8344137: Update XML Security for Java to 3.0.5

Reviewed-by: mullan
wangweij · Dec 12, 2024 · 18e0b34 · 18e0b34
1 parent e9ad27f
commit 18e0b34
Show file tree

Hide file tree

Showing 24 changed files with 666 additions and 42 deletions.
diff --git a/...l.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java b/...l.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java
@@ -207,6 +207,22 @@ public static void registerDefaultAlgorithms() {
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
             new Algorithm("EC", "SHA512withECDSA", "Signature")
         );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224,
+            new Algorithm("EC", "SHA3-224withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256,
+            new Algorithm("EC", "SHA3-256withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384,
+            new Algorithm("EC", "SHA3-384withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512,
+            new Algorithm("EC", "SHA3-512withECDSA", "Signature")
+        );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160,
             new Algorithm("EC", "RIPEMD160withECDSA", "Signature")

diff --git a/...e/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java b/...e/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java
@@ -103,7 +103,7 @@ public static MessageDigestAlgorithm getInstance(
         return new MessageDigestAlgorithm(doc, algorithmURI);
     }
 
-    private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
+    public static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
 
         if (algorithmID == null) {

diff --git a/...share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java b/...share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java
@@ -494,6 +494,18 @@ public static void registerDefaultAlgorithms() {
         algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
         );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224, SignatureECDSA.SignatureECDSASHA3_224.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256, SignatureECDSA.SignatureECDSASHA3_256.class
+        );
+        algorithmHash.put(
+                XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384, SignatureECDSA.SignatureECDSASHA3_384.class
+        );
+        algorithmHash.put(
+                XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512, SignatureECDSA.SignatureECDSASHA3_512.class
+        );
         algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class
         );

diff --git a/...asses/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java b/...asses/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java
@@ -770,6 +770,46 @@ public static byte[] convertXMLDSIGtoASN1(byte[] xmldsigBytes) throws IOExceptio
                         "0340340340340340340340340340340340340340340340340340340323c313fab50589703b5ec68d3587fec60d161cc149c1ad4a91",
                         0x2760)
         );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "brainpoolP256r1 [RFC 5639]",
+                        "1.3.36.3.3.2.8.1.1.7",
+                        "a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
+                        "7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
+                        "26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
+                        "8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262",
+                        "547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997",
+                        "a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "brainpoolP384r1 [RFC 5639]",
+                        "1.3.36.3.3.2.8.1.1.11",
+                        "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53",
+                        "7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826",
+                        "04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11",
+                        "1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e",
+                        "8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315",
+                        "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "brainpoolP512r1 [RFC 5639]",
+                        "1.3.36.3.3.2.8.1.1.13",
+                        "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
+                        "7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca",
+                        "3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723",
+                        "81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822",
+                        "7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
+                        "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069",
+                        1)
+        );
+
     }
 
     public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {

diff --git a/...com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java b/...com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java
@@ -66,8 +66,7 @@ public SignatureBaseRSA() throws XMLSignatureException {
     public SignatureBaseRSA(Provider provider) throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
         this.signatureAlgorithm = getSignature(provider, algorithmID);
-        LOG.debug("Created SignatureRSA using {0} and provider {1}",
-            algorithmID, signatureAlgorithm.getProvider());
+        LOG.debug("Created SignatureRSA using {0}", algorithmID);
     }
 
     Signature getSignature(Provider provider, String algorithmID)

diff --git a/...s/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java b/...s/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java
@@ -371,6 +371,110 @@ public String engineGetURI() {
         }
     }
 
+    /**
+     * Class SignatureECDSASHA3-224
+     *
+     */
+    public static class SignatureECDSASHA3_224 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureECDSASHA3-224
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA3_224() throws XMLSignatureException {
+            super();
+        }
+
+        public SignatureECDSASHA3_224(Provider provider) throws XMLSignatureException {
+            super(provider);
+        }
+
+        /** {@inheritDoc} */
+        @Override
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224;
+        }
+    }
+
+    /**
+     * Class SignatureECDSASHA3-256
+     *
+     */
+    public static class SignatureECDSASHA3_256 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureECDSASHA3-256
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA3_256() throws XMLSignatureException {
+            super();
+        }
+
+        public SignatureECDSASHA3_256(Provider provider) throws XMLSignatureException {
+            super(provider);
+        }
+
+        /** {@inheritDoc} */
+        @Override
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256;
+        }
+    }
+
+    /**
+     * Class SignatureECDSASHA3-384
+     *
+     */
+    public static class SignatureECDSASHA3_384 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureECDSASHA3-384
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA3_384() throws XMLSignatureException {
+            super();
+        }
+
+        public SignatureECDSASHA3_384(Provider provider) throws XMLSignatureException {
+            super(provider);
+        }
+
+        /** {@inheritDoc} */
+        @Override
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384;
+        }
+    }
+
+    /**
+     * Class SignatureECDSASHA3-512
+     *
+     */
+    public static class SignatureECDSASHA3_512 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureECDSASHA3-512
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA3_512() throws XMLSignatureException {
+            super();
+        }
+
+        public SignatureECDSASHA3_512(Provider provider) throws XMLSignatureException {
+            super(provider);
+        }
+
+        /** {@inheritDoc} */
+        @Override
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512;
+        }
+    }
+
     /**
      * Class SignatureECDSARIPEMD160
      */

diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java
@@ -32,15 +32,7 @@
 import javax.crypto.SecretKey;
 
