Produced by Araxis Merge on 9/25/2018 2:13:05 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\com\sun\org\apache\xml\internal\security\signature | SignedInfo.java | Mon Jan 22 14:46:50 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\com\sun\org\apache\xml\internal\security\signature | SignedInfo.java | Wed Sep 12 16:38:02 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 3 | 786 |
Changed | 2 | 8 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * reserve d comment block | |
3 | * DO NOT REMOVE OR ALTER! | |
4 | */ | |
5 | /** | |
6 | * License d to the A pache Soft ware Found ation (ASF ) under on e | |
7 | * or more contribut or license agreement s. See the NOTICE fi le | |
8 | * distrib uted with this work for additi onal infor mation | |
9 | * regardi ng copyrig ht ownersh ip. The AS F licenses this file | |
10 | * to you under the Apache Lic ense, Vers ion 2.0 (t he | |
11 | * "Licens e"); you m ay not use this file except in complianc e | |
12 | * with th e License. You may o btain a co py of the License at | |
13 | * | |
14 | * http:// www.apache .org/licen ses/LICENS E-2.0 | |
15 | * | |
16 | * Unless required b y applicab le law or agreed to in writing , | |
17 | * softwar e distribu ted under the Licens e is distr ibuted on an | |
18 | * "AS IS" BASIS, WI THOUT WARR ANTIES OR CONDITIONS OF ANY | |
19 | * KIND, e ither expr ess or imp lied. See the Licens e for the | |
20 | * specifi c language governing permissio ns and lim itations | |
21 | * under t he License . | |
22 | */ | |
23 | package co m.sun.org. apache.xml .internal. security.s ignature; | |
24 | ||
25 | import jav a.io.ByteA rrayInputS tream; | |
26 | import jav a.io.IOExc eption; | |
27 | import jav a.io.Outpu tStream; | |
28 | import jav ax.crypto. SecretKey; | |
29 | import jav ax.crypto. spec.Secre tKeySpec; | |
30 | import jav ax.xml.XML Constants; | |
31 | import jav ax.xml.par sers.Parse rConfigura tionExcept ion; | |
32 | ||
33 | import com .sun.org.a pache.xml. internal.s ecurity.al gorithms.S ignatureAl gorithm; | |
34 | import com .sun.org.a pache.xml. internal.s ecurity.c1 4n.Canonic alizationE xception; | |
35 | import com .sun.org.a pache.xml. internal.s ecurity.c1 4n.Canonic alizer; | |
36 | import com .sun.org.a pache.xml. internal.s ecurity.c1 4n.Invalid Canonicali zerExcepti on; | |
37 | import com .sun.org.a pache.xml. internal.s ecurity.ex ceptions.X MLSecurity Exception; | |
38 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.Consta nts; | |
39 | import com .sun.org.a pache.xml. internal.s ecurity.ut ils.XMLUti ls; | |
40 | import com .sun.org.a pache.xml. internal.s ecurity.tr ansforms.p arams.Incl usiveNames paces; | |
41 | import org .w3c.dom.D ocument; | |
42 | import org .w3c.dom.E lement; | |
43 | import org .w3c.dom.N ode; | |
44 | import org .xml.sax.S AXExceptio n; | |
45 | ||
46 | /** | |
47 | * Handles <code>< ;ds:Signed Info></ code> elem ents | |
48 | * This <c ode>Signed Info<code> element i ncludes th e canonica lization a lgorithm, | |
49 | * a signa ture algor ithm, and one or mor e referenc es. | |
50 | * | |
51 | * @author Christian Geuer-Pol lmann | |
52 | */ | |
53 | public cla ss SignedI nfo extend s Manifest { | |
54 | ||
55 | /** Fi eld signat ureAlgorit hm */ | |
56 | privat e Signatur eAlgorithm signature Algorithm = null; | |
57 | ||
58 | /** Fi eld c14niz edBytes */ | |
59 | privat e byte[] c 14nizedByt es = null; | |
60 | ||
61 | privat e Element c14nMethod ; | |
62 | privat e Element signatureM ethod; | |
63 | ||
64 | /** | |
