0N/A/*
6159N/A * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/**
0N/A * @test
4571N/A * @bug 4635230 6283345 6303830 6824440 6867348 7094155
0N/A * @summary Basic unit tests for generating XML Signatures with JSR 105
0N/A * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java
0N/A * X509KeySelector.java GenerationTests.java
6159N/A * @run main/othervm GenerationTests
0N/A * @author Sean Mullan
0N/A */
0N/A
0N/Aimport java.io.*;
0N/Aimport java.math.BigInteger;
0N/Aimport java.security.Key;
0N/Aimport java.security.KeyFactory;
0N/Aimport java.security.KeyStore;
0N/Aimport java.security.PrivateKey;
0N/Aimport java.security.PublicKey;
0N/Aimport java.security.cert.Certificate;
0N/Aimport java.security.cert.CertificateFactory;
0N/Aimport java.security.cert.X509Certificate;
0N/Aimport java.security.cert.X509CRL;
0N/Aimport java.security.spec.KeySpec;
0N/Aimport java.security.spec.DSAPrivateKeySpec;
0N/Aimport java.security.spec.DSAPublicKeySpec;
0N/Aimport java.security.spec.RSAPrivateKeySpec;
0N/Aimport java.security.spec.RSAPublicKeySpec;
0N/Aimport java.util.*;
0N/Aimport javax.crypto.SecretKey;
0N/Aimport javax.xml.XMLConstants;
0N/Aimport javax.xml.parsers.*;
0N/Aimport org.w3c.dom.*;
0N/Aimport javax.xml.crypto.Data;
0N/Aimport javax.xml.crypto.KeySelector;
0N/Aimport javax.xml.crypto.OctetStreamData;
0N/Aimport javax.xml.crypto.URIDereferencer;
0N/Aimport javax.xml.crypto.URIReference;
0N/Aimport javax.xml.crypto.URIReferenceException;
0N/Aimport javax.xml.crypto.XMLCryptoContext;
0N/Aimport javax.xml.crypto.XMLStructure;
0N/Aimport javax.xml.crypto.dsig.*;
0N/Aimport javax.xml.crypto.dom.*;
0N/Aimport javax.xml.crypto.dsig.dom.DOMSignContext;
0N/Aimport javax.xml.crypto.dsig.dom.DOMValidateContext;
0N/Aimport javax.xml.crypto.dsig.keyinfo.*;
0N/Aimport javax.xml.crypto.dsig.spec.*;
0N/Aimport javax.xml.transform.*;
0N/Aimport javax.xml.transform.dom.DOMSource;
0N/Aimport javax.xml.transform.stream.StreamResult;
0N/A
0N/A/**
0N/A * Test that recreates merlin-xmldsig-twenty-three test vectors but with
0N/A * different keys and X.509 data.
0N/A */
0N/Apublic class GenerationTests {
0N/A
0N/A private static XMLSignatureFactory fac;
0N/A private static KeyInfoFactory kifac;
0N/A private static DocumentBuilder db;
0N/A private static CanonicalizationMethod withoutComments;
0N/A private static SignatureMethod dsaSha1, rsaSha1, rsaSha256, rsaSha384, rsaSha512;
0N/A private static DigestMethod sha1, sha256, sha384, sha512;
0N/A private static KeyInfo dsa, rsa, rsa1024;
0N/A private static KeySelector kvks = new KeySelectors.KeyValueKeySelector();
0N/A private static KeySelector sks;
0N/A private static Key signingKey;
0N/A private static PublicKey validatingKey;
0N/A private static Certificate signingCert;
0N/A private static KeyStore ks;
0N/A private final static String DIR = System.getProperty("test.src", ".");
661N/A// private final static String DIR = ".";
0N/A private final static String DATA_DIR =
0N/A DIR + System.getProperty("file.separator") + "data";
0N/A private final static String KEYSTORE =
0N/A DATA_DIR + System.getProperty("file.separator") + "certs" +
0N/A System.getProperty("file.separator") + "test.jks";
0N/A private final static String CRL =
0N/A DATA_DIR + System.getProperty("file.separator") + "certs" +
0N/A System.getProperty("file.separator") + "crl";
0N/A private final static String ENVELOPE =
0N/A DATA_DIR + System.getProperty("file.separator") + "envelope.xml";
0N/A private static URIDereferencer httpUd = null;
0N/A private final static String STYLESHEET =
0N/A "http://www.w3.org/TR/xml-stylesheet";
0N/A private final static String STYLESHEET_B64 =
0N/A "http://www.w3.org/Signature/2002/04/xml-stylesheet.b64";
0N/A
0N/A public static void main(String args[]) throws Exception {
0N/A setup();
0N/A test_create_signature_enveloped_dsa();
0N/A test_create_signature_enveloping_b64_dsa();
0N/A test_create_signature_enveloping_dsa();
0N/A test_create_signature_enveloping_hmac_sha1_40();
0N/A test_create_signature_enveloping_hmac_sha256();
0N/A test_create_signature_enveloping_hmac_sha384();
0N/A test_create_signature_enveloping_hmac_sha512();
0N/A test_create_signature_enveloping_rsa();
0N/A test_create_signature_external_b64_dsa();
0N/A test_create_signature_external_dsa();
0N/A test_create_signature_keyname();
0N/A test_create_signature_retrievalmethod_rawx509crt();
0N/A test_create_signature_x509_crt_crl();
0N/A test_create_signature_x509_crt();
0N/A test_create_signature_x509_is();
0N/A test_create_signature_x509_ski();
0N/A test_create_signature_x509_sn();
2009N/A test_create_signature();
0N/A test_create_exc_signature();
0N/A test_create_sign_spec();
0N/A test_create_signature_enveloping_sha256_dsa();
0N/A test_create_signature_enveloping_sha384_rsa_sha256();
0N/A test_create_signature_enveloping_sha512_rsa_sha384();
0N/A test_create_signature_enveloping_sha512_rsa_sha512();
2009N/A test_create_signature_reference_dependency();
4571N/A test_create_signature_with_attr_in_no_namespace();
0N/A }
0N/A
