mirrors/JetBrainsRuntime
1
0
Fork 0
mirror of https://github.com/JetBrains/JetBrainsRuntime.git synced 2025-12-06 09:29:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

8344137: Update XML Security for Java to 3.0.5

Browse Source 
Reviewed-by: mbaesken
Backport-of: 18e0b343ab
This commit is contained in:
Goetz Lindenmaier
2025-07-04 13:03:07 +00:00
committed by Vitaly Provodin
parent 132d966444
commit 26c4c4958c
24 changed files with 628 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
View File

@@ -207,6 +207,22 @@ public class JCEMapper {
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
new Algorithm("EC", "SHA512withECDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224,
new Algorithm("EC", "SHA3-224withECDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256,
new Algorithm("EC", "SHA3-256withECDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384,
new Algorithm("EC", "SHA3-384withECDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512,
new Algorithm("EC", "SHA3-512withECDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160,
new Algorithm("EC", "RIPEMD160withECDSA", "Signature")

2
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
View File

@@ -103,7 +103,7 @@ public final class MessageDigestAlgorithm extends Algorithm {
return new MessageDigestAlgorithm(doc, algorithmURI);
}
private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
public static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
if (algorithmID == null) {

12
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
View File

@@ -494,6 +494,18 @@ public class SignatureAlgorithm extends Algorithm {
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
);
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224, SignatureECDSA.SignatureECDSASHA3_224.class
);
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256, SignatureECDSA.SignatureECDSASHA3_256.class
);
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384, SignatureECDSA.SignatureECDSASHA3_384.class
);
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512, SignatureECDSA.SignatureECDSASHA3_512.class
);
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class
);

40
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
View File

@@ -770,6 +770,46 @@ public final class ECDSAUtils {
"0340340340340340340340340340340340340340340340340340340323c313fab50589703b5ec68d3587fec60d161cc149c1ad4a91",
0x2760)
);
ecCurveDefinitions.add(
new ECCurveDefinition(
"brainpoolP256r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.7",
"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
"7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
"26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
"8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262",
"547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997",
"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7",
1)
);
ecCurveDefinitions.add(
new ECCurveDefinition(
"brainpoolP384r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.11",
"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53",
"7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826",
"04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11",
"1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e",
"8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315",
"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565",
1)
);
ecCurveDefinitions.add(
new ECCurveDefinition(
"brainpoolP512r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.13",
"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
"7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca",
"3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723",
"81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822",
"7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069",
1)
);
}
public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {

3
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
View File

@@ -66,8 +66,7 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
public SignatureBaseRSA(Provider provider) throws XMLSignatureException {
String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
this.signatureAlgorithm = getSignature(provider, algorithmID);
LOG.debug("Created SignatureRSA using {0} and provider {1}",
algorithmID, signatureAlgorithm.getProvider());
LOG.debug("Created SignatureRSA using {0}", algorithmID);
}
Signature getSignature(Provider provider, String algorithmID)

104
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
View File

@@ -371,6 +371,110 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
}
}
/**
* Class SignatureECDSASHA3-224
*
*/
public static class SignatureECDSASHA3_224 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA3-224
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA3_224() throws XMLSignatureException {
super();
}
public SignatureECDSASHA3_224(Provider provider) throws XMLSignatureException {
super(provider);
}
/** {@inheritDoc} */
@Override
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224;
}
}
/**
* Class SignatureECDSASHA3-256
*
*/
public static class SignatureECDSASHA3_256 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA3-256
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA3_256() throws XMLSignatureException {
super();
}
public SignatureECDSASHA3_256(Provider provider) throws XMLSignatureException {
super(provider);
}
/** {@inheritDoc} */
@Override
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256;
}
}
/**
* Class SignatureECDSASHA3-384
*
*/
public static class SignatureECDSASHA3_384 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA3-384
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA3_384() throws XMLSignatureException {
super();
}
public SignatureECDSASHA3_384(Provider provider) throws XMLSignatureException {
super(provider);
}
/** {@inheritDoc} */
@Override
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384;
}
}
/**
* Class SignatureECDSASHA3-512
*
*/
public static class SignatureECDSASHA3_512 extends SignatureECDSA {
/**
* Constructor SignatureECDSASHA3-512
*
* @throws XMLSignatureException
*/
public SignatureECDSASHA3_512() throws XMLSignatureException {
super();
}
public SignatureECDSASHA3_512(Provider provider) throws XMLSignatureException {
super(provider);
}
/** {@inheritDoc} */
@Override
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512;
}
}
/**
* Class SignatureECDSARIPEMD160
*/

