private Set getNodeSet(List nodeFilters) {
if (xi.isNeedsToBeExpanded()) {
XMLUtils.circumventBug2650(XMLUtils.getOwnerDocument(xi.getSubNode()));
}
Set inputSet = new LinkedHashSet();
XMLUtils.getSet(xi.getSubNode(), inputSet, null, !xi.isExcludeComments());
Set nodeSet = new LinkedHashSet();
Iterator i = inputSet.iterator();
while (i.hasNext()) {
Node currentNode = (Node) i.next();
Iterator it = nodeFilters.iterator();
boolean skipNode = false;
while (it.hasNext() && !skipNode) {
NodeFilter nf = (NodeFilter) it.next();
if (nf.isNodeInclude(currentNode) != 1) {
skipNode = true;
}
}
if (!skipNode) {
nodeSet.add(currentNode);
}
}
return nodeSet;
}
void circumventBugIfNeeded(XMLSignatureInput input)
throws CanonicalizationException, ParserConfigurationException, IOException, SAXException {
if (!input.isNeedsToBeExpanded()) return;
Document doc = null;
if (input.getSubNode() != null) {
doc = XMLUtils.getOwnerDocument(input.getSubNode());
} else {
doc = XMLUtils.getOwnerDocument(input.getNodeSet());
}
XMLUtils.circumventBug2650(doc);
}
public Iterator iterator() {
// If nodefilters are set, must execute them first to create node-set
if (xi.getNodeFilters() != null && !xi.getNodeFilters().isEmpty()) {
return Collections.unmodifiableSet(getNodeSet(xi.getNodeFilters())).iterator();
}
try {
return Collections.unmodifiableSet(xi.getNodeSet()).iterator();
} catch (Exception e) {
// should not occur
throw new RuntimeException("unrecoverable error retrieving nodeset", e);
}
}
protected XMLSignatureInput enginePerformTransform(
XMLSignatureInput input, OutputStream os, Transform transform)
throws CanonicalizationException {
Canonicalizer11_OmitComments c14n = new Canonicalizer11_OmitComments();
if (os != null) {
c14n.setWriter(os);
}
byte[] result = null;
result = c14n.engineCanonicalize(input);
XMLSignatureInput output = new XMLSignatureInput(result);
if (os != null) {
output.setOutputStream(os);
}
return output;
}
private static X509Certificate getRawCertificate(XMLSignatureInput resource)
throws CanonicalizationException, IOException, CertificateException {
byte inputBytes[] = resource.getBytes();
// if the resource stores a raw certificate, we have to handle it
CertificateFactory certFact = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
X509Certificate cert =
(X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(inputBytes));
return cert;
}
private static Element obtainRefrenceElement(XMLSignatureInput resource)
throws CanonicalizationException, ParserConfigurationException, IOException, SAXException,
KeyResolverException {
Element e;
if (resource.isElement()) {
e = (Element) resource.getSubNode();
} else if (resource.isNodeSet()) {
// Retrieved resource is a nodeSet
e = getDocumentElement(resource.getNodeSet());
} else {
// Retrieved resource is an inputStream
byte inputBytes[] = resource.getBytes();
e = getDocFromBytes(inputBytes);
// otherwise, we parse the resource, create an Element and delegate
if (log.isLoggable(java.util.logging.Level.FINE))
log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
}
return e;
}
private static Data copyDerefData(Data dereferencedData) {
if (dereferencedData instanceof ApacheData) {
// need to make a copy of the Data
ApacheData ad = (ApacheData) dereferencedData;
XMLSignatureInput xsi = ad.getXMLSignatureInput();
if (xsi.isNodeSet()) {
try {
final Set s = xsi.getNodeSet();
return new NodeSetData() {
public Iterator iterator() {
return s.iterator();
}
};
} catch (Exception e) {
// log a warning
log.log(Level.WARNING, "cannot cache dereferenced data: " + e);
return null;
}
} else if (xsi.isElement()) {
return new DOMSubTreeData(xsi.getSubNode(), xsi.isExcludeComments());
} else if (xsi.isOctetStream() || xsi.isByteArray()) {
try {
return new OctetStreamData(xsi.getOctetStream(), xsi.getSourceURI(), xsi.getMIMEType());
} catch (IOException ioe) {
// log a warning
log.log(Level.WARNING, "cannot cache dereferenced data: " + ioe);
return null;
}
}
}
return dereferencedData;
}
private byte[] transform(Data dereferencedData, XMLCryptoContext context)
throws XMLSignatureException {
if (md == null) {
try {
md =
MessageDigest.getInstance(((DOMDigestMethod) digestMethod).getMessageDigestAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw new XMLSignatureException(nsae);
}
}
md.reset();
DigesterOutputStream dos;
Boolean cache = (Boolean) context.getProperty("javax.xml.crypto.dsig.cacheReference");
if (cache != null && cache.booleanValue() == true) {
this.derefData = copyDerefData(dereferencedData);
dos = new DigesterOutputStream(md, true);
} else {
dos = new DigesterOutputStream(md);
}
OutputStream os = new UnsyncBufferedOutputStream(dos);
Data data = dereferencedData;
for (int i = 0, size = transforms.size(); i < size; i++) {
DOMTransform transform = (DOMTransform) transforms.get(i);
try {
if (i < size - 1) {
data = transform.transform(data, context);
} else {
data = transform.transform(data, context, os);
}
} catch (TransformException te) {
throw new XMLSignatureException(te);
}
}
try {
if (data != null) {
XMLSignatureInput xi;
if (data instanceof ApacheData) {
xi = ((ApacheData) data).getXMLSignatureInput();
} else if (data instanceof OctetStreamData) {
xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
} else if (data instanceof NodeSetData) {
TransformService spi =
TransformService.getInstance(CanonicalizationMethod.INCLUSIVE, "DOM");
data = spi.transform(data, context);
xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
} else {
throw new XMLSignatureException("unrecognized Data type");
}
xi.updateOutputStream(os);
}
os.flush();
if (cache != null && cache.booleanValue() == true) {
this.dis = dos.getInputStream();
}
return dos.getDigestValue();
} catch (Exception e) {
throw new XMLSignatureException(e);
}
}