OpenJDK / jdk8u / monojdk8u
changeset 48878:c101d7eb3679
8278008: Improve Santuario processing
Summary: Backport SANTUARIO-572 & SANTUARIO-566
Reviewed-by: andrew
line wrap: on
line diff
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java Fri Feb 18 00:41:43 2022 +0300 +++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java Tue Mar 29 19:21:47 2022 +0300 @@ -180,6 +180,7 @@ validateReference(referentElement); KeyInfo referent = new KeyInfo(referentElement, baseURI); + referent.setSecureValidation(secureValidation); referent.addStorageResolver(storage); return referent; } @@ -198,7 +199,7 @@ } KeyInfo referent = new KeyInfo(referentElement, ""); - if (referent.containsKeyInfoReference()) { + if (referent.containsKeyInfoReference() || referent.containsRetrievalMethod()) { if (secureValidation) { throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithSecure"); } else {
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_en.properties Fri Feb 18 00:41:43 2022 +0300 +++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_en.properties Tue Mar 29 19:21:47 2022 +0300 @@ -124,6 +124,7 @@ signature.Transform.NotYetImplemented = Transform {0} not yet implemented signature.Transform.NullPointerTransform = Null pointer as URI. Programming bug? signature.Transform.UnknownTransform = Unknown transformation. No handler installed for URI {0} +signature.Transform.XPathError = Error evaluating XPath expression signature.Transform.node = Current Node: {0} signature.Transform.nodeAndType = Current Node: {0}, type: {1} signature.Util.BignumNonPositive = bigInteger.signum() must be positive
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java Fri Feb 18 00:41:43 2022 +0300 +++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java Tue Mar 29 19:21:47 2022 +0300 @@ -551,7 +551,7 @@ convertToNodes(); } catch (Exception e) { throw new XMLSecurityRuntimeException( - "signature.XMLSignatureInput.nodesetReference", e + "signature.XMLSignatureInput.nodesetReference" ); } }
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath.java Fri Feb 18 00:41:43 2022 +0300 +++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath.java Tue Mar 29 19:21:47 2022 +0300 @@ -147,11 +147,7 @@ } return 0; } catch (TransformerException e) { - Object[] eArgs = {currentNode}; - throw new XMLSecurityRuntimeException("signature.Transform.node", eArgs, e); - } catch (Exception e) { - Object[] eArgs = {currentNode, currentNode.getNodeType()}; - throw new XMLSecurityRuntimeException("signature.Transform.nodeAndType",eArgs, e); + throw new XMLSecurityRuntimeException("signature.Transform.XPathError"); } }
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverLocalFilesystem.java Fri Feb 18 00:41:43 2022 +0300 +++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverLocalFilesystem.java Tue Mar 29 19:21:47 2022 +0300 @@ -38,8 +38,6 @@ */ public class ResolverLocalFilesystem extends ResourceResolverSpi { - private static final int FILE_URI_LENGTH = "file:/".length(); - private static final com.sun.org.slf4j.internal.Logger LOG = com.sun.org.slf4j.internal.LoggerFactory.getLogger(ResolverLocalFilesystem.class); @@ -58,9 +56,7 @@ // calculate new URI URI uriNew = getNewURI(context.uriToResolve, context.baseUri); - String fileName = - ResolverLocalFilesystem.translateUriToFilename(uriNew.toString()); - InputStream inputStream = Files.newInputStream(Paths.get(fileName)); + InputStream inputStream = Files.newInputStream(Paths.get(uriNew)); XMLSignatureInput result = new XMLSignatureInput(inputStream); result.setSecureValidation(context.secureValidation); @@ -73,41 +69,6 @@ } /** - * Method translateUriToFilename - * - * @param uri - * @return the string of the filename - */ - private static String translateUriToFilename(String uri) { - - String subStr = uri.substring(FILE_URI_LENGTH); - - if (subStr.indexOf("%20") > -1) { - int offset = 0; - int index = 0; - StringBuilder temp = new StringBuilder(subStr.length()); - do { - index = subStr.indexOf("%20",offset); - if (index == -1) { - temp.append(subStr.substring(offset)); - } else { - temp.append(subStr.substring(offset, index)); - temp.append(' '); - offset = index + 3; - } - } while(index != -1); - subStr = temp.toString(); - } - - if (subStr.charAt(1) == ':') { - // we're running M$ Windows, so this works fine - return subStr; - } - // we're running some UNIX, so we have to prepend a slash - return "/" + subStr; - } - - /** * {@inheritDoc} */ public boolean engineCanResolveURI(ResourceResolverContext context) {
--- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java Fri Feb 18 00:41:43 2022 +0300 +++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java Tue Mar 29 19:21:47 2022 +0300 @@ -141,8 +141,8 @@ try { ResourceResolver apacheResolver = - ResourceResolver.getInstance(uriAttr, baseURI, false); - XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI, false); + ResourceResolver.getInstance(uriAttr, baseURI, secVal); + XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI, secVal); if (in.isOctetStream()) { return new ApacheOctetStreamData(in); } else {