src/main/java/org/apache/xml/security/transforms/Transforms.java - santuario-java - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.xml.security.transforms;

 import java.io.IOException;
 import java.io.OutputStream;

 import org.apache.xml.security.c14n.CanonicalizationException;
 import org.apache.xml.security.c14n.Canonicalizer;
 import org.apache.xml.security.c14n.InvalidCanonicalizerException;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.signature.XMLSignatureException;
 import org.apache.xml.security.signature.XMLSignatureInput;
 import org.apache.xml.security.utils.Constants;
 import org.apache.xml.security.utils.SignatureElementProxy;
 import org.apache.xml.security.utils.XMLUtils;
 import org.w3c.dom.DOMException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;

 /**
  * Holder of the {@link org.apache.xml.security.transforms.Transform} steps to
  * be performed on the data.
  * The input to the first Transform is the result of dereferencing the
  * <code>URI</code> attribute of the <code>Reference</code> element.
  * The output from the last Transform is the input for the
  * <code>DigestMethod algorithm</code>
  *
  * @see Transform
  * @see org.apache.xml.security.signature.Reference
  */
 public class Transforms extends SignatureElementProxy {

     /** Canonicalization - Required Canonical XML (omits comments) */
     public static final String TRANSFORM_C14N_OMIT_COMMENTS
         = Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;

     /** Canonicalization - Recommended Canonical XML with Comments */
     public static final String TRANSFORM_C14N_WITH_COMMENTS
         = Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;

     /** Canonicalization - Required Canonical XML 1.1 (omits comments) */
     public static final String TRANSFORM_C14N11_OMIT_COMMENTS
         = Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS;

     /** Canonicalization - Recommended Canonical XML 1.1 with Comments */
     public static final String TRANSFORM_C14N11_WITH_COMMENTS
         = Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS;

     /** Canonicalization - Required Exclusive Canonicalization (omits comments) */
     public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS
         = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;

     /** Canonicalization - Recommended Exclusive Canonicalization with Comments */
     public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS
         = Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;

     /** Transform - Optional XSLT */
     public static final String TRANSFORM_XSLT
         = "http://www.w3.org/TR/1999/REC-xslt-19991116";

     /** Transform - Required base64 decoding */
     public static final String TRANSFORM_BASE64_DECODE
         = Constants.SignatureSpecNS + "base64";

     /** Transform - Recommended XPath */
     public static final String TRANSFORM_XPATH
         = "http://www.w3.org/TR/1999/REC-xpath-19991116";

     /** Transform - Required Enveloped Signature */
     public static final String TRANSFORM_ENVELOPED_SIGNATURE
         = Constants.SignatureSpecNS + "enveloped-signature";

     /** Transform - XPointer */
     public static final String TRANSFORM_XPOINTER
         = "http://www.w3.org/TR/2001/WD-xptr-20010108";

     /** Transform - XPath Filter */
     public static final String TRANSFORM_XPATH2FILTER
         = "http://www.w3.org/2002/06/xmldsig-filter2";

     private static final org.slf4j.Logger LOG =
         org.slf4j.LoggerFactory.getLogger(Transforms.class);

     private Element[] transformsElement;

     protected Transforms() { }

     private boolean secureValidation;

     /**
      * Constructs {@link Transforms}.
      *
      * @param doc the {@link Document} in which <code>XMLSignature</code> will
      * be placed
      */
     public Transforms(Document doc) {
         super(doc);
         addReturnToSelf();
     }

