--- old/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java 2013-06-28 11:34:08.889329243 -0400
+++ new/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java 2013-06-28 11:34:08.721334472 -0400
@@ -2,21 +2,23 @@
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
-/*
- * Copyright 1999-2008 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package com.sun.org.apache.xml.internal.security.transforms;
@@ -38,11 +40,11 @@
import org.w3c.dom.NodeList;
/**
- * Holder of the {@link com.sun.org.apache.xml.internal.security.transforms.Transform} steps to
+ * Holder of the {@link com.sun.org.apache.xml.internal.security.transforms.Transform} steps to
* be performed on the data.
- * The input to the first Transform is the result of dereferencing the
+ * The input to the first Transform is the result of dereferencing the
* URI attribute of the Reference element.
- * The output from the last Transform is the input for the
+ * The output from the last Transform is the input for the
* DigestMethod algorithm
*
* @author Christian Geuer-Pollmann
@@ -51,69 +53,77 @@
*/
public class Transforms extends SignatureElementProxy {
- /** {@link java.util.logging} logging facility */
- static java.util.logging.Logger log =
- java.util.logging.Logger.getLogger(Transforms.class.getName());
/** Canonicalization - Required Canonical XML (omits comments) */
- public static final String TRANSFORM_C14N_OMIT_COMMENTS
+ public static final String TRANSFORM_C14N_OMIT_COMMENTS
= Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
+
/** Canonicalization - Recommended Canonical XML with Comments */
- public static final String TRANSFORM_C14N_WITH_COMMENTS
+ public static final String TRANSFORM_C14N_WITH_COMMENTS
= Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
+
/** Canonicalization - Required Canonical XML 1.1 (omits comments) */
- public static final String TRANSFORM_C14N11_OMIT_COMMENTS
+ public static final String TRANSFORM_C14N11_OMIT_COMMENTS
= Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS;
+
/** Canonicalization - Recommended Canonical XML 1.1 with Comments */
- public static final String TRANSFORM_C14N11_WITH_COMMENTS
+ public static final String TRANSFORM_C14N11_WITH_COMMENTS
= Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS;
+
/** Canonicalization - Required Exclusive Canonicalization (omits comments) */
- public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS
+ public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS
= Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
+
/** Canonicalization - Recommended Exclusive Canonicalization with Comments */
- public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS
+ public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS
= Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
+
/** Transform - Optional XSLT */
- public static final String TRANSFORM_XSLT
+ public static final String TRANSFORM_XSLT
= "http://www.w3.org/TR/1999/REC-xslt-19991116";
+
/** Transform - Required base64 decoding */
- public static final String TRANSFORM_BASE64_DECODE
+ public static final String TRANSFORM_BASE64_DECODE
= Constants.SignatureSpecNS + "base64";
+
/** Transform - Recommended XPath */
- public static final String TRANSFORM_XPATH
+ public static final String TRANSFORM_XPATH
= "http://www.w3.org/TR/1999/REC-xpath-19991116";
+
/** Transform - Required Enveloped Signature */
- public static final String TRANSFORM_ENVELOPED_SIGNATURE
+ public static final String TRANSFORM_ENVELOPED_SIGNATURE
= Constants.SignatureSpecNS + "enveloped-signature";
+
/** Transform - XPointer */
- public static final String TRANSFORM_XPOINTER
+ public static final String TRANSFORM_XPOINTER
= "http://www.w3.org/TR/2001/WD-xptr-20010108";
- /** Transform - XPath Filter v2.0 */
- public static final String TRANSFORM_XPATH2FILTER04
- = "http://www.w3.org/2002/04/xmldsig-filter2";
+
/** Transform - XPath Filter */
- public static final String TRANSFORM_XPATH2FILTER
+ public static final String TRANSFORM_XPATH2FILTER
= "http://www.w3.org/2002/06/xmldsig-filter2";
- /** Transform - XPath Filter CHGP private */
- public static final String TRANSFORM_XPATHFILTERCHGP
- = "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter";
+
+ /** {@link org.apache.commons.logging} logging facility */
+ private static java.util.logging.Logger log =
+ java.util.logging.Logger.getLogger(Transforms.class.getName());
- Element []transforms;
+ private Element[] transforms;
protected Transforms() { };
+
+ private boolean secureValidation;
/**
* Constructs {@link Transforms}.
