From 25e0e11493b061749f778030036cb5c406b34590 Mon Sep 17 00:00:00 2001
From: Colm O hEigeartaigh <coheigea@apache.org>
Date: Mon, 17 Jun 2013 14:27:32 +0000
Subject: [PATCH] Don't allow non-standard c14n method

Conflicts:
	src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java

git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-java/branches/1.4.x-fixes@1493777 13f79535-47bb-0310-9956-ffa450edef68
---
 .../dom/DOMCanonicalizationMethod.java        | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java b/src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
index 37a978aceb..2559537b1c 100644
--- a/src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
+++ b/src/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
@@ -45,8 +45,12 @@ public class DOMCanonicalizationMethod extends DOMTransform
      * @param spi TransformService
      */
     public DOMCanonicalizationMethod(TransformService spi)
-	throws InvalidAlgorithmParameterException {
-	super(spi);
+        throws InvalidAlgorithmParameterException
+    {
+        super(spi);
+        if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+            throw new InvalidAlgorithmParameterException("Illegal CanonicalizationMethod");
+        } 
     }
 
     /**
@@ -59,6 +63,9 @@ public DOMCanonicalizationMethod(TransformService spi)
     public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context,
 	Provider provider) throws MarshalException {
 	super(cmElem, context, provider);
+        if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) {
+            throw new MarshalException("Illegal CanonicalizationMethod");
+        } 
     }
 
     /**
@@ -102,4 +109,13 @@ public int hashCode() {
 	assert false : "hashCode not designed";
 	return 42;
     }
+    
+    private static boolean isC14Nalg(String alg) {
+        return alg.equals(CanonicalizationMethod.INCLUSIVE) 
+            || alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) 
+            || alg.equals(CanonicalizationMethod.EXCLUSIVE) 
+            || alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) 
+            || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) 
+            || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS);
+    } 
 }