0N/A private static void setup() throws Exception {
0N/A fac = XMLSignatureFactory.getInstance();
0N/A kifac = fac.getKeyInfoFactory();
0N/A DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
0N/A dbf.setNamespaceAware(true);
0N/A db = dbf.newDocumentBuilder();
0N/A
0N/A // get key & self-signed certificate from keystore
0N/A FileInputStream fis = new FileInputStream(KEYSTORE);
0N/A ks = KeyStore.getInstance("JKS");
0N/A ks.load(fis, "changeit".toCharArray());
0N/A signingKey = ks.getKey("user", "changeit".toCharArray());
0N/A signingCert = ks.getCertificate("user");
0N/A validatingKey = signingCert.getPublicKey();
0N/A
0N/A // create common objects
0N/A withoutComments = fac.newCanonicalizationMethod
0N/A (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null);
0N/A dsaSha1 = fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null);
0N/A sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);
0N/A sha256 = fac.newDigestMethod(DigestMethod.SHA256, null);
0N/A sha384 = fac.newDigestMethod
0N/A ("http://www.w3.org/2001/04/xmldsig-more#sha384", null);
0N/A sha512 = fac.newDigestMethod(DigestMethod.SHA512, null);
0N/A dsa = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newKeyValue(validatingKey)));
0N/A rsa = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newKeyValue(getPublicKey("RSA"))));
0N/A rsa1024 = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newKeyValue(getPublicKey("RSA", 1024))));
0N/A rsaSha1 = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
0N/A rsaSha256 = fac.newSignatureMethod
0N/A ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
0N/A rsaSha384 = fac.newSignatureMethod
0N/A ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null);
0N/A rsaSha512 = fac.newSignatureMethod
0N/A ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null);
0N/A sks = new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));
0N/A
0N/A httpUd = new HttpURIDereferencer();
0N/A }
0N/A
0N/A static void test_create_signature_enveloped_dsa() throws Exception {
0N/A System.out.println("* Generating signature-enveloped-dsa.xml");
0N/A // create SignedInfo
0N/A SignedInfo si = fac.newSignedInfo
0N/A (withoutComments, dsaSha1, Collections.singletonList
0N/A (fac.newReference
0N/A ("", sha1, Collections.singletonList
0N/A (fac.newTransform(Transform.ENVELOPED,
0N/A (TransformParameterSpec) null)),
0N/A null, null)));
0N/A
0N/A // create XMLSignature
0N/A XMLSignature sig = fac.newXMLSignature(si, dsa);
0N/A
0N/A Document doc = db.newDocument();
0N/A Element envelope = doc.createElementNS
0N/A ("http://example.org/envelope", "Envelope");
0N/A envelope.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI,
0N/A "xmlns", "http://example.org/envelope");
0N/A doc.appendChild(envelope);
0N/A
0N/A DOMSignContext dsc = new DOMSignContext(signingKey, envelope);
0N/A
0N/A sig.sign(dsc);
661N/A// StringWriter sw = new StringWriter();
661N/A// dumpDocument(doc, sw);
661N/A// System.out.println(sw.toString());
0N/A
0N/A DOMValidateContext dvc = new DOMValidateContext
0N/A (kvks, envelope.getFirstChild());
0N/A XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
0N/A
0N/A if (sig.equals(sig2) == false) {
0N/A throw new Exception
0N/A ("Unmarshalled signature is not equal to generated signature");
0N/A }
0N/A
0N/A if (sig2.validate(dvc) == false) {
0N/A throw new Exception("Validation of generated signature failed");
0N/A }
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_b64_dsa() throws Exception {
0N/A System.out.println("* Generating signature-enveloping-b64-dsa.xml");
0N/A test_create_signature_enveloping
0N/A (sha1, dsaSha1, dsa, signingKey, kvks, true);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_dsa() throws Exception {
0N/A System.out.println("* Generating signature-enveloping-dsa.xml");
0N/A test_create_signature_enveloping
0N/A (sha1, dsaSha1, dsa, signingKey, kvks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_sha256_dsa() throws Exception {
0N/A System.out.println("* Generating signature-enveloping-sha256-dsa.xml");
0N/A test_create_signature_enveloping
0N/A (sha256, dsaSha1, dsa, signingKey, kvks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_hmac_sha1_40()
0N/A throws Exception {
0N/A System.out.println("* Generating signature-enveloping-hmac-sha1-40.xml");
0N/A SignatureMethod hmacSha1 = fac.newSignatureMethod
0N/A (SignatureMethod.HMAC_SHA1, new HMACParameterSpec(40));
1515N/A try {
1515N/A test_create_signature_enveloping(sha1, hmacSha1, null,
1515N/A getSecretKey("secret".getBytes("ASCII")), sks, false);
1515N/A } catch (Exception e) {
1515N/A if (!(e instanceof XMLSignatureException)) {
1515N/A throw e;
1515N/A }
1515N/A }
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_hmac_sha256()
0N/A throws Exception {
0N/A System.out.println("* Generating signature-enveloping-hmac-sha256.xml");
0N/A SignatureMethod hmacSha256 = fac.newSignatureMethod
0N/A ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", null);
0N/A test_create_signature_enveloping(sha1, hmacSha256, null,
