src/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java
Print this page
*** 1,46 ****
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
! /*
! * Copyright 1999-2004 The Apache Software Foundation.
! *
! * Licensed under the Apache License, Version 2.0 (the "License");
! * you may not use this file except in compliance with the License.
! * You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
! * Unless required by applicable law or agreed to in writing, software
! * distributed under the License is distributed on an "AS IS" BASIS,
! * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
! * See the License for the specific language governing permissions and
! * limitations under the License.
! *
*/
package com.sun.org.apache.xml.internal.security.signature;
-
-
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
- import java.util.Set;
import java.util.Map;
import javax.xml.parsers.ParserConfigurationException;
import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.I18n;
- import com.sun.org.apache.xml.internal.security.utils.IdResolver;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr;
--- 1,45 ----
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
! /**
! * Licensed to the Apache Software Foundation (ASF) under one
! * or more contributor license agreements. See the NOTICE file
! * distributed with this work for additional information
! * regarding copyright ownership. The ASF licenses this file
! * to you under the Apache License, Version 2.0 (the
! * "License"); you may not use this file except in compliance
! * with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
! * Unless required by applicable law or agreed to in writing,
! * software distributed under the License is distributed on an
! * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
! * KIND, either express or implied. See the License for the
! * specific language governing permissions and limitations
! * under the License.
*/
package com.sun.org.apache.xml.internal.security.signature;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+ import java.util.Set;
import javax.xml.parsers.ParserConfigurationException;
import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.I18n;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr;
*** 48,207 ****
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
-
-
/**
* Handles <code><ds:Manifest></code> elements.
* <p> This element holds the <code>Reference</code> elements</p>
- * @author $author: $
*/
public class Manifest extends SignatureElementProxy {
! /** {@link java.util.logging} logging facility */
! static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(Manifest.class.getName());
! /** Field _references */
! List<Reference> _references;
! Element[] _referencesEl;
/** Field verificationResults[] */
private boolean verificationResults[] = null;
! /** Field _resolverProperties */
! Map<String,String> _resolverProperties = null;
! /** Field _perManifestResolvers */
! List<ResourceResolver> _perManifestResolvers = null;
/**
! * Consturts {@link Manifest}
*
* @param doc the {@link Document} in which <code>XMLsignature</code> is placed
*/
public Manifest(Document doc) {
-
super(doc);
! XMLUtils.addReturnToElement(this._constructionElement);
! this._references = new ArrayList<Reference>();
}
/**
* Constructor Manifest
*
* @param element
! * @param BaseURI
* @throws XMLSecurityException
*/
! public Manifest(Element element, String BaseURI)
! throws XMLSecurityException {
! super(element, BaseURI);
Attr attr = element.getAttributeNodeNS(null, "Id");
if (attr != null) {
element.setIdAttributeNode(attr, true);
}
// check out Reference children
! this._referencesEl = XMLUtils.selectDsNodes(this._constructionElement.getFirstChild(),
! Constants._TAG_REFERENCE);
! int le = this._referencesEl.length;
! {
if (le == 0) {
-
// At least one Reference must be present. Bad.
! Object exArgs[] = { Constants._TAG_REFERENCE,
! Constants._TAG_MANIFEST };
throw new DOMException(DOMException.WRONG_DOCUMENT_ERR,
I18n.translate("xml.WrongContent", exArgs));
}
}
! // create Vector
! this._references = new ArrayList<Reference>(le);
for (int i = 0; i < le; i++) {
! Element refElem = this._referencesEl[i];
Attr refAttr = refElem.getAttributeNodeNS(null, "Id");
if (refAttr != null) {
refElem.setIdAttributeNode(refAttr, true);
}
! this._references.add(null);
}
}
/**
* This <code>addDocument</code> method is used to add a new resource to the
* signed info. A {@link com.sun.org.apache.xml.internal.security.signature.Reference} is built
* from the supplied values.
*
! * @param BaseURI the URI of the resource where the XML instance was stored
! * @param referenceURI <code>URI</code> attribute in <code>Reference</code> for specifing where data is
! * @param transforms com.sun.org.apache.xml.internal.security.signature.Transforms object with an ordered list of transformations to be performed.
! * @param digestURI The digest algorthim URI to be used.
