SANTUARIO-518 - Refactor KeyResolvers. They are now all thread-safe.
git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-java/trunk@1872737 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/main/java/org/apache/xml/security/encryption/XMLCipher.java b/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
index 3bdeb73..11a4a79 100644
--- a/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
+++ b/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
@@ -1738,13 +1738,7 @@
if (ki != null) {
try {
// Add an EncryptedKey resolver
- EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
- if (internalKeyResolvers != null) {
- int size = internalKeyResolvers.size();
- for (int i = 0; i < size; i++) {
- resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
- }
- }
+ EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek, internalKeyResolvers);
ki.registerInternalKeyResolver(resolver);
ki.setSecureValidation(secureValidation);
key = ki.getSecretKey();
diff --git a/src/main/java/org/apache/xml/security/keys/KeyInfo.java b/src/main/java/org/apache/xml/security/keys/KeyInfo.java
index b9daec1..231d38e 100644
--- a/src/main/java/org/apache/xml/security/keys/KeyInfo.java
+++ b/src/main/java/org/apache/xml/security/keys/KeyInfo.java
@@ -850,7 +850,6 @@
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
@@ -858,7 +857,7 @@
for (StorageResolver storage : storageResolvers) {
PublicKey pk =
keyResolver.engineLookupAndResolvePublicKey(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (pk != null) {
@@ -881,7 +880,6 @@
PublicKey getPublicKeyFromInternalResolvers() throws KeyResolverException {
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
@@ -889,7 +887,7 @@
for (StorageResolver storage : storageResolvers) {
PublicKey pk =
keyResolver.engineLookupAndResolvePublicKey(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (pk != null) {
@@ -951,7 +949,6 @@
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
X509Certificate cert = applyCurrentResolver(uri, keyResolver);
if (cert != null) {
return cert;
@@ -969,7 +966,7 @@
for (StorageResolver storage : storageResolvers) {
X509Certificate cert =
keyResolver.engineLookupResolveX509Certificate(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (cert != null) {
@@ -997,7 +994,6 @@
String uri = this.getBaseURI();
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
- keyResolver.setSecureValidation(secureValidation);
X509Certificate cert = applyCurrentResolver(uri, keyResolver);
if (cert != null) {
return cert;
@@ -1044,7 +1040,6 @@
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
@@ -1053,7 +1048,7 @@
for (StorageResolver storage : storageResolvers) {
SecretKey sk =
keyResolver.engineLookupAndResolveSecretKey(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (sk != null) {
@@ -1077,7 +1072,6 @@
SecretKey getSecretKeyFromInternalResolvers() throws KeyResolverException {
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
@@ -1085,7 +1079,7 @@
for (StorageResolver storage : storageResolvers) {
SecretKey sk =
keyResolver.engineLookupAndResolveSecretKey(
- (Element) currentChild, uri, storage
+ (Element) currentChild, uri, storage, secureValidation
);
if (sk != null) {
@@ -1134,7 +1128,6 @@
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
@@ -1144,7 +1137,7 @@
// since they cannot return private keys
PrivateKey pk =
keyResolver.engineLookupAndResolvePrivateKey(
- (Element) currentChild, uri, null
+ (Element) currentChild, uri, null, secureValidation
);
if (pk != null) {
@@ -1166,7 +1159,6 @@
PrivateKey getPrivateKeyFromInternalResolvers() throws KeyResolverException {
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
- keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
@@ -1175,7 +1167,7 @@
// since they cannot return private keys
PrivateKey pk =
keyResolver.engineLookupAndResolvePrivateKey(
- (Element) currentChild, uri, null
+ (Element) currentChild, uri, null, secureValidation
);
if (pk != null) {
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
index 82541e5..8ff2058 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
@@ -25,7 +25,8 @@
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
-import javax.crypto.SecretKey;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.apache.xml.security.keys.keyresolver.implementations.DEREncodedKeyValueResolver;
import org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver;
@@ -41,8 +42,6 @@
import org.apache.xml.security.keys.storage.StorageResolver;
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.apache.xml.security.utils.JavaUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
/**
* KeyResolver is factory class for subclass of KeyResolverSpi that
@@ -53,20 +52,7 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(KeyResolver.class);
- /** Field resolverVector */
- private static List<KeyResolver> resolverVector = new CopyOnWriteArrayList<>();
-
- /** Field resolverSpi */
- private final KeyResolverSpi resolverSpi;
-
- /**
- * Constructor.
- *
- * @param keyResolverSpi a KeyResolverSpi instance
- */
- private KeyResolver(KeyResolverSpi keyResolverSpi) {
- resolverSpi = keyResolverSpi;
- }
+ private static List<KeyResolverSpi> resolverList = new CopyOnWriteArrayList<>();
/**
* Method length
@@ -74,7 +60,7 @@
* @return the length of resolvers registered
*/
public static int length() {
- return resolverVector.size();
+ return resolverList.size();
}
/**
@@ -83,14 +69,15 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return The certificate represented by the element.
*
* @throws KeyResolverException
*/
public static final X509Certificate getX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- for (KeyResolver resolver : resolverVector) {
+ for (KeyResolverSpi resolver : resolverList) {
if (resolver == null) {
Object[] exArgs = {
element != null
@@ -102,7 +89,7 @@
}
LOG.debug("check resolvability by class {}", resolver.getClass());
- X509Certificate cert = resolver.resolveX509Certificate(element, baseURI, storage);
+ X509Certificate cert = resolver.engineLookupResolveX509Certificate(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert;
}
@@ -122,14 +109,15 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return the public key contained in the element
*
* @throws KeyResolverException
*/
public static final PublicKey getPublicKey(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- for (KeyResolver resolver : resolverVector) {
+ for (KeyResolverSpi resolver : resolverList) {
if (resolver == null) {
Object[] exArgs = {
element != null
@@ -141,7 +129,7 @@
}
LOG.debug("check resolvability by class {}", resolver.getClass());
- PublicKey cert = resolver.resolvePublicKey(element, baseURI, storage);
+ PublicKey cert = resolver.engineLookupAndResolvePublicKey(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert;
}
@@ -165,19 +153,17 @@
* underlying collection is a CopyOnWriteArrayList.
