From 5503e69d845fb915f91b5b326e70003408da3530 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Thu, 5 Dec 2024 15:53:24 -0500 Subject: [PATCH] the fix --- .../security/algorithms/JCEMapper.java | 16 +++ .../algorithms/MessageDigestAlgorithm.java | 2 +- .../algorithms/SignatureAlgorithm.java | 12 ++ .../implementations/ECDSAUtils.java | 40 +++++++ .../implementations/SignatureBaseRSA.java | 3 +- .../implementations/SignatureECDSA.java | 104 ++++++++++++++++++ .../xml/internal/security/keys/KeyInfo.java | 40 ++++--- .../keys/content/DEREncodedKeyValue.java | 6 +- .../security/keys/content/KeyValue.java | 15 ++- .../keys/content/keyvalues/ECKeyValue.java | 53 ++++++++- .../resource/xmlsecurity_de.properties | 2 +- .../security/signature/XMLSignature.java | 17 +++ .../internal/security/utils/Constants.java | 6 + .../internal/security/utils/ElementProxy.java | 3 + .../xml/crypto/dsig/SignatureMethod.java | 38 ++++++- .../dsig/internal/dom/DOMKeyInfoFactory.java | 2 +- .../xml/dsig/internal/dom/DOMKeyValue.java | 77 ++++++++++++- .../dsig/internal/dom/DOMSignatureMethod.java | 104 ++++++++++++++++++ .../internal/dom/DOMXMLSignatureFactory.java | 8 ++ .../jcp/xml/dsig/internal/dom/XMLDSigRI.java | 2 +- src/java.xml.crypto/share/legal/santuario.md | 6 +- .../xml/crypto/dsig/GenerationTests.java | 45 +++++++- test/jdk/javax/xml/crypto/dsig/PSS.java | 61 ++++++++++ 23 files changed, 628 insertions(+), 34 deletions(-) create mode 100644 test/jdk/javax/xml/crypto/dsig/PSS.java diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java index e4c1a30d52545..68cb86eb7fdcb 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java @@ -207,6 +207,22 @@ public static void registerDefaultAlgorithms() { XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, new Algorithm("EC", "SHA512withECDSA", "Signature") ); + algorithmsMap.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224, + new Algorithm("EC", "SHA3-224withECDSA", "Signature") + ); + algorithmsMap.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256, + new Algorithm("EC", "SHA3-256withECDSA", "Signature") + ); + algorithmsMap.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384, + new Algorithm("EC", "SHA3-384withECDSA", "Signature") + ); + algorithmsMap.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512, + new Algorithm("EC", "SHA3-512withECDSA", "Signature") + ); algorithmsMap.put( XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, new Algorithm("EC", "RIPEMD160withECDSA", "Signature") diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java index 17351f0211e9e..931f3d5553c19 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java @@ -103,7 +103,7 @@ public static MessageDigestAlgorithm getInstance( return new MessageDigestAlgorithm(doc, algorithmURI); } - private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException { + public static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException { String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI); if (algorithmID == null) { diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java index 439eefb10dc73..a74d373244ccf 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java @@ -494,6 +494,18 @@ public static void registerDefaultAlgorithms() { algorithmHash.put( XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class ); + algorithmHash.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224, SignatureECDSA.SignatureECDSASHA3_224.class + ); + algorithmHash.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256, SignatureECDSA.SignatureECDSASHA3_256.class + ); + algorithmHash.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384, SignatureECDSA.SignatureECDSASHA3_384.class + ); + algorithmHash.put( + XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512, SignatureECDSA.SignatureECDSASHA3_512.class + ); algorithmHash.put( XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class ); diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java index 73e02864bd926..4d38b2f07bda9 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java @@ -770,6 +770,46 @@ public static byte[] convertXMLDSIGtoASN1(byte[] xmldsigBytes) throws IOExceptio "0340340340340340340340340340340340340340340340340340340323c313fab50589703b5ec68d3587fec60d161cc149c1ad4a91", 0x2760) ); + + ecCurveDefinitions.add( + new ECCurveDefinition( + "brainpoolP256r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.7", + "a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377", + "7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9", + "26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6", + "8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262", + "547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997", + "a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7", + 1) + ); + + ecCurveDefinitions.add( + new