1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /** 6 * Licensed to the Apache Software Foundation (ASF) under one 7 * or more contributor license agreements. See the NOTICE file 8 * distributed with this work for additional information 9 * regarding copyright ownership. The ASF licenses this file 10 * to you under the Apache License, Version 2.0 (the 11 * "License"); you may not use this file except in compliance 12 * with the License. You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, 17 * software distributed under the License is distributed on an 18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 19 * KIND, either express or implied. See the License for the 20 * specific language governing permissions and limitations 21 * under the License. 22 */ 23 package com.sun.org.apache.xml.internal.security.utils.resolver.implementations; 24 25 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; 26 import com.sun.org.apache.xml.internal.security.utils.XMLUtils; 27 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverContext; 28 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException; 29 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi; 30 import org.w3c.dom.Document; 31 import org.w3c.dom.Element; 32 import org.w3c.dom.Node; 33 34 /** 35 * This resolver is used for resolving same-document URIs like URI="" of URI="#id". 36 * 37 * @author $Author: coheigea $ 38 * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel">The Reference processing model in the XML Signature spec</A> 39 * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#sec-Same-Document">Same-Document URI-References in the XML Signature spec</A> 40 * @see <A HREF="http://www.ietf.org/rfc/rfc2396.txt">Section 4.2 of RFC 2396</A> 41 */ 42 public class ResolverFragment extends ResourceResolverSpi { 43 44 /** {@link org.apache.commons.logging} logging facility */ 45 private static java.util.logging.Logger log = 46 java.util.logging.Logger.getLogger(ResolverFragment.class.getName()); 47 48 @Override 49 public boolean engineIsThreadSafe() { 50 return true; 51 } 52 53 /** 54 * Method engineResolve 55 * 56 * @inheritDoc 57 * @param uri 58 * @param baseURI 59 */ 60 public XMLSignatureInput engineResolveURI(ResourceResolverContext context) 61 throws ResourceResolverException { 62 63 Document doc = context.attr.getOwnerElement().getOwnerDocument(); 64 65 Node selectedElem = null; 66 if (context.uriToResolve.equals("")) { 67 /* 68 * Identifies the node-set (minus any comment nodes) of the XML 69 * resource containing the signature 70 */ 71 if (log.isLoggable(java.util.logging.Level.FINE)) { 72 log.log(java.util.logging.Level.FINE, "ResolverFragment with empty URI (means complete document)"); 73 } 74 selectedElem = doc; 75 } else { 76 /* 77 * URI="#chapter1" 78 * Identifies a node-set containing the element with ID attribute 79 * value 'chapter1' of the XML resource containing the signature. 80 * XML Signature (and its applications) modify this node-set to 81 * include the element plus all descendants including namespaces and 82 * attributes -- but not comments. 83 */ 84 String id = context.uriToResolve.substring(1); 85 86 selectedElem = doc.getElementById(id); 87 if (selectedElem == null) { 88 Object exArgs[] = { id }; 89 throw new ResourceResolverException( 90 "signature.Verification.MissingID", exArgs, context.attr, context.baseUri 91 ); 92 } 93 if (context.secureValidation) { 94 Element start = context.attr.getOwnerDocument().getDocumentElement(); 95 if (!XMLUtils.protectAgainstWrappingAttack(start, id)) { 96 Object exArgs[] = { id }; 97 throw new ResourceResolverException( 98 "signature.Verification.MultipleIDs", exArgs, context.attr, context.baseUri 99 ); 100 } 101 } 102 if (log.isLoggable(java.util.logging.Level.FINE)) { 103 log.log(java.util.logging.Level.FINE, 104 "Try to catch an Element with ID " + id + " and Element was " + selectedElem 105 ); 106 } 107 } 108 109 XMLSignatureInput result = new XMLSignatureInput(selectedElem); 110 result.setExcludeComments(true); 111 112 result.setMIMEType("text/xml"); 113 if (context.baseUri != null && context.baseUri.length() > 0) { 114 result.setSourceURI(context.baseUri.concat(context.uriToResolve)); 115 } else { 116 result.setSourceURI(context.uriToResolve); 117 } 118 return result; 119 } 120 121 /** 122 * Method engineCanResolve 123 * @inheritDoc 124 * @param uri 125 * @param baseURI 126 */ 127 public boolean engineCanResolveURI(ResourceResolverContext context) { 128 if (context.uriToResolve == null) { 129 if (log.isLoggable(java.util.logging.Level.FINE)) { 130 log.log(java.util.logging.Level.FINE, "Quick fail for null uri"); 131 } 132 return false; 133 } 134 135 if (context.uriToResolve.equals("") || 136 ((context.uriToResolve.charAt(0) == '#') && !context.uriToResolve.startsWith("#xpointer(")) 137 ) { 138 if (log.isLoggable(java.util.logging.Level.FINE)) { 139 log.log(java.util.logging.Level.FINE, "State I can resolve reference: \"" + context.uriToResolve + "\""); 140 } 141 return true; 142 } 143 if (log.isLoggable(java.util.logging.Level.FINE)) { 144 log.log(java.util.logging.Level.FINE, "Do not seem to be able to resolve reference: \"" + context.uriToResolve + "\""); 145 } 146 return false; 147 } 148 149 }