changeset 54731:81de17a33575

8219013: Update Apache Santuario (XML Signature) to version 2.1.3 Reviewed-by: mullan
author weijun
date Tue, 07 May 2019 10:21:04 +0800
parents 8bca46822c05
children 2d012a75d35c
files src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/ECKeyValueResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/Reference.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/VerifiedReference.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathFilterCHGPContainer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Signature11ElementProxy.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java src/java.xml.crypto/share/legal/santuario.md
diffstat 62 files changed, 781 insertions(+), 194 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java	Tue May 07 10:21:04 2019 +0800
@@ -40,6 +40,7 @@
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import org.w3c.dom.Text;
 
 public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
@@ -325,12 +326,13 @@
             throw new IllegalArgumentException("element null");
         }
 
-        Text hmaclength =
-            XMLUtils.selectDsNodeText(element.getFirstChild(), Constants._TAG_HMACOUTPUTLENGTH, 0);
-
-        if (hmaclength != null) {
-            this.HMACOutputLength = Integer.parseInt(hmaclength.getData());
-            this.HMACOutputLengthSet = true;
+        Node n = XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_HMACOUTPUTLENGTH, 0);
+        if (n != null) {
+            String hmacLength = XMLUtils.getFullTextChildrenFromNode(n);
+            if (hmacLength != null && !"".equals(hmacLength)) {
+                this.HMACOutputLength = Integer.parseInt(hmacLength);
+                this.HMACOutputLengthSet = true;
+            }
         }
     }
 
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java	Tue May 07 10:21:04 2019 +0800
@@ -33,7 +33,6 @@
 import java.security.SignatureException;
 import java.security.interfaces.DSAKey;
 import java.security.spec.AlgorithmParameterSpec;
-import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
@@ -41,6 +40,7 @@
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 public class SignatureDSA extends SignatureAlgorithmSpi {
 
@@ -109,7 +109,7 @@
         throws XMLSignatureException {
         try {
             if (LOG.isDebugEnabled()) {
-                LOG.debug("Called DSA.verify() on " + Base64.getMimeEncoder().encodeToString(signature));
+                LOG.debug("Called DSA.verify() on " + XMLUtils.encodeToString(signature));
             }
 
             byte[] jcebytes = JavaUtils.convertDsaXMLDSIGtoASN1(signature,
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java	Tue May 07 10:21:04 2019 +0800
@@ -33,12 +33,12 @@
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.spec.AlgorithmParameterSpec;
-import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 /**
  *
@@ -132,7 +132,7 @@
             byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
 
             if (LOG.isDebugEnabled()) {
-                LOG.debug("Called ECDSA.verify() on " + Base64.getMimeEncoder().encodeToString(signature));
+                LOG.debug("Called ECDSA.verify() on " + XMLUtils.encodeToString(signature));
             }
 
             return this.signatureAlgorithm.verify(jcebytes);
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java	Tue May 07 10:21:04 2019 +0800
@@ -331,7 +331,7 @@
                     ns.addMapping(NName, NValue, attribute);
                 }
             } else if (XML_LANG_URI.equals(attribute.getNamespaceURI())
-                && (!c14n11 || c14n11 && !"id".equals(NName))) {
+                && (!c14n11 || !"id".equals(NName))) {
                 xmlattrStack.addXmlnsAttr(attribute);
             }
         }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java	Tue May 07 10:21:04 2019 +0800
@@ -342,7 +342,7 @@
     protected void circumventBugIfNeeded(XMLSignatureInput input)
         throws CanonicalizationException, ParserConfigurationException,
                IOException, SAXException {
-        if (!input.isNeedsToBeExpanded() || inclusiveNSSet.isEmpty() || inclusiveNSSet.isEmpty()) {
+        if (!input.isNeedsToBeExpanded() || inclusiveNSSet.isEmpty()) {
             return;
         }
         Document doc = null;
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java	Tue May 07 10:21:04 2019 +0800
@@ -50,7 +50,6 @@
 import com.sun.org.apache.xml.internal.security.transforms.Transforms;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.ElementProxy;
-import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java	Tue May 07 10:21:04 2019 +0800
@@ -26,6 +26,7 @@
 
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.DSAKeyValue;
+import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.ECKeyValue;
 import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.RSAKeyValue;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
@@ -107,9 +108,14 @@
 