ECCurveDefinition( + "brainpoolP384r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.11", + "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53", + "7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826", + "04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11", + "1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e", + "8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315", + "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565", + 1) + ); + + ecCurveDefinitions.add( + new ECCurveDefinition( + "brainpoolP512r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.13", + "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3", + "7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca", + "3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723", + "81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822", + "7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892", + "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069", + 1) + ); + } public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) { diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java index 45dafc3ad3894..fc79e0c774e44 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java @@ -66,8 +66,7 @@ public SignatureBaseRSA() throws XMLSignatureException { public SignatureBaseRSA(Provider provider) throws XMLSignatureException { String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI()); this.signatureAlgorithm = getSignature(provider, algorithmID); - LOG.debug("Created SignatureRSA using {0} and provider {1}", - algorithmID, signatureAlgorithm.getProvider()); + LOG.debug("Created SignatureRSA using {0}", algorithmID); } Signature getSignature(Provider provider, String algorithmID) diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java index 75a88b8eb1332..a90a314ade294 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java @@ -371,6 +371,110 @@ public String engineGetURI() { } } + /** + * Class SignatureECDSASHA3-224 + * + */ + public static class SignatureECDSASHA3_224 extends SignatureECDSA { + + /** + * Constructor SignatureECDSASHA3-224 + * + * @throws XMLSignatureException + */ + public SignatureECDSASHA3_224() throws XMLSignatureException { + super(); + } + + public SignatureECDSASHA3_224(Provider provider) throws XMLSignatureException { + super(provider); + } + + /** {@inheritDoc} */ + @Override + public String engineGetURI() { + return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_224; + } + } + + /** + * Class SignatureECDSASHA3-256 + * + */ + public static class SignatureECDSASHA3_256 extends SignatureECDSA { + + /** + * Constructor SignatureECDSASHA3-256 + * + * @throws XMLSignatureException + */ + public SignatureECDSASHA3_256() throws XMLSignatureException { + super(); + } + + public SignatureECDSASHA3_256(Provider provider) throws XMLSignatureException { + super(provider); + } + + /** {@inheritDoc} */ + @Override + public String engineGetURI() { + return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_256; + } + } + + /** + * Class SignatureECDSASHA3-384 + * + */ + public static class SignatureECDSASHA3_384 extends SignatureECDSA { + + /** + * Constructor SignatureECDSASHA3-384 + * + * @throws XMLSignatureException + */ + public SignatureECDSASHA3_384() throws XMLSignatureException { + super(); + } + + public SignatureECDSASHA3_384(Provider provider) throws XMLSignatureException { + super(provider); + } + + /** {@inheritDoc} */ + @Override + public String engineGetURI() { + return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_384; + } + } + + /** + * Class SignatureECDSASHA3-512 + * + */ + public static class SignatureECDSASHA3_512 extends SignatureECDSA { + + /** + * Constructor SignatureECDSASHA3-512 + * + * @throws XMLSignatureException + */ + public SignatureECDSASHA3_512() throws XMLSignatureException { + super(); + } + + public SignatureECDSASHA3_512(Provider provider) throws XMLSignatureException { + super(provider); + } + + /** {@inheritDoc} */ + @Override + public String engineGetURI() { + return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA3_512; + } + } + /** * Class SignatureECDSARIPEMD160 */ diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java index 62f25d1298daf..01dd2ed16d7db 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java @@ -32,15 +32,7 @@ import javax.crypto.SecretKey; import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException; -import com.sun.org.apache.xml.internal.security.keys.content.DEREncodedKeyValue; -import com.sun.org.apache.xml.internal.security.keys.content.KeyInfoReference; -import com.sun.org.apache.xml.internal.security.keys.content.KeyName; -import com.sun.org.apache.xml.internal.security.keys.content.KeyValue; -import com.sun.org.apache.xml.internal.security.keys.content.MgmtData; -import com.sun.org.apache.xml.internal.security.keys.content.PGPData; -import com.sun.org.apache.xml.internal.security.keys.content.RetrievalMethod; -import com.sun.org.apache.xml.internal.security.keys.content.SPKIData; -import com.sun.org.apache.xml.internal.security.keys.content.X509Data; +import com.sun.org.apache.xml.internal.security.keys.content.