Package org.apache.xml.security.utils
Class XMLUtils
- java.lang.Object
-
- org.apache.xml.security.utils.XMLUtils
-
public final class XMLUtils extends Object
DOM and XML accessibility and comfort functions.
-
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static void
addReturnBeforeChild(Element e, Node child)
static void
addReturnToElement(Document doc, HelperNodeList nl)
static void
addReturnToElement(Element e)
Method addReturnToElementstatic void
circumventBug2650(Document doc)
This method spreads all namespace attributes in a DOM document to their children.static Set<Node>
convertNodelistToSet(NodeList xpathNodeSet)
Method convertNodelistToSetstatic DocumentBuilder
createDocumentBuilder(boolean validating)
Deprecated.Use XMLUtils.read instead to directly read a document.static DocumentBuilder
createDocumentBuilder(boolean validating, boolean disAllowDocTypeDeclarations)
Deprecated.Use XMLUtils.read instead to directly read a document.static Element
createDSctx(Document doc, String prefix, String namespace)
Method createDSctxstatic Element
createElementInEncryption11Space(Document doc, String elementName)
Creates an Element in the XML Encryption 1.1 specification namespace.static Element
createElementInEncryptionSpace(Document doc, String elementName)
Creates an Element in the XML Encryption specification namespace.static Element
createElementInSignature11Space(Document doc, String elementName)
Creates an Element in the XML Signature 1.1 specification namespace.static Element
createElementInSignatureSpace(Document doc, String elementName)
Creates an Element in the XML Signature specification namespace.static byte[]
decode(byte[] encodedBytes)
static byte[]
decode(String encodedString)
static boolean
elementIsInEncryption11Space(Element element, String localName)
Returns true if the element is in XML Encryption 1.1 namespace and the local name equals the supplied one.static boolean
elementIsInEncryptionSpace(Element element, String localName)
Returns true if the element is in XML Encryption namespace and the local name equals the supplied one.static boolean
elementIsInSignature11Space(Element element, String localName)
Returns true if the element is in XML Signature 1.1 namespace and the local name equals the supplied one.static boolean
elementIsInSignatureSpace(Element element, String localName)
Returns true if the element is in XML Signature namespace and the local name equals the supplied one.static String
encodeToString(byte[] bytes)
static Set<Node>
excludeNodeFromSet(Node signatureElement, Set<Node> inputSet)
static String
getAttributeValue(Element elem, String name)
Returns the attribute value for the attribute with the specified name.static byte[]
getBytes(BigInteger big, int bitlen)
Returns a byte-array representation of a
.BigInteger
static String
getFullTextChildrenFromElement(Element element)
Deprecated.static String
getFullTextChildrenFromNode(Node node)
Method getFullTextChildrenFromNodestatic Element
getNextElement(Node el)
static Document
getOwnerDocument(Set<Node> xpathNodeSet)
This method returns the first non-null owner document of the Nodes in this Set.static Document
getOwnerDocument(Node node)
This method returns the owner document of a particular node.static void
getSet(Node rootNode, Set<Node> result, Node exclude, boolean com)
static String
getStrFromNode(Node xpathnode)
Method getStrFromNodestatic boolean
ignoreLineBreaks()
static boolean
isDescendantOrSelf(Node ctx, Node descendantOrSelf)
Returns true if the descendantOrSelf is on the descendant-or-self axis of the context node.static boolean
isIgnoreLineBreaks()
static Document
newDocument()
static void
outputDOM(Node contextNode, OutputStream os)
Outputs a DOM tree to anOutputStream
.static void
outputDOM(Node contextNode, OutputStream os, boolean addPreamble)
Outputs a DOM tree to anOutputStream
.static void
outputDOMc14nWithComments(Node contextNode, OutputStream os)
Serializes thecontextNode
into the OutputStream, but suppresses all Exceptions.static boolean
protectAgainstWrappingAttack(Node startNode, String value)
This method is a tree-search to help prevent against wrapping attacks.static boolean
protectAgainstWrappingAttack(Node startNode, Element knownElement, String value)