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
-import com.sun.org.apache.xml.internal.security.keys.content.DEREncodedKeyValue;
-import com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference;
-import com.sun.org.apache.xml.internal.security.keys.content.KeyName;
-import com.sun.org.apache.xml.internal.security.keys.content.KeyValue;
-import com.sun.org.apache.xml.internal.security.keys.content.MgmtData;
-import com.sun.org.apache.xml.internal.security.keys.content.PGPData;
-import com.sun.org.apache.xml.internal.security.keys.content.RetrievalMethod;
-import com.sun.org.apache.xml.internal.security.keys.content.SPKIData;
-import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
+import com.sun.org.apache.xml.internal.security.keys.content.*;
 import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.DSAKeyValue;
 import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.RSAKeyValue;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver;
@@ -50,7 +42,6 @@
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
-import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
@@ -88,7 +79,7 @@
  * contains the corresponding type.
  *
  */
-public class KeyInfo extends SignatureElementProxy {
+public class KeyInfo extends ElementProxy {
 
     private static final com.sun.org.slf4j.internal.Logger LOG =
         com.sun.org.slf4j.internal.LoggerFactory.getLogger(KeyInfo.class);
@@ -231,12 +222,24 @@ public void add(RSAKeyValue rsakeyvalue) {
     }
 
     /**
-     * Method add
+     * Method adds public key encoded as KeyValue. If public key type is not supported by KeyValue, then
+     * DEREncodedKeyValue is used. If public key type is not supported by DEREncodedKeyValue, then
+     * IllegalArgumentException is thrown.
      *
-     * @param pk
+     * @param pk public key to be added to KeyInfo
      */
-    public void add(PublicKey pk) {
-        this.add(new KeyValue(getDocument(), pk));
+    public void add(PublicKey pk)  {
+
+        if (KeyValue.isSupportedKeyType(pk)) {
+            this.add(new KeyValue(getDocument(), pk));
+            return;
+        }
+
+        try {
+            this.add(new DEREncodedKeyValue(getDocument(), pk));
+        } catch (XMLSecurityException ex) {
+            throw new IllegalArgumentException(ex);
+        }
     }
 
     /**
@@ -772,6 +775,7 @@ public boolean containsKeyInfoReference() {
         return this.lengthKeyInfoReference() > 0;
     }
 
+
     /**
      * This method returns the public key.
      *
@@ -1188,4 +1192,10 @@ public void addStorageResolver(StorageResolver storageResolver) {
     public String getBaseLocalName() {
         return Constants._TAG_KEYINFO;
     }
+
+    /** {@inheritDoc} */
+    @Override
+    public String getBaseNamespace() {
+        return Constants.SignatureSpecNS;
+    }
 }
diff --git a/...are/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java b/...are/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java
@@ -41,7 +41,10 @@
 public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyInfoContent {
 
     /** JCA algorithm key types supported by this implementation. */
-    private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC"};
+    private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC",
+            "DiffieHellman", "DH", "XDH", "X25519", "X448",
+            "EdDSA", "Ed25519", "Ed448",
+            "RSASSA-PSS"};
 
     /**
      * Constructor DEREncodedKeyValue
@@ -144,5 +147,4 @@ protected byte[] getEncodedDER(PublicKey publicKey) throws XMLSecurityException
             throw new XMLSecurityException(e, "DEREncodedKeyValue.UnsupportedPublicKey", exArgs);
         }
     }
-
 }
diff --git a/....crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java b/....crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java
@@ -41,7 +41,6 @@
  * (section 6.4). The KeyValue element may include externally defined public
  * keys values represented as PCDATA or element types from an external
  * namespace.
- *
  */
 public class KeyValue extends SignatureElementProxy implements KeyInfoContent {
 
@@ -120,6 +119,20 @@ public KeyValue(Document doc, PublicKey pk) {
         }
     }
 
+    /**
+     * Verifies that the XML KeyValue encoding is supported for the given key type. If the
+     * encoding is supported, it returns true else false.
+     *
+     * @return true if the public key has a KeyValue encoding, false otherwise.
+     */
+    public static boolean isSupportedKeyType(PublicKey publicKey) {
+
+        return publicKey instanceof java.security.interfaces.DSAPublicKey
+                || publicKey instanceof java.security.interfaces.RSAPublicKey
+                || publicKey instanceof java.security.interfaces.ECPublicKey;
+
+    }
+
     /**
      * Constructor KeyValue
      *