*
* @param className
- * @param globalResolver Whether the KeyResolverSpi is a global resolver or not
* @throws InstantiationException
* @throws IllegalAccessException
* @throws ClassNotFoundException
* @throws SecurityException if a security manager is installed and the
* caller does not have permission to register the key resolver
*/
- public static void register(String className, boolean globalResolver)
+ public static void register(String className)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
JavaUtils.checkRegisterPermission();
KeyResolverSpi keyResolverSpi =
(KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
- keyResolverSpi.setGlobalResolver(globalResolver);
register(keyResolverSpi, false);
}
@@ -191,17 +177,15 @@
* underlying collection is a CopyOnWriteArrayList.
*
* @param className
- * @param globalResolver Whether the KeyResolverSpi is a global resolver or not
* @throws SecurityException if a security manager is installed and the
* caller does not have permission to register the key resolver
*/
- public static void registerAtStart(String className, boolean globalResolver) {
+ public static void registerAtStart(String className) {
JavaUtils.checkRegisterPermission();
KeyResolverSpi keyResolverSpi = null;
Exception ex = null;
try {
keyResolverSpi = (KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
- keyResolverSpi.setGlobalResolver(globalResolver);
register(keyResolverSpi, true);
} catch (ClassNotFoundException e) {
ex = e;
@@ -236,11 +220,10 @@
boolean start
) {
JavaUtils.checkRegisterPermission();
- KeyResolver resolver = new KeyResolver(keyResolverSpi);
if (start) {
- resolverVector.add(0, resolver);
+ resolverList.add(0, keyResolverSpi);
} else {
- resolverVector.add(resolver);
+ resolverList.add(keyResolverSpi);
}
}
@@ -263,14 +246,13 @@
public static void registerClassNames(List<String> classNames)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
JavaUtils.checkRegisterPermission();
- List<KeyResolver> keyResolverList = new ArrayList<>(classNames.size());
+ List<KeyResolverSpi> keyResolverList = new ArrayList<>(classNames.size());
for (String className : classNames) {
KeyResolverSpi keyResolverSpi =
(KeyResolverSpi)ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
- keyResolverSpi.setGlobalResolver(false);
- keyResolverList.add(new KeyResolver(keyResolverSpi));
+ keyResolverList.add(keyResolverSpi);
}
- resolverVector.addAll(keyResolverList);
+ resolverList.addAll(keyResolverList);
}
/**
@@ -278,116 +260,30 @@
*/
public static void registerDefaultResolvers() {
- List<KeyResolver> keyResolverList = new ArrayList<>();
- keyResolverList.add(new KeyResolver(new RSAKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new DSAKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new X509CertificateResolver()));
- keyResolverList.add(new KeyResolver(new X509SKIResolver()));
- keyResolverList.add(new KeyResolver(new RetrievalMethodResolver()));
- keyResolverList.add(new KeyResolver(new X509SubjectNameResolver()));
- keyResolverList.add(new KeyResolver(new X509IssuerSerialResolver()));
- keyResolverList.add(new KeyResolver(new DEREncodedKeyValueResolver()));
- keyResolverList.add(new KeyResolver(new KeyInfoReferenceResolver()));
- keyResolverList.add(new KeyResolver(new X509DigestResolver()));
- keyResolverList.add(new KeyResolver(new ECKeyValueResolver()));
+ List<KeyResolverSpi> keyResolverList = new ArrayList<>();
+ keyResolverList.add(new RSAKeyValueResolver());
+ keyResolverList.add(new DSAKeyValueResolver());
+ keyResolverList.add(new X509CertificateResolver());
+ keyResolverList.add(new X509SKIResolver());
+ keyResolverList.add(new RetrievalMethodResolver());
+ keyResolverList.add(new X509SubjectNameResolver());
+ keyResolverList.add(new X509IssuerSerialResolver());
+ keyResolverList.add(new DEREncodedKeyValueResolver());
+ keyResolverList.add(new KeyInfoReferenceResolver());
+ keyResolverList.add(new X509DigestResolver());
+ keyResolverList.add(new ECKeyValueResolver());
- resolverVector.addAll(keyResolverList);
- }
-
- /**
- * Method resolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved public key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public PublicKey resolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupAndResolvePublicKey(element, baseURI, storage);
- }
-
- /**
- * Method resolveX509Certificate
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved X509certificate key from the registered from the elements
- *
- * @throws KeyResolverException
- */
- public X509Certificate resolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupResolveX509Certificate(element, baseURI, storage);
- }
-
- /**
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key from the registered from the elements
- * @throws KeyResolverException
- */
- public SecretKey resolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- return resolverSpi.engineLookupAndResolveSecretKey(element, baseURI, storage);
- }
-
- /**
- * Method setProperty
- *
- * @param key
- * @param value
- */
- public void setProperty(String key, String value) {
- resolverSpi.engineSetProperty(key, value);
- }
-
- /**
- * Method getProperty
- *
- * @param key
- * @return the property set for this resolver
- */
- public String getProperty(String key) {
- return resolverSpi.engineGetProperty(key);
- }
-
-
- /**
- * Method understandsProperty
- *
- * @param propertyToTest
- * @return true if the resolver understands property propertyToTest
- */
- public boolean understandsProperty(String propertyToTest) {
- return resolverSpi.understandsProperty(propertyToTest);
- }
-
-
- /**
- * Method resolverClassName
- *
- * @return the name of the resolver.