*; import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.DSAKeyValue; import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.RSAKeyValue; import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolver; @@ -50,7 +42,6 @@ import com.sun.org.apache.xml.internal.security.transforms.Transforms; import com.sun.org.apache.xml.internal.security.utils.Constants; import com.sun.org.apache.xml.internal.security.utils.ElementProxy; -import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy; import com.sun.org.apache.xml.internal.security.utils.XMLUtils; import org.w3c.dom.Attr; import org.w3c.dom.Document; @@ -88,7 +79,7 @@ * contains the corresponding type. * */ -public class KeyInfo extends SignatureElementProxy { +public class KeyInfo extends ElementProxy { private static final com.sun.org.slf4j.internal.Logger LOG = com.sun.org.slf4j.internal.LoggerFactory.getLogger(KeyInfo.class); @@ -231,12 +222,24 @@ public void add(RSAKeyValue rsakeyvalue) { } /** - * Method add + * Method adds public key encoded as KeyValue. If public key type is not supported by KeyValue, then + * DEREncodedKeyValue is used. If public key type is not supported by DEREncodedKeyValue, then + * IllegalArgumentException is thrown. * - * @param pk + * @param pk public key to be added to KeyInfo */ - public void add(PublicKey pk) { - this.add(new KeyValue(getDocument(), pk)); + public void add(PublicKey pk) { + + if (KeyValue.isSupportedKeyType(pk)) { + this.add(new KeyValue(getDocument(), pk)); + return; + } + + try { + this.add(new DEREncodedKeyValue(getDocument(), pk)); + } catch (XMLSecurityException ex) { + throw new IllegalArgumentException(ex); + } } /** @@ -772,6 +775,7 @@ public boolean containsKeyInfoReference() { return this.lengthKeyInfoReference() > 0; } + /** * This method returns the public key. * @@ -1188,4 +1192,10 @@ public void addStorageResolver(StorageResolver storageResolver) { public String getBaseLocalName() { return Constants._TAG_KEYINFO; } + + /** {@inheritDoc} */ + @Override + public String getBaseNamespace() { + return Constants.SignatureSpecNS; + } } diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java index 823a50366801f..2b5b55a3d040d 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java @@ -41,7 +41,10 @@ public class DEREncodedKeyValue extends Signature11ElementProxy implements KeyInfoContent { /** JCA algorithm key types supported by this implementation. */ - private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC"}; + private static final String[] supportedKeyTypes = { "RSA", "DSA", "EC", + "DiffieHellman", "DH", "XDH", "X25519", "X448", + "EdDSA", "Ed25519", "Ed448", + "RSASSA-PSS"}; /** * Constructor DEREncodedKeyValue @@ -144,5 +147,4 @@ protected byte[] getEncodedDER(PublicKey publicKey) throws XMLSecurityException throw new XMLSecurityException(e, "DEREncodedKeyValue.UnsupportedPublicKey", exArgs); } } - } diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java index ee999e6578351..d1eb890f88571 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java @@ -41,7 +41,6 @@ * (section 6.4). The KeyValue element may include externally defined public * keys values represented as PCDATA or element types from an external * namespace. - * */ public class KeyValue extends SignatureElementProxy implements KeyInfoContent { @@ -120,6 +119,20 @@ public KeyValue(Document doc, PublicKey pk) { } } + /** + * Verifies that the XML KeyValue encoding is supported for the given key type. If the + * encoding is supported, it returns true else false. + * + * @return true if the public key has a KeyValue encoding, false otherwise. + */ + public static boolean isSupportedKeyType(PublicKey publicKey) { + + return publicKey instanceof java.security.interfaces.DSAPublicKey + || publicKey instanceof java.security.interfaces.RSAPublicKey + || publicKey instanceof java.security.interfaces.ECPublicKey; + + } + /** * Constructor KeyValue * diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java index 839d9e4285da3..9bc6e55d7e557 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java @@ -91,6 +91,45 @@ public class ECKeyValue extends Signature11ElementProxy implements KeyValueConte 1 ); + /* Supported curve brainpoolP256r1 */ + private static final Curve BRAINPOOLP256R1 = initializeCurve( + "brainpoolP256r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.7", + "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", + "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", + "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", + "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", + "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", + "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", + 1 + ); + + /* Supported curve brainpoolP384r1 */ + private static final Curve BRAINPOOLP384R1 = initializeCurve( + "brainpoolP384r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.11", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", + "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", + "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", + "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", + "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", + 1 + ); + + /* Supported curve brainpoolP512r1 */ + private static final Curve BRAINPOOLP512R1 = initializeCurve( + "brainpoolP512r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.13", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", + "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", + "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", + "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", + "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", + 1 + ); + private static Curve initializeCurve(String name, String oid, String sfield, String a, String b, String x, String y, String n, int h) { @@ -264,7 +303,13 @@ private static String getCurveOid(ECParameterSpec params) { match = SECP384R1; } else if (matchCurve(params, SECP521R1)) { match = SECP521R1; - } else { + } else if (matchCurve(params, BRAINPOOLP256R1)) { + match = BRAINPOOLP256R1; + } else if (matchCurve(params, BRAINPOOLP384R1)) { + match = BRAINPOOLP384R1; + } else if (matchCurve(params, BRAINPOOLP512R1)) { + match = BRAINPOOLP512R1; + }else { return null; } return match.getObjectId(); @@ -332,6 +377,12 @@ private static ECParameterSpec getECParameterSpec(String oid) { return SECP384R1; } else if (oid.equals(SECP521R1.getObjectId())) { return SECP521R1; + } else if (oid.equals(BRAINPOOLP256R1.getObjectId())) { + return BRAINPOOLP256R1; + } else if (oid.equals(BRAINPOOLP384R1.getObjectId())) { + return BRAINPOOLP384R1; + } else if (oid.equals(BRAINPOOLP512R1.getObjectId())) { + return BRAINPOOLP512R1; } else { return null; } diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties index 3d4306e988f7e..0871ffdaffaed 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties @@ -30,7 +30,7 @@ algorithms.HMACOutputLengthMax = HMACOutputLength darf nicht grosser als {0} sei algorithms.HMACOutputLengthMin = HMACOutputLength darf nicht kleiner als {0} sein algorithms.HMACOutputLengthOnlyForHMAC = Die HMACOutputLength kann nur bei HMAC integrit\u00e4ts Algorithmen angegeben werden algorithms.MissingRSAPSSParams = RSAPSSParams is a required Element for http://www.w3.org/2007/05/xmldsig-more#rsa-pss -algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. +algorithms.NoSuchAlgorithmNoEx = Der Algorithmus {0} ist nicht verf\u00fcgbar. algorithms.NoSuchAlgorithm = Der Algorithmus {0} ist nicht verf\u00fcgbar. Original Nachricht war\: {1} algorithms.NoSuchMap = Algorithmus URI "{0}" konnte auf keinen JCE Algorithmus gemappt werden algorithms.NoSuchProvider = Der angegebene Provider {0} existiert nicht. Original Nachricht war\: {1} diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java index cfa545e5826c6..b84556de0771e 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java @@ -209,6 +209,23 @@ public final class XMLSignature extends SignatureElementProxy { public static final String ALGO_ID_SIGNATURE_EDDSA_ED448 = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448"; + + /**Signature - SHA3-224withECDSA */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_224 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224"; + + /**Signature - SHA3-256withECDSA */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_256 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256"; + + /**Signature - SHA3-384withECDSA */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_384 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384"; + + /**Signature - SHA3-512withECDSA */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA3_512 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512"; + /** Signature - Optional RSASSA-PSS */ public static final String ALGO_ID_SIGNATURE_RSA_PSS = Constants.XML_DSIG_NS_MORE_07_05 + "rsa-pss"; diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java index d584eac32d191..5ec3e293252b6 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java @@ -71,6 +71,9 @@ public final class Constants { /** The (newer) URL for more algorithms **/ public static final String XML_DSIG_NS_MORE_07_05 = "http://www.w3.org/2007/05/xmldsig-more#"; + /** The 2021 xmldsig-more URL for Internet Engineering Task Force (IETF) algorithms **/ + public static final String XML_DSIG_NS_MORE_21_04 = "http://www.w3.org/2021/04/xmldsig-more#"; + /** The URI for XML spec*/ public static final String XML_LANG_SPACE_SpecNS = "http://www.w3.org/XML/1998/namespace"; @@ -144,6 +147,9 @@ public final class Constants { /** Tag of Element MaskGenerationFunction **/ public static final String _TAG_MGF = "MaskGenerationFunction"; + /** Tag of Element Salt **/ + public static final String _TAG_SALT = "Salt"; + /** Tag of Element SaltLength **/ public static final String _TAG_SALTLENGTH = "SaltLength"; diff --git a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java index 6f061fc977244..b68a56fd8b916 100644 --- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java +++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java @@ -512,6 +512,9 @@ public static void registerDefaultPrefixes() throws XMLSecurityException { "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter", "xx" ); setNamespacePrefix("http://www.w3.org/2009/xmldsig11#", "dsig11"); + setNamespacePrefix("http://www.w3.org/2001/04/xmldsig-more", "rfc4051"); + setNamespacePrefix("http://www.w3.org/2007/05/xmldsig-more#", "rfc6931"); + setNamespacePrefix("http://www.w3.org/2021/04/xmldsig-more#", "rfc9231"); } /** diff --git a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java index bf7bb59c9e161..f9b683c838c9e 100644 --- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java +++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -312,6 +312,42 @@ public interface SignatureMethod extends XMLStructure, AlgorithmMethod { "http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1"; + /** + * The + * ECDSA-SHA3-224 signature method algorithm URI. + * + * @since 25 + */ + String ECDSA_SHA3_224 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224"; + + /** + * The + * ECDSA-SHA3-256 signature method algorithm URI. + * + * @since 25 + */ + String ECDSA_SHA3_256 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256"; + + /** + * The + * ECDSA-SHA3-384 signature method algorithm URI. + * + * @since 25 + */ + String ECDSA_SHA3_384 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384"; + + /** + * The + * ECDSA-SHA3-512 signature method algorithm URI. + * + * @since 25 + */ + String ECDSA_SHA3_512 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512"; + /** * Returns the algorithm-specific input parameters of this * SignatureMethod. diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java index cec1224affade..2ce4858bc81cb 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java @@ -81,7 +81,7 @@ public KeyValue newKeyValue(PublicKey key) throws KeyException { String algorithm = key.getAlgorithm(); if ("DSA".equals(algorithm)) { return new DOMKeyValue.DSA((DSAPublicKey) key); - } else if ("RSA".equals(algorithm)) { + } else if ("RSA".equals(algorithm) || "RSASSA-PSS".equals(algorithm)) { return new DOMKeyValue.RSA((RSAPublicKey) key); } else if ("EC".equals(algorithm)) { return new DOMKeyValue.EC((ECPublicKey) key); diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java index 0933c21bfd3d4..738ab64693c5d 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java @@ -241,6 +241,33 @@ RSAPublicKey unmarshalKeyValue(Element kvtElem) RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent); return (RSAPublicKey) generatePublicKey(rsakf, spec); } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (!(obj instanceof KeyValue)) { + return false; + } + // This equality test allows RSA keys that have different + // algorithms (ex: RSA and RSASSA-PSS) to be equal as long + // as the key is the same. + try { + PublicKey otherKey = ((KeyValue)obj).getPublicKey(); + if (!(otherKey instanceof RSAPublicKey)) { + return false; + } + RSAPublicKey otherRSAKey = (RSAPublicKey)otherKey; + RSAPublicKey rsaKey = (RSAPublicKey)getPublicKey(); + return rsaKey.getPublicExponent().equals( + otherRSAKey.getPublicExponent()) + && rsaKey.getModulus().equals(otherRSAKey.getModulus()); + } catch (KeyException ke) { + // no practical way to determine if the keys are equal + return false; + } + } } static final class DSA extends DOMKeyValue { @@ -369,6 +396,42 @@ static final class EC extends DOMKeyValue { 1 ); + private static final Curve BRAINPOOLP256R1 = initializeCurve( + "brainpoolP256r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.7", + "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", + "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", + "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", + "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", + "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", + "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", + 1 + ); + + private static final Curve BRAINPOOLP384R1 = initializeCurve( + "brainpoolP384r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.11", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", + "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", + "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", + "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", + "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", + "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", + 1 + ); + + private static final Curve BRAINPOOLP512R1 = initializeCurve( + "brainpoolP512r1 [RFC 5639]", + "1.3.36.3.3.2.8.1.1.13", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", + "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", + "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", + "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", + "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", + "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", + 1 + ); + private static Curve initializeCurve(String name, String oid, String sfield, String a, String b, String x, String y, String n, int h) { @@ -448,6 +511,12 @@ private static String getCurveOid(ECParameterSpec params) { match = SECP384R1; } else if (matchCurve(params, SECP521R1)) { match = SECP521R1; + } else if (matchCurve(params, BRAINPOOLP256R1)) { + match = BRAINPOOLP256R1; + } else if (matchCurve(params, BRAINPOOLP384R1)) { + match = BRAINPOOLP384R1; + } else if (matchCurve(params, BRAINPOOLP512R1)) { + match = BRAINPOOLP512R1; } else { return null; } @@ -485,7 +554,7 @@ void marshalPublicKey(Node parent, Document doc, String dsPrefix, DOMUtils.setAttribute(namedCurveElem, "URI", "urn:oid:" + oid); String qname = (prefix == null || prefix.length() == 0) ? "xmlns" : "xmlns:" + prefix; - namedCurveElem.setAttributeNS("http://www.w3.org/2000/xmlns/", + ecKeyValueElem.setAttributeNS("http://www.w3.org/2000/xmlns/", qname, XMLDSIG_11_XMLNS); ecKeyValueElem.appendChild(namedCurveElem); String encoded = XMLUtils.encodeToString(ecPublicKey); @@ -555,6 +624,12 @@ private static ECParameterSpec getECParameterSpec(String oid) { return SECP384R1; } else if (oid.equals(SECP521R1.getObjectId())) { return SECP521R1; + } else if (oid.equals(BRAINPOOLP256R1.getObjectId())) { + return BRAINPOOLP256R1; + } else if (oid.equals(BRAINPOOLP384R1.getObjectId())) { + return BRAINPOOLP384R1; + } else if (oid.equals(BRAINPOOLP512R1.getObjectId())) { + return BRAINPOOLP512R1; } else { return null; } diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java index 5e44ccaeae8b0..6523b93935da8 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java @@ -100,6 +100,14 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod { "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519"; static final String ED448 = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448"; + static final String ECDSA_SHA3_224 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-224"; + static final String ECDSA_SHA3_256 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-256"; + static final String ECDSA_SHA3_384 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-384"; + static final String ECDSA_SHA3_512 = + "http://www.w3.org/2021/04/xmldsig-more#ecdsa-sha3-512"; // see RFC 6931 for these algorithm definitions static final String ECDSA_RIPEMD160 = @@ -241,6 +249,14 @@ static SignatureMethod unmarshal(Element smElem) throws MarshalException { return new SHA384withECDSA(smElem); } else if (alg.equals(ECDSA_SHA512)) { return new SHA512withECDSA(smElem); + } else if (alg.equals(ECDSA_SHA3_224)) { + return new SHA3_224withECDSA(smElem); + } else if (alg.equals(ECDSA_SHA3_256)) { + return new SHA3_256withECDSA(smElem); + } else if (alg.equals(ECDSA_SHA3_384)) { + return new SHA3_384withECDSA(smElem); + } else if (alg.equals(ECDSA_SHA3_512)) { + return new SHA3_512withECDSA(smElem); } else if (alg.equals(ECDSA_RIPEMD160)) { return new RIPEMD160withECDSA(smElem); } else if (alg.equals(SignatureMethod.HMAC_SHA1)) { @@ -1160,6 +1176,94 @@ String getJCAFallbackAlgorithm() { } } + static final class SHA3_224withECDSA extends AbstractECDSASignatureMethod { + SHA3_224withECDSA(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + super(params); + } + SHA3_224withECDSA(Element dmElem) throws MarshalException { + super(dmElem); + } + @Override + public String getAlgorithm() { + return ECDSA_SHA3_224; + } + @Override + String getJCAAlgorithm() { + return "SHA3-224withECDSAinP1363Format"; + } + @Override + String getJCAFallbackAlgorithm() { + return "SHA3-224withECDSA"; + } + } + + static final class SHA3_256withECDSA extends AbstractECDSASignatureMethod { + SHA3_256withECDSA(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + super(params); + } + SHA3_256withECDSA(Element dmElem) throws MarshalException { + super(dmElem); + } + @Override + public String getAlgorithm() { + return ECDSA_SHA3_256; + } + @Override + String getJCAAlgorithm() { + return "SHA3-256withECDSAinP1363Format"; + } + @Override + String getJCAFallbackAlgorithm() { + return "SHA3-256withECDSA"; + } + } + + static final class SHA3_384withECDSA extends AbstractECDSASignatureMethod { + SHA3_384withECDSA(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + super(params); + } + SHA3_384withECDSA(Element dmElem) throws MarshalException { + super(dmElem); + } + @Override + public String getAlgorithm() { + return ECDSA_SHA3_384; + } + @Override + String getJCAAlgorithm() { + return "SHA3-384withECDSAinP1363Format"; + } + @Override + String getJCAFallbackAlgorithm() { + return "SHA3-384withECDSA"; + } + } + + static final class SHA3_512withECDSA extends AbstractECDSASignatureMethod { + SHA3_512withECDSA(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + super(params); + } + SHA3_512withECDSA(Element dmElem) throws MarshalException { + super(dmElem); + } + @Override + public String getAlgorithm() { + return ECDSA_SHA3_512; + } + @Override + String getJCAAlgorithm() { + return "SHA3-512withECDSAinP1363Format"; + } + @Override + String getJCAFallbackAlgorithm() { + return "SHA3-512withECDSA"; + } + } + static final class RIPEMD160withECDSA extends AbstractECDSASignatureMethod { RIPEMD160withECDSA(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java index 119bf16bc3236..52ccc84d1d072 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java @@ -345,6 +345,14 @@ public SignatureMethod newSignatureMethod(String algorithm, return new DOMSignatureMethod.SHA384withECDSA(params); } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA512)) { return new DOMSignatureMethod.SHA512withECDSA(params); + } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_224)) { + return new DOMSignatureMethod.SHA3_224withECDSA(params); + } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_256)) { + return new DOMSignatureMethod.SHA3_256withECDSA(params); + } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_384)) { + return new DOMSignatureMethod.SHA3_384withECDSA(params); + } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA3_512)) { + return new DOMSignatureMethod.SHA3_512withECDSA(params); } else if (algorithm.equals(DOMSignatureMethod.ECDSA_RIPEMD160)) { return new DOMSignatureMethod.RIPEMD160withECDSA(params); } else if (algorithm.equals(DOMSignatureMethod.ED25519)) { diff --git a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java index 2982291c8e253..670d7b0c8673a 100644 --- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java +++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java @@ -142,7 +142,7 @@ public Object newInstance(Object ctrParamObj) @SuppressWarnings("removal") public XMLDSigRI() { // This is the JDK XMLDSig provider, synced from - // Apache Santuario XML Security for Java, version 3.0.3 + // Apache Santuario XML Security for Java, version 3.0.5 super("XMLDSig", VER, INFO); final Provider p = this; diff --git a/src/java.xml.crypto/share/legal/santuario.md b/src/java.xml.crypto/share/legal/santuario.md index 768f0c7b144a4..4421e16df25a1 100644 --- a/src/java.xml.crypto/share/legal/santuario.md +++ b/src/java.xml.crypto/share/legal/santuario.md @@ -1,4 +1,4 @@ -## Apache Santuario v3.0.3 +## Apache Santuario v3.0.5 ### Apache 2.0 License ``` @@ -211,7 +211,7 @@ limitations under the License. ``` Apache Santuario - XML Security for Java -Copyright 1999-2023 The Apache Software Foundation +Copyright 1999-2024 The Apache Software Foundation This product includes software developed at The Apache Software Foundation (http://www.apache.org/). @@ -223,5 +223,5 @@ The development of this software was partly funded by the European Commission in the project in the ISIS Programme. This product contains software that is -copyright (c) 2021, Oracle and/or its affiliates. +copyright (c) 2021, 2023, Oracle and/or its affiliates. ``` diff --git a/test/jdk/javax/xml/crypto/dsig/GenerationTests.java b/test/jdk/javax/xml/crypto/dsig/GenerationTests.java index 7ab2c7f4e9345..668a5a50a0ade 100644 --- a/test/jdk/javax/xml/crypto/dsig/GenerationTests.java +++ b/test/jdk/javax/xml/crypto/dsig/GenerationTests.