40
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
View File

@@ -32,15 +32,7 @@ import java.util.List;
import javax.crypto.SecretKey;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.keys.content.DEREncodedKeyValue;
import com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference;
import com.sun.org.apache.xml.internal.security.keys.content.KeyName;
import com.sun.org.apache.xml.internal.security.keys.content.KeyValue;
import com.sun.org.apache.xml.internal.security.keys.content.MgmtData;
import com.sun.org.apache.xml.internal.security.keys.content.PGPData;
import com.sun.org.apache.xml.internal.security.keys.content.RetrievalMethod;
import com.sun.org.apache.xml.internal.security.keys.content.SPKIData;
import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
import com.sun.org.apache.xml.internal.security.keys.content.*;
import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.DSAKeyValue;
import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.RSAKeyValue;
import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver;
@@ -50,7 +42,6 @@ import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
import com.sun.org.apache.xml.internal.security.transforms.Transforms;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
@@ -88,7 +79,7 @@ import org.w3c.dom.Node;
* contains the corresponding type.
*
*/
public class KeyInfo extends SignatureElementProxy {
public class KeyInfo extends ElementProxy {
private static final com.sun.org.slf4j.internal.Logger LOG =
com.sun.org.slf4j.internal.LoggerFactory.getLogger(KeyInfo.class);
@@ -231,12 +222,24 @@ public class KeyInfo extends SignatureElementProxy {
}
/**
* Method add
* Method adds public key encoded as KeyValue. If public key type is not supported by KeyValue, then
* DEREncodedKeyValue is used. If public key type is not supported by DEREncodedKeyValue, then
* IllegalArgumentException is thrown.
*
* @param pk
* @param pk public key to be added to KeyInfo
*/
public void add(PublicKey pk) {
this.add(new KeyValue(getDocument(), pk));
public void add(PublicKey pk) {
if (KeyValue.isSupportedKeyType(pk)) {
this.add(new KeyValue(getDocument(), pk));
return;
}
try {
this.add(new DEREncodedKeyValue(getDocument(), pk));
} catch (XMLSecurityException ex) {
throw new IllegalArgumentException(ex);
}
}
/**
@@ -772,6 +775,7 @@ public class KeyInfo extends SignatureElementProxy {
return this.lengthKeyInfoReference() > 0;
}
/**
* This method returns the public key.
*
@@ -1188,4 +1192,10 @@ public class KeyInfo extends SignatureElementProxy {
public String getBaseLocalName() {
return Constants._TAG_KEYINFO;
}
/** {@inheritDoc} */
@Override
public String getBaseNamespace() {
return Constants.SignatureSpecNS;
}
}

6
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java
View File

@@ -41,7 +41,10 @@ import org.w3c.dom.Element;
public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyInfoContent {
/** JCA algorithm key types supported by this implementation. */
private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC"};
private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC",
"DiffieHellman", "DH", "XDH", "X25519", "X448",
"EdDSA", "Ed25519", "Ed448",
"RSASSA-PSS"};
/**
* Constructor DEREncodedKeyValue
@@ -144,5 +147,4 @@ public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyIn
throw new XMLSecurityException(e, "DEREncodedKeyValue.UnsupportedPublicKey", exArgs);
}
}
}