- */
- public String resolverClassName() {
- return resolverSpi.getClass().getName();
+ resolverList.addAll(keyResolverList);
}
/**
* Iterate over the KeyResolverSpi instances
*/
static class ResolverIterator implements Iterator<KeyResolverSpi> {
- List<KeyResolver> res;
- Iterator<KeyResolver> it;
+ private List<KeyResolverSpi> res;
+ private Iterator<KeyResolverSpi> it;
- public ResolverIterator(List<KeyResolver> list) {
+ public ResolverIterator(List<KeyResolverSpi> list) {
res = list;
it = res.iterator();
}
@@ -397,12 +293,12 @@
}
public KeyResolverSpi next() {
- KeyResolver resolver = it.next();
+ KeyResolverSpi resolver = it.next();
if (resolver == null) {
throw new RuntimeException("utils.resolver.noClass");
}
- return resolver.resolverSpi;
+ return resolver;
}
public void remove() {
@@ -411,6 +307,6 @@
}
public static Iterator<KeyResolverSpi> iterator() {
- return new ResolverIterator(resolverVector);
+ return new ResolverIterator(resolverList);
}
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java b/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
index f5456a6..e07dc3a 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
@@ -24,7 +24,6 @@
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.HashMap;
import javax.crypto.SecretKey;
import javax.xml.parsers.ParserConfigurationException;
@@ -36,7 +35,7 @@
import org.xml.sax.SAXException;
/**
- * This class is an abstract class for a child KeyInfo Element.
+ * This class is an abstract class to resolve a Key of some kind given a KeyInfo element.
*
* If you want the your KeyResolver, at firstly you must extend this class, and register
* as following in config.xml
@@ -47,20 +46,6 @@
*/
public abstract class KeyResolverSpi {
- /** Field properties */
- protected java.util.Map<String, String> properties;
-
- protected boolean globalResolver = false;
-
- protected boolean secureValidation;
-
- /**
- * Set whether secure validation is enabled or not. The default is false.
- */
- public void setSecureValidation(boolean secureValidation) {
- this.secureValidation = secureValidation;
- }
-
/**
* This method returns whether the KeyResolverSpi is able to perform the requested action.
*
@@ -69,9 +54,7 @@
* @param storage
* @return whether the KeyResolverSpi is able to perform the requested action.
*/
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
- throw new UnsupportedOperationException();
- }
+ protected abstract boolean engineCanResolve(Element element, String baseURI, StorageResolver storage);
/**
* Method engineResolvePublicKey
@@ -79,15 +62,14 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved public key from the registered from the element.
*
* @throws KeyResolverException
*/
- public PublicKey engineResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
- throw new UnsupportedOperationException();
- }
+ protected abstract PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException;
/**
* Method engineLookupAndResolvePublicKey
@@ -95,32 +77,18 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved public key from the registered from the element.
*
* @throws KeyResolverException
*/
public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
+ if (!engineCanResolve(element, baseURI, storage)) {
return null;
}
- return tmp.engineResolvePublicKey(element, baseURI, storage);
- }
-
- private KeyResolverSpi cloneIfNeeded() throws KeyResolverException {
- KeyResolverSpi tmp = this;
- if (globalResolver) {
- try {
- tmp = getClass().newInstance();
- } catch (InstantiationException e) {
- throw new KeyResolverException(e, "");
- } catch (IllegalAccessException e) {
- throw new KeyResolverException(e, "");
- }
- }
- return tmp;
+ return engineResolvePublicKey(element, baseURI, storage, secureValidation);
}
/**
@@ -129,15 +97,14 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved X509Certificate key from the registered from the elements
*
* @throws KeyResolverException
*/
- public X509Certificate engineResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException{
- throw new UnsupportedOperationException();
- }
+ protected abstract X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException;
/**
* Method engineLookupResolveX509Certificate
@@ -145,18 +112,18 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved X509Certificate key from the registered from the elements
*
* @throws KeyResolverException
*/
public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
+ if (!engineCanResolve(element, baseURI, storage)) {
return null;
}
- return tmp.engineResolveX509Certificate(element, baseURI, storage);
+ return engineResolveX509Certificate(element, baseURI, storage, secureValidation);
}
/**
@@ -165,15 +132,14 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved SecretKey key from the registered from the elements
*
* @throws KeyResolverException
*/
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException{
- throw new UnsupportedOperationException();
- }
+ protected abstract SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException;
/**
* Method engineLookupAndResolveSecretKey
@@ -181,88 +147,56 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved SecretKey key from the registered from the elements
*
* @throws KeyResolverException
*/
public SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- KeyResolverSpi tmp = cloneIfNeeded();
- if (!tmp.engineCanResolve(element, baseURI, storage)) {
+ if (!engineCanResolve(element, baseURI, storage)) {
return null;
}
- return tmp.engineResolveSecretKey(element, baseURI, storage);
+ return engineResolveSecretKey(element, baseURI, storage, secureValidation);
}
/**
+ * Method engineResolvePrivateKey
+ *
+ * @param element
+ * @param baseURI
+ * @param storage
+ * @param secureValidation
+ * @return resolved PrivateKey key from the registered from the elements
+ *
+ * @throws KeyResolverException
+ */
+ protected abstract PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException;
+
+ /**
* Method engineLookupAndResolvePrivateKey
*
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return resolved PrivateKey key from the registered from the elements
*
* @throws KeyResolverException
*/
public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- // This method was added later, it has no equivalent
- // engineResolvePrivateKey() in the old API.
- // We cannot throw UnsupportedOperationException because
- // KeyResolverSpi implementations who don't know about
- // this method would stop the search too early.
