diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java index e4c1a30d525..68cb86eb7fd 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java @@ -207,6 +207,22 @@ public static void registerDefaultAlgorithms() { XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, new Algorithm("EC", "SHA512withECDSA", "Signature") ); + algorithmsMap.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224, + new Algorithm("EC", "SHA3-224withECDSA", "Signature") + ); + algorithmsMap.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256, + new Algorithm("EC", "SHA3-256withECDSA", "Signature") + ); + algorithmsMap.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384, + new Algorithm("EC", "SHA3-384withECDSA", "Signature") + ); + algorithmsMap.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512, + new Algorithm("EC", "SHA3-512withECDSA", "Signature") + ); algorithmsMap.put( XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, new Algorithm("EC", "RIPEMD160withECDSA", "Signature") diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java index 17351f0211e..931f3d5553c 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java @@ -103,7 +103,7 @@ public static MessageDigestAlgorithm getInstance( return new MessageDigestAlgorithm(doc, algorithmURI); } - private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException { + public static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException { String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI); if (algorithmID == null) { diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java index 439eefb10dc..a74d373244c 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java @@ -494,6 +494,18 @@ public static void registerDefaultAlgorithms() { algorithmHash.put( XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class ); + algorithmHash.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224, SignatureECDSA.SignatureECDSASHA3_224.class + ); + algorithmHash.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256, SignatureECDSA.SignatureECDSASHA3_256.class + ); + algorithmHash.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384, SignatureECDSA.SignatureECDSASHA3_384.class + ); + algorithmHash.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512, SignatureECDSA.SignatureECDSASHA3_512.class + ); algorithmHash.put( XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class ); diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java index 73e02864bd9..4d38b2f07bd 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java @@ -770,6 +770,46 @@ public static byte[] convertXMLDSIGtoASN1(byte[] xmldsigBytes) throws IOExceptio "0340340340340340340340340340340340340340340340340340340323c313fab50589703b5ec68d3587fec60d161cc149c1ad4a91", 0x2760) ); + + ecCurveDefinitions.add( + new ECCurveDefinition( + "brainpoolP256r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.7", + "a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377", + "7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9", + "26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6", + "8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262", + "547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997", + "a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7", + 1) + ); + + ecCurveDefinitions.add( + new ECCurveDefinition( + "brainpoolP384r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.11", + "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53", + "7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826", + "04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11", + "1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e", + "8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315", + "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565", + 1) + ); + + ecCurveDefinitions.add( + new ECCurveDefinition( + "brainpoolP512r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.13", + "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3", + "7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca", + "3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723", + "81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822", + "7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892", + "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069", + 1) + ); + } public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) { diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java index e9f82181623..d86070fb19c 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java @@ -65,8 +65,7 @@ public SignatureBaseRSA() throws XMLSignatureException { public SignatureBaseRSA(Provider provider) throws XMLSignatureException { String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI()); this.signatureAlgorithm = getSignature(provider, algorithmID); - LOG.debug("Created SignatureRSA using {0} and provider {1}", - algorithmID, signatureAlgorithm.getProvider()); + LOG.debug("Created SignatureRSA using {0}", algorithmID); } Signature getSignature(Provider provider, String algorithmID) diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java index 75a88b8eb13..a90a314ade2 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java @@ -371,6 +371,110 @@ public String engineGetURI() { } } + /** + * Class SignatureECDSASHA3-224 + * + */ + public static class SignatureECDSASHA3_224 extends SignatureECDSA { + + /** + * Constructor SignatureECDSASHA3-224 + * + * @throws XMLSignatureException + */ + public SignatureECDSASHA3_224() throws XMLSignatureException { + super(); + } + + public SignatureECDSASHA3_224(Provider provider) throws XMLSignatureException { + super(provider); + } + + /** {@inheritDoc} */ + @Override + public String engineGetURI() { + return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224; + } + } + + /** + * Class SignatureECDSASHA3-256 + * + */ + public static class SignatureECDSASHA3_256 extends SignatureECDSA { + + /** + * Constructor SignatureECDSASHA3-256 + * + * @throws XMLSignatureException + */ + public SignatureECDSASHA3_256() throws XMLSignatureException { + super(); + } + + public SignatureECDSASHA3_256(Provider provider) throws XMLSignatureException { + super(provider); + } + + /** {@inheritDoc} */ + @Override + public String engineGetURI() { + return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256; + } + } + + /** + * Class SignatureECDSASHA3-384 + * + */ + public static class SignatureECDSASHA3_384 extends SignatureECDSA { + + /** + * Constructor SignatureECDSASHA3-384 + * + * @throws XMLSignatureException + */ + public SignatureECDSASHA3_384() throws XMLSignatureException { + super(); + } + + public SignatureECDSASHA3_384(Provider provider) throws XMLSignatureException { + super(provider); + } + + /** {@inheritDoc} */ + @Override + public String engineGetURI() { + return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384; + } + } + + /** + * Class SignatureECDSASHA3-512 + * + */ + public static class SignatureECDSASHA3_512 extends SignatureECDSA { + + /** + * Constructor SignatureECDSASHA3-512 + * + * @throws XMLSignatureException + */ + public SignatureECDSASHA3_512() throws XMLSignatureException { + super(); + } + + public SignatureECDSASHA3_512(Provider provider) throws XMLSignatureException { + super(provider); + } + + /** {@inheritDoc} */ + @Override + public String engineGetURI() { + return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512; + } + } + /** * Class SignatureECDSARIPEMD160 */ diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java index 62f25d1298d..01dd2ed16d7 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java @@ -32,15 +32,7 @@ import javax.crypto.SecretKey; import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException; -import com.sun.org.apache.xml.internal.security.keys.content.DEREncodedKeyValue; -import com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference; -import com.sun.org.apache.xml.internal.security.keys.content.KeyName; -import com.sun.org.apache.xml.internal.security.keys.content.KeyValue; -import com.sun.org.apache.xml.internal.security.keys.content.MgmtData; -import com.sun.org.apache.xml.internal.security.keys.content.PGPData; -import com.sun.org.apache.xml.internal.security.keys.content.RetrievalMethod; -import com.sun.org.apache.xml.internal.security.keys.content.SPKIData; -import com.sun.org.apache.xml.internal.security.keys.content.X509Data; +import com.sun.org.apache.xml.internal.security.keys.content.