0N/A getSecretKey("secret".getBytes("ASCII")), sks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_hmac_sha384()
0N/A throws Exception {
0N/A System.out.println("* Generating signature-enveloping-hmac-sha384.xml");
0N/A SignatureMethod hmacSha384 = fac.newSignatureMethod
0N/A ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", null);
0N/A test_create_signature_enveloping(sha1, hmacSha384, null,
0N/A getSecretKey("secret".getBytes("ASCII")), sks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_hmac_sha512()
0N/A throws Exception {
0N/A System.out.println("* Generating signature-enveloping-hmac-sha512.xml");
0N/A SignatureMethod hmacSha512 = fac.newSignatureMethod
0N/A ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", null);
0N/A test_create_signature_enveloping(sha1, hmacSha512, null,
0N/A getSecretKey("secret".getBytes("ASCII")), sks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_rsa() throws Exception {
0N/A System.out.println("* Generating signature-enveloping-rsa.xml");
0N/A test_create_signature_enveloping(sha1, rsaSha1, rsa,
0N/A getPrivateKey("RSA"), kvks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_sha384_rsa_sha256()
0N/A throws Exception {
0N/A System.out.println("* Generating signature-enveloping-sha384-rsa_sha256.xml");
0N/A test_create_signature_enveloping(sha384, rsaSha256, rsa,
0N/A getPrivateKey("RSA"), kvks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_sha512_rsa_sha384()
0N/A throws Exception {
0N/A System.out.println("* Generating signature-enveloping-sha512-rsa_sha384.xml");
0N/A test_create_signature_enveloping(sha512, rsaSha384, rsa1024,
0N/A getPrivateKey("RSA", 1024), kvks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_enveloping_sha512_rsa_sha512()
0N/A throws Exception {
0N/A System.out.println("* Generating signature-enveloping-sha512-rsa_sha512.xml");
0N/A test_create_signature_enveloping(sha512, rsaSha512, rsa1024,
0N/A getPrivateKey("RSA", 1024), kvks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_external_b64_dsa() throws Exception {
0N/A System.out.println("* Generating signature-external-b64-dsa.xml");
0N/A test_create_signature_external(dsaSha1, dsa, signingKey, kvks, true);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_external_dsa() throws Exception {
0N/A System.out.println("* Generating signature-external-dsa.xml");
0N/A test_create_signature_external(dsaSha1, dsa, signingKey, kvks, false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_keyname() throws Exception {
0N/A System.out.println("* Generating signature-keyname.xml");
0N/A KeyInfo kn = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newKeyName("user")));
0N/A test_create_signature_external(dsaSha1, kn, signingKey,
0N/A new X509KeySelector(ks), false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_retrievalmethod_rawx509crt()
0N/A throws Exception {
0N/A System.out.println(
0N/A "* Generating signature-retrievalmethod-rawx509crt.xml");
0N/A KeyInfo rm = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newRetrievalMethod
0N/A ("certs/user.crt", X509Data.RAW_X509_CERTIFICATE_TYPE, null)));
0N/A test_create_signature_external(dsaSha1, rm, signingKey,
0N/A new X509KeySelector(ks), false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_x509_crt_crl() throws Exception {
0N/A System.out.println("* Generating signature-x509-crt-crl.xml");
0N/A List<Object> xds = new ArrayList<Object>();
0N/A CertificateFactory cf = CertificateFactory.getInstance("X.509");
0N/A xds.add(signingCert);
0N/A FileInputStream fis = new FileInputStream(CRL);
0N/A X509CRL crl = (X509CRL) cf.generateCRL(fis);
0N/A fis.close();
0N/A xds.add(crl);
0N/A KeyInfo crt_crl = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newX509Data(xds)));
0N/A
0N/A test_create_signature_external(dsaSha1, crt_crl, signingKey,
0N/A new X509KeySelector(ks), false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_x509_crt() throws Exception {
0N/A System.out.println("* Generating signature-x509-crt.xml");
0N/A KeyInfo crt = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newX509Data(Collections.singletonList(signingCert))));
0N/A
0N/A test_create_signature_external(dsaSha1, crt, signingKey,
0N/A new X509KeySelector(ks), false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_x509_is() throws Exception {
0N/A System.out.println("* Generating signature-x509-is.xml");
0N/A KeyInfo is = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newX509Data(Collections.singletonList
0N/A (kifac.newX509IssuerSerial
0N/A ("CN=User", new BigInteger("45ef2729", 16))))));
0N/A test_create_signature_external(dsaSha1, is, signingKey,
0N/A new X509KeySelector(ks), false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_x509_ski() throws Exception {
0N/A System.out.println("* Generating signature-x509-ski.xml");
0N/A KeyInfo ski = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newX509Data(Collections.singletonList
0N/A ("keyid".getBytes("ASCII")))));
0N/A
0N/A test_create_signature_external(dsaSha1, ski, signingKey,
