Skip to content

Commit

Permalink
8305972: Update XML Security for Java to 3.0.2
Browse files Browse the repository at this point in the history
Reviewed-by: mbaesken
Backport-of: f0aebc8141de5a50c88658a40caa01967a9afc53
  • Loading branch information
GoeLin committed Jan 17, 2024
1 parent af1e82c commit f133108
Show file tree
Hide file tree
Showing 39 changed files with 1,281 additions and 252 deletions.
17 changes: 17 additions & 0 deletions src/java.base/share/conf/security/java.security
Original file line number Diff line number Diff line change
Expand Up @@ -983,6 +983,23 @@ jdk.xml.dsig.secureValidationPolicy=\
noDuplicateIds,\
noRetrievalMethodLoops

#
# Support for the here() function
#
# This security property determines whether the here() XPath function is
# supported in XML Signature generation and verification.
#
# If this property is set to false, the here() function is not supported.
# Generating an XML Signature that uses the here() function will throw an
# XMLSignatureException. Validating an existing XML Signature that uses the
# here() function will also throw an XMLSignatureException.
#
# The default value for this property is true.
#
# Note: This property is currently used by the JDK Reference implementation.
# It is not guaranteed to be examined and used by other implementations.
#
#jdk.xml.dsig.hereFunctionSupported=true

#
# Deserialization JVM-wide filter factory
Expand Down
2 changes: 2 additions & 0 deletions src/java.base/share/lib/security/default.policy
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@ grant codeBase "jrt:/java.xml.crypto" {
"removeProviderProperty.XMLDSig";
permission java.security.SecurityPermission
"com.sun.org.apache.xml.internal.security.register";
permission java.security.SecurityPermission
"getProperty.jdk.xml.dsig.hereFunctionSupported";
permission java.security.SecurityPermission
"getProperty.jdk.xml.dsig.secureValidationPolicy";
permission java.lang.RuntimePermission
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,14 @@ public static void registerDefaultAlgorithms() {
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160,
new Algorithm("EC", "RIPEMD160withECDSA", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED25519,
new Algorithm("Ed25519", "Ed25519", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED448,
new Algorithm("Ed448", "Ed448", "Signature")
);
algorithmsMap.put(
XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
new Algorithm("", "HmacMD5", "Mac", 0, 0)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,7 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

import com.sun.org.apache.xml.internal.security.algorithms.implementations.IntegrityHmac;
import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA;
import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureDSA;
import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA;
import com.sun.org.apache.xml.internal.security.algorithms.implementations.*;
import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
Expand Down Expand Up @@ -496,6 +493,12 @@ public static void registerDefaultAlgorithms() {
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class
);
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED25519, SignatureEDDSA.SignatureEd25519.class
);
algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED448, SignatureEDDSA.SignatureEd448.class
);
algorithmHash.put(
XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
import java.security.interfaces.ECPublicKey;
import java.security.spec.*;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

public final class ECDSAUtils {
Expand Down Expand Up @@ -786,9 +785,7 @@ public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {
field = ecFieldF2m.getReductionPolynomial();
}

Iterator<ECCurveDefinition> ecCurveDefinitionIterator = ecCurveDefinitions.iterator();
while (ecCurveDefinitionIterator.hasNext()) {
ECCurveDefinition ecCurveDefinition = ecCurveDefinitionIterator.next();
for (ECCurveDefinition ecCurveDefinition : ecCurveDefinitions) {
String oid = ecCurveDefinition.equals(field, a, b, affineX, affineY, order, h);
if (oid != null) {
return oid;
Expand All @@ -798,9 +795,7 @@ public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {
}

public static ECCurveDefinition getECCurveDefinition(String oid) {
Iterator<ECCurveDefinition> ecCurveDefinitionIterator = ecCurveDefinitions.iterator();
while (ecCurveDefinitionIterator.hasNext()) {
ECCurveDefinition ecCurveDefinition = ecCurveDefinitionIterator.next();
for (ECCurveDefinition ecCurveDefinition : ecCurveDefinitions) {
if (ecCurveDefinition.getOid().equals(oid)) {
return ecCurveDefinition;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,228 @@
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package com.sun.org.apache.xml.internal.security.algorithms.implementations;

import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;

import java.io.IOException;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;

/**
*
*/
public abstract class SignatureEDDSA extends SignatureAlgorithmSpi {

private static final com.sun.org.slf4j.internal.Logger LOG =
com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureEDDSA.class);

private final Signature signatureAlgorithm;