*; import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.DSAKeyValue; import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.RSAKeyValue; import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver; @@ -50,7 +42,6 @@ import com.sun.org.apache.xml.internal.security.transforms.Transforms; import com.sun.org.apache.xml.internal.security.utils.Constants; import com.sun.org.apache.xml.internal.security.utils.ElementProxy; -import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy; import com.sun.org.apache.xml.internal.security.utils.XMLUtils; import org.w3c.dom.Attr; import org.w3c.dom.Document; @@ -88,7 +79,7 @@ * contains the corresponding type. * */ -public class KeyInfo extends SignatureElementProxy { +public class KeyInfo extends ElementProxy { private static final com.sun.org.slf4j.internal.Logger LOG = com.sun.org.slf4j.internal.LoggerFactory.getLogger(KeyInfo.class); @@ -231,12 +222,24 @@ public void add(RSAKeyValue rsakeyvalue) { } /** - * Method add + * Method adds public key encoded as KeyValue. If public key type is not supported by KeyValue, then + * DEREncodedKeyValue is used. If public key type is not supported by DEREncodedKeyValue, then + * IllegalArgumentException is thrown. * - * @param pk + * @param pk public key to be added to KeyInfo */ - public void add(PublicKey pk) { - this.add(new KeyValue(getDocument(), pk)); + public void add(PublicKey pk) { + + if (KeyValue.isSupportedKeyType(pk)) { + this.add(new KeyValue(getDocument(), pk)); + return; + } + + try { + this.add(new DEREncodedKeyValue(getDocument(), pk)); + } catch (XMLSecurityException ex) { + throw new IllegalArgumentException(ex); + } } /** @@ -772,6 +775,7 @@ public boolean containsKeyInfoReference() { return this.lengthKeyInfoReference() > 0; } + /** * This method returns the public key. * @@ -1188,4 +1192,10 @@ public void addStorageResolver(StorageResolver storageResolver) { public String getBaseLocalName() { return Constants._TAG_KEYINFO; } + + /** {@inheritDoc} */ + @Override + public String getBaseNamespace() { + return Constants.SignatureSpecNS; + } } diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java index 823a5036680..2b5b55a3d04 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java @@ -41,7 +41,10 @@ public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyInfoContent { /** JCA algorithm key types supported by this implementation. */ - private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC"}; + private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC", + "DiffieHellman", "DH", "XDH", "X25519", "X448", + "EdDSA", "Ed25519", "Ed448", + "RSASSA-PSS"}; /** * Constructor DEREncodedKeyValue @@ -144,5 +147,4 @@ protected byte[] getEncodedDER(PublicKey publicKey) throws XMLSecurityException throw new XMLSecurityException(e, "DEREncodedKeyValue.UnsupportedPublicKey", exArgs); } } - } diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java index ee999e65783..d1eb890f885 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java @@ -41,7 +41,6 @@ * (section 6.4). The KeyValue element may include externally defined public * keys values represented as PCDATA or element types from an external * namespace. - * */ public class KeyValue extends SignatureElementProxy implements KeyInfoContent { @@ -120,6 +119,20 @@ public KeyValue(Document doc, PublicKey pk) { } } + /** + * Verifies that the XML KeyValue encoding is supported for the given key type. If the + * encoding is supported, it returns true else false. + * + * @return true if the public key has a KeyValue encoding, false otherwise. + */ + public static boolean isSupportedKeyType(PublicKey publicKey) { + + return publicKey instanceof java.security.interfaces.DSAPublicKey + || publicKey instanceof java.security.interfaces.RSAPublicKey + || publicKey instanceof java.security.interfaces.ECPublicKey; + + } + /** * Constructor KeyValue * diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java index 839d9e4285d..9bc6e55d7e5 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java @@ -91,6 +91,45 @@ public class ECKeyValue extends Signature11ElementProxy implements KeyValueConte 1 ); + /* Supported curve brainpoolP256r1 */ + private static final Curve BRAINPOOLP256R1 = initializeCurve( + "brainpoolP256r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.7", + "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", + "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", + "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", + "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", + "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", + "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", + 1 + ); + + /* Supported curve brainpoolP384r1 */ + private static final Curve BRAINPOOLP384R1 = initializeCurve( + "brainpoolP384r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.11", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", + "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", + "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", + "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", + "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", + 1 + ); + + /* Supported curve brainpoolP512r1 */ + private static final Curve BRAINPOOLP512R1 = initializeCurve( + "brainpoolP512r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.13", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", + "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", + "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", + "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", + "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", + 1 + ); + private static Curve initializeCurve(String name, String oid, String sfield, String a, String b, String x, String y, String n, int h) { @@ -264,7 +303,13 @@ private static String getCurveOid(ECParameterSpec params) { match = SECP384R1; } else if (matchCurve(params, SECP521R1)) { match = SECP521R1; - } else { + } else if (matchCurve(params, BRAINPOOLP256R1)) { + match = BRAINPOOLP256R1; + } else if (matchCurve(params, BRAINPOOLP384R1)) { + match = BRAINPOOLP384R1; + } else if (matchCurve(params, BRAINPOOLP512R1)) { + match = BRAINPOOLP512R1; + }else { return null; } return match.getObjectId(); @@ -332,6 +377,12 @@ private static ECParameterSpec getECParameterSpec(String oid) { return SECP384R1; } else if (oid.equals(SECP521R1.getObjectId())) { return SECP521R1; + } else if (oid.equals(BRAINPOOLP256R1.getObjectId())) { + return BRAINPOOLP256R1; + } else if (oid.equals(BRAINPOOLP384R1.getObjectId())) { + return BRAINPOOLP384R1; + } else if (oid.equals(BRAINPOOLP512R1.getObjectId())) { + return BRAINPOOLP512R1; } else { return null; } diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties index 03a2369566c..0871ffdaffa 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties @@ -1,199 +1,199 @@ -# -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -# - -algorithm.alreadyRegistered = URI {0} wurde bereits an die Klasse {1} gebunden -algorithm.classDoesNotExist = Kann URI {0} nicht f\u00fcr Klasse {1} registrieren weil sie nicht existiert -algorithm.ClassDoesNotExist = Klasse {0} existiert nicht -algorithm.extendsWrongClass = Kann URI {0} nicht f\u00fcr Klasse {1} registrieren weil sie nicht von {2} abgeleitet ist -algorithms.CannotUseAlgorithmParameterSpecOnDSA = AlgorithmParameterSpec kann nicht f\u00fcr DSA Signaturen benutzt werden. -algorithms.CannotUseAlgorithmParameterSpecOnRSA = AlgorithmParameterSpec kann nicht f\u00fcr RSA Signaturen benutzt werden. -algorithms.CannotUseSecureRandomOnMAC = SecureRandom kann nicht f\u00fcr MAC's angewandt werden. -algorithms.HMACOutputLengthMax = HMACOutputLength darf nicht grosser als {0} sein -algorithms.HMACOutputLengthMin = HMACOutputLength darf nicht kleiner als {0} sein -algorithms.HMACOutputLengthOnlyForHMAC = Die HMACOutputLength kann nur bei HMAC integrit\u00e4ts Algorithmen angegeben werden -algorithms.MissingRSAPSSParams = RSAPSSParams is a required Element for http://www.w3.org/2007/05/xmldsig-more#rsa-pss -algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. -algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. Original Nachricht war\: {1} -algorithms.NoSuchMap = Algorithmus URI "{0}" konnte auf keinen JCE Algorithmus gemappt werden -algorithms.NoSuchProvider = Der angegebene Provider {0} existiert nicht. Original Nachricht war\: {1} -algorithms.operationOnlyVerification = Ein \u00f6ffentlicher Schl\u00fcssel (public key) kann nur zur Verifizierung einer Signatur verwendet werden. -algorithms.WrongKeyForThisOperation = Der angegebene Schl\u00fcssel-Typ kann nicht f\u00fcr diese Operation verwendet werden. Angegeben wurde {0} aber ein {1} wird ben\u00f6tigt. -attributeValueIllegal = Das Attribut {0} hat den Wert {1} muss aber {2} sein. -c14n.Canonicalizer.Exception = Fehler w\u00e4hrend der Kanonisierung\: Original Nachricht war {0} -c14n.Canonicalizer.IllegalNode = Unzul\u00e4ssiger NodeType {0}, NodeName lautete {1} -c14n.Canonicalizer.NoSuchCanonicalizer = Kein Kanonisierer mit dem URI {0} gefunden -c14n.Canonicalizer.ParserConfigurationException = ParserConfigurationException w\u00e4hrend der Kanonisierung\: Original Nachricht war {0} -c14n.Canonicalizer.RelativeNamespace = Das Element {0} hat einen relativen Namespace: {1}="{2}" -c14n.Canonicalizer.SAXException = SAXException w\u00e4hrend der Kanonisierung\: Original Nachricht war {0} -c14n.Canonicalizer.TraversalNotSupported = Das DOM Dokument unterst\u00fctzt keine Traversal {0} -c14n.Canonicalizer.UnsupportedEncoding = Nicht unterst\u00fctzte Kodierung {0} -c14n.Canonicalizer.UnsupportedOperation = Der Kanonisierer unterst\u00fctzt diese Operation nicht -c14n.XMLUtils.circumventBug2650forgotten = Die Baumstruktur wurde nicht vorbereitet f\u00fcr die Kanonisierung mit XMLUtils\#circumventBug2650(Document) -certificate.noSki.lowVersion = Das Zertifikat dard kein