1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /* 6 * Copyright 2005 The Apache Software Foundation. 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); 9 * you may not use this file except in compliance with the License. 10 * You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 * 20 */ 21 /* 22 * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved. 23 */ 24 /* 25 * $Id: ApacheCanonicalizer.java,v 1.2 2008/07/24 15:20:32 mullan Exp $ 26 */ 27 package org.jcp.xml.dsig.internal.dom; 28 29 import java.io.ByteArrayInputStream; 30 import java.io.ByteArrayOutputStream; 31 import java.io.IOException; 32 import java.io.OutputStream; 33 import java.security.spec.AlgorithmParameterSpec; 34 import java.security.InvalidAlgorithmParameterException; 35 import java.util.Set; 36 import java.util.logging.Logger; 37 import java.util.logging.Level; 38 import javax.xml.crypto.*; 39 import javax.xml.crypto.dom.DOMCryptoContext; 40 import javax.xml.crypto.dsig.TransformException; 41 import javax.xml.crypto.dsig.TransformService; 42 import javax.xml.crypto.dsig.XMLSignatureException; 43 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; 44 45 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer; 46 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException; 47 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; 48 import com.sun.org.apache.xml.internal.security.transforms.Transform; 49 import org.w3c.dom.Document; 50 import org.w3c.dom.Element; 51 import org.w3c.dom.NodeList; 52 53 public abstract class ApacheCanonicalizer extends TransformService { 54 55 static { 56 com.sun.org.apache.xml.internal.security.Init.init(); 57 } 58 59 private static Logger log = Logger.getLogger("org.jcp.xml.dsig.internal.dom"); 60 protected Canonicalizer apacheCanonicalizer; 61 private Transform apacheTransform; 62 protected String inclusiveNamespaces; 63 protected C14NMethodParameterSpec params; 64 protected Document ownerDoc; 65 protected Element transformElem; 66 67 public final AlgorithmParameterSpec getParameterSpec() { 68 return params; 69 } 70 71 public void init(XMLStructure parent, XMLCryptoContext context) 72 throws InvalidAlgorithmParameterException { 73 if (context != null && !(context instanceof DOMCryptoContext)) { 74 throw new ClassCastException 75 ("context must be of type DOMCryptoContext"); 76 } 77 transformElem = (Element) 78 ((javax.xml.crypto.dom.DOMStructure) parent).getNode(); 79 ownerDoc = DOMUtils.getOwnerDocument(transformElem); 80 } 81 82 public void marshalParams(XMLStructure parent, XMLCryptoContext context) 83 throws MarshalException { 84 if (context != null && !(context instanceof DOMCryptoContext)) { 85 throw new ClassCastException 86 ("context must be of type DOMCryptoContext"); 87 } 88 transformElem = (Element) 89 ((javax.xml.crypto.dom.DOMStructure) parent).getNode(); 90 ownerDoc = DOMUtils.getOwnerDocument(transformElem); 91 } 92 93 public Data canonicalize(Data data, XMLCryptoContext xc) 94 throws TransformException { 95 return canonicalize(data, xc, null); 96 } 97 98 public Data canonicalize(Data data, XMLCryptoContext xc, OutputStream os) 99 throws TransformException { 100 101 if (apacheCanonicalizer == null) { 102 try { 103 apacheCanonicalizer = Canonicalizer.getInstance(getAlgorithm()); 104 if (log.isLoggable(Level.FINE)) { 105 log.log(Level.FINE, "Created canonicalizer for algorithm: " 106 + getAlgorithm()); 107 } 108 } catch (InvalidCanonicalizerException ice) { 109 throw new TransformException 110 ("Couldn't find Canonicalizer for: " + getAlgorithm() + 111 ": " + ice.getMessage(), ice); 112 } 113 } 114 115 if (os != null) { 116 apacheCanonicalizer.setWriter(os); 117 } else { 118 apacheCanonicalizer.setWriter(new ByteArrayOutputStream()); 119 } 120 121 try { 122 Set nodeSet = null; 123 if (data instanceof ApacheData) { 124 XMLSignatureInput in = 125 ((ApacheData) data).getXMLSignatureInput(); 126 if (in.isElement()) { 127 if (inclusiveNamespaces != null) { 128 return new OctetStreamData(new ByteArrayInputStream 129 (apacheCanonicalizer.canonicalizeSubtree 130 (in.getSubNode(), inclusiveNamespaces))); 131 } else { 132 return new OctetStreamData(new ByteArrayInputStream 133 (apacheCanonicalizer.canonicalizeSubtree 