             appendSelf(rsa);
             addReturnToSelf();
+        } else if (pk instanceof java.security.interfaces.ECPublicKey) {
+            ECKeyValue ec = new ECKeyValue(getDocument(), pk);
+
+            appendSelf(ec);
+            addReturnToSelf();
         } else {
             String error = "The given PublicKey type " + pk + " is not supported. Only DSAPublicKey and "
-                + "RSAPublicKey types are currently supported";
+                + "RSAPublicKey and ECPublicKey types are currently supported";
             throw new IllegalArgumentException(error);
         }
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/ECKeyValue.java	Tue May 07 10:21:04 2019 +0800
@@ -0,0 +1,366 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.keys.content.keyvalues;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.EllipticCurve;
+import java.security.spec.InvalidKeySpecException;
+import java.util.Arrays;
+
+import javax.xml.crypto.MarshalException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+
+import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
+import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.I18n;
+import com.sun.org.apache.xml.internal.security.utils.Signature11ElementProxy;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
+
+public class ECKeyValue extends Signature11ElementProxy implements KeyValueContent {
+
+    /* Supported curve, secp256r1 */
+    private static final Curve SECP256R1 = initializeCurve(
+        "secp256r1 [NIST P-256, X9.62 prime256v1]",
+        "1.2.840.10045.3.1.7",
+        "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+        "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+        "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+        "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+        "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+        "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+        1
+    );
+
+    /* Supported curve secp384r1 */
+    private static final Curve SECP384R1 = initializeCurve(
+        "secp384r1 [NIST P-384]",
+        "1.3.132.0.34",
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+        "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+        "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+        "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+        1
+    );
+
+    /* Supported curve secp521r1 */
+    private static final Curve SECP521R1 = initializeCurve(
+        "secp521r1 [NIST P-521]",
+        "1.3.132.0.35",
+        "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+        "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+        "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+        "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+        "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+        "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+        1
+    );
+
+    private static Curve initializeCurve(String name, String oid,
+            String sfield, String a, String b,
+            String x, String y, String n, int h) {
+        BigInteger p = bigInt(sfield);
+        ECField field = new ECFieldFp(p);
+        EllipticCurve curve = new EllipticCurve(field, bigInt(a),
+                                                bigInt(b));
+        ECPoint g = new ECPoint(bigInt(x), bigInt(y));
+        return new Curve(name, oid, curve, g, bigInt(n), h);
+    }
+
+
+    /**
+     * Constructor DSAKeyValue
+     *
+     * @param element
+     * @param baseURI
+     * @throws XMLSecurityException
+     */
+    public ECKeyValue(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
+    }
+
+    /**
+     * Constructor DSAKeyValue
+     *
+     * @param doc
+     * @param key
+     * @throws IllegalArgumentException
+     */
+    public ECKeyValue(Document doc, Key key) throws IllegalArgumentException {
+        super(doc);
+
+        addReturnToSelf();
+
+        if (key instanceof ECPublicKey) {
+            ECParameterSpec ecParams = ((ECPublicKey)key).getParams();
+
+            // NamedCurve
+            String oid = getCurveOid(ecParams);
+            if (oid == null) {
+                throw new IllegalArgumentException("Invalid ECParameterSpec");
+            }
+
+            Element namedCurveElement = XMLUtils.createElementInSignature11Space(getDocument(), "NamedCurve");
+            namedCurveElement.setAttributeNS(null, "URI", "urn:oid:" + oid);
+            appendSelf(namedCurveElement);
+            addReturnToSelf();
+
+            // PublicKey
+            ECPoint ecPoint = ((ECPublicKey)key).getW();
+            byte[] secPublicKey = encodePoint(ecPoint, ecParams.getCurve());
+            String encoded = XMLUtils.encodeToString(secPublicKey);
+            Element publicKeyElement = XMLUtils.createElementInSignature11Space(getDocument(), "PublicKey");
+            Text text = getDocument().createTextNode(encoded);
+
+            publicKeyElement.appendChild(text);
+
+            appendSelf(publicKeyElement);
+            addReturnToSelf();
+
+        } else {
+            Object[] exArgs = { Constants._TAG_ECKEYVALUE, key.getClass().getName() };
+
+            throw new IllegalArgumentException(I18n.translate("KeyValue.IllegalArgument", exArgs));
+        }
+    }
+
+    /** {@inheritDoc} */
+    public PublicKey getPublicKey() throws XMLSecurityException {
+        try {
+            ECParameterSpec ecParams = null;
+            Element curElem = getFirstChildElement(getElement());
+            if (curElem == null) {
+                throw new MarshalException("KeyValue must contain at least one type");
+            }
+
+            if ("ECParameters".equals(curElem.getLocalName())
+                && Constants.SignatureSpec11NS.equals(curElem.getNamespaceURI())) {
+                throw new UnsupportedOperationException
+                    ("ECParameters not supported");
+            } else if ("NamedCurve".equals(curElem.getLocalName())
+                && Constants.SignatureSpec11NS.equals(curElem.getNamespaceURI())) {
+                String uri = null;
+                if (curElem.hasAttributeNS(null, "URI")) {
+                    uri = curElem.getAttributeNS(null, "URI");
+                }
+                // strip off "urn:oid"
+                if (uri.startsWith("urn:oid:")) {
+                    String oid = uri.substring("urn:oid:".length());
+                    ecParams = getECParameterSpec(oid);
+                    if (ecParams == null) {
+                        throw new MarshalException("Invalid curve OID");
+                    }
+                } else {
+                    throw new MarshalException("Invalid NamedCurve URI");
+                }
+            } else {
+                throw new MarshalException("Invalid ECKeyValue");
+            }
+            curElem = getNextSiblingElement(curElem, "PublicKey", Constants.SignatureSpec11NS);
+            ECPoint ecPoint = null;
+
+            try {
+                String content = XMLUtils.getFullTextChildrenFromNode(curElem);
+                ecPoint = decodePoint(XMLUtils.decode(content), ecParams.getCurve());
+            } catch (IOException ioe) {
+                throw new MarshalException("Invalid EC Point", ioe);
+            }
+
+            ECPublicKeySpec spec = new ECPublicKeySpec(ecPoint, ecParams);
+            return KeyFactory.getInstance("EC").generatePublic(spec);
+        } catch (NoSuchAlgorithmException ex) {
+            throw new XMLSecurityException(ex);
+        } catch (InvalidKeySpecException ex) {
+            throw new XMLSecurityException(ex);
+        } catch (MarshalException ex) {
+            throw new XMLSecurityException(ex);
+        }
+    }
+
+    /** {@inheritDoc} */
+    public String getBaseLocalName() {
+        return Constants._TAG_ECKEYVALUE;
+    }
+
+    private static Element getFirstChildElement(Node node) {
+        Node child = node.getFirstChild();
+        while (child != null && child.getNodeType() != Node.ELEMENT_NODE) {
+            child = child.getNextSibling();
+        }
+        return (Element)child;
+    }
+
+    private static Element getNextSiblingElement(Node node, String localName, String namespaceURI)
+        throws MarshalException
+    {
+        return verifyElement(getNextSiblingElement(node), localName, namespaceURI);
+    }
+
+    private static Element getNextSiblingElement(Node node) {
+        Node sibling = node.getNextSibling();
+        while (sibling != null && sibling.getNodeType() != Node.ELEMENT_NODE) {
+            sibling = sibling.getNextSibling();
+        }
+        return (Element)sibling;
+    }
+
+    private static Element verifyElement(Element elem, String localName, String namespaceURI)
+        throws MarshalException
+    {
+        if (elem == null) {
+            throw new MarshalException("Missing " + localName + " element");
+        }
+        String name = elem.getLocalName();
+        String namespace = elem.getNamespaceURI();
+        if (!name.equals(localName) || namespace == null && namespaceURI != null
+            || namespace != null && !namespace.equals(namespaceURI)) {
+            throw new MarshalException("Invalid element name: " +
+                namespace + ":" + name + ", expected " + namespaceURI + ":" + localName);
+        }
+        return elem;
+    }
+
+    private static String getCurveOid(ECParameterSpec params) {
+        // Check that the params represent one of the supported
+        // curves. If there is a match, return the object identifier
+        // of the curve.
+        Curve match;
+        if (matchCurve(params, SECP256R1)) {
+            match = SECP256R1;
+        } else if (matchCurve(params, SECP384R1)) {
+            match = SECP384R1;
+        } else if (matchCurve(params, SECP521R1)) {
+            match = SECP521R1;
+        } else {
+            return null;
+        }
+        return match.getObjectId();
+    }
+
+    private static boolean matchCurve(ECParameterSpec params, Curve curve) {
+        int fieldSize = params.getCurve().getField().getFieldSize();
+        return curve.getCurve().getField().getFieldSize() == fieldSize
+            && curve.getCurve().equals(params.getCurve())
+            && curve.getGenerator().equals(params.getGenerator())
+            && curve.getOrder().equals(params.getOrder())
+            && curve.getCofactor() == params.getCofactor();
+    }
+
+    private static ECPoint decodePoint(byte[] data, EllipticCurve curve)
+        throws IOException {
+        if (data.length == 0 || data[0] != 4) {
+            throw new IOException("Only uncompressed point format " +
+                "supported");
+        }
+        // Per ANSI X9.62, an encoded point is a 1 byte type followed by
+        // ceiling(LOG base 2 field-size / 8) bytes of x and the same of y.
+        int n = (data.length - 1) / 2;
+        if (n != (curve.getField().getFieldSize() + 7) >> 3) {
+            throw new IOException("Point does not match field size");
+        }
+
+        byte[] xb = Arrays.copyOfRange(data, 1, 1 + n);
+        byte[] yb = Arrays.copyOfRange(data, n + 1, n + 1 + n);
+
+        return new ECPoint(new BigInteger(1, xb), new BigInteger(1, yb));
+    }
+
+    private static byte[] encodePoint(ECPoint point, EllipticCurve curve) {
+        // get field size in bytes (rounding up)
+        int n = (curve.getField().getFieldSize() + 7) >> 3;
+        byte[] xb = trimZeroes(point.getAffineX().toByteArray());
+        byte[] yb = trimZeroes(point.getAffineY().toByteArray());
+        if (xb.length > n || yb.length > n) {
+            throw new RuntimeException("Point coordinates do not " +
+                                       "match field size");
+        }
+        byte[] b = new byte[1 + (n << 1)];
+        b[0] = 4; // uncompressed
+        System.arraycopy(xb, 0, b, n - xb.length + 1, xb.length);
+        System.arraycopy(yb, 0, b, b.length - yb.length, yb.length);
+        return b;
+    }
+
+    private static byte[] trimZeroes(byte[] b) {
+        int i = 0;
+        while (i < b.length - 1 && b[i] == 0) {
+            i++;
+        }
+        if (i == 0) {
+            return b;
+        }
+        return Arrays.copyOfRange(b, i, b.length);
+    }
+
+    private static ECParameterSpec getECParameterSpec(String oid) {
+        if (oid.equals(SECP256R1.getObjectId())) {
+            return SECP256R1;
+        } else if (oid.equals(SECP384R1.getObjectId())) {
+            return SECP384R1;
+        } else if (oid.equals(SECP521R1.getObjectId())) {
+            return SECP521R1;
+        } else {
+            return null;
+        }
+    }
+
+    static final class Curve extends ECParameterSpec {
+        private final String name;
+        private final String oid;
+
+        Curve(String name, String oid, EllipticCurve curve,
+              ECPoint g, BigInteger n, int h) {
+            super(curve, g, n, h);
+            this.name = name;
+            this.oid = oid;
+        }
+
+        private String getName() {
+            return name;
+        }
+
+        private String getObjectId() {
+            return oid;
+        }
+    }
+
+    private static BigInteger bigInt(String s) {
+        return new BigInteger(s, 16);
+    }
+}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java	Tue May 07 10:21:04 2019 +0800
@@ -24,18 +24,18 @@
 