15
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
View File

@@ -41,7 +41,6 @@ import org.w3c.dom.Element;
* (section 6.4). The KeyValue element may include externally defined public
* keys values represented as PCDATA or element types from an external
* namespace.
*
*/
public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
@@ -120,6 +119,20 @@ public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
}
}
/**
* Verifies that the XML KeyValue encoding is supported for the given key type. If the
* encoding is supported, it returns true else false.
*
* @return true if the public key has a KeyValue encoding, false otherwise.
*/
public static boolean isSupportedKeyType(PublicKey publicKey) {
return publicKey instanceof java.security.interfaces.DSAPublicKey
|| publicKey instanceof java.security.interfaces.RSAPublicKey
|| publicKey instanceof java.security.interfaces.ECPublicKey;
}
/**
* Constructor KeyValue
*

53
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java
View File

@@ -91,6 +91,45 @@ public class ECKeyValue extends Signature11ElementProxy implements KeyValueConte
1
);
/* Supported curve brainpoolP256r1 */
private static final Curve BRAINPOOLP256R1 = initializeCurve(
"brainpoolP256r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.7",
"A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
"7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
"26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
1
);
/* Supported curve brainpoolP384r1 */
private static final Curve BRAINPOOLP384R1 = initializeCurve(
"brainpoolP384r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.11",
"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
"7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
"04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
"1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
"8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
1
);
/* Supported curve brainpoolP512r1 */
private static final Curve BRAINPOOLP512R1 = initializeCurve(
"brainpoolP512r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.13",
"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
"7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
"3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
"81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
"7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
1
);
private static Curve initializeCurve(String name, String oid,
String sfield, String a, String b,
String x, String y, String n, int h) {
@@ -264,7 +303,13 @@ public class ECKeyValue extends Signature11ElementProxy implements KeyValueConte
match = SECP384R1;
} else if (matchCurve(params, SECP521R1)) {
match = SECP521R1;
} else {
} else if (matchCurve(params, BRAINPOOLP256R1)) {
match = BRAINPOOLP256R1;
} else if (matchCurve(params, BRAINPOOLP384R1)) {
match = BRAINPOOLP384R1;
} else if (matchCurve(params, BRAINPOOLP512R1)) {
match = BRAINPOOLP512R1;
}else {
return null;
}
return match.getObjectId();
@@ -332,6 +377,12 @@ public class ECKeyValue extends Signature11ElementProxy implements KeyValueConte
return SECP384R1;
} else if (oid.equals(SECP521R1.getObjectId())) {
return SECP521R1;
} else if (oid.equals(BRAINPOOLP256R1.getObjectId())) {
return BRAINPOOLP256R1;
} else if (oid.equals(BRAINPOOLP384R1.getObjectId())) {
return BRAINPOOLP384R1;
} else if (oid.equals(BRAINPOOLP512R1.getObjectId())) {
return BRAINPOOLP512R1;
} else {
return null;
}

2
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties
View File

@@ -30,7 +30,7 @@ algorithms.HMACOutputLengthMax = HMACOutputLength darf nicht grosser als {0} sei
algorithms.HMACOutputLengthMin = HMACOutputLength darf nicht kleiner als {0} sein
algorithms.HMACOutputLengthOnlyForHMAC = Die HMACOutputLength kann nur bei HMAC integrit\u00e4ts Algorithmen angegeben werden
algorithms.MissingRSAPSSParams = RSAPSSParams is a required Element for http://www.w3.org/2007/05/xmldsig-more#rsa-pss
algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar.
algorithms.NoSuchAlgorithmNoEx = Der Algorithmus {0} ist nicht verf\u00fcgbar.
algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. Original Nachricht war\: {1}
algorithms.NoSuchMap = Algorithmus URI "{0}" konnte auf keinen JCE Algorithmus gemappt werden
algorithms.NoSuchProvider = Der angegebene Provider {0} existiert nicht. Original Nachricht war\: {1}

17
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java
View File

@@ -209,6 +209,23 @@ public final class XMLSignature extends SignatureElementProxy {
public static final String ALGO_ID_SIGNATURE_EDDSA_ED448 =
"http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448";
/**Signature - SHA3-224withECDSA */
public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_224 =
"http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224";
/**Signature - SHA3-256withECDSA */
public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_256 =
"http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256";
/**Signature - SHA3-384withECDSA */
public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_384 =
"http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384";
/**Signature - SHA3-512withECDSA */
public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_512 =
"http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512";
/** Signature - Optional RSASSA-PSS */
public static final String ALGO_ID_SIGNATURE_RSA_PSS =
Constants.XML_DSIG_NS_MORE_07_05 + "rsa-pss";

6
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java
View File

@@ -71,6 +71,9 @@ public final class Constants {
/** The (newer) URL for more algorithms **/
public static final String XML_DSIG_NS_MORE_07_05 = "http://www.w3.org/2007/05/xmldsig-more#";
/** The 2021 xmldsig-more URL for Internet Engineering Task Force (IETF) algorithms **/
public static final String XML_DSIG_NS_MORE_21_04 = "http://www.w3.org/2021/04/xmldsig-more#";
/** The URI for XML spec*/
public static final String XML_LANG_SPACE_SpecNS = "http://www.w3.org/XML/1998/namespace";
@@ -144,6 +147,9 @@ public final class Constants {
/** Tag of Element MaskGenerationFunction **/
public static final String _TAG_MGF = "MaskGenerationFunction";
/** Tag of Element Salt **/
public static final String _TAG_SALT = "Salt";
/** Tag of Element SaltLength **/
public static final String _TAG_SALTLENGTH = "SaltLength";

3
src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java
View File

@@ -512,6 +512,9 @@ public abstract class ElementProxy {
"http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter", "xx"
);
setNamespacePrefix("http://www.w3.org/2009/xmldsig11#", "dsig11");
setNamespacePrefix("http://www.w3.org/2001/04/xmldsig-more", "rfc4051");
setNamespacePrefix("http://www.w3.org/2007/05/xmldsig-more#", "rfc6931");
setNamespacePrefix("http://www.w3.org/2021/04/xmldsig-more#", "rfc9231");
}
/**

2
src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it

2
src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java
View File

@@ -81,7 +81,7 @@ public final class DOMKeyInfoFactory extends KeyInfoFactory {
String algorithm = key.getAlgorithm();
if ("DSA".equals(algorithm)) {
return new DOMKeyValue.DSA((DSAPublicKey) key);
} else if ("RSA".equals(algorithm)) {
} else if ("RSA".equals(algorithm) || "RSASSA-PSS".equals(algorithm)) {
return new DOMKeyValue.RSA((RSAPublicKey) key);
} else if ("EC".equals(algorithm)) {
return new DOMKeyValue.EC((ECPublicKey) key);

77
src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java
View File

@@ -241,6 +241,33 @@ public abstract class DOMKeyValue<K extends PublicKey> extends DOMStructure impl
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
return (RSAPublicKey) generatePublicKey(rsakf, spec);
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (!(obj instanceof KeyValue)) {
return false;
}
// This equality test allows RSA keys that have different
// algorithms (ex: RSA and RSASSA-PSS) to be equal as long
// as the key is the same.
try {
PublicKey otherKey = ((KeyValue)obj).getPublicKey();
if (!(otherKey instanceof RSAPublicKey)) {
return false;
}
RSAPublicKey otherRSAKey = (RSAPublicKey)otherKey;
RSAPublicKey rsaKey = (RSAPublicKey)getPublicKey();
return rsaKey.getPublicExponent().equals(
otherRSAKey.getPublicExponent())
&& rsaKey.getModulus().equals(otherRSAKey.getModulus());
} catch (KeyException ke) {
// no practical way to determine if the keys are equal
return false;
}
}
}
static final class DSA extends DOMKeyValue<DSAPublicKey> {
@@ -369,6 +396,42 @@ public abstract class DOMKeyValue<K extends PublicKey> extends DOMStructure impl
1
);
private static final Curve BRAINPOOLP256R1 = initializeCurve(
"brainpoolP256r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.7",
"A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
"7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
"26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
1
);
private static final Curve BRAINPOOLP384R1 = initializeCurve(
"brainpoolP384r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.11",
"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
"7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
"04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
"1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
"8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
"8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
1
);
private static final Curve BRAINPOOLP512R1 = initializeCurve(
"brainpoolP512r1 [RFC 5639]",
"1.3.36.3.3.2.8.1.1.13",
"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
"7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
"3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
"81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
"7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
"AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
1
);
private static Curve initializeCurve(String name, String oid,
String sfield, String a, String b,
String x, String y, String n, int h) {
@@ -448,6 +511,12 @@ public abstract class DOMKeyValue<K extends PublicKey> extends DOMStructure impl
match = SECP384R1;
} else if (matchCurve(params, SECP521R1)) {
match = SECP521R1;
} else if (matchCurve(params, BRAINPOOLP256R1)) {
match = BRAINPOOLP256R1;
} else if (matchCurve(params, BRAINPOOLP384R1)) {
match = BRAINPOOLP384R1;
} else if (matchCurve(params, BRAINPOOLP512R1)) {
match = BRAINPOOLP512R1;
} else {
return null;
}
@@ -485,7 +554,7 @@ public abstract class DOMKeyValue<K extends PublicKey> extends DOMStructure impl
DOMUtils.setAttribute(namedCurveElem, "URI", "urn:oid:" + oid);
String qname = (prefix == null || prefix.length() == 0)
? "xmlns" : "xmlns:" + prefix;
namedCurveElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
ecKeyValueElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
qname, XMLDSIG_11_XMLNS);
ecKeyValueElem.appendChild(namedCurveElem);
String encoded = XMLUtils.encodeToString(ecPublicKey);
@@ -555,6 +624,12 @@ public abstract class DOMKeyValue<K extends PublicKey> extends DOMStructure impl
return SECP384R1;
} else if (oid.equals(SECP521R1.getObjectId())) {
return SECP521R1;
} else if (oid.equals(BRAINPOOLP256R1.getObjectId())) {
return BRAINPOOLP256R1;
} else if (oid.equals(BRAINPOOLP384R1.getObjectId())) {
return BRAINPOOLP384R1;
} else if (oid.equals(BRAINPOOLP512R1.getObjectId())) {
return BRAINPOOLP512R1;
} else {
return null;
}

104
src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
View File

@@ -100,6 +100,14 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
"http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519";
static final String ED448 =
"http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448";
static final String ECDSA_SHA3_224 =
"http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224";
static final String ECDSA_SHA3_256 =
"http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256";
static final String ECDSA_SHA3_384 =
"http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384";
static final String ECDSA_SHA3_512 =
"http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512";
// see RFC 6931 for these algorithm definitions
static final String ECDSA_RIPEMD160 =
@@ -241,6 +249,14 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
return new SHA384withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA512)) {
return new SHA512withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA3_224)) {
return new SHA3_224withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA3_256)) {
return new SHA3_256withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA3_384)) {
return new SHA3_384withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA3_512)) {
return new SHA3_512withECDSA(smElem);
} else if (alg.equals(ECDSA_RIPEMD160)) {
return new RIPEMD160withECDSA(smElem);
} else if (alg.equals(SignatureMethod.HMAC_SHA1)) {
@@ -1160,6 +1176,94 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
}
}
static final class SHA3_224withECDSA extends AbstractECDSASignatureMethod {
SHA3_224withECDSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA3_224withECDSA(Element dmElem) throws MarshalException {
super(dmElem);
}
@Override
public String getAlgorithm() {
return ECDSA_SHA3_224;
}
@Override
String getJCAAlgorithm() {
return "SHA3-224withECDSAinP1363Format";
}
@Override
String getJCAFallbackAlgorithm() {
return "SHA3-224withECDSA";
}
}
static final class SHA3_256withECDSA extends AbstractECDSASignatureMethod {
SHA3_256withECDSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA3_256withECDSA(Element dmElem) throws MarshalException {
super(dmElem);
}
@Override
public String getAlgorithm() {
return ECDSA_SHA3_256;
}
@Override
String getJCAAlgorithm() {
return "SHA3-256withECDSAinP1363Format";
}
@Override
String getJCAFallbackAlgorithm() {
return "SHA3-256withECDSA";
}
}
static final class SHA3_384withECDSA extends AbstractECDSASignatureMethod {
SHA3_384withECDSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA3_384withECDSA(Element dmElem) throws MarshalException {
super(dmElem);
}
@Override
public String getAlgorithm() {
return ECDSA_SHA3_384;
}
@Override
String getJCAAlgorithm() {
return "SHA3-384withECDSAinP1363Format";
}
@Override
String getJCAFallbackAlgorithm() {
return "SHA3-384withECDSA";
}
}
static final class SHA3_512withECDSA extends AbstractECDSASignatureMethod {
SHA3_512withECDSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
super(params);
}
SHA3_512withECDSA(Element dmElem) throws MarshalException {
super(dmElem);
}
@Override
public String getAlgorithm() {
return ECDSA_SHA3_512;
}
@Override
String getJCAAlgorithm() {
return "SHA3-512withECDSAinP1363Format";
}
@Override
String getJCAFallbackAlgorithm() {
return "SHA3-512withECDSA";
}
}
static final class RIPEMD160withECDSA extends AbstractECDSASignatureMethod {
RIPEMD160withECDSA(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {

8
src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
View File

@@ -345,6 +345,14 @@ public final class DOMXMLSignatureFactory extends XMLSignatureFactory {
return new DOMSignatureMethod.SHA384withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA512)) {
return new DOMSignatureMethod.SHA512withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_224)) {
return new DOMSignatureMethod.SHA3_224withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_256)) {
return new DOMSignatureMethod.SHA3_256withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_384)) {
return new DOMSignatureMethod.SHA3_384withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_512)) {
return new DOMSignatureMethod.SHA3_512withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_RIPEMD160)) {
return new DOMSignatureMethod.RIPEMD160withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ED25519)) {

2
src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java
View File

@@ -142,7 +142,7 @@ public final class XMLDSigRI extends Provider {
@SuppressWarnings("removal")
public XMLDSigRI() {
// This is the JDK XMLDSig provider, synced from
// Apache Santuario XML Security for Java, version 3.0.3
// Apache Santuario XML Security for Java, version 3.0.5
super("XMLDSig", VER, INFO);
final Provider p = this;

6
src/java.xml.crypto/share/legal/santuario.md
View File

@@ -1,4 +1,4 @@
## Apache Santuario v3.0.3
## Apache Santuario v3.0.5
### Apache 2.0 License
```
@@ -211,7 +211,7 @@ limitations under the License.
```
Apache Santuario - XML Security for Java
Copyright 1999-2023 The Apache Software Foundation
Copyright 1999-2024 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
@@ -223,5 +223,5 @@ The development of this software was partly funded by the European
Commission in the <WebSig> project in the ISIS Programme.
This product contains software that is
copyright (c) 2021, Oracle and/or its affiliates.
copyright (c) 2021, 2023, Oracle and/or its affiliates.
```

41
test/jdk/javax/xml/crypto/dsig/GenerationTests.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,7 @@
/**
* @test
* @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 8038349 8046949
* 8046724 8079693 8177334 8205507 8210736 8217878 8241306 8305972
* 8046724 8079693 8177334 8205507 8210736 8217878 8241306 8305972 8344137
* @summary Basic unit tests for generating XML Signatures with JSR 105
* @modules java.base/sun.security.util
* java.base/sun.security.x509
@@ -99,6 +99,7 @@ public class GenerationTests {
private static SignatureMethod dsaSha1, dsaSha256,
rsaSha1, rsaSha224, rsaSha256, rsaSha384, rsaSha512,
ecdsaSha1, ecdsaSha224, ecdsaSha256, ecdsaSha384, ecdsaSha512,
ecdsaSha3_224, ecdsaSha3_256, ecdsaSha3_384, ecdsaSha3_512,
hmacSha1, hmacSha224, hmacSha256, hmacSha384, hmacSha512,
rsaSha1mgf1, rsaSha224mgf1, rsaSha256mgf1, rsaSha384mgf1, rsaSha512mgf1,
rsaSha3_224mgf1, rsaSha3_256mgf1, rsaSha3_384mgf1, rsaSha3_512mgf1,
@@ -305,6 +306,10 @@ public class GenerationTests {
test_create_signature_enveloping_p256_sha256();
test_create_signature_enveloping_p256_sha384();
test_create_signature_enveloping_p256_sha512();
test_create_signature_enveloping_p256_sha3_224();
test_create_signature_enveloping_p256_sha3_256();
test_create_signature_enveloping_p256_sha3_384();
test_create_signature_enveloping_p256_sha3_512();
test_create_signature_enveloping_p384_sha1();
test_create_signature_enveloping_p521_sha1();
test_create_signature_enveloping_ed25519();
@@ -559,6 +564,10 @@ public class GenerationTests {