This method is a tree-search to help prevent against wrapping attacks.static Document
read(InputStream inputStream)
static Document
read(InputStream inputStream, boolean disAllowDocTypeDeclarations)
static Document
read(String uri, boolean disAllowDocTypeDeclarations)
static Document
read(InputSource inputSource)
static Document
read(InputSource inputSource, boolean disAllowDocTypeDeclarations)
static boolean
repoolDocumentBuilder(DocumentBuilder db)
Deprecated.This method has no effect in Santuario 2.1.4static Element
selectDs11Node(Node sibling, String nodeName, int number)
static Element[]
selectDs11Nodes(Node sibling, String nodeName)
static Text
selectDs11NodeText(Node sibling, String nodeName, int number)
static Element
selectDsNode(Node sibling, String nodeName, int number)
static Element[]
selectDsNodes(Node sibling, String nodeName)
static Text
selectDsNodeText(Node sibling, String nodeName, int number)
static Element
selectNode(Node sibling, String uri, String nodeName, int number)
static Element[]
selectNodes(Node sibling, String uri, String nodeName)
static Text
selectNodeText(Node sibling, String uri, String nodeName, int number)
static Element
selectXencNode(Node sibling, String nodeName, int number)
static void
setDs11Prefix(String prefix)
Set the prefix for the digital signature 1.1 namespacestatic void
setDsPrefix(String prefix)
Set the prefix for the digital signature namespacestatic void
setXenc11Prefix(String prefix)
Set the prefix for the encryption namespace 1.1static void
setXencPrefix(String prefix)
Set the prefix for the encryption namespace
-
-
-
Method Detail
-
setDsPrefix
public static void setDsPrefix(String prefix)
Set the prefix for the digital signature namespace- Parameters:
prefix
- the new prefix for the digital signature namespace- Throws:
SecurityException
- if a security manager is installed and the caller does not have permission to set the prefix
-
setDs11Prefix
public static void setDs11Prefix(String prefix)
Set the prefix for the digital signature 1.1 namespace- Parameters:
prefix
- the new prefix for the digital signature 1.1 namespace- Throws:
SecurityException
- if a security manager is installed and the caller does not have permission to set the prefix
-
setXencPrefix
public static void setXencPrefix(String prefix)
Set the prefix for the encryption namespace- Parameters:
prefix
- the new prefix for the encryption namespace- Throws:
SecurityException
- if a security manager is installed and the caller does not have permission to set the prefix
-
setXenc11Prefix
public static void setXenc11Prefix(String prefix)
Set the prefix for the encryption namespace 1.1- Parameters:
prefix
- the new prefix for the encryption namespace 1.1- Throws:
SecurityException
- if a security manager is installed and the caller does not have permission to set the prefix
-
getSet
public static void getSet(Node rootNode, Set<Node> result, Node exclude, boolean com)
- Parameters:
rootNode
-result
-exclude
-com
- whether comments or not
-
outputDOM
public static void outputDOM(Node contextNode, OutputStream os)
Outputs a DOM tree to anOutputStream
.- Parameters:
contextNode
- root node of the DOM treeos
- theOutputStream
-
outputDOM
public static void outputDOM(Node contextNode, OutputStream os, boolean addPreamble)
Outputs a DOM tree to anOutputStream
. If an Exception is thrown during execution, it's StackTrace is output to System.out, but the Exception is not re-thrown.- Parameters:
contextNode
- root node of the DOM treeos
- theOutputStream
addPreamble
-
-
outputDOMc14nWithComments
public static void outputDOMc14nWithComments(Node contextNode, OutputStream os)
Serializes thecontextNode
into the OutputStream, but suppresses all Exceptions. NOTE: This should only be used for debugging purposes, NOT in a production environment; this method ignores all exceptions, so you won't notice if something goes wrong. If you're asking what is to be used in a production environment, simply use the code inside thetry{}
statement, but handle the Exceptions appropriately.- Parameters:
contextNode
-os
-
-
getFullTextChildrenFromElement
@Deprecated public static String getFullTextChildrenFromElement(Element element)
Deprecated.