SubjectKeyIdentifier enthalten da es nur ein X509v{0} ist -certificate.noSki.notOctetString = Der SubjectKeyIdentifier des Zertifikates ist kein "OctetString" -certificate.noSki.null = Das Zertifikat enth\u00e4lt kein SubjectKeyIdentifier -defaultNamespaceCannotBeSetHere = Standard Namespace kann hier nicht gesetzt werden -ElementProxy.nullElement = Kann keinen ElementProxy aus einem null Argument erzeugen -empty = {0} -encryption.algorithmCannotBeUsedForEncryptedData = encryption.algorithmCannotBeUsedForEncryptedData {0} -encryption.algorithmCannotEatInitParams = encryption.algorithmCannotEatInitParams -encryption.algorithmCannotEncryptDecrypt = encryption.algorithmCannotEncryptDecrypt -encryption.algorithmCannotWrapUnWrap = encryption.algorithmCannotWrapUnWrap -encryption.ExplicitKeySizeMismatch = Das xenc\:KeySize Element fordert eine Schl\u00fcssel-L\u00e4nge von {0} bits aber der Algorithmus besitzt {1} bits -encryption.nonceLongerThanDecryptedPlaintext = Das angegebene "Nonce" ist l\u00e4nger als der verf\u00fcgbare Plaintext. -encryption.RSAOAEP.dataHashWrong = Falscher Hash-Wert -encryption.RSAOAEP.dataStartWrong = Falscher Start Input {0} -encryption.RSAOAEP.dataTooShort = Zu wenig Input -encryption.RSAPKCS15.blockTruncated = Block abgeschnitten -encryption.RSAPKCS15.noDataInBlock = Im Block sind keine Daten enthalten -encryption.RSAPKCS15.unknownBlockType = Unbekannter Block Typ -encryption.nokey = Es ist kein verschl\u00fcsselungs Schl\u00fcssel geladen und es konnte kein Schl\u00fcssel mit Hilfe der "key resolvers" gefunden werden. -endorsed.jdk1.4.0 = Leider scheint niemand unsere Installations-Anleitung zu lesen, deshalb m\u00fcssen wir es \u00fcber die Exception machen\: Du hast den "endorsing" Mechanismus vom JDK 1.4 nicht richtig angewandt. Schaue unter nach wie man das Problem l\u00f6st. -errorMessages.InvalidDigestValueException = Ung\u00fcltige Signatur\: Referen-Validierung fehlgeschlagen. -errorMessages.InvalidSignatureValueException = Ung\u00fcltige Signatur\: Core Validierung fehlgeschlagen. -errorMessages.IOException = Datei oder Resource kann nicht gelesen werden. -errorMessages.MissingKeyFailureException = Verifizierung fehlgeschlagen, weil der \u00f6ffentliche Schl\u00fcssel (public key) nicht verf\u00fcgbar ist. Resourcen via addResource() hinzuf\u00fcgen und erneut versuchen. -errorMessages.MissingResourceFailureException = Verifizierung fehlgeschlagen, weil Resourcen nicht verf\u00fcgbar sind. Resourcen via addResource() hinzuf\u00fcgen und erneut versuchen. -errorMessages.NoSuchAlgorithmException = Unbekannter Algorithmus {0} -errorMessages.NotYetImplementedException = Funktionalit\u00e4t noch nicht implementiert. -errorMessages.XMLSignatureException = Verifizierung aus unbekanntem Grund fehlgeschlagen. -decoding.divisible.four = It should be divisible by four -decoding.general = Fehler beim Decodieren -FileKeyStorageImpl.addToDefaultFromRemoteNotImplemented = Methode addToDefaultFromRemote() wurde noch nicht implementiert. -FileKeyStorageImpl.NoCert.Context = Kein X509-Zertifikat mit Kontext {0} gefunden -FileKeyStorageImpl.NoCert.IssNameSerNo = Kein X509-Zertifikat mit IssuerName {0} und serial number {1} gefunden -FileKeyStorageImpl.NoCert.SubjName = Kein X509-Zertifikat mit SubjectName {0} gefunden -generic.dontHaveConstructionElement = Konstruktions-Element fehlt -generic.EmptyMessage = {0} -generic.NotYetImplemented = {0} Leider noch nicht implementiert ;-(( -java.security.InvalidKeyException = Ung\u00fcltiger Schl\u00fcssel -java.security.NoSuchProviderException = Unbekannter oder nicht unterst\u00fctzter Provider -java.security.UnknownKeyType = Unbekannter oder nicht unterst\u00fctzter Schl\u00fcssel-Typ {0} -KeyInfo.error = Error loading Key Info -KeyInfo.needKeyResolver = Es m\u00fcssen mehrere KeyResolver registriert sein -KeyInfo.nokey = Kann keinen Schl\u00fcssel aus {0} gewinnen -KeyInfo.noKey = Kann keinen \u00f6ffentlichen Schl\u00fcssel finden -KeyInfo.wrongNumberOfObject = Ben\u00f6tige {0} keyObjects -KeyInfo.wrongUse = Dieses Objekt wird verwendet, um {0} zu gewinnen -keyResolver.alreadyRegistered = Die Klasse {1} wurde bereits registriert f\u00fcr {0} -KeyResolver.needStorageResolver = Es wird ein StorageResolver ben\u00f6tigt um ein Zertifikat aus {0} zu holen -KeyResoverSpiImpl.cannotGetCert = Cannot get the Certificate that include or in {1} in implement class {0} -KeyResoverSpiImpl.elementGeneration = Cannot make {1} element in implement class {0} -KeyResoverSpiImpl.getPoublicKey = Cannot get the public key from implement class {0} -KeyResoverSpiImpl.InvalidElement = Cannot set (2) Element in implement class {0} -KeyResoverSpiImpl.keyStore = KeyStorage Fehler in der implementierenden Klasse {0} -KeyResoverSpiImpl.need.Element = Es wird der Typ {1} ben\u00f6tigt in der implementierenden Klasse {0} -KeyResoverSpiImpl.wrongCRLElement = Cannot make CRL from {1} in implement class {0} -KeyResoverSpiImpl.wrongKeyObject = Need {1} type of KeyObject for generation Element in implement class{0} -KeyResoverSpiImpl.wrongNumberOfObject = Need {1} keyObject in implement class {0} -KeyStore.alreadyRegistered = Klasse {0} bereits registriert f\u00fcr {1} -KeyStore.register = {1} type class register error in class {0} -KeyStore.registerStore.register = Registrierungsfehler f\u00fcr Typ {0} -KeyValue.IllegalArgument = Kann kein {0} aus {1} erzeugen -namespacePrefixAlreadyUsedByOtherURI = Namespace {0} wird bereits von einer anderen URI {1} gebraucht -notYetInitialized = Das Modul {0} ist noch nicht initialisiert -prefix.AlreadyAssigned = Sie binden den Prefix {0} an den Namespace {1} aber er ist bereits an {2} zugewiesen -signature.Canonicalizer.UnknownCanonicalizer = Unbekannter Kanonisierer. Kein Handler installiert f\u00fcr URI {0} -signature.DSA.invalidFormat = Ung\u00fcltige ASN.1 Kodierung der DSA Signatur -signature.Generation.signBeforeGetValue = Es muss zuerst XMLSignature.sign(java.security.PrivateKey) aufgerufen werden -signature.Reference.ForbiddenResolver = Der "Resolver" {0} ist bei aktivierter "secure validation" nicht erlaubt -signature.Reference.NoDigestMethod = A Signature Reference Element must contain a DigestMethod child -signature.Reference.NoDigestValue = A Signature Reference Element must contain a DigestValue child -signature.signatureAlgorithm = Der Algorithmus {0} ist bei aktivierter "secure validation" nicht erlaubt -signature.signaturePropertyHasNoTarget = Das Target Attribut der SignatureProperty muss gesetzt sein -signature.tooManyReferences = Das Manifest enth\u00e4lt {0} Referenzen, bei aktivierter "secure validation" sind aber maximal {1} erlaubt -signature.tooManyTransforms = Die Referenz enth\u00e4lt {0} Transformationen, bei aktivierter "secure validation" sind aber maximal {1} erlaubt -signature.Transform.ErrorDuringTransform = W\u00e4hrend der Transformation {0} trat eine {1} auf. -signature.Transform.ForbiddenTransform = Die Transformation {0} ist bei aktivierter "secure validation" nicht erlaubt -signature.Transform.NotYetImplemented = Transform {0} noch nicht implementiert -signature.Transform.NullPointerTransform = Null pointer als URI \u00fcbergeben. Programmierfehler? -signature.Transform.UnknownTransform = Unbekannte Transformation. Kein Handler installiert f\u00fcr URI {0} -signature.Util.BignumNonPositive = bigInteger.signum() muss positiv sein -signature.Util.NonTextNode = Keine Text Node -signature.Util.TooManyChilds = Zu viele Kind-Elemente vom Typ {0} in {1} -signature.Verification.certificateError = Zertifikatsfehler -signature.Verification.IndexOutOfBounds = Index {0} illegal. Es sind nur {1} Referenzen vorhanden -signature.Verification.internalError = Interner Fehler -signature.Verification.InvalidDigestOrReference = Ung\u00fcltiger Digest Wert der Referenz {0} -signature.Verification.InvalidElement = Current Node {0} is not permitted in this location in the Signature -signature.Verification.keyStore = \u00d6ffnen des KeyStore fehlgeschlagen -signature.Verification.MissingID = Element mit der ID {0} nicht gefunden -signature.Verification.MissingResources = Kann die externe Resource {0} nicht aufl\u00f6sen -signature.Verification.MultipleIDs = Mehrere Elemente mit der ID {0} gefunden -signature.Verification.NoSignatureElement = Input Dokument enth\u00e4lt kein {0} Element mit dem Namespace {1} -signature.Verification.Reference.NoInput = Die Referenz f\u00fcr den URI {0} hat keinen XMLSignatureInput erhalten. -signature.Verification.SignatureError = Signatur Fehler -signature.XMLSignatureInput.MissingConstuctor = Kann aus der Klasse {0} keinen XMLSignatureInput erzeugen -signature.XMLSignatureInput.SerializeDOM = Input mit einem DOM Dokument initialisiert. Muss mit C14N serialisiert werden -transform.Init.IllegalContextArgument = Unzul\u00e4ssiges Kontext Argument der Klasse {0}. Muss String, org.w3c.dom.NodeList oder java.io.InputStream sein. -transform.init.NotInitialized = -transform.init.wrongURI = Initialisiert mit dem falschen URI. Das sollte nie passieren. Die Transformation implementiert {0} aber {1} wurde bei der Instantiierung verwendet. -utils.Base64.IllegalBitlength = Ung\u00fcltige Byte-L\u00e4nge; Muss ein vielfaches von 4 sein -utils.resolver.noClass = Keinen Resolver f\u00fcr URI {0} und Base {1} gefunden -xml.WrongContent = Kann {0} nicht finden in {1} -xml.WrongElement = Kann kein {0} aus einem {1} Element erzeugen -xpath.funcHere.documentsDiffer = Der XPath ist nicht im selben Dokument wie der Kontext Node -xpath.funcHere.noXPathContext = Versuch einer XPath-Evaluierung welcher die Funktion here() benutzt aber der XPath ist nicht innerhalb eines ds\:XPath Elements. XPath \: {0} -signature.Transform.node = Aktuelle Node\: {0} -signature.Transform.nodeAndType = Aktuelle Node\: {0}, Typ\: {1} -signature.XMLSignatureInput.nodesetReference = Das Node-Set der Referenz konnte nicht konvertieren werden -transform.envelopedSignatureTransformNotInSignatureElement = Enveloped Transform konnte kein Signatur Element finden -Base64Decoding = Fehler bei der Decodierung -secureProcessing.MaximumAllowedTransformsPerReference = Die Referenz enth\u00e4lt {0} Transformationen. Es sind aber maximal {1} erlaubt. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedTransformsPerReference" erh\u00f6ht werden. -secureProcessing.MaximumAllowedReferencesPerManifest = Das Manifest enh\u00e4lt {0} Referenzen. Es sind aber maximal {1} erlaubt. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedReferencesPerManifest" erh\u00f6ht werden. -secureProcessing.DoNotThrowExceptionForManifests = Signatur-Manifests werden nicht unterst\u00fctzt. Das werfen dieser Exception kann durch das Konfigurations-Property "DoNotThrowExceptionForManifests" verhindert werden. -secureProcessing.AllowMD5Algorithm = Vom Einsatz des MD5 Algorithmus wird strengstens abgeraten. Trotzdem kann er \u00fcber das Konfigurations-Property "AllowMD5Algorithm" erlaubt werden. -secureProcessing.AllowNotSameDocumentReferences = Externe Referenzen gefunden. Die Verarbeitung von externen Referenzen ist standardm\u00e4ssig ausgeschaltet. Es kann \u00fcber das Konfigurations-Property "AllowNotSameDocumentReferences" aktiviert werden. -secureProcessing.MaximumAllowedXMLStructureDepth = Die Maximum erlaubte Dokumenten-Tiefe von ({0}) wurde erreicht. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedXMLStructureDepth" erh\u00f6ht werden. -secureProcessing.inputStreamLimitReached = Maximal erlaubte Anzahl bytes ({0}) erreicht. -stax.duplicateActions=Doppelte Actions sind nicht erlaubt. -stax.missingSecurityProperties = SecurityProperties darf nicht null sein\! -stax.noOutputAction = Keine ausgehenden "Actions" definiert. -stax.noKey = Kein Schl\u00fcssel geladen und es konnte kein Schl\u00fcssel gefunden werden f\u00fcr {0} -stax.keyNotFound = Schl\u00fcssel nicht gefunden. -stax.unsupportedKeyValue = Kein oder ung\u00fcltiger KeyValue. -stax.emptyReferenceURI = Referenz enth\u00e4lt kein URI Attribut. -stax.encryption.unprocessedReferences = Es wurden nicht alle Verschl\u00fcsselungs-Referenzen verarbeitet... -stax.signature.unprocessedReferences = Es wurden nicht alle Signatur-Referenzen verarbeitet... -stax.unsupportedToken = {0} nicht unterst\u00fctzt. -stax.xmlStructureSizeExceeded = Maximal erlaubte ({0}) XML-Struktur Tiefe erreicht. -stax.unexpectedXMLEvent = Unerwarteter StAX-Event\: {0} -stax.encryption.noEncAlgo = xenc\:EncryptedKey enth\u00e4lt kein xenc\:EncryptionMethod/@Algorithm. -stax.encryption.noCipherValue = EncryptedKey enth\u00e4lt kein xenc\:CipherData/xenc\:CipherValue. -stax.unsecuredMessage = Ungesicherte Nachricht. Weder ein Signatur- noch ein EncryptedData- Element wurde gefunden. -stax.signature.signedInfoMissing = SignedInfo Element fehlt. -stax.signature.signatureMethodMissing = Signature method fehlt. -stax.signature.canonicalizationMethodMissing = Signature canonicalization method fehlt. -stax.signature.signatureValueMissing = Signature value fehlt. -stax.signature.publicKeyOrCertificateMissing = Weder ein Zertifikat noch ein public-key wurde konfiguriert. -stax.encryption.encryptionKeyMissing = Kein Schl\u00fcssel f\u00fcr die Verschl\u00fcsselung wurde konfiguriert. -stax.unsupportedKeyTransp = Der public-key Algorithmus ist zu kurz um den symmetrischen Schl\u00fcssel zu verschl\u00fcsseln. -stax.recursiveKeyReference = Rekursive Schl\u00fcssel referenzierung detektiert. -stax.ecParametersNotSupported = ECParameters werden nicht unterst\u00fctzt. -stax.namedCurveMissing = NamedCurve fehlt. -stax.encryption.securePartNotFound = Part zum Verschl\u00fcsseln nicht gefunden: {0} -stax.signature.securePartNotFound = Part zum Signieren nicht gefunden: {0} -stax.multipleSignaturesNotSupported = Mehrere Signaturen werden nicht unterstützt. -stax.signature.keyNameMissing = KeyName nicht konfiguriert. -stax.keyNotFoundForName = Kein Schl\u00fcssel für Schl\u00fcsselname konfiguriert: {0} -stax.keyTypeNotSupported = Key vom Typ {0} nicht f\u00fcr einen Key-Namenssuche unterst\u00fctzt -stax.idsetbutnotgenerated = An Id attribute is specified, but Id generation is disabled -stax.idgenerationdisablewithmultipleparts = Id generation must not be disabled when multiple parts need signing \ No newline at end of file +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# + +algorithm.alreadyRegistered = URI {0} wurde bereits an die Klasse {1} gebunden +algorithm.classDoesNotExist = Kann URI {0} nicht f\u00fcr Klasse {1} registrieren weil sie nicht existiert +algorithm.ClassDoesNotExist = Klasse {0} existiert nicht +algorithm.extendsWrongClass = Kann URI {0} nicht f\u00fcr Klasse {1} registrieren weil sie nicht von {2} abgeleitet ist +algorithms.CannotUseAlgorithmParameterSpecOnDSA = AlgorithmParameterSpec kann nicht f\u00fcr DSA Signaturen benutzt werden. +algorithms.CannotUseAlgorithmParameterSpecOnRSA = AlgorithmParameterSpec kann nicht f\u00fcr RSA Signaturen benutzt werden. +algorithms.CannotUseSecureRandomOnMAC = SecureRandom kann nicht f\u00fcr MAC's angewandt werden. +algorithms.HMACOutputLengthMax = HMACOutputLength darf nicht grosser als {0} sein +algorithms.HMACOutputLengthMin = HMACOutputLength darf nicht kleiner als {0} sein +algorithms.HMACOutputLengthOnlyForHMAC = Die HMACOutputLength kann nur bei HMAC integrit\u00e4ts Algorithmen angegeben werden +algorithms.MissingRSAPSSParams = RSAPSSParams is a required Element for http://www.w3.org/2007/05/xmldsig-more#rsa-pss +algorithms.NoSuchAlgorithmNoEx = Der Algorithmus {0} ist nicht verf\u00fcgbar. +algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. Original Nachricht war\: {1} +algorithms.NoSuchMap = Algorithmus URI "{0}" konnte auf keinen JCE Algorithmus gemappt werden +algorithms.NoSuchProvider = Der angegebene Provider {0} existiert nicht. Original Nachricht war\: {1} +algorithms.operationOnlyVerification = Ein \u00f6ffentlicher Schl\u00fcssel (public key) kann nur zur Verifizierung einer Signatur verwendet werden. +algorithms.WrongKeyForThisOperation = Der angegebene Schl\u00fcssel-Typ kann nicht f\u00fcr diese Operation verwendet werden. Angegeben wurde {0} aber ein {1} wird ben\u00f6tigt. +attributeValueIllegal = Das Attribut {0} hat den Wert {1} muss aber {2} sein. +c14n.Canonicalizer.Exception = Fehler w\u00e4hrend der Kanonisierung\: Original Nachricht war {0} +c14n.Canonicalizer.IllegalNode = Unzul\u00e4ssiger NodeType {0}, NodeName lautete {1} +c14n.Canonicalizer.NoSuchCanonicalizer = Kein Kanonisierer mit dem URI {0} gefunden +c14n.Canonicalizer.ParserConfigurationException = ParserConfigurationException w\u00e4hrend der Kanonisierung\: Original Nachricht war {0} +c14n.Canonicalizer.RelativeNamespace = Das Element {0} hat einen relativen Namespace: {1}="{2}" +c14n.Canonicalizer.SAXException = SAXException w\u00e4hrend der Kanonisierung\: Original Nachricht war {0} +c14n.Canonicalizer.TraversalNotSupported = Das DOM Dokument unterst\u00fctzt keine Traversal {0} +c14n.Canonicalizer.UnsupportedEncoding = Nicht unterst\u00fctzte Kodierung {0} +c14n.Canonicalizer.UnsupportedOperation = Der Kanonisierer unterst\u00fctzt diese Operation nicht +c14n.XMLUtils.circumventBug2650forgotten = Die Baumstruktur wurde nicht vorbereitet f\u00fcr die Kanonisierung mit XMLUtils\#circumventBug2650(Document) +certificate.noSki.lowVersion = Das Zertifikat dard kein SubjectKeyIdentifier enthalten da es nur ein X509v{0} ist +certificate.noSki.notOctetString = Der SubjectKeyIdentifier des Zertifikates ist kein "OctetString" +certificate.noSki.null = Das Zertifikat enth\u00e4lt kein SubjectKeyIdentifier +defaultNamespaceCannotBeSetHere = Standard Namespace kann hier nicht gesetzt werden +ElementProxy.nullElement = Kann keinen ElementProxy aus einem null Argument erzeugen +empty = {0} +encryption.algorithmCannotBeUsedForEncryptedData = encryption.algorithmCannotBeUsedForEncryptedData {0} +encryption.algorithmCannotEatInitParams = encryption.algorithmCannotEatInitParams +encryption.algorithmCannotEncryptDecrypt = encryption.algorithmCannotEncryptDecrypt +encryption.algorithmCannotWrapUnWrap = encryption.algorithmCannotWrapUnWrap +encryption.ExplicitKeySizeMismatch = Das xenc\:KeySize Element fordert eine Schl\u00fcssel-L\u00e4nge von {0} bits aber der Algorithmus besitzt {1} bits +encryption.nonceLongerThanDecryptedPlaintext = Das angegebene "Nonce" ist l\u00e4nger als der verf\u00fcgbare