/**
* Constructor SignatureEDDSA
*
* @throws XMLSignatureException
*/
public SignatureEDDSA() throws XMLSignatureException {
this(null);
}

public SignatureEDDSA(Provider provider) throws XMLSignatureException {
String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
LOG.debug("Created SignatureEDDSA using {}", algorithmID);

try {
if (provider == null) {
String providerId = JCEMapper.getProviderId();
if (providerId == null) {
this.signatureAlgorithm = Signature.getInstance(algorithmID);

} else {
this.signatureAlgorithm = Signature.getInstance(algorithmID, providerId);
}

} else {
this.signatureAlgorithm = Signature.getInstance(algorithmID, provider);
}

} catch (NoSuchAlgorithmException | NoSuchProviderException ex) {
Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
}
}

/** {@inheritDoc} */
protected void engineSetParameter(AlgorithmParameterSpec params)
throws XMLSignatureException {
try {
this.signatureAlgorithm.setParameter(params);
} catch (InvalidAlgorithmParameterException ex) {
throw new XMLSignatureException(ex);
}
}

/** {@inheritDoc} */
protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
try {

if (LOG.isDebugEnabled()) {
LOG.debug("Called SignatureEDDSA.verify() on " + XMLUtils.encodeToString(signature));
}

return this.signatureAlgorithm.verify(signature);
} catch (SignatureException ex) {
throw new XMLSignatureException(ex);
}
}

/** {@inheritDoc} */
protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
engineInitVerify(publicKey, signatureAlgorithm);
}

/** {@inheritDoc} */
protected byte[] engineSign() throws XMLSignatureException {
try {
return this.signatureAlgorithm.sign();
} catch (SignatureException ex) {
throw new XMLSignatureException(ex);
}
}

/** {@inheritDoc} */
protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
throws XMLSignatureException {

engineInitSign(privateKey, secureRandom, this.signatureAlgorithm);
}

/** {@inheritDoc} */
protected void engineInitSign(Key privateKey) throws XMLSignatureException {
engineInitSign(privateKey, (SecureRandom)null);
}

/** {@inheritDoc} */
protected void engineUpdate(byte[] input) throws XMLSignatureException {
try {
this.signatureAlgorithm.update(input);
} catch (SignatureException ex) {
throw new XMLSignatureException(ex);
}
}

/** {@inheritDoc} */
protected void engineUpdate(byte input) throws XMLSignatureException {
try {
this.signatureAlgorithm.update(input);
} catch (SignatureException ex) {
throw new XMLSignatureException(ex);
}
}

/** {@inheritDoc} */
protected void engineUpdate(byte[] buf, int offset, int len) throws XMLSignatureException {
try {
this.signatureAlgorithm.update(buf, offset, len);
} catch (SignatureException ex) {
throw new XMLSignatureException(ex);
}
}

/** {@inheritDoc} */
protected String engineGetJCEAlgorithmString() {
return this.signatureAlgorithm.getAlgorithm();
}

/** {@inheritDoc} */
protected String engineGetJCEProviderName() {
return this.signatureAlgorithm.getProvider().getName();
}

/** {@inheritDoc} */
protected void engineSetHMACOutputLength(int HMACOutputLength)
throws XMLSignatureException {
throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
}

/** {@inheritDoc} */
protected void engineInitSign(
Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
) throws XMLSignatureException {
throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnEdDSA");
}

/**
* Class SignatureEd25519
*
*/
public static class SignatureEd25519 extends SignatureEDDSA {
/**
* Constructor SignatureEd25519
*
* @throws XMLSignatureException
*/
public SignatureEd25519() throws XMLSignatureException {
super();
}

public SignatureEd25519(Provider provider) throws XMLSignatureException {
super(provider);
}

/** {@inheritDoc} */
@Override
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED25519;
}
}

/**
* Class SignatureEd448
*/
public static class SignatureEd448 extends SignatureEDDSA {

/**
* Constructor SignatureEd448
*
* @throws XMLSignatureException
*/
public SignatureEd448() throws XMLSignatureException {
super();
}

public SignatureEd448(Provider provider) throws XMLSignatureException {
super(provider);
}

/** {@inheritDoc} */
@Override
public String engineGetURI() {
return XMLSignature.ALGO_ID_SIGNATURE_EDDSA_ED448;
}
}
}
Loading

1 comment on commit f133108

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.