! * @param ReferenceId
! * @param ReferenceType
* @throws XMLSignatureException
*/
public void addDocument(
! String BaseURI, String referenceURI, Transforms transforms, String digestURI, String ReferenceId, String ReferenceType)
! throws XMLSignatureException {
! // the this._doc is handed implicitly by the this.getOwnerDocument()
! Reference ref = new Reference(this._doc, BaseURI, referenceURI, this,
! transforms, digestURI);
!
! if (ReferenceId != null) {
! ref.setId(ReferenceId);
}
! if (ReferenceType != null) {
! ref.setType(ReferenceType);
}
// add Reference object to our cache vector
! this._references.add(ref);
// add the Element of the Reference object to the Manifest/SignedInfo
! this._constructionElement.appendChild(ref.getElement());
! XMLUtils.addReturnToElement(this._constructionElement);
}
/**
* The calculation of the DigestValues in the References must be after the
* References are already added to the document and during the signing
! * process. This ensures that all neccesary data is in place.
*
* @throws ReferenceNotInitializedException
* @throws XMLSignatureException
*/
public void generateDigestValues()
throws XMLSignatureException, ReferenceNotInitializedException {
-
for (int i = 0; i < this.getLength(); i++) {
-
// update the cached Reference object, the Element content is automatically updated
! Reference currentRef = this._references.get(i);
!
currentRef.generateDigestValue();
}
}
/**
* Return the nonnegative number of added references.
*
* @return the number of references
*/
public int getLength() {
! return this._references.size();
}
/**
* Return the <it>i</it><sup>th</sup> reference. Valid <code>i</code>
* values are 0 to <code>{link@ getSize}-1</code>.
--- 47,225 ----
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
/**
* Handles <code><ds:Manifest></code> elements.
* <p> This element holds the <code>Reference</code> elements</p>
*/
public class Manifest extends SignatureElementProxy {
! /**
! * The maximum number of references per Manifest, if secure validation is enabled.
! */
! public static final int MAXIMUM_REFERENCE_COUNT = 30;
!
! /** {@link org.apache.commons.logging} logging facility */
! private static java.util.logging.Logger log =
java.util.logging.Logger.getLogger(Manifest.class.getName());
! /** Field references */
! private List<Reference> references;
! private Element[] referencesEl;
/** Field verificationResults[] */
private boolean verificationResults[] = null;
! /** Field resolverProperties */
! private Map<String, String> resolverProperties = null;
!
! /** Field perManifestResolvers */
! private List<ResourceResolver> perManifestResolvers = null;
! private boolean secureValidation;
/**
! * Constructs {@link Manifest}
*
* @param doc the {@link Document} in which <code>XMLsignature</code> is placed
*/
public Manifest(Document doc) {
super(doc);
! XMLUtils.addReturnToElement(this.constructionElement);
! this.references = new ArrayList<Reference>();
}
/**
* Constructor Manifest
*
* @param element
! * @param baseURI
* @throws XMLSecurityException
*/
! public Manifest(Element element, String baseURI) throws XMLSecurityException {
! this(element, baseURI, false);
! }
! /**
! * Constructor Manifest
! *
! * @param element
! * @param baseURI
! * @param secureValidation
! * @throws XMLSecurityException
! */
! public Manifest(
! Element element, String baseURI, boolean secureValidation
! ) throws XMLSecurityException {
! super(element, baseURI);
Attr attr = element.getAttributeNodeNS(null, "Id");
if (attr != null) {
element.setIdAttributeNode(attr, true);
}
+ this.secureValidation = secureValidation;
// check out Reference children
! this.referencesEl =
! XMLUtils.selectDsNodes(
! this.constructionElement.getFirstChild(), Constants._TAG_REFERENCE
! );
! int le = this.referencesEl.length;
if (le == 0) {
// At least one Reference must be present. Bad.
! Object exArgs[] = { Constants._TAG_REFERENCE, Constants._TAG_MANIFEST };
throw new DOMException(DOMException.WRONG_DOCUMENT_ERR,
I18n.translate("xml.WrongContent", exArgs));
}
+
+ if (secureValidation && le > MAXIMUM_REFERENCE_COUNT) {
+ Object exArgs[] = { le, MAXIMUM_REFERENCE_COUNT };
+
+ throw new XMLSecurityException("signature.tooManyReferences", exArgs);
}
! // create List
! this.references = new ArrayList<Reference>(le);
for (int i = 0; i < le; i++) {
! Element refElem = referencesEl[i];
Attr refAttr = refElem.getAttributeNodeNS(null, "Id");
if (refAttr != null) {
refElem.setIdAttributeNode(refAttr, true);
}
! this.references.add(null);
}
}
/**
* This <code>addDocument</code> method is used to add a new resource to the
* signed info. A {@link com.sun.org.apache.xml.internal.security.signature.Reference} is built
* from the supplied values.
