1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /** 6 * Licensed to the Apache Software Foundation (ASF) under one 7 * or more contributor license agreements. See the NOTICE file 8 * distributed with this work for additional information 9 * regarding copyright ownership. The ASF licenses this file 10 * to you under the Apache License, Version 2.0 (the 11 * "License"); you may not use this file except in compliance 12 * with the License. You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, 17 * software distributed under the License is distributed on an 18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 19 * KIND, either express or implied. See the License for the 20 * specific language governing permissions and limitations 21 * under the License. 22 */ 23 /* 24 * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. 25 */ 26 /* 27 * $Id: DOMXMLSignatureFactory.java 1854026 2019-02-21 09:30:01Z coheigea $ 28 */ 29 package org.jcp.xml.dsig.internal.dom; 30 31 import javax.xml.crypto.*; 32 import javax.xml.crypto.dom.DOMCryptoContext; 33 import javax.xml.crypto.dsig.*; 34 import javax.xml.crypto.dsig.dom.DOMValidateContext; 35 import javax.xml.crypto.dsig.keyinfo.*; 36 import javax.xml.crypto.dsig.spec.*; 37 38 import java.security.InvalidAlgorithmParameterException; 39 import java.security.NoSuchAlgorithmException; 40 import java.util.List; 41 42 import org.w3c.dom.Document; 43 import org.w3c.dom.Element; 44 import org.w3c.dom.Node; 45 46 /** 47 * DOM-based implementation of XMLSignatureFactory. 48 * 49 */ 50 public final class DOMXMLSignatureFactory extends XMLSignatureFactory { 51 52 /** 53 * Initializes a new instance of this class. 54 */ 55 public DOMXMLSignatureFactory() {} 56 57 public XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki) { 58 return new DOMXMLSignature(si, ki, null, null, null); 59 } 60 61 @SuppressWarnings({ "unchecked", "rawtypes" }) 62 public XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki, 63 List objects, String id, String signatureValueId) { 64 return new DOMXMLSignature(si, ki, objects, id, signatureValueId); 65 } 66 67 public Reference newReference(String uri, DigestMethod dm) { 68 return newReference(uri, dm, null, null, null); 69 } 70 71 @SuppressWarnings({ "unchecked", "rawtypes" }) 72 public Reference newReference(String uri, DigestMethod dm, List transforms, 73 String type, String id) { 74 return new DOMReference(uri, type, dm, transforms, id, getProvider()); 75 } 76 77 @Override 78 @SuppressWarnings({ "unchecked", "rawtypes" }) 79 public Reference newReference(String uri, DigestMethod dm, 80 List appliedTransforms, Data result, List transforms, String type, 81 String id) { 82 if (appliedTransforms == null) { 83 throw new NullPointerException("appliedTransforms cannot be null"); 84 } 85 if (appliedTransforms.isEmpty()) { 86 throw new NullPointerException("appliedTransforms cannot be empty"); 87 } 88 if (result == null) { 89 throw new NullPointerException("result cannot be null"); 90 } 91 return new DOMReference 92 (uri, type, dm, appliedTransforms, result, transforms, id, getProvider()); 93 } 94 95 @SuppressWarnings({ "unchecked", "rawtypes" }) 96 public Reference newReference(String uri, DigestMethod dm, List transforms, 97 String type, String id, byte[] digestValue) { 98 if (digestValue == null) { 99 throw new NullPointerException("digestValue cannot be null"); 100 } 101 return new DOMReference 102 (uri, type, dm, null, null, transforms, id, digestValue, getProvider()); 103 } 104 105 @SuppressWarnings({ "rawtypes" }) 106 public SignedInfo newSignedInfo(CanonicalizationMethod cm, 107 SignatureMethod sm, List references) { 