All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.xml.security.utils.resolver.ResourceResolverSpi Maven / Gradle / Ivy

Go to download

Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs.

There is a newer version: 4.0.2
Show newest version
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.xml.security.utils.resolver;

import java.util.HashMap;
import java.util.Map;

import org.apache.xml.security.signature.XMLSignatureInput;
import org.w3c.dom.Attr;

/**
 * During reference validation, we have to retrieve resources from somewhere.
 *
 * @author $Author: coheigea $
 */
public abstract class ResourceResolverSpi {

    /** {@link org.apache.commons.logging} logging facility */
    private static org.apache.commons.logging.Log log = 
        org.apache.commons.logging.LogFactory.getLog(ResourceResolverSpi.class);

    /** Field properties */
    protected java.util.Map properties = null;

    /**
     * Deprecated - used to carry state about whether resolution was being done in a secure fashion,
     * but was not thread safe, so the resolution information is now passed as parameters to methods.
     * 
     * @deprecated Secure validation flag is now passed to methods.
     */
    protected final boolean secureValidation = true;

    /**
     * This is the workhorse method used to resolve resources.
     *
     * @param uri
     * @param BaseURI
     * @return the resource wrapped around a XMLSignatureInput
     *
     * @throws ResourceResolverException
     * 
     * @deprecated New clients should override {@link #engineResolveURI(ResourceResolverContext)}
     */
    public XMLSignatureInput engineResolve(Attr uri, String BaseURI)
        throws ResourceResolverException {
        throw new UnsupportedOperationException();
    }

    /**
     * This is the workhorse method used to resolve resources.
     * @param context Context to use to resolve resources.
     * 
     * @return the resource wrapped around a XMLSignatureInput
     * 
     * @throws ResourceResolverException
     */
    public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
        throws ResourceResolverException {
        // The default implementation, to preserve backwards compatibility in the
        // test cases, calls the old resolver API.
        return engineResolve(context.attr, context.baseUri);
    }

    /**
     * Method engineSetProperty
     *
     * @param key
     * @param value
     */
    public void engineSetProperty(String key, String value) {
        if (properties == null) {
            properties = new HashMap();
        }
        properties.put(key, value);
    }

    /**
     * Method engineGetProperty
     *
     * @param key
     * @return the value of the property
     */
    public String engineGetProperty(String key) {
        if (properties == null) {
            return null;
        }
        return properties.get(key);
    }

    /**
     * 
     * @param newProperties
     */
    public void engineAddProperies(Map newProperties) {
        if (newProperties != null && !newProperties.isEmpty()) {
            if (properties == null) {
                properties = new HashMap();
            }
            properties.putAll(newProperties);
        }
    }

    /**
     * Tells if the implementation does can be reused by several threads safely.
     * It normally means that the implementation does not have any member, or there is
     * member change between engineCanResolve & engineResolve invocations. Or it maintains all
     * member info in ThreadLocal methods.
     */
    public boolean engineIsThreadSafe() {
        return false;
    }

    /**
     * This method helps the {@link ResourceResolver} to decide whether a
     * {@link ResourceResolverSpi} is able to perform the requested action.
     *
     * @param uri
     * @param BaseURI
     * @return true if the engine can resolve the uri
     * 
     * @deprecated See {@link #engineCanResolveURI(ResourceResolverContext)}
     */
    public boolean engineCanResolve(Attr uri, String BaseURI) {
        // This method used to be abstract, so any calls to "super" are bogus.
        throw new UnsupportedOperationException();
    }

    /**
     * This method helps the {@link ResourceResolver} to decide whether a
     * {@link ResourceResolverSpi} is able to perform the requested action.
     *
     * 
New clients should override this method, and not override {@link #engineCanResolve(Attr, String)}
     * 

     * @param context Context in which to do resolution.
     * @return true if the engine can resolve the uri
     */
    public boolean engineCanResolveURI(ResourceResolverContext context) {
        // To preserve backward compatibility with existing resolvers that might override the old method,
        // call the old deprecated API.
        return engineCanResolve( (Attr) context.attr, context.baseUri );
    }

    /**
     * Method engineGetPropertyKeys
     *
     * @return the property keys
     */
    public String[] engineGetPropertyKeys() {
        return new String[0];
    }

    /**
     * Method understandsProperty
     *
     * @param propertyToTest
     * @return true if understands the property
     */
    public boolean understandsProperty(String propertyToTest) {
        String[] understood = this.engineGetPropertyKeys();

        if (understood != null) {
            for (int i = 0; i < understood.length; i++) {
                if (understood[i].equals(propertyToTest)) {
                    return true;
                }
            }
        }

        return false;
    }


    /**
     * Fixes a platform dependent filename to standard URI form.
     *
     * @param str The string to fix.
     *
     * @return Returns the fixed URI string.
     */
    public static String fixURI(String str) {

        // handle platform dependent strings
        str = str.replace(java.io.File.separatorChar, '/');

        if (str.length() >= 4) {

            // str =~ /^\W:\/([^/])/ # to speak perl ;-))
            char ch0 = Character.toUpperCase(str.charAt(0));
            char ch1 = str.charAt(1);
            char ch2 = str.charAt(2);
            char ch3 = str.charAt(3);
            boolean isDosFilename = ((('A' <= ch0) && (ch0 <= 'Z'))
                && (ch1 == ':') && (ch2 == '/')
                && (ch3 != '/'));

            if (isDosFilename && log.isDebugEnabled()) {
                log.debug("Found DOS filename: " + str);
            }
        }

        // Windows fix
        if (str.length() >= 2) {
            char ch1 = str.charAt(1);

            if (ch1 == ':') {
                char ch0 = Character.toUpperCase(str.charAt(0));

                if (('A' <= ch0) && (ch0 <= 'Z')) {
                    str = "/" + str;
                }
            }
        }

        // done
        return str;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy