Produced by Araxis Merge on 9/25/2018 2:13:05 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\com\sun\org\apache\xml\internal\security\signature | XMLSignature.java | Mon Jan 22 14:46:50 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\com\sun\org\apache\xml\internal\security\signature | XMLSignature.java | Wed Sep 12 16:38:03 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 3 | 1740 |
Changed | 2 | 8 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * reserve d comment block | |
3 | * DO NOT REMOVE OR ALTER! | |
4 | */ | |
5 | /** | |
6 | * License d to the A pache Soft ware Found ation (ASF ) under on e | |
7 | * or more contribut or license agreement s. See the NOTICE fi le | |
8 | * distrib uted with this work for additi onal infor mation | |
9 | * regardi ng copyrig ht ownersh ip. The AS F licenses this file | |
10 | * to you under the Apache Lic ense, Vers ion 2.0 (t he | |
11 | * "Licens e"); you m ay not use this file except in complianc e | |
12 | * with th e License. You may o btain a co py of the License at | |
13 | * | |
14 | * http:// www.apache .org/licen ses/LICENS E-2.0 | |
15 | * | |
16 | * Unless required b y applicab le law or agreed to in writing , | |
17 | * softwar e distribu ted under the Licens e is distr ibuted on an | |
18 | * "AS IS" BASIS, WI THOUT WARR ANTIES OR CONDITIONS OF ANY | |
19 | * KIND, e ither expr ess or imp lied. See the Licens e for the | |
20 | * specifi c language governing permissio ns and lim itations | |
21 | * under t he License . | |
22 | */ | |
23 | package co m.sun.org. apache.xml .internal. security.s ignature; | |
24 | ||
25 | import jav a.io.IOExc eption; | |
26 | import jav a.io.Outpu tStream; | |
27 | import jav a.security .Key; | |
28 | import jav a.security .PublicKey ; | |
29 | import jav a.security .cert.X509 Certificat e; | |
30 | ||
31 | import jav ax.crypto. SecretKey; | |
32 | ||
33 | import com .sun.org.a pache.xml. internal.s ecurity.al gorithms.S ignatureAl gorithm; | |
34 | import com .sun.org.a pache.xml. internal.s ecurity.c1 4n.Canonic alizationE xception; | |
35 | import com .sun.org.a pache.xml. internal.s ecurity.c1 4n.Canonic alizer; | |
36 | import com .sun.org.a pache.xml. internal.s ecurity.c1 4n.Invalid Canonicali zerExcepti on; | |
37 | import com .sun.org.a pache.xml. internal.s ecurity.ex ceptions.B ase64Decod ingExcepti on; | |
38 | import com .sun.org.a pache.xml. internal.s ecurity.ex ceptions.X MLSecurity Exception; | |
39 | import com .sun.org.a pache.xml. internal.s ecurity.ke ys.KeyInfo ; | |
40 | import com .sun.org.a pache.xml. internal.s ecurity.ke ys.content .X509Data; | |
41 | import com .sun.org.a pache.xml. internal.s ecurity.tr ansforms.T ransforms; | |
42 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.Base64 ; | |
43 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.Consta nts; | |
44 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.I18n; | |
45 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.Signat ureElement Proxy; | |
46 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.Signer OutputStre am; | |
47 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.Unsync BufferedOu tputStream ; | |
48 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.XMLUti ls; | |
49 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.resolv er.Resourc eResolver; | |
50 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.resolv er.Resourc eResolverS pi; | |
51 | import org .w3c.dom.A ttr; | |
52 | import org .w3c.dom.D ocument; | |
53 | import org .w3c.dom.E lement; | |
54 | import org .w3c.dom.N ode; | |
55 | import org .w3c.dom.N odeList; | |
56 | import org .w3c.dom.T ext; | |
57 | ||
58 | /** | |
59 | * Handles <code>< ;ds:Signat ure></c ode> eleme nts. | |
60 | * This is the main class that deals wit h creating and verif ying signa tures. | |
61 | * | |
62 | * <p>Ther e are 2 ty pes of con structors for this c lass. The ones that take a | |
63 | * documen t, baseURI and 1 or more Java Objects. T his is mos tly used f or | |
64 | * signing purposes. | |
65 | * The oth er constru ctor is th e one that takes a D OM Element and a bas eURI. | |
66 | * This is used most ly with fo r verifyin g, when yo u have a S ignatureEl ement. | |
67 | * | |
68 | * There a re a few d ifferent t ypes of me thods: | |
69 | * <ul><li >The addDo cument* me thods are used to ad d Referenc es with op tional | |
70 | * transfo rms during signing. </li> | |
71 | * <li>add KeyInfo* m ethods are to add Ce rtificates and Keys to the | |
72 | * KeyInfo tags duri ng signing . </li> | |
73 | * <li>app endObject allows a u ser to add any XML S tructure a s an | |
74 | * ObjectC ontainer d uring sign ing.</li> | |
75 | * <li>sig n and chec kSignature Value meth ods are us ed to sign and valid ate the | |
76 | * signatu re. </li>< /ul> | |
77 | */ | |
78 | public fin al class X MLSignatur e extends SignatureE lementProx y { | |
79 | ||
80 | /** MA C - Requir ed HMAC-SH A1 */ | |
81 | public static fi nal String ALGO_ID_M AC_HMAC_SH A1 = | |
82 | Co nstants.Si gnatureSpe cNS + "hma c-sha1"; | |
83 | ||
84 | /** Si gnature - Required D SAwithSHA1 (DSS) */ | |
85 | public static fi nal String ALGO_ID_S IGNATURE_D SA = | |
86 | Co nstants.Si gnatureSpe cNS + "dsa -sha1"; | |
87 | ||
88 | /** Si gnature - Optional D SAwithSHA2 56 */ | |
89 | public static fi nal String ALGO_ID_S IGNATURE_D SA_SHA256 = | |
90 | Co nstants.Si gnatureSpe c11NS + "d sa-sha256" ; | |
91 | ||
92 | /** Si gnature - Recommende d RSAwithS HA1 */ | |
93 | public static fi nal String ALGO_ID_S IGNATURE_R SA = | |
94 | Co nstants.Si gnatureSpe cNS + "rsa -sha1"; | |
95 | ||
96 | /** Si gnature - Recommende d RSAwithS HA1 */ | |
97 | public static fi nal String ALGO_ID_S IGNATURE_R SA_SHA1 = | |
98 | Co nstants.Si gnatureSpe cNS + "rsa -sha1"; | |
99 | ||
100 | /** Si gnature - NOT Recomm ended RSAw ithMD5 */ | |
101 | public static fi nal String ALGO_ID_S IGNATURE_N OT_RECOMME NDED_RSA_M D5 = | |
102 | Co nstants.Mo reAlgorith msSpecNS + "rsa-md5" ; | |
103 | ||
104 | /** Si gnature - Optional R SAwithRIPE MD160 */ | |
105 | public static fi nal String ALGO_ID_S IGNATURE_R SA_RIPEMD1 60 = | |
106 | Co nstants.Mo reAlgorith msSpecNS + "rsa-ripe md160"; | |
107 | ||
108 | /** Si gnature - Optional R SAwithSHA2 56 */ | |
109 | public static fi nal String ALGO_ID_S IGNATURE_R SA_SHA256 = | |
110 | Co nstants.Mo reAlgorith msSpecNS + "rsa-sha2 56"; | |
111 | ||
112 | /** Si gnature - Optional R SAwithSHA3 84 */ | |
113 | public static fi nal String ALGO_ID_S IGNATURE_R SA_SHA384 = | |
114 | Co nstants.Mo reAlgorith msSpecNS + "rsa-sha3 84"; | |
115 | ||
116 | /** Si gnature - Optional R SAwithSHA5 12 */ | |
117 | public static fi nal String ALGO_ID_S IGNATURE_R SA_SHA512 = | |
118 | Co nstants.Mo reAlgorith msSpecNS + "rsa-sha5 12"; | |
119 | ||
120 | /** HM AC - NOT R ecommended HMAC-MD5 */ | |
121 | public static fi nal String ALGO_ID_M AC_HMAC_NO T_RECOMMEN DED_MD5 = | |
122 | Co nstants.Mo reAlgorith msSpecNS + "hmac-md5 "; | |
123 | ||
124 | /** HM AC - Optio nal HMAC-R IPEMD160 * / | |
125 | public static fi nal String ALGO_ID_M AC_HMAC_RI PEMD160 = | |
126 | Co nstants.Mo reAlgorith msSpecNS + "hmac-rip emd160"; | |
127 | ||
128 | /** HM AC - Optio nal HMAC-S HA256 */ | |
129 | public static fi nal String ALGO_ID_M AC_HMAC_SH A256 = | |
130 | Co nstants.Mo reAlgorith msSpecNS + "hmac-sha 256"; | |
131 | ||
132 | /** HM AC - Optio nal HMAC-S HA284 */ | |
133 | public static fi nal String ALGO_ID_M AC_HMAC_SH A384 = | |
134 | Co nstants.Mo reAlgorith msSpecNS + "hmac-sha 384"; | |
135 | ||
136 | /** HM AC - Optio nal HMAC-S HA512 */ | |
137 | public static fi nal String ALGO_ID_M AC_HMAC_SH A512 = | |
138 | Co nstants.Mo reAlgorith msSpecNS + "hmac-sha 512"; | |
139 | ||
140 | /**Sig nature - O ptional EC DSAwithSHA 1 */ | |
141 | public static fi nal String ALGO_ID_S IGNATURE_E CDSA_SHA1 = | |
142 | "h ttp://www. w3.org/200 1/04/xmlds ig-more#ec dsa-sha1"; | |
143 | ||
144 | /**Sig nature - O ptional EC DSAwithSHA 256 */ | |
145 | public static fi nal String ALGO_ID_S IGNATURE_E CDSA_SHA25 6 = | |
146 | "h ttp://www. w3.org/200 1/04/xmlds ig-more#ec dsa-sha256 "; | |
147 | ||
148 | /**Sig nature - O ptional EC DSAwithSHA 384 */ | |
149 | public static fi nal String ALGO_ID_S IGNATURE_E CDSA_SHA38 4 = | |
150 | "h ttp://www. w3.org/200 1/04/xmlds ig-more#ec dsa-sha384 "; | |
151 | ||
152 | /**Sig nature - O ptional EC DSAwithSHA 512 */ | |
153 | public static fi nal String ALGO_ID_S IGNATURE_E CDSA_SHA51 2 = | |
154 | "h ttp://www. w3.org/200 1/04/xmlds ig-more#ec dsa-sha512 "; | |
155 | ||
156 | /** {@ link org.a pache.comm ons.loggin g} logging facility */ | |
157 | privat e static j ava.util.l ogging.Log ger log = | |
158 | ja va.util.lo gging.Logg er.getLogg er(XMLSign ature.clas s.getName( )); | |
159 | ||
160 | /** ds :Signature .ds:Signed Info eleme nt */ | |
161 | privat e SignedIn fo signedI nfo; | |
162 | ||
163 | /** ds :Signature .ds:KeyInf o */ | |
164 | privat e KeyInfo keyInfo; | |
165 | ||
166 | /** | |
167 | * Che cking the digests in Reference s in a Sig nature are mandatory , but for | |
168 | * Ref erences in side a Man ifest it i s applicat ion specif ic. This b oolean is | |
169 | * to indicate t hat the Re ferences i nside Mani fests shou ld be vali dated. | |
170 | */ | |
171 | privat e boolean followMani festsDurin gValidatio n = false; | |
172 | ||
173 | privat e Element signatureV alueElemen t; | |
174 | ||
175 | privat e static f inal int M ODE_SIGN = 0; | |
176 | privat e static f inal int M ODE_VERIFY = 1; | |
177 | privat e int stat e = MODE_S IGN; | |
178 | ||
179 | /** | |
180 | * Thi s creates a new <COD E>ds:Signa ture</CODE > Element and adds a n empty | |
181 | * <CO DE>ds:Sign edInfo</CO DE>. | |
182 | * The <code>ds: SignedInfo </code> is initializ ed with th e specifie d Signatur e | |
183 | * alg orithm and Canonical izer.ALGO_ ID_C14N_OM IT_COMMENT S which is REQUIRED | |
184 | * by the spec. This metho d's main u se is for creating a new signa ture. | |
185 | * | |
186 | * @pa ram doc Do cument in which the signature will be ap pended aft er creatio n. | |
187 | * @pa ram baseUR I URI to b e used as context fo r all rela tive URIs. | |
188 | * @pa ram signat ureMethodU RI signatu re algorit hm to use. | |
189 | * @th rows XMLSe curityExce ption | |
190 | */ | |
191 | public XMLSignat ure(Docume nt doc, St ring baseU RI, String signature MethodURI) | |
192 | th rows XMLSe curityExce ption { | |
193 | th is(doc, ba seURI, sig natureMeth odURI, 0, Canonicali zer.ALGO_I D_C14N_OMI T_COMMENTS ); | |
194 | } | |
195 | ||
196 | /** | |
197 | * Con structor X MLSignatur e | |
198 | * | |
199 | * @pa ram doc | |
200 | * @pa ram baseUR I | |
201 | * @pa ram signat ureMethodU RI the Sig nature met hod to be used. | |
202 | * @pa ram hmacOu tputLength | |
203 | * @th rows XMLSe curityExce ption | |
204 | */ | |
205 | public XMLSignat ure(Docume nt doc, St ring baseU RI, String signature MethodURI, | |
206 | int hm acOutputLe ngth) thro ws XMLSecu rityExcept ion { | |
207 | th is( | |
208 | doc, bas eURI, sign atureMetho dURI, hmac OutputLeng th, | |
209 | Canonica lizer.ALGO _ID_C14N_O MIT_COMMEN TS | |
210 | ); | |
211 | } | |
212 | ||
213 | /** | |
214 | * Con structor X MLSignatur e | |
215 | * | |
216 | * @pa ram doc | |
217 | * @pa ram baseUR I | |
218 | * @pa ram signat ureMethodU RI the Sig nature met hod to be used. | |
219 | * @pa ram canoni calization MethodURI the canoni calization algorithm to be | |
220 | * use d to c14ni ze the Sig nedInfo el ement. | |
221 | * @th rows XMLSe curityExce ption | |
222 | */ | |
223 | public XMLSignat ure( | |
224 | Do cument doc , | |
225 | St ring baseU RI, | |
226 | St ring signa tureMethod URI, | |
227 | St ring canon icalizatio nMethodURI | |
228 | ) thro ws XMLSecu rityExcept ion { | |
229 | th is(doc, ba seURI, sig natureMeth odURI, 0, canonicali zationMeth odURI); | |
230 | } | |
231 | ||
232 | /** | |
233 | * Con structor X MLSignatur e | |
234 | * | |
235 | * @pa ram doc | |
236 | * @pa ram baseUR I | |
237 | * @pa ram signat ureMethodU RI | |
238 | * @pa ram hmacOu tputLength | |
239 | * @pa ram canoni calization MethodURI | |
240 | * @th rows XMLSe curityExce ption | |
241 | */ | |
242 | public XMLSignat ure( | |
243 | Do cument doc , | |
244 | St ring baseU RI, | |
245 | St ring signa tureMethod URI, | |
246 | in t hmacOutp utLength, | |
247 | St ring canon icalizatio nMethodURI | |
248 | ) thro ws XMLSecu rityExcept ion { | |
249 | su per(doc); | |
250 | ||
251 | St ring xmlns DsPrefix = getDefaul tPrefix(Co nstants.Si gnatureSpe cNS); | |
252 | if (xmlnsDsP refix == n ull || xml nsDsPrefix .length() == 0) { | |
253 | this.con structionE lement.set AttributeN S( | |
254 | Cons tants.Name spaceSpecN S, "xmlns" , Constant s.Signatur eSpecNS | |
255 | ); | |
256 | } else { | |
257 | this.con structionE lement.set AttributeN S( | |
258 | Cons tants.Name spaceSpecN S, "xmlns: " + xmlnsD sPrefix, C onstants.S ignatureSp ecNS | |
259 | ); | |
260 | } | |
261 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
262 | ||
263 | th is.baseURI = baseURI ; | |
264 | th is.signedI nfo = | |
265 | new Sign edInfo( | |
266 | this .doc, sign atureMetho dURI, hmac OutputLeng th, canoni calization MethodURI | |
267 | ); | |
268 | ||
269 | th is.constru ctionEleme nt.appendC hild(this. signedInfo .getElemen t()); | |
270 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
271 | ||
272 | // create an empty Sig natureValu e; this is filled by setSignat ureValueEl ement | |
273 | si gnatureVal ueElement = | |
274 | XMLUtils .createEle mentInSign atureSpace (this.doc, Constants ._TAG_SIGN ATUREVALUE ); | |
275 | ||
276 | th is.constru ctionEleme nt.appendC hild(signa tureValueE lement); | |
277 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
278 | } | |
279 | ||
280 | /** | |
281 | * Cr eates a XM LSignature in a Docu ment | |
282 | * @pa ram doc | |
283 | * @pa ram baseUR I | |
284 | * @pa ram Signat ureMethodE lem | |
285 | * @pa ram Canoni calization MethodElem | |
286 | * @th rows XMLSe curityExce ption | |
287 | */ | |
288 | public XMLSignat ure( | |
289 | Do cument doc , | |
290 | St ring baseU RI, | |
291 | El ement Sign atureMetho dElem, | |
292 | El ement Cano nicalizati onMethodEl em | |
293 | ) thro ws XMLSecu rityExcept ion { | |
294 | su per(doc); | |
295 | ||
296 | St ring xmlns DsPrefix = getDefaul tPrefix(Co nstants.Si gnatureSpe cNS); | |
297 | if (xmlnsDsP refix == n ull || xml nsDsPrefix .length() == 0) { | |
298 | this.con structionE lement.set AttributeN S( | |
299 | Cons tants.Name spaceSpecN S, "xmlns" , Constant s.Signatur eSpecNS | |
300 | ); | |
301 | } else { | |
302 | this.con structionE lement.set AttributeN S( | |
303 | Cons tants.Name spaceSpecN S, "xmlns: " + xmlnsD sPrefix, C onstants.S ignatureSp ecNS | |
304 | ); | |
305 | } | |
306 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
307 | ||
308 | th is.baseURI = baseURI ; | |
309 | th is.signedI nfo = | |
310 | new Sign edInfo(thi s.doc, Sig natureMeth odElem, Ca nonicaliza tionMethod Elem); | |
311 | ||
312 | th is.constru ctionEleme nt.appendC hild(this. signedInfo .getElemen t()); | |
313 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
314 | ||
315 | // create an empty Sig natureValu e; this is filled by setSignat ureValueEl ement | |
316 | si gnatureVal ueElement = | |
317 | XMLUtils .createEle mentInSign atureSpace (this.doc, Constants ._TAG_SIGN ATUREVALUE ); | |
318 | ||
319 | th is.constru ctionEleme nt.appendC hild(signa tureValueE lement); | |
320 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
321 | } | |
322 | ||
323 | /** | |
324 | * Thi s will par se the ele ment and c onstruct t he Java Ob jects. | |
325 | * Tha t will all ow a user to validat e the sign ature. | |
326 | * | |
327 | * @pa ram elemen t ds:Signa ture eleme nt that co ntains the whole sig nature | |
328 | * @pa ram baseUR I URI to b e prepende d to all r elative UR Is | |
329 | * @th rows XMLSe curityExce ption | |
330 | * @th rows XMLSi gnatureExc eption if the signat ure is bad ly formatt ed | |
331 | */ | |
332 | public XMLSignat ure(Elemen t element, String ba seURI) | |
333 | th rows XMLSi gnatureExc eption, XM LSecurityE xception { | |
334 | th is(element , baseURI, false); | |
335 | } | |
336 | ||
337 | /** | |
338 | * Thi s will par se the ele ment and c onstruct t he Java Ob jects. | |
339 | * Tha t will all ow a user to validat e the sign ature. | |
340 | * | |
341 | * @pa ram elemen t ds:Signa ture eleme nt that co ntains the whole sig nature | |
342 | * @pa ram baseUR I URI to b e prepende d to all r elative UR Is | |
343 | * @pa ram secure Validation whether s ecure secu reValidati on is enab led or not | |
344 | * @th rows XMLSe curityExce ption | |
345 | * @th rows XMLSi gnatureExc eption if the signat ure is bad ly formatt ed | |
346 | */ | |
347 | public XMLSignat ure(Elemen t element, String ba seURI, boo lean secur eValidatio n) | |
348 | th rows XMLSi gnatureExc eption, XM LSecurityE xception { | |
349 | su per(elemen t, baseURI ); | |
350 | ||
351 | // check out SignedInf o child | |
352 | El ement sign edInfoElem = XMLUtil s.getNextE lement(ele ment.getFi rstChild() ); | |
353 | ||
354 | // check to see if it is there | |
355 | if (signedIn foElem == null) { | |
356 | Object e xArgs[] = { Constant s._TAG_SIG NEDINFO, C onstants._ TAG_SIGNAT URE }; | |
357 | throw ne w XMLSigna tureExcept ion("xml.W rongConten t", exArgs ); | |
358 | } | |
359 | ||
360 | // create a SignedInfo object fr om that el ement | |
361 | th is.signedI nfo = new SignedInfo (signedInf oElem, bas eURI, secu reValidati on); | |
362 | // get signe dInfoElem again in c ase it has changed | |
363 | si gnedInfoEl em = XMLUt ils.getNex tElement(e lement.get FirstChild ()); | |
364 | ||
365 | // check out Signature Value chil d | |
366 | th is.signatu reValueEle ment = | |
367 | XMLUtils .getNextEl ement(sign edInfoElem .getNextSi bling()); | |
368 | ||
369 | // check to see if it exists | |
370 | if (signatur eValueElem ent == nul l) { | |
371 | Object e xArgs[] = { Constant s._TAG_SIG NATUREVALU E, Constan ts._TAG_SI GNATURE }; | |
372 | throw ne w XMLSigna tureExcept ion("xml.W rongConten t", exArgs ); | |
373 | } | |
374 | At tr signatu reValueAtt r = signat ureValueEl ement.getA ttributeNo deNS(null, "Id"); | |
375 | if (signatur eValueAttr != null) { | |
376 | signatur eValueElem ent.setIdA ttributeNo de(signatu reValueAtt r, true); | |
377 | } | |
378 | ||
379 | // <element ref="ds:Ke yInfo" min Occurs="0" /> | |
380 | El ement keyI nfoElem = | |
381 | XMLUtils .getNextEl ement(sign atureValue Element.ge tNextSibli ng()); | |
382 | ||
383 | // If it exi sts use it , but it's not manda tory | |
384 | if (keyInfoE lem != nul l | |
385 | && keyIn foElem.get NamespaceU RI().equal s(Constant s.Signatur eSpecNS) | |
386 | && keyIn foElem.get LocalName( ).equals(C onstants._ TAG_KEYINF O)) { | |
387 | this.key Info = new KeyInfo(k eyInfoElem , baseURI) ; | |
388 | this.key Info.setSe cureValida tion(secur eValidatio n); | |
389 | } | |
390 | ||
391 | // <element ref="ds:Ob ject" minO ccurs="0" maxOccurs= "unbounded "/> | |
392 | El ement obje ctElem = | |
393 | XMLUtils .getNextEl ement(sign atureValue Element.ge tNextSibli ng()); | |
394 | wh ile (objec tElem != n ull) { | |
395 | Attr obj ectAttr = objectElem .getAttrib uteNodeNS( null, "Id" ); | |
396 | if (obje ctAttr != null) { | |
397 | obje ctElem.set IdAttribut eNode(obje ctAttr, tr ue); | |
398 | } | |
399 | ||
400 | NodeList nodes = o bjectElem. getChildNo des(); | |
401 | int leng th = nodes .getLength (); | |
402 | // Regis ter Ids of the Objec t child el ements | |
403 | for (int i = 0; i < length; i++) { | |
404 | Node child = n odes.item( i); | |
405 | if ( child.getN odeType() == Node.EL EMENT_NODE ) { | |
406 | Element ch ildElem = (Element)c hild; | |
407 | String tag = childEl em.getLoca lName(); | |
408 | if (tag.eq uals("Mani fest")) { | |
409 | new Ma nifest(chi ldElem, ba seURI); | |
410 | } else if (tag.equal s("Signatu reProperti es")) { | |
411 | new Si gnaturePro perties(ch ildElem, b aseURI); | |
412 | } | |
413 | } | |
414 | } | |
415 | ||
416 | objectEl em = XMLUt ils.getNex tElement(o bjectElem. getNextSib ling()); | |
417 | } | |
418 | ||
419 | th is.state = MODE_VERI FY; | |
420 | } | |
421 | ||
422 | /** | |
423 | * Set s the <cod e>Id</code > attribut e | |
424 | * | |
425 | * @pa ram id Id value for the id att ribute on the Signat ure Elemen t | |
426 | */ | |
427 | public void setI d(String i d) { | |
428 | if (id != nu ll) { | |
429 | this.con structionE lement.set AttributeN S(null, Co nstants._A TT_ID, id) ; | |
430 | this.con structionE lement.set IdAttribut eNS(null, Constants. _ATT_ID, t rue); | |
431 | } | |
432 | } | |
433 | ||
434 | /** | |
435 | * Ret urns the < code>Id</c ode> attri bute | |
436 | * | |
437 | * @re turn the < code>Id</c ode> attri bute | |
438 | */ | |
439 | public String ge tId() { | |
440 | re turn this. constructi onElement. getAttribu teNS(null, Constants ._ATT_ID); | |
441 | } | |
442 | ||
443 | /** | |
444 | * Ret urns the c ompletely parsed <co de>SignedI nfo</code> object. | |
445 | * | |
446 | * @re turn the c ompletely parsed <co de>SignedI nfo</code> object. | |
447 | */ | |
448 | public SignedInf o getSigne dInfo() { | |
449 | re turn this. signedInfo ; | |
450 | } | |
451 | ||
452 | /** | |
453 | * Ret urns the o ctet value of the Si gnatureVal ue element . | |
454 | * Thr ows an XML SignatureE xception i f it has n o or wrong content. | |
455 | * | |
456 | * @re turn the v alue of th e Signatur eValue ele ment. | |
457 | * @th rows XMLSi gnatureExc eption If there is n o content | |
458 | */ | |
459 | public byte[] ge tSignature Value() th rows XMLSi gnatureExc eption { | |
460 | tr y { | |
461 | return B ase64.deco de(signatu reValueEle ment); | |
462 | } catch (Bas e64Decodin gException ex) { | |
463 | throw ne w XMLSigna tureExcept ion("empty ", ex); | |
464 | } | |
465 | } | |
466 | ||
467 | /** | |
468 | * Bas e64 encode s and sets the bytes as the co ntent of t he Signatu reValue | |
469 | * Nod e. | |
470 | * | |
471 | * @pa ram bytes bytes to b e used by SignatureV alue befor e Base64 e ncoding | |
472 | */ | |
473 | privat e void set SignatureV alueElemen t(byte[] b ytes) { | |
474 | ||
475 | wh ile (signa tureValueE lement.has ChildNodes ()) { | |
476 | signatur eValueElem ent.remove Child(sign atureValue Element.ge tFirstChil d()); | |
477 | } | |
478 | ||
479 | St ring base6 4codedValu e = Base64 .encode(by tes); | |
480 | ||
481 | if (base64co dedValue.l ength() > 76 && !XML Utils.igno reLineBrea ks()) { | |
482 | base64co dedValue = "\n" + ba se64codedV alue + "\n "; | |
483 | } | |
484 | ||
485 | Te xt t = thi s.doc.crea teTextNode (base64cod edValue); | |
486 | si gnatureVal ueElement. appendChil d(t); | |
487 | } | |
488 | ||
489 | /** | |
490 | * Ret urns the K eyInfo chi ld. If we are in sig ning mode and the Ke yInfo | |
491 | * doe s not exis t yet, it is created on demand and added to the Si gnature. | |
492 | * <br > | |
493 | * Thi s allows t o add arbi trary cont ent to the KeyInfo d uring sign ing. | |
494 | * | |
495 | * @re turn the K eyInfo obj ect | |
496 | */ | |
497 | public KeyInfo g etKeyInfo( ) { | |
498 | // check to see if we are signin g and if w e have to create a k eyinfo | |
499 | if (this.sta te == MODE _SIGN && t his.keyInf o == null) { | |
500 | ||
501 | // creat e the KeyI nfo | |
502 | this.key Info = new KeyInfo(t his.doc); | |
503 | ||
504 | // get t he Element from KeyI nfo | |
505 | Element keyInfoEle ment = thi s.keyInfo. getElement (); | |
506 | Element firstObjec t = | |
507 | XMLU tils.selec tDsNode( | |
508 | this.const ructionEle ment.getFi rstChild() , Constant s._TAG_OBJ ECT, 0 | |
509 | ); | |
510 | ||
511 | if (firs tObject != null) { | |
512 | // a dd it befo re the obj ect | |
513 | this .construct ionElement .insertBef ore(keyInf oElement, firstObjec t); | |
514 | XMLU tils.addRe turnBefore Child(this .construct ionElement , firstObj ect); | |
515 | } else { | |
516 | // a dd it as t he last el ement to t he signatu re | |
517 | this .construct ionElement .appendChi ld(keyInfo Element); | |
518 | XMLU tils.addRe turnToElem ent(this.c onstructio nElement); | |
519 | } | |
520 | } | |
521 | ||
522 | re turn this. keyInfo; | |
523 | } | |
524 | ||
525 | /** | |
526 | * App ends an Ob ject (not a <code>ja va.lang.Ob ject</code > but an O bject | |
527 | * ele ment) to t he Signatu re. Please note that this is o nly possib le | |
528 | * whe n signing. | |
529 | * | |
530 | * @pa ram object ds:Object to be app ended. | |