0N/A KeySelector.singletonKeySelector(validatingKey), false);
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_signature_x509_sn() throws Exception {
0N/A System.out.println("* Generating signature-x509-sn.xml");
0N/A KeyInfo sn = kifac.newKeyInfo(Collections.singletonList
0N/A (kifac.newX509Data(Collections.singletonList("CN=User"))));
0N/A
0N/A test_create_signature_external(dsaSha1, sn, signingKey,
0N/A new X509KeySelector(ks), false);
0N/A System.out.println();
0N/A }
0N/A
2009N/A static void test_create_signature_reference_dependency() throws Exception {
2009N/A System.out.println("* Generating signature-reference-dependency.xml");
2009N/A // create references
2009N/A List<Reference> refs = Collections.singletonList
2009N/A (fac.newReference("#object-1", sha1));
2009N/A
2009N/A // create SignedInfo
2009N/A SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
2009N/A
2009N/A // create objects
2009N/A List<XMLStructure> objs = new ArrayList<XMLStructure>();
2009N/A
2009N/A // Object 1
2009N/A List<Reference> manRefs = Collections.singletonList
2009N/A (fac.newReference("#object-2", sha1));
2009N/A objs.add(fac.newXMLObject(Collections.singletonList
2009N/A (fac.newManifest(manRefs, "manifest-1")), "object-1", null, null));
2009N/A
2009N/A // Object 2
2009N/A Document doc = db.newDocument();
2009N/A Element nc = doc.createElementNS(null, "NonCommentandus");
2009N/A nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");
2009N/A nc.appendChild(doc.createComment(" Commentandum "));
2009N/A objs.add(fac.newXMLObject(Collections.singletonList
2009N/A (new DOMStructure(nc)), "object-2", null, null));
2009N/A
2009N/A // create XMLSignature
2009N/A XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null);
2009N/A DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc);
2009N/A
2009N/A sig.sign(dsc);
2009N/A
6159N/A// dumpDocument(doc, new PrintWriter(System.out));
4571N/A
4571N/A DOMValidateContext dvc = new DOMValidateContext
4571N/A (kvks, doc.getDocumentElement());
4571N/A XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
4571N/A
4571N/A if (sig.equals(sig2) == false) {
4571N/A throw new Exception
4571N/A ("Unmarshalled signature is not equal to generated signature");
4571N/A }
4571N/A if (sig2.validate(dvc) == false) {
4571N/A throw new Exception("Validation of generated signature failed");
4571N/A }
4571N/A
4571N/A System.out.println();
4571N/A }
4571N/A
4571N/A static void test_create_signature_with_attr_in_no_namespace()
4571N/A throws Exception
4571N/A {
4571N/A System.out.println
4571N/A ("* Generating signature-with-attr-in-no-namespace.xml");
4571N/A
4571N/A // create references
4571N/A List<Reference> refs = Collections.singletonList
4571N/A (fac.newReference("#unknown", sha1));
4571N/A
4571N/A // create SignedInfo
4571N/A SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
4571N/A
4571N/A // create object-1
4571N/A Document doc = db.newDocument();
4571N/A Element nc = doc.createElementNS(null, "NonCommentandus");
4571N/A // add attribute with no namespace
4571N/A nc.setAttribute("Id", "unknown");
4571N/A XMLObject obj = fac.newXMLObject(Collections.singletonList
4571N/A (new DOMStructure(nc)), "object-1", null, null);
4571N/A
4571N/A // create XMLSignature
4571N/A XMLSignature sig = fac.newXMLSignature(si, rsa,
4571N/A Collections.singletonList(obj),
4571N/A "signature", null);
4571N/A DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc);
6159N/A dsc.setIdAttributeNS(nc, null, "Id");
4571N/A
4571N/A sig.sign(dsc);
4571N/A
2009N/A// dumpDocument(doc, new PrintWriter(System.out));
2009N/A
2009N/A DOMValidateContext dvc = new DOMValidateContext
2009N/A (kvks, doc.getDocumentElement());
6159N/A dvc.setIdAttributeNS(nc, null, "Id");
2009N/A XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
2009N/A
2009N/A if (sig.equals(sig2) == false) {
2009N/A throw new Exception
2009N/A ("Unmarshalled signature is not equal to generated signature");
2009N/A }
2009N/A if (sig2.validate(dvc) == false) {
2009N/A throw new Exception("Validation of generated signature failed");
2009N/A }
2009N/A
2009N/A System.out.println();
2009N/A }
2009N/A
0N/A static void test_create_signature() throws Exception {
0N/A System.out.println("* Generating signature.xml");
0N/A
0N/A // create references
0N/A List<Reference> refs = new ArrayList<Reference>();
0N/A
0N/A // Reference 1
0N/A refs.add(fac.newReference(STYLESHEET, sha1));
0N/A
0N/A // Reference 2
0N/A refs.add(fac.newReference
0N/A (STYLESHEET_B64,
0N/A sha1, Collections.singletonList
0N/A (fac.newTransform(Transform.BASE64,
0N/A (TransformParameterSpec) null)), null, null));
0N/A
0N/A // Reference 3
0N/A refs.add(fac.newReference("#object-1", sha1, Collections.singletonList
0N/A (fac.newTransform(Transform.XPATH,
0N/A new XPathFilterParameterSpec("self::text()"))),
0N/A XMLObject.TYPE, null));
0N/A
0N/A // Reference 4
0N/A String expr = "\n"
0N/A + " ancestor-or-self::dsig:SignedInfo " + "\n"
0N/A + " and " + "\n"
0N/A + " count(ancestor-or-self::dsig:Reference | " + "\n"