*
! * @param baseURI the URI of the resource where the XML instance was stored
! * @param referenceURI <code>URI</code> attribute in <code>Reference</code> for specifying
! * where data is
! * @param transforms com.sun.org.apache.xml.internal.security.signature.Transforms object with an ordered
! * list of transformations to be performed.
! * @param digestURI The digest algorithm URI to be used.
! * @param referenceId
! * @param referenceType
* @throws XMLSignatureException
*/
public void addDocument(
! String baseURI, String referenceURI, Transforms transforms,
! String digestURI, String referenceId, String referenceType
! ) throws XMLSignatureException {
! // the this.doc is handed implicitly by the this.getOwnerDocument()
! Reference ref =
! new Reference(this.doc, baseURI, referenceURI, this, transforms, digestURI);
! if (referenceId != null) {
! ref.setId(referenceId);
}
! if (referenceType != null) {
! ref.setType(referenceType);
}
// add Reference object to our cache vector
! this.references.add(ref);
// add the Element of the Reference object to the Manifest/SignedInfo
! this.constructionElement.appendChild(ref.getElement());
! XMLUtils.addReturnToElement(this.constructionElement);
}
/**
* The calculation of the DigestValues in the References must be after the
* References are already added to the document and during the signing
! * process. This ensures that all necessary data is in place.
*
* @throws ReferenceNotInitializedException
* @throws XMLSignatureException
*/
public void generateDigestValues()
throws XMLSignatureException, ReferenceNotInitializedException {
for (int i = 0; i < this.getLength(); i++) {
// update the cached Reference object, the Element content is automatically updated
! Reference currentRef = this.references.get(i);
currentRef.generateDigestValue();
}
}
/**
* Return the nonnegative number of added references.
*
* @return the number of references
*/
public int getLength() {
! return this.references.size();
}
/**
* Return the <it>i</it><sup>th</sup> reference. Valid <code>i</code>
* values are 0 to <code>{link@ getSize}-1</code>.
*** 209,250 ****
* @param i Index of the requested {@link Reference}
* @return the <it>i</it><sup>th</sup> reference
* @throws XMLSecurityException
*/
public Reference item(int i) throws XMLSecurityException {
!
! if (this._references.get(i) == null) {
!
// not yet constructed, so _we_ have to
! Reference ref = new Reference(_referencesEl[i], this._baseURI, this);
! this._references.set(i, ref);
}
! return this._references.get(i);
!
}
/**
* Sets the <code>Id</code> attribute
*
* @param Id the <code>Id</code> attribute in <code>ds:Manifest</code>
*/
public void setId(String Id) {
-
if (Id != null) {
! setLocalIdAttribute(Constants._ATT_ID, Id);
}
}
/**
* Returns the <code>Id</code> attribute
*
* @return the <code>Id</code> attribute in <code>ds:Manifest</code>
*/
public String getId() {
! return this._constructionElement.getAttributeNS(null, Constants._ATT_ID);
}
/**
* Used to do a <A HREF="http://www.w3.org/TR/xmldsig-core/#def-ValidationReference">reference
* validation</A> of all enclosed references using the {@link Reference#verify} method.
--- 227,266 ----
* @param i Index of the requested {@link Reference}
* @return the <it>i</it><sup>th</sup> reference
* @throws XMLSecurityException
*/
public Reference item(int i) throws XMLSecurityException {
! if (this.references.get(i) == null) {
// not yet constructed, so _we_ have to
! Reference ref =
! new Reference(referencesEl[i], this.baseURI, this, secureValidation);
! this.references.set(i, ref);
}
! return this.references.get(i);
}
/**
* Sets the <code>Id</code> attribute
*
* @param Id the <code>Id</code> attribute in <code>ds:Manifest</code>
*/
public void setId(String Id) {
if (Id != null) {
! this.constructionElement.setAttributeNS(null, Constants._ATT_ID, Id);
! this.constructionElement.setIdAttributeNS(null, Constants._ATT_ID, true);
}
}
/**
* Returns the <code>Id</code> attribute
*
* @return the <code>Id</code> attribute in <code>ds:Manifest</code>
*/
public String getId() {
! return this.constructionElement.getAttributeNS(null, Constants._ATT_ID);
}
/**
* Used to do a <A HREF="http://www.w3.org/TR/xmldsig-core/#def-ValidationReference">reference
* validation</A> of all enclosed references using the {@link Reference#verify} method.
