8151893: Add security property to configure XML Signature secure validation mode
Reviewed-by: jnimeh, xuelei
This commit is contained in:
parent
92d448522a
commit
83c2e4ef3c
jdk
src
java.base/share
java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom
test/javax/xml/crypto/dsig
@ -803,3 +803,44 @@ jdk.tls.legacyAlgorithms= \
|
||||
# E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
|
||||
# EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
|
||||
# FFFFFFFF FFFFFFFF, 2}
|
||||
|
||||
#
|
||||
# The policy for the XML Signature secure validation mode. The mode is
|
||||
# enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
|
||||
# true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
|
||||
# or by running the code with a SecurityManager.
|
||||
#
|
||||
# Policy:
|
||||
# Constraint {"," Constraint }
|
||||
# Constraint:
|
||||
# AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
|
||||
# ReferenceUriSchemeConstraint | OtherConstraint
|
||||
# AlgConstraint
|
||||
# "disallowAlg" Uri
|
||||
# MaxTransformsConstraint:
|
||||
# "maxTransforms" Integer
|
||||
# MaxReferencesConstraint:
|
||||
# "maxReferences" Integer
|
||||
# ReferenceUriSchemeConstraint:
|
||||
# "disallowReferenceUriSchemes" String { String }
|
||||
# OtherConstraint:
|
||||
# "noDuplicateIds" | "noRetrievalMethodLoops"
|
||||
#
|
||||
# For AlgConstraint, Uri is the algorithm URI String that is not allowed.
|
||||
# See the XML Signature Recommendation for more information on algorithm
|
||||
# URI Identifiers. If the MaxTransformsConstraint or MaxReferencesConstraint is
|
||||
# specified more than once, only the last entry is enforced.
|
||||
#
|
||||
# Note: This property is currently used by the JDK Reference implementation. It
|
||||
# is not guaranteed to be examined and used by other implementations.
|
||||
#
|
||||
jdk.xml.dsig.secureValidationPolicy=\
|
||||
disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
|
||||
disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\
|
||||
disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\
|
||||
disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\
|
||||
maxTransforms 5,\
|
||||
maxReferences 30,\
|
||||
disallowReferenceUriSchemes file http https,\
|
||||
noDuplicateIds,\
|
||||
noRetrievalMethodLoops
|
||||
|
@ -72,6 +72,8 @@ grant codeBase "jrt:/java.xml.crypto" {
|
||||
"removeProviderProperty.XMLDSig";
|
||||
permission java.security.SecurityPermission
|
||||
"com.sun.org.apache.xml.internal.security.register";
|
||||
permission java.security.SecurityPermission
|
||||
"getProperty.jdk.xml.dsig.secureValidationPolicy";
|
||||
};
|
||||
|
||||
grant codeBase "jrt:/java.xml.ws" {
|
||||
|
@ -21,7 +21,7 @@
|
||||
* under the License.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* $Id: ApacheTransform.java 1333869 2012-05-04 10:42:44Z coheigea $
|
||||
@ -38,7 +38,6 @@ import org.w3c.dom.Node;
|
||||
|
||||
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
|
||||
import com.sun.org.apache.xml.internal.security.transforms.Transform;
|
||||
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
|
||||
|
||||
import javax.xml.crypto.*;
|
||||
import javax.xml.crypto.dom.DOMCryptoContext;
|
||||
@ -150,7 +149,7 @@ public abstract class ApacheTransform extends TransformService {
|
||||
|
||||
if (Utils.secureValidation(xc)) {
|
||||
String algorithm = getAlgorithm();
|
||||
if (Transforms.TRANSFORM_XSLT.equals(algorithm)) {
|
||||
if (Policy.restrictAlg(algorithm)) {
|
||||
throw new TransformException(
|
||||
"Transform " + algorithm + " is forbidden when secure validation is enabled"
|
||||
);
|
||||
|
@ -21,7 +21,7 @@
|
||||
* under the License.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* $Id: DOMManifest.java 1333415 2012-05-03 12:03:51Z coheigea $
|
||||
@ -110,9 +110,10 @@ public final class DOMManifest extends DOMStructure implements Manifest {
|
||||
localName + ", expected Reference");
|
||||
}
|
||||
refs.add(new DOMReference(refElem, context, provider));
|
||||
if (secVal && (refs.size() > DOMSignedInfo.MAXIMUM_REFERENCE_COUNT)) {
|
||||
String error = "A maxiumum of " + DOMSignedInfo.MAXIMUM_REFERENCE_COUNT + " "
|
||||
+ "references per Manifest are allowed with secure validation";
|
||||
if (secVal && Policy.restrictNumReferences(refs.size())) {
|
||||
String error = "A maximum of " + Policy.maxReferences()
|
||||
+ " references per Manifest are allowed when"
|
||||
+ " secure validation is enabled";
|
||||
throw new MarshalException(error);
|
||||
}
|
||||
refElem = DOMUtils.getNextSiblingElement(refElem);
|
||||
|
@ -21,7 +21,7 @@
|
||||
* under the License.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* ===========================================================================
|
||||
@ -51,7 +51,6 @@ import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
|
||||
import org.jcp.xml.dsig.internal.DigesterOutputStream;
|
||||
import com.sun.org.apache.xml.internal.security.algorithms.MessageDigestAlgorithm;
|
||||
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
|
||||
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
|
||||
import com.sun.org.apache.xml.internal.security.utils.Base64;
|
||||
@ -66,11 +65,6 @@ import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream
|
||||
public final class DOMReference extends DOMStructure
|
||||
implements Reference, DOMURIReference {
|
||||
|
||||
/**
|
||||
* The maximum number of transforms per reference, if secure validation is enabled.