0N/A + " here()/ancestor::dsig:Reference[1]) > " + "\n"
0N/A + " count(ancestor-or-self::dsig:Reference) " + "\n"
0N/A + " or " + "\n"
0N/A + " count(ancestor-or-self::node() | " + "\n"
0N/A + " id('notaries')) = " + "\n"
0N/A + " count(ancestor-or-self::node()) " + "\n";
0N/A
0N/A XPathFilterParameterSpec xfp = new XPathFilterParameterSpec(expr,
0N/A Collections.singletonMap("dsig", XMLSignature.XMLNS));
0N/A refs.add(fac.newReference("", sha1, Collections.singletonList
0N/A (fac.newTransform(Transform.XPATH, xfp)),
0N/A XMLObject.TYPE, null));
0N/A
0N/A // Reference 5
0N/A refs.add(fac.newReference("#object-2", sha1, Collections.singletonList
0N/A (fac.newTransform
0N/A (Transform.BASE64, (TransformParameterSpec) null)),
0N/A XMLObject.TYPE, null));
0N/A
0N/A // Reference 6
0N/A refs.add(fac.newReference
0N/A ("#manifest-1", sha1, null, Manifest.TYPE, null));
0N/A
0N/A // Reference 7
0N/A refs.add(fac.newReference("#signature-properties-1", sha1, null,
0N/A SignatureProperties.TYPE, null));
0N/A
0N/A // Reference 8
0N/A List<Transform> transforms = new ArrayList<Transform>();
0N/A transforms.add(fac.newTransform
0N/A (Transform.ENVELOPED, (TransformParameterSpec) null));
0N/A refs.add(fac.newReference("", sha1, transforms, null, null));
0N/A
0N/A // Reference 9
0N/A transforms.add(fac.newTransform
0N/A (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
0N/A (TransformParameterSpec) null));
0N/A refs.add(fac.newReference("", sha1, transforms, null, null));
0N/A
0N/A // Reference 10
0N/A Transform env = fac.newTransform
0N/A (Transform.ENVELOPED, (TransformParameterSpec) null);
0N/A refs.add(fac.newReference("#xpointer(/)",
0N/A sha1, Collections.singletonList(env), null, null));
0N/A
0N/A // Reference 11
0N/A transforms.clear();
0N/A transforms.add(fac.newTransform
0N/A (Transform.ENVELOPED, (TransformParameterSpec) null));
0N/A transforms.add(fac.newTransform
0N/A (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
0N/A (TransformParameterSpec) null));
0N/A refs.add(fac.newReference("#xpointer(/)", sha1, transforms,
0N/A null, null));
0N/A
0N/A // Reference 12
0N/A refs.add
0N/A (fac.newReference("#object-3", sha1, null, XMLObject.TYPE, null));
0N/A
0N/A // Reference 13
0N/A Transform withComments = fac.newTransform
0N/A (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
0N/A (TransformParameterSpec) null);
0N/A refs.add(fac.newReference("#object-3", sha1,
0N/A Collections.singletonList(withComments), XMLObject.TYPE, null));
0N/A
0N/A // Reference 14
0N/A refs.add(fac.newReference("#xpointer(id('object-3'))", sha1, null,
0N/A XMLObject.TYPE, null));
0N/A
0N/A // Reference 15
0N/A withComments = fac.newTransform
0N/A (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
0N/A (TransformParameterSpec) null);
0N/A refs.add(fac.newReference("#xpointer(id('object-3'))", sha1,
0N/A Collections.singletonList(withComments), XMLObject.TYPE, null));
0N/A
0N/A // Reference 16
0N/A refs.add(fac.newReference("#reference-2", sha1));
0N/A
0N/A // Reference 17
0N/A refs.add(fac.newReference("#manifest-reference-1", sha1, null,
0N/A null, "reference-1"));
0N/A
0N/A // Reference 18
0N/A refs.add(fac.newReference("#reference-1", sha1, null, null,
0N/A "reference-2"));
0N/A
0N/A // create SignedInfo
0N/A SignedInfo si = fac.newSignedInfo(withoutComments, dsaSha1, refs);
0N/A
0N/A // create keyinfo
0N/A XPathFilterParameterSpec xpf = new XPathFilterParameterSpec(
0N/A "ancestor-or-self::dsig:X509Data",
0N/A Collections.singletonMap("dsig", XMLSignature.XMLNS));
0N/A RetrievalMethod rm = kifac.newRetrievalMethod("#object-4",
0N/A X509Data.TYPE, Collections.singletonList(fac.newTransform
0N/A (Transform.XPATH, xpf)));
0N/A KeyInfo ki = kifac.newKeyInfo(Collections.singletonList(rm), null);
0N/A
0N/A Document doc = db.newDocument();
0N/A
0N/A // create objects
0N/A List<XMLStructure> objs = new ArrayList<XMLStructure>();
0N/A
0N/A // Object 1
0N/A objs.add(fac.newXMLObject(Collections.singletonList
0N/A (new DOMStructure(doc.createTextNode("I am the text."))),
0N/A "object-1", "text/plain", null));
0N/A
0N/A // Object 2
0N/A objs.add(fac.newXMLObject(Collections.singletonList
0N/A (new DOMStructure(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="))),
0N/A "object-2", "text/plain", Transform.BASE64));
0N/A
0N/A // Object 3
0N/A Element nc = doc.createElementNS(null, "NonCommentandus");
0N/A nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");
0N/A nc.appendChild(doc.createComment(" Commentandum "));
0N/A objs.add(fac.newXMLObject(Collections.singletonList
0N/A (new DOMStructure(nc)), "object-3", null, null));
0N/A
0N/A // Manifest
0N/A List<Reference> manRefs = new ArrayList<Reference>();
0N/A
0N/A // Manifest Reference 1
0N/A manRefs.add(fac.newReference(STYLESHEET,
0N/A sha1, null, null, "manifest-reference-1"));
0N/A
0N/A // Manifest Reference 2
0N/A manRefs.add(fac.newReference("#reference-1", sha1));
0N/A
0N/A // Manifest Reference 3
0N/A List<Transform> manTrans = new ArrayList<Transform>();
0N/A String xslt = ""
