ -83,7 +76,7 @@ public class X509CertificateResolver ext
Element el =
XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_X509DATA, 0);
if (el != null) {
- return engineLookupResolveX509Certificate(el, baseURI, storage);
+ return engineResolveX509Certificate(el, baseURI, storage, secureValidation);
}
return null;
}
@@ -103,15 +96,18 @@ public class X509CertificateResolver ext
}
}
- /**
- * Method engineResolveSecretKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}