|
||||
*/
|
||||
public static final int MAXIMUM_TRANSFORM_COUNT = 5;
|
||||
|
||||
/**
|
||||
* Look up useC14N11 system property. If true, an explicit C14N11 transform
|
||||
* will be added if necessary when generating the signature. See section
|
||||
@ -208,9 +202,10 @@ public final class DOMReference extends DOMStructure
|
||||
}
|
||||
transforms.add
|
||||
(new DOMTransform(transformElem, context, provider));
|
||||
if (secVal && (transforms.size() > MAXIMUM_TRANSFORM_COUNT)) {
|
||||
String error = "A maxiumum of " + MAXIMUM_TRANSFORM_COUNT + " "
|
||||
+ "transforms per Reference are allowed with secure validation";
|
||||
if (secVal && Policy.restrictNumTransforms(transforms.size())) {
|
||||
String error = "A maximum of " + Policy.maxTransforms()
|
||||
+ " transforms per Reference are allowed when"
|
||||
+ " secure validation is enabled";
|
||||
throw new MarshalException(error);
|
||||
}
|
||||
transformElem = DOMUtils.getNextSiblingElement(transformElem);
|
||||
@ -227,10 +222,10 @@ public final class DOMReference extends DOMStructure
|
||||
Element dmElem = nextSibling;
|
||||
this.digestMethod = DOMDigestMethod.unmarshal(dmElem);
|
||||
String digestMethodAlgorithm = this.digestMethod.getAlgorithm();
|
||||
if (secVal
|
||||
&& MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5.equals(digestMethodAlgorithm)) {
|
||||
if (secVal && Policy.restrictAlg(digestMethodAlgorithm)) {
|
||||
throw new MarshalException(
|
||||
"It is forbidden to use algorithm " + digestMethod + " when secure validation is enabled"
|
||||
"It is forbidden to use algorithm " + digestMethodAlgorithm +
|
||||
" when secure validation is enabled"
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -21,7 +21,7 @@
|
||||
* under the License.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* ===========================================================================
|
||||
@ -149,9 +149,10 @@ public final class DOMRetrievalMethod extends DOMStructure
|
||||
}
|
||||
transforms.add
|
||||
(new DOMTransform(transformElem, context, provider));
|
||||
if (secVal && (transforms.size() > DOMReference.MAXIMUM_TRANSFORM_COUNT)) {
|
||||
String error = "A maxiumum of " + DOMReference.MAXIMUM_TRANSFORM_COUNT + " "
|
||||
+ "transforms per Reference are allowed with secure validation";
|
||||
if (secVal && Policy.restrictNumTransforms(transforms.size())) {
|
||||
String error = "A maximum of " + Policy.maxTransforms()
|
||||
+ " transforms per Reference are allowed when"
|
||||
+ " secure validation is enabled";
|
||||
throw new MarshalException(error);
|
||||
}
|
||||
transformElem = DOMUtils.getNextSiblingElement(transformElem);
|
||||
@ -238,7 +239,8 @@ public final class DOMRetrievalMethod extends DOMStructure
|
||||
}
|
||||
|
||||
// guard against RetrievalMethod loops
|
||||
if ((data instanceof NodeSetData) && Utils.secureValidation(context)) {
|
||||
if ((data instanceof NodeSetData) && Utils.secureValidation(context)
|
||||
&& Policy.restrictRetrievalMethodLoops()) {
|
||||
NodeSetData<?> nsd = (NodeSetData<?>)data;
|
||||
Iterator<?> i = nsd.iterator();
|
||||
if (i.hasNext()) {
|
||||
|
@ -21,7 +21,7 @@
|
||||
* under the License.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* $Id: DOMSignedInfo.java 1333415 2012-05-03 12:03:51Z coheigea $
|
||||
@ -45,7 +45,6 @@ import org.w3c.dom.Element;
|
||||
import org.w3c.dom.Node;
|
||||
|
||||
import com.sun.org.apache.xml.internal.security.utils.Base64;
|
||||
import com.sun.org.apache.xml.internal.security.utils.Constants;
|
||||
import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream;
|
||||
|
||||
/**
|
||||
@ -55,22 +54,9 @@ import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream
|
||||
*/
|
||||
public final class DOMSignedInfo extends DOMStructure implements SignedInfo {
|
||||
|
||||
/**
|
||||
* The maximum number of references per Manifest, if secure validation is enabled.