- return null;
- }
-
- /**
- * Method engineSetProperty
- *
- * @param key
- * @param value
- */
- public void engineSetProperty(String key, String value) {
- if (properties == null) {
- properties = new HashMap<>();
- }
- properties.put(key, value);
- }
-
- /**
- * Method engineGetProperty
- *
- * @param key
- * @return obtain the property appointed by key
- */
- public String engineGetProperty(String key) {
- if (properties == null) {
+ if (!engineCanResolve(element, baseURI, storage)) {
return null;
}
-
- return properties.get(key);
+ return engineResolvePrivateKey(element, baseURI, storage, secureValidation);
}
/**
- * Method understandsProperty
- *
- * @param propertyToTest
- * @return true if understood the property
- */
- public boolean understandsProperty(String propertyToTest) {
- if (properties == null) {
- return false;
- }
-
- return properties.get(propertyToTest) != null;
- }
-
- public void setGlobalResolver(boolean globalResolver) {
- this.globalResolver = globalResolver;
- }
-
-
- /**
* Parses a byte array and returns the parsed Element.
*
* @param bytes
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
index 990455c..0dd7fe8 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java
@@ -43,21 +43,16 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(DEREncodedKeyValueResolver.class);
- /** {{@inheritDoc}}. */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_DERENCODEDKEYVALUE);
}
- /** {{@inheritDoc}}. */
- public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
-
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
DEREncodedKeyValue derKeyValue = new DEREncodedKeyValue(element, baseURI);
return derKeyValue.getPublicKey();
@@ -68,24 +63,33 @@
return null;
}
- /** {{@inheritDoc}}. */
- public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
return null;
}
- /** {{@inheritDoc}}. */
- public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
return null;
}
- /** {{@inheritDoc}}. */
- public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
return null;
}
-
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
index 3734ad7..7136c0b 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/DSAKeyValueResolver.java
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -34,17 +35,17 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(DSAKeyValueResolver.class);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE)
+ || XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_DSAKEYVALUE);
+ }
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
if (element == null) {
return null;
@@ -80,15 +81,25 @@
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java
index 550bdfc..b5e4860 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/ECKeyValueResolver.java
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -34,17 +35,17 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(ECKeyValueResolver.class);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE)
+ || XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_ECKEYVALUE);
+ }
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
if (element == null) {
return null;
@@ -78,15 +79,25 @@
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
index 178d4df..0d786de 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/EncryptedKeyResolver.java
@@ -19,9 +19,11 @@
package org.apache.xml.security.keys.keyresolver.implementations;
import java.security.Key;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
@@ -51,60 +53,63 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(RSAKeyValueResolver.class);
- private Key kek;
- private String algorithm;
- private List<KeyResolverSpi> internalKeyResolvers;
+ private final Key kek;
+ private final String algorithm;
+ private final List<KeyResolverSpi> internalKeyResolvers;
/**
* Constructor for use when a KEK needs to be derived from a KeyInfo
* list
* @param algorithm
+ * @param internalKeyResolvers
*/
- public EncryptedKeyResolver(String algorithm) {
- kek = null;
- this.algorithm = algorithm;
+ public EncryptedKeyResolver(String algorithm, List<KeyResolverSpi> internalKeyResolvers) {
+ this(algorithm, null, internalKeyResolvers);
}
/**
* Constructor used for when a KEK has been set
* @param algorithm
* @param kek
+ * @param internalKeyResolvers
*/
- public EncryptedKeyResolver(String algorithm, Key kek) {
+ public EncryptedKeyResolver(String algorithm, Key kek, List<KeyResolverSpi> internalKeyResolvers) {
this.algorithm = algorithm;
this.kek = kek;
- }
-
- /**
- * This method is used to add a custom {@link KeyResolverSpi} to help
- * resolve the KEK.
- *
- * @param realKeyResolver
- */
- public void registerInternalKeyResolver(KeyResolverSpi realKeyResolver) {
- if (internalKeyResolvers == null) {
- internalKeyResolvers = new ArrayList<>();
+ if (internalKeyResolvers != null) {
+ this.internalKeyResolvers = new ArrayList<>(internalKeyResolvers);
+ } else {
+ this.internalKeyResolvers = Collections.emptyList();
}
- internalKeyResolvers.add(realKeyResolver);
}
/** {@inheritDoc} */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
+ }
+
+
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
if (element == null) {
return null;
@@ -113,26 +118,28 @@
LOG.debug("EncryptedKeyResolver - Can I resolve {}", element.getTagName());
SecretKey key = null;
- boolean isEncryptedKey =
- XMLUtils.elementIsInEncryptionSpace(element, EncryptionConstants._TAG_ENCRYPTEDKEY);
- if (isEncryptedKey) {
- LOG.debug("Passed an Encrypted Key");
- try {
- XMLCipher cipher = XMLCipher.getInstance();
