8014281: Better checking of XML signature

Also reviewed by Andrew Gross and Christophe Ravel

Reviewed-by: mullan

jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java

@@ -51,6 +51,11 @@ public class DOMCanonicalizationMethod extends DOMTransform
     public DOMCanonicalizationMethod(TransformService spi)
         throws InvalidAlgorithmParameterException {
         super(spi);
+        if (!(spi instanceof ApacheCanonicalizer) &&
+                !isC14Nalg(spi.getAlgorithm())) {
+            throw new InvalidAlgorithmParameterException(
+                "Illegal CanonicalizationMethod");
+        }
     }
 
     /**
@@ -63,6 +68,10 @@ public class DOMCanonicalizationMethod extends DOMTransform
     public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context,
         Provider provider) throws MarshalException {
         super(cmElem, context, provider);
+        if (!(spi instanceof ApacheCanonicalizer) &&
+                !isC14Nalg(spi.getAlgorithm())) {
+            throw new MarshalException("Illegal CanonicalizationMethod");
+        }
     }
 
     /**
@@ -101,4 +110,13 @@ public class DOMCanonicalizationMethod extends DOMTransform
         return (getAlgorithm().equals(ocm.getAlgorithm()) &&
             DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec()));
     }
+
+    private static boolean isC14Nalg(String alg) {
+        return (alg.equals(CanonicalizationMethod.INCLUSIVE) ||
+                alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) ||
+                alg.equals(CanonicalizationMethod.EXCLUSIVE) ||
+                alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) ||
+                alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) ||
+                alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS));
+    }
 }