531 | * @th rows XMLSi gnatureExc eption Whe n this obj ect is use d to verif y. | |
532 | */ | |
533 | public void appe ndObject(O bjectConta iner objec t) throws XMLSignatu reExceptio n { | |
534 | // try { | |
535 | // if (this.s tate != MO DE_SIGN) { | |
536 | // throw new XMLSignat ureExcepti on( | |
537 | // "signatu re.operati onOnlyBefo reSign"); | |
538 | // } | |
539 | ||
540 | th is.constru ctionEleme nt.appendC hild(objec t.getEleme nt()); | |
541 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
542 | // } catch (X MLSecurity Exception ex) { | |
543 | // throw new XMLSignat ureExcepti on("empty" , ex); | |
544 | // } | |
545 | } | |
546 | ||
547 | /** | |
548 | * Ret urns the < code>i<cod e>th <code >ds:Object </code> ch ild of the signature | |
549 | * or null if no such <cod e>ds:Objec t</code> e lement exi sts. | |
550 | * | |
551 | * @pa ram i | |
552 | * @re turn the < code>i<cod e>th <code >ds:Object </code> ch ild of the signature | |
553 | * or null if no such <cod e>ds:Objec t</code> e lement exi sts. | |
554 | */ | |
555 | public ObjectCon tainer get ObjectItem (int i) { | |
556 | El ement objE lem = | |
557 | XMLUtils .selectDsN ode( | |
558 | this .construct ionElement .getFirstC hild(), Co nstants._T AG_OBJECT, i | |
559 | ); | |
560 | ||
561 | tr y { | |
562 | return n ew ObjectC ontainer(o bjElem, th is.baseURI ); | |
563 | } catch (XML SecurityEx ception ex ) { | |
564 | return n ull; | |
565 | } | |
566 | } | |
567 | ||
568 | /** | |
569 | * Ret urns the n umber of a ll <code>d s:Object</ code> elem ents. | |
570 | * | |
571 | * @re turn the n umber of a ll <code>d s:Object</ code> elem ents. | |
572 | */ | |
573 | public int getOb jectLength () { | |
574 | re turn this. length(Con stants.Sig natureSpec NS, Consta nts._TAG_O BJECT); | |
575 | } | |
576 | ||
577 | /** | |
578 | * Dig ests all R eferences in the Sig nedInfo, c alculates the signat ure value | |
579 | * and sets it i n the Sign atureValue Element. | |
580 | * | |
581 | * @pa ram signin gKey the { @link java .security. PrivateKey } or | |
582 | * {@l ink javax. crypto.Sec retKey} th at is used to sign. | |
583 | * @th rows XMLSi gnatureExc eption | |
584 | */ | |
585 | public void sign (Key signi ngKey) thr ows XMLSig natureExce ption { | |
586 | ||
587 | if (signingK ey instanc eof Public Key) { | |
588 | throw ne w IllegalA rgumentExc eption( | |
589 | I18n .translate ("algorith ms.operati onOnlyVeri fication") | |
590 | ); | |
591 | } | |
592 | ||
593 | tr y { | |
594 | //Create a Signatu reAlgorith m object | |
595 | SignedIn fo si = th is.getSign edInfo(); | |
596 | Signatur eAlgorithm sa = si.g etSignatur eAlgorithm (); | |
597 | OutputSt ream so = null; | |
598 | try { | |
599 | // i nitialize SignatureA lgorithm f or signing | |
600 | sa.i nitSign(si gningKey); | |
601 | ||
602 | // g enerate di gest value s for all References in this S ignedInfo | |
603 | si.g enerateDig estValues( ); | |
604 | so = new Unsyn cBufferedO utputStrea m(new Sign erOutputSt ream(sa)); | |
605 | // g et the can onicalized bytes fro m SignedIn fo | |
606 | si.s ignInOctet Stream(so) ; | |
607 | } catch (XMLSecuri tyExceptio n ex) { | |
608 | thro w ex; | |
609 | } finall y { | |
610 | if ( so != null ) { | |
611 | try { | |
612 | so.clo se(); | |
613 | } catch (I OException ex) { | |
614 | if (lo g.isLoggab le(java.ut il.logging .Level.FIN E)) { | |
615 | lo g.log(java .util.logg ing.Level. FINE, ex.g etMessage( ), ex); | |
616 | } | |
617 | } | |
618 | } | |
619 | } | |
620 | ||
621 | // set t hem on the Signature Value elem ent | |
622 | this.set SignatureV alueElemen t(sa.sign( )); | |
623 | } catch (XML SignatureE xception e x) { | |
624 | throw ex ; | |
625 | } catch (Can onicalizat ionExcepti on ex) { | |
626 | throw ne w XMLSigna tureExcept ion("empty ", ex); | |
627 | } catch (Inv alidCanoni calizerExc eption ex) { | |
628 | throw ne w XMLSigna tureExcept ion("empty ", ex); | |
629 | } catch (XML SecurityEx ception ex ) { | |
630 | throw ne w XMLSigna tureExcept ion("empty ", ex); | |
631 | } | |
632 | } | |
633 | ||
634 | /** | |
635 | * Add s a {@link ResourceR esolver} t o enable t he retriev al of reso urces. | |
636 | * | |
637 | * @pa ram resolv er | |
638 | */ | |
639 | public void addR esourceRes olver(Reso urceResolv er resolve r) { | |
640 | th is.getSign edInfo().a ddResource Resolver(r esolver); | |
641 | } | |
642 | ||
643 | /** | |
644 | * Add s a {@link ResourceR esolverSpi } to enabl e the retr ieval of r esources. | |
645 | * | |
646 | * @pa ram resolv er | |
647 | */ | |
648 | public void addR esourceRes olver(Reso urceResolv erSpi reso lver) { | |
649 | th is.getSign edInfo().a ddResource Resolver(r esolver); | |
650 | } | |
651 | ||
652 | /** | |
653 | * Ext racts the public key from the certificat e and veri fies if th e signatur e | |
654 | * is valid by r e-digestin g all Refe rences, co mparing th ose agains t the | |