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
-import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 /**
  * Handles SubjectKeyIdentifier (SKI) for X.509v3.
  *
- * @see <A HREF="http://docs.oracle.com/javase/1.5.0/docs/api/java/security/cert/X509Extension.html">
+ * @see <A HREF="http://docs.oracle.com/javase/8/docs/api/java/security/cert/X509Extension.html">
  * Interface X509Extension</A>
  */
 public class XMLX509SKI extends SignatureElementProxy implements XMLX509DataContent {
@@ -138,7 +138,7 @@
         System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
 
         if (LOG.isDebugEnabled()) {
-            LOG.debug("Base64 of SKI is " + Base64.getMimeEncoder().encodeToString(skidValue));
+            LOG.debug("Base64 of SKI is " + XMLUtils.encodeToString(skidValue));
         }
 
         return skidValue;
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java	Tue May 07 10:21:04 2019 +0800
@@ -33,6 +33,7 @@
 
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.DEREncodedKeyValueResolver;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.DSAKeyValueResolver;
+import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.ECKeyValueResolver;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.KeyInfoReferenceResolver;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.RSAKeyValueResolver;
 import com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.RetrievalMethodResolver;
@@ -295,6 +296,7 @@
         keyResolverList.add(new KeyResolver(new DEREncodedKeyValueResolver()));
         keyResolverList.add(new KeyResolver(new KeyInfoReferenceResolver()));
         keyResolverList.add(new KeyResolver(new X509DigestResolver()));
+        keyResolverList.add(new KeyResolver(new ECKeyValueResolver()));
 
         resolverVector.addAll(keyResolverList);
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/ECKeyValueResolver.java	Tue May 07 10:21:04 2019 +0800
@@ -0,0 +1,97 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations;
+
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
+import com.sun.org.apache.xml.internal.security.keys.content.keyvalues.ECKeyValue;
+import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi;
+import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver;
+import com.sun.org.apache.xml.internal.security.utils.Constants;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+public class ECKeyValueResolver extends KeyResolverSpi {
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ECKeyValueResolver.class);
+
+
+    /**
+     * Method engineResolvePublicKey
+     *
+     * @param element
+     * @param baseURI
+     * @param storage
+     * @return null if no {@link PublicKey} could be obtained
+     */
+    public PublicKey engineLookupAndResolvePublicKey(
+        Element element, String baseURI, StorageResolver storage
+    ) {
+        if (element == null) {
+            return null;
+        }
+        Element ecKeyElement = null;
+        boolean isKeyValue =
+            XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE);
+        if (isKeyValue) {
+            ecKeyElement =
+                XMLUtils.selectDs11Node(element.getFirstChild(), Constants._TAG_ECKEYVALUE, 0);
+        } else if (XMLUtils.elementIsInSignature11Space(element, Constants._TAG_ECKEYVALUE)) {
+            // this trick is needed to allow the RetrievalMethodResolver to eat a
+            // ds:ECKeyValue directly (without KeyValue)
+            ecKeyElement = element;
+        }
+
+        if (ecKeyElement == null) {
+            return null;
+        }
+
+        try {
+            ECKeyValue ecKeyValue = new ECKeyValue(ecKeyElement, baseURI);
+            return ecKeyValue.getPublicKey();
+        } catch (XMLSecurityException ex) {
+            LOG.debug(ex.getMessage(), ex);
+            //do nothing
+        }
+
+        return null;
+    }
+
+
+    /** {@inheritDoc} */
+    public X509Certificate engineLookupResolveX509Certificate(
+        Element element, String baseURI, StorageResolver storage
+    ) {
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    public javax.crypto.SecretKey engineLookupAndResolveSecretKey(
+        Element element, String baseURI, StorageResolver storage
+    ) {
+        return null;
+    }
+}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java	Tue May 07 10:21:04 2019 +0800
@@ -44,11 +44,12 @@
     public PublicKey engineLookupAndResolvePublicKey(
         Element element, String baseURI, StorageResolver storage
     ) {
-        LOG.debug("Can I resolve {}", element.getTagName());
         if (element == null) {
             return null;
         }
 
+        LOG.debug("Can I resolve {}", element.getTagName());
+
         boolean isKeyValue = XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_KEYVALUE);
         Element rsaKeyElement = null;
         if (isKeyValue) {
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java	Tue May 07 10:21:04 2019 +0800
@@ -35,12 +35,12 @@
 import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
-import java.util.Base64;
 import java.util.Iterator;
 import java.util.List;
 
 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolverException;
 import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolverSpi;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 /**
  * This {@link StorageResolverSpi} makes all raw (binary) {@link X509Certificate}s
@@ -207,7 +207,7 @@
 
             System.out.println();
             System.out.println("Base64(SKI())=                 \""
-                               + Base64.getMimeEncoder().encodeToString(ski) + "\"");
+                               + XMLUtils.encodeToString(ski) + "\"");
             System.out.println("cert.getSerialNumber()=        \""
                                + cert.getSerialNumber().toString() + "\"");
             System.out.println("cert.getSubjectX500Principal().getName()= \""
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml	Tue May 07 10:21:04 2019 +0800
@@ -643,6 +643,8 @@
                 DESCRIPTION="Uses an X509 SubjectName to retrieve a certificate from the storages" />
       <Resolver JAVACLASS="com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.X509IssuerSerialResolver"
                 DESCRIPTION="Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages" />
+      <Resolver JAVACLASS="com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.ECKeyValueResolver"
+                DESCRIPTION="Can extract EC public keys" />
    </KeyResolver>
  