0N/A + "<xsl:stylesheet xmlns:xsl='http://www.w3.org/1999/XSL/Transform'\n"
0N/A + " xmlns='http://www.w3.org/TR/xhtml1/strict' \n"
0N/A + " exclude-result-prefixes='foo' \n"
0N/A + " version='1.0'>\n"
0N/A + " <xsl:output encoding='UTF-8' \n"
0N/A + " indent='no' \n"
0N/A + " method='xml' />\n"
0N/A + " <xsl:template match='/'>\n"
0N/A + " <html>\n"
0N/A + " <head>\n"
0N/A + " <title>Notaries</title>\n"
0N/A + " </head>\n"
0N/A + " <body>\n"
0N/A + " <table>\n"
0N/A + " <xsl:for-each select='Notaries/Notary'>\n"
0N/A + " <tr>\n"
0N/A + " <th>\n"
0N/A + " <xsl:value-of select='@name' />\n"
0N/A + " </th>\n"
0N/A + " </tr>\n"
0N/A + " </xsl:for-each>\n"
0N/A + " </table>\n"
0N/A + " </body>\n"
0N/A + " </html>\n"
0N/A + " </xsl:template>\n"
0N/A + "</xsl:stylesheet>\n";
0N/A Document docxslt = db.parse(new ByteArrayInputStream(xslt.getBytes()));
0N/A Node xslElem = docxslt.getDocumentElement();
0N/A
0N/A manTrans.add(fac.newTransform(Transform.XSLT,
0N/A new XSLTTransformParameterSpec(new DOMStructure(xslElem))));
0N/A manTrans.add(fac.newTransform(CanonicalizationMethod.INCLUSIVE,
0N/A (TransformParameterSpec) null));
0N/A manRefs.add(fac.newReference("#notaries", sha1, manTrans, null, null));
0N/A
0N/A objs.add(fac.newXMLObject(Collections.singletonList
0N/A (fac.newManifest(manRefs, "manifest-1")), null, null, null));
0N/A
0N/A // SignatureProperties
0N/A Element sa = doc.createElementNS("urn:demo", "SignerAddress");
0N/A sa.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "urn:demo");
0N/A Element ip = doc.createElementNS("urn:demo", "IP");
0N/A ip.appendChild(doc.createTextNode("192.168.21.138"));
0N/A sa.appendChild(ip);
0N/A SignatureProperty sp = fac.newSignatureProperty
0N/A (Collections.singletonList(new DOMStructure(sa)),
0N/A "#signature", null);
0N/A SignatureProperties sps = fac.newSignatureProperties
0N/A (Collections.singletonList(sp), "signature-properties-1");
0N/A objs.add(fac.newXMLObject(Collections.singletonList(sps), null,
0N/A null, null));
0N/A
0N/A // Object 4
0N/A List<Object> xds = new ArrayList<Object>();
0N/A xds.add("CN=User");
0N/A xds.add(kifac.newX509IssuerSerial
0N/A ("CN=User", new BigInteger("45ef2729", 16)));
0N/A xds.add(signingCert);
0N/A objs.add(fac.newXMLObject(Collections.singletonList
0N/A (kifac.newX509Data(xds)), "object-4", null, null));
0N/A
0N/A // create XMLSignature
0N/A XMLSignature sig = fac.newXMLSignature(si, ki, objs, "signature", null);
0N/A
0N/A DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
0N/A dbf.setNamespaceAware(true);
0N/A dbf.setValidating(false);
0N/A Document envDoc = dbf.newDocumentBuilder().parse
0N/A (new FileInputStream(ENVELOPE));
0N/A Element ys = (Element)
0N/A envDoc.getElementsByTagName("YoursSincerely").item(0);
0N/A
0N/A DOMSignContext dsc = new DOMSignContext(signingKey, ys);
2009N/A dsc.setURIDereferencer(httpUd);
0N/A
0N/A sig.sign(dsc);
0N/A
0N/A// StringWriter sw = new StringWriter();
0N/A// dumpDocument(envDoc, sw);
0N/A
0N/A NodeList nl =
0N/A envDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
0N/A if (nl.getLength() == 0) {
0N/A throw new Exception("Couldn't find signature Element");
0N/A }
0N/A Element sigElement = (Element) nl.item(0);
0N/A
0N/A DOMValidateContext dvc = new DOMValidateContext
0N/A (new X509KeySelector(ks), sigElement);
2009N/A dvc.setURIDereferencer(httpUd);
0N/A File f = new File(
0N/A System.getProperty("dir.test.vector.baltimore") +
0N/A System.getProperty("file.separator") +
0N/A "merlin-xmldsig-twenty-three" +
0N/A System.getProperty("file.separator"));
0N/A dvc.setBaseURI(f.toURI().toString());
0N/A
0N/A XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
0N/A
0N/A if (sig.equals(sig2) == false) {
0N/A throw new Exception
0N/A ("Unmarshalled signature is not equal to generated signature");
0N/A }
0N/A if (sig2.validate(dvc) == false) {
0N/A throw new Exception("Validation of generated signature failed");
0N/A }
0N/A System.out.println();
0N/A }
0N/A
0N/A private static void dumpDocument(Document doc, Writer w) throws Exception {
0N/A TransformerFactory tf = TransformerFactory.newInstance();
0N/A Transformer trans = tf.newTransformer();
0N/A// trans.setOutputProperty(OutputKeys.INDENT, "yes");
0N/A trans.transform(new DOMSource(doc), new StreamResult(w));
0N/A }
0N/A
0N/A private static void test_create_signature_external
0N/A (SignatureMethod sm, KeyInfo ki, Key signingKey, KeySelector ks,
0N/A boolean b64) throws Exception {
0N/A
0N/A // create reference
0N/A Reference ref;
0N/A if (b64) {
0N/A ref = fac.newReference
0N/A (STYLESHEET_B64,
0N/A sha1, Collections.singletonList
0N/A (fac.newTransform(Transform.BASE64,
0N/A (TransformParameterSpec) null)), null, null);
0N/A } else {
0N/A ref = fac.newReference(STYLESHEET, sha1);
0N/A }
0N/A
0N/A // create SignedInfo
0N/A SignedInfo si = fac.newSignedInfo(withoutComments, sm,
0N/A Collections.singletonList(ref));
0N/A
0N/A Document doc = db.newDocument();
0N/A
0N/A // create XMLSignature
0N/A XMLSignature sig = fac.newXMLSignature(si, ki);
0N/A
0N/A DOMSignContext dsc = new DOMSignContext(signingKey, doc);