655 | * sto red Digest Values and then chec king to se e if the S ignatures match on | |
656 | * the SignedInf o. | |
657 | * | |
658 | * @pa ram cert C ertificate that cont ains the p ublic key part of th e keypair | |
659 | * tha t was used to sign. | |
660 | * @re turn true if the sig nature is valid, fal se otherwi se | |
661 | * @th rows XMLSi gnatureExc eption | |
662 | */ | |
663 | public boolean c heckSignat ureValue(X 509Certifi cate cert) | |
664 | th rows XMLSi gnatureExc eption { | |
665 | // see if ce rt is null | |
666 | if (cert != null) { | |
667 | // check the value s with the public ke y from the cert | |
668 | return t his.checkS ignatureVa lue(cert.g etPublicKe y()); | |
669 | } | |
670 | ||
671 | Ob ject exArg s[] = { "D idn't get a certific ate" }; | |
672 | th row new XM LSignature Exception( "empty", e xArgs); | |
673 | } | |
674 | ||
675 | /** | |
676 | * Ver ifies if t he signatu re is vali d by redig esting all Reference s, | |
677 | * com paring tho se against the store d DigestVa lues and t hen checki ng to see | |
678 | * if the Signat ures match on the Si gnedInfo. | |
679 | * | |
680 | * @pa ram pk {@l ink java.s ecurity.Pu blicKey} p art of the keypair o r | |
681 | * {@l ink javax. crypto.Sec retKey} th at was use d to sign | |
682 | * @re turn true if the sig nature is valid, fal se otherwi se | |
683 | * @th rows XMLSi gnatureExc eption | |
684 | */ | |
685 | public boolean c heckSignat ureValue(K ey pk) thr ows XMLSig natureExce ption { | |
686 | // COMMENT: p k suggests it can on ly be a pu blic key? | |
687 | // check to s ee if the key is not null | |
688 | if (pk == nu ll) { | |
689 | Object e xArgs[] = { "Didn't get a key" }; | |
690 | throw ne w XMLSigna tureExcept ion("empty ", exArgs) ; | |
691 | } | |
692 | // all refer ences insi de the sig nedinfo ne ed to be d ereference d and | |
693 | // digested again to s ee if the outcome ma tches the stored val ue in the | |
694 | // SignedInf o. | |
695 | // If follow ManifestsD uringValid ation is t rue it wil l do the s ame for | |
696 | // Reference s inside a Manifest. | |
697 | tr y { | |
698 | SignedIn fo si = th is.getSign edInfo(); | |
699 | //create a Signatu reAlgorith ms from th e Signatur eMethod in side | |
700 | //Signed Info. This is used t o validate the signa ture. | |
701 | Signatur eAlgorithm sa = si.g etSignatur eAlgorithm (); | |
702 | if (log. isLoggable (java.util .logging.L evel.FINE) ) { | |
703 | log. log(java.u til.loggin g.Level.FI NE, "signa tureMethod URI = " + sa.getAlgo rithmURI() ); | |
704 | log. log(java.u til.loggin g.Level.FI NE, "jceSi gAlgorithm = " + sa.getJCEA lgorithmSt ring()); | |
705 | log. log(java.u til.loggin g.Level.FI NE, "jceSi gProvider = " + sa.getJCEP roviderNam e()); | |
706 | log. log(java.u til.loggin g.Level.FI NE, "Publi cKey = " + pk); | |
707 | } | |
708 | byte sig Bytes[] = null; | |
709 | try { | |
710 | sa.i nitVerify( pk); | |
711 | ||
712 | // G et the can onicalized (normaliz ed) Signed Info | |
713 | Sign erOutputSt ream so = new Signer OutputStre am(sa); | |
714 | Outp utStream b os = new U nsyncBuffe redOutputS tream(so); | |
715 | ||
716 | si.s ignInOctet Stream(bos ); | |
717 | bos. close(); | |
718 | // r etrieve th e byte[] f rom the st ored signa ture | |
719 | sigB ytes = thi s.getSigna tureValue( ); | |
720 | } catch (IOExcepti on ex) { | |
721 | if ( log.isLogg able(java. util.loggi ng.Level.F INE)) { | |
722 | log.log(ja va.util.lo gging.Leve l.FINE, ex .getMessag e(), ex); | |
723 | } | |
724 | // I mpossible. .. | |
725 | } catch (XMLSecuri tyExceptio n ex) { | |
726 | thro w ex; | |
727 | } | |
728 | ||
729 | // have SignatureA lgorithm s ign the in put bytes and compar e them to | |
730 | // the b ytes that were store d in the s ignature. | |
731 | if (!sa. verify(sig Bytes)) { | |
732 | log. log(java.u til.loggin g.Level.WA RNING, "Si gnature ve rification failed.") ; | |
733 | retu rn false; | |
734 | } | |
735 | ||
736 | return s i.verify(t his.follow ManifestsD uringValid ation); | |
737 | } catch (XML SignatureE xception e x) { | |
738 | throw ex ; | |
739 | } catch (XML SecurityEx ception ex ) { | |
740 | throw ne w XMLSigna tureExcept ion("empty ", ex); | |
741 | } | |
742 | } | |
743 | ||
744 | /** | |
745 | * Add a Referen ce with fu ll paramet ers to thi s Signatur e | |
746 | * | |
747 | * @pa ram refere nceURI URI of the re source to be signed. Can be nu ll in | |
748 | * whi ch case th e derefere ncing is a pplication specific. Can be "" in which | |
749 | * it' s the pare nt node (o r parent d ocument?). There can only be o ne "" in | |
750 | * eac h signatur e. | |
751 | * @pa ram trans Optional l ist of tra nsformatio ns to be d one before digesting | |
752 | * @pa ram digest URI Mandat ory URI of the diges ting algor ithm to us e. | |
753 | * @pa ram refere nceId Opti onal id at tribute fo r this Ref erence | |
754 | * @pa ram refere nceType Op tional mim etype for the URI | |