|
||||
*/
|
||||
public static final int MAXIMUM_REFERENCE_COUNT = 30;
|
||||
|
||||
private static java.util.logging.Logger log =
|
||||
java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom");
|
||||
|
||||
/** Signature - NOT Recommended RSAwithMD5 */
|
||||
private static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 =
|
||||
Constants.MoreAlgorithmsSpecNS + "rsa-md5";
|
||||
|
||||
/** HMAC - NOT Recommended HMAC-MD5 */
|
||||
private static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 =
|
||||
Constants.MoreAlgorithmsSpecNS + "hmac-md5";
|
||||
|
||||
private List<Reference> references;
|
||||
private CanonicalizationMethod canonicalizationMethod;
|
||||
private SignatureMethod signatureMethod;
|
||||
@ -158,10 +144,10 @@ public final class DOMSignedInfo extends DOMStructure implements SignedInfo {
|
||||
boolean secVal = Utils.secureValidation(context);
|
||||
|
||||
String signatureMethodAlgorithm = signatureMethod.getAlgorithm();
|
||||
if (secVal && ((ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5.equals(signatureMethodAlgorithm)
|
||||
|| ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5.equals(signatureMethodAlgorithm)))) {
|
||||
if (secVal && Policy.restrictAlg(signatureMethodAlgorithm)) {
|
||||
throw new MarshalException(
|
||||
"It is forbidden to use algorithm " + signatureMethod + " when secure validation is enabled"
|
||||
"It is forbidden to use algorithm " + signatureMethodAlgorithm +
|
||||
" when secure validation is enabled"
|
||||
);
|
||||
}
|
||||
|
||||
@ -179,9 +165,10 @@ public final class DOMSignedInfo extends DOMStructure implements SignedInfo {
|
||||
}
|
||||
refList.add(new DOMReference(refElem, context, provider));
|
||||
|
||||
if (secVal && (refList.size() > MAXIMUM_REFERENCE_COUNT)) {
|
||||
String error = "A maxiumum of " + MAXIMUM_REFERENCE_COUNT + " "
|
||||
+ "references per Manifest are allowed with secure validation";
|
||||
if (secVal && Policy.restrictNumReferences(refList.size())) {
|
||||
String error = "A maximum of " + Policy.maxReferences()
|
||||
+ " references per Manifest are allowed when"
|
||||
+ " secure validation is enabled";
|
||||
throw new MarshalException(error);
|
||||
}
|
||||
refElem = DOMUtils.getNextSiblingElement(refElem);
|
||||
|
@ -21,7 +21,7 @@
|
||||
* under the License.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* $Id: DOMURIDereferencer.java 1231033 2012-01-13 12:12:12Z coheigea $
|
||||
@ -73,6 +73,11 @@ public class DOMURIDereferencer implements URIDereferencer {
|
||||
|
||||
boolean secVal = Utils.secureValidation(context);
|
||||
|
||||
if (secVal && Policy.restrictReferenceUriScheme(uri)) {
|
||||
throw new URIReferenceException(
|
||||
"Uri " + uri + " is forbidden when secure validation is enabled");
|
||||
}
|
||||
|
||||
// Check if same-document URI and already registered on the context
|
||||
if (uri != null && uri.length() != 0 && uri.charAt(0) == '#') {
|
||||
String id = uri.substring(1);
|
||||
@ -83,12 +88,19 @@ public class DOMURIDereferencer implements URIDereferencer {
|
||||
id = id.substring(i1+1, i2);
|
||||
}
|
||||
|
||||
Node referencedElem = dcc.getElementById(id);
|
||||
// check if element is registered by Id
|
||||
Node referencedElem = uriAttr.getOwnerDocument().getElementById(id);
|
||||
if (referencedElem == null) {
|
||||
// see if element is registered in DOMCryptoContext
|
||||
referencedElem = dcc.getElementById(id);
|
||||
}
|
||||
if (referencedElem != null) {
|
||||
if (secVal) {
|
||||
if (secVal && Policy.restrictDuplicateIds()) {
|
||||
Element start = referencedElem.getOwnerDocument().getDocumentElement();
|
||||