65 | * Ove rwrites {@ link Manif est#addDoc ument} bec ause it cr eates anot her | |
66 | * Ele ment. | |
67 | * | |
68 | * @pa ram doc th e {@link D ocument} i n which <c ode>XMLsig nature</co de> will | |
69 | * be placed | |
70 | * @th rows XMLSe curityExce ption | |
71 | */ | |
72 | public SignedInf o(Document doc) thro ws XMLSecu rityExcept ion { | |
73 | th is(doc, XM LSignature .ALGO_ID_S IGNATURE_D SA, | |
74 | Canonic alizer.ALG O_ID_C14N_ OMIT_COMME NTS); | |
75 | } | |
76 | ||
77 | /** | |
78 | * Con structs {@ link Signe dInfo} usi ng given C anonicaliz ation algo rithm and | |
79 | * Sig nature alg orithm. | |
80 | * | |
81 | * @pa ram doc <c ode>Signed Info</code > is place d in this document | |
82 | * @pa ram signat ureMethodU RI URI rep resentatio n of the D igest and | |
83 | * Signature algorithm | |
84 | * @pa ram canoni calization MethodURI URI repres entation o f the | |
85 | * Canonicali zation met hod | |
86 | * @th rows XMLSe curityExce ption | |
87 | */ | |
88 | public SignedInf o( | |
89 | Do cument doc , String s ignatureMe thodURI, S tring cano nicalizati onMethodUR I | |
90 | ) thro ws XMLSecu rityExcept ion { | |
91 | th is(doc, si gnatureMet hodURI, 0, canonical izationMet hodURI); | |
92 | } | |
93 | ||
94 | /** | |
95 | * Con structor S ignedInfo | |
96 | * | |
97 | * @pa ram doc <c ode>Signed Info</code > is place d in this document | |
98 | * @pa ram signat ureMethodU RI URI rep resentatio n of the D igest and | |
99 | * Signature algorithm | |
100 | * @pa ram hMACOu tputLength | |
101 | * @pa ram canoni calization MethodURI URI repres entation o f the | |
102 | * Canonicali zation met hod | |
103 | * @th rows XMLSe curityExce ption | |
104 | */ | |
105 | public SignedInf o( | |
106 | Do cument doc , String s ignatureMe thodURI, | |
107 | in t hMACOutp utLength, String can onicalizat ionMethodU RI | |
108 | ) thro ws XMLSecu rityExcept ion { | |
109 | su per(doc); | |
110 | ||
111 | c1 4nMethod = | |
112 | XMLUtils .createEle mentInSign atureSpace (this.doc, Constants ._TAG_CANO NICALIZATI ONMETHOD); | |
113 | ||
114 | c1 4nMethod.s etAttribut eNS(null, Constants. _ATT_ALGOR ITHM, cano nicalizati onMethodUR I); | |
115 | th is.constru ctionEleme nt.appendC hild(c14nM ethod); | |
116 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
117 | ||
118 | if (hMACOutp utLength > 0) { | |
119 | this.sig natureAlgo rithm = | |
120 | new SignatureA lgorithm(t his.doc, s ignatureMe thodURI, h MACOutputL ength); | |
121 | } else { | |
122 | this.sig natureAlgo rithm = ne w Signatur eAlgorithm (this.doc, signature MethodURI) ; | |
123 | } | |
124 | ||
125 | si gnatureMet hod = this .signature Algorithm. getElement (); | |
126 | th is.constru ctionEleme nt.appendC hild(signa tureMethod ); | |
127 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
128 | } | |
129 | ||
130 | /** | |
131 | * @pa ram doc | |
132 | * @pa ram signat ureMethodE lem | |
133 | * @pa ram canoni calization MethodElem | |
134 | * @th rows XMLSe curityExce ption | |
135 | */ | |
136 | public SignedInf o( | |
137 | Do cument doc , Element signatureM ethodElem, Element c anonicaliz ationMetho dElem | |
138 | ) thro ws XMLSecu rityExcept ion { | |
139 | su per(doc); | |
140 | // Check thi s? | |
141 | th is.c14nMet hod = cano nicalizati onMethodEl em; | |
142 | th is.constru ctionEleme nt.appendC hild(c14nM ethod); | |
143 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
144 | ||
145 | th is.signatu reAlgorith m = | |
146 | new Sign atureAlgor ithm(signa tureMethod Elem, null ); | |
147 | ||
