Skip to content
This repository has been archived by the owner on May 26, 2020. It is now read-only.

Commit

Permalink
Disallow doc type declarations when secure validation is enabled
Browse files Browse the repository at this point in the history 
Conflicts:
	src/main/java/org/apache/xml/security/c14n/Canonicalizer.java

git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-java/branches/1.5.x-fixes@1537956 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
@coheigea
coheigea committed Nov 1, 2013
1 parent 10c7333 commit a09b904
Show file tree
Hide file tree
Showing 45 changed files with 157 additions and 40 deletions.
6 changes: 6 additions & 0 deletions src/main/java/org/apache/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import java.security.spec.AlgorithmParameterSpec;
import java.security.InvalidAlgorithmParameterException;
import java.util.Set;

import javax.xml.crypto.*;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.TransformException;
Expand Down Expand Up @@ -112,6 +113,8 @@ public Data canonicalize(Data data, XMLCryptoContext xc, OutputStream os)
if (apacheCanonicalizer == null) {
try {
apacheCanonicalizer = Canonicalizer.getInstance(getAlgorithm());
boolean secVal = Utils.secureValidation(xc);
apacheCanonicalizer.setSecureValidation(secVal);
if (log.isDebugEnabled()) {
log.debug("Created canonicalizer for algorithm: " + getAlgorithm());
}
Expand Down Expand Up @@ -249,6 +252,9 @@ public Data transform(Data data, XMLCryptoContext xc, OutputStream os)
}
}

boolean secVal = Utils.secureValidation(xc);
in.setSecureValidation(secVal);

try {
in = apacheTransform.performTransform(in, os);
if (!in.isNodeSet() && !in.isElement()) {
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/org/apache/jcp/xml/dsig/internal/dom/ApacheTransform.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Set;

import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.transforms.Transforms;
Expand Down Expand Up @@ -187,6 +187,8 @@ private Data transformIt(Data data, XMLCryptoContext xc, OutputStream os)
throw new TransformException(ex);
}
}
boolean secVal = Utils.secureValidation(xc);
in.setSecureValidation(secVal);

try {
if (os != null) {
Expand Down
2 changes: 2 additions & 0 deletions src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14N11Method.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ public Data transform(Data data, XMLCryptoContext xc)
if (subTree.excludeComments()) {
try {
apacheCanonicalizer = Canonicalizer.getInstance(C14N_11);
boolean secVal = Utils.secureValidation(xc);
apacheCanonicalizer.setSecureValidation(secVal);
} catch (InvalidCanonicalizerException ice) {
throw new TransformException
("Couldn't find Canonicalizer for: " +
Expand Down
2 changes: 2 additions & 0 deletions src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ public Data transform(Data data, XMLCryptoContext xc)
try {
apacheCanonicalizer = Canonicalizer.getInstance
(CanonicalizationMethod.INCLUSIVE);
boolean secVal = Utils.secureValidation(xc);
apacheCanonicalizer.setSecureValidation(secVal);
} catch (InvalidCanonicalizerException ice) {
throw new TransformException
("Couldn't find Canonicalizer for: " +
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.*;
import org.w3c.dom.Element;

import org.w3c.dom.Element;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;

Expand Down Expand Up @@ -144,6 +144,8 @@ public Data transform(Data data, XMLCryptoContext xc)
try {
apacheCanonicalizer = Canonicalizer.getInstance
(CanonicalizationMethod.EXCLUSIVE);
boolean secVal = Utils.secureValidation(xc);
apacheCanonicalizer.setSecureValidation(secVal);
} catch (InvalidCanonicalizerException ice) {
throw new TransformException
("Couldn't find Canonicalizer for: " +
Expand Down
3 changes: 3 additions & 0 deletions src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -494,6 +494,9 @@ private byte[] transform(Data dereferencedData,
} else {
throw new XMLSignatureException("unrecognized Data type");
}

boolean secVal = Utils.secureValidation(context);
xi.setSecureValidation(secVal);
if (context instanceof XMLSignContext && c14n11
&& !xi.isOctetStream() && !xi.isOutputStreamSet()) {
TransformService spi = null;
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,8 +235,9 @@ public XMLStructure dereferenceAsXMLStructure(XMLCryptoContext context)
{
try {
ApacheData data = (ApacheData)dereference(context);
boolean secVal = Utils.secureValidation(context);
DocumentBuilder db =
org.apache.xml.security.utils.XMLUtils.createDocumentBuilder(false);
org.apache.xml.security.utils.XMLUtils.createDocumentBuilder(false, secVal);
Document doc = db.parse(new ByteArrayInputStream
(data.getXMLSignatureInput().getBytes()));
Element kiElem = doc.getDocumentElement();
Expand Down
1 change: 1 addition & 0 deletions src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ public Data dereference(URIReference uriRef, XMLCryptoContext context)
}