Plaintext. +encryption.RSAOAEP.dataHashWrong = Falscher Hash-Wert +encryption.RSAOAEP.dataStartWrong = Falscher Start Input {0} +encryption.RSAOAEP.dataTooShort = Zu wenig Input +encryption.RSAPKCS15.blockTruncated = Block abgeschnitten +encryption.RSAPKCS15.noDataInBlock = Im Block sind keine Daten enthalten +encryption.RSAPKCS15.unknownBlockType = Unbekannter Block Typ +encryption.nokey = Es ist kein verschl\u00fcsselungs Schl\u00fcssel geladen und es konnte kein Schl\u00fcssel mit Hilfe der "key resolvers" gefunden werden. +endorsed.jdk1.4.0 = Leider scheint niemand unsere Installations-Anleitung zu lesen, deshalb m\u00fcssen wir es \u00fcber die Exception machen\: Du hast den "endorsing" Mechanismus vom JDK 1.4 nicht richtig angewandt. Schaue unter nach wie man das Problem l\u00f6st. +errorMessages.InvalidDigestValueException = Ung\u00fcltige Signatur\: Referen-Validierung fehlgeschlagen. +errorMessages.InvalidSignatureValueException = Ung\u00fcltige Signatur\: Core Validierung fehlgeschlagen. +errorMessages.IOException = Datei oder Resource kann nicht gelesen werden. +errorMessages.MissingKeyFailureException = Verifizierung fehlgeschlagen, weil der \u00f6ffentliche Schl\u00fcssel (public key) nicht verf\u00fcgbar ist. Resourcen via addResource() hinzuf\u00fcgen und erneut versuchen. +errorMessages.MissingResourceFailureException = Verifizierung fehlgeschlagen, weil Resourcen nicht verf\u00fcgbar sind. Resourcen via addResource() hinzuf\u00fcgen und erneut versuchen. +errorMessages.NoSuchAlgorithmException = Unbekannter Algorithmus {0} +errorMessages.NotYetImplementedException = Funktionalit\u00e4t noch nicht implementiert. +errorMessages.XMLSignatureException = Verifizierung aus unbekanntem Grund fehlgeschlagen. +decoding.divisible.four = It should be divisible by four +decoding.general = Fehler beim Decodieren +FileKeyStorageImpl.addToDefaultFromRemoteNotImplemented = Methode addToDefaultFromRemote() wurde noch nicht implementiert. +FileKeyStorageImpl.NoCert.Context = Kein X509-Zertifikat mit Kontext {0} gefunden +FileKeyStorageImpl.NoCert.IssNameSerNo = Kein X509-Zertifikat mit IssuerName {0} und serial number {1} gefunden +FileKeyStorageImpl.NoCert.SubjName = Kein X509-Zertifikat mit SubjectName {0} gefunden +generic.dontHaveConstructionElement = Konstruktions-Element fehlt +generic.EmptyMessage = {0} +generic.NotYetImplemented = {0} Leider noch nicht implementiert ;-(( +java.security.InvalidKeyException = Ung\u00fcltiger Schl\u00fcssel +java.security.NoSuchProviderException = Unbekannter oder nicht unterst\u00fctzter Provider +java.security.UnknownKeyType = Unbekannter oder nicht unterst\u00fctzter Schl\u00fcssel-Typ {0} +KeyInfo.error = Error loading Key Info +KeyInfo.needKeyResolver = Es m\u00fcssen mehrere KeyResolver registriert sein +KeyInfo.nokey = Kann keinen Schl\u00fcssel aus {0} gewinnen +KeyInfo.noKey = Kann keinen \u00f6ffentlichen Schl\u00fcssel finden +KeyInfo.wrongNumberOfObject = Ben\u00f6tige {0} keyObjects +KeyInfo.wrongUse = Dieses Objekt wird verwendet, um {0} zu gewinnen +keyResolver.alreadyRegistered = Die Klasse {1} wurde bereits registriert f\u00fcr {0} +KeyResolver.needStorageResolver = Es wird ein StorageResolver ben\u00f6tigt um ein Zertifikat aus {0} zu holen +KeyResoverSpiImpl.cannotGetCert = Cannot get the Certificate that include or in {1} in implement class {0} +KeyResoverSpiImpl.elementGeneration = Cannot make {1} element in implement class {0} +KeyResoverSpiImpl.getPoublicKey = Cannot get the public key from implement class {0} +KeyResoverSpiImpl.InvalidElement = Cannot set (2) Element in implement class {0} +KeyResoverSpiImpl.keyStore = KeyStorage Fehler in der implementierenden Klasse {0} +KeyResoverSpiImpl.need.Element = Es wird der Typ {1} ben\u00f6tigt in der implementierenden Klasse {0} +KeyResoverSpiImpl.wrongCRLElement = Cannot make CRL from {1} in implement class {0} +KeyResoverSpiImpl.wrongKeyObject = Need {1} type of KeyObject for generation Element in implement class{0} +KeyResoverSpiImpl.wrongNumberOfObject = Need {1} keyObject in implement class {0} +KeyStore.alreadyRegistered = Klasse {0} bereits registriert f\u00fcr {1} +KeyStore.register = {1} type class register error in class {0} +KeyStore.registerStore.register = Registrierungsfehler f\u00fcr Typ {0} +KeyValue.IllegalArgument = Kann kein {0} aus {1} erzeugen +namespacePrefixAlreadyUsedByOtherURI = Namespace {0} wird bereits von einer anderen URI {1} gebraucht +notYetInitialized = Das Modul {0} ist noch nicht initialisiert +prefix.AlreadyAssigned = Sie binden den Prefix {0} an den Namespace {1} aber er ist bereits an {2} zugewiesen +signature.Canonicalizer.UnknownCanonicalizer = Unbekannter Kanonisierer. Kein Handler installiert f\u00fcr URI {0} +signature.DSA.invalidFormat = Ung\u00fcltige ASN.1 Kodierung der DSA Signatur +signature.Generation.signBeforeGetValue = Es muss zuerst XMLSignature.sign(java.security.PrivateKey) aufgerufen werden +signature.Reference.ForbiddenResolver = Der "Resolver" {0} ist bei aktivierter "secure validation" nicht erlaubt +signature.Reference.NoDigestMethod = A Signature Reference Element must contain a DigestMethod child +signature.Reference.NoDigestValue = A Signature Reference Element must contain a DigestValue child +signature.signatureAlgorithm = Der Algorithmus {0} ist bei aktivierter "secure validation" nicht erlaubt +signature.signaturePropertyHasNoTarget = Das Target Attribut der SignatureProperty muss gesetzt sein +signature.tooManyReferences = Das Manifest enth\u00e4lt {0} Referenzen, bei aktivierter "secure validation" sind aber maximal {1} erlaubt +signature.tooManyTransforms = Die Referenz enth\u00e4lt {0} Transformationen, bei aktivierter "secure validation" sind aber maximal {1} erlaubt +signature.Transform.ErrorDuringTransform = W\u00e4hrend der Transformation {0} trat eine {1} auf. +signature.Transform.ForbiddenTransform = Die Transformation {0} ist bei aktivierter "secure validation" nicht erlaubt +signature.Transform.NotYetImplemented = Transform {0} noch nicht implementiert +signature.Transform.NullPointerTransform = Null pointer als URI \u00fcbergeben. Programmierfehler? +signature.Transform.UnknownTransform = Unbekannte Transformation. Kein Handler installiert f\u00fcr URI {0} +signature.Util.BignumNonPositive = bigInteger.signum() muss positiv sein +signature.Util.NonTextNode = Keine Text Node +signature.Util.TooManyChilds = Zu viele Kind-Elemente vom Typ {0} in {1} +signature.Verification.certificateError = Zertifikatsfehler +signature.Verification.IndexOutOfBounds = Index {0} illegal. Es sind nur {1} Referenzen vorhanden +signature.Verification.internalError = Interner Fehler +signature.Verification.InvalidDigestOrReference = Ung\u00fcltiger Digest Wert der Referenz {0} +signature.Verification.InvalidElement = Current Node {0} is not permitted in this location in the Signature +signature.Verification.keyStore = \u00d6ffnen des KeyStore fehlgeschlagen +signature.Verification.MissingID = Element mit der ID {0} nicht gefunden +signature.Verification.MissingResources = Kann die externe Resource {0} nicht aufl\u00f6sen +signature.Verification.MultipleIDs = Mehrere Elemente mit der ID {0} gefunden +signature.Verification.NoSignatureElement = Input Dokument enth\u00e4lt kein {0} Element mit dem Namespace {1} +signature.Verification.Reference.NoInput = Die Referenz f\u00fcr den URI {0} hat keinen XMLSignatureInput erhalten. +signature.Verification.SignatureError = Signatur Fehler +signature.XMLSignatureInput.MissingConstuctor = Kann aus der Klasse {0} keinen XMLSignatureInput erzeugen +signature.XMLSignatureInput.SerializeDOM = Input mit einem DOM Dokument initialisiert. Muss mit C14N serialisiert werden +transform.Init.IllegalContextArgument = Unzul\u00e4ssiges Kontext Argument der Klasse {0}. Muss String, org.w3c.dom.NodeList oder java.io.InputStream sein. +transform.init.NotInitialized = +transform.init.wrongURI = Initialisiert mit dem falschen URI. Das sollte nie passieren. Die Transformation implementiert {0} aber {1} wurde bei der Instantiierung verwendet. +utils.Base64.IllegalBitlength = Ung\u00fcltige Byte-L\u00e4nge; Muss ein vielfaches von 4 sein +utils.resolver.noClass = Keinen Resolver f\u00fcr URI {0} und Base {1} gefunden +xml.WrongContent = Kann {0} nicht finden in {1} +xml.WrongElement = Kann kein {0} aus einem {1} Element erzeugen +xpath.funcHere.documentsDiffer = Der XPath ist nicht im selben Dokument wie der Kontext Node +xpath.funcHere.noXPathContext = Versuch einer XPath-Evaluierung welcher die Funktion here() benutzt aber der XPath ist nicht innerhalb eines ds\:XPath Elements. XPath \: {0} +signature.Transform.node = Aktuelle Node\: {0} +signature.Transform.nodeAndType = Aktuelle Node\: {0}, Typ\: {1} +signature.XMLSignatureInput.nodesetReference = Das Node-Set der Referenz konnte nicht konvertieren werden +transform.envelopedSignatureTransformNotInSignatureElement = Enveloped Transform konnte kein Signatur Element finden +Base64Decoding = Fehler bei der Decodierung +secureProcessing.MaximumAllowedTransformsPerReference = Die Referenz enth\u00e4lt {0} Transformationen. Es sind aber maximal {1} erlaubt. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedTransformsPerReference" erh\u00f6ht werden. +secureProcessing.MaximumAllowedReferencesPerManifest = Das Manifest enh\u00e4lt {0} Referenzen. Es sind aber maximal {1} erlaubt. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedReferencesPerManifest" erh\u00f6ht werden. +secureProcessing.DoNotThrowExceptionForManifests = Signatur-Manifests werden nicht unterst\u00fctzt. Das werfen dieser Exception kann durch das Konfigurations-Property "DoNotThrowExceptionForManifests" verhindert werden. +secureProcessing.AllowMD5Algorithm = Vom Einsatz des MD5 Algorithmus wird strengstens abgeraten. Trotzdem kann er \u00fcber das Konfigurations-Property "AllowMD5Algorithm" erlaubt werden. +secureProcessing.AllowNotSameDocumentReferences = Externe Referenzen gefunden. Die Verarbeitung von externen Referenzen ist standardm\u00e4ssig ausgeschaltet. Es kann \u00fcber das Konfigurations-Property "AllowNotSameDocumentReferences" aktiviert werden. +secureProcessing.MaximumAllowedXMLStructureDepth = Die Maximum erlaubte Dokumenten-Tiefe von ({0}) wurde erreicht. Die Limite kann \u00fcber das Konfigurations-Property "MaximumAllowedXMLStructureDepth" erh\u00f6ht werden. +secureProcessing.inputStreamLimitReached = Maximal erlaubte Anzahl bytes ({0}) erreicht. +stax.duplicateActions=Doppelte Actions sind nicht erlaubt. +stax.missingSecurityProperties = SecurityProperties darf nicht null sein\! +stax.noOutputAction = Keine ausgehenden "Actions" definiert. +stax.noKey = Kein Schl\u00fcssel geladen und es konnte kein Schl\u00fcssel gefunden werden f\u00fcr {0} +stax.keyNotFound = Schl\u00fcssel nicht gefunden. +stax.unsupportedKeyValue = Kein oder ung\u00fcltiger KeyValue. +stax.emptyReferenceURI = Referenz enth\u00e4lt kein URI Attribut. +stax.encryption.unprocessedReferences = Es wurden nicht alle Verschl\u00fcsselungs-Referenzen verarbeitet... +stax.signature.unprocessedReferences = Es wurden nicht alle Signatur-Referenzen verarbeitet... +stax.unsupportedToken = {0} nicht unterst\u00fctzt. +stax.xmlStructureSizeExceeded = Maximal erlaubte ({0}) XML-Struktur Tiefe erreicht. +stax.unexpectedXMLEvent = Unerwarteter StAX-Event\: {0} +stax.encryption.noEncAlgo = xenc\:EncryptedKey enth\u00e4lt kein xenc\:EncryptionMethod/@Algorithm. +stax.encryption.noCipherValue = EncryptedKey enth\u00e4lt kein xenc\:CipherData/xenc\:CipherValue. +stax.unsecuredMessage = Ungesicherte Nachricht. Weder ein Signatur- noch ein EncryptedData- Element wurde gefunden. +stax.signature.signedInfoMissing = SignedInfo Element fehlt. +stax.signature.signatureMethodMissing = Signature method fehlt. +stax.signature.canonicalizationMethodMissing = Signature canonicalization method fehlt. +stax.signature.signatureValueMissing = Signature value fehlt. +stax.signature.publicKeyOrCertificateMissing = Weder ein Zertifikat noch ein public-key wurde konfiguriert. +stax.encryption.encryptionKeyMissing = Kein Schl\u00fcssel f\u00fcr die Verschl\u00fcsselung wurde konfiguriert. +stax.unsupportedKeyTransp = Der public-key Algorithmus ist zu kurz um den symmetrischen Schl\u00fcssel zu verschl\u00fcsseln. +stax.recursiveKeyReference = Rekursive Schl\u00fcssel referenzierung detektiert. +stax.ecParametersNotSupported = ECParameters werden nicht unterst\u00fctzt. +stax.namedCurveMissing = NamedCurve fehlt. +stax.encryption.securePartNotFound = Part zum Verschl\u00fcsseln nicht gefunden: {0} +stax.signature.securePartNotFound = Part zum Signieren nicht gefunden: {0} +stax.multipleSignaturesNotSupported = Mehrere Signaturen werden nicht unterstützt. +stax.signature.keyNameMissing = KeyName nicht konfiguriert. +stax.keyNotFoundForName = Kein Schl\u00fcssel für Schl\u00fcsselname konfiguriert: {0} +stax.keyTypeNotSupported = Key vom Typ {0} nicht f\u00fcr einen Key-Namenssuche unterst\u00fctzt +stax.idsetbutnotgenerated = An Id attribute is specified, but Id generation is disabled +stax.idgenerationdisablewithmultipleparts = Id generation must not be disabled when multiple parts need signing diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java index cfa545e5826..b84556de077 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java @@ -209,6 +209,23 @@ public final class XMLSignature extends SignatureElementProxy { public static final String ALGO_ID_SIGNATURE_EDDSA_ED448 = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448"; + + /**Signature - SHA3-224withECDSA */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_224 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224"; + + /**Signature - SHA3-256withECDSA */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_256 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256"; + + /**Signature - SHA3-384withECDSA */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_384 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384"; + + /**Signature - SHA3-512withECDSA */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_512 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512"; + /** Signature - Optional RSASSA-PSS */ public static final String ALGO_ID_SIGNATURE_RSA_PSS = Constants.XML_DSIG_NS_MORE_07_05 + "rsa-pss"; diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java index 258e0332d87..c9a86db819c 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java @@ -71,6 +71,9 @@ public final class Constants { /** The (newer) URL for more algorithms **/ public static final String XML_DSIG_NS_MORE_07_05 = "http://www.w3.org/2007/05/xmldsig-more#"; + /** The 2021 xmldsig-more URL for Internet Engineering Task Force (IETF) algorithms **/ + public static final String XML_DSIG_NS_MORE_21_04 = "http://www.w3.org/2021/04/xmldsig-more#"; + /** The URI for XML spec*/ public static final String XML_LANG_SPACE_SpecNS = "http://www.w3.org/XML/1998/namespace"; @@ -141,6 +144,9 @@ public final class Constants { /** Tag of Element RSAPSSParams **/ public static final String _TAG_RSAPSSPARAMS = "RSAPSSParams"; + /** Tag of Element Salt **/ + public static final String _TAG_SALT = "Salt"; + /** Tag of Element SaltLength **/ public static final String _TAG_SALTLENGTH = "SaltLength"; diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java index 6f061fc9772..b68a56fd8b9 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java @@ -512,6 +512,9 @@ public static void registerDefaultPrefixes() throws XMLSecurityException { "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter", "xx" ); setNamespacePrefix("http://www.w3.org/2009/xmldsig11#", "dsig11"); + setNamespacePrefix("http://www.w3.org/2001/04/xmldsig-more", "rfc4051"); + setNamespacePrefix("http://www.w3.org/2007/05/xmldsig-more#", "rfc6931"); + setNamespacePrefix("http://www.w3.org/2021/04/xmldsig-more#", "rfc9231"); } /** diff --git a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java index 7353014029f..926aac91261 100644 --- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java index cec1224affa..2ce4858bc81 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java @@ -81,7 +81,7 @@ public KeyValue newKeyValue(PublicKey key) throws KeyException { String algorithm = key.getAlgorithm(); if ("DSA".equals(algorithm)) { return new DOMKeyValue.DSA((DSAPublicKey) key); - } else if ("RSA".equals(algorithm)) { + } else if ("RSA".equals(algorithm) || "RSASSA-PSS".equals(algorithm)) { return new DOMKeyValue.RSA((RSAPublicKey) key); } else if ("EC".equals(algorithm)) { return new DOMKeyValue.EC((ECPublicKey) key); diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java index 0933c21bfd3..738ab64693c 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java @@ -241,6 +241,33 @@ RSAPublicKey unmarshalKeyValue(Element kvtElem) RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent); return (RSAPublicKey) generatePublicKey(rsakf, spec); } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (!(obj instanceof KeyValue)) { + return false; + } + // This equality test allows RSA keys that have different + // algorithms (ex: RSA and RSASSA-PSS) to be equal as long + // as the key is the same. + try { + PublicKey otherKey = ((KeyValue)obj).getPublicKey(); + if (!