sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 09:49:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add xml-security port: the Apache Java library for XML Signature and Encryption.

Browse source
This commit is contained in:
Alex Dupre 2010-12-14 15:29:43 +00:00
parent 880766b3c3
commit c9aac4cdc6
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=266293
8 changed files with 488 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
security/Makefile
View file

@ -890,6 +890,7 @@
SUBDIR += wipe SUBDIR += wipe
SUBDIR += xca SUBDIR += xca
SUBDIR += xinetd SUBDIR += xinetd
SUBDIR += xml-security
SUBDIR += xmlsec SUBDIR += xmlsec
SUBDIR += xmlsec1 SUBDIR += xmlsec1
SUBDIR += xorsearch SUBDIR += xorsearch

59
security/xml-security/Makefile Normal file
View file

@ -0,0 +1,59 @@
# New ports collection makefile for: Apache-XML-Security-J
# Date created: 14 Dec 2010
# Whom: Alex Dupre <ale@FreeBSD.org>
#
# $FreeBSD$
#
PORTNAME= xml-security
PORTVERSION= 1.4.4
CATEGORIES= security java
MASTER_SITES= ${MASTER_SITE_APACHE}
MASTER_SITE_SUBDIR= santuario/java-library
DISTNAME= ${PORTNAME}-src-${PORTVERSION:S/./_/g}
MAINTAINER= ale@FreeBSD.org
COMMENT= A Java library for XML Signature and Encryption
BUILD_DEPENDS= ${JAVAJARDIR}/commons-logging.jar:${PORTSDIR}/java/jakarta-commons-logging \
${JAVAJARDIR}/xalan.jar:${PORTSDIR}/textproc/xalan-j
RUN_DEPENDS= ${JAVAJARDIR}/commons-logging.jar:${PORTSDIR}/java/jakarta-commons-logging \
${JAVAJARDIR}/xalan.jar:${PORTSDIR}/textproc/xalan-j
LICENSE= ASL
LICENSE_FILE= ${WRKSRC}/LICENSE
USE_ZIP= yes
USE_JAVA= yes
JAVA_VERSION= 1.4+
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION:S/./_/g}
USE_ANT= yes
MAKE_ENV= ANT_INCLUDE_SHARED_JARS=YES
ALL_TARGET= jar
.if !defined(NOPORTDOCS)
ALL_TARGET+= javadoc
.endif
PORTDOCS= *
PORTEXAMPLES= *
PLIST_FILES= %%JAVAJARDIR%%/xmlsec.jar
do-install:
@${ECHO} -n ">> Installing JAR as ${JAVAJARDIR}/xmlsec.jar..."
@${INSTALL_DATA} ${WRKSRC}/build/xmlsec-${PORTVERSION}.jar ${JAVAJARDIR}/xmlsec.jar
@${ECHO} " [ DONE ]"
.if !defined(NOPORTDOCS)
@${ECHO} -n ">> Installing documentation in ${DOCSDIR}..."
@${MKDIR} ${DOCSDIR}
@(cd ${WRKSRC}/build/docs/html && ${COPYTREE_SHARE} javadoc ${DOCSDIR})
@${ECHO} " [ DONE ]"
.endif
.if !defined(NOPORTEXAMPLES)
@${ECHO} -n ">> Installing examples in ${EXAMPLESDIR}..."
@${MKDIR} ${EXAMPLESDIR}
@(cd ${WRKSRC}/src_samples && ${COPYTREE_SHARE} \* ${EXAMPLESDIR})
@${ECHO} " [ DONE ]"
.endif
.include <bsd.port.mk>

2
security/xml-security/distinfo Normal file
View file

@ -0,0 +1,2 @@
SHA256 (xml-security-src-1_4_4.zip) = bde5ad7b2ed63df2237dd005126ff11d68168c02166ededbcf15d3e1e3928abb
SIZE (xml-security-src-1_4_4.zip) = 2037548

39
security/xml-security/files/patch-build.xml Normal file
View file

@ -0,0 +1,39 @@
--- build.xml.orig 2010-11-11 10:38:24.000000000 +0100
+++ build.xml 2010-12-14 13:05:00.000000000 +0100
@@ -276,7 +276,7 @@
<javac target="1.4" source="1.4" srcdir="${dir.src}"
destdir="${dir.build.bin}"
debug="${build.compile.debug}"
- includeAntRuntime="false">
+ includeAntRuntime="yes">
<classpath refid="id.classpath" />
<include name="**/org/apache/xml/security/**/*.java" />
<include name="**/javax/xml/crypto/**/*.java" />
@@ -789,6 +789,19 @@
</jar>
</target>
+ <target name="jar"
+ depends="manifest,build.src">
+
+ <!-- Main Library -->
+ <jar basedir="${dir.build.bin}"
+ excludes="org/apache/xml/security/temp/**"
+ includes="org/apache/**, org/jcp/**, javax/xml/crypto/**"
+ destfile="${jar.library}"
+ manifest="${jar.manifest}">
+ <metainf file="${dir.manifest}/*.txt"/>
+ </jar>
+ </target>
+
<target name="build.src.jar"
depends="manifest,build.src">
@@ -811,7 +824,6 @@
<target name="docs" depends="build.docs" />
<target name="xdocs" depends="build.xdocs" />
<target name="javadoc" depends="build.docs" />
- <target name="jar" depends="build.jar" />
<target name="dist" depends="build.dist" />
<target name="clean" depends="env.rm.dirs,env.rm.files"/>
<target name="gump" depends="clean, docs, jar, test"/>

