From c9aac4cdc6804f6c38a3d4ceb46587a8b4792b47 Mon Sep 17 00:00:00 2001 From: Alex Dupre Date: Tue, 14 Dec 2010 15:29:43 +0000 Subject: [PATCH] Add xml-security port: the Apache Java library for XML Signature and Encryption. --- security/Makefile | 1 + security/xml-security/Makefile | 59 +++++ security/xml-security/distinfo | 2 + security/xml-security/files/patch-build.xml | 39 ++++ ...rithms_implementations_SignatureECDSA.java | 205 ++++++++++++++++++ ...rg_apache_xml_security_resource_config.xml | 147 +++++++++++++ ...e_xml_security_signature_XMLSignature.java | 22 ++ security/xml-security/pkg-descr | 13 ++ 8 files changed, 488 insertions(+) create mode 100644 security/xml-security/Makefile create mode 100644 security/xml-security/distinfo create mode 100644 security/xml-security/files/patch-build.xml create mode 100644 security/xml-security/files/patch-src_org_apache_xml_security_algorithms_implementations_SignatureECDSA.java create mode 100644 security/xml-security/files/patch-src_org_apache_xml_security_resource_config.xml create mode 100644 security/xml-security/files/patch-src_org_apache_xml_security_signature_XMLSignature.java create mode 100644 security/xml-security/pkg-descr diff --git a/security/Makefile b/security/Makefile index 6de27863dc0a..ca1e929f108b 100644 --- a/security/Makefile +++ b/security/Makefile @@ -890,6 +890,7 @@ SUBDIR += wipe SUBDIR += xca SUBDIR += xinetd + SUBDIR += xml-security SUBDIR += xmlsec SUBDIR += xmlsec1 SUBDIR += xorsearch diff --git a/security/xml-security/Makefile b/security/xml-security/Makefile new file mode 100644 index 000000000000..8a77f56fef0f --- /dev/null +++ b/security/xml-security/Makefile @@ -0,0 +1,59 @@ +# New ports collection makefile for: Apache-XML-Security-J +# Date created: 14 Dec 2010 +# Whom: Alex Dupre +# +# $FreeBSD$ +# + +PORTNAME= xml-security +PORTVERSION= 1.4.4 +CATEGORIES= security java +MASTER_SITES= ${MASTER_SITE_APACHE} +MASTER_SITE_SUBDIR= santuario/java-library +DISTNAME= ${PORTNAME}-src-${PORTVERSION:S/./_/g} + +MAINTAINER= ale@FreeBSD.org +COMMENT= A Java library for XML Signature and Encryption + +BUILD_DEPENDS= ${JAVAJARDIR}/commons-logging.jar:${PORTSDIR}/java/jakarta-commons-logging \ + ${JAVAJARDIR}/xalan.jar:${PORTSDIR}/textproc/xalan-j +RUN_DEPENDS= ${JAVAJARDIR}/commons-logging.jar:${PORTSDIR}/java/jakarta-commons-logging \ + ${JAVAJARDIR}/xalan.jar:${PORTSDIR}/textproc/xalan-j + +LICENSE= ASL +LICENSE_FILE= ${WRKSRC}/LICENSE + +USE_ZIP= yes +USE_JAVA= yes +JAVA_VERSION= 1.4+ +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION:S/./_/g} +USE_ANT= yes +MAKE_ENV= ANT_INCLUDE_SHARED_JARS=YES +ALL_TARGET= jar +.if !defined(NOPORTDOCS) +ALL_TARGET+= javadoc +.endif + +PORTDOCS= * +PORTEXAMPLES= * + +PLIST_FILES= %%JAVAJARDIR%%/xmlsec.jar + +do-install: + @${ECHO} -n ">> Installing JAR as ${JAVAJARDIR}/xmlsec.jar..." + @${INSTALL_DATA} ${WRKSRC}/build/xmlsec-${PORTVERSION}.jar ${JAVAJARDIR}/xmlsec.jar + @${ECHO} " [ DONE ]" +.if !defined(NOPORTDOCS) + @${ECHO} -n ">> Installing documentation in ${DOCSDIR}..." + @${MKDIR} ${DOCSDIR} + @(cd ${WRKSRC}/build/docs/html && ${COPYTREE_SHARE} javadoc ${DOCSDIR}) + @${ECHO} " [ DONE ]" +.endif +.if !defined(NOPORTEXAMPLES) + @${ECHO} -n ">> Installing examples in ${EXAMPLESDIR}..." + @${MKDIR} ${EXAMPLESDIR} + @(cd ${WRKSRC}/src_samples && ${COPYTREE_SHARE} \* ${EXAMPLESDIR}) + @${ECHO} " [ DONE ]" +.endif + +.include diff --git a/security/xml-security/distinfo b/security/xml-security/distinfo new file mode 100644 index 000000000000..eeb8af0ac887 --- /dev/null +++ b/security/xml-security/distinfo @@ -0,0 +1,2 @@ +SHA256 (xml-security-src-1_4_4.zip) = bde5ad7b2ed63df2237dd005126ff11d68168c02166ededbcf15d3e1e3928abb +SIZE (xml-security-src-1_4_4.zip) = 2037548 diff --git a/security/xml-security/files/patch-build.xml b/security/xml-security/files/patch-build.xml new file mode 100644 index 000000000000..fda7db4b568d --- /dev/null +++ b/security/xml-security/files/patch-build.xml @@ -0,0 +1,39 @@ +--- build.xml.orig 2010-11-11 10:38:24.000000000 +0100 ++++ build.xml 2010-12-14 13:05:00.000000000 +0100 +@@ -276,7 +276,7 @@ + ++ includeAntRuntime="yes"> + + + +@@ -789,6 +789,19 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ + + +@@ -811,7 +824,6 @@ + + + +- + + + diff --git a/security/xml-security/files/patch-src_org_apache_xml_security_algorithms_implementations_SignatureECDSA.java b/security/xml-security/files/patch-src_org_apache_xml_security_algorithms_implementations_SignatureECDSA.java new file mode 100644 index 000000000000..31f2e02aa7dd --- /dev/null +++ b/security/xml-security/files/patch-src_org_apache_xml_security_algorithms_implementations_SignatureECDSA.java @@ -0,0 +1,205 @@ +--- src/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java.orig 2010-11-11 10:38:28.000000000 +0100 ++++ src/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java 2010-12-14 12:40:29.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1999-2004 The Apache Software Foundation. ++ * Copyright 1999-2010 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +@@ -40,6 +40,7 @@ + /** + * + * @author $Author: raul $ ++ * @author Alex Dupre + */ + public abstract class SignatureECDSA extends SignatureAlgorithmSpi { + +@@ -69,34 +70,42 @@ + private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) + throws IOException { + +- byte rLength = asn1Bytes[3]; ++ if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) { ++ throw new IOException("Invalid ASN.1 format of ECDSA signature"); ++ } ++ int offset; ++ if (asn1Bytes[1] > 0) { ++ offset = 2; ++ } else if (asn1Bytes[1] == (byte) 0x81) { ++ offset = 3; ++ } else { ++ throw new IOException("Invalid ASN.1 format of ECDSA signature"); ++ } ++ ++ byte rLength = asn1Bytes[offset + 1]; + int i; + +- for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--); ++ for (i = rLength; (i > 0) && (asn1Bytes[(offset + 2 + rLength) - i] == 0); i--); + +- byte sLength = asn1Bytes[5 + rLength]; ++ byte sLength = asn1Bytes[offset + 2 + rLength + 1]; + int j; + + for (j = sLength; +- (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--); ++ (j > 0) && (asn1Bytes[(offset + 2 + rLength + 2 + sLength) - j] == 0); j--); + +- int rawLen = ((i+7)/8)*8; ++ int rawLen = Math.max(i, j); + +- int tmp = ((j+7)/8)*8; +- +- if (tmp > rawLen) +- rawLen = tmp; +- +- if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2) +- || (asn1Bytes[2] != 2) || rawLen < 24 +- || (asn1Bytes[4 + rLength] != 2) ) { ++ if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset ++ || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength ++ || asn1Bytes[offset] != 