    <PrefixMappings>
@@ -665,5 +667,7 @@
                      prefix="ec" />
       <PrefixMapping namespace="http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter"
                      prefix="xx" />
+       <PrefixMapping namespace="http://www.w3.org/2009/xmldsig11#"
+                     prefix="dsig11" />
    </PrefixMappings>
 </Configuration>
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java	Tue May 07 10:21:04 2019 +0800
@@ -23,7 +23,10 @@
 package com.sun.org.apache.xml.internal.security.signature;
 
 import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -56,19 +59,24 @@
 public class Manifest extends SignatureElementProxy {
 
     /**
-     * The maximum number of references per Manifest, if secure validation is enabled.
+     * The default maximum number of references per Manifest, if secure validation is enabled.
      */
     public static final int MAXIMUM_REFERENCE_COUNT = 30;
 
     private static final com.sun.org.slf4j.internal.Logger LOG =
         com.sun.org.slf4j.internal.LoggerFactory.getLogger(Manifest.class);
 
+    private static Integer referenceCount =
+        AccessController.doPrivileged(
+            (PrivilegedAction<Integer>) () -> Integer.parseInt(System.getProperty("com.sun.org.apache.xml.internal.security.maxReferences",
+                                                                Integer.toString(MAXIMUM_REFERENCE_COUNT))));
+
     /** Field references */
     private List<Reference> references;
     private Element[] referencesEl;
 
     /** Field verificationResults[] */
-    private boolean[] verificationResults;
+    private List<VerifiedReference> verificationResults;
 
     /** Field resolverProperties */
     private Map<String, String> resolverProperties;
@@ -135,8 +143,8 @@
                                    I18n.translate("xml.WrongContent", exArgs));
         }
 
-        if (secureValidation && le > MAXIMUM_REFERENCE_COUNT) {
-            Object exArgs[] = { le, MAXIMUM_REFERENCE_COUNT };
+        if (secureValidation && le > referenceCount) {
+            Object exArgs[] = { le, referenceCount };
 
             throw new XMLSecurityException("signature.tooManyReferences", exArgs);
         }
@@ -317,13 +325,13 @@
         if (referencesEl.length == 0) {
             throw new XMLSecurityException("empty", new Object[]{"References are empty"});
         }
-        if (secureValidation && referencesEl.length > MAXIMUM_REFERENCE_COUNT) {
-            Object exArgs[] = { referencesEl.length, MAXIMUM_REFERENCE_COUNT };
+        if (secureValidation && referencesEl.length > referenceCount) {
+            Object exArgs[] = { referencesEl.length, referenceCount };
 
             throw new XMLSecurityException("signature.tooManyReferences", exArgs);
         }
 
-        this.verificationResults = new boolean[referencesEl.length];
+        this.verificationResults = new ArrayList<>(referencesEl.length);
         boolean verify = true;
         for (int i = 0; i < this.referencesEl.length; i++) {
             Reference currentRef =
@@ -335,13 +343,13 @@
             try {
                 boolean currentRefVerified = currentRef.verify();
 
-                this.setVerificationResult(i, currentRefVerified);
-
                 if (!currentRefVerified) {
                     verify = false;
                 }
                 LOG.debug("The Reference has Type {}", currentRef.getType());
 
+                List<VerifiedReference> manifestReferences = Collections.emptyList();
+
                 // was verification successful till now and do we want to verify the Manifest?
                 if (verify && followManifests && currentRef.typeIsReferenceToManifest()) {
                     LOG.debug("We have to follow a nested Manifest");
@@ -393,6 +401,8 @@
                         } else {
                             LOG.debug("The nested Manifest was valid (good)");
                         }
+
+                        manifestReferences = referencedManifest.getVerificationResults();
                     } catch (IOException ex) {
                         throw new ReferenceNotInitializedException(ex);
                     } catch (ParserConfigurationException ex) {
@@ -401,6 +411,8 @@
                         throw new ReferenceNotInitializedException(ex);
                     }
                 }
+
+                verificationResults.add(new VerifiedReference(currentRefVerified, currentRef.getURI(), manifestReferences));
             } catch (ReferenceNotInitializedException ex) {
                 Object exArgs[] = { currentRef.getURI() };
 
@@ -414,20 +426,6 @@
     }
 
     /**
-     * Method setVerificationResult
-     *
-     * @param index
-     * @param verify
-     */
-    private void setVerificationResult(int index, boolean verify) {
-        if (this.verificationResults == null) {
-            this.verificationResults = new boolean[this.getLength()];
-        }
-
-        this.verificationResults[index] = verify;
-    }
-
-    /**
      * After verifying a {@link Manifest} or a {@link SignedInfo} using the
      * {@link Manifest#verifyReferences()} or {@link SignedInfo#verify()} methods,
      * the individual results can be retrieved with this method.
@@ -455,14 +453,24 @@
             }
         }
 
-        return this.verificationResults[index];
+        return ((ArrayList<VerifiedReference>)verificationResults).get(index).isValid();
+    }
+
+    /**
+     * Get the list of verification result objects
+     */
+    public List<VerifiedReference> getVerificationResults() {
+        if (verificationResults == null) {
+            return Collections.emptyList();
+        }
+        return Collections.unmodifiableList(verificationResults);
     }
 
     /**
      * Adds Resource Resolver for retrieving resources at specified {@code URI} attribute
      * in {@code reference} element
      *
-     * @param resolver {@link ResourceResolver} can provide the implemenatin subclass of
+     * @param resolver {@link ResourceResolver} can provide the implementation subclass of
      * {@link ResourceResolverSpi} for retrieving resource.
      */
     public void addResourceResolver(ResourceResolver resolver) {
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/Reference.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/Reference.java	Tue May 07 10:21:04 2019 +0800
@@ -26,7 +26,6 @@
 import java.io.OutputStream;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
-import java.util.Base64;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
@@ -396,7 +395,7 @@
             n = n.getNextSibling();
         }
 
-        String base64codedValue = Base64.getMimeEncoder().encodeToString(digestValue);
+        String base64codedValue = XMLUtils.encodeToString(digestValue);
         Text t = createText(base64codedValue);
 
         digestValueElement.appendChild(t);
@@ -723,12 +722,17 @@
             return getPreCalculatedDigest(input);
         }
 
+        cacheDereferencedElement(input);
+
         MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
         mda.reset();
 
         try (DigesterOutputStream diOs = new DigesterOutputStream(mda);
             OutputStream os = new UnsyncBufferedOutputStream(diOs)) {
-            XMLSignatureInput output = this.dereferenceURIandPerformTransforms(os);
+
+            XMLSignatureInput output = this.getContentsAfterTransformation(input, os);
+            this.transformsOutput = output;
+
             // if signing and c14n11 property == true explicitly add
             // C14N11 transform if needed
             if (Reference.useC14N11 && !validating && !output.isOutputStreamSet()
@@ -772,7 +776,7 @@
             throws ReferenceNotInitializedException {
         LOG.debug("Verifying element with pre-calculated digest");
         String preCalculatedDigest = input.getPreCalculatedDigest();
-        return Base64.getMimeDecoder().decode(preCalculatedDigest);
+        return XMLUtils.decode(preCalculatedDigest);
     }
 
     /**
@@ -789,8 +793,8 @@
                 "signature.Verification.NoSignatureElement", exArgs
             );
         }
-        String content = XMLUtils.getFullTextChildrenFromElement(digestValueElement);
-        return Base64.getMimeDecoder().decode(content);
+        String content = XMLUtils.getFullTextChildrenFromNode(digestValueElement);
+        return XMLUtils.decode(content);
     }
 
 
@@ -809,8 +813,8 @@
 
         if (!equal) {
             LOG.warn("Verification failed for URI \"" + this.getURI() + "\"");
-            LOG.warn("Expected Digest: " + Base64.getMimeEncoder().encodeToString(elemDig));
-            LOG.warn("Actual Digest: " + Base64.getMimeEncoder().encodeToString(calcDig));
+            LOG.warn("Expected Digest: " + XMLUtils.encodeToString(elemDig));
+            LOG.warn("Actual Digest: " + XMLUtils.encodeToString(calcDig));
         } else {
             LOG.debug("Verification successful for URI \"{}\"", this.getURI());
         }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/VerifiedReference.java	Tue May 07 10:21:04 2019 +0800
@@ -0,0 +1,64 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.signature;
+
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * Holds the result of a Reference validation.
+ */
+public class VerifiedReference {
+
+    private final boolean valid;
+    private final String uri;
+    private final List<VerifiedReference> manifestReferences;
+
+    /**
+     * @param valid Whether this Reference was successfully validated or not
+     * @param uri The URI of this Reference
+     * @param manifestReferences If this reference is a reference to a Manifest, this holds the list
+     * of verified referenes associated with this Manifest
+     */
+    public VerifiedReference(boolean valid, String uri, List<VerifiedReference> manifestReferences) {
+        this.valid = valid;
+        this.uri = uri;
+        if (manifestReferences != null) {
+            this.manifestReferences = manifestReferences;
+        } else {
+            this.manifestReferences = Collections.emptyList();
+        }
+    }
+
+    public boolean isValid() {
+        return valid;
+    }
+
+    public String getUri() {
+        return uri;
+    }
+
+    public List<VerifiedReference> getManifestReferences() {
+        return Collections.unmodifiableList(manifestReferences);
+    }
+}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java	Tue May 07 10:21:04 2019 +0800
@@ -27,7 +27,6 @@
 import java.security.Key;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
-import java.util.Base64;
 
 import javax.crypto.SecretKey;
 
@@ -504,8 +503,8 @@
      * @throws XMLSignatureException If there is no content
      */
     public byte[] getSignatureValue() throws XMLSignatureException {
-        String content = XMLUtils.getFullTextChildrenFromElement(signatureValueElement);
-        return Base64.getMimeDecoder().decode(content);
+        String content = XMLUtils.getFullTextChildrenFromNode(signatureValueElement);
+        return XMLUtils.decode(content);
     }
 
     /**
@@ -520,7 +519,7 @@
             signatureValueElement.removeChild(signatureValueElement.getFirstChild());
         }
 
-        String base64codedValue = Base64.getMimeEncoder().encodeToString(bytes);
+        String base64codedValue = XMLUtils.encodeToString(bytes);
 
         if (base64codedValue.length() > 76 && !XMLUtils.ignoreLineBreaks()) {
             base64codedValue = "\n" + base64codedValue + "\n";
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java	Tue May 07 10:21:04 2019 +0800
@@ -24,7 +24,6 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.Base64;
 
 import javax.xml.parsers.ParserConfigurationException;
 
@@ -109,12 +108,12 @@
             StringBuilder sb = new StringBuilder();
             traverseElement((Element)el, sb);
             if (os == null) {
-                byte[] decodedBytes = Base64.getMimeDecoder().decode(sb.toString());
+                byte[] decodedBytes = XMLUtils.decode(sb.toString());
                 XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
                 output.setSecureValidation(secureValidation);
                 return output;
             }
-            byte[] bytes = Base64.getMimeDecoder().decode(sb.toString());
+            byte[] bytes = XMLUtils.decode(sb.toString());
             os.write(bytes);
             XMLSignatureInput output = new XMLSignatureInput((byte[])null);
             output.setSecureValidation(secureValidation);
@@ -125,17 +124,17 @@
         if (input.isOctetStream() || input.isNodeSet()) {
             if (os == null) {
                 byte[] base64Bytes = input.getBytes();
-                byte[] decodedBytes = Base64.getMimeDecoder().decode(base64Bytes);
+                byte[] decodedBytes = XMLUtils.decode(base64Bytes);
                 XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
                 output.setSecureValidation(secureValidation);
                 return output;
             }
             if (input.isByteArray() || input.isNodeSet()) {
-                byte[] bytes = Base64.getMimeDecoder().decode(input.getBytes());
+                byte[] bytes = XMLUtils.decode(input.getBytes());
                 os.write(bytes);
             } else {
                 byte[] inputBytes = JavaUtils.getBytesFromStream(input.getOctetStreamReal());
-                byte[] bytes = Base64.getMimeDecoder().decode(inputBytes);
+                byte[] bytes = XMLUtils.decode(inputBytes);
                 os.write(bytes);
             }
             XMLSignatureInput output = new XMLSignatureInput((byte[])null);
@@ -153,7 +152,7 @@
             Element rootNode = doc.getDocumentElement();
             StringBuilder sb = new StringBuilder();
             traverseElement(rootNode, sb);
-            byte[] decodedBytes = Base64.getMimeDecoder().decode(sb.toString());
+            byte[] decodedBytes = XMLUtils.decode(sb.toString());
             XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
             output.setSecureValidation(secureValidation);
             return output;
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java	Tue May 07 10:21:04 2019 +0800
@@ -84,7 +84,10 @@
 
             Element xsltElement =
                 XMLUtils.selectNode(transformElement.getFirstChild(), XSLTSpecNS, "stylesheet", 0);
-
+            if (xsltElement == null) {
+                xsltElement =
+                    XMLUtils.selectNode(transformElement.getFirstChild(), XSLTSpecNS, "transform", 0);
+            }
             if (xsltElement == null) {
                 Object exArgs[] = { "xslt:stylesheet", "Transform" };
 
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathFilterCHGPContainer.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathFilterCHGPContainer.java	Tue May 07 10:21:04 2019 +0800
@@ -30,6 +30,7 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
+import org.w3c.dom.Text;
 
 /**
  * Implements the parameters for a custom Transform which has a better performance
@@ -204,7 +205,7 @@
                 getElement().getFirstChild(), this.getBaseNamespace(), type, 0
             );
 
-        return XMLUtils.getFullTextChildrenFromElement(xElem);
+        return XMLUtils.getFullTextChildrenFromNode(xElem);
     }
 
     /**
@@ -258,11 +259,23 @@
             return null;
         }
 
-        return XMLUtils.selectNodeText(
+        return selectNodeText(
             getFirstChild(), this.getBaseNamespace(), type, 0
         );
     }
 
+    private static Text selectNodeText(Node sibling, String uri, String nodeName, int number) {
+        Node n = XMLUtils.selectNode(sibling, uri, nodeName, number);
+        if (n == null) {
+            return null;
+        }
+        n = n.getFirstChild();
+        while (n != null && n.getNodeType() != Node.TEXT_NODE) {
+            n = n.getNextSibling();
+        }
+        return (Text)n;
+    }
+
     /**
      * Method getHereContextNodeIncludeButSearch
      *
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java	Tue May 07 10:21:04 2019 +0800
@@ -210,6 +210,9 @@
     /** Tag of Element J **/
     public static final String _TAG_J = "J";
 