0N/A dsc.setURIDereferencer(httpUd);
0N/A
0N/A sig.sign(dsc);
0N/A
0N/A DOMValidateContext dvc = new DOMValidateContext
0N/A (ks, doc.getDocumentElement());
0N/A File f = new File(DATA_DIR);
0N/A dvc.setBaseURI(f.toURI().toString());
0N/A dvc.setURIDereferencer(httpUd);
0N/A
0N/A XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
0N/A
0N/A if (sig.equals(sig2) == false) {
0N/A throw new Exception
0N/A ("Unmarshalled signature is not equal to generated signature");
0N/A }
0N/A if (sig2.validate(dvc) == false) {
0N/A throw new Exception("Validation of generated signature failed");
0N/A }
0N/A }
0N/A
0N/A private static void test_create_signature_enveloping
0N/A (DigestMethod dm, SignatureMethod sm, KeyInfo ki, Key signingKey,
0N/A KeySelector ks, boolean b64) throws Exception {
0N/A
0N/A // create reference
0N/A Reference ref;
0N/A if (b64) {
0N/A ref = fac.newReference("#object", dm, Collections.singletonList
0N/A (fac.newTransform(Transform.BASE64,
0N/A (TransformParameterSpec) null)), null, null);
0N/A } else {
0N/A ref = fac.newReference("#object", dm);
0N/A }
0N/A
0N/A // create SignedInfo
0N/A SignedInfo si = fac.newSignedInfo(withoutComments, sm,
0N/A Collections.singletonList(ref));
0N/A
0N/A Document doc = db.newDocument();
0N/A // create Objects
0N/A String text = b64 ? "c29tZSB0ZXh0" : "some text";
0N/A XMLObject obj = fac.newXMLObject(Collections.singletonList
0N/A (new DOMStructure(doc.createTextNode(text))),
0N/A "object", null, null);
0N/A
0N/A // create XMLSignature
0N/A XMLSignature sig = fac.newXMLSignature
0N/A (si, ki, Collections.singletonList(obj), null, null);
0N/A
0N/A DOMSignContext dsc = new DOMSignContext(signingKey, doc);
0N/A
0N/A sig.sign(dsc);
0N/A
0N/A// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
0N/A
0N/A DOMValidateContext dvc = new DOMValidateContext
0N/A (ks, doc.getDocumentElement());
0N/A XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
0N/A
0N/A if (sig.equals(sig2) == false) {
0N/A throw new Exception
0N/A ("Unmarshalled signature is not equal to generated signature");
0N/A }
0N/A if (sig2.validate(dvc) == false) {
0N/A throw new Exception("Validation of generated signature failed");
0N/A }
0N/A }
0N/A
0N/A static void test_create_exc_signature() throws Exception {
0N/A System.out.println("* Generating exc_signature.xml");
0N/A List<Reference> refs = new ArrayList<Reference>(4);
0N/A
0N/A // create reference 1
0N/A refs.add(fac.newReference
0N/A ("#xpointer(id('to-be-signed'))",
0N/A fac.newDigestMethod(DigestMethod.SHA1, null),
0N/A Collections.singletonList
0N/A (fac.newTransform(CanonicalizationMethod.EXCLUSIVE,
0N/A (TransformParameterSpec) null)),
0N/A null, null));
0N/A
0N/A // create reference 2
0N/A List<String> prefixList = new ArrayList<String>(2);
0N/A prefixList.add("bar");
0N/A prefixList.add("#default");
0N/A ExcC14NParameterSpec params = new ExcC14NParameterSpec(prefixList);
0N/A refs.add(fac.newReference
0N/A ("#xpointer(id('to-be-signed'))",
0N/A fac.newDigestMethod(DigestMethod.SHA1, null),
0N/A Collections.singletonList
0N/A (fac.newTransform(CanonicalizationMethod.EXCLUSIVE, params)),
0N/A null, null));
0N/A
0N/A // create reference 3
0N/A refs.add(fac.newReference
0N/A ("#xpointer(id('to-be-signed'))",
0N/A fac.newDigestMethod(DigestMethod.SHA1, null),
0N/A Collections.singletonList(fac.newTransform
0N/A (CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS,
0N/A (TransformParameterSpec) null)),
0N/A null, null));
0N/A
0N/A // create reference 4
0N/A prefixList = new ArrayList<String>(2);
0N/A prefixList.add("bar");
0N/A prefixList.add("#default");
0N/A params = new ExcC14NParameterSpec(prefixList);
0N/A refs.add(fac.newReference
0N/A ("#xpointer(id('to-be-signed'))",
0N/A fac.newDigestMethod(DigestMethod.SHA1, null),
0N/A Collections.singletonList(fac.newTransform
0N/A (CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, params)),
0N/A null, null));
0N/A
0N/A // create SignedInfo
0N/A SignedInfo si = fac.newSignedInfo(
0N/A fac.newCanonicalizationMethod
0N/A (CanonicalizationMethod.EXCLUSIVE,
0N/A (C14NMethodParameterSpec) null),
0N/A fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
0N/A
0N/A // create KeyInfo
0N/A List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
0N/A kits.add(kifac.newKeyValue(validatingKey));
0N/A KeyInfo ki = kifac.newKeyInfo(kits);
0N/A
0N/A // create Objects
0N/A Document doc = db.newDocument();
0N/A Element baz = doc.createElementNS("urn:bar", "bar:Baz");
0N/A Comment com = doc.createComment(" comment ");
0N/A baz.appendChild(com);
0N/A XMLObject obj = fac.newXMLObject(Collections.singletonList
0N/A (new DOMStructure(baz)), "to-be-signed", null, null);
0N/A
0N/A // create XMLSignature
0N/A XMLSignature sig = fac.newXMLSignature
0N/A (si, ki, Collections.singletonList(obj), null, null);
0N/A
0N/A Element foo = doc.createElementNS("urn:foo", "Foo");
0N/A foo.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "urn:foo");
0N/A foo.setAttributeNS
0N/A ("http://www.w3.org/2000/xmlns/", "xmlns:bar", "urn:bar");