*
- * @param doc the {@link Document} in which XMLSignature will
+ * @param doc the {@link Document} in which XMLSignature will
* be placed
*/
public Transforms(Document doc) {
super(doc);
- XMLUtils.addReturnToElement(this._constructionElement);
+ XMLUtils.addReturnToElement(this.constructionElement);
}
/**
- * Constructs {@link Transforms} from {@link Element} which is
+ * Constructs {@link Transforms} from {@link Element} which is
* Transforms Element
*
* @param element is Transforms element
@@ -125,40 +135,42 @@
* @throws XMLSignatureException
*/
public Transforms(Element element, String BaseURI)
- throws DOMException, XMLSignatureException,
- InvalidTransformException, TransformationException,
- XMLSecurityException {
-
+ throws DOMException, XMLSignatureException, InvalidTransformException,
+ TransformationException, XMLSecurityException {
super(element, BaseURI);
int numberOfTransformElems = this.getLength();
if (numberOfTransformElems == 0) {
-
// At least one Transform element must be present. Bad.
- Object exArgs[] = { Constants._TAG_TRANSFORM,
- Constants._TAG_TRANSFORMS };
+ Object exArgs[] = { Constants._TAG_TRANSFORM, Constants._TAG_TRANSFORMS };
throw new TransformationException("xml.WrongContent", exArgs);
}
}
+
+ /**
+ * Set whether secure validation is enabled or not. The default is false.
+ */
+ public void setSecureValidation(boolean secureValidation) {
+ this.secureValidation = secureValidation;
+ }
/**
- * Adds the Transform with the specified Transform
+ * Adds the Transform with the specified Transform
* algorithm URI
*
- * @param transformURI the URI form of transform that indicates which
+ * @param transformURI the URI form of transform that indicates which
* transformation is applied to data
* @throws TransformationException
*/
- public void addTransform(String transformURI)
- throws TransformationException {
-
+ public void addTransform(String transformURI) throws TransformationException {
try {
- if (log.isLoggable(java.util.logging.Level.FINE))
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")");
+ }
- Transform transform = new Transform(this._doc, transformURI);
+ Transform transform = new Transform(this.doc, transformURI);
this.addTransform(transform);
} catch (InvalidTransformException ex) {
@@ -167,23 +179,22 @@
}
/**
- * Adds the Transform with the specified Transform
+ * Adds the Transform with the specified Transform
* algorithm URI
*
- * @param transformURI the URI form of transform that indicates which
+ * @param transformURI the URI form of transform that indicates which
* transformation is applied to data
* @param contextElement
* @throws TransformationException
- * @see Transform#getInstance(Document doc, String algorithmURI, Element childElement)
*/
public void addTransform(String transformURI, Element contextElement)
- throws TransformationException {
-
+ throws TransformationException {
try {
- if (log.isLoggable(java.util.logging.Level.FINE))
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transformURI + ")");
+ }
- Transform transform = new Transform(this._doc, transformURI, contextElement);
+ Transform transform = new Transform(this.doc, transformURI, contextElement);
this.addTransform(transform);
} catch (InvalidTransformException ex) {
@@ -192,20 +203,19 @@
}
/**
- * Adds the Transform with the specified Transform
+ * Adds the Transform with the specified Transform
* algorithm URI.