(otherKey instanceof RSAPublicKey)) { + return false; + } + RSAPublicKey otherRSAKey = (RSAPublicKey)otherKey; + RSAPublicKey rsaKey = (RSAPublicKey)getPublicKey(); + return rsaKey.getPublicExponent().equals( + otherRSAKey.getPublicExponent()) + && rsaKey.getModulus().equals(otherRSAKey.getModulus()); + } catch (KeyException ke) { + // no practical way to determine if the keys are equal + return false; + } + } } static final class DSA extends DOMKeyValue { @@ -369,6 +396,42 @@ static final class EC extends DOMKeyValue { 1 ); + private static final Curve BRAINPOOLP256R1 = initializeCurve( + "brainpoolP256r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.7", + "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", + "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", + "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", + "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", + "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", + "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", + 1 + ); + + private static final Curve BRAINPOOLP384R1 = initializeCurve( + "brainpoolP384r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.11", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", + "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", + "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", + "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", + "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", + 1 + ); + + private static final Curve BRAINPOOLP512R1 = initializeCurve( + "brainpoolP512r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.13", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", + "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", + "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", + "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", + "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", + 1 + ); + private static Curve initializeCurve(String name, String oid, String sfield, String a, String b, String x, String y, String n, int h) { @@ -448,6 +511,12 @@ private static String getCurveOid(ECParameterSpec params) { match = SECP384R1; } else if (matchCurve(params, SECP521R1)) { match = SECP521R1; + } else if (matchCurve(params, BRAINPOOLP256R1)) { + match = BRAINPOOLP256R1; + } else if (matchCurve(params, BRAINPOOLP384R1)) { + match = BRAINPOOLP384R1; + } else if (matchCurve(params, BRAINPOOLP512R1)) { + match = BRAINPOOLP512R1; } else { return null; } @@ -485,7 +554,7 @@ void marshalPublicKey(Node parent, Document doc, String dsPrefix, DOMUtils.setAttribute(namedCurveElem, "URI", "urn:oid:" + oid); String qname = (prefix == null || prefix.length() == 0) ? "xmlns" : "xmlns:" + prefix; - namedCurveElem.setAttributeNS("http://www.w3.org/2000/xmlns/", + ecKeyValueElem.setAttributeNS("http://www.w3.org/2000/xmlns/", qname, XMLDSIG_11_XMLNS); ecKeyValueElem.appendChild(namedCurveElem); String encoded = XMLUtils.encodeToString(ecPublicKey); @@ -555,6 +624,12 @@ private static ECParameterSpec getECParameterSpec(String oid) { return SECP384R1; } else if (oid.equals(SECP521R1.getObjectId())) { return SECP521R1; + } else if (oid.equals(BRAINPOOLP256R1.getObjectId())) { + return BRAINPOOLP256R1; + } else if (oid.equals(BRAINPOOLP384R1.getObjectId())) { + return BRAINPOOLP384R1; + } else if (oid.equals(BRAINPOOLP512R1.getObjectId())) { + return BRAINPOOLP512R1; } else { return null; } diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java index 5e44ccaeae8..6523b93935d 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java @@ -100,6 +100,14 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod { "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519"; static final String ED448 = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448"; + static final String ECDSA_SHA3_224 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224"; + static final String ECDSA_SHA3_256 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256"; + static final String ECDSA_SHA3_384 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384"; + static final String ECDSA_SHA3_512 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512"; // see RFC 6931 for these algorithm definitions static final String ECDSA_RIPEMD160 = @@ -241,6 +249,14 @@ static SignatureMethod unmarshal(Element smElem) throws MarshalException { return new SHA384withECDSA(smElem); } else if (alg.equals(ECDSA_SHA512)) { return new SHA512withECDSA(smElem); + } else if (alg.equals(ECDSA_SHA3_224)) { + return new SHA3_224withECDSA(smElem); + } else if (alg.equals(ECDSA_SHA3_256)) { + return new SHA3_256withECDSA(smElem); + } else if (alg.equals(ECDSA_SHA3_384)) { + return new SHA3_384withECDSA(smElem); + } else if (alg.equals(ECDSA_SHA3_512)) { + return new SHA3_512withECDSA(smElem); } else if (alg.equals(ECDSA_RIPEMD160)) { return new RIPEMD160withECDSA(smElem); } else if (alg.equals(SignatureMethod.HMAC_SHA1)) { @@ -1160,6 +1176,94 @@ String getJCAFallbackAlgorithm() { } } + static final class SHA3_224withECDSA extends AbstractECDSASignatureMethod { + SHA3_224withECDSA(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + super(params); + } + SHA3_224withECDSA(Element dmElem) throws MarshalException { + super(dmElem); + } + @Override + public String getAlgorithm() { + return ECDSA_SHA3_224; + } + @Override + String getJCAAlgorithm() { + return "SHA3-224withECDSAinP1363Format"; + } + @Override + String getJCAFallbackAlgorithm() { + return "SHA3-224withECDSA"; + } + } + + static final class SHA3_256withECDSA extends AbstractECDSASignatureMethod { + SHA3_256withECDSA(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + super(params); + } + SHA3_256withECDSA(Element dmElem) throws MarshalException { + super(dmElem); + } + @Override + public String getAlgorithm() { + return ECDSA_SHA3_256; + } + @Override + String getJCAAlgorithm() { + return "SHA3-256withECDSAinP1363Format"; + } + @Override + String getJCAFallbackAlgorithm() { + return "SHA3-256withECDSA"; + } + } + + static final class SHA3_384withECDSA extends AbstractECDSASignatureMethod { + SHA3_384withECDSA(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + super(params); + } + SHA3_384withECDSA(Element dmElem) throws MarshalException { + super(dmElem); + } + @Override + public String getAlgorithm() { + return ECDSA_SHA3_384; + } + @Override + String getJCAAlgorithm() { + return "SHA3-384withECDSAinP1363Format"; + } + @Override + String getJCAFallbackAlgorithm() { + return "SHA3-384withECDSA"; + } + } + + static final class SHA3_512withECDSA extends AbstractECDSASignatureMethod { + SHA3_512withECDSA(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + super(params); + } + SHA3_512withECDSA(Element dmElem) throws MarshalException { + super(dmElem); + } + @Override + public String getAlgorithm() { + return ECDSA_SHA3_512; + } + @Override + String getJCAAlgorithm() { + return "SHA3-512withECDSAinP1363Format"; + } + @Override + String getJCAFallbackAlgorithm() { + return "SHA3-512withECDSA"; + } + } + static final class RIPEMD160withECDSA extends AbstractECDSASignatureMethod { RIPEMD160withECDSA(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java index 119bf16bc32..52ccc84d1d0 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java @@ -345,6 +345,14 @@ public SignatureMethod newSignatureMethod(String algorithm, return new DOMSignatureMethod.SHA384withECDSA(params); } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA512)) { return new DOMSignatureMethod.SHA512withECDSA(params); + } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_224)) { + return new DOMSignatureMethod.SHA3_224withECDSA(params); + } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_256)) { + return new DOMSignatureMethod.SHA3_256withECDSA(params); + } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_384)) { + return new DOMSignatureMethod.SHA3_384withECDSA(params); + } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_512)) { + return new DOMSignatureMethod.SHA3_512withECDSA(params); } else if (algorithm.equals(DOMSignatureMethod.ECDSA_RIPEMD160)) { return new DOMSignatureMethod.RIPEMD160withECDSA(params); } else if (algorithm.equals(DOMSignatureMethod.ED25519)) { diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java index b262a2ba53e..2d03edb241c 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java @@ -140,7 +140,7 @@ public Object newInstance(Object ctrParamObj) public XMLDSigRI() { // This is the JDK XMLDSig provider, synced from - // Apache Santuario XML Security for Java, version 3.0.3 + // Apache Santuario XML Security for Java, version 3.0.5 super("XMLDSig", VER, INFO); final Provider p = this; diff --git a/src/java.xml.crypto/share/legal/santuario.md b/src/java.xml.crypto/share/legal/santuario.md index 768f0c7b144..4421e16df25 100644 --- a/src/java.xml.crypto/share/legal/santuario.md +++ b/src/java.xml.crypto/share/legal/santuario.md @@ -1,4 +1,4 @@ -## Apache Santuario v3.0.3 +## Apache Santuario v3.0.5 ### Apache 2.0 License ``` @@ -211,7 +211,7 @@ limitations under the License. ``` Apache Santuario - XML Security for Java -Copyright 1999-2023 The Apache Software Foundation +Copyright 1999-2024 The Apache Software Foundation This product includes software developed at The Apache Software Foundation (http://www.apache.org/). @@ -223,5 +223,5 @@ The development of this software was partly funded by the European Commission in the project in the ISIS Programme. This product contains software that is -copyright (c) 2021, Oracle and/or its affiliates. +copyright (c) 2021, 2023, Oracle and/or its affiliates. ``` diff --git a/test/jdk/javax/xml/crypto/dsig/GenerationTests.java b/test/jdk/javax/xml/crypto/dsig/GenerationTests.java index 971264b6d57..09c08e2665a 100644 --- a/test/jdk/javax/xml/crypto/dsig/GenerationTests.java +++ b/test/jdk/javax/xml/crypto/dsig/GenerationTests.