148 | si gnatureMet hod = this .signature Algorithm. getElement (); | |
149 | th is.constru ctionEleme nt.appendC hild(signa tureMethod ); | |
150 | ||
151 | XM LUtils.add ReturnToEl ement(this .construct ionElement ); | |
152 | } | |
153 | ||
154 | /** | |
155 | * Bui ld a {@lin k SignedIn fo} from a n {@link E lement} | |
156 | * | |
157 | * @pa ram elemen t <code>Si gnedInfo</ code> | |
158 | * @pa ram baseUR I the URI of the res ource wher e the XML instance w as stored | |
159 | * @th rows XMLSe curityExce ption | |
160 | * @se e <A HREF= "http://li sts.w3.org /Archives/ Public/w3c -ietf-xmld sig/2001Oc tDec/0033. html"> | |
161 | * Que stion</A> | |
162 | * @se e <A HREF= "http://li sts.w3.org /Archives/ Public/w3c -ietf-xmld sig/2001Oc tDec/0054. html"> | |
163 | * Ans wer</A> | |
164 | */ | |
165 | public SignedInf o(Element element, S tring base URI) throw s XMLSecur ityExcepti on { | |
166 | th is(element , baseURI, false); | |
167 | } | |
168 | ||
169 | /** | |
170 | * Bui ld a {@lin k SignedIn fo} from a n {@link E lement} | |
171 | * | |
172 | * @pa ram elemen t <code>Si gnedInfo</ code> | |
173 | * @pa ram baseUR I the URI of the res ource wher e the XML instance w as stored | |
174 | * @pa ram secure Validation whether s ecure vali dation is enabled or not | |
175 | * @th rows XMLSe curityExce ption | |
176 | * @se e <A HREF= "http://li sts.w3.org /Archives/ Public/w3c -ietf-xmld sig/2001Oc tDec/0033. html"> | |
177 | * Que stion</A> | |
178 | * @se e <A HREF= "http://li sts.w3.org /Archives/ Public/w3c -ietf-xmld sig/2001Oc tDec/0054. html"> | |
179 | * Ans wer</A> | |
180 | */ | |
181 | public SignedInf o( | |
182 | El ement elem ent, Strin g baseURI, boolean s ecureValid ation | |
183 | ) thro ws XMLSecu rityExcept ion { | |
184 | // Parse the Reference children and Id att ribute in the Manife st | |
185 | su per(repars eSignedInf oElem(elem ent), base URI, secur eValidatio n); | |
186 | ||
187 | c1 4nMethod = XMLUtils. getNextEle ment(eleme nt.getFirs tChild()); | |
188 | si gnatureMet hod = XMLU tils.getNe xtElement( c14nMethod .getNextSi bling()); | |
189 | th is.signatu reAlgorith m = | |
190 | new Sign atureAlgor ithm(signa tureMethod , this.get BaseURI(), secureVal idation); | |
191 | } | |
192 | ||
193 | privat e static E lement rep arseSigned InfoElem(E lement ele ment) | |
194 | th rows XMLSe curityExce ption { | |
195 | /* | |
196 | * If a cust om canonic alizationM ethod is u sed, canon icalize | |
197 | * ds:Signed Info, repa rse it int o a new do cument | |
198 | * and repla ce the ori ginal not- canonicali zed ds:Sig nedInfo by | |
199 | * the re-pa rsed canon icalized o ne. | |
200 | * / | |
201 | El ement c14n Method = X MLUtils.ge tNextEleme nt(element .getFirstC hild()); | |
202 | St ring c14nM ethodURI = | |
203 | c14nMeth od.getAttr ibuteNS(nu ll, Consta nts._ATT_A LGORITHM); | |
204 | if (!(c14nMe thodURI.eq uals(Canon icalizer.A LGO_ID_C14 N_OMIT_COM MENTS) || | |
205 | c14nMeth odURI.equa ls(Canonic alizer.ALG O_ID_C14N_ WITH_COMME NTS) || | |
206 | c14nMeth odURI.equa ls(Canonic alizer.ALG O_ID_C14N_ EXCL_OMIT_ COMMENTS) || | |
207 | c14nMeth odURI.equa ls(Canonic alizer.ALG O_ID_C14N_ EXCL_WITH_ COMMENTS) || | |
208 | c14nMeth odURI.equa ls(Canonic alizer.ALG O_ID_C14N1 1_OMIT_COM MENTS) || | |
209 | c14nMeth odURI.equa ls(Canonic alizer.ALG O_ID_C14N1 1_WITH_COM MENTS))) { | |
210 | // the c 14n is not a secure one and ca n rewrite the URIs o r like | |
211 | // so re parse the SignedInfo to be sur e | |
212 | try { | |
213 | Cano nicalizer c14nizer = | |
214 | Canonicali zer.getIns tance(c14n MethodURI) ; | |
