8038913: Bolster XML support
Reviewed-by: xuelei, skoivu
This commit is contained in:
Sean Mullan
parent
52d7b541a6
commit
3847915051
@ -25,6 +25,8 @@ package com.sun.org.apache.xml.internal.security;
|
||||
import java.io.InputStream;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.PrivilegedActionException;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
@ -35,6 +37,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
|
||||
import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
|
||||
import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
|
||||
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
|
||||
import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver;
|
||||
import com.sun.org.apache.xml.internal.security.transforms.Transform;
|
||||
import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
|
||||
@ -118,6 +121,8 @@ public class Init {
|
||||
log.log(java.util.logging.Level.FINE, "Registering default algorithms");
|
||||
}
|
||||
try {
|
||||
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>(){
|
||||
@Override public Void run() throws XMLSecurityException {
|
||||
//
|
||||
// Bind the default prefixes
|
||||
//
|
||||
@ -152,9 +157,14 @@ public class Init {
|
||||
// Register the default key resolvers
|
||||
//
|
||||
KeyResolver.registerDefaultResolvers();
|
||||
} catch (Exception ex) {
|
||||
log.log(java.util.logging.Level.SEVERE, ex.getMessage(), ex);
|
||||
ex.printStackTrace();
|
||||
|
||||
return null;
|
||||
}
|
||||
});
|
||||
} catch (PrivilegedActionException ex) {
|
||||
XMLSecurityException xse = (XMLSecurityException)ex.getException();
|
||||
log.log(java.util.logging.Level.SEVERE, xse.getMessage(), xse);
|
||||
xse.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -27,6 +27,7 @@ import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
|
||||
import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
|
||||
import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
|
||||
@ -49,8 +50,11 @@ public class JCEMapper {
|
||||
*
|
||||
* @param id
|
||||
* @param algorithm
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the JCE algorithm
|
||||
*/
|
||||
public static void register(String id, Algorithm algorithm) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
algorithmsMap.put(id, algorithm);
|
||||
}
|
||||
|
||||
@ -296,8 +300,11 @@ public class JCEMapper {
|
||||
/**
|
||||
* Sets the default Provider for obtaining the security algorithms
|
||||
* @param provider the default providerId.
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to set the JCE provider
|
||||
*/
|
||||
public static void setProviderId(String provider) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
providerName = provider;
|
||||
}
|
||||
|
||||
|
||||
@ -37,6 +37,7 @@ import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
|
||||
import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
|
||||
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
|
||||
import com.sun.org.apache.xml.internal.security.utils.Constants;
|
||||
import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
|
||||
import org.w3c.dom.Attr;
|
||||
import org.w3c.dom.Document;
|
||||
import org.w3c.dom.Element;
|
||||
@ -314,18 +315,21 @@ public class SignatureAlgorithm extends Algorithm {
|
||||
}
|
||||
|
||||
/**
|
||||
* Registers implementing class of the Transform algorithm with algorithmURI
|
||||
* Registers implementing class of the SignatureAlgorithm with algorithmURI
|
||||
*
|
||||
* @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
|
||||
* @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
|
||||
* @param implementingClass <code>implementingClass</code> the implementing class of
|
||||
* {@link SignatureAlgorithmSpi}
|
||||
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
|
||||
* @throws XMLSignatureException
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the signature algorithm
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public static void register(String algorithmURI, String implementingClass)
|
||||
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
|
||||
XMLSignatureException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
if (log.isLoggable(java.util.logging.Level.FINE)) {
|
||||
log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
|
||||
}
|
||||
@ -352,15 +356,18 @@ public class SignatureAlgorithm extends Algorithm {
|
||||
/**
|
||||
* Registers implementing class of the Transform algorithm with algorithmURI
|
||||
*
|
||||
* @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
|
||||
* @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
|
||||
* @param implementingClass <code>implementingClass</code> the implementing class of
|
||||
* {@link SignatureAlgorithmSpi}
|
||||
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
|
||||
* @throws XMLSignatureException
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the signature algorithm
|
||||
*/
|
||||
public static void register(String algorithmURI, Class<? extends SignatureAlgorithmSpi> implementingClass)
|
||||
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
|
||||
XMLSignatureException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
if (log.isLoggable(java.util.logging.Level.FINE)) {
|
||||
log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
|
||||
}
|
||||
|
||||
@ -41,6 +41,7 @@ import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicaliz
|
||||
import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315WithComments;
|
||||
import com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerPhysical;
|
||||
import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
