Skip navigation links
oracle.security.xmlsec.wss.swa
Class MimeHeaderC14N
java.lang.Object
oracle.security.xmlsec.wss.swa.MimeHeaderC14N
-
public class MimeHeaderC14N
- extends java.lang.Object
Utilities for Mime Header canonicalization following the SWA 1.1 spec
5.4.1 MIME header canonicalization
The result of MIME header canonicalization is a UTF-8 encoded octet stream.
Each of the MIME headers listed for the Attachment-Complete transform MUST be canonicalized as part of that transform processing, as outlined in this section. This means the transform MUST perform the following actions in interpreting the MIME headers for signature creation or verification (this order is not prescriptive as long as the same result is obtained)
- 1. The transform MUST process MIME headers before the MIME content.
- 2. The transform MUST only process MIME headers that are explicitly present in the attachment part and are listed in the Attachment-Complete transform section of this specification, except that a MIME part without a Content-Type header MUST be treated as having a Content-Type header with the value "Content-Type: text/plain; charset=us-ascii". MIME headers not listed in the Attachment-Complete transform section of this specification are to be ignored by the transform.
- 3. The MIME headers MUST be processed by the Attachment-Complete transform in lexicographic order (ascending).
- 4. The MIME header names MUST be processed by the transform as having the case according to the MIME specifications (as shown in the Attachment-Complete section).
- 5. The MIME header values MUST be unfolded [RFC2822].
- 6. Any Content-Description MIME header containing RFC2047 encoding MUST be decoded [RFC2047].
- 7. When a Content-ID header is processed, the "<>" characters associated with the msg-id MUST be included in the transform input. The reason is that although semantically these angle bracket characters are not part of the msg-id (RFC 2822) they are a standard part of the header lexicographic representation. If these characters are not integrity protected then an attacker could remove them causing the CID transformation specified in RFC2392 to fail.
- 8. Folding whitespace in structured MIME headers (e.g. Content-Disposition, Content-ID, Content- Location, Content-Type) that is not within quotes MUST be removed. Folding whitespace in structured MIME headers that is within quotes MUST be preserved. Folding whitespace in unstructured MIME headers (e.g. Content-Description) MUST be preserved [RFC2822]. For example, whitespace immediately following the colon delimiter in the structured Content-Type header MUST be removed, but whitespace immediately following the colon delimiter in the unstructured Content-Description header MUST be preserved.
- 9. Comments in MIME header values MUST be removed [RFC2822].
- 10.Case-insensitive MIME header values (e.g. media type/subtype values and disposition-type values) MUST be converted to lowercase. Case-sensitive MIME header values MUST be left as is with respect to case [RFC2045].
- 11.Quoted characters other than double-quote and backslash ("\") in quoted strings in structured MIME headers (e.g. Content-ID) MUST be unquoted. Double-quote and backslash ("\") characters in quoted strings in structured MIME headers MUST be character encoded [RFC2822].
- 12.Canonicalization of a MIME header MUST generate a UTF-8 encoded octet stream containing the following: the MIME header name, a colon (":"), the MIME header value, and the result of
- 13.MIME header parameter names MUST be converted to lowercase [RFC2045].
- 14.MIME parameter values containing RFC2184 character set, language, and continuations MUST be decoded. The resulting canonical output MUST not contain the RFC2184 encoding [RFC2184].
- 15.Case-insensitive MIME header parameter values MUST be converted to lowercase. Case-sensitive MIME header parameter values MUST be left as is with respect to case [RFC2045].
- 16.Enclosing double-quotes MUST be added to MIME header parameter values that do not already contain enclosing quotes. Quoted characters other than double-quote and backslash ("\") in MIME header parameter values MUST be unquoted. Double-quote and backslash characters in MIME parameter values MUST be character encoded.
- 17.Canonicalization of a MIME header parameter MUST generate a UTF-8 encoded octet stream containing the following: a semi-colon (";"), the parameter name (lowercase), an equals sign ("="), and the double-quoted parameter value.
- 18.Each header MUST be terminated by a single CRLF pair, without any trailing whitespace.
- 19.The last header MUST be followed by a single CRLF and then the MIME content.