+    /** Tag of Element ECKeyValue **/
+    public static final String _TAG_ECKEYVALUE = "ECKeyValue";
+
     /** Tag of Element Seed **/
     public static final String _TAG_SEED = "Seed";
 
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java	Tue May 07 10:21:04 2019 +0800
@@ -24,7 +24,6 @@
 
 import java.math.BigInteger;
 import java.util.concurrent.ConcurrentHashMap;
-import java.util.Base64;
 import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
@@ -267,7 +266,7 @@
             Element e = XMLUtils.createElementInSignatureSpace(getDocument(), localname);
 
             byte[] bytes = XMLUtils.getBytes(bi, bi.bitLength());
-            String encodedInt = Base64.getMimeEncoder().encodeToString(bytes);
+            String encodedInt = XMLUtils.encodeToString(bytes);
 
             Document doc = e.getOwnerDocument();
             Text text = doc.createTextNode(encodedInt);
@@ -292,7 +291,7 @@
     public void addBase64Element(byte[] bytes, String localname) {
         if (bytes != null) {
             Element el = XMLUtils.createElementInSignatureSpace(getDocument(), localname);
-            Text text = getDocument().createTextNode(Base64.getMimeEncoder().encodeToString(bytes));
+            Text text = getDocument().createTextNode(XMLUtils.encodeToString(bytes));
 
             el.appendChild(text);
 
@@ -326,8 +325,8 @@
     public void addBase64Text(byte[] bytes) {
         if (bytes != null) {
             Text t = XMLUtils.ignoreLineBreaks()
-                ? createText(Base64.getMimeEncoder().encodeToString(bytes))
-                : createText("\n" + Base64.getMimeEncoder().encodeToString(bytes) + "\n");
+                ? createText(XMLUtils.encodeToString(bytes))
+                : createText("\n" + XMLUtils.encodeToString(bytes) + "\n");
             appendSelf(t);
         }
     }
@@ -367,11 +366,11 @@
     public BigInteger getBigIntegerFromChildElement(
         String localname, String namespace
     ) {
-        return new BigInteger(1, Base64.getMimeDecoder().decode(
-            XMLUtils.selectNodeText(
-                getFirstChild(), namespace, localname, 0
-            ).getNodeValue()
-        ));
+        Node n = XMLUtils.selectNode(getFirstChild(), namespace, localname, 0);
+        if (n != null) {
+            return new BigInteger(1, XMLUtils.decode(XMLUtils.getFullTextChildrenFromNode(n)));
+        }
+        return null;
     }
 
     /**
@@ -396,7 +395,7 @@
      * @throws XMLSecurityException
      */
     public byte[] getBytesFromTextChild() throws XMLSecurityException {
-        return Base64.getMimeDecoder().decode(getTextFromTextChild());
+        return XMLUtils.decode(getTextFromTextChild());
     }
 
     /**
@@ -406,7 +405,7 @@
      *    element
      */
     public String getTextFromTextChild() {
-        return XMLUtils.getFullTextChildrenFromElement(getElement());
+        return XMLUtils.getFullTextChildrenFromNode(getElement());
     }
 
     /**
@@ -498,8 +497,9 @@
 
         if (Constants.SignatureSpecNS.equals(namespace)) {
             XMLUtils.setDsPrefix(prefix);
-        }
-        if (EncryptionConstants.EncryptionSpecNS.equals(namespace)) {
+        } else if (Constants.SignatureSpec11NS.equals(namespace)) {
+            XMLUtils.setDs11Prefix(prefix);
+        } else if (EncryptionConstants.EncryptionSpecNS.equals(namespace)) {
             XMLUtils.setXencPrefix(prefix);
         }
         prefixMappings.put(namespace, prefix);
@@ -519,6 +519,7 @@
         setNamespacePrefix(
             "http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter", "xx"
         );
+        setNamespacePrefix("http://www.w3.org/2009/xmldsig11#", "dsig11");
     }
 
     /**
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Signature11ElementProxy.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Signature11ElementProxy.java	Tue May 07 10:21:04 2019 +0800
@@ -47,6 +47,13 @@
 
         setDocument(doc);
         setElement(XMLUtils.createElementInSignature11Space(doc, this.getBaseLocalName()));
+
+        String prefix = ElementProxy.getDefaultPrefix(getBaseNamespace());
+        if (prefix == null || prefix.length() == 0) {
+            getElement().setAttributeNS(Constants.NamespaceSpecNS, "xmlns", getBaseNamespace());
+        } else {
+            getElement().setAttributeNS(Constants.NamespaceSpecNS, "xmlns:" + prefix, getBaseNamespace());
+        }
     }
 
     /**
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java	Tue May 07 10:21:04 2019 +0800
@@ -254,16 +254,21 @@
         }
     }
 
+    @Deprecated
+    public static String getFullTextChildrenFromElement(Element element) {
+        return getFullTextChildrenFromNode(element);
+    }
+
     /**
-     * Method getFullTextChildrenFromElement
+     * Method getFullTextChildrenFromNode
      *
-     * @param element
+     * @param node
      * @return the string of children
      */
-    public static String getFullTextChildrenFromElement(Element element) {
+    public static String getFullTextChildrenFromNode(Node node) {
         StringBuilder sb = new StringBuilder();
 
-        Node child = element.getFirstChild();
+        Node child = node.getFirstChild();
         while (child != null) {
             if (child.getNodeType() == Node.TEXT_NODE) {
                 sb.append(((Text)child).getData());
@@ -682,7 +687,7 @@
         while (sibling != null) {
             if (sibling.getNamespaceURI() != null && sibling.getNamespaceURI().equals(uri)
                 && sibling.getLocalName().equals(nodeName)) {
-                if (number == 0){
+                if (number == 0) {
                     return (Element)sibling;
                 }
                 number--;
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java	Tue May 07 10:21:04 2019 +0800
@@ -97,7 +97,7 @@
 
                 LOG.debug("check resolvability by class {}", resolverTmp.getClass().getName());
 
-                if (resolverTmp != null && resolverTmp.canResolve(context)) {
+                if (resolverTmp.canResolve(context)) {
                     // Check to see whether the Resolver is allowed
                     if (context.secureValidation
                         && (resolverTmp.resolverSpi instanceof ResolverLocalFilesystem
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java	Tue May 07 10:21:04 2019 +0800
@@ -33,9 +33,9 @@
 import java.net.URL;
 import java.net.URLConnection;
 import java.nio.charset.StandardCharsets;
-import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverContext;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
@@ -57,7 +57,7 @@
  * </PRE>
  *
  * @see <A HREF="http://www.javaworld.com/javaworld/javatips/jw-javatip42_p.html">Java Tip 42: Write Java apps that work with proxy-based firewalls</A>
- * @see <A HREF="http://docs.oracle.com/javase/1.4.2/docs/guide/net/properties.html">SUN J2SE docs for network properties</A>
+ * @see <A HREF="https://docs.oracle.com/javase/8/docs/technotes/guides/net/properties.html">JDK docs for network properties</A>
  * @see <A HREF="http://metalab.unc.edu/javafaq/javafaq.html#proxy">The JAVA FAQ Question 9.5: How do I make Java work with a proxy server?</A>
  */
 public class ResolverDirectHTTP extends ResourceResolverSpi {
@@ -122,7 +122,7 @@
                     urlConnection = openConnection(url);
 
