You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by co...@apache.org on 2013/06/17 16:17:13 UTC

svn commit: r1493769 - /santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java

Author: coheigea
Date: Mon Jun 17 14:17:13 2013
New Revision: 1493769

URL: http://svn.apache.org/r1493769
Log:
Don't allow non-standard c14n method

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?rev=1493769&r1=1493768&r2=1493769&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java Mon Jun 17 14:17:13 2013
@@ -50,6 +50,9 @@ public class DOMCanonicalizationMethod e
         throws InvalidAlgorithmParameterException
     {
         super(spi);
+        if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+            throw new InvalidAlgorithmParameterException("Illegal CanonicalizationMethod");
+        } 
     }
 
     /**
@@ -64,6 +67,9 @@ public class DOMCanonicalizationMethod e
         throws MarshalException
     {
         super(cmElem, context, provider);
+        if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+            throw new MarshalException("Illegal CanonicalizationMethod");
+        } 
     }
 
     /**
@@ -111,4 +117,13 @@ public class DOMCanonicalizationMethod e
         assert false : "hashCode not designed";
         return 42; // any arbitrary constant will do 
     }
+    
+    private static boolean isC14Nalg(String alg) {
+        return alg.equals(CanonicalizationMethod.INCLUSIVE) 
+            || alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) 
+            || alg.equals(CanonicalizationMethod.EXCLUSIVE) 
+            || alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) 
+            || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) 
+            || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS);
+    } 
 }