Skip navigation links

oracle.security.xmlsec.wss.swa
Class MimeHeaderC14N

java.lang.Object
oracle.security.xmlsec.wss.swa.MimeHeaderC14N

public class MimeHeaderC14N

extends java.lang.Object

Utilities for Mime Header canonicalization following the SWA 1.1 spec

5.4.1 MIME header canonicalization

The result of MIME header canonicalization is a UTF-8 encoded octet stream.

Each of the MIME headers listed for the Attachment-Complete transform MUST be canonicalized as part of that transform processing, as outlined in this section. This means the transform MUST perform the following actions in interpreting the MIME headers for signature creation or verification (this order is not prescriptive as long as the same result is obtained)

• 1. The transform MUST process MIME headers before the MIME content.
• 2. The transform MUST only process MIME headers that are explicitly present in the attachment part and are listed in the Attachment-Complete transform section of this specification, except that a MIME part without a Content-Type header MUST be treated as having a Content-Type header with the value "Content-Type: text/plain; charset=us-ascii". MIME headers not listed in the Attachment-Complete transform section of this specification are to be ignored by the transform.
• 3. The MIME headers MUST be processed by the Attachment-Complete transform in lexicographic order (ascending).
• 4. The MIME header names MUST be processed by the transform as having the case according to the MIME specifications (as shown in the Attachment-Complete section).
• 5. The MIME header values MUST be unfolded [RFC2822].
• 6. Any Content-Description MIME header containing RFC2047 encoding MUST be decoded [RFC2047].
• 7. When a Content-ID header is processed, the "<>" characters associated with the msg-id MUST be included in the transform input. The reason is that although semantically these angle bracket characters are not part of the msg-id (RFC 2822) they are a standard part of the header lexicographic representation. If these characters are not integrity protected then an attacker could remove them causing the CID transformation specified in RFC2392 to fail.
• 8. Folding whitespace in structured MIME headers (e.g. Content-Disposition, Content-ID, Content- Location, Content-Type) that is not within quotes MUST be removed. Folding whitespace in structured MIME headers that is within quotes MUST be preserved. Folding whitespace in unstructured MIME headers (e.g. Content-Description) MUST be preserved [RFC2822]. For example, whitespace immediately following the colon delimiter in the structured Content-Type header MUST be removed, but whitespace immediately following the colon delimiter in the unstructured Content-Description header MUST be preserved.
• 9. Comments in MIME header values MUST be removed [RFC2822].
• 10.Case-insensitive MIME header values (e.g. media type/subtype values and disposition-type values) MUST be converted to lowercase. Case-sensitive MIME header values MUST be left as is with respect to case [RFC2045].
• 11.Quoted characters other than double-quote and backslash ("\") in quoted strings in structured MIME headers (e.g. Content-ID) MUST be unquoted. Double-quote and backslash ("\") characters in quoted strings in structured MIME headers MUST be character encoded [RFC2822].
• 12.Canonicalization of a MIME header MUST generate a UTF-8 encoded octet stream containing the following: the MIME header name, a colon (":"), the MIME header value, and the result of
• 13.MIME header parameter names MUST be converted to lowercase [RFC2045].
• 14.MIME parameter values containing RFC2184 character set, language, and continuations MUST be decoded. The resulting canonical output MUST not contain the RFC2184 encoding [RFC2184].
• 15.Case-insensitive MIME header parameter values MUST be converted to lowercase. Case-sensitive MIME header parameter values MUST be left as is with respect to case [RFC2045].
• 16.Enclosing double-quotes MUST be added to MIME header parameter values that do not already contain enclosing quotes. Quoted characters other than double-quote and backslash ("\") in MIME header parameter values MUST be unquoted. Double-quote and backslash characters in MIME parameter values MUST be character encoded.
• 17.Canonicalization of a MIME header parameter MUST generate a UTF-8 encoded octet stream containing the following: a semi-colon (";"), the parameter name (lowercase), an equals sign ("="), and the double-quoted parameter value.
• 18.Each header MUST be terminated by a single CRLF pair, without any trailing whitespace.
• 19.The last header MUST be followed by a single CRLF and then the MIME content.

