OpenJDK / jdk7u / jdk7u-dev / jdk
changeset 6390:abe9ea5a50d2
8014281: Better checking of XML signature
Summary: also reviewed by Andrew Gross and Christophe Ravel
Reviewed-by: mullan
| author | xuelei |
|---|---|
| date | Mon, 13 May 2013 18:30:45 -0700 |
| parents | 15ebd1eab1d0 |
| children | 2091127583a3 |
| files | src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java |
| diffstat | 1 files changed, 18 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java Fri Apr 19 16:50:10 2013 -0700 +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java Mon May 13 18:30:45 2013 -0700 @@ -51,6 +51,11 @@ public DOMCanonicalizationMethod(TransformService spi) throws InvalidAlgorithmParameterException { super(spi); + if (!(spi instanceof ApacheCanonicalizer) && + !isC14Nalg(spi.getAlgorithm())) { + throw new InvalidAlgorithmParameterException( + "Illegal CanonicalizationMethod"); + } } /** @@ -63,6 +68,10 @@ public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context, Provider provider) throws MarshalException { super(cmElem, context, provider); + if (!(spi instanceof ApacheCanonicalizer) && + !isC14Nalg(spi.getAlgorithm())) { + throw new MarshalException("Illegal CanonicalizationMethod"); + } } /** @@ -101,4 +110,13 @@ return (getAlgorithm().equals(ocm.getAlgorithm()) && DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec())); } + + private static boolean isC14Nalg(String alg) { + return (alg.equals(CanonicalizationMethod.INCLUSIVE) || + alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) || + alg.equals(CanonicalizationMethod.EXCLUSIVE) || + alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) || + alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) || + alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS)); + } }