*
- * @param transformURI the URI form of transform that indicates which
+ * @param transformURI the URI form of transform that indicates which
* transformation is applied to data
* @param contextNodes
* @throws TransformationException
- * @see Transform#getInstance(Document doc, String algorithmURI, NodeList contextNodes)
*/
public void addTransform(String transformURI, NodeList contextNodes)
- throws TransformationException {
+ throws TransformationException {
try {
- Transform transform = new Transform(this._doc, transformURI, contextNodes);
+ Transform transform = new Transform(this.doc, transformURI, contextNodes);
this.addTransform(transform);
} catch (InvalidTransformException ex) {
throw new TransformationException("empty", ex);
@@ -218,17 +228,18 @@
* @param transform {@link Transform} object
*/
private void addTransform(Transform transform) {
- if (log.isLoggable(java.util.logging.Level.FINE))
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Transforms.addTransform(" + transform.getURI() + ")");
+ }
Element transformElement = transform.getElement();
- this._constructionElement.appendChild(transformElement);
- XMLUtils.addReturnToElement(this._constructionElement);
+ this.constructionElement.appendChild(transformElement);
+ XMLUtils.addReturnToElement(this.constructionElement);
}
/**
- * Applies all included Transforms to xmlSignatureInput and
+ * Applies all included Transforms to xmlSignatureInput and
* returns the result of these transformations.
*
* @param xmlSignatureInput the input for the Transforms
@@ -236,12 +247,13 @@
* @throws TransformationException
*/
public XMLSignatureInput performTransforms(
- XMLSignatureInput xmlSignatureInput) throws TransformationException {
+ XMLSignatureInput xmlSignatureInput
+ ) throws TransformationException {
return performTransforms(xmlSignatureInput, null);
}
-
+
/**
- * Applies all included Transforms to xmlSignatureInput and
+ * Applies all included Transforms to xmlSignatureInput and
* returns the result of these transformations.
*
* @param xmlSignatureInput the input for the Transforms
@@ -250,21 +262,22 @@
* @throws TransformationException
*/
public XMLSignatureInput performTransforms(
- XMLSignatureInput xmlSignatureInput, OutputStream os)
- throws TransformationException {
-
+ XMLSignatureInput xmlSignatureInput, OutputStream os
+ ) throws TransformationException {
try {
- int last=this.getLength()-1;
+ int last = this.getLength() - 1;
for (int i = 0; i < last; i++) {
Transform t = this.item(i);
+ String uri = t.getURI();
if (log.isLoggable(java.util.logging.Level.FINE)) {
- log.log(java.util.logging.Level.FINE, "Perform the (" + i + ")th " + t.getURI()
- + " transform");
+ log.log(java.util.logging.Level.FINE, "Perform the (" + i + ")th " + uri + " transform");
}
+ checkSecureValidation(t);
xmlSignatureInput = t.performTransform(xmlSignatureInput);
}
- if (last>=0) {
+ if (last >= 0) {
Transform t = this.item(last);
+ checkSecureValidation(t);
xmlSignatureInput = t.performTransform(xmlSignatureInput, os);
}
@@ -277,19 +290,29 @@
throw new TransformationException("empty", ex);
}
}
+
+ private void checkSecureValidation(Transform transform) throws TransformationException {
+ String uri = transform.getURI();
+ if (secureValidation && Transforms.TRANSFORM_XSLT.equals(uri)) {
+ Object exArgs[] = { uri };
+
+ throw new TransformationException(
+ "signature.Transform.ForbiddenTransform", exArgs
+ );
+ }
+ }
/**
* Return the nonnegative number of transformations.
*
* @return the number of transformations
*/
- public int getLength()
- {
+ public int getLength() {
if (transforms == null) {
- transforms = XMLUtils.selectDsNodes
- (this._constructionElement.getFirstChild(), "Transform");
+ transforms =
+ XMLUtils.selectDsNodes(this.constructionElement.getFirstChild(), "Transform");
}
- return transforms.length;
+ return transforms.length;
}
/**
@@ -301,13 +324,12 @@
* @throws TransformationException
*/
public Transform item(int i) throws TransformationException {
-
try {
if (transforms == null) {
- transforms = XMLUtils.selectDsNodes
- (this._constructionElement.getFirstChild(), "Transform");
+ transforms =
+ XMLUtils.selectDsNodes(this.constructionElement.getFirstChild(), "Transform");
}
- return new Transform(transforms[i], this._baseURI);
+ return new Transform(transforms[i], this.baseURI);
} catch (XMLSecurityException ex) {
throw new TransformationException("empty", ex);
}