ecdsaSha256 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA256, null);
ecdsaSha384 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA384, null);
ecdsaSha512 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA512, null);
ecdsaSha3_224 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224", null);
ecdsaSha3_256 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256", null);
ecdsaSha3_384 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384", null);
ecdsaSha3_512 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512", null);
ed25519 = fac.newSignatureMethod(SignatureMethod.ED25519, null);
ed448 = fac.newSignatureMethod(SignatureMethod.ED448, null);
@@ -892,6 +901,34 @@ public class GenerationTests {
System.out.println();
}
static void test_create_signature_enveloping_p256_sha3_224() throws Exception {
System.out.println("* Generating signature-enveloping-p256-sha3_224.xml");
test_create_signature_enveloping(sha1, ecdsaSha3_224, p256ki,
getECPrivateKey("P256"), kvks, false, true);
System.out.println();
}
static void test_create_signature_enveloping_p256_sha3_256() throws Exception {
System.out.println("* Generating signature-enveloping-p256-sha3_256.xml");
test_create_signature_enveloping(sha1, ecdsaSha3_256, p256ki,
getECPrivateKey("P256"), kvks, false, true);
System.out.println();
}
static void test_create_signature_enveloping_p256_sha3_384() throws Exception {
System.out.println("* Generating signature-enveloping-p256-sha3_384.xml");
test_create_signature_enveloping(sha1, ecdsaSha3_384, p256ki,
getECPrivateKey("P256"), kvks, false, true);
System.out.println();
}
static void test_create_signature_enveloping_p256_sha3_512() throws Exception {
System.out.println("* Generating signature-enveloping-p256-sha3_512.xml");
test_create_signature_enveloping(sha1, ecdsaSha3_512, p256ki,
getECPrivateKey("P256"), kvks, false, true);
System.out.println();
}
static void test_create_signature_enveloping_p384_sha1() throws Exception {
System.out.println("* Generating signature-enveloping-p384-sha1.xml");
test_create_signature_enveloping(sha1, ecdsaSha1, p384ki,

61
test/jdk/javax/xml/crypto/dsig/PSS.java Normal file
View File

@@ -0,0 +1,61 @@
/*
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import jdk.test.lib.Asserts;
import jdk.test.lib.security.XMLUtils;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.spec.RSAPSSParameterSpec;
import java.security.KeyPairGenerator;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
/**
* @test
* @bug 8344137
* @summary check RSASSA-PSS key
* @library /test/lib
* @modules java.xml.crypto
*/
public class PSS {
public static void main(String[] args) throws Exception {
var doc = XMLUtils.string2doc("<a><b>Text</b>Raw</a>");
var kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
kpg.initialize(2048);
var keyPair = kpg.generateKeyPair();
var pspec = new PSSParameterSpec("SHA-384", "MGF1",
MGF1ParameterSpec.SHA512, 48,
PSSParameterSpec.TRAILER_FIELD_BC);
var signed = XMLUtils.signer(keyPair.getPrivate(), keyPair.getPublic())
.dm(DigestMethod.SHA384)
.sm(SignatureMethod.RSA_PSS, new RSAPSSParameterSpec(pspec))
.sign(doc);
Asserts.assertTrue(XMLUtils.validator().validate(signed));
}
}

46
test/lib/jdk/test/lib/security/XMLUtils.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2021, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2021, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -198,6 +198,7 @@ public class XMLUtils {
String dm = DigestMethod.SHA256;
String cm = CanonicalizationMethod.EXCLUSIVE;