205
security/xml-security/files/patch-src_org_apache_xml_security_algorithms_implementations_SignatureECDSA.java Normal file
View file

@ -0,0 +1,205 @@
--- src/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java.orig 2010-11-11 10:38:28.000000000 +0100
+++ src/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java 2010-12-14 12:40:29.000000000 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -40,6 +40,7 @@
/**
*
* @author $Author: raul $
+ * @author Alex Dupre
*/
public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
@@ -69,34 +70,42 @@
private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
throws IOException {
- byte rLength = asn1Bytes[3];
+ if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
+ throw new IOException("Invalid ASN.1 format of ECDSA signature");
+ }
+ int offset;
+ if (asn1Bytes[1] > 0) {
+ offset = 2;
+ } else if (asn1Bytes[1] == (byte) 0x81) {
+ offset = 3;
+ } else {
+ throw new IOException("Invalid ASN.1 format of ECDSA signature");
+ }
+
+ byte rLength = asn1Bytes[offset + 1];
int i;
- for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
+ for (i = rLength; (i > 0) && (asn1Bytes[(offset + 2 + rLength) - i] == 0); i--);
- byte sLength = asn1Bytes[5 + rLength];
+ byte sLength = asn1Bytes[offset + 2 + rLength + 1];
int j;
for (j = sLength;
- (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
+ (j > 0) && (asn1Bytes[(offset + 2 + rLength + 2 + sLength) - j] == 0); j--);
- int rawLen = ((i+7)/8)*8;
+ int rawLen = Math.max(i, j);
- int tmp = ((j+7)/8)*8;
-
- if (tmp > rawLen)
- rawLen = tmp;
-
- if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
- || (asn1Bytes[2] != 2) || rawLen < 24
- || (asn1Bytes[4 + rLength] != 2) ) {
+ if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
+ || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
+ || asn1Bytes[offset] != 2
+ || asn1Bytes[offset + 2 + rLength] != 2) {
throw new IOException("Invalid ASN.1 format of ECDSA signature");
}
byte xmldsigBytes[] = new byte[2*rawLen];
- System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, rawLen - i,
+ System.arraycopy(asn1Bytes, (offset + 2 + rLength) - i, xmldsigBytes, rawLen - i,
i);
- System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
+ System.arraycopy(asn1Bytes, (offset + 2 + rLength + 2 + sLength) - j, xmldsigBytes,
2*rawLen - j, j);
return xmldsigBytes;
@@ -118,10 +127,6 @@
private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
throws IOException {
- if (xmldsigBytes.length < 48) {
- throw new IOException("Invalid XMLDSIG format of ECDSA signature");
- }
-
int rawLen = xmldsigBytes.length/2;
int i;
@@ -143,20 +148,34 @@
if (xmldsigBytes[2*rawLen - k] < 0) {
l += 1;
}
-
- byte asn1Bytes[] = new byte[6 + j + l];
-
+
+ int len = 2 + j + 2 + l;
+ if (len > 255) {
+ throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+ }
+ int offset;
+ byte asn1Bytes[];
+ if (len < 128) {
+ asn1Bytes = new byte[2 + 2 + j + 2 + l];
+ offset = 1;
+ } else {
+ asn1Bytes = new byte[3 + 2 + j + 2 + l];
+ asn1Bytes[1] = (byte) 0x81;
+ offset = 2;
+ }
asn1Bytes[0] = 48;
- asn1Bytes[1] = (byte) (4 + j + l);
- asn1Bytes[2] = 2;
- asn1Bytes[3] = (byte) j;
+ asn1Bytes[offset++] = (byte) len;
+ asn1Bytes[offset++] = 2;
+ asn1Bytes[offset++] = (byte) j;
- System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (4 + j) - i, i);
+ System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (offset + j) - i, i);
+
+ offset += j;
- asn1Bytes[4 + j] = 2;
- asn1Bytes[5 + j] = (byte) l;
+ asn1Bytes[offset++] = 2;
+ asn1Bytes[offset++] = (byte) l;
- System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (6 + j + l) - k, k);
+ System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (offset + l) - k, k);
return asn1Bytes;
}
@@ -386,4 +405,73 @@
}
}
+ /**
+ * Class SignatureRSASHA256
+ *
+ * @author Alex Dupre
+ * @version $Revision$
+ */
+ public static class SignatureECDSASHA256 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureRSASHA256
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA256() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256;
+ }
+ }
+
+ /**
+ * Class SignatureRSASHA384
+ *
+ * @author Alex Dupre
+ * @version $Revision$
+ */
+ public static class SignatureECDSASHA384 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureRSASHA384
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA384() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384;
+ }
+ }
+
+ /**
+ * Class SignatureRSASHA512
+ *
+ * @author Alex Dupre
+ * @version $Revision$
+ */
+ public static class SignatureECDSASHA512 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureRSASHA512
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA512() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
+ }
+ }
+
}