755 | * @th rows XMLSi gnatureExc eption | |
756 | */ | |
757 | public void addD ocument( | |
758 | St ring refer enceURI, | |
759 | Tr ansforms t rans, | |
760 | St ring diges tURI, | |
761 | St ring refer enceId, | |
762 | St ring refer enceType | |
763 | ) thro ws XMLSign atureExcep tion { | |
764 | th is.signedI nfo.addDoc ument( | |
765 | this.bas eURI, refe renceURI, trans, dig estURI, re ferenceId, reference Type | |
766 | ); | |
767 | } | |
768 | ||
769 | /** | |
770 | * Thi s method i s a proxy method for the {@lin k Manifest #addDocume nt} method . | |
771 | * | |
772 | * @pa ram refere nceURI URI according to the XM L Signatur e specific ation. | |
773 | * @pa ram trans List of tr ansformati ons to be applied. | |
774 | * @pa ram digest URI URI of the diges t algorith m to be us ed. | |
775 | * @se e Manifest #addDocume nt | |
776 | * @th rows XMLSi gnatureExc eption | |
777 | */ | |
778 | public void addD ocument( | |
779 | St ring refer enceURI, | |
780 | Tr ansforms t rans, | |
781 | St ring diges tURI | |
782 | ) thro ws XMLSign atureExcep tion { | |
783 | th is.signedI nfo.addDoc ument(this .baseURI, referenceU RI, trans, digestURI , null, nu ll); | |
784 | } | |
785 | ||
786 | /** | |
787 | * Add s a Refere nce with j ust the UR I and the transforms . This use d the | |
788 | * SHA 1 algorith m as a def ault diges t algorith m. | |
789 | * | |
790 | * @pa ram refere nceURI URI according to the XM L Signatur e specific ation. | |
791 | * @pa ram trans List of tr ansformati ons to be applied. | |
792 | * @th rows XMLSi gnatureExc eption | |
793 | */ | |
794 | public void addD ocument(St ring refer enceURI, T ransforms trans) | |
795 | th rows XMLSi gnatureExc eption { | |
796 | th is.signedI nfo.addDoc ument( | |
797 | this.bas eURI, refe renceURI, trans, Con stants.ALG O_ID_DIGES T_SHA1, nu ll, null | |
798 | ); | |
799 | } | |
800 | ||
801 | /** | |
802 | * Add a Referen ce with ju st this UR I. It uses SHA1 by d efault as the digest | |
803 | * alg orithm | |
804 | * | |
805 | * @pa ram refere nceURI URI according to the XM L Signatur e specific ation. | |
806 | * @th rows XMLSi gnatureExc eption | |
807 | */ | |
808 | public void addD ocument(St ring refer enceURI) t hrows XMLS ignatureEx ception { | |
809 | th is.signedI nfo.addDoc ument( | |
810 | this.bas eURI, refe renceURI, null, Cons tants.ALGO _ID_DIGEST _SHA1, nul l, null | |
811 | ); | |
812 | } | |
813 | ||
814 | /** | |
815 | * Add an X509 C ertificate to the Ke yInfo. Thi s will inc lude the w hole cert | |
816 | * ins ide X509Da ta/X509Cer tificate t ags. | |
817 | * | |
818 | * @pa ram cert C ertificate to be inc luded. Thi s should b e the cert ificate of | |
819 | * the key that was used t o sign. | |
820 | * @th rows XMLSe curityExce ption | |
821 | */ | |
822 | public void addK eyInfo(X50 9Certifica te cert) t hrows XMLS ecurityExc eption { | |
823 | X5 09Data x50 9data = ne w X509Data (this.doc) ; | |
824 | ||
825 | x5 09data.add Certificat e(cert); | |
826 | th is.getKeyI nfo().add( x509data); | |
827 | } | |
828 | ||
829 | /** | |
830 | * Add this publ ic key to the KeyInf o. This wi ll include the compl ete key in | |
831 | * the KeyInfo s tructure. | |
832 | * | |
833 | * @pa ram pk | |
834 | */ | |
835 | public void addK eyInfo(Pub licKey pk) { | |
836 | th is.getKeyI nfo().add( pk); | |
837 | } | |
838 | ||
839 | /** | |
840 | * Pro xy method for {@link SignedInf o#createSe cretKey(by te[])}. If you want | |
841 | * to create a M AC, this m ethod help s you to o btain the | |
842 | * {@l ink javax. crypto.Sec retKey} fr om octets. | |
843 | * | |
844 | * @param PW KeyBytes | |
845 | * @return the PW key create d. | |
846 | * @se e SignedIn fo#createS ecretKey(b yte[]) | |
847 | */ | |
848 | public Sec retKey cre ateSecretK ey(byte[] PW KeyBytes) { | |
849 | return thi s.getSigne dInfo().cr eateSecret Key( PW KeyBytes); | |
850 | } | |
851 | ||
852 | /** | |
853 | * Sig nal whethe r Manifest should be automatic ally valid ated. | |
854 | * Che cking the digests in Reference s in a Sig nature are mandatory , but for | |
855 | * Ref erences in side a Man ifest it i s applicat ion specif ic. This b oolean is | |
856 | * to indicate t hat the Re ferences i nside Mani fests shou ld be vali dated. | |
857 | * | |
858 | * @pa ram follow Manifests | |
859 | * @se e <a href= "http://ww w.w3.org/T R/xmldsig- core/#sec- CoreValida tion"> | |
860 | * Cor e validati on section in the XM L Signatur e Rec.</a> | |
861 | */ | |
862 | public void setF ollowNeste dManifests (boolean f ollowManif ests) { | |
863 | th is.followM anifestsDu ringValida tion = fol lowManifes ts; | |
864 | } | |
865 | ||
866 | /** | |
867 | * Get the local name of t his elemen t | |
868 | * | |
869 | * @re turn Const ants._TAG_ SIGNATURE | |
870 | */ | |
871 | public String ge tBaseLocal Name() { | |
872 | re turn Const ants._TAG_ SIGNATURE; | |
873 | } | |
874 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.