8319124: Update XML Security for Java to 3.0.3

Reviewed-by: mbaesken
Backport-of: 1c0bd81a10f97c752818163a573d5983c7e481ac

src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/Init.java

@@ -57,17 +57,22 @@
  */
 public class Init {
 
-    /** The namespace for CONF file **/
+    /**
+     * The namespace for CONF file
+     **/
     public static final String CONF_NS = "http://www.xmlsecurity.org/NS/#configuration";
 
     private static final com.sun.org.slf4j.internal.Logger LOG =
-        com.sun.org.slf4j.internal.LoggerFactory.getLogger(Init.class);
+            com.sun.org.slf4j.internal.LoggerFactory.getLogger(Init.class);
 
-    /** Field alreadyInitialized */
+    /**
+     * Field alreadyInitialized
+     */
     private static boolean alreadyInitialized = false;
 
     /**
      * Method isInitialized
+     *
      * @return true if the library is already initialized.
      */
     public static final synchronized boolean isInitialized() {
@@ -76,35 +81,28 @@ public static final synchronized boolean isInitialized() {
 
     /**
      * Method init
-     *
      */
     public static synchronized void init() {
         if (alreadyInitialized) {
             return;
         }
+        PrivilegedAction<InputStream> action = () -> {
+            String cfile = System.getProperty("com.sun.org.apache.xml.internal.security.resource.config");
+            if (cfile == null) {
+                return null;
+            }
+            return getResourceAsStream(cfile, Init.class);
+        };
 
-        @SuppressWarnings("removal")
-        InputStream is =    //NOPMD
-            AccessController.doPrivileged(
-                (PrivilegedAction<InputStream>)
-                    () -> {
-                        String cfile =
-                            System.getProperty("com.sun.org.apache.xml.internal.security.resource.config");
-                        if (cfile == null) {
-                            return null;
-                        }
-                        return getResourceAsStream(cfile, Init.class);
-                    }
-                );
-        if (is == null) {
-            dynamicInit();
-        } else {
-            fileInit(is);
-            try {
-                is.close();
-            } catch (IOException ex) {
-                LOG.warn(ex.getMessage());
+        try (@SuppressWarnings("removal")
+             InputStream is = AccessController.doPrivileged(action)) {
+            if (is == null) {
+                dynamicInit();
+            } else {
+                fileInit(is);
             }
+        } catch (IOException ex) {
+            LOG.warn(ex.getMessage(), ex);
         }
 
         alreadyInitialized = true;
@@ -412,9 +410,11 @@ private static List<URL> getResources(String resourceName, Class<?> callingClass
         }
         List<URL> ret = new ArrayList<>();
         Enumeration<URL> urls = new Enumeration<URL>() {
+            @Override
             public boolean hasMoreElements() {
                 return false;
             }
+            @Override
             public URL nextElement() {
                 return null;
             }

src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java

@@ -40,7 +40,9 @@ public class JCEMapper {
 
     private static Map<String, Algorithm> algorithmsMap = new ConcurrentHashMap<>();
 
-    private static String providerName;
+    private static String globalProviderName;
+
+    private static final ThreadLocal<String> threadSpecificProviderName = new ThreadLocal<>();
 
     /**
      * Method register
@@ -344,7 +346,10 @@ private static Algorithm getAlgorithm(String algorithmURI) {
      * @return the default providerId.
      */
     public static String getProviderId() {
-        return providerName;
+        if (threadSpecificProviderName.get() != null) {
+            return threadSpecificProviderName.get();
+        }
+        return globalProviderName;
     }
 
     /**
@@ -355,7 +360,18 @@ public static String getProviderId() {
      */
     public static void setProviderId(String provider) {
         JavaUtils.checkRegisterPermission();
-        providerName = provider;
+        globalProviderName = provider;
+    }
+
+    /**
+     * Sets the default Provider for this thread to obtain the security algorithms
+     * @param threadSpecificProviderName the default providerId.
+     * @throws SecurityException if a security manager is installed and the
+     *    caller does not have permission to register the JCE algorithm
+     */
+    public static void setThreadSpecificProviderName(String threadSpecificProviderName) {
+        JavaUtils.checkRegisterPermission();
+        JCEMapper.threadSpecificProviderName.set(threadSpecificProviderName);
     }
 
     /**

src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java

@@ -256,11 +256,13 @@ public void update(byte[] buf, int offset, int len) {
     }
 
     /** {@inheritDoc} */
+    @Override
     public String getBaseNamespace() {
         return Constants.SignatureSpecNS;
     }
 