*** 254,264 ****
* <code>false</code>. If <i>all</i> verifications are successful,
* it returns <code>true</code>. The results of the individual reference
* validations are available by using the {@link #getVerificationResult(int)} method
*
* @return true if all References verify, false if one or more do not verify.
! * @throws MissingResourceFailureException if a {@link Reference} does not verify (throws a {@link com.sun.org.apache.xml.internal.security.signature.ReferenceNotInitializedException} because of an uninitialized {@link XMLSignatureInput}
* @see com.sun.org.apache.xml.internal.security.signature.Reference#verify
* @see com.sun.org.apache.xml.internal.security.signature.SignedInfo#verify()
* @see com.sun.org.apache.xml.internal.security.signature.MissingResourceFailureException
* @throws XMLSecurityException
*/
--- 270,282 ----
* <code>false</code>. If <i>all</i> verifications are successful,
* it returns <code>true</code>. The results of the individual reference
* validations are available by using the {@link #getVerificationResult(int)} method
*
* @return true if all References verify, false if one or more do not verify.
! * @throws MissingResourceFailureException if a {@link Reference} does not verify
! * (throws a {@link com.sun.org.apache.xml.internal.security.signature.ReferenceNotInitializedException}
! * because of an uninitialized {@link XMLSignatureInput}
* @see com.sun.org.apache.xml.internal.security.signature.Reference#verify
* @see com.sun.org.apache.xml.internal.security.signature.SignedInfo#verify()
* @see com.sun.org.apache.xml.internal.security.signature.MissingResourceFailureException
* @throws XMLSecurityException
*/
*** 277,337 ****
* it returns <code>true</code>. The results of the individual reference
* validations are available by using the {@link #getVerificationResult(int)} method
*
* @param followManifests
* @return true if all References verify, false if one or more do not verify.
! * @throws MissingResourceFailureException if a {@link Reference} does not verify (throws a {@link com.sun.org.apache.xml.internal.security.signature.ReferenceNotInitializedException} because of an uninitialized {@link XMLSignatureInput}
* @see com.sun.org.apache.xml.internal.security.signature.Reference#verify
* @see com.sun.org.apache.xml.internal.security.signature.SignedInfo#verify(boolean)
* @see com.sun.org.apache.xml.internal.security.signature.MissingResourceFailureException
* @throws XMLSecurityException
*/
public boolean verifyReferences(boolean followManifests)
throws MissingResourceFailureException, XMLSecurityException {
! if (_referencesEl==null) {
! this._referencesEl =
! XMLUtils.selectDsNodes(this._constructionElement.getFirstChild(),
! Constants._TAG_REFERENCE);
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
! log.log(java.util.logging.Level.FINE, "verify " +_referencesEl.length + " References");
log.log(java.util.logging.Level.FINE, "I am " + (followManifests
! ? ""
! : "not") + " requested to follow nested Manifests");
}
! boolean verify = true;
!
! if (_referencesEl.length==0) {
throw new XMLSecurityException("empty");
}
! this.verificationResults =
! new boolean[_referencesEl.length];
! for (int i =
! 0; i < this._referencesEl.length; i++) {
Reference currentRef =
! new Reference(_referencesEl[i], this._baseURI, this);
! this._references.set(i, currentRef);
! /* if only one item does not verify, the whole verification fails */
try {
boolean currentRefVerified = currentRef.verify();
this.setVerificationResult(i, currentRefVerified);
if (!currentRefVerified) {
verify = false;
}
! if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "The Reference has Type " + currentRef.getType());
// was verification successful till now and do we want to verify the Manifest?