-
getFullTextChildrenFromNode
public static String getFullTextChildrenFromNode(Node node)
Method getFullTextChildrenFromNode- Parameters:
node
-- Returns:
- the string of children
-
createElementInSignatureSpace
public static Element createElementInSignatureSpace(Document doc, String elementName)
Creates an Element in the XML Signature specification namespace.- Parameters:
doc
- the factory DocumentelementName
- the local name of the Element- Returns:
- the Element
-
createElementInSignature11Space
public static Element createElementInSignature11Space(Document doc, String elementName)
Creates an Element in the XML Signature 1.1 specification namespace.- Parameters:
doc
- the factory DocumentelementName
- the local name of the Element- Returns:
- the Element
-
createElementInEncryptionSpace
public static Element createElementInEncryptionSpace(Document doc, String elementName)
Creates an Element in the XML Encryption specification namespace.- Parameters:
doc
- the factory DocumentelementName
- the local name of the Element- Returns:
- the Element
-
createElementInEncryption11Space
public static Element createElementInEncryption11Space(Document doc, String elementName)
Creates an Element in the XML Encryption 1.1 specification namespace.- Parameters:
doc
- the factory DocumentelementName
- the local name of the Element- Returns:
- the Element
-
elementIsInSignatureSpace
public static boolean elementIsInSignatureSpace(Element element, String localName)
Returns true if the element is in XML Signature namespace and the local name equals the supplied one.- Parameters:
element
-localName
-- Returns:
- true if the element is in XML Signature namespace and the local name equals the supplied one
-
elementIsInSignature11Space
public static boolean elementIsInSignature11Space(Element element, String localName)
Returns true if the element is in XML Signature 1.1 namespace and the local name equals the supplied one.- Parameters:
element
-localName
-- Returns:
- true if the element is in XML Signature namespace and the local name equals the supplied one
-
elementIsInEncryptionSpace
public static boolean elementIsInEncryptionSpace(Element element, String localName)
Returns true if the element is in XML Encryption namespace and the local name equals the supplied one.- Parameters:
element
-localName
-- Returns:
- true if the element is in XML Encryption namespace and the local name equals the supplied one
-
elementIsInEncryption11Space
public static boolean elementIsInEncryption11Space(Element element, String localName)
Returns true if the element is in XML Encryption 1.1 namespace and the local name equals the supplied one.- Parameters:
element
-localName
-- Returns:
- true if the element is in XML Encryption 1.1 namespace and the local name equals the supplied one
-
getOwnerDocument
public static Document getOwnerDocument(Node node)
This method returns the owner document of a particular node. This method is necessary because it always returns aDocument
.Node.getOwnerDocument()
returnsnull
if theNode
is aDocument
.- Parameters:
node
-- Returns:
- the owner document of the node
-
getOwnerDocument
public static Document getOwnerDocument(Set<Node> xpathNodeSet)
This method returns the first non-null owner document of the Nodes in this Set. This method is necessary because it always returns aDocument
.Node.getOwnerDocument()
returnsnull
if theNode
is aDocument
.- Parameters:
xpathNodeSet
-- Returns:
- the owner document
-
createDSctx
public static Element createDSctx(Document doc, String prefix, String namespace)
Method createDSctx- Parameters:
doc
-prefix
-namespace
-- Returns:
- the element.
-
addReturnToElement
public static void addReturnToElement(Element e)
Method addReturnToElement- Parameters:
e
-
-
addReturnToElement
public static void addReturnToElement(Document doc, HelperNodeList nl)
-
encodeToString
public static String encodeToString(byte[] bytes)
-
decode
public static byte[] decode(String encodedString)
-
decode
public static byte[] decode(byte[] encodedBytes)
-
isIgnoreLineBreaks
public static boolean isIgnoreLineBreaks()
-
convertNodelistToSet
public static Set<Node> convertNodelistToSet(NodeList xpathNodeSet)
Method convertNodelistToSet- Parameters:
xpathNodeSet
-- Returns:
- the set with the nodelist
-
circumventBug2650
public static void circumventBug2650(Document doc)
This method spreads all namespace attributes in a DOM document to their children. This is needed because the XML Signature XPath transform must evaluate the XPath against all nodes in the input, even against XPath namespace nodes. Through a bug in XalanJ2, the namespace nodes are not fully visible in the Xalan XPath model, so we have to do this by hand in DOM spaces so that the nodes become visible in XPath space.- Parameters:
doc
-- See Also:
- Namespace axis resolution is not XPath compliant
-
selectDsNode
public static Element selectDsNode(Node sibling, String nodeName, int number)
- Parameters:
sibling
-nodeName
-number
-- Returns:
- nodes with the constraint
-
selectDs11Node
public static Element selectDs11Node(Node sibling, String nodeName, int number)
- Parameters:
sibling
-nodeName
-number
-- Returns:
- nodes with the constraint
-
selectXencNode
public static Element selectXencNode(Node sibling, String nodeName, int number)
- Parameters:
sibling
-nodeName
-number
-- Returns:
- nodes with the constrain
-
selectDsNodeText
public static Text selectDsNodeText(Node sibling, String nodeName, int number)
- Parameters:
sibling
-nodeName
-number
-- Returns:
- nodes with the constrain
-
selectDs11NodeText
public static Text selectDs11NodeText(Node sibling, String nodeName, int number)
- Parameters:
sibling
-nodeName
-number
-- Returns:
- nodes with the constrain
-
selectNodeText
public static Text selectNodeText(Node sibling, String uri, String nodeName, int number)
- Parameters:
sibling
-uri
-nodeName
-number
-- Returns:
- nodes with the constrain
-
selectNode
public static Element selectNode(Node sibling, String uri, String nodeName, int number)
- Parameters:
sibling
-uri
-nodeName
-number
-- Returns:
- nodes with the constrain
-
selectDsNodes
public static Element[] selectDsNodes(Node sibling, String nodeName)
- Parameters:
sibling
-nodeName
-- Returns:
- nodes with the constrain
-
selectDs11Nodes
public static Element[] selectDs11Nodes(Node sibling, String nodeName)
- Parameters:
sibling
-nodeName
-- Returns:
- nodes with the constrain
-
selectNodes
public static Element[] selectNodes(Node sibling, String uri, String nodeName)
- Parameters:
sibling
-uri
-nodeName
-- Returns:
- nodes with the constraint
-
excludeNodeFromSet
public static Set<Node> excludeNodeFromSet(Node signatureElement, Set<Node> inputSet)
- Parameters:
signatureElement
-inputSet
-- Returns:
- nodes with the constrain
-
getStrFromNode
public static String getStrFromNode(Node xpathnode)
Method getStrFromNode- Parameters:
xpathnode
-- Returns:
- the string for the node.