108 return newSignedInfo(cm, sm, references, null); 109 } 110 111 @SuppressWarnings({ "unchecked", "rawtypes" }) 112 public SignedInfo newSignedInfo(CanonicalizationMethod cm, 113 SignatureMethod sm, List references, String id) { 114 return new DOMSignedInfo(cm, sm, references, id); 115 } 116 117 // Object factory methods 118 @SuppressWarnings({ "unchecked", "rawtypes" }) 119 public XMLObject newXMLObject(List content, String id, String mimeType, 120 String encoding) { 121 return new DOMXMLObject(content, id, mimeType, encoding); 122 } 123 124 @SuppressWarnings({ "rawtypes" }) 125 public Manifest newManifest(List references) { 126 return newManifest(references, null); 127 } 128 129 @SuppressWarnings({ "unchecked", "rawtypes" }) 130 public Manifest newManifest(List references, String id) { 131 return new DOMManifest(references, id); 132 } 133 134 @SuppressWarnings({ "unchecked", "rawtypes" }) 135 public SignatureProperties newSignatureProperties(List props, String id) { 136 return new DOMSignatureProperties(props, id); 137 } 138 139 @SuppressWarnings({ "unchecked", "rawtypes" }) 140 public SignatureProperty newSignatureProperty 141 (List info, String target, String id) { 142 return new DOMSignatureProperty(info, target, id); 143 } 144 145 public XMLSignature unmarshalXMLSignature(XMLValidateContext context) 146 throws MarshalException { 147 148 if (context == null) { 149 throw new NullPointerException("context cannot be null"); 150 } 151 return unmarshal(((DOMValidateContext) context).getNode(), context); 152 } 153 154 public XMLSignature unmarshalXMLSignature(XMLStructure xmlStructure) 155 throws MarshalException { 156 157 if (xmlStructure == null) { 158 throw new NullPointerException("xmlStructure cannot be null"); 159 } 160 if (!(xmlStructure instanceof javax.xml.crypto.dom.DOMStructure)) { 161 throw new ClassCastException("xmlStructure must be of type DOMStructure"); 162 } 163 return unmarshal 164 (((javax.xml.crypto.dom.DOMStructure) xmlStructure).getNode(), 165 new UnmarshalContext()); 166 } 167 168 private static class UnmarshalContext extends DOMCryptoContext { 169 UnmarshalContext() {} 170 } 171 172 private XMLSignature unmarshal(Node node, XMLCryptoContext context) 173 throws MarshalException { 174 175 node.normalize(); 176 177 Element element = null; 178 if (node.getNodeType() == Node.DOCUMENT_NODE) { 179 element = ((Document) node).getDocumentElement(); 180 } else if (node.getNodeType() == Node.ELEMENT_NODE) { 181 element = (Element) node; 182 } else { 183 throw new MarshalException 184 ("Signature element is not a proper Node"); 185 } 186 187 // check tag 188 String tag = element.getLocalName(); 189 String namespace = element.getNamespaceURI(); 190 if (tag == null || namespace == null) { 191 throw new MarshalException("Document implementation must " + 192 "support DOM Level 2 and be namespace aware"); 193 } 194 if ("Signature".equals(tag) && XMLSignature.XMLNS.equals(namespace)) { 195 return new DOMXMLSignature(element, context, getProvider()); 196 } else { 197 throw new MarshalException("invalid Signature tag: " + namespace + ":" + tag); 198 } 199 } 200 201 public boolean isFeatureSupported(String feature) { 202 if (feature == null) { 203 throw new NullPointerException(); 204 } else { 205 return false; 206 } 207 } 208 209 public DigestMethod newDigestMethod(String algorithm, 210 DigestMethodParameterSpec params) throws NoSuchAlgorithmException, 211 InvalidAlgorithmParameterException { 212 if (algorithm == null) { 213 throw new NullPointerException(); 214 } 215 if (algorithm.equals(DigestMethod.SHA1)) { 216 return new DOMDigestMethod.SHA1(params); 217 } else if (algorithm.equals(DOMDigestMethod.SHA224)) { 218 return new DOMDigestMethod.SHA224(params); 219 } else if (algorithm.equals(DigestMethod.SHA256)) { 220 return new DOMDigestMethod.SHA256(params); 221 } else if (algorithm.equals(DOMDigestMethod.SHA384)) { 222 return new DOMDigestMethod.SHA384(params); 223 } else if (algorithm.equals(DigestMethod.SHA512)) { 224 return new DOMDigestMethod.SHA512(params); 225 } else if (algorithm.equals(DigestMethod.RIPEMD160)) { 226 return new DOMDigestMethod.RIPEMD160(params); 227 } else if (algorithm.equals(DOMDigestMethod.WHIRLPOOL)) { 228 return new DOMDigestMethod.WHIRLPOOL(params); 229 } else if (algorithm.equals(DOMDigestMethod.SHA3_224)) { 230 return new DOMDigestMethod.SHA3_224(params); 231 } else if (algorithm.equals(DOMDigestMethod.SHA3_256)) { 232 return new DOMDigestMethod.SHA3_256(params); 233 } else if (algorithm.equals(DOMDigestMethod.SHA3_384)) { 234 return new DOMDigestMethod.SHA3_384(params); 235 } else if (algorithm.equals(DOMDigestMethod.SHA3_512)) { 236 return new DOMDigestMethod.SHA3_512(params); 237 } else { 238 throw new NoSuchAlgorithmException("unsupported algorithm"); 239 } 240 } 241 242 public SignatureMethod newSignatureMethod(String algorithm, 243 SignatureMethodParameterSpec params) throws NoSuchAlgorithmException, 244 InvalidAlgorithmParameterException { 245 if (algorithm == null) { 246 throw new NullPointerException(); 247 } 248 if (algorithm.equals(SignatureMethod.RSA_SHA1)) { 249 return new DOMSignatureMethod.SHA1withRSA(params); 250 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA224)) { 251 return new DOMSignatureMethod.SHA224withRSA(params); 252 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA256)) { 253 return new DOMSignatureMethod.SHA256withRSA(params); 254 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA384)) { 255 return new DOMSignatureMethod.SHA384withRSA(params); 256 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512)) { 257 return new DOMSignatureMethod.SHA512withRSA(params); 258 } else if (algorithm.equals(DOMSignatureMethod.RSA_RIPEMD160)) { 259 return new DOMSignatureMethod.RIPEMD160withRSA(params); 260 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA1_MGF1)) { 261 return new DOMSignatureMethod.SHA1withRSAandMGF1(params); 262 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA224_MGF1)) { 263 return new DOMSignatureMethod.SHA224withRSAandMGF1(params); 264 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA256_MGF1)) { 265 return new DOMSignatureMethod.SHA256withRSAandMGF1(params); 266 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA384_MGF1)) { 267 return new DOMSignatureMethod.SHA384withRSAandMGF1(params); 268 } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512_MGF1)) { 269 return new DOMSignatureMethod.SHA512withRSAandMGF1(params); 270 } else if (algorithm.equals(DOMSignatureMethod.RSA_RIPEMD160_MGF1)) { 271 return new DOMSignatureMethod.RIPEMD160withRSAandMGF1(params); 272 } else if (algorithm.equals(SignatureMethod.DSA_SHA1)) { 273 return new DOMSignatureMethod.SHA1withDSA(params); 274 } else if (algorithm.equals(DOMSignatureMethod.DSA_SHA256)) { 275 return new DOMSignatureMethod.SHA256withDSA(params); 276 } else if (algorithm.equals(SignatureMethod.HMAC_SHA1)) { 277 return new DOMHMACSignatureMethod.SHA1(params); 278 } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA224)) { 279 return new DOMHMACSignatureMethod.SHA224(params); 280 } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA256)) { 281 return new DOMHMACSignatureMethod.SHA256(params); 282 } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA384)) { 283 return new DOMHMACSignatureMethod.SHA384(params); 