You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by mu...@apache.org on 2008/02/29 21:24:11 UTC
svn commit: r632424 - in
/xml/security/trunk/src/org/apache/xml/security/signature: Reference.java
XMLSignatureInput.java
Author: mullan
Date: Fri Feb 29 12:24:09 2008
New Revision: 632424
URL: http://svn.apache.org/viewvc?rev=632424&view=rev
Log:
Related to RFE 42653.
Add support for explicitly adding C14N 1.1 Transform when generating a
signature. See section 3.1.1 of http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ for more info.
Modified:
xml/security/trunk/src/org/apache/xml/security/signature/Reference.java
xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java
Modified: xml/security/trunk/src/org/apache/xml/security/signature/Reference.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/signature/Reference.java?rev=632424&r1=632423&r2=632424&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/signature/Reference.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/signature/Reference.java Fri Feb 29 12:24:09 2008
@@ -98,6 +98,20 @@
*/
public class Reference extends SignatureElementProxy {
+ /**
+ * Look up useC14N11 system property. If true, an explicit C14N11 transform
+ * will be added if necessary when generating the signature. See section
+ * 3.1.1 of http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ for more info.
+ */
+ private static boolean useC14N11 = false;
+ static {
+ try {
+ useC14N11 = Boolean.getBoolean("org.apache.xml.security.useC14N11");
+ } catch (Exception e) {
+ // ignore exceptions
+ }
+ }
+
/** Field CacheSignedNodes */
public final static boolean CacheSignedNodes = false;
@@ -354,7 +368,7 @@
*/
public void generateDigestValue()
throws XMLSignatureException, ReferenceNotInitializedException {
- this.setDigestValueElement(this.calculateDigest());
+ this.setDigestValueElement(this.calculateDigest(false));
}
/**
@@ -662,13 +676,14 @@
/**
- * Method resolverResult
+ * Method calculateDigest
*
+ * @param validating true if validating the reference
* @return reference Calculate the digest of this reference.
* @throws ReferenceNotInitializedException
* @throws XMLSignatureException
*/
- private byte[] calculateDigest()
+ private byte[] calculateDigest(boolean validating)
throws ReferenceNotInitializedException, XMLSignatureException {
try {
@@ -679,7 +694,20 @@
DigesterOutputStream diOs=new DigesterOutputStream(mda);
OutputStream os=new UnsyncBufferedOutputStream(diOs);
XMLSignatureInput output=this.dereferenceURIandPerformTransforms(os);
- output.updateOutputStream(os);
+ // if signing and c14n11 property == true explicitly add
+ // C14N11 transform if needed
+ if (this.useC14N11 && !validating &&
+ !output.isOutputStreamSet() && !output.isOctetStream()) {
+ if (transforms == null) {
+ transforms = new Transforms(this._doc);
+ this._constructionElement.insertBefore
+ (transforms.getElement(), digestMethodElem);
+ }
+ transforms.addTransform(Transforms.TRANSFORM_C14N11_OMIT_COMMENTS);
+ output.updateOutputStream(os, true);
+ } else {
+ output.updateOutputStream(os);
+ }
os.flush();
//this.getReferencedBytes(diOs);
//mda.update(data);
@@ -689,7 +717,7 @@
throw new ReferenceNotInitializedException("empty", ex);
} catch (IOException ex) {
throw new ReferenceNotInitializedException("empty", ex);
- }
+ }
}
/**
@@ -697,7 +725,7 @@
*
* @return the digest value.
* @throws Base64DecodingException if Reference contains no proper base64 encoded data.
- * @throws XMLSecurityException if the Reference does not contain a DigestValue element
+ * @throws XMLSecurityException if the Reference does not contain a DigestValue element
*/
public byte[] getDigestValue() throws Base64DecodingException, XMLSecurityException {
if (digestValueElement == null) {
@@ -724,7 +752,7 @@
throws ReferenceNotInitializedException, XMLSecurityException {
byte[] elemDig = this.getDigestValue();
- byte[] calcDig = this.calculateDigest();
+ byte[] calcDig = this.calculateDigest(true);
boolean equal = MessageDigestAlgorithm.isEqual(elemDig, calcDig);
if (!equal) {
Modified: xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java?rev=632424&r1=632423&r2=632424&view=diff
==============================================================================
--- xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java (original)
+++ xml/security/trunk/src/org/apache/xml/security/signature/XMLSignatureInput.java Fri Feb 29 12:24:09 2008
@@ -306,7 +306,7 @@
/**
* Determines if the object has been set up with a Node set
*
- * @return true is the object has been set up with a Node set
+ * @return true if the object has been set up with a Node set
*/
public boolean isNodeSet() {
return (( (this._inputOctetStreamProxy == null)
@@ -316,7 +316,7 @@
/**
* Determines if the object has been set up with an Element
*
- * @return true is the object has been set up with a Node set
+ * @return true if the object has been set up with a Node set
*/
public boolean isElement() {
return ((this._inputOctetStreamProxy==null)&& (this._subNode!=null)
@@ -326,11 +326,22 @@
/**
* Determines if the object has been set up with an octet stream
*
- * @return true is the object has been set up with an octet stream
+ * @return true if the object has been set up with an octet stream
*/
public boolean isOctetStream() {
return ( ((this._inputOctetStreamProxy != null) || bytes!=null)
&& ((this._inputNodeSet == null) && _subNode ==null));
+ }
+
+ /**
+ * Determines if {@link #setOutputStream} has been called with a
+ * non-null OutputStream.
+ *
+ * @return true if {@link #setOutputStream} has been called with a
+ * non-null OutputStream
+ */
+ public boolean isOutputStreamSet() {
+ return outputStream != null;
}
/**