215 | ||
216 | byte [] c14nize dBytes = c 14nizer.ca nonicalize Subtree(el ement); | |
217 | java x.xml.pars ers.Docume ntBuilderF actory dbf = | |
218 | javax.xml. parsers.Do cumentBuil derFactory .newInstan ce(); | |
219 | dbf. setNamespa ceAware(tr ue); | |
220 | dbf. setFeature (XMLConsta nts.FEATUR E_SECURE_P ROCESSING, Boolean.T RUE); | |
221 | java x.xml.pars ers.Docume ntBuilder db = dbf.n ewDocument Builder(); | |
222 | Docu ment newdo c = | |
223 | db.parse(n ew ByteArr ayInputStr eam(c14niz edBytes)); | |
224 | Node imported = | |
225 | element.ge tOwnerDocu ment().imp ortNode(ne wdoc.getDo cumentElem ent(), tru e); | |
226 | ||
227 | elem ent.getPar entNode(). replaceChi ld(importe d, element ); | |
228 | ||
229 | retu rn (Elemen t) importe d; | |
230 | } catch (ParserCon figuration Exception ex) { | |
231 | thro w new XMLS ecurityExc eption("em pty", ex); | |
232 | } catch (IOExcepti on ex) { | |
233 | thro w new XMLS ecurityExc eption("em pty", ex); | |
234 | } catch (SAXExcept ion ex) { | |
235 | thro w new XMLS ecurityExc eption("em pty", ex); | |
236 | } | |
237 | } | |
238 | re turn eleme nt; | |
239 | } | |
240 | ||
241 | /** | |
242 | * Tes ts core va lidation p rocess | |
243 | * | |
244 | * @re turn true if verific ation was successful | |
245 | * @th rows Missi ngResource FailureExc eption | |
246 | * @th rows XMLSe curityExce ption | |
247 | */ | |
248 | public boolean v erify() | |
249 | th rows Missi ngResource FailureExc eption, XM LSecurityE xception { | |
250 | re turn super .verifyRef erences(fa lse); | |
251 | } | |
252 | ||
253 | /** | |
254 | * Tes ts core va lidation p rocess | |
255 | * | |
256 | * @pa ram follow Manifests defines wh ether the verificati on process has to ve rify refer enced <COD E>ds:Manif est</CODE> s, too | |
257 | * @re turn true if verific ation was successful | |
258 | * @th rows Missi ngResource FailureExc eption | |
259 | * @th rows XMLSe curityExce ption | |
260 | */ | |
261 | public boolean v erify(bool ean follow Manifests) | |
262 | th rows Missi ngResource FailureExc eption, XM LSecurityE xception { | |
263 | re turn super .verifyRef erences(fo llowManife sts); | |
264 | } | |
265 | ||
266 | /** | |
267 | * Ret urns getCa nonicalize dOctetStre am | |
268 | * | |
269 | * @re turn the c anonicaliz ation resu lt octet s tream of < code>Signe dInfo</cod e> element | |
270 | * @th rows Canon icalizatio nException | |
271 | * @th rows Inval idCanonica lizerExcep tion | |
272 | * @th rows XMLSe curityExce ption | |
273 | */ | |
274 | public byte[] ge tCanonical izedOctetS tream() | |
275 | th rows Canon icalizatio nException , InvalidC anonicaliz erExceptio n, XMLSecu rityExcept ion { | |
276 | if (this.c14 nizedBytes == null) { | |
277 | Canonica lizer c14n izer = | |
278 | Cano nicalizer. getInstanc e(this.get Canonicali zationMeth odURI()); | |
279 | ||
280 | this.c14 nizedBytes = | |
281 | c14n izer.canon icalizeSub tree(this. constructi onElement) ; | |
282 | } | |
283 | ||
284 | // make defe nsive copy | |
285 | re turn this. c14nizedBy tes.clone( ); | |
286 | } | |
287 | ||
288 | /** | |
289 | * Out put the C1 4n stream to the giv en OutputS tream. | |
290 | * @pa ram os | |
291 | * @th rows Canon icalizatio nException | |
292 | * @th rows Inval idCanonica lizerExcep tion | |
293 | * @th rows XMLSe curityExce ption | |
294 | */ | |
295 | public void sign InOctetStr eam(Output Stream os) | |
296 | th rows Canon icalizatio nException , InvalidC anonicaliz erExceptio n, XMLSecu rityExcept ion { | |