2 ++ || asn1Bytes[offset + 2 + rLength] != 2) { + throw new IOException("Invalid ASN.1 format of ECDSA signature"); + } + byte xmldsigBytes[] = new byte[2*rawLen]; + +- System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, rawLen - i, ++ System.arraycopy(asn1Bytes, (offset + 2 + rLength) - i, xmldsigBytes, rawLen - i, + i); +- System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes, ++ System.arraycopy(asn1Bytes, (offset + 2 + rLength + 2 + sLength) - j, xmldsigBytes, + 2*rawLen - j, j); + + return xmldsigBytes; +@@ -118,10 +127,6 @@ + private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) + throws IOException { + +- if (xmldsigBytes.length < 48) { +- throw new IOException("Invalid XMLDSIG format of ECDSA signature"); +- } +- + int rawLen = xmldsigBytes.length/2; + + int i; +@@ -143,20 +148,34 @@ + if (xmldsigBytes[2*rawLen - k] < 0) { + l += 1; + } +- +- byte asn1Bytes[] = new byte[6 + j + l]; +- ++ ++ int len = 2 + j + 2 + l; ++ if (len > 255) { ++ throw new IOException("Invalid XMLDSIG format of ECDSA signature"); ++ } ++ int offset; ++ byte asn1Bytes[]; ++ if (len < 128) { ++ asn1Bytes = new byte[2 + 2 + j + 2 + l]; ++ offset = 1; ++ } else { ++ asn1Bytes = new byte[3 + 2 + j + 2 + l]; ++ asn1Bytes[1] = (byte) 0x81; ++ offset = 2; ++ } + asn1Bytes[0] = 48; +- asn1Bytes[1] = (byte) (4 + j + l); +- asn1Bytes[2] = 2; +- asn1Bytes[3] = (byte) j; ++ asn1Bytes[offset++] = (byte) len; ++ asn1Bytes[offset++] = 2; ++ asn1Bytes[offset++] = (byte) j; + +- System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (4 + j) - i, i); ++ System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (offset + j) - i, i); ++ ++ offset += j; + +- asn1Bytes[4 + j] = 2; +- asn1Bytes[5 + j] = (byte) l; ++ asn1Bytes[offset++] = 2; ++ asn1Bytes[offset++] = (byte) l; + +- System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (6 + j + l) - k, k); ++ System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (offset + l) - k, k); + + return asn1Bytes; + } +@@ -386,4 +405,73 @@ + } + } + ++ /** ++ * Class SignatureRSASHA256 ++ * ++ * @author Alex Dupre ++ * @version $Revision$ ++ */ ++ public static class SignatureECDSASHA256 extends SignatureECDSA { ++ ++ /** ++ * Constructor SignatureRSASHA256 ++ * ++ * @throws XMLSignatureException ++ */ ++ public SignatureECDSASHA256() throws XMLSignatureException { ++ super(); ++ } ++ ++ /** @inheritDoc */ ++ public String engineGetURI() { ++ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256; ++ } ++ } ++ ++ /** ++ * Class SignatureRSASHA384 ++ * ++ * @author Alex Dupre ++ * @version $Revision$ ++ */ ++ public static class SignatureECDSASHA384 extends SignatureECDSA { ++ ++ /** ++ * Constructor SignatureRSASHA384 ++ * ++ * @throws XMLSignatureException ++ */ ++ public SignatureECDSASHA384() throws XMLSignatureException { ++ super(); ++ } ++ ++ /** @inheritDoc */ ++ public String engineGetURI() { ++ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384; ++ } ++ } ++ ++ /** ++ * Class SignatureRSASHA512 ++ * ++ * @author Alex Dupre ++ * @version $Revision$ ++ */ ++ public static class SignatureECDSASHA512 extends SignatureECDSA { ++ ++ /** ++ * Constructor SignatureRSASHA512 ++ * ++ * @throws XMLSignatureException ++ */ ++ public SignatureECDSASHA512() throws XMLSignatureException { ++ super(); ++ } ++ ++ /** @inheritDoc */ ++ public String engineGetURI() { ++ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512; ++ } ++ } ++ + } diff --git a/security/xml-security/files/patch-src_org_apache_xml_security_resource_config.xml b/security/xml-security/files/patch-src_org_apache_xml_security_resource_config.xml new file mode 100644 index 000000000000..af534bc16bf8 --- /dev/null +++ b/security/xml-security/files/patch-src_org_apache_xml_security_resource_config.xml @@ -0,0 +1,147 @@ +--- src/org/apache/xml/security/resource/config.xml.orig 2010-11-11 10:38:26.000000000 +0100 ++++ src/org/apache/xml/security/resource/config.xml 2010-12-14 12:40:29.000000000 +0100 +@@ -78,6 +78,12 @@ + JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" /> + ++ ++ ++ + + +@@ -97,7 +103,7 @@ + Description="MD5 message digest from RFC 1321" + AlgorithmClass="MessageDigest" + RequirementLevel="NOT RECOMMENDED" +- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt" ++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" + JCEName="MD5"/> + + + + + + + + + + + + + + ++ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt" ++ JCEName="SHA1withECDSA"/> ++ ++ ++ ++ ++ ++ + + + + + + + + + + + + + diff --git a/security/xml-security/files/patch-src_org_apache_xml_security_signature_XMLSignature.java b/security/xml-security/files/patch-src_org_apache_xml_security_signature_XMLSignature.java new file mode 100644 index 000000000000..39f476f671fb --- /dev/null +++ b/security/xml-security/files/patch-src_org_apache_xml_security_signature_XMLSignature.java @@ -0,0 +1,22 @@ +--- src/org/apache/xml/security/signature/XMLSignature.java.orig 2010-11-11 10:38:26.000000000 +0100 ++++ src/org/apache/xml/security/signature/XMLSignature.java 2010-12-14 12:40:29.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1999-2009 The Apache Software Foundation. ++ * Copyright 1999-2010 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +@@ -107,6 +107,12 @@ + public static final String ALGO_ID_MAC_HMAC_SHA512 = Constants.MoreAlgorithmsSpecNS + "hmac-sha512"; + /**Signature - Optional ECDSAwithSHA1 */ + public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"; ++ /**Signature - Optional ECDSAwithSHA256 */ ++ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"; ++ /**Signature - Optional ECDSAwithSHA384 */ ++ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"; ++ /**Signature - Optional ECDSAwithSHA512 */ ++ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"; + + /** ds:Signature.ds:SignedInfo element */ + private SignedInfo _signedInfo = null; diff --git a/security/xml-security/pkg-descr b/security/xml-security/pkg-descr new file mode 100644 index 000000000000..c90608aabf78 --- /dev/null +++ b/security/xml-security/pkg-descr @@ -0,0 +1,13 @@ +The Apache-XML-Security-J supports XML-Signature Syntax and Processing, +W3C Recommendation 12 February 2002 and XML Encryption Syntax and +Processing, W3C Recommendation 10 December 2002. + +The Java library supports the standard Java API JSR-105: XML Digital +Signature APIs for creating and validating XML Signatures. A standard +Java API for XML Encryption JSR-106: XML Digital Encryption APIs is +in progress and is not final, so this API is not yet supported. + +WWW: http://santuario.apache.org/Java/ + +- Alex Dupre +ale@FreeBSD.org