Examples with XMLSecurityException com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException used on opensource projects

Example 31 with XMLSecurityException

use of com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException in project jdk8u_jdk by JetBrains.

the class TransformXSLT method enginePerformTransform.

protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, OutputStream baos, Transform transformObject) throws IOException, TransformationException {
    try {
        Element transformElement = transformObject.getElement();
        Element xsltElement = XMLUtils.selectNode(transformElement.getFirstChild(), XSLTSpecNS, "stylesheet", 0);
        if (xsltElement == null) {
            Object[] exArgs = { "xslt:stylesheet", "Transform" };
            throw new TransformationException("xml.WrongContent", exArgs);
        }
        TransformerFactory tFactory = TransformerFactory.newInstance();
        // Process XSLT stylesheets in a secure manner
        tFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
        /*
             * This transform requires an octet stream as input. If the actual
             * input is an XPath node-set, then the signature application should
             * attempt to convert it to octets (apply Canonical XML]) as described
             * in the Reference Processing Model (section 4.3.3.2).
             */
        Source xmlSource = new StreamSource(new ByteArrayInputStream(input.getBytes()));
        Source stylesheet;
        /*
             * This complicated transformation of the stylesheet itself is necessary
             * because of the need to get the pure style sheet. If we simply say
             * Source stylesheet = new DOMSource(this.xsltElement);
             * whereby this.xsltElement is not the rootElement of the Document,
             * this causes problems;
             * so we convert the stylesheet to byte[] and use this as input stream
             */
        {
            ByteArrayOutputStream os = new ByteArrayOutputStream();
            Transformer transformer = tFactory.newTransformer();
            DOMSource source = new DOMSource(xsltElement);
            StreamResult result = new StreamResult(os);
            transformer.transform(source, result);
            stylesheet = new StreamSource(new ByteArrayInputStream(os.toByteArray()));
        }
        Transformer transformer = tFactory.newTransformer(stylesheet);
        // implementations.
        try {
            transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", "\n");
        } catch (Exception e) {
            log.log(java.util.logging.Level.WARNING, "Unable to set Xalan line-separator property: " + e.getMessage());
        }
        if (baos == null) {
            ByteArrayOutputStream baos1 = new ByteArrayOutputStream();
            StreamResult outputTarget = new StreamResult(baos1);
            transformer.transform(xmlSource, outputTarget);
            return new XMLSignatureInput(baos1.toByteArray());
        }
        StreamResult outputTarget = new StreamResult(baos);
        transformer.transform(xmlSource, outputTarget);
        XMLSignatureInput output = new XMLSignatureInput((byte[]) null);
        output.setOutputStream(baos);
        return output;
    } catch (XMLSecurityException ex) {
        Object[] exArgs = { ex.getMessage() };
        throw new TransformationException("generic.EmptyMessage", exArgs, ex);
    } catch (TransformerConfigurationException ex) {
        Object[] exArgs = { ex.getMessage() };
        throw new TransformationException("generic.EmptyMessage", exArgs, ex);
    } catch (TransformerException ex) {
        Object[] exArgs = { ex.getMessage() };
        throw new TransformationException("generic.EmptyMessage", exArgs, ex);
    }
}

Example 32 with XMLSecurityException

use of com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException in project jdk8u_jdk by JetBrains.

the class ElementProxy method setXPathNamespaceContext.

/**
     * Adds an xmlns: definition to the Element. This can be called as follows:
     *
     * <PRE>
     * // set namespace with ds prefix
     * xpathContainer.setXPathNamespaceContext("ds", "http://www.w3.org/2000/09/xmldsig#");
     * xpathContainer.setXPathNamespaceContext("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
     * </PRE>
     *
     * @param prefix
     * @param uri
     * @throws XMLSecurityException
     */
public void setXPathNamespaceContext(String prefix, String uri) throws XMLSecurityException {
    String ns;
    if ((prefix == null) || (prefix.length() == 0)) {
        throw new XMLSecurityException("defaultNamespaceCannotBeSetHere");
    } else if (prefix.equals("xmlns")) {
        throw new XMLSecurityException("defaultNamespaceCannotBeSetHere");
    } else if (prefix.startsWith("xmlns:")) {
        //"xmlns:" + prefix.substring("xmlns:".length());
        ns = prefix;
    } else {
        ns = "xmlns:" + prefix;
    }
    Attr a = this.constructionElement.getAttributeNodeNS(Constants.NamespaceSpecNS, ns);
    if (a != null) {
        if (!a.getNodeValue().equals(uri)) {
            Object[] exArgs = { ns, this.constructionElement.getAttributeNS(null, ns) };
            throw new XMLSecurityException("namespacePrefixAlreadyUsedByOtherURI", exArgs);
        }
        return;
    }
    this.constructionElement.setAttributeNS(Constants.NamespaceSpecNS, ns, uri);
}