|
||||
import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
|
||||
import org.w3c.dom.Document;
|
||||
import org.w3c.dom.Node;
|
||||
import org.w3c.dom.NodeList;
|
||||
@ -142,10 +143,13 @@ public class Canonicalizer {
|
||||
* @param algorithmURI
|
||||
* @param implementingClass
|
||||
* @throws AlgorithmAlreadyRegisteredException
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the canonicalizer
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public static void register(String algorithmURI, String implementingClass)
|
||||
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
// check whether URI is already registered
|
||||
Class<? extends CanonicalizerSpi> registeredClass =
|
||||
canonicalizerHash.get(algorithmURI);
|
||||
@ -166,9 +170,12 @@ public class Canonicalizer {
|
||||
* @param algorithmURI
|
||||
* @param implementingClass
|
||||
* @throws AlgorithmAlreadyRegisteredException
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the canonicalizer
|
||||
*/
|
||||
public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass)
|
||||
public static void register(String algorithmURI, Class<? extends CanonicalizerSpi> implementingClass)
|
||||
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
// check whether URI is already registered
|
||||
Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
|
||||
|
||||
|
||||
@ -42,6 +42,7 @@ import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations
|
||||
import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SKIResolver;
|
||||
import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509SubjectNameResolver;
|
||||
import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
|
||||
import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
|
||||
@ -175,9 +176,12 @@ public class KeyResolver {
|
||||
* @throws InstantiationException
|
||||
* @throws IllegalAccessException
|
||||
* @throws ClassNotFoundException
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the key resolver
|
||||
*/
|
||||
public static void register(String className, boolean globalResolver)
|
||||
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
KeyResolverSpi keyResolverSpi =
|
||||
(KeyResolverSpi) Class.forName(className).newInstance();
|
||||
keyResolverSpi.setGlobalResolver(globalResolver);
|
||||
@ -195,8 +199,11 @@ public class KeyResolver {
|
||||
*
|
||||
* @param className
|
||||
* @param globalResolver Whether the KeyResolverSpi is a global resolver or not
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the key resolver
|
||||
*/
|
||||
public static void registerAtStart(String className, boolean globalResolver) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
KeyResolverSpi keyResolverSpi = null;
|
||||
Exception ex = null;
|
||||
try {
|
||||
@ -228,11 +235,14 @@ public class KeyResolver {
|
||||
*
|
||||
* @param keyResolverSpi a KeyResolverSpi instance to register
|
||||
* @param start whether to register the KeyResolverSpi at the start of the list or not
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the key resolver
|
||||
*/
|
||||
public static void register(
|
||||
KeyResolverSpi keyResolverSpi,
|
||||
boolean start
|
||||
) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
KeyResolver resolver = new KeyResolver(keyResolverSpi);
|
||||
if (start) {
|
||||
resolverVector.add(0, resolver);
|
||||
@ -254,9 +264,12 @@ public class KeyResolver {
|
||||
* @throws InstantiationException
|
||||
* @throws IllegalAccessException
|
||||
* @throws ClassNotFoundException
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the key resolver
|
||||
*/
|
||||
public static void registerClassNames(List<String> classNames)
|
||||
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>(classNames.size());
|
||||
for (String className : classNames) {
|
||||
KeyResolverSpi keyResolverSpi =
|
||||
|
||||
@ -46,6 +46,7 @@ import com.sun.org.apache.xml.internal.security.transforms.implementations.Trans
|
||||
import com.sun.org.apache.xml.internal.security.transforms.implementations.TransformXSLT;
|
||||
import com.sun.org.apache.xml.internal.security.utils.Constants;
|
||||
import com.sun.org.apache.xml.internal.security.utils.HelperNodeList;
|
||||
import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
|
||||
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
|
||||
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
|
||||
import org.w3c.dom.Document;
|
||||
@ -181,11 +182,14 @@ public final class Transform extends SignatureElementProxy {
|
||||
* class of {@link TransformSpi}
|
||||
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
|
||||
* is already registered
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the transform
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public static void register(String algorithmURI, String implementingClass)
|
||||
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
|
||||
InvalidTransformException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
// are we already registered?
|
||||
Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
|
||||
if (transformSpi != null) {
|
||||
@ -206,9 +210,12 @@ public final class Transform extends SignatureElementProxy {
|
||||
* class of {@link TransformSpi}
|
||||
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
|
||||
* is already registered
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register the transform
|
||||
*/
|
||||
public static void register(String algorithmURI, Class<? extends TransformSpi> implementingClass)
|
||||
throws AlgorithmAlreadyRegisteredException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
// are we already registered?