     /**
      * Constructs {@link Transforms} from {@link Element} which is
      * <code>Transforms</code> Element
      *
      * @param element  is <code>Transforms</code> element
      * @param baseURI the URI where the XML instance was stored
      * @throws DOMException
      * @throws InvalidTransformException
      * @throws TransformationException
      * @throws XMLSecurityException
      * @throws XMLSignatureException
      */
     public Transforms(Element element, String baseURI)
         throws DOMException, XMLSignatureException, InvalidTransformException,
             TransformationException, XMLSecurityException {
         super(element, baseURI);

         int numberOfTransformElems = this.getLength();

         if (numberOfTransformElems == 0) {
             // At least one Transform element must be present. Bad.
             Object[] exArgs = { Constants._TAG_TRANSFORM, Constants._TAG_TRANSFORMS };

             throw new TransformationException("xml.WrongContent", exArgs);
         }
     }

     /**
      * Set whether secure validation is enabled or not. The default is false.
      */
     public void setSecureValidation(boolean secureValidation) {
         this.secureValidation = secureValidation;
     }

     /**
      * Adds the <code>Transform</code> with the specified <code>Transform
      * algorithm URI</code>
      *
      * @param transformURI the URI form of transform that indicates which
      * transformation is applied to data
      * @throws TransformationException
      */
     public void addTransform(String transformURI) throws TransformationException {
         try {
             LOG.debug("Transforms.addTransform({})", transformURI);

             Transform transform = new Transform(getDocument(), transformURI);

             this.addTransform(transform);
         } catch (InvalidTransformException ex) {
             throw new TransformationException(ex);
         }
     }

     /**
      * Adds the <code>Transform</code> with the specified <code>Transform
      * algorithm URI</code>
      *
      * @param transformURI the URI form of transform that indicates which
      * transformation is applied to data
      * @param contextElement
      * @throws TransformationException
      */
     public void addTransform(String transformURI, Element contextElement)
        throws TransformationException {
         try {
             LOG.debug("Transforms.addTransform({})", transformURI);

             Transform transform = new Transform(getDocument(), transformURI, contextElement);

             this.addTransform(transform);
         } catch (InvalidTransformException ex) {
             throw new TransformationException(ex);
         }
     }

     /**
      * Adds the <code>Transform</code> with the specified <code>Transform
      * algorithm URI</code>.
      *
      * @param transformURI the URI form of transform that indicates which
      * transformation is applied to data
      * @param contextNodes
      * @throws TransformationException
      */
     public void addTransform(String transformURI, NodeList contextNodes)
        throws TransformationException {

         try {
             Transform transform = new Transform(getDocument(), transformURI, contextNodes);
             this.addTransform(transform);
         } catch (InvalidTransformException ex) {
             throw new TransformationException(ex);
         }
     }

     /**
      * Adds a user-provided Transform step.
      *
      * @param transform {@link Transform} object
      */
     private void addTransform(Transform transform) {
         LOG.debug("Transforms.addTransform({})", transform.getURI());

         Element transformElement = transform.getElement();

         appendSelf(transformElement);
         addReturnToSelf();
     }

     /**
      * Applies all included <code>Transform</code>s to xmlSignatureInput and
      * returns the result of these transformations.
      *
      * @param xmlSignatureInput the input for the <code>Transform</code>s
      * @return the result of the <code>Transforms</code>
      * @throws TransformationException
      */
     public XMLSignatureInput performTransforms(
         XMLSignatureInput xmlSignatureInput
     ) throws TransformationException {
         return performTransforms(xmlSignatureInput, null);
     }

     /**
      * Applies all included <code>Transform</code>s to xmlSignatureInput and
      * returns the result of these transformations.
      *
      * @param xmlSignatureInput the input for the <code>Transform</code>s
      * @param os where to output the last transformation.
      * @return the result of the <code>Transforms</code>
      * @throws TransformationException
      */
     public XMLSignatureInput performTransforms(
         XMLSignatureInput xmlSignatureInput, OutputStream os
     ) throws TransformationException {
         try {
             int last = this.getLength() - 1;
             for (int i = 0; i < last; i++) {
                 Transform t = this.item(i);
                 LOG.debug("Perform the ({})th {} transform", i, t.getURI());
                 checkSecureValidation(t);
                 xmlSignatureInput = t.performTransform(xmlSignatureInput);
             }
             if (last >= 0) {
                 Transform t = this.item(last);
                 LOG.debug("Perform the ({})th {} transform", last, t.getURI());
                 checkSecureValidation(t);
                 xmlSignatureInput = t.performTransform(xmlSignatureInput, os);
             }