if (!XMLUtils.protectAgainstWrappingAttack(start, (Element)referencedElem, id)) {
|
||||
String error = "Multiple Elements with the same ID " + id + " were detected";
|
||||
String error = "Multiple Elements with the same ID "
|
||||
+ id + " detected when secure validation"
|
||||
+ " is enabled";
|
||||
throw new URIReferenceException(error);
|
||||
}
|
||||
}
|
||||
@ -110,9 +122,9 @@ public class DOMURIDereferencer implements URIDereferencer {
|
||||
|
||||
try {
|
||||
ResourceResolver apacheResolver =
|
||||
ResourceResolver.getInstance(uriAttr, baseURI, secVal);
|
||||
ResourceResolver.getInstance(uriAttr, baseURI, false);
|
||||
XMLSignatureInput in = apacheResolver.resolve(uriAttr,
|
||||
baseURI, secVal);
|
||||
baseURI, false);
|
||||
if (in.isOctetStream()) {
|
||||
return new ApacheOctetStreamData(in);
|
||||
} else {
|
||||
|
@ -0,0 +1,178 @@
|
||||
/*
|
||||
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
package org.jcp.xml.dsig.internal.dom;
|
||||
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.security.AccessController;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.Security;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Locale;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* The secure validation policy as specified by the
|
||||
* jdk.xml.dsig.secureValidationPolicy security property.
|
||||
*/
|
||||
public final class Policy {
|
||||
|
||||
// all restrictions are initialized to be unconstrained
|
||||
private static Set<URI> disallowedAlgs = new HashSet<>();
|
||||
private static int maxTrans = Integer.MAX_VALUE;
|
||||
private static int maxRefs = Integer.MAX_VALUE;
|
||||
private static Set<String> disallowedRefUriSchemes = new HashSet<>();
|
||||
private static boolean noDuplicateIds = false;
|
||||
private static boolean noRMLoops = false;
|
||||
|
||||
static {
|
||||
try {
|
||||
initialize();
|
||||
} catch (Exception e) {
|
||||
throw new SecurityException(
|
||||
"Cannot initialize the secure validation policy", e);
|
||||
}
|
||||
}
|
||||
|
||||
private Policy() {}
|
||||
|
||||
private static void initialize() {
|
||||
String prop =
|
||||
AccessController.doPrivileged((PrivilegedAction<String>) () ->
|
||||
Security.getProperty("jdk.xml.dsig.secureValidationPolicy"));
|
||||
if (prop == null || prop.isEmpty()) {
|
||||
// no policy specified, so don't enforce any restrictions
|
||||
return;
|
||||
}
|
||||
String[] entries = prop.split(",");
|
||||
for (String entry : entries) {
|
||||
String[] tokens = entry.split("\\s");
|
||||
String type = tokens[0];
|
||||
switch(type) {
|
||||
case "disallowAlg":
|
||||
if (tokens.length != 2) {
|
||||
error(entry);
|
||||
}
|
||||
disallowedAlgs.add(URI.create(tokens[1]));
|
||||
break;
|
||||
case "maxTransforms":
|
||||
if (tokens.length != 2) {
|
||||
error(entry);
|
||||
}
|
||||
maxTrans = Integer.parseUnsignedInt(tokens[1]);
|
||||
break;
|
||||
case "maxReferences":
|
||||
if (tokens.length != 2) {
|
||||
error(entry);
|
||||
}
|
||||
maxRefs = Integer.parseUnsignedInt(tokens[1]);
|
||||
break;
|
||||
case "disallowReferenceUriSchemes":
|
||||
if (tokens.length == 1) {
|
||||
error(entry);
|
||||
}
|
||||
for (int i = 1; i < tokens.length; i++) {
|
||||
String scheme = tokens[i];
|
||||
disallowedRefUriSchemes.add(
|
||||
scheme.toLowerCase(Locale.ROOT));
|
||||
}
|
||||
break;
|
||||
case "noDuplicateIds":
|
||||
if (tokens.length != 1) {
|
||||
error(entry);
|
||||
}
|
||||
noDuplicateIds = true;
|
||||
break;
|
||||
case "noRetrievalMethodLoops":
|
||||
if (tokens.length != 1) {
|
||||
error(entry);
|
||||
}
|
||||
noRMLoops = true;
|
||||
break;
|
||||