147
security/xml-security/files/patch-src_org_apache_xml_security_resource_config.xml Normal file
View file

@ -0,0 +1,147 @@
--- src/org/apache/xml/security/resource/config.xml.orig 2010-11-11 10:38:26.000000000 +0100
+++ src/org/apache/xml/security/resource/config.xml 2010-12-14 12:40:29.000000000 +0100
@@ -78,6 +78,12 @@
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA256" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA384" />
+ <SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+ JAVACLASS="org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA512" />
<SignatureAlgorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
JAVACLASS="org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5" />
@@ -97,7 +103,7 @@
Description="MD5 message digest from RFC 1321"
AlgorithmClass="MessageDigest"
RequirementLevel="NOT RECOMMENDED"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="MD5"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#ripemd160"
@@ -122,7 +128,7 @@
Description="SHA message digest with 384 bit"
AlgorithmClass="MessageDigest"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA-384"/>
<Algorithm URI="http://www.w3.org/2001/04/xmlenc#sha512"
@@ -142,14 +148,14 @@
Description="RSA Signature with MD5 message digest"
AlgorithmClass="Signature"
RequirementLevel="NOT RECOMMENDED"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="MD5withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"
Description="RSA Signature with RIPEMD-160 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="RIPEMD160withRSA"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
@@ -162,43 +168,64 @@
Description="RSA Signature with SHA-256 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA256withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
Description="RSA Signature with SHA-384 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA384withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
Description="RSA Signature with SHA-512 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="SHA512withRSA"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
Description="ECDSA Signature with SHA-1 message digest"
AlgorithmClass="Signature"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
- JCEName="ECDSAwithSHA1"/>
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA1withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+ Description="ECDSA Signature with SHA-256 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA256withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+ Description="ECDSA Signature with SHA-384 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA384withECDSA"/>
+
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
+ Description="ECDSA Signature with SHA-512 message digest"
+ AlgorithmClass="Signature"
+ RequirementLevel="OPTIONAL"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
+ JCEName="SHA512withECDSA"/>
<!-- MAC Algorithms -->
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"
Description="Message Authentication code using MD5"
AlgorithmClass="Mac"
RequirementLevel="NOT RECOMMENDED"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HmacMD5"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"
Description="Message Authentication code using RIPEMD-160"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HMACRIPEMD160"/>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1"
@@ -211,21 +238,21 @@
Description="Message Authentication code using SHA-256"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HmacSHA256"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
Description="Message Authentication code using SHA-384"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HmacSHA384"/>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
Description="Message Authentication code using SHA-512"
AlgorithmClass="Mac"
RequirementLevel="OPTIONAL"
- SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt"
+ SpecificationURL="http://www.ietf.org/rfc/rfc4051.txt"
JCEName="HmacSHA512"/>
<!-- Block encryption Algorithms -->

22
security/xml-security/files/patch-src_org_apache_xml_security_signature_XMLSignature.java Normal file
View file

@ -0,0 +1,22 @@
--- src/org/apache/xml/security/signature/XMLSignature.java.orig 2010-11-11 10:38:26.000000000 +0100
+++ src/org/apache/xml/security/signature/XMLSignature.java 2010-12-14 12:40:29.000000000 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2009 The Apache Software Foundation.
+ * Copyright 1999-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -107,6 +107,12 @@
public static final String ALGO_ID_MAC_HMAC_SHA512 = Constants.MoreAlgorithmsSpecNS + "hmac-sha512";
/**Signature - Optional ECDSAwithSHA1 */
public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+ /**Signature - Optional ECDSAwithSHA256 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
+ /**Signature - Optional ECDSAwithSHA384 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
+ /**Signature - Optional ECDSAwithSHA512 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
/** ds:Signature.ds:SignedInfo element */
private SignedInfo _signedInfo = null;

13
security/xml-security/pkg-descr Normal file
View file

@ -0,0 +1,13 @@
The Apache-XML-Security-J supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002 and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002.
The Java library supports the standard Java API JSR-105: XML Digital
Signature APIs for creating and validating XML Signatures. A standard
Java API for XML Encryption JSR-106: XML Digital Encryption APIs is
in progress and is not final, so this API is not yet supported.
WWW: http://santuario.apache.org/Java/
- Alex Dupre
ale@FreeBSD.org