                     String password = user + ":" + pass;
-                    String encodedPassword = Base64.getMimeEncoder().encodeToString(password.getBytes(StandardCharsets.ISO_8859_1));
+                    String encodedPassword = XMLUtils.encodeToString(password.getBytes(StandardCharsets.ISO_8859_1));
 
                     // set authentication property in the http header
                     urlConnection.setRequestProperty("Authorization",
@@ -187,7 +187,7 @@
 
             if (proxyUser != null && proxyPass != null) {
                 String password = proxyUser + ":" + proxyPass;
-                String authString = "Basic " + Base64.getMimeEncoder().encodeToString(password.getBytes(StandardCharsets.ISO_8859_1));
+                String authString = "Basic " + XMLUtils.encodeToString(password.getBytes(StandardCharsets.ISO_8859_1));
 
                 urlConnection.setRequestProperty("Proxy-Authorization", authString);
             }
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: ApacheCanonicalizer.java 1785016 2017-03-01 18:23:48Z coheigea $
+ * $Id: ApacheCanonicalizer.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: ApacheOctetStreamData.java 1667527 2015-03-18 12:54:20Z mullan $
+ * $Id: ApacheOctetStreamData.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: ApacheTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: ApacheTransform.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMCanonicalXMLC14NMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMCanonicalXMLC14NMethod.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java	Tue May 07 10:21:04 2019 +0800
@@ -1,3 +1,7 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
@@ -17,7 +21,7 @@
  * under the License.
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * $Id$
@@ -33,16 +37,16 @@
 import org.w3c.dom.Text;
 
 /**
- * A DOM-based representation of the XML <code>CryptoBinary</code> simple type
+ * A DOM-based representation of the XML {@code CryptoBinary} simple type
  * as defined in the W3C specification for XML-Signature Syntax and Processing.
  * The XML Schema Definition is defined as:
  *
- * <xmp>
+ * <pre>{@code
  * <simpleType name="CryptoBinary">
  *   <restriction base = "base64Binary">
  *   </restriction>
  * </simpleType>
- * </xmp>
+ * }</pre>
  *
  * @author Sean Mullan
  */
@@ -52,11 +56,11 @@
     private final String value;
 
     /**
-     * Create a <code>DOMCryptoBinary</code> instance from the specified
-     * <code>BigInteger</code>
+     * Create a {@code DOMCryptoBinary} instance from the specified
+     * {@code BigInteger}
      *
      * @param bigNum the arbitrary-length integer
-     * @throws NullPointerException if <code>bigNum</code> is <code>null</code>
+     * @throws NullPointerException if {@code bigNum} is {@code null}
      */
     public DOMCryptoBinary(BigInteger bigNum) {
         if (bigNum == null) {
@@ -69,7 +73,7 @@
     }
 
     /**
-     * Creates a <code>DOMCryptoBinary</code> from a node.
+     * Creates a {@code DOMCryptoBinary} from a node.
      *
      * @param cbNode a CryptoBinary text node
      * @throws MarshalException if value cannot be decoded (invalid format)
@@ -84,9 +88,9 @@
     }
 
     /**
-     * Returns the <code>BigInteger</code> that this object contains.
+     * Returns the {@code BigInteger} that this object contains.
      *
-     * @return the <code>BigInteger</code> that this object contains
+     * @return the {@code BigInteger} that this object contains
      */
     public BigInteger getBigNum() {
         return bigNum;
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMDigestMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMDigestMethod.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMEnvelopedTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMEnvelopedTransform.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMExcC14NMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMExcC14NMethod.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMHMACSignatureMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMHMACSignatureMethod.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMKeyInfo.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMKeyInfo.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMKeyInfoFactory.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMKeyInfoFactory.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMKeyName.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMKeyName.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java	Tue May 07 10:21:04 2019 +0800
@@ -21,18 +21,13 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMKeyValue.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMKeyValue.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
-import javax.xml.crypto.*;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
-import javax.xml.crypto.dsig.keyinfo.KeyValue;
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.KeyException;
@@ -55,6 +50,11 @@
 import java.security.spec.RSAPublicKeySpec;
 import java.util.Arrays;
 
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dom.DOMCryptoContext;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -500,7 +500,7 @@
                 throw new MarshalException("Invalid ECParameterSpec");
             }
             DOMUtils.setAttribute(namedCurveElem, "URI", "urn:oid:" + oid);
-            String qname = (prefix == null || prefix.length() == 0)
+            String qname = prefix == null || prefix.length() == 0
                        ? "xmlns" : "xmlns:" + prefix;
             namedCurveElem.setAttributeNS("http://www.w3.org/2000/xmlns/",
                                           qname, XMLDSIG_11_XMLNS);
@@ -554,7 +554,7 @@
             ECPoint ecPoint = null;
 
             try {
-                String content = XMLUtils.getFullTextChildrenFromElement(curElem);
+                String content = XMLUtils.getFullTextChildrenFromNode(curElem);
                 ecPoint = decodePoint(XMLUtils.decode(content),
                                       ecParams.getCurve());
             } catch (IOException ioe) {
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMManifest.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMManifest.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMPGPData.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMPGPData.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -56,7 +56,7 @@
      * and optional list of external elements.
      *
      * @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
-     *    <a href="http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>. The
+     *    <a href="https://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>. The
      *    array is cloned to prevent subsequent modification.
      * @param other a list of {@link XMLStructure}s representing elements from
      *    an external namespace. The list is defensively copied to prevent
@@ -94,10 +94,10 @@
      * optional key packet and list of external elements.
      *
      * @param keyId a PGP public key id as defined in section 11.2 of
-     *    <a href="http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>. The
+     *    <a href="https://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a>. The
      *    array is cloned to prevent subsequent modification.
      * @param keyPacket a PGP Key Material Packet as defined in section 5.5 of
-     *    <a href="http://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a> (may
+     *    <a href="https://www.ietf.org/rfc/rfc2440.txt">RFC 2440</a> (may
      *    be {@code null}). The array is cloned to prevent subsequent
      *    modification.
      * @param other a list of {@link XMLStructure}s representing elements from
@@ -157,10 +157,10 @@
                 String localName = childElem.getLocalName();
                 String namespace = childElem.getNamespaceURI();
                 if ("PGPKeyID".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
-                    String content = XMLUtils.getFullTextChildrenFromElement(childElem);
+                    String content = XMLUtils.getFullTextChildrenFromNode(childElem);
                     pgpKeyId = XMLUtils.decode(content);
                 } else if ("PGPKeyPacket".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
-                    String content = XMLUtils.getFullTextChildrenFromElement(childElem);
+                    String content = XMLUtils.getFullTextChildrenFromNode(childElem);
                     pgpKeyPacket = XMLUtils.decode(content);
                 } else {
                     other.add
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java	Tue May 07 10:21:04 2019 +0800
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * ===========================================================================
@@ -31,7 +31,7 @@
  * ===========================================================================
  */
 /*
- * $Id: DOMReference.java 1803518 2017-07-31 11:02:52Z coheigea $
+ * $Id: DOMReference.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -56,7 +56,6 @@
 import org.jcp.xml.dsig.internal.DigesterOutputStream;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 
 /**
  * DOM-based implementation of Reference.
@@ -244,7 +243,7 @@
 