Since:

release specific (what release of product did this appear in)

Version:

$Header: entsec_ldap/java/src/oracle/security/xmlsec/wss/swa/MimeHeaderC14N.java /st_entsec_11.1.1.7.0/1 2012/11/01 06:55:07 abhyadav Exp $

Constructor Summary

MimeHeaderC14N()

Method Summary

static java.lang.String	canonicalizeContentDescription(java.lang.String contentDescription) Canonicalize the Content-Description by doing an RFC 2047 decode
static java.lang.String	canonicalizeContentDisposition(java.lang.String contentDisposition) Canonicalize the Content-Dispostion by removing any comments, lowercase the disposition type and parameter name, sorting the parameters by name, and uniformly putting in double quotes
static java.lang.String	canonicalizeContentId(java.lang.String contentId) Canonicalize the ContentId, by parsing the address into its constituent parts.
static java.lang.String	canonicalizeContentLocation(java.lang.String contentLocation, boolean decode) Canonicalize the Content-Location, by removing any comments and any folding white space, and optionally decoding it
static java.lang.String	canonicalizeContentType(java.lang.String contentType) Canonicalize the Content-Type, by lowercasing he type and subtype, sorting the parameters, and lowercasing the parameter names
static java.lang.String	canonicalizeHeader(java.lang.String header)
static java.lang.String	canonicalizeMimeHeaders(javax.xml.soap.AttachmentPart ap) Canonicalize the 5 mime headers in the following order Content-Description Content-Disposition Content-ID Content-Location Content-Type
static java.lang.String	canonicalizeParameterList(ParameterList plist)
static java.lang.String	quote(java.lang.String s)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MimeHeaderC14N

public MimeHeaderC14N()

Method Detail

canonicalizeContentLocation

public static java.lang.String canonicalizeContentLocation(java.lang.String contentLocation,
                                                           boolean decode)
                                                    throws ParseException,
                                                           java.io.UnsupportedEncodingException

Canonicalize the Content-Location, by removing any comments and any folding white space, and optionally decoding it

According to RFC 2557

   content-location := "Content-Location:" [CFWS] URI [CFWS] 
 

where CFWS is comments and folding white space. If the URI has any non ASCII characters they must be encoded according to RFC 2047.e.g

   =?ISO-8859-1?Q?Keld_J=F8rn_Simonsen?=
 

Parameters:

contentLocation - original header

decode - whether to decode the RFC 2047 encoding

Returns:

Throws:

ParseException

java.io.UnsupportedEncodingException

canonicalizeContentDisposition

public static java.lang.String canonicalizeContentDisposition(java.lang.String contentDisposition)
                                                       throws ParseException

Canonicalize the Content-Dispostion by removing any comments, lowercase the disposition type and parameter name, sorting the parameters by name, and uniformly putting in double quotes

Parameters:

contentDisposition - original header

decode -

Returns:

Throws:

ParseException

canonicalizeContentDescription

public static java.lang.String canonicalizeContentDescription(java.lang.String contentDescription)
                                                       throws java.io.UnsupportedEncodingException

Canonicalize the Content-Description by doing an RFC 2047 decode

Parameters:

contentDescription - original header

Returns:

Throws:

java.io.UnsupportedEncodingException

canonicalizeContentId

public static java.lang.String canonicalizeContentId(java.lang.String contentId)
                                              throws AddressException

Canonicalize the ContentId, by parsing the address into its constituent parts.

Parameters:

contentId - original header

Returns:

Throws:

AddressException

canonicalizeContentType

public static java.lang.String canonicalizeContentType(java.lang.String contentType)
                                                throws ParseException

Canonicalize the Content-Type, by lowercasing he type and subtype, sorting the parameters, and lowercasing the parameter names

Parameters:

contentType - original header

Returns:

Throws:

ParseException

canonicalizeParameterList

public static java.lang.String canonicalizeParameterList(ParameterList plist)

quote

public static java.lang.String quote(java.lang.String s)

canonicalizeHeader

public static java.lang.String canonicalizeHeader(java.lang.String header)

canonicalizeMimeHeaders

public static java.lang.String canonicalizeMimeHeaders(javax.xml.soap.AttachmentPart ap)
                                                throws java.io.UnsupportedEncodingException,
                                                       ParseException,
                                                       AddressException

Canonicalize the 5 mime headers in the following order

• Content-Description
• Content-Disposition
• Content-ID
• Content-Location
• Content-Type

Returns:

Throws:

java.io.UnsupportedEncodingException

ParseException

AddressException

Skip navigation links