! if (verify && followManifests
! && currentRef.typeIsReferenceToManifest()) {
log.log(java.util.logging.Level.FINE, "We have to follow a nested Manifest");
try {
XMLSignatureInput signedManifestNodes =
currentRef.dereferenceURIandPerformTransforms(null);
Set<Node> nl = signedManifestNodes.getNodeSet();
--- 295,360 ----
* it returns <code>true</code>. The results of the individual reference
* validations are available by using the {@link #getVerificationResult(int)} method
*
* @param followManifests
* @return true if all References verify, false if one or more do not verify.
! * @throws MissingResourceFailureException if a {@link Reference} does not verify
! * (throws a {@link com.sun.org.apache.xml.internal.security.signature.ReferenceNotInitializedException}
! * because of an uninitialized {@link XMLSignatureInput}
* @see com.sun.org.apache.xml.internal.security.signature.Reference#verify
* @see com.sun.org.apache.xml.internal.security.signature.SignedInfo#verify(boolean)
* @see com.sun.org.apache.xml.internal.security.signature.MissingResourceFailureException
* @throws XMLSecurityException
*/
public boolean verifyReferences(boolean followManifests)
throws MissingResourceFailureException, XMLSecurityException {
! if (referencesEl == null) {
! this.referencesEl =
! XMLUtils.selectDsNodes(
! this.constructionElement.getFirstChild(), Constants._TAG_REFERENCE
! );
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
! log.log(java.util.logging.Level.FINE, "verify " + referencesEl.length + " References");
log.log(java.util.logging.Level.FINE, "I am " + (followManifests
! ? "" : "not") + " requested to follow nested Manifests");
}
! if (referencesEl.length == 0) {
throw new XMLSecurityException("empty");
}
+ if (secureValidation && referencesEl.length > MAXIMUM_REFERENCE_COUNT) {
+ Object exArgs[] = { referencesEl.length, MAXIMUM_REFERENCE_COUNT };
! throw new XMLSecurityException("signature.tooManyReferences", exArgs);
! }
! this.verificationResults = new boolean[referencesEl.length];
! boolean verify = true;
! for (int i = 0; i < this.referencesEl.length; i++) {
Reference currentRef =
! new Reference(referencesEl[i], this.baseURI, this, secureValidation);
! this.references.set(i, currentRef);
! // if only one item does not verify, the whole verification fails
try {
boolean currentRefVerified = currentRef.verify();
this.setVerificationResult(i, currentRefVerified);
if (!currentRefVerified) {
verify = false;
}
! if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "The Reference has Type " + currentRef.getType());
+ }
// was verification successful till now and do we want to verify the Manifest?
! if (verify && followManifests && currentRef.typeIsReferenceToManifest()) {
! if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "We have to follow a nested Manifest");
+ }
try {
XMLSignatureInput signedManifestNodes =
currentRef.dereferenceURIandPerformTransforms(null);
Set<Node> nl = signedManifestNodes.getNodeSet();
*** 339,388 ****
Iterator<Node> nlIterator = nl.iterator();
findManifest: while (nlIterator.hasNext()) {
Node n = nlIterator.next();
! if ((n.getNodeType() == Node.ELEMENT_NODE) && ((Element) n)
! .getNamespaceURI()
! .equals(Constants.SignatureSpecNS) && ((Element) n)
! .getLocalName().equals(Constants._TAG_MANIFEST)) {
try {
referencedManifest =
! new Manifest((Element) n,
! signedManifestNodes.getSourceURI());
!
break findManifest;
} catch (XMLSecurityException ex) {
!