- cipher.init(XMLCipher.UNWRAP_MODE, kek);
- if (internalKeyResolvers != null) {
- int size = internalKeyResolvers.size();
- for (int i = 0; i < size; i++) {
- cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
- }
- }
- EncryptedKey ek = cipher.loadEncryptedKey(element);
- key = (SecretKey) cipher.decryptKey(ek, algorithm);
- } catch (XMLEncryptionException e) {
- LOG.debug(e.getMessage(), e);
+ LOG.debug("Passed an Encrypted Key");
+ try {
+ XMLCipher cipher = XMLCipher.getInstance();
+ cipher.init(XMLCipher.UNWRAP_MODE, kek);
+ int size = internalKeyResolvers.size();
+ for (int i = 0; i < size; i++) {
+ cipher.registerInternalKeyResolver(internalKeyResolvers.get(i));
}
+ EncryptedKey ek = cipher.loadEncryptedKey(element);
+ key = (SecretKey) cipher.decryptKey(ek, algorithm);
+ } catch (XMLEncryptionException e) {
+ LOG.debug(e.getMessage(), e);
}
return key;
}
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
index 81727b2..f47368a 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java
@@ -52,23 +52,18 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(KeyInfoReferenceResolver.class);
- /** {{@inheritDoc}}. */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignature11Space(element, Constants._TAG_KEYINFOREFERENCE);
}
- /** {{@inheritDoc}}. */
- public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
-
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage, secureValidation);
if (referent != null) {
return referent.getPublicKey();
}
@@ -79,18 +74,12 @@
return null;
}
- /** {{@inheritDoc}}. */
- public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
-
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage, secureValidation);
if (referent != null) {
return referent.getX509Certificate();
}
@@ -101,18 +90,13 @@
return null;
}
- /** {{@inheritDoc}}. */
- public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage, secureValidation);
if (referent != null) {
return referent.getSecretKey();
}
@@ -123,18 +107,13 @@
return null;
}
- /** {{@inheritDoc}}. */
- public PrivateKey engineLookupAndResolvePrivateKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ public PrivateKey engineResolvePrivateKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
- LOG.debug("Can I resolve " + element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
- KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage);
+ KeyInfo referent = resolveReferentKeyInfo(element, baseURI, storage, secureValidation);
if (referent != null) {
return referent.getPrivateKey();
}
@@ -151,10 +130,12 @@
* @param element
* @param baseURI
* @param storage
+ * @param secureValidation
* @return the KeyInfo which is referred to by this KeyInfoReference, or null if can not be resolved
* @throws XMLSecurityException
*/
- private KeyInfo resolveReferentKeyInfo(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
+ private KeyInfo resolveReferentKeyInfo(Element element, String baseURI,
+ StorageResolver storage, boolean secureValidation) throws XMLSecurityException {
KeyInfoReference reference = new KeyInfoReference(element, baseURI);
Attr uriAttr = reference.getURIAttr();
@@ -162,7 +143,7 @@
Element referentElement = null;
try {
- referentElement = obtainReferenceElement(resource);
+ referentElement = obtainReferenceElement(resource, secureValidation);
} catch (Exception e) {
LOG.debug("XMLSecurityException", e);
return null;
@@ -173,7 +154,7 @@
return null;
}
- validateReference(referentElement);
+ validateReference(referentElement, secureValidation);
KeyInfo referent = new KeyInfo(referentElement, baseURI);
referent.addStorageResolver(storage);
@@ -184,10 +165,11 @@
* Validate the Element referred to by the KeyInfoReference.
*
* @param referentElement
+ * @param secureValidation
*
* @throws XMLSecurityException
*/
- private void validateReference(Element referentElement) throws XMLSecurityException {
+ private void validateReference(Element referentElement, boolean secureValidation) throws XMLSecurityException {
if (!XMLUtils.elementIsInSignatureSpace(referentElement, Constants._TAG_KEYINFO)) {
Object[] exArgs = { new QName(referentElement.getNamespaceURI(), referentElement.getLocalName()) };
throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.WrongType", exArgs);
@@ -226,6 +208,7 @@
* Resolve the Element effectively represented by the XML signature input source.
*
* @param resource
+ * @param secureValidation
* @return the Element effectively represented by the XML signature input source.
* @throws CanonicalizationException
* @throws ParserConfigurationException
@@ -233,7 +216,7 @@
* @throws SAXException
* @throws KeyResolverException
*/
- private Element obtainReferenceElement(XMLSignatureInput resource)
+ private Element obtainReferenceElement(XMLSignatureInput resource, boolean secureValidation)
throws CanonicalizationException, ParserConfigurationException,
IOException, SAXException, KeyResolverException {
@@ -246,7 +229,7 @@
} else {
// Retrieved resource is a byte stream
byte[] inputBytes = resource.getBytes();
- e = getDocFromBytes(inputBytes, this.secureValidation);
+ e = getDocFromBytes(inputBytes, secureValidation);
}
return e;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java
index 8b627ac..e903824 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/PrivateKeyResolver.java
@@ -52,8 +52,8 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(PrivateKeyResolver.class);
- private KeyStore keyStore;
- private char[] password;
+ private final KeyStore keyStore;
+ private final char[] password;
/**
* Constructor.