             return xmlSignatureInput;
         } catch (IOException ex) {
             throw new TransformationException(ex);
         } catch (CanonicalizationException ex) {
             throw new TransformationException(ex);
         } catch (InvalidCanonicalizerException ex) {
             throw new TransformationException(ex);
         }
     }

     private void checkSecureValidation(Transform transform) throws TransformationException {
         String uri = transform.getURI();
         if (secureValidation && Transforms.TRANSFORM_XSLT.equals(uri)) {
             Object[] exArgs = { uri };

             throw new TransformationException(
                 "signature.Transform.ForbiddenTransform", exArgs
             );
         }
         transform.setSecureValidation(secureValidation);
     }

     /**
      * Return the nonnegative number of transformations.
      *
      * @return the number of transformations
      */
     public int getLength() {
         initTransforms();
         return transformsElement.length;
     }

     /**
      * Return the <i>i</i><sup>th</sup> <code>{@link Transform}</code>.
      * Valid <code>i</code> values are 0 to <code>{@link #getLength}-1</code>.
      *
      * @param i index of {@link Transform} to return
      * @return the <i>i</i><sup>th</sup> Transform
      * @throws TransformationException
      */
     public Transform item(int i) throws TransformationException {
         try {
             initTransforms();
             return new Transform(transformsElement[i], this.baseURI);
         } catch (XMLSecurityException ex) {
             throw new TransformationException(ex);
         }
     }

     private void initTransforms() {
         if (transformsElement == null) {
             transformsElement = XMLUtils.selectDsNodes(getFirstChild(), "Transform");
         }
     }

     /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_TRANSFORMS;
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.xml.security.transforms;

	import java.io.IOException;
	import java.io.OutputStream;

	import org.apache.xml.security.c14n.CanonicalizationException;
	import org.apache.xml.security.c14n.Canonicalizer;
	import org.apache.xml.security.c14n.InvalidCanonicalizerException;
	import org.apache.xml.security.exceptions.XMLSecurityException;
	import org.apache.xml.security.signature.XMLSignatureException;
	import org.apache.xml.security.signature.XMLSignatureInput;
	import org.apache.xml.security.utils.Constants;
	import org.apache.xml.security.utils.SignatureElementProxy;
	import org.apache.xml.security.utils.XMLUtils;
	import org.w3c.dom.DOMException;
	import org.w3c.dom.Document;
	import org.w3c.dom.Element;
	import org.w3c.dom.NodeList;

	/**
	* Holder of the {@link org.apache.xml.security.transforms.Transform} steps to
	* be performed on the data.
	* The input to the first Transform is the result of dereferencing the
	* <code>URI</code> attribute of the <code>Reference</code> element.
	* The output from the last Transform is the input for the
	* <code>DigestMethod algorithm</code>
	*
	* @see Transform
	* @see org.apache.xml.security.signature.Reference
	*/
	public class Transforms extends SignatureElementProxy {

	/** Canonicalization - Required Canonical XML (omits comments) */
	public static final String TRANSFORM_C14N_OMIT_COMMENTS
	= Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;

	/** Canonicalization - Recommended Canonical XML with Comments */
	public static final String TRANSFORM_C14N_WITH_COMMENTS
	= Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;

	/** Canonicalization - Required Canonical XML 1.1 (omits comments) */
	public static final String TRANSFORM_C14N11_OMIT_COMMENTS
	= Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS;

	/** Canonicalization - Recommended Canonical XML 1.1 with Comments */
	public static final String TRANSFORM_C14N11_WITH_COMMENTS
	= Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS;

	/** Canonicalization - Required Exclusive Canonicalization (omits comments) */
	public static final String TRANSFORM_C14N_EXCL_OMIT_COMMENTS
	= Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;