// Hm, seems not to be a ds:Manifest
}
}
}
if (referencedManifest == null) {
-
// The Reference stated that it points to a ds:Manifest
// but we did not find a ds:Manifest in the signed area
! throw new MissingResourceFailureException("empty",
! currentRef);
}
! referencedManifest._perManifestResolvers =
! this._perManifestResolvers;
! referencedManifest._resolverProperties =
! this._resolverProperties;
boolean referencedManifestValid =
referencedManifest.verifyReferences(followManifests);
if (!referencedManifestValid) {
verify = false;
log.log(java.util.logging.Level.WARNING, "The nested Manifest was invalid (bad)");
} else {
log.log(java.util.logging.Level.FINE, "The nested Manifest was valid (good)");
}
} catch (IOException ex) {
throw new ReferenceNotInitializedException("empty", ex);
} catch (ParserConfigurationException ex) {
throw new ReferenceNotInitializedException("empty", ex);
} catch (SAXException ex) {
--- 362,411 ----
Iterator<Node> nlIterator = nl.iterator();
findManifest: while (nlIterator.hasNext()) {
Node n = nlIterator.next();
! if ((n.getNodeType() == Node.ELEMENT_NODE)
! && ((Element) n).getNamespaceURI().equals(Constants.SignatureSpecNS)
! && ((Element) n).getLocalName().equals(Constants._TAG_MANIFEST)
! ) {
try {
referencedManifest =
! new Manifest(
! (Element)n, signedManifestNodes.getSourceURI(), secureValidation
! );
break findManifest;
} catch (XMLSecurityException ex) {
! if (log.isLoggable(java.util.logging.Level.FINE)) {
! log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
! }
// Hm, seems not to be a ds:Manifest
}
}
}
if (referencedManifest == null) {
// The Reference stated that it points to a ds:Manifest
// but we did not find a ds:Manifest in the signed area
! throw new MissingResourceFailureException("empty", currentRef);
}
! referencedManifest.perManifestResolvers = this.perManifestResolvers;
! referencedManifest.resolverProperties = this.resolverProperties;
boolean referencedManifestValid =
referencedManifest.verifyReferences(followManifests);
if (!referencedManifestValid) {
verify = false;
log.log(java.util.logging.Level.WARNING, "The nested Manifest was invalid (bad)");
} else {
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "The nested Manifest was valid (good)");
}
+ }
} catch (IOException ex) {
throw new ReferenceNotInitializedException("empty", ex);
} catch (ParserConfigurationException ex) {
throw new ReferenceNotInitializedException("empty", ex);
} catch (SAXException ex) {
*** 391,402 ****
}
} catch (ReferenceNotInitializedException ex) {
Object exArgs[] = { currentRef.getURI() };
throw new MissingResourceFailureException(
! "signature.Verification.Reference.NoInput", exArgs, ex,
! currentRef);
}
}
return verify;
}
--- 414,425 ----
}
} catch (ReferenceNotInitializedException ex) {
Object exArgs[] = { currentRef.getURI() };
throw new MissingResourceFailureException(
! "signature.Verification.Reference.NoInput", exArgs, ex, currentRef
! );
}
}
return verify;
}
*** 405,417 ****
* Method setVerificationResult
*
* @param index
* @param verify
*/
! private void setVerificationResult(int index, boolean verify)
! {
!
if (this.verificationResults == null) {
this.verificationResults = new boolean[this.getLength()];
}
this.verificationResults[index] = verify;
--- 428,438 ----
* Method setVerificationResult
*
* @param index
* @param verify
*/
! private void setVerificationResult(int index, boolean verify) {
if (this.verificationResults == null) {
this.verificationResults = new boolean[this.getLength()];
}
this.verificationResults[index] = verify;
*** 425,441 ****
* @param index an index of into a {@link Manifest} or a {@link SignedInfo}
* @return the results of reference validation at the specified index
* @throws XMLSecurityException
*/
public boolean getVerificationResult(int index) throws XMLSecurityException {
-
if ((index < 0) || (index > this.getLength() - 1)) {
! Object exArgs[] = { Integer.toString(index),
! Integer.toString(this.getLength()) };
Exception e =
! new IndexOutOfBoundsException(I18n
! .translate("signature.Verification.IndexOutOfBounds", exArgs));
throw new XMLSecurityException("generic.EmptyMessage", e);
}
if (this.verificationResults == null) {
--- 446,461 ----
* @param index an index of into a {@link Manifest} or a {@link SignedInfo}
* @return the results of reference validation at the specified index
* @throws XMLSecurityException
*/
public boolean getVerificationResult(int index) throws XMLSecurityException {
if ((index < 0) || (index > this.getLength() - 1)) {
! Object exArgs[] = { Integer.toString(index), Integer.toString(this.getLength()) };
Exception e =
! new IndexOutOfBoundsException(
! I18n.translate("signature.Verification.IndexOutOfBounds", exArgs)
! );
throw new XMLSecurityException("generic.EmptyMessage", e);
}
if (this.verificationResults == null) {
*** 448,510 ****
return this.verificationResults[index];
}
/**
! * Adds Resource Resolver for retrieving resources at specified <code>URI</code> attribute in <code>reference</code> element
*
! * @param resolver {@link ResourceResolver} can provide the implemenatin subclass of {@link ResourceResolverSpi} for retrieving resource.
*/
public void addResourceResolver(ResourceResolver resolver) {
-
if (resolver == null) {
return;
}
! if (_perManifestResolvers==null)
! _perManifestResolvers = new ArrayList<ResourceResolver>();
! this._perManifestResolvers.add(resolver);
!
}
/**
! * Adds Resource Resolver for retrieving resources at specified <code>URI</code> attribute in <code>reference</code> element
*
! * @param resolverSpi the implemenatin subclass of {@link ResourceResolverSpi} for retrieving resource.
*/
public void addResourceResolver(ResourceResolverSpi resolverSpi) {
-
if (resolverSpi == null) {
return;
}
! if (_perManifestResolvers==null)
! _perManifestResolvers = new ArrayList<ResourceResolver>();
! this._perManifestResolvers.add(new ResourceResolver(resolverSpi));
}
/**
* Used to pass parameters like proxy servers etc to the ResourceResolver
* implementation.
*
* @param key the key
* @param value the value
*/
public void setResolverProperty(String key, String value) {
! if (_resolverProperties==null) {
! _resolverProperties=new HashMap<String, String>(10);
}
! this._resolverProperties.put(key, value);
}
/**
* Returns the value at specified key
*
* @param key the key
* @return the value
*/
public String getResolverProperty(String key) {
! return this._resolverProperties.get(key);
}
/**
* Method getSignedContentItem
*
--- 468,548 ----
return this.verificationResults[index];
}
/**
! * Adds Resource Resolver for retrieving resources at specified <code>URI</code> attribute
! * in <code>reference</code> element
*
! * @param resolver {@link ResourceResolver} can provide the implemenatin subclass of
! * {@link ResourceResolverSpi} for retrieving resource.
*/
public void addResourceResolver(ResourceResolver resolver) {
if (resolver == null) {
return;
}
! if (perManifestResolvers == null) {
! perManifestResolvers = new ArrayList<ResourceResolver>();
! }
! this.perManifestResolvers.add(resolver);
}
/**
! * Adds Resource Resolver for retrieving resources at specified <code>URI</code> attribute
! * in <code>reference</code> element
*
! * @param resolverSpi the implementation subclass of {@link ResourceResolverSpi} for
! * retrieving the resource.
*/
public void addResourceResolver(ResourceResolverSpi resolverSpi) {
if (resolverSpi == null) {
return;
}
! if (perManifestResolvers == null) {
! perManifestResolvers = new ArrayList<ResourceResolver>();
! }
! perManifestResolvers.add(new ResourceResolver(resolverSpi));
! }
!
! /**
! * Get the Per-Manifest Resolver List
! * @return the per-manifest Resolver List
! */
! public List<ResourceResolver> getPerManifestResolvers() {
! return perManifestResolvers;
! }
+ /**
+ * Get the resolver property map
+ * @return the resolver property map
+ */
+ public Map<String, String> getResolverProperties() {
+ return resolverProperties;
}
/**
* Used to pass parameters like proxy servers etc to the ResourceResolver
* implementation.
*
* @param key the key
* @param value the value
*/
public void setResolverProperty(String key, String value) {
! if (resolverProperties == null) {
! resolverProperties = new HashMap<String, String>(10);
}
! this.resolverProperties.put(key, value);
}
/**
* Returns the value at specified key
*
* @param key the key
* @return the value
*/
public String getResolverProperty(String key) {
! return this.resolverProperties.get(key);
}
/**
* Method getSignedContentItem
*
*** 512,522 ****
* @return The signed content of the i reference.
*
* @throws XMLSignatureException
*/
public byte[] getSignedContentItem(int i) throws XMLSignatureException {
-
try {
return this.getReferencedContentAfterTransformsItem(i).getBytes();
} catch (IOException ex) {
throw new XMLSignatureException("empty", ex);
} catch (CanonicalizationException ex) {
--- 550,559 ----
*** 553,563 ****
}
/**
* Method getSignedContentLength
*
! * @return The nu,ber of references contained in this reference.
*/
public int getSignedContentLength() {
return this.getLength();
}
--- 590,600 ----
}
/**
* Method getSignedContentLength
*
! * @return The number of references contained in this reference.
*/
public int getSignedContentLength() {
return this.getLength();
}