From aa3ca48b35fe43d54c0c3175b438dbde11ad2b8d Mon Sep 17 00:00:00 2001
From: Xue-Lei Andrew Fan <xuelei@openjdk.org>
Date: Tue, 14 May 2013 05:55:10 -0700
Subject: [PATCH] 8014281: Better checking of XML signature

Also reviewed by Andrew Gross and Christophe Ravel

Reviewed-by: mullan
---
 .../dom/DOMCanonicalizationMethod.java         | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
index bf675be688f..700694e2dd6 100644
--- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
+++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java
@@ -51,6 +51,11 @@ public class DOMCanonicalizationMethod extends DOMTransform
     public DOMCanonicalizationMethod(TransformService spi)
         throws InvalidAlgorithmParameterException {
         super(spi);
+        if (!(spi instanceof ApacheCanonicalizer) &&
+                !isC14Nalg(spi.getAlgorithm())) {
+            throw new InvalidAlgorithmParameterException(
+                "Illegal CanonicalizationMethod");
+        }
     }
 
     /**
@@ -63,6 +68,10 @@ public class DOMCanonicalizationMethod extends DOMTransform
     public DOMCanonicalizationMethod(Element cmElem, XMLCryptoContext context,
         Provider provider) throws MarshalException {
         super(cmElem, context, provider);
+        if (!(spi instanceof ApacheCanonicalizer) &&
+                !isC14Nalg(spi.getAlgorithm())) {
+            throw new MarshalException("Illegal CanonicalizationMethod");
+        }
     }
 
     /**
@@ -101,4 +110,13 @@ public class DOMCanonicalizationMethod extends DOMTransform
         return (getAlgorithm().equals(ocm.getAlgorithm()) &&
             DOMUtils.paramsEqual(getParameterSpec(), ocm.getParameterSpec()));
     }
+
+    private static boolean isC14Nalg(String alg) {
+        return (alg.equals(CanonicalizationMethod.INCLUSIVE) ||
+                alg.equals(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) ||
+                alg.equals(CanonicalizationMethod.EXCLUSIVE) ||
+                alg.equals(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) ||
+                alg.equals(DOMCanonicalXMLC14N11Method.C14N_11) ||
+                alg.equals(DOMCanonicalXMLC14N11Method.C14N_11_WITH_COMMENTS));
+    }
 }