	/** Canonicalization - Recommended Exclusive Canonicalization with Comments */
	public static final String TRANSFORM_C14N_EXCL_WITH_COMMENTS
	= Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;

	/** Transform - Optional XSLT */
	public static final String TRANSFORM_XSLT
	= "http://www.w3.org/TR/1999/REC-xslt-19991116";

	/** Transform - Required base64 decoding */
	public static final String TRANSFORM_BASE64_DECODE
	= Constants.SignatureSpecNS + "base64";

	/** Transform - Recommended XPath */
	public static final String TRANSFORM_XPATH
	= "http://www.w3.org/TR/1999/REC-xpath-19991116";

	/** Transform - Required Enveloped Signature */
	public static final String TRANSFORM_ENVELOPED_SIGNATURE
	= Constants.SignatureSpecNS + "enveloped-signature";

	/** Transform - XPointer */
	public static final String TRANSFORM_XPOINTER
	= "http://www.w3.org/TR/2001/WD-xptr-20010108";

	/** Transform - XPath Filter */
	public static final String TRANSFORM_XPATH2FILTER
	= "http://www.w3.org/2002/06/xmldsig-filter2";

	private static final org.slf4j.Logger LOG =
	org.slf4j.LoggerFactory.getLogger(Transforms.class);

	private Element[] transformsElement;

	protected Transforms() { }

	private boolean secureValidation;

	/**
	* Constructs {@link Transforms}.
	*
	* @param doc the {@link Document} in which <code>XMLSignature</code> will
	* be placed
	*/
	public Transforms(Document doc) {
	super(doc);
	addReturnToSelf();
	}

	/**
	* Constructs {@link Transforms} from {@link Element} which is
	* <code>Transforms</code> Element
	*
	* @param element is <code>Transforms</code> element
	* @param baseURI the URI where the XML instance was stored
	* @throws DOMException
	* @throws InvalidTransformException
	* @throws TransformationException
	* @throws XMLSecurityException
	* @throws XMLSignatureException
	*/
	public Transforms(Element element, String baseURI)
	throws DOMException, XMLSignatureException, InvalidTransformException,
	TransformationException, XMLSecurityException {
	super(element, baseURI);

	int numberOfTransformElems = this.getLength();

	if (numberOfTransformElems == 0) {
	// At least one Transform element must be present. Bad.
	Object[] exArgs = { Constants._TAG_TRANSFORM, Constants._TAG_TRANSFORMS };

	throw new TransformationException("xml.WrongContent", exArgs);
	}
	}

	/**
	* Set whether secure validation is enabled or not. The default is false.
	*/
	public void setSecureValidation(boolean secureValidation) {
	this.secureValidation = secureValidation;
	}

	/**
	* Adds the <code>Transform</code> with the specified <code>Transform
	* algorithm URI</code>
	*
	* @param transformURI the URI form of transform that indicates which
	* transformation is applied to data
	* @throws TransformationException
	*/
	public void addTransform(String transformURI) throws TransformationException {
	try {
	LOG.debug("Transforms.addTransform({})", transformURI);

	Transform transform = new Transform(getDocument(), transformURI);

	this.addTransform(transform);
	} catch (InvalidTransformException ex) {
	throw new TransformationException(ex);
	}
	}

	/**
	* Adds the <code>Transform</code> with the specified <code>Transform
	* algorithm URI</code>
	*
	* @param transformURI the URI form of transform that indicates which
	* transformation is applied to data
	* @param contextElement
	* @throws TransformationException
	*/
	public void addTransform(String transformURI, Element contextElement)
	throws TransformationException {
	try {
	LOG.debug("Transforms.addTransform({})", transformURI);

	Transform transform = new Transform(getDocument(), transformURI, contextElement);

	this.addTransform(transform);
	} catch (InvalidTransformException ex) {
	throw new TransformationException(ex);
	}
	}