XMLSignatureInput result = new XMLSignatureInput(referencedElem);
result.setSecureValidation(secVal);
if (!uri.substring(1).startsWith("xpointer(id(")) {
result.setExcludeComments(true);
}
Expand Down
17 changes: 16 additions & 1 deletion src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ public class Canonicalizer {
new ConcurrentHashMap<String, Class<? extends CanonicalizerSpi>>();

private final CanonicalizerSpi canonicalizerSpi;
private boolean secureValidation;

/**
* Constructor Canonicalizer
Expand Down Expand Up @@ -248,7 +249,7 @@ public byte[] canonicalize(byte[] inputBytes)
InputSource in = new InputSource(bais);

// needs to validate for ID attribute normalization
DocumentBuilder db = XMLUtils.createDocumentBuilder(true);
DocumentBuilder db = XMLUtils.createDocumentBuilder(true, secureValidation);

/*
* for some of the test vectors from the specification,
Expand Down Expand Up @@ -286,6 +287,7 @@ public byte[] canonicalize(byte[] inputBytes)
* @throws CanonicalizationException
*/
public byte[] canonicalizeSubtree(Node node) throws CanonicalizationException {
canonicalizerSpi.secureValidation = secureValidation;
return canonicalizerSpi.engineCanonicalizeSubTree(node);
}

Expand All @@ -299,6 +301,7 @@ public byte[] canonicalizeSubtree(Node node) throws CanonicalizationException {
*/
public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
throws CanonicalizationException {
canonicalizerSpi.secureValidation = secureValidation;
return canonicalizerSpi.engineCanonicalizeSubTree(node, inclusiveNamespaces);
}

Expand All @@ -312,6 +315,7 @@ public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
*/
public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
throws CanonicalizationException {
canonicalizerSpi.secureValidation = secureValidation;
return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
}

Expand All @@ -327,6 +331,7 @@ public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
public byte[] canonicalizeXPathNodeSet(
NodeList xpathNodeSet, String inclusiveNamespaces
) throws CanonicalizationException {
canonicalizerSpi.secureValidation = secureValidation;
return
canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
}
Expand All @@ -340,6 +345,7 @@ public byte[] canonicalizeXPathNodeSet(
*/
public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
throws CanonicalizationException {
canonicalizerSpi.secureValidation = secureValidation;
return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
}

Expand All @@ -354,6 +360,7 @@ public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
public byte[] canonicalizeXPathNodeSet(
Set<Node> xpathNodeSet, String inclusiveNamespaces
) throws CanonicalizationException {
canonicalizerSpi.secureValidation = secureValidation;
return
canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
}
Expand Down Expand Up @@ -382,5 +389,13 @@ public String getImplementingCanonicalizerClass() {
public void notReset() {
canonicalizerSpi.reset = false;
}

public boolean isSecureValidation() {
return secureValidation;
}

public void setSecureValidation(boolean secureValidation) {
this.secureValidation = secureValidation;
}

}
3 changes: 2 additions & 1 deletion src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ public abstract class CanonicalizerSpi {

/** Reset the writer after a c14n */
protected boolean reset = false;
protected boolean secureValidation;

/**
* Method canonicalize
Expand All @@ -58,7 +59,7 @@ public byte[] engineCanonicalize(byte[] inputBytes)
java.io.InputStream bais = new ByteArrayInputStream(inputBytes);
InputSource in = new InputSource(bais);

DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);

Document document = db.parse(in);
return this.engineCanonicalizeSubTree(document);
Expand Down
13 changes: 13 additions & 0 deletions src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
public abstract class AbstractSerializer implements Serializer {

protected Canonicalizer canon;
protected boolean secureValidation;

public void setCanonicalizer(Canonicalizer canon) {
this.canon = canon;
Expand Down Expand Up @@ -98,6 +99,7 @@ public byte[] serializeToByteArray(Element element) throws Exception {
@Deprecated
public String serialize(NodeList content) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
canon.setSecureValidation(secureValidation);
canon.setWriter(baos);
canon.notReset();
for (int i = 0; i < content.getLength(); i++) {
Expand All @@ -119,6 +121,7 @@ public String serialize(NodeList content) throws Exception {
*/
public byte[] serializeToByteArray(NodeList content) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
canon.setSecureValidation(secureValidation);
canon.setWriter(baos);
canon.notReset();
for (int i = 0; i < content.getLength(); i++) {
Expand All @@ -136,6 +139,7 @@ public byte[] serializeToByteArray(NodeList content) throws Exception {
@Deprecated
public String canonSerialize(Node node) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
canon.setSecureValidation(secureValidation);
canon.setWriter(baos);
canon.notReset();
canon.canonicalizeSubtree(node);
Expand All @@ -152,6 +156,7 @@ public String canonSerialize(Node node) throws Exception {
*/
public byte[] canonSerializeToByteArray(Node node) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
canon.setSecureValidation(secureValidation);
canon.setWriter(baos);
canon.notReset();
canon.canonicalizeSubtree(node);
Expand Down Expand Up @@ -245,5 +250,13 @@ protected static String createContext(String source, Node ctx) {
sb.append(">" + source + "</dummy>");
return sb.toString();
}

public boolean isSecureValidation() {
return secureValidation;
}

public void setSecureValidation(boolean secureValidation) {
this.secureValidation = secureValidation;
}