String tr = Transform.ENVELOPED;
Map<String, Object> props = new HashMap<>();
public Signer(PrivateKey privateKey) {
this.privateKey = Objects.requireNonNull(privateKey);
@@ -247,6 +248,11 @@ public class XMLUtils {
return sm(method, null);
}
public Signer prop(String name, Object o) {
props.put(name, o);
return this;
}
// Signs different sources
// Signs an XML file in detached mode
@@ -254,7 +260,7 @@ public class XMLUtils {
Document newDocument = DocumentBuilderFactory.newInstance()
.newDocumentBuilder().newDocument();
FAC.newXMLSignature(buildSignedInfo(uri.toString()), buildKeyInfo()).sign(
new DOMSignContext(privateKey, newDocument));
withProps(new DOMSignContext(privateKey, newDocument)));
return newDocument;
}
@@ -264,7 +270,8 @@ public class XMLUtils {
.newDocumentBuilder().newDocument();
DOMSignContext ctxt = new DOMSignContext(privateKey, newDocument);
ctxt.setBaseURI(base.toString());
FAC.newXMLSignature(buildSignedInfo(ref.toString()), buildKeyInfo()).sign(ctxt);
FAC.newXMLSignature(buildSignedInfo(ref.toString()), buildKeyInfo())
.sign(withProps(ctxt));
return newDocument;
}
@@ -275,7 +282,7 @@ public class XMLUtils {
.transform(new DOMSource(document), result);
Document newDocument = (Document) result.getNode();
FAC.newXMLSignature(buildSignedInfo(""), buildKeyInfo()).sign(
new DOMSignContext(privateKey, newDocument.getDocumentElement()));
withProps(new DOMSignContext(privateKey, newDocument.getDocumentElement())));
return newDocument;
}
@@ -290,7 +297,7 @@ public class XMLUtils {
id, null, null)),
null,
null)
.sign(new DOMSignContext(privateKey, newDocument));
.sign(withProps(new DOMSignContext(privateKey, newDocument)));
return newDocument;
}
@@ -308,7 +315,7 @@ public class XMLUtils {
"object", null, null)),
null,
null)
.sign(new DOMSignContext(privateKey, newDocument));
.sign(withProps(new DOMSignContext(privateKey, newDocument)));
return newDocument;
}
@@ -325,10 +332,18 @@ public class XMLUtils {
"object", null, null)),
null,
null)
.sign(new DOMSignContext(privateKey, newDocument));
.sign(withProps(new DOMSignContext(privateKey, newDocument)));
return newDocument;
}
// Add props to a context
private DOMSignContext withProps(DOMSignContext ctxt) {
for (var e : props.entrySet()) {
ctxt.setProperty(e.getKey(), e.getValue());
}
return ctxt;
}
// Builds a SignedInfo for a string reference
private SignedInfo buildSignedInfo(String ref) throws Exception {
return buildSignedInfo(FAC.newReference(
@@ -426,6 +441,7 @@ public class XMLUtils {
private Boolean secureValidation = null;
private String baseURI = null;
private final KeyStore ks;
Map<String, Object> props = new HashMap<>();
public Validator(KeyStore ks) {
this.ks = ks;
@@ -441,6 +457,11 @@ public class XMLUtils {
return this;
}
public Validator prop(String name, Object o) {
props.put(name, o);
return this;
}
public boolean validate(Document document) throws Exception {
return validate(document, null);
}
@@ -471,12 +492,21 @@ public class XMLUtils {
secureValidation);
}
return XMLSignatureFactory.getInstance("DOM")
.unmarshalXMLSignature(valContext).validate(valContext);
.unmarshalXMLSignature(valContext)
.validate(withProps(valContext));
}
}
return false;
}
// Add props to a context
private DOMValidateContext withProps(DOMValidateContext ctxt) {
for (var e : props.entrySet()) {
ctxt.setProperty(e.getKey(), e.getValue());
}
return ctxt;
}
// Find public key from KeyInfo, ks will be used if it's KeyName
private static class MyKeySelector extends KeySelector {
private final KeyStore ks;