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,7 +24,7 @@ /** * @test * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 8038349 8046949 - * 8046724 8079693 8177334 8205507 8210736 8217878 8305972 + * 8046724 8079693 8177334 8205507 8210736 8217878 8305972 8344137 * @summary Basic unit tests for generating XML Signatures with JSR 105 * @modules java.base/sun.security.util * java.base/sun.security.x509 @@ -100,6 +100,7 @@ public class GenerationTests { private static SignatureMethod dsaSha1, dsaSha256, rsaSha1, rsaSha224, rsaSha256, rsaSha384, rsaSha512, ecdsaSha1, ecdsaSha224, ecdsaSha256, ecdsaSha384, ecdsaSha512, + ecdsaSha3_224, ecdsaSha3_256, ecdsaSha3_384, ecdsaSha3_512, hmacSha1, hmacSha224, hmacSha256, hmacSha384, hmacSha512, rsaSha1mgf1, rsaSha224mgf1, rsaSha256mgf1, rsaSha384mgf1, rsaSha512mgf1, rsaSha3_224mgf1, rsaSha3_256mgf1, rsaSha3_384mgf1, rsaSha3_512mgf1, @@ -302,6 +303,12 @@ public static void main(String args[]) throws Exception { test_create_signature_enveloping_p256_sha256(); test_create_signature_enveloping_p256_sha384(); test_create_signature_enveloping_p256_sha512(); + /* "8166597: Crypto support for the EdDSA Signature Algorithm" missing in 11. + test_create_signature_enveloping_p256_sha3_224(); + test_create_signature_enveloping_p256_sha3_256(); + test_create_signature_enveloping_p256_sha3_384(); + test_create_signature_enveloping_p256_sha3_512(); + */ test_create_signature_enveloping_p384_sha1(); test_create_signature_enveloping_p521_sha1(); /* "8166597: Crypto support for the EdDSA Signature Algorithm" missing in 11. @@ -557,6 +564,10 @@ private static void setup() throws Exception { ecdsaSha256 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA256, null); ecdsaSha384 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA384, null); ecdsaSha512 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA512, null); + ecdsaSha3_224 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224", null); + ecdsaSha3_256 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256", null); + ecdsaSha3_384 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384", null); + ecdsaSha3_512 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512", null); ed25519 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519", null); ed448 = fac.newSignatureMethod("http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448", null); @@ -882,6 +893,34 @@ static void test_create_signature_enveloping_p256_sha512() throws Exception { System.out.println(); } + static void test_create_signature_enveloping_p256_sha3_224() throws Exception { + System.out.println("* Generating signature-enveloping-p256-sha3_224.xml"); + test_create_signature_enveloping(sha1, ecdsaSha3_224, p256ki, + getECPrivateKey("P256"), kvks, false, true); + System.out.println(); + } + + static void test_create_signature_enveloping_p256_sha3_256() throws Exception { + System.out.println("* Generating signature-enveloping-p256-sha3_256.xml"); + test_create_signature_enveloping(sha1, ecdsaSha3_256, p256ki, + getECPrivateKey("P256"), kvks, false, true); + System.out.println(); + } + + static void test_create_signature_enveloping_p256_sha3_384() throws Exception { + System.out.println("* Generating signature-enveloping-p256-sha3_384.xml"); + test_create_signature_enveloping(sha1, ecdsaSha3_384, p256ki, + getECPrivateKey("P256"), kvks, false, true); + System.out.println(); + } + + static void test_create_signature_enveloping_p256_sha3_512() throws Exception { + System.out.println("* Generating signature-enveloping-p256-sha3_512.xml"); + test_create_signature_enveloping(sha1, ecdsaSha3_512, p256ki, + getECPrivateKey("P256"), kvks, false, true); + System.out.println(); + } + static void test_create_signature_enveloping_p384_sha1() throws Exception { System.out.println("* Generating signature-enveloping-p384-sha1.xml"); test_create_signature_enveloping(sha1, ecdsaSha1, p384ki, diff --git a/test/jdk/javax/xml/crypto/dsig/PSS.java b/test/jdk/javax/xml/crypto/dsig/PSS.java new file mode 100644 index 00000000000..12663f0ce00 --- /dev/null +++ b/test/jdk/javax/xml/crypto/dsig/PSS.java @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.test.lib.Asserts; +import jdk.test.lib.security.XMLUtils; + +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.SignatureMethod; +//import javax.xml.crypto.dsig.spec.RSAPSSParameterSpec; +import java.security.KeyPairGenerator; +import java.security.spec.MGF1ParameterSpec; +import java.security.spec.PSSParameterSpec; + +/** + * @test + * @bug 8344137 + * @summary check RSASSA-PSS key + * @library /test/lib + * @modules java.xml.crypto + * @requires jdk.version > 16 + */ +public class PSS { + + public static void main(String[] args) throws Exception { + + var doc = XMLUtils.string2doc("TextRaw"); + var kpg = KeyPairGenerator.getInstance("RSASSA-PSS"); + kpg.initialize(2048); + var keyPair = kpg.generateKeyPair(); + + var pspec = new PSSParameterSpec("SHA-384", "MGF1", + MGF1ParameterSpec.SHA512, 48, + PSSParameterSpec.TRAILER_FIELD_BC); + + var signed = XMLUtils.signer(keyPair.getPrivate(), keyPair.getPublic()) + .dm(DigestMethod.SHA384) + .sm(SignatureMethod.RSA_PSS, new RSAPSSParameterSpec(pspec)) + .sign(doc); + + Asserts.assertTrue(XMLUtils.validator().validate(signed)); + } +} diff --git a/test/lib/jdk/test/lib/security/XMLUtils.java b/test/lib/jdk/test/lib/security/XMLUtils.java index a1c3eaaceda..eae08de2ad5 100644 --- a/test/lib/jdk/test/lib/security/XMLUtils.java +++ b/test/lib/jdk/test/lib/security/XMLUtils.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2021, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -201,6 +201,7 @@ public static class Signer { String dm = DigestMethod.SHA256; String cm = CanonicalizationMethod.EXCLUSIVE; String tr = Transform.ENVELOPED; + Map props = new HashMap<>(); public Signer(PrivateKey privateKey) { this.privateKey = Objects.requireNonNull(privateKey); @@ -250,6 +251,11 @@ public Signer sm(String method) throws Exception { return sm(method, null); } + public Signer prop(String name, Object o) { + props.put(name, o); + return this; + } + // Signs different sources // Signs an XML file in detached mode @@ -257,7 +263,7 @@ public Document sign(URI uri) throws Exception { Document newDocument = DocumentBuilderFactory.newInstance() .newDocumentBuilder().newDocument(); FAC.newXMLSignature(buildSignedInfo(uri.toString()), buildKeyInfo()).sign( - new DOMSignContext(privateKey, newDocument)); + withProps(new DOMSignContext(privateKey, newDocument))); return newDocument; } @@ -267,7 +273,8 @@ public Document sign(URI base, URI ref) throws Exception { .newDocumentBuilder().newDocument(); DOMSignContext ctxt = new DOMSignContext(privateKey, newDocument); ctxt.setBaseURI(base.toString()); - FAC.newXMLSignature(buildSignedInfo(ref.toString()), buildKeyInfo()).sign(ctxt); + FAC.newXMLSignature(buildSignedInfo(ref.toString()), buildKeyInfo()) + .sign(withProps(ctxt)); return newDocument; } @@ -278,7 +285,7 @@ public Document sign(Document document) throws Exception { .transform(new DOMSource(document), result); Document newDocument = (Document) result.getNode(); FAC.newXMLSignature(buildSignedInfo(""), buildKeyInfo()).sign( - new DOMSignContext(privateKey, newDocument.getDocumentElement())); + withProps(new DOMSignContext(privateKey, newDocument.getDocumentElement()))); return newDocument; } @@ -293,7 +300,7 @@ public Document signEnveloping(Document document, String id, String ref) throws id, null, null)), null, null) - .sign(new DOMSignContext(privateKey, newDocument)); + .sign(withProps(new DOMSignContext(privateKey, newDocument))); return newDocument; } @@ -311,7 +318,7 @@ public Document sign(byte[] data) throws Exception { "object", null, null)), null, null) - .sign(new DOMSignContext(privateKey, newDocument)); + .sign(withProps(new DOMSignContext(privateKey, newDocument))); return newDocument; } @@ -328,10 +335,18 @@ public Document sign(String str) throws Exception { "object", null, null)), null, null) - .sign(new DOMSignContext(privateKey, newDocument)); + .sign(withProps(new DOMSignContext(privateKey, newDocument))); return newDocument; } + // Add props to a context + private DOMSignContext withProps(DOMSignContext ctxt) { + for (var e : props.entrySet()) { + ctxt.setProperty(e.getKey(), e.getValue()); + } + return ctxt; + } + // Builds a SignedInfo for a string reference private SignedInfo buildSignedInfo(String ref) throws Exception { TransformParameterSpec pSpec; @@ -443,6 +458,7 @@ public static class Validator { private Boolean secureValidation = null; private String baseURI = null; private final KeyStore ks; + Map props = new HashMap<>(); public Validator(KeyStore ks) { this.ks = ks; @@ -458,6 +474,11 @@ public Validator baseURI(String base) { return this; } + public Validator prop(String name, Object o) { + props.put(name, o); + return this; + } + public boolean validate(Document document) throws Exception { return validate(document, null); } @@ -488,12 +509,21 @@ public KeySelectorResult select(KeyInfo ki, Purpose p, secureValidation); } return XMLSignatureFactory.getInstance("DOM") - .unmarshalXMLSignature(valContext).validate(valContext); + .unmarshalXMLSignature(valContext) + .validate(withProps(valContext)); } } return false; } + // Add props to a context + private DOMValidateContext withProps(DOMValidateContext ctxt) { + for (var e : props.entrySet()) { + ctxt.setProperty(e.getKey(), e.getValue()); + } + return ctxt; + } + // Find public key from KeyInfo, ks will be used if it's KeyName private static class MyKeySelector extends KeySelector { private final KeyStore ks;