284 } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_SHA512)) { 285 return new DOMHMACSignatureMethod.SHA512(params); 286 } else if (algorithm.equals(DOMHMACSignatureMethod.HMAC_RIPEMD160)) { 287 return new DOMHMACSignatureMethod.RIPEMD160(params); 288 } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA1)) { 289 return new DOMSignatureMethod.SHA1withECDSA(params); 290 } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA224)) { 291 return new DOMSignatureMethod.SHA224withECDSA(params); 292 } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA256)) { 293 return new DOMSignatureMethod.SHA256withECDSA(params); 294 } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA384)) { 295 return new DOMSignatureMethod.SHA384withECDSA(params); 296 } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA512)) { 297 return new DOMSignatureMethod.SHA512withECDSA(params); 298 } else if (algorithm.equals(DOMSignatureMethod.ECDSA_RIPEMD160)) { 299 return new DOMSignatureMethod.RIPEMD160withECDSA(params); 300 }else { 301 throw new NoSuchAlgorithmException("unsupported algorithm"); 302 } 303 } 304 305 public Transform newTransform(String algorithm, 306 TransformParameterSpec params) throws NoSuchAlgorithmException, 307 InvalidAlgorithmParameterException { 308 309 TransformService spi; 310 if (getProvider() == null) { 311 spi = TransformService.getInstance(algorithm, "DOM"); 312 } else { 313 try { 314 spi = TransformService.getInstance(algorithm, "DOM", getProvider()); 315 } catch (NoSuchAlgorithmException nsae) { 316 spi = TransformService.getInstance(algorithm, "DOM"); 317 } 318 } 319 320 spi.init(params); 321 return new DOMTransform(spi); 322 } 323 324 public Transform newTransform(String algorithm, 325 XMLStructure params) throws NoSuchAlgorithmException, 326 InvalidAlgorithmParameterException { 327 TransformService spi; 328 if (getProvider() == null) { 329 spi = TransformService.getInstance(algorithm, "DOM"); 330 } else { 331 try { 332 spi = TransformService.getInstance(algorithm, "DOM", getProvider()); 333 } catch (NoSuchAlgorithmException nsae) { 334 spi = TransformService.getInstance(algorithm, "DOM"); 335 } 336 } 337 338 if (params == null) { 339 spi.init(null); 340 } else { 341 spi.init(params, null); 342 } 343 return new DOMTransform(spi); 344 } 345 346 public CanonicalizationMethod newCanonicalizationMethod(String algorithm, 347 C14NMethodParameterSpec params) throws NoSuchAlgorithmException, 348 InvalidAlgorithmParameterException { 349 TransformService spi; 350 if (getProvider() == null) { 351 spi = TransformService.getInstance(algorithm, "DOM"); 352 } else { 353 try { 354 spi = TransformService.getInstance(algorithm, "DOM", getProvider()); 355 } catch (NoSuchAlgorithmException nsae) { 356 spi = TransformService.getInstance(algorithm, "DOM"); 357 } 358 } 359 360 spi.init(params); 361 return new DOMCanonicalizationMethod(spi); 362 } 363 364 public CanonicalizationMethod newCanonicalizationMethod(String algorithm, 365 XMLStructure params) throws NoSuchAlgorithmException, 366 InvalidAlgorithmParameterException { 367 TransformService spi; 368 if (getProvider() == null) { 369 spi = TransformService.getInstance(algorithm, "DOM"); 370 } else { 371 try { 372 spi = TransformService.getInstance(algorithm, "DOM", getProvider()); 373 } catch (NoSuchAlgorithmException nsae) { 374 spi = TransformService.getInstance(algorithm, "DOM"); 375 } 376 } 377 if (params == null) { 378 spi.init(null); 379 } else { 380 spi.init(params, null); 381 } 382 383 return new DOMCanonicalizationMethod(spi); 384 } 385 386 public URIDereferencer getURIDereferencer() { 387 return DOMURIDereferencer.INSTANCE; 388 } 389 }