134 (in.getSubNode()))); 135 } 136 } else if (in.isNodeSet()) { 137 nodeSet = in.getNodeSet(); 138 } else { 139 return new OctetStreamData(new ByteArrayInputStream( 140 apacheCanonicalizer.canonicalize( 141 Utils.readBytesFromStream(in.getOctetStream())))); 142 } 143 } else if (data instanceof DOMSubTreeData) { 144 DOMSubTreeData subTree = (DOMSubTreeData) data; 145 if (inclusiveNamespaces != null) { 146 return new OctetStreamData(new ByteArrayInputStream 147 (apacheCanonicalizer.canonicalizeSubtree 148 (subTree.getRoot(), inclusiveNamespaces))); 149 } else { 150 return new OctetStreamData(new ByteArrayInputStream 151 (apacheCanonicalizer.canonicalizeSubtree 152 (subTree.getRoot()))); 153 } 154 } else if (data instanceof NodeSetData) { 155 NodeSetData nsd = (NodeSetData) data; 156 // convert Iterator to Set 157 nodeSet = Utils.toNodeSet(nsd.iterator()); 158 if (log.isLoggable(Level.FINE)) { 159 log.log(Level.FINE, "Canonicalizing " + nodeSet.size() 160 + " nodes"); 161 } 162 } else { 163 return new OctetStreamData(new ByteArrayInputStream( 164 apacheCanonicalizer.canonicalize( 165 Utils.readBytesFromStream( 166 ((OctetStreamData)data).getOctetStream())))); 167 } 168 if (inclusiveNamespaces != null) { 169 return new OctetStreamData(new ByteArrayInputStream( 170 apacheCanonicalizer.canonicalizeXPathNodeSet 171 (nodeSet, inclusiveNamespaces))); 172 } else { 173 return new OctetStreamData(new ByteArrayInputStream( 174 apacheCanonicalizer.canonicalizeXPathNodeSet(nodeSet))); 175 } 176 } catch (Exception e) { 177 throw new TransformException(e); 178 } 179 } 180 181 public Data transform(Data data, XMLCryptoContext xc, OutputStream os) 182 throws TransformException { 183 if (data == null) { 184 throw new NullPointerException("data must not be null"); 185 } 186 if (os == null) { 187 throw new NullPointerException("output stream must not be null"); 188 } 189 190 if (ownerDoc == null) { 191 throw new TransformException("transform must be marshalled"); 192 } 193 194 if (apacheTransform == null) { 195 try { 196 apacheTransform = new Transform 197 (ownerDoc, getAlgorithm(), transformElem.getChildNodes()); 198 apacheTransform.setElement(transformElem, xc.getBaseURI()); 199 if (log.isLoggable(Level.FINE)) { 200 log.log(Level.FINE, "Created transform for algorithm: " 201 + getAlgorithm()); 202 } 203 } catch (Exception ex) { 204 throw new TransformException 205 ("Couldn't find Transform for: " + getAlgorithm(), ex); 206 } 207 } 208 209 XMLSignatureInput in; 210 if (data instanceof ApacheData) { 211 if (log.isLoggable(Level.FINE)) { 212 log.log(Level.FINE, "ApacheData = true"); 213 } 214 in = ((ApacheData) data).getXMLSignatureInput(); 215 } else if (data instanceof NodeSetData) { 216 if (log.isLoggable(Level.FINE)) { 217 log.log(Level.FINE, "isNodeSet() = true"); 218 } 219 if (data instanceof DOMSubTreeData) { 220 DOMSubTreeData subTree = (DOMSubTreeData) data; 221 in = new XMLSignatureInput(subTree.getRoot()); 222 in.setExcludeComments(subTree.excludeComments()); 223 } else { 224 Set nodeSet = 225 Utils.toNodeSet(((NodeSetData) data).iterator()); 226 in = new XMLSignatureInput(nodeSet); 227 } 228 } else { 229 if (log.isLoggable(Level.FINE)) { 230 log.log(Level.FINE, "isNodeSet() = false"); 231 } 232 try { 233 in = new XMLSignatureInput 234 (((OctetStreamData)data).getOctetStream()); 235 } catch (Exception ex) { 236 throw new TransformException(ex); 237 } 238 } 239 240 try { 241 in = apacheTransform.performTransform(in, os); 242 if (!in.isNodeSet() && !in.isElement()) { 243 return null; 244 } 245 if (in.isOctetStream()) { 246 return new ApacheOctetStreamData(in); 247 } else { 248 return new ApacheNodeSetData(in); 249 } 250 } catch (Exception ex) { | 1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /** 6 * Licensed to the Apache Software Foundation (ASF) under one 7 * or more contributor license agreements. See the NOTICE file 8 * distributed with this work for additional information 9 * regarding copyright ownership. The ASF licenses this file 10 * to you under the Apache License, Version 2.0 (the 11 * "License"); you may not use this file except in compliance 12 * with the License. You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, 17 * software distributed under the License is distributed on an 18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 19 * KIND, either express or implied. See the License for the 20 * specific language governing permissions and limitations 21 * under the License. 