297 | if (this.c14 nizedBytes == null) { | |
298 | Canonica lizer c14n izer = | |
299 | Cano nicalizer. getInstanc e(this.get Canonicali zationMeth odURI()); | |
300 | c14nizer .setWriter (os); | |
301 | String i nclusiveNa mespaces = this.getI nclusiveNa mespaces() ; | |
302 | ||
303 | if (incl usiveNames paces == n ull) { | |
304 | c14n izer.canon icalizeSub tree(this. constructi onElement) ; | |
305 | } else { | |
306 | c14n izer.canon icalizeSub tree(this. constructi onElement, inclusive Namespaces ); | |
307 | } | |
308 | } else { | |
309 | try { | |
310 | os.w rite(this. c14nizedBy tes); | |
311 | } catch (IOExcepti on e) { | |
312 | thro w new Runt imeExcepti on(e); | |
313 | } | |
314 | } | |
315 | } | |
316 | ||
317 | /** | |
318 | * Ret urns the C anonicaliz ation meth od URI | |
319 | * | |
320 | * @re turn the C anonicaliz ation meth od URI | |
321 | */ | |
322 | public String ge tCanonical izationMet hodURI() { | |
323 | re turn c14nM ethod.getA ttributeNS (null, Con stants._AT T_ALGORITH M); | |
324 | } | |
325 | ||
326 | /** | |
327 | * Ret urns the S ignature m ethod URI | |
328 | * | |
329 | * @re turn the S ignature m ethod URI | |
330 | */ | |
331 | public String ge tSignature MethodURI( ) { | |
332 | El ement sign atureEleme nt = this. getSignatu reMethodEl ement(); | |
333 | ||
334 | if (signatur eElement ! = null) { | |
335 | return s ignatureEl ement.getA ttributeNS (null, Con stants._AT T_ALGORITH M); | |
336 | } | |
337 | ||
338 | re turn null; | |
339 | } | |
340 | ||
341 | /** | |
342 | * Met hod getSig natureMeth odElement | |
343 | * @re turn retur ns the Sig natureMeth od Element | |
344 | * | |
345 | */ | |
346 | public Element g etSignatur eMethodEle ment() { | |
347 | re turn signa tureMethod ; | |
348 | } | |
349 | ||
350 | /** | |
351 | * Cre ates a Sec retKey for the appro priate Mac algorithm based on a | |
352 | * byt e[] array password. | |
353 | * | |
354 | * @param PW KeyBytes | |
355 | * @return the PW key for th e SignedIn fo element . | |
356 | */ | |
357 | public Sec retKey cre ateSecretK ey(byte[] PW KeyBytes) { | |
358 | return new SecretKey Spec( PW KeyBytes, this.signa tureAlgori thm.getJCE AlgorithmS tring()); | |
359 | } | |
360 | ||
361 | protec ted Signat ureAlgorit hm getSign atureAlgor ithm() { | |
362 | re turn signa tureAlgori thm; | |
363 | } | |
364 | ||
365 | /** | |
366 | * Met hod getBas eLocalName | |
367 | * @in heritDoc | |
368 | * | |
369 | */ | |
370 | public String ge tBaseLocal Name() { | |
371 | re turn Const ants._TAG_ SIGNEDINFO ; | |
372 | } | |
373 | ||
374 | public String ge tInclusive Namespaces () { | |
375 | St ring c14nM ethodURI = c14nMetho d.getAttri buteNS(nul l, Constan ts._ATT_AL GORITHM); | |
376 | if (!(c14nMe thodURI.eq uals("http ://www.w3. org/2001/1 0/xml-exc- c14n#") || | |
377 | c14nMeth odURI.equa ls("http:/ /www.w3.or g/2001/10/ xml-exc-c1 4n#WithCom ments"))) { | |
378 | return n ull; | |
379 | } | |
380 | ||
381 | El ement incl usiveEleme nt = XMLUt ils.getNex tElement(c 14nMethod. getFirstCh ild()); | |
382 | ||
383 | if (inclusiv eElement ! = null) { | |
384 | try { | |
385 | Stri ng inclusi veNamespac es = | |
386 | new Inclus iveNamespa ces( | |
387 | inclus iveElement , | |
388 | Inclus iveNamespa ces.Exclus iveCanonic alizationN amespace | |
389 | ).getInclu siveNamesp aces(); | |
390 | retu rn inclusi veNamespac es; | |
391 | } catch (XMLSecuri tyExceptio n e) { | |
392 | retu rn null; | |
393 | } | |
394 | } | |
395 | re turn null; | |
396 | } | |
397 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.