|
||||
Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
|
||||
if (transformSpi != null) {
|
||||
|
||||
@ -468,9 +468,12 @@ public abstract class ElementProxy {
|
||||
* @param namespace
|
||||
* @param prefix
|
||||
* @throws XMLSecurityException
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to set the default prefix
|
||||
*/
|
||||
public static void setDefaultPrefix(String namespace, String prefix)
|
||||
throws XMLSecurityException {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
if (prefixMappings.containsValue(prefix)) {
|
||||
String storedPrefix = prefixMappings.get(namespace);
|
||||
if (!storedPrefix.equals(prefix)) {
|
||||
|
||||
@ -28,6 +28,7 @@ import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.SecurityPermission;
|
||||
|
||||
/**
|
||||
* A collection of different, general-purpose methods for JAVA-specific things
|
||||
@ -39,6 +40,10 @@ public class JavaUtils {
|
||||
private static java.util.logging.Logger log =
|
||||
java.util.logging.Logger.getLogger(JavaUtils.class.getName());
|
||||
|
||||
private static final SecurityPermission REGISTER_PERMISSION =
|
||||
new SecurityPermission(
|
||||
"com.sun.org.apache.xml.internal.security.register");
|
||||
|
||||
private JavaUtils() {
|
||||
// we don't allow instantiation
|
||||
}
|
||||
@ -146,6 +151,23 @@ public class JavaUtils {
|
||||
return retBytes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Throws a {@code SecurityException} if a security manager is installed
|
||||
* and the caller is not allowed to register an implementation of an
|
||||
* algorithm, transform, or other security sensitive XML Signature function.
|
||||
*
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller has not been granted the
|
||||
* {@literal "com.sun.org.apache.xml.internal.security.register"}
|
||||
* {@code SecurityPermission}
|
||||
*/
|
||||
public static void checkRegisterPermission() {
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(REGISTER_PERMISSION);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts an ASN.1 DSA value to a XML Signature DSA Value.
|
||||
*
|
||||
|
||||
@ -80,32 +80,44 @@ public class XMLUtils {
|
||||
/**
|
||||
* Set the prefix for the digital signature namespace
|
||||
* @param prefix the new prefix for the digital signature namespace
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to set the prefix
|
||||
*/
|
||||
public static void setDsPrefix(String prefix) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
dsPrefix = prefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the prefix for the digital signature 1.1 namespace
|
||||
* @param prefix the new prefix for the digital signature 1.1 namespace
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to set the prefix
|
||||
*/
|
||||
public static void setDs11Prefix(String prefix) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
ds11Prefix = prefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the prefix for the encryption namespace
|
||||
* @param prefix the new prefix for the encryption namespace
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to set the prefix
|
||||
*/
|
||||
public static void setXencPrefix(String prefix) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
xencPrefix = prefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the prefix for the encryption namespace 1.1
|
||||
* @param prefix the new prefix for the encryption namespace 1.1
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to set the prefix
|
||||
*/
|
||||
public static void setXenc11Prefix(String prefix) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
xenc11Prefix = prefix;
|
||||
}
|
||||
|
||||
|
||||
@ -27,6 +27,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
|
||||
import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
|
||||
import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP;
|
||||
import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment;
|
||||
import com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverLocalFilesystem;
|
||||
@ -199,9 +200,12 @@ public class ResourceResolver {
|
||||
* the class cannot be registered.
|
||||
*
|
||||
* @param className the name of the ResourceResolverSpi class to be registered
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register a resource resolver
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public static void register(String className) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
try {
|
||||
Class<ResourceResolverSpi> resourceResolverClass =
|
||||
(Class<ResourceResolverSpi>) Class.forName(className);
|
||||
@ -216,9 +220,12 @@ public class ResourceResolver {
|
||||
* list. This method logs a warning if the class cannot be registered.
|
||||
*
|
||||
* @param className the name of the ResourceResolverSpi class to be registered
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register a resource resolver
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public static void registerAtStart(String className) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
try {
|
||||
Class<ResourceResolverSpi> resourceResolverClass =
|
||||
(Class<ResourceResolverSpi>) Class.forName(className);
|
||||
@ -233,8 +240,11 @@ public class ResourceResolver {
|
||||
* cannot be registered.
|
||||
* @param className
|
||||
* @param start
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register a resource resolver
|
||||
*/
|
||||
public static void register(Class<? extends ResourceResolverSpi> className, boolean start) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
try {
|
||||
ResourceResolverSpi resourceResolverSpi = className.newInstance();
|
||||
register(resourceResolverSpi, start);
|
||||
@ -250,8 +260,11 @@ public class ResourceResolver {
|
||||
* cannot be registered.
|
||||
* @param resourceResolverSpi
|
||||
* @param start
|
||||
* @throws SecurityException if a security manager is installed and the
|
||||
* caller does not have permission to register a resource resolver
|
||||
*/
|
||||
public static void register(ResourceResolverSpi resourceResolverSpi, boolean start) {
|
||||
JavaUtils.checkRegisterPermission();
|
||||
synchronized(resolverList) {
|
||||
if (start) {
|
||||
resolverList.add(0, new ResourceResolver(resourceResolverSpi));
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user