22 */ 23 /* 24 * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved. 25 */ 26 /* 27 * $Id: ApacheCanonicalizer.java 1333869 2012-05-04 10:42:44Z coheigea $ 28 */ 29 package org.jcp.xml.dsig.internal.dom; 30 31 import java.io.ByteArrayInputStream; 32 import java.io.ByteArrayOutputStream; 33 import java.io.OutputStream; 34 import java.security.spec.AlgorithmParameterSpec; 35 import java.security.InvalidAlgorithmParameterException; 36 import java.util.Set; 37 import javax.xml.crypto.*; 38 import javax.xml.crypto.dom.DOMCryptoContext; 39 import javax.xml.crypto.dsig.TransformException; 40 import javax.xml.crypto.dsig.TransformService; 41 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; 42 43 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer; 44 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException; 45 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput; 46 import com.sun.org.apache.xml.internal.security.transforms.Transform; 47 import org.w3c.dom.Document; 48 import org.w3c.dom.Element; 49 import org.w3c.dom.Node; 50 51 public abstract class ApacheCanonicalizer extends TransformService { 52 53 static { 54 com.sun.org.apache.xml.internal.security.Init.init(); 55 } 56 57 private static java.util.logging.Logger log = 58 java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom"); 59 protected Canonicalizer apacheCanonicalizer; 60 private Transform apacheTransform; 61 protected String inclusiveNamespaces; 62 protected C14NMethodParameterSpec params; 63 protected Document ownerDoc; 64 protected Element transformElem; 65 66 public final AlgorithmParameterSpec getParameterSpec() 67 { 68 return params; 69 } 70 71 public void init(XMLStructure parent, XMLCryptoContext context) 72 throws InvalidAlgorithmParameterException 73 { 74 if (context != null && !(context instanceof DOMCryptoContext)) { 75 throw new ClassCastException 76 ("context must be of type DOMCryptoContext"); 77 } 78 if (parent == null || !(parent instanceof javax.xml.crypto.dom.DOMStructure)) { 79 throw new ClassCastException("parent must be of type DOMStructure"); 80 } 81 transformElem = (Element) 82 ((javax.xml.crypto.dom.DOMStructure)parent).getNode(); 83 ownerDoc = DOMUtils.getOwnerDocument(transformElem); 84 } 85 86 public void marshalParams(XMLStructure parent, XMLCryptoContext context) 87 throws MarshalException 88 { 89 if (context != null && !(context instanceof DOMCryptoContext)) { 90 throw new ClassCastException 91 ("context must be of type DOMCryptoContext"); 92 } 93 if (parent == null || !(parent instanceof javax.xml.crypto.dom.DOMStructure)) { 94 throw new ClassCastException("parent must be of type DOMStructure"); 95 } 96 transformElem = (Element) 97 ((javax.xml.crypto.dom.DOMStructure)parent).getNode(); 98 ownerDoc = DOMUtils.getOwnerDocument(transformElem); 99 } 100 101 public Data canonicalize(Data data, XMLCryptoContext xc) 102 throws TransformException 103 { 104 return canonicalize(data, xc, null); 105 } 106 107 public Data canonicalize(Data data, XMLCryptoContext xc, OutputStream os) 108 throws TransformException 109 { 110 if (apacheCanonicalizer == null) { 111 try { 112 apacheCanonicalizer = Canonicalizer.getInstance(getAlgorithm()); 113 if (log.isLoggable(java.util.logging.Level.FINE)) { 114 log.log(java.util.logging.Level.FINE, "Created canonicalizer for algorithm: " + getAlgorithm()); 115 } 116 } catch (InvalidCanonicalizerException ice) { 117 throw new TransformException 118 ("Couldn't find Canonicalizer for: " + getAlgorithm() + 119 ": " + ice.getMessage(), ice); 120 } 121 } 122 123 if (os != null) { 124 apacheCanonicalizer.setWriter(os); 125 } else { 126 apacheCanonicalizer.setWriter(new ByteArrayOutputStream()); 127 } 128 129 try { 130 Set<Node> nodeSet = null; 131 if (data instanceof ApacheData) { 132 XMLSignatureInput in = 133 ((ApacheData)data).getXMLSignatureInput(); 134 if (in.isElement()) { 135 if (inclusiveNamespaces != null) { 136 return new