	/**
	* Adds the <code>Transform</code> with the specified <code>Transform
	* algorithm URI</code>.
	*
	* @param transformURI the URI form of transform that indicates which
	* transformation is applied to data
	* @param contextNodes
	* @throws TransformationException
	*/
	public void addTransform(String transformURI, NodeList contextNodes)
	throws TransformationException {

	try {
	Transform transform = new Transform(getDocument(), transformURI, contextNodes);
	this.addTransform(transform);
	} catch (InvalidTransformException ex) {
	throw new TransformationException(ex);
	}
	}

	/**
	* Adds a user-provided Transform step.
	*
	* @param transform {@link Transform} object
	*/
	private void addTransform(Transform transform) {
	LOG.debug("Transforms.addTransform({})", transform.getURI());

	Element transformElement = transform.getElement();

	appendSelf(transformElement);
	addReturnToSelf();
	}

	/**
	* Applies all included <code>Transform</code>s to xmlSignatureInput and
	* returns the result of these transformations.
	*
	* @param xmlSignatureInput the input for the <code>Transform</code>s
	* @return the result of the <code>Transforms</code>
	* @throws TransformationException
	*/
	public XMLSignatureInput performTransforms(
	XMLSignatureInput xmlSignatureInput
	) throws TransformationException {
	return performTransforms(xmlSignatureInput, null);
	}

	/**
	* Applies all included <code>Transform</code>s to xmlSignatureInput and
	* returns the result of these transformations.
	*
	* @param xmlSignatureInput the input for the <code>Transform</code>s
	* @param os where to output the last transformation.
	* @return the result of the <code>Transforms</code>
	* @throws TransformationException
	*/
	public XMLSignatureInput performTransforms(
	XMLSignatureInput xmlSignatureInput, OutputStream os
	) throws TransformationException {
	try {
	int last = this.getLength() - 1;
	for (int i = 0; i < last; i++) {
	Transform t = this.item(i);
	LOG.debug("Perform the ({})th {} transform", i, t.getURI());
	checkSecureValidation(t);
	xmlSignatureInput = t.performTransform(xmlSignatureInput);
	}
	if (last >= 0) {
	Transform t = this.item(last);
	LOG.debug("Perform the ({})th {} transform", last, t.getURI());
	checkSecureValidation(t);
	xmlSignatureInput = t.performTransform(xmlSignatureInput, os);
	}

	return xmlSignatureInput;
	} catch (IOException ex) {
	throw new TransformationException(ex);
	} catch (CanonicalizationException ex) {
	throw new TransformationException(ex);
	} catch (InvalidCanonicalizerException ex) {
	throw new TransformationException(ex);
	}
	}

	private void checkSecureValidation(Transform transform) throws TransformationException {
	String uri = transform.getURI();
	if (secureValidation && Transforms.TRANSFORM_XSLT.equals(uri)) {
	Object[] exArgs = { uri };

	throw new TransformationException(
	"signature.Transform.ForbiddenTransform", exArgs
	);
	}
	transform.setSecureValidation(secureValidation);
	}

	/**
	* Return the nonnegative number of transformations.
	*
	* @return the number of transformations
	*/
	public int getLength() {
	initTransforms();
	return transformsElement.length;
	}

	/**
	* Return the <i>i</i><sup>th</sup> <code>{@link Transform}</code>.
	* Valid <code>i</code> values are 0 to <code>{@link #getLength}-1</code>.
	*
	* @param i index of {@link Transform} to return
	* @return the <i>i</i><sup>th</sup> Transform
	* @throws TransformationException
	*/
	public Transform item(int i) throws TransformationException {
	try {
	initTransforms();
	return new Transform(transformsElement[i], this.baseURI);
	} catch (XMLSecurityException ex) {
	throw new TransformationException(ex);
	}
	}

	private void initTransforms() {
	if (transformsElement == null) {
	transformsElement = XMLUtils.selectDsNodes(getFirstChild(), "Transform");
	}
	}

	/** {@inheritDoc} */
	public String getBaseLocalName() {
	return Constants._TAG_TRANSFORMS;
	}
	}