@@ -63,77 +63,42 @@
this.password = password;
}
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)
|| XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME);
}
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolvePrivateKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ public PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
PrivateKey privKey = resolveX509Data(element, baseURI);
@@ -154,7 +119,6 @@
}
}
- LOG.debug("I can't");
return null;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
index e99d476..270a2d6 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RSAKeyValueResolver.java
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -35,10 +36,17 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(RSAKeyValueResolver.class);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE)
+ || XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RSAKEYVALUE);
+ }
/** {@inheritDoc} */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
if (element == null) {
return null;
@@ -73,15 +81,25 @@
}
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
/** {@inheritDoc} */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
index fa1f90c..73ac653 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
@@ -21,6 +21,7 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -66,20 +67,17 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(RetrievalMethodResolver.class);
- /**
- * Method engineResolvePublicKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
- ) {
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
- return null;
- }
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD);
+ }
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
try {
// Create a retrieval method over the given element
RetrievalMethod rm = new RetrievalMethod(element, baseURI);
@@ -115,7 +113,7 @@
}
}
- return resolveKey(e, baseURI, storage);
+ return resolveKey(e, baseURI, storage, secureValidation);
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
} catch (CertificateException ex) {
@@ -130,19 +128,10 @@
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage) {
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
- return null;
- }
-
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation) {
try {
RetrievalMethod rm = new RetrievalMethod(element, baseURI);
String type = rm.getType();
@@ -173,7 +162,7 @@
}
}
- return resolveCertificate(e, baseURI, storage);
+ return resolveCertificate(e, baseURI, storage, secureValidation);
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
} catch (CertificateException ex) {
@@ -197,7 +186,7 @@
* @throws KeyResolverException
*/
private static X509Certificate resolveCertificate(
- Element e, String baseURI, StorageResolver storage
+ Element e, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
// An element has been provided
if (e != null) {
@@ -205,7 +194,7 @@
LOG.debug("Now we have a {" + e.getNamespaceURI() + "}"
+ e.getLocalName() + " Element");
}
- return KeyResolver.getX509Certificate(e, baseURI, storage);
+ return KeyResolver.getX509Certificate(e, baseURI, storage, secureValidation);
}
return null;
}
@@ -215,11 +204,12 @@
* @param e
* @param baseURI
* @param storage
+ * @param secureValidation
* @return a PublicKey from the given information
* @throws KeyResolverException
*/
private static PublicKey resolveKey(
- Element e, String baseURI, StorageResolver storage
+ Element e, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
// An element has been provided
if (e != null) {
@@ -227,7 +217,7 @@
LOG.debug("Now we have a {" + e.getNamespaceURI() + "}"
+ e.getLocalName() + " Element");
}
- return KeyResolver.getPublicKey(e, baseURI, storage);
+ return KeyResolver.getPublicKey(e, baseURI, storage, secureValidation);
}
return null;
}
@@ -282,15 +272,18 @@
return resource;
}
- /**
- * Method engineResolveSecretKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ public javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java
index 84f6504..88c287b 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SecretKeyResolver.java
@@ -40,8 +40,8 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(SecretKeyResolver.class);
- private KeyStore keyStore;
- private char[] password;
+ private final KeyStore keyStore;
+ private final char[] password;
/**
* Constructor.
@@ -51,59 +51,32 @@
this.password = password;
}
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME);
}
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
LOG.debug("Can I resolve {}?", element.getTagName());
@@ -123,18 +96,11 @@
return null;
}
- /**
- * Method engineResolvePrivateKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
- ) throws KeyResolverException {
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
return null;
}
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java
index 1d4fe13..aa7aa38 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/SingleKeyResolver.java
@@ -33,13 +33,11 @@
* Resolves a single Key based on the KeyName.
*/
public class SingleKeyResolver extends KeyResolverSpi {
- private static final org.slf4j.Logger LOG =
- org.slf4j.LoggerFactory.getLogger(SingleKeyResolver.class);
- private String keyName;
- private PublicKey publicKey;
- private PrivateKey privateKey;
- private SecretKey secretKey;
+ private final String keyName;
+ private final PublicKey publicKey;
+ private final PrivateKey privateKey;
+ private final SecretKey secretKey;
/**
* Constructor.
@@ -49,6 +47,8 @@
public SingleKeyResolver(String keyName, PublicKey publicKey) {
this.keyName = keyName;
this.publicKey = publicKey;
+ privateKey = null;
+ secretKey = null;
}
/**
@@ -59,6 +59,8 @@
public SingleKeyResolver(String keyName, PrivateKey privateKey) {
this.keyName = keyName;
this.privateKey = privateKey;
+ publicKey = null;
+ secretKey = null;
}
/**
@@ -69,110 +71,67 @@
public SingleKeyResolver(String keyName, SecretKey secretKey) {
this.keyName = keyName;
this.secretKey = secretKey;
+ publicKey = null;
+ privateKey = null;
}
- /**
- * This method returns whether the KeyResolverSpi is able to perform the requested action.
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return whether the KeyResolverSpi is able to perform the requested action.
- */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
return XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME);
}
- /**
- * Method engineLookupAndResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
-
- if (publicKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
+ if (publicKey != null) {
String name = element.getFirstChild().getNodeValue();
if (keyName.equals(name)) {
return publicKey;
}
}
- LOG.debug("I can't");
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved SecretKey key or null if no {@link SecretKey} could be obtained
- *
- * @throws KeyResolverException
- */
- public SecretKey engineResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
-
- if (secretKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
+ if (secretKey != null) {
String name = element.getFirstChild().getNodeValue();
if (keyName.equals(name)) {
return secretKey;
}
}
- LOG.debug("I can't");
return null;
}
- /**