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,7 +24,7 @@ /** * @test * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 8038349 8046949 - * 8046724 8079693 8177334 8205507 8210736 8217878 8241306 8305972 + * 8046724 8079693 8177334 8205507 8210736 8217878 8241306 8305972 8344137 * @summary Basic unit tests for generating XML Signatures with JSR 105 * @modules java.base/sun.security.util * java.base/sun.security.x509 @@ -99,6 +99,7 @@ public class GenerationTests { private static SignatureMethod dsaSha1, dsaSha256, rsaSha1, rsaSha224, rsaSha256, rsaSha384, rsaSha512, ecdsaSha1, ecdsaSha224, ecdsaSha256, ecdsaSha384, ecdsaSha512, + ecdsaSha3_224, ecdsaSha3_256, ecdsaSha3_384, ecdsaSha3_512, hmacSha1, hmacSha224, hmacSha256, hmacSha384, hmacSha512, rsaSha1mgf1, rsaSha224mgf1, rsaSha256mgf1, rsaSha384mgf1, rsaSha512mgf1, rsaSha3_224mgf1, rsaSha3_256mgf1, rsaSha3_384mgf1, rsaSha3_512mgf1, @@ -244,9 +245,9 @@ public class GenerationTests { }) .toArray(String[]::new); - // As of JDK 22, the number of defined algorithms are... + // As of JDK 25, the number of defined algorithms are... static { - if (allSignatureMethods.length != 29 + if (allSignatureMethods.length != 33 || allDigestMethods.length != 9) { System.out.println(Arrays.toString(allSignatureMethods)); System.out.println(Arrays.toString(allDigestMethods)); @@ -305,6 +306,10 @@ public static void main(String args[]) throws Exception { test_create_signature_enveloping_p256_sha256(); test_create_signature_enveloping_p256_sha384(); test_create_signature_enveloping_p256_sha512(); + test_create_signature_enveloping_p256_sha3_224(); + test_create_signature_enveloping_p256_sha3_256(); + test_create_signature_enveloping_p256_sha3_384(); + test_create_signature_enveloping_p256_sha3_512(); test_create_signature_enveloping_p384_sha1(); test_create_signature_enveloping_p521_sha1(); test_create_signature_enveloping_ed25519(); @@ -559,6 +564,10 @@ private static void setup() throws Exception { ecdsaSha256 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA256, null); ecdsaSha384 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA384, null); ecdsaSha512 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA512, null); + ecdsaSha3_224 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA3_224, null); + ecdsaSha3_256 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA3_256, null); + ecdsaSha3_384 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA3_384, null); + ecdsaSha3_512 = fac.newSignatureMethod(SignatureMethod.ECDSA_SHA3_512, null); ed25519 = fac.newSignatureMethod(SignatureMethod.ED25519, null); ed448 = fac.newSignatureMethod(SignatureMethod.ED448, null); @@ -892,6 +901,34 @@ static void test_create_signature_enveloping_p256_sha512() throws Exception { System.out.println(); } + static void test_create_signature_enveloping_p256_sha3_224() throws Exception { + System.out.println("* Generating signature-enveloping-p256-sha3_224.xml"); + test_create_signature_enveloping(sha1, ecdsaSha3_224, p256ki, + getECPrivateKey("P256"), kvks, false, true); + System.out.println(); + } + + static void test_create_signature_enveloping_p256_sha3_256() throws Exception { + System.out.println("* Generating signature-enveloping-p256-sha3_256.xml"); + test_create_signature_enveloping(sha1, ecdsaSha3_256, p256ki, + getECPrivateKey("P256"), kvks, false, true); + System.out.println(); + } + + static void test_create_signature_enveloping_p256_sha3_384() throws Exception { + System.out.println("* Generating signature-enveloping-p256-sha3_384.xml"); + test_create_signature_enveloping(sha1, ecdsaSha3_384, p256ki, + getECPrivateKey("P256"), kvks, false, true); + System.out.println(); + } + + static void test_create_signature_enveloping_p256_sha3_512() throws Exception { + System.out.println("* Generating signature-enveloping-p256-sha3_512.xml"); + test_create_signature_enveloping(sha1, ecdsaSha3_512, p256ki, + getECPrivateKey("P256"), kvks, false, true); + System.out.println(); + } + static void test_create_signature_enveloping_p384_sha1() throws Exception { System.out.println("* Generating signature-enveloping-p384-sha1.xml"); test_create_signature_enveloping(sha1, ecdsaSha1, p384ki, diff --git a/test/jdk/javax/xml/crypto/dsig/PSS.java b/test/jdk/javax/xml/crypto/dsig/PSS.java new file mode 100644 index 0000000000000..3b5730577fb98 --- /dev/null +++ b/test/jdk/javax/xml/crypto/dsig/PSS.java @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.test.lib.Asserts; +import jdk.test.lib.security.XMLUtils; + +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.spec.RSAPSSParameterSpec; +import java.security.KeyPairGenerator; +import java.security.spec.MGF1ParameterSpec; +import java.security.spec.PSSParameterSpec; + +/** + * @test + * @bug 8344137 + * @summary check RSASSA-PSS key + * @library /test/lib + * @modules java.xml.crypto + */ +public class PSS { + + public static void main(String[] args) throws Exception { + + var doc = XMLUtils.string2doc("TextRaw"); + var kpg = KeyPairGenerator.getInstance("RSASSA-PSS"); + kpg.initialize(2048); + var keyPair = kpg.generateKeyPair(); + + var pspec = new PSSParameterSpec("SHA-384", "MGF1", + MGF1ParameterSpec.SHA512, 48, + PSSParameterSpec.TRAILER_FIELD_BC); + + var signed = XMLUtils.signer(keyPair.getPrivate(), keyPair.getPublic()) + .dm(DigestMethod.SHA384) + .sm(SignatureMethod.RSA_PSS, new RSAPSSParameterSpec(pspec)) + .sign(doc); + + Asserts.assertTrue(XMLUtils.validator().validate(signed)); + } +}