- Since:
- release specific (what release of product did this appear in)
- Version:
- $Header: MimeHeaderC14N.java 22-may-2006.14:25:45 pdatta Exp $
Method Summary |
static java.lang.String |
canonicalizeContentDescription(java.lang.String contentDescription)
Canonicalize the Content-Description by doing an RFC 2047 decode |
static java.lang.String |
canonicalizeContentDisposition(java.lang.String contentDisposition)
Canonicalize the Content-Dispostion by removing any comments, lowercase the disposition type and parameter name, sorting the parameters by name, and uniformly putting in double quotes |
static java.lang.String |
canonicalizeContentId(java.lang.String contentId)
Canonicalize the ContentId, by parsing the address into its constituent parts. |
static java.lang.String |
canonicalizeContentLocation(java.lang.String contentLocation, boolean decode)
Canonicalize the Content-Location, by removing any comments and any folding white space, and optionally decoding it |
static java.lang.String |
canonicalizeContentType(java.lang.String contentType)
Canonicalize the Content-Type, by lowercasing he type and subtype, sorting the parameters, and lowercasing the parameter names |
static java.lang.String |
canonicalizeHeader(java.lang.String header)
|
static java.lang.String |
canonicalizeMimeHeaders(javax.xml.soap.AttachmentPart ap)
Canonicalize the 5 mime headers in the following order Content-Description Content-Disposition Content-ID Content-Location Content-Type |
static java.lang.String |
canonicalizeParameterList(ParameterList plist)
|
static java.lang.String |
quote(java.lang.String s)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
MimeHeaderC14N
public MimeHeaderC14N()
canonicalizeContentLocation
public static java.lang.String canonicalizeContentLocation(java.lang.String contentLocation,
boolean decode)
throws ParseException,
java.io.UnsupportedEncodingException
- Canonicalize the Content-Location, by removing any comments and any folding white space, and optionally decoding it
According to RFC 2557
content-location := "Content-Location:" [CFWS] URI [CFWS]
where CFWS is comments and folding white space. If the URI has any non ASCII characters they must be encoded according to RFC 2047.e.g
=?ISO-8859-1?Q?Keld_J=F8rn_Simonsen?=
-
- Parameters:
contentLocation
- original header
decode
- whether to decode the RFC 2047 encoding
- Returns:
- Throws:
ParseException
java.io.UnsupportedEncodingException
canonicalizeContentDisposition
public static java.lang.String canonicalizeContentDisposition(java.lang.String contentDisposition)
throws ParseException
- Canonicalize the Content-Dispostion by removing any comments, lowercase the disposition type and parameter name, sorting the parameters by name, and uniformly putting in double quotes
-
- Parameters:
contentDisposition
- original header
decode
-
- Returns:
- Throws:
ParseException
canonicalizeContentDescription
public static java.lang.String canonicalizeContentDescription(java.lang.String contentDescription)
throws java.io.UnsupportedEncodingException
- Canonicalize the Content-Description by doing an RFC 2047 decode
-
- Parameters:
contentDescription
- original header
- Returns:
- Throws:
java.io.UnsupportedEncodingException
canonicalizeContentId
public static java.lang.String canonicalizeContentId(java.lang.String contentId)
throws AddressException
- Canonicalize the ContentId, by parsing the address into its constituent parts.
-
- Parameters:
contentId
- original header
- Returns:
- Throws:
AddressException
canonicalizeContentType
public static java.lang.String canonicalizeContentType(java.lang.String contentType)
throws ParseException
- Canonicalize the Content-Type, by lowercasing he type and subtype, sorting the parameters, and lowercasing the parameter names
-
- Parameters:
contentType
- original header
- Returns:
- Throws:
ParseException
canonicalizeParameterList
public static java.lang.String canonicalizeParameterList(ParameterList plist)
quote
public static java.lang.String quote(java.lang.String s)
canonicalizeHeader
public static java.lang.String canonicalizeHeader(java.lang.String header)
canonicalizeMimeHeaders
public static java.lang.String canonicalizeMimeHeaders(javax.xml.soap.AttachmentPart ap)
throws java.io.UnsupportedEncodingException,
ParseException,
AddressException
- Canonicalize the 5 mime headers in the following order
- Content-Description
- Content-Disposition
- Content-ID
- Content-Location
- Content-Type
-
- Returns:
- Throws:
java.io.UnsupportedEncodingException
ParseException
AddressException
Skip navigation links
Copyright © 2005, 2009, Oracle. All rights reserved.