/*
 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
package org.jcp.xml.dsig.internal.dom;

import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessController;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;

The secure validation policy as specified by the jdk.xml.dsig.secureValidationPolicy security property.
/** * The secure validation policy as specified by the * jdk.xml.dsig.secureValidationPolicy security property. */
public final class Policy { // all restrictions are initialized to be unconstrained private static Set<URI> disallowedAlgs = new HashSet<>(); private static int maxTrans = Integer.MAX_VALUE; private static int maxRefs = Integer.MAX_VALUE; private static Set<String> disallowedRefUriSchemes = new HashSet<>(); private static Map<String, Integer> minKeyMap = new HashMap<>(); private static boolean noDuplicateIds = false; private static boolean noRMLoops = false; static { try { initialize(); } catch (Exception e) { throw new SecurityException( "Cannot initialize the secure validation policy", e); } } private Policy() {} private static void initialize() { String prop = AccessController.doPrivileged((PrivilegedAction<String>) () -> Security.getProperty("jdk.xml.dsig.secureValidationPolicy")); if (prop == null || prop.isEmpty()) { // no policy specified, so don't enforce any restrictions return; } String[] entries = prop.split(","); for (String entry : entries) { String[] tokens = entry.split("\\s"); String type = tokens[0]; switch(type) { case "disallowAlg": if (tokens.length != 2) { error(entry); } disallowedAlgs.add(URI.create(tokens[1])); break; case "maxTransforms": if (tokens.length != 2) { error(entry); } maxTrans = Integer.parseUnsignedInt(tokens[1]); break; case "maxReferences": if (tokens.length != 2) { error(entry); } maxRefs = Integer.parseUnsignedInt(tokens[1]); break; case "disallowReferenceUriSchemes": if (tokens.length == 1) { error(entry); } for (int i = 1; i < tokens.length; i++) { String scheme = tokens[i]; disallowedRefUriSchemes.add( scheme.toLowerCase(Locale.ROOT)); } break; case "minKeySize": if (tokens.length != 3) { error(entry); } minKeyMap.put(tokens[1], Integer.parseUnsignedInt(tokens[2])); break; case "noDuplicateIds": if (tokens.length != 1) { error(entry); } noDuplicateIds = true; break; case "noRetrievalMethodLoops": if (tokens.length != 1) { error(entry); } noRMLoops = true; break; default: error(entry); } } } public static boolean restrictAlg(String alg) { try { URI uri = new URI(alg); return disallowedAlgs.contains(uri); } catch (URISyntaxException use) { return false; } } public static boolean restrictNumTransforms(int numTrans) { return (numTrans > maxTrans); } public static boolean restrictNumReferences(int numRefs) { return (numRefs > maxRefs); } public static boolean restrictReferenceUriScheme(String uri) { if (uri != null) { String scheme = java.net.URI.create(uri).getScheme(); if (scheme != null) { return disallowedRefUriSchemes.contains( scheme.toLowerCase(Locale.ROOT)); } } return false; } public static boolean restrictKey(String type, int size) { return (size < minKeyMap.getOrDefault(type, 0)); } public static boolean restrictDuplicateIds() { return noDuplicateIds; } public static boolean restrictRetrievalMethodLoops() { return noRMLoops; } public static Set<URI> disabledAlgs() { return Collections.<URI>unmodifiableSet(disallowedAlgs); } public static int maxTransforms() { return maxTrans; } public static int maxReferences() { return maxRefs; } public static Set<String> disabledReferenceUriSchemes() { return Collections.<String>unmodifiableSet(disallowedRefUriSchemes); } public static int minKeySize(String type) { return minKeyMap.getOrDefault(type, 0); } private static void error(String entry) { throw new IllegalArgumentException( "Invalid jdk.xml.dsig.secureValidationPolicy entry: " + entry); } }