default:
|
||||
error(entry);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean restrictAlg(String alg) {
|
||||
try {
|
||||
URI uri = new URI(alg);
|
||||
return disallowedAlgs.contains(uri);
|
||||
} catch (URISyntaxException use) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean restrictNumTransforms(int numTrans) {
|
||||
return (numTrans > maxTrans);
|
||||
}
|
||||
|
||||
public static boolean restrictNumReferences(int numRefs) {
|
||||
return (numRefs > maxRefs);
|
||||
}
|
||||
|
||||
public static boolean restrictReferenceUriScheme(String uri) {
|
||||
if (uri != null) {
|
||||
String scheme = java.net.URI.create(uri).getScheme();
|
||||
if (scheme != null) {
|
||||
return disallowedRefUriSchemes.contains(
|
||||
scheme.toLowerCase(Locale.ROOT));
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public static boolean restrictDuplicateIds() {
|
||||
return noDuplicateIds;
|
||||
}
|
||||
|
||||
public static boolean restrictRetrievalMethodLoops() {
|
||||
return noRMLoops;
|
||||
}
|
||||
|
||||
public static Set<URI> disabledAlgs() {
|
||||
return Collections.<URI>unmodifiableSet(disallowedAlgs);
|
||||
}
|
||||
|
||||
public static int maxTransforms() {
|
||||
return maxTrans;
|
||||
}
|
||||
|
||||
public static int maxReferences() {
|
||||
return maxRefs;
|
||||
}
|
||||
|
||||
public static Set<String> disabledReferenceUriSchemes() {
|
||||
return Collections.<String>unmodifiableSet(disallowedRefUriSchemes);
|
||||
}
|
||||
|
||||
private static void error(String entry) {
|
||||
throw new IllegalArgumentException(
|
||||
"Invalid jdk.xml.dsig.secureValidationPolicy entry: " + entry);
|
||||
}
|
||||
}
|
72
jdk/test/javax/xml/crypto/dsig/SecureValidationPolicy.java
Normal file
72
jdk/test/javax/xml/crypto/dsig/SecureValidationPolicy.java
Normal file
@ -0,0 +1,72 @@
|
||||
/*
|
||||
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @bug 8151893
|
||||
* @summary Tests for the jdk.xml.dsig.secureValidationPolicy security property
|
||||
* @modules java.xml.crypto/org.jcp.xml.dsig.internal.dom
|
||||
*/
|
||||
|
||||
import java.security.Security;
|
||||
import java.util.List;
|
||||
import org.jcp.xml.dsig.internal.dom.Policy;
|
||||
|
||||
public class SecureValidationPolicy {
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
List<String> restrictedSchemes = List.of("file:/tmp/foo",
|
||||
"http://java.com", "https://java.com");
|
||||
List<String> restrictedAlgs = List.of(
|
||||
"http://www.w3.org/TR/1999/REC-xslt-19991116",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#rsa-md5",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#hmac-md5",
|
||||
"http://www.w3.org/2001/04/xmldsig-more#md5");
|
||||
|
||||
// Test expected defaults
|
||||
System.out.println("Testing defaults");
|
||||
if (!Policy.restrictNumTransforms(6)) {
|
||||
throw new Exception("maxTransforms not enforced");
|
||||
}
|
||||
if (!Policy.restrictNumReferences(31)) {
|
||||
throw new Exception("maxReferences not enforced");
|
||||
}
|
||||
for (String scheme : restrictedSchemes) {
|
||||
if (!Policy.restrictReferenceUriScheme(scheme)) {
|
||||
throw new Exception(scheme + " scheme not restricted");
|
||||
}
|
||||
}
|
||||
for (String alg : restrictedAlgs) {
|
||||
if (!Policy.restrictAlg(alg)) {
|
||||
throw new Exception(alg + " alg not restricted");
|
||||
}
|
||||
}
|
||||
if (!Policy.restrictDuplicateIds()) {
|
||||
throw new Exception("noDuplicateIds not enforced");
|
||||
}
|
||||
if (!Policy.restrictRetrievalMethodLoops()) {
|
||||
throw new Exception("noRetrievalMethodLoops not enforced");
|
||||
}
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user