From 8e8f8bf92a43608d7d5f9e357fae19244454a61f Mon Sep 17 00:00:00 2001 From: Colm O Heigeartaigh Date: Mon, 17 Jun 2013 14:19:48 +0000 Subject: [PATCH] Don't allow non-standard c14n method git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-java/branches/1.5.x-fixes@1493772 13f79535-47bb-0310-9956-ffa450edef68 --- .../internal/dom/DOMCanonicalizationMethod.java | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java index e2b473ba97..de0e1d5de7 100644 --- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java +++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java @@ -50,6 +50,9 @@ public DOMCanonicalizationMethod(TransformService spi) throws InvalidAlgorithmParameterException { super(spi); + if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) { + throw new InvalidAlgorithmParameterException("Illegal CanonicalizationMethod"); + } } /** @@ -64,6 +67,9 @@ public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context, throws MarshalException { super(cmElem, context, provider); + if (!(spi instanceof ApacheCanonicalizer) && !isC14Nalg(spi.getAlgorithm())) { + throw new MarshalException("Illegal CanonicalizationMethod"); + } } /** @@ -111,4 +117,13 @@ public int hashCode() { assert false : "hashCode not designed"; return 42; // any arbitrary constant will do } + + private static boolean isC14Nalg(String alg) { + return alg.equals(CanonicalizationMethod.INCLUSIVE) + || alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) + || alg.equals(CanonicalizationMethod.EXCLUSIVE) + || alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) + || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) + || alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS); + } }