}
2 changes: 1 addition & 1 deletion src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ public Node deserialize(String source, Node ctx) throws XMLEncryptionException {
*/
private Node deserialize(Node ctx, InputSource inputSource) throws XMLEncryptionException {
try {
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);
Document d = db.parse(inputSource);

Document contextDocument = null;
Expand Down
6 changes: 6 additions & 0 deletions src/main/java/org/apache/xml/security/encryption/XMLCipher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1092,6 +1092,9 @@ private EncryptedData encryptData(
if (algorithm == null) {
throw new XMLEncryptionException("XMLCipher instance without transformation specified");
}
if (serializer instanceof AbstractSerializer) {
((AbstractSerializer)serializer).setSecureValidation(secureValidation);
}

byte[] serializedOctets = null;
if (serializedData == null) {
Expand Down Expand Up @@ -1604,6 +1607,9 @@ private Document decryptElement(Element element) throws XMLEncryptionException {
if (log.isDebugEnabled()) {
log.debug("Decrypting element...");
}
if (serializer instanceof AbstractSerializer) {
((AbstractSerializer)serializer).setSecureValidation(secureValidation);
}

if (cipherMode != DECRYPT_MODE) {
log.error("XMLCipher unexpectedly not in DECRYPT_MODE...");
Expand Down
2 changes: 1 addition & 1 deletion ...va/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,7 @@ private Element obtainReferenceElement(XMLSignatureInput resource)
*/
private Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
try {
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);
Document doc = db.parse(new ByteArrayInputStream(bytes));
return doc.getDocumentElement();
} catch (SAXException ex) {
Expand Down
16 changes: 8 additions & 8 deletions ...ava/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ public PublicKey engineLookupAndResolvePublicKey(
}
return null;
}
Element e = obtainReferenceElement(resource);
Element e = obtainReferenceElement(resource, secureValidation);

// Check to make sure that the reference is not to another RetrievalMethod
// which points to this element
Expand All @@ -111,7 +111,7 @@ public PublicKey engineLookupAndResolvePublicKey(
}
RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
Element e2 = obtainReferenceElement(resource2);
Element e2 = obtainReferenceElement(resource2, secureValidation);
if (e2 == element) {
if (log.isDebugEnabled()) {
log.debug("Error: Can't have RetrievalMethods pointing to each other");
Expand Down Expand Up @@ -166,7 +166,7 @@ public X509Certificate engineLookupResolveX509Certificate(
return getRawCertificate(resource);
}

Element e = obtainReferenceElement(resource);
Element e = obtainReferenceElement(resource, secureValidation);

// Check to make sure that the reference is not to another RetrievalMethod
// which points to this element
Expand All @@ -181,7 +181,7 @@ public X509Certificate engineLookupResolveX509Certificate(
}
RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
Element e2 = obtainReferenceElement(resource2);
Element e2 = obtainReferenceElement(resource2, secureValidation);
if (e2 == element) {
if (log.isDebugEnabled()) {
log.debug("Error: Can't have RetrievalMethods pointing to each other");
Expand Down Expand Up @@ -259,7 +259,7 @@ private static PublicKey resolveKey(
return null;
}

private static Element obtainReferenceElement(XMLSignatureInput resource)
private static Element obtainReferenceElement(XMLSignatureInput resource, boolean secureValidation)
throws CanonicalizationException, ParserConfigurationException,
IOException, SAXException, KeyResolverException {
Element e;
Expand All @@ -271,7 +271,7 @@ private static Element obtainReferenceElement(XMLSignatureInput resource)
} else {
// Retrieved resource is an inputStream
byte inputBytes[] = resource.getBytes();
e = getDocFromBytes(inputBytes);
e = getDocFromBytes(inputBytes, secureValidation);
// otherwise, we parse the resource, create an Element and delegate
if (log.isDebugEnabled()) {
log.debug("we have to parse " + inputBytes.length + " bytes");
Expand Down Expand Up @@ -320,9 +320,9 @@ private static XMLSignatureInput resolveInput(
* @return the Document Element after parsing bytes
* @throws KeyResolverException if something goes wrong
*/
private static Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
private static Element getDocFromBytes(byte[] bytes, boolean secureValidation) throws KeyResolverException {
try {
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);
Document doc = db.parse(new ByteArrayInputStream(bytes));
return doc.getDocumentElement();
} catch (SAXException ex) {
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/org/apache/xml/security/signature/Manifest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -602,4 +602,8 @@ public int getSignedContentLength() {
public String getBaseLocalName() {
return Constants._TAG_MANIFEST;
}

public boolean isSecureValidation() {
return secureValidation;
}
}
Loading

0 comments on commit a09b904

Please sign in to comment.