- * Method engineResolvePrivateKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- * @return resolved PrivateKey key or null if no {@link PrivateKey} could be obtained
- * @throws KeyResolverException
- */
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ public PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
- if (privateKey != null
- && XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYNAME)) {
+ if (privateKey != null) {
String name = element.getFirstChild().getNodeValue();
if (keyName.equals(name)) {
return privateKey;
}
}
- LOG.debug("I can't");
return null;
}
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
index 88f8430..8af232f 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -40,21 +41,20 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(X509CertificateResolver.class);
- /**
- * Method engineResolvePublicKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return Constants.SignatureSpecNS.equals(element.getNamespaceURI());
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, baseURI, storage);
+ this.engineResolveX509Certificate(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert.getPublicKey();
@@ -63,17 +63,10 @@
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
try {
@@ -83,7 +76,7 @@
Element el =
XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_X509DATA, 0);
if (el != null) {
- return engineLookupResolveX509Certificate(el, baseURI, storage);
+ return engineResolveX509Certificate(el, baseURI, storage, secureValidation);
}
return null;
}
@@ -103,15 +96,18 @@
}
}
- /**
- * Method engineResolveSecretKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java
index f82fe0b..ee4b12d 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.java
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@@ -46,8 +47,9 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(X509DigestResolver.class);
- /** {{@inheritDoc}}. */
- public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
try {
X509Data x509Data = new X509Data(element, baseURI);
@@ -60,11 +62,12 @@
}
}
- /** {{@inheritDoc}}. */
- public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
- X509Certificate cert = this.engineLookupResolveX509Certificate(element, baseURI, storage);
+ X509Certificate cert = this.engineResolveX509Certificate(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert.getPublicKey();
@@ -73,16 +76,11 @@
return null;
}
- /** {{@inheritDoc}}. */
- public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
- LOG.debug("Can I resolve {}", element.getTagName());
-
- if (!engineCanResolve(element, baseURI, storage)) {
- return null;
- }
-
try {
return resolveCertificate(element, baseURI, storage);
} catch (XMLSecurityException e) {
@@ -92,8 +90,9 @@
return null;
}
- /** {{@inheritDoc}}. */
- public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage)
+ /** {@inheritDoc} */
+ @Override
+ protected SecretKey engineResolveSecretKey(Element element, String baseURI, StorageResolver storage, boolean secureValidation)
throws KeyResolverException {
return null;
}
@@ -165,4 +164,11 @@
}
}
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
index d7086dc..60aa01b 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@@ -29,8 +30,8 @@
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
import org.apache.xml.security.keys.storage.StorageResolver;
-import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Element;
public class X509IssuerSerialResolver extends KeyResolverSpi {
@@ -38,14 +39,29 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(X509IssuerSerialResolver.class);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
+ try {
+ X509Data x509Data = new X509Data(element, baseURI);
+ return x509Data.containsIssuerSerial();
+ } catch (XMLSecurityException e) {
+ return false;
+ }
+ } else {
+ return false;
+ }
+ }
/** {@inheritDoc} */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, baseURI, storage);
+ this.engineResolveX509Certificate(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert.getPublicKey();
@@ -55,19 +71,15 @@
}
/** {@inheritDoc} */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
X509Data x509data = null;
try {
x509data = new X509Data(element, baseURI);
- } catch (XMLSignatureException ex) {
- LOG.debug("I can't");
- return null;
} catch (XMLSecurityException ex) {
- LOG.debug("I can't");
return null;
}
@@ -117,8 +129,17 @@
}
/** {@inheritDoc} */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java
index 2c33c19..cbc59d8 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SKIResolver.java
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@@ -39,21 +40,26 @@
org.slf4j.LoggerFactory.getLogger(X509SKIResolver.class);
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
+ return false;
+ }
+ Element[] x509childNodes =
+ XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SKI);
+
+ return x509childNodes != null && x509childNodes.length > 0;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, baseURI, storage);
+ this.engineResolveX509Certificate(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert.getPublicKey();
@@ -62,33 +68,17 @@
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
- LOG.debug("I can't");
- return null;
- }
- /** Field _x509childObject[] */
- XMLX509SKI x509childObject[] = null;
-
- Element x509childNodes[] = null;
- x509childNodes = XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SKI);
-
+ Element[] x509childNodes =
+ XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SKI);
if (!(x509childNodes != null && x509childNodes.length > 0)) {
- LOG.debug("I can't");
return null;
}
+
try {
if (storage == null) {
Object[] exArgs = { Constants._TAG_X509SKI };
@@ -100,7 +90,7 @@
throw ex;
}
- x509childObject = new XMLX509SKI[x509childNodes.length];
+ XMLX509SKI[] x509childObject = new XMLX509SKI[x509childNodes.length];
for (int i = 0; i < x509childNodes.length; i++) {
x509childObject[i] = new XMLX509SKI(x509childNodes[i], baseURI);
@@ -126,16 +116,18 @@
return null;
}
- /**
- * Method engineResolveSecretKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- *
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
index 8f78227..82e3ccb 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509SubjectNameResolver.java
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@@ -38,22 +39,26 @@
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(X509SubjectNameResolver.class);
+ /** {@inheritDoc} */
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
+ return false;
+ }
+ Element[] x509childNodes =
+ XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SUBJECTNAME);
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param baseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String baseURI, StorageResolver storage
+ return x509childNodes != null && x509childNodes.length > 0;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
X509Certificate cert =
- this.engineLookupResolveX509Certificate(element, baseURI, storage);
+ this.engineResolveX509Certificate(element, baseURI, storage, secureValidation);
if (cert != null) {
return cert.getPublicKey();
@@ -62,31 +67,14 @@
return null;
}
- /**
- * Method engineResolveX509Certificate
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- LOG.debug("Can I resolve {}?", element.getTagName());
- Element[] x509childNodes = null;
- XMLX509SubjectName x509childObject[] = null;
-
- if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) {
- LOG.debug("I can't");
- return null;
- }
- x509childNodes =
+ Element[] x509childNodes =
XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509SUBJECTNAME);
-
if (!(x509childNodes != null && x509childNodes.length > 0)) {
- LOG.debug("I can't");
return null;
}
@@ -101,7 +89,7 @@
throw ex;
}
- x509childObject = new XMLX509SubjectName[x509childNodes.length];
+ XMLX509SubjectName[] x509childObject = new XMLX509SubjectName[x509childNodes.length];
for (int i = 0; i < x509childNodes.length; i++) {
x509childObject[i] = new XMLX509SubjectName(x509childNodes[i], baseURI);
@@ -135,16 +123,18 @@
}
}
- /**
- * Method engineResolveSecretKey
- * {@inheritDoc}
- * @param element
- * @param baseURI
- * @param storage
- *
- */
- public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
- Element element, String baseURI, StorageResolver storage
+ /** {@inheritDoc} */
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
) {
return null;
}
diff --git a/src/test/java/org/apache/xml/security/test/dom/encryption/BaltimoreEncTest.java b/src/test/java/org/apache/xml/security/test/dom/encryption/BaltimoreEncTest.java
index c6e17a5..879f1f7 100644
--- a/src/test/java/org/apache/xml/security/test/dom/encryption/BaltimoreEncTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/encryption/BaltimoreEncTest.java
@@ -127,7 +127,7 @@
org.apache.xml.security.Init.init();
// Register our key resolver
- KeyResolver.register("org.apache.xml.security.test.dom.encryption.BobKeyResolver", false);
+ KeyResolver.register("org.apache.xml.security.test.dom.encryption.BobKeyResolver");
// Check what algorithms are available
diff --git a/src/test/java/org/apache/xml/security/test/dom/encryption/BobKeyResolver.java b/src/test/java/org/apache/xml/security/test/dom/encryption/BobKeyResolver.java
index 74b8a17..2fc7b03 100644
--- a/src/test/java/org/apache/xml/security/test/dom/encryption/BobKeyResolver.java
+++ b/src/test/java/org/apache/xml/security/test/dom/encryption/BobKeyResolver.java
@@ -20,6 +20,7 @@
import java.security.cert.X509Certificate;
import java.nio.charset.StandardCharsets;
+import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
@@ -44,15 +45,8 @@
private KeyName _kn;
- /**
- * Method engineCanResolve
- *
- * @param element
- * @param BaseURI
- * @param storage
- *
- */
- public boolean engineCanResolve(Element element, String BaseURI, StorageResolver storage) {
+ @Override
+ protected boolean engineCanResolve(Element element, String BaseURI, StorageResolver storage) {
if (element == null) {
return false;
}
@@ -73,65 +67,43 @@
return false;
}
- /**
- * Method engineResolvePublicKey
- *
- * @param element
- * @param BaseURI
- * @param storage
- * @return null if no {@link PublicKey} could be obtained
- * @throws KeyResolverException
- */
- public PublicKey engineLookupAndResolvePublicKey(
- Element element, String BaseURI, StorageResolver storage
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveX509Certificate
- *
- * @param element
- * @param BaseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public X509Certificate engineLookupResolveX509Certificate(
- Element element, String BaseURI, StorageResolver storage
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String BaseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
return null;
}
- /**
- * Method engineResolveSecretKey
- *
- * @param element
- * @param BaseURI
- * @param storage
- *
- * @throws KeyResolverException
- */
- public SecretKey engineLookupAndResolveSecretKey(
- Element element, String BaseURI, StorageResolver storage
+ @Override
+ protected SecretKey engineResolveSecretKey(
+ Element element, String BaseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- if (engineCanResolve(element, BaseURI, storage)) {
- try {
- DESedeKeySpec keySpec =
- new DESedeKeySpec("abcdefghijklmnopqrstuvwx".getBytes(StandardCharsets.US_ASCII));
- SecretKeyFactory keyFactory =
- SecretKeyFactory.getInstance("DESede");
- SecretKey key = keyFactory.generateSecret(keySpec);
+ try {
+ DESedeKeySpec keySpec =
+ new DESedeKeySpec("abcdefghijklmnopqrstuvwx".getBytes(StandardCharsets.US_ASCII));
+ SecretKeyFactory keyFactory =
+ SecretKeyFactory.getInstance("DESede");
+ SecretKey key = keyFactory.generateSecret(keySpec);
- return key;
- }
- catch (Exception e) {
- throw new KeyResolverException("Something badly wrong in creation of bob's key");
- }
+ return key;
}
-
- return null;
+ catch (Exception e) {
+ throw new KeyResolverException("Something badly wrong in creation of bob's key");
+ }
}
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String BaseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException {
+ return null;
+ }
}
diff --git a/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyResolverTest.java b/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyResolverTest.java
index ee379f4..01be08d 100644
--- a/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyResolverTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyResolverTest.java
@@ -289,7 +289,7 @@
decryptDocument(document, new MyPrivateKeyResolver());
// Now test with a static KeyResolver
- KeyResolver.registerAtStart(MyPrivateKeyResolver.class.getName(), false);
+ KeyResolver.registerAtStart(MyPrivateKeyResolver.class.getName());
KeyResolverSpi resolver = KeyResolver.iterator().next();
assertEquals(MyPrivateKeyResolver.class.getName(), resolver.getClass().getName());
@@ -321,21 +321,41 @@
private static PrivateKey pk;
private static String pkName;
- public boolean engineCanResolve(Element element, String BaseURI, StorageResolver storage) {
- return false;
+ @Override
+ protected boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) {
+ return Constants.SignatureSpecNS.equals(element.getNamespaceURI()) &&
+ Constants._TAG_KEYNAME.equals(element.getLocalName());
}
- public PrivateKey engineLookupAndResolvePrivateKey(
- Element element, String BaseURI, StorageResolver storage
+ @Override
+ protected PublicKey engineResolvePublicKey(
+ Element element, String BaseURI, StorageResolver storage, boolean secureValidation
) throws KeyResolverException {
- if (Constants.SignatureSpecNS.equals(element.getNamespaceURI()) &&
- Constants._TAG_KEYNAME.equals(element.getLocalName())) {
- String keyName = element.getFirstChild().getNodeValue();
- if (pkName.equals(keyName)) {
- return pk;
- }
- }
+ return null;
+ }
+ @Override
+ protected X509Certificate engineResolveX509Certificate(
+ Element element, String BaseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException {
+ return null;
+ }
+
+ @Override
+ protected PrivateKey engineResolvePrivateKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) throws KeyResolverException {
+ String keyName = element.getFirstChild().getNodeValue();
+ if (pkName.equals(keyName)) {
+ return pk;
+ }
+ return null;
+ }
+
+ @Override
+ protected javax.crypto.SecretKey engineResolveSecretKey(
+ Element element, String baseURI, StorageResolver storage, boolean secureValidation
+ ) {
return null;
}
}