         // unmarshal DigestValue
         Element dvElem = DOMUtils.getNextSiblingElement(dmElem, "DigestValue", XMLSignature.XMLNS);
-        String content = XMLUtils.getFullTextChildrenFromElement(dvElem);
+        String content = XMLUtils.getFullTextChildrenFromNode(dvElem);
         this.digestValue = XMLUtils.decode(content);
 
         // check for extra elements
@@ -311,6 +310,7 @@
 
         refElem = DOMUtils.createElement(ownerDoc, "Reference",
                                          XMLSignature.XMLNS, dsPrefix);
+
         // set attributes
         DOMUtils.setAttributeID(refElem, "Id", id);
         DOMUtils.setAttribute(refElem, "URI", uri);
@@ -341,7 +341,6 @@
         if (digestValue != null) {
             digestValueElem.appendChild
                 (ownerDoc.createTextNode(XMLUtils.encodeToString(digestValue)));
-
         }
         refElem.appendChild(digestValueElem);
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java	Tue May 07 10:21:04 2019 +0800
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * ===========================================================================
@@ -31,7 +31,7 @@
  * ===========================================================================
  */
 /*
- * $Id: DOMRetrievalMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMRetrievalMethod.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMSignatureMethod.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMSignatureMethod.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMSignatureProperties.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMSignatureProperties.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMSignatureProperty.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMSignatureProperty.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMSignedInfo.java 1820179 2018-01-04 19:09:52Z mullan $
+ * $Id: DOMSignedInfo.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMStructure.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMStructure.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMTransform.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMURIDereferencer.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMURIDereferencer.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMUtils.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMUtils.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -92,7 +92,7 @@
     public static Element createElement(Document doc, String tag,
                                         String nsURI, String prefix)
     {
-        String qName = (prefix == null || prefix.length() == 0)
+        String qName = prefix == null || prefix.length() == 0
                        ? tag : prefix + ":" + tag;
         return doc.createElementNS(nsURI, qName);
     }
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMX509Data.java 1789702 2017-03-31 15:15:04Z coheigea $
+ * $Id: DOMX509Data.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -33,12 +33,13 @@
 import java.security.cert.*;
 import java.util.*;
 
-import javax.xml.crypto.*;
+import javax.security.auth.x500.X500Principal;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
-import javax.security.auth.x500.X500Principal;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -115,7 +116,7 @@
                 } else if ("X509SubjectName".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
                     newContent.add(childElem.getFirstChild().getNodeValue());
                 } else if ("X509SKI".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
-                    String content = XMLUtils.getFullTextChildrenFromElement(childElem);
+                    String content = XMLUtils.getFullTextChildrenFromNode(childElem);
                     newContent.add(XMLUtils.decode(content));
                 } else if ("X509CRL".equals(localName) && XMLSignature.XMLNS.equals(namespace)) {
                     newContent.add(unmarshalX509CRL(childElem));
@@ -132,6 +133,7 @@
         return content;
     }
 
+    @Override
     public void marshal(Node parent, String dsPrefix, DOMCryptoContext context)
         throws MarshalException
     {
@@ -241,7 +243,7 @@
             if (cf == null) {
                 cf = CertificateFactory.getInstance("X.509");
             }
-            String content = XMLUtils.getFullTextChildrenFromElement(elem);
+            String content = XMLUtils.getFullTextChildrenFromNode(elem);
             return new ByteArrayInputStream(XMLUtils.decode(content));
         } catch (CertificateException e) {
             throw new MarshalException("Cannot create CertificateFactory", e);
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMX509IssuerSerial.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMX509IssuerSerial.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXMLObject.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMXMLObject.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java	Tue May 07 10:21:04 2019 +0800
@@ -21,7 +21,7 @@
  * under the License.
  */
 /*
- * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * ===========================================================================
@@ -31,7 +31,7 @@
  * ===========================================================================
  */
 /*
- * $Id: DOMXMLSignature.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMXMLSignature.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -508,7 +508,7 @@
             throws MarshalException
         {
             // base64 decode signatureValue
-            String content = XMLUtils.getFullTextChildrenFromElement(sigValueElem);
+            String content = XMLUtils.getFullTextChildrenFromNode(sigValueElem);
             value = XMLUtils.decode(content);
 
             Attr attr = sigValueElem.getAttributeNodeNS(null, "Id");
@@ -612,6 +612,7 @@
                             DOMCryptoContext context)
             throws MarshalException
         {
+            // create SignatureValue element
             sigValueElem = DOMUtils.createElement(ownerDoc, "SignatureValue",
                                                   XMLSignature.XMLNS, dsPrefix);
             if (valueBase64 != null) {
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXMLSignatureFactory.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMXMLSignatureFactory.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -255,8 +255,6 @@
             return new DOMSignatureMethod.SHA384withRSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512)) {
             return new DOMSignatureMethod.SHA512withRSA(params);
-        } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512)) {
-            return new DOMSignatureMethod.SHA512withRSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.RSA_RIPEMD160)) {
             return new DOMSignatureMethod.RIPEMD160withRSA(params);
         } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA1_MGF1)) {
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java	Tue May 07 10:21:04 2019 +0800
@@ -28,10 +28,10 @@
  * ===========================================================================
  */
 /*
- * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXPathFilter2Transform.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMXPathFilter2Transform.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXPathTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMXPathTransform.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java	Tue May 07 10:21:04 2019 +0800
@@ -21,10 +21,10 @@
  * under the License.
  */
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: DOMXSLTTransform.java 1788465 2017-03-24 15:10:51Z coheigea $
+ * $Id: DOMXSLTTransform.java 1854026 2019-02-21 09:30:01Z coheigea $
  */
 package org.jcp.xml.dsig.internal.dom;
 
--- a/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java	Tue May 07 10:21:04 2019 +0800
@@ -28,10 +28,10 @@
  * ===========================================================================
  */
 /*
- * Portions copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Portions copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
- * $Id: XMLDSigRI.java 1804972 2017-08-14 09:59:23Z coheigea $
+ * $Id: XMLDSigRI.java 1833618 2018-06-15 17:36:20Z mullan $
  */
 package org.jcp.xml.dsig.internal.dom;
 
@@ -123,7 +123,7 @@
                     } else if (algo.equals(Transform.XSLT)) {
                         return new DOMXSLTTransform();
                     }
-                 }
+                }
             } catch (Exception ex) {
                 throw new NoSuchAlgorithmException("Error constructing " +
                     type + " for " + algo + " using XMLDSig", ex);
--- a/src/java.xml.crypto/share/legal/santuario.md	Tue May 07 00:58:10 2019 +0000
+++ b/src/java.xml.crypto/share/legal/santuario.md	Tue May 07 10:21:04 2019 +0800
@@ -1,10 +1,10 @@
-## Apache Santuario v2.1.1
+## Apache Santuario v2.1.3
 
 ### Apache Santuario Notice
 <pre>
 
   Apache Santuario - XML Security for Java
-  Copyright 1999-2018 The Apache Software Foundation
+  Copyright 1999-2019 The Apache Software Foundation
 
   This product includes software developed at
   The Apache Software Foundation (http://www.apache.org/).