-
isDescendantOrSelf
public static boolean isDescendantOrSelf(Node ctx, Node descendantOrSelf)
Returns true if the descendantOrSelf is on the descendant-or-self axis of the context node.- Parameters:
ctx
-descendantOrSelf
-- Returns:
- true if the node is descendant
-
ignoreLineBreaks
public static boolean ignoreLineBreaks()
-
getAttributeValue
public static String getAttributeValue(Element elem, String name)
Returns the attribute value for the attribute with the specified name. Returns null if there is no such attribute, or the empty string if the attribute value is empty.This works around a limitation of the DOM
Element.getAttributeNode
method, which does not distinguish between an unspecified attribute and an attribute with a value of "" (it returns "" for both cases).- Parameters:
elem
- the element containing the attributename
- the name of the attribute- Returns:
- the attribute value (may be null if unspecified)
-
protectAgainstWrappingAttack
public static boolean protectAgainstWrappingAttack(Node startNode, String value)
This method is a tree-search to help prevent against wrapping attacks. It checks that no two Elements have ID Attributes that match the "value" argument, if this is the case then "false" is returned. Note that a return value of "true" does not necessarily mean that a matching Element has been found, just that no wrapping attack has been detected.
-
protectAgainstWrappingAttack
public static boolean protectAgainstWrappingAttack(Node startNode, Element knownElement, String value)
This method is a tree-search to help prevent against wrapping attacks. It checks that no other Element than the given "knownElement" argument has an ID attribute that matches the "value" argument, which is the ID value of "knownElement". If this is the case then "false" is returned.
-
newDocument
public static Document newDocument() throws ParserConfigurationException
- Throws:
ParserConfigurationException
-
read
public static Document read(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException
-
read
public static Document read(InputStream inputStream, boolean disAllowDocTypeDeclarations) throws ParserConfigurationException, SAXException, IOException
-
read
public static Document read(String uri, boolean disAllowDocTypeDeclarations) throws ParserConfigurationException, SAXException, IOException
-
read
public static Document read(InputSource inputSource) throws ParserConfigurationException, SAXException, IOException
-
read
public static Document read(InputSource inputSource, boolean disAllowDocTypeDeclarations) throws ParserConfigurationException, SAXException, IOException
-
createDocumentBuilder
@Deprecated public static DocumentBuilder createDocumentBuilder(boolean validating) throws ParserConfigurationException
Deprecated.Use XMLUtils.read instead to directly read a document.- Throws:
ParserConfigurationException
-
createDocumentBuilder
@Deprecated public static DocumentBuilder createDocumentBuilder(boolean validating, boolean disAllowDocTypeDeclarations) throws ParserConfigurationException
Deprecated.Use XMLUtils.read instead to directly read a document.- Throws:
ParserConfigurationException
-
repoolDocumentBuilder
@Deprecated public static boolean repoolDocumentBuilder(DocumentBuilder db)
Deprecated.This method has no effect in Santuario 2.1.4
-
getBytes
public static byte[] getBytes(BigInteger big, int bitlen)
Returns a byte-array representation of a
. No sign-bit is output. N.B.:BigInteger
's toByteArray returns eventually longer arrays because of the leading sign-bit.BigInteger
- Parameters:
big
-BigInteger
to be convertedbitlen
-int
the desired length in bits of the representation- Returns:
- a byte array with
bitlen
bits ofbig
-
-