OctetStreamData(new ByteArrayInputStream 137 (apacheCanonicalizer.canonicalizeSubtree 138 (in.getSubNode(), inclusiveNamespaces))); 139 } else { 140 return new OctetStreamData(new ByteArrayInputStream 141 (apacheCanonicalizer.canonicalizeSubtree 142 (in.getSubNode()))); 143 } 144 } else if (in.isNodeSet()) { 145 nodeSet = in.getNodeSet(); 146 } else { 147 return new OctetStreamData(new ByteArrayInputStream( 148 apacheCanonicalizer.canonicalize( 149 Utils.readBytesFromStream(in.getOctetStream())))); 150 } 151 } else if (data instanceof DOMSubTreeData) { 152 DOMSubTreeData subTree = (DOMSubTreeData)data; 153 if (inclusiveNamespaces != null) { 154 return new OctetStreamData(new ByteArrayInputStream 155 (apacheCanonicalizer.canonicalizeSubtree 156 (subTree.getRoot(), inclusiveNamespaces))); 157 } else { 158 return new OctetStreamData(new ByteArrayInputStream 159 (apacheCanonicalizer.canonicalizeSubtree 160 (subTree.getRoot()))); 161 } 162 } else if (data instanceof NodeSetData) { 163 NodeSetData nsd = (NodeSetData)data; 164 // convert Iterator to Set 165 @SuppressWarnings("unchecked") 166 Set<Node> ns = Utils.toNodeSet(nsd.iterator()); 167 nodeSet = ns; 168 if (log.isLoggable(java.util.logging.Level.FINE)) { 169 log.log(java.util.logging.Level.FINE, "Canonicalizing " + nodeSet.size() + " nodes"); 170 } 171 } else { 172 return new OctetStreamData(new ByteArrayInputStream( 173 apacheCanonicalizer.canonicalize( 174 Utils.readBytesFromStream( 175 ((OctetStreamData)data).getOctetStream())))); 176 } 177 if (inclusiveNamespaces != null) { 178 return new OctetStreamData(new ByteArrayInputStream( 179 apacheCanonicalizer.canonicalizeXPathNodeSet 180 (nodeSet, inclusiveNamespaces))); 181 } else { 182 return new OctetStreamData(new ByteArrayInputStream( 183 apacheCanonicalizer.canonicalizeXPathNodeSet(nodeSet))); 184 } 185 } catch (Exception e) { 186 throw new TransformException(e); 187 } 188 } 189 190 public Data transform(Data data, XMLCryptoContext xc, OutputStream os) 191 throws TransformException 192 { 193 if (data == null) { 194 throw new NullPointerException("data must not be null"); 195 } 196 if (os == null) { 197 throw new NullPointerException("output stream must not be null"); 198 } 199 200 if (ownerDoc == null) { 201 throw new TransformException("transform must be marshalled"); 202 } 203 204 if (apacheTransform == null) { 205 try { 206 apacheTransform = 207 new Transform(ownerDoc, getAlgorithm(), transformElem.getChildNodes()); 208 apacheTransform.setElement(transformElem, xc.getBaseURI()); 209 if (log.isLoggable(java.util.logging.Level.FINE)) { 210 log.log(java.util.logging.Level.FINE, "Created transform for algorithm: " + getAlgorithm()); 211 } 212 } catch (Exception ex) { 213 throw new TransformException 214 ("Couldn't find Transform for: " + getAlgorithm(), ex); 215 } 216 } 217 218 XMLSignatureInput in; 219 if (data instanceof ApacheData) { 220 if (log.isLoggable(java.util.logging.Level.FINE)) { 221 log.log(java.util.logging.Level.FINE, "ApacheData = true"); 222 } 223 in = ((ApacheData)data).getXMLSignatureInput(); 224 } else if (data instanceof NodeSetData) { 225 if (log.isLoggable(java.util.logging.Level.FINE)) { 226 log.log(java.util.logging.Level.FINE, "isNodeSet() = true"); 227 } 228 if (data instanceof DOMSubTreeData) { 229 DOMSubTreeData subTree = (DOMSubTreeData)data; 230 in = new XMLSignatureInput(subTree.getRoot()); 231 in.setExcludeComments(subTree.excludeComments()); 232 } else { 233 @SuppressWarnings("unchecked") 234 Set<Node> nodeSet = 235 Utils.toNodeSet(((NodeSetData)data).iterator()); 236 in = new XMLSignatureInput(nodeSet); 237 } 238 } else { 239 if (log.isLoggable(java.util.logging.Level.FINE)) { 240 log.log(java.util.logging.Level.FINE, "isNodeSet() = false"); 241 } 242 try { 243 in = new XMLSignatureInput 244 (((OctetStreamData)data).getOctetStream()); 245 } catch (Exception ex) { 246 throw new TransformException(ex); 247 } 248 } 249 250 try { 251 in = apacheTransform.performTransform(in, os); 252 if (!in.isNodeSet() && !in.isElement()) { 253 return null; 254 } 255 if (in.isOctetStream()) { 256 return new ApacheOctetStreamData(in); 257 } else { 258 return new ApacheNodeSetData(in); 259 } 260 } catch (Exception ex) { |