     /** {@inheritDoc} */
+    @Override
     public String getBaseLocalName() {
         return Constants._TAG_DIGESTMETHOD;
     }

src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java

@@ -31,7 +31,11 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.sun.org.apache.xml.internal.security.algorithms.implementations.*;
+import com.sun.org.apache.xml.internal.security.algorithms.implementations.IntegrityHmac;
+import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA;
+import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureDSA;
+import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureECDSA;
+import com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureEDDSA;
 import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
@@ -524,6 +528,7 @@ public static void registerDefaultAlgorithms() {
      *
      * @return URI of this element
      */
+    @Override
     public String getBaseNamespace() {
         return Constants.SignatureSpecNS;
     }
@@ -533,6 +538,7 @@ public String getBaseNamespace() {
      *
      * @return Local name
      */
+    @Override
     public String getBaseLocalName() {
         return Constants._TAG_SIGNATUREMETHOD;
     }

src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java

@@ -22,7 +22,12 @@
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
-import java.security.*;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
 import java.security.spec.AlgorithmParameterSpec;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;

src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java

@@ -28,7 +28,12 @@
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.interfaces.ECPublicKey;
-import java.security.spec.*;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.EllipticCurve;
 import java.util.ArrayList;
 import java.util.List;
 

src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java

@@ -90,6 +90,7 @@ public IntegrityHmac(Provider provider) throws XMLSignatureException {
      * @param params
      * @throws XMLSignatureException
      */
+    @Override
     protected void engineSetParameter(AlgorithmParameterSpec params) throws XMLSignatureException {
         throw new XMLSignatureException("empty", new Object[]{"Incorrect method call"});
     }
@@ -102,6 +103,7 @@ protected void engineSetParameter(AlgorithmParameterSpec params) throws XMLSigna
      * @return true if the signature is correct
      * @throws XMLSignatureException
      */
+    @Override
     protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
         try {
             if (hmacOutputLength != null && hmacOutputLength.length < getDigestLength()) {
@@ -124,6 +126,7 @@ protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
      * @param secretKey
      * @throws XMLSignatureException
      */
+    @Override
     protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
         if (!(secretKey instanceof SecretKey)) {
             String supplied = null;
@@ -150,6 +153,7 @@ protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
      * @return the result of the {@link java.security.Signature#sign()} method
      * @throws XMLSignatureException
      */
+    @Override
     protected byte[] engineSign() throws XMLSignatureException {
         try {
             if (hmacOutputLength != null && hmacOutputLength.length < getDigestLength()) {
@@ -170,6 +174,7 @@ protected byte[] engineSign() throws XMLSignatureException {
      * @param secretKey
      * @throws XMLSignatureException
      */
+    @Override
     protected void engineInitSign(Key secretKey) throws XMLSignatureException {
         engineInitSign(secretKey, (AlgorithmParameterSpec)null);
     }
@@ -181,6 +186,7 @@ protected void engineInitSign(Key secretKey) throws XMLSignatureException {
      * @param algorithmParameterSpec
      * @throws XMLSignatureException
      */
+    @Override
     protected void engineInitSign(
         Key secretKey, AlgorithmParameterSpec algorithmParameterSpec
     ) throws XMLSignatureException {
@@ -213,6 +219,7 @@ protected void engineInitSign(
      * @param secureRandom
      * @throws XMLSignatureException
      */
+    @Override
     protected void engineInitSign(Key secretKey, SecureRandom secureRandom)
         throws XMLSignatureException {
         throw new XMLSignatureException("algorithms.CannotUseSecureRandomOnMAC");
@@ -225,6 +232,7 @@ protected void engineInitSign(Key secretKey, SecureRandom secureRandom)
      * @param input
      * @throws XMLSignatureException
      */
+    @Override
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
             this.macAlgorithm.update(input);
@@ -240,6 +248,7 @@ protected void engineUpdate(byte[] input) throws XMLSignatureException {
      * @param input
      * @throws XMLSignatureException
      */
+    @Override
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
             this.macAlgorithm.update(input);
@@ -257,6 +266,7 @@ protected void engineUpdate(byte input) throws XMLSignatureException {
      * @param len
      * @throws XMLSignatureException
      */
+    @Override
     protected void engineUpdate(byte[] buf, int offset, int len) throws XMLSignatureException {
         try {
             this.macAlgorithm.update(buf, offset, len);
@@ -270,6 +280,7 @@ protected void engineUpdate(byte[] buf, int offset, int len) throws XMLSignature
      * {@inheritDoc}
      *
      */
+    @Override
     protected String engineGetJCEAlgorithmString() {
         return this.macAlgorithm.getAlgorithm();
     }
@@ -279,6 +290,7 @@ protected String engineGetJCEAlgorithmString() {
      *
      * {@inheritDoc}
      */
+    @Override
     protected String engineGetJCEProviderName() {
         return this.macAlgorithm.getProvider().getName();
     }