0N/A doc.appendChild(foo);
0N/A
0N/A DOMSignContext dsc = new DOMSignContext(signingKey, foo);
0N/A dsc.putNamespacePrefix(XMLSignature.XMLNS, "dsig");
0N/A
0N/A sig.sign(dsc);
0N/A
0N/A// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
0N/A
0N/A DOMValidateContext dvc = new DOMValidateContext
0N/A (new KeySelectors.KeyValueKeySelector(), foo.getLastChild());
0N/A XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
0N/A
0N/A if (sig.equals(sig2) == false) {
0N/A throw new Exception
0N/A ("Unmarshalled signature is not equal to generated signature");
0N/A }
0N/A if (sig2.validate(dvc) == false) {
0N/A throw new Exception("Validation of generated signature failed");
0N/A }
0N/A System.out.println();
0N/A }
0N/A
0N/A static void test_create_sign_spec() throws Exception {
0N/A System.out.println("* Generating sign-spec.xml");
0N/A List<Reference> refs = new ArrayList<Reference>(2);
0N/A
0N/A // create reference 1
0N/A List<XPathType> types = new ArrayList<XPathType>(3);
0N/A types.add(new XPathType(" //ToBeSigned ", XPathType.Filter.INTERSECT));
0N/A types.add(new XPathType(" //NotToBeSigned ",
0N/A XPathType.Filter.SUBTRACT));
0N/A types.add(new XPathType(" //ReallyToBeSigned ",
0N/A XPathType.Filter.UNION));
0N/A XPathFilter2ParameterSpec xp1 = new XPathFilter2ParameterSpec(types);
0N/A refs.add(fac.newReference
0N/A ("", fac.newDigestMethod(DigestMethod.SHA1, null),
0N/A Collections.singletonList(fac.newTransform(Transform.XPATH2, xp1)),
0N/A null, null));
0N/A
0N/A // create reference 2
0N/A List<Transform> trans2 = new ArrayList<Transform>(2);
0N/A trans2.add(fac.newTransform(Transform.ENVELOPED,
0N/A (TransformParameterSpec) null));
0N/A XPathFilter2ParameterSpec xp2 = new XPathFilter2ParameterSpec
0N/A (Collections.singletonList
0N/A (new XPathType(" / ", XPathType.Filter.UNION)));
0N/A trans2.add(fac.newTransform(Transform.XPATH2, xp2));
0N/A refs.add(fac.newReference("#signature-value",
0N/A fac.newDigestMethod(DigestMethod.SHA1, null), trans2, null, null));
0N/A
0N/A // create SignedInfo
0N/A SignedInfo si = fac.newSignedInfo(
0N/A fac.newCanonicalizationMethod
0N/A (CanonicalizationMethod.INCLUSIVE,
0N/A (C14NMethodParameterSpec) null),
0N/A fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
0N/A
0N/A // create KeyInfo
0N/A List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
0N/A kits.add(kifac.newKeyValue(validatingKey));
0N/A List<Object> xds = new ArrayList<Object>(2);
0N/A xds.add("CN=User");
0N/A xds.add(signingCert);
0N/A kits.add(kifac.newX509Data(xds));
0N/A KeyInfo ki = kifac.newKeyInfo(kits);
0N/A
0N/A // create XMLSignature
0N/A XMLSignature sig = fac.newXMLSignature
0N/A (si, ki, null, null, "signature-value");
0N/A
0N/A Document doc = db.newDocument();
0N/A Element tbs1 = doc.createElementNS(null, "ToBeSigned");
0N/A Comment tbs1Com = doc.createComment(" comment ");
0N/A Element tbs1Data = doc.createElementNS(null, "Data");
0N/A Element tbs1ntbs = doc.createElementNS(null, "NotToBeSigned");
0N/A Element tbs1rtbs = doc.createElementNS(null, "ReallyToBeSigned");
0N/A Comment tbs1rtbsCom = doc.createComment(" comment ");
0N/A Element tbs1rtbsData = doc.createElementNS(null, "Data");
0N/A tbs1rtbs.appendChild(tbs1rtbsCom);
0N/A tbs1rtbs.appendChild(tbs1rtbsData);
0N/A tbs1ntbs.appendChild(tbs1rtbs);
0N/A tbs1.appendChild(tbs1Com);
0N/A tbs1.appendChild(tbs1Data);
0N/A tbs1.appendChild(tbs1ntbs);
0N/A
0N/A Element tbs2 = doc.createElementNS(null, "ToBeSigned");
0N/A Element tbs2Data = doc.createElementNS(null, "Data");
0N/A Element tbs2ntbs = doc.createElementNS(null, "NotToBeSigned");
0N/A Element tbs2ntbsData = doc.createElementNS(null, "Data");
0N/A tbs2ntbs.appendChild(tbs2ntbsData);
0N/A tbs2.appendChild(tbs2Data);
0N/A tbs2.appendChild(tbs2ntbs);
0N/A
0N/A Element document = doc.createElementNS(null, "Document");
0N/A document.appendChild(tbs1);
0N/A document.appendChild(tbs2);
0N/A doc.appendChild(document);
0N/A
0N/A DOMSignContext dsc = new DOMSignContext(signingKey, document);
0N/A
0N/A sig.sign(dsc);
0N/A
0N/A// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
0N/A
0N/A DOMValidateContext dvc = new DOMValidateContext
0N/A (new KeySelectors.KeyValueKeySelector(), document.getLastChild());
0N/A XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
0N/A
0N/A if (sig.equals(sig2) == false) {
0N/A throw new Exception
0N/A ("Unmarshalled signature is not equal to generated signature");
0N/A }
0N/A if (sig2.validate(dvc) == false) {
0N/A throw new Exception("Validation of generated signature failed");
0N/A }
0N/A System.out.println();
0N/A }
0N/A
0N/A private static final String DSA_Y =
0N/A "070662842167565771936588335128634396171789331656318483584455493822" +
0N/A "400811200853331373030669235424928346190274044631949560438023934623" +
0N/A "71310375123430985057160";
0N/A private static final String DSA_P =
0N/A "013232376895198612407547930718267435757728527029623408872245156039" +
0N/A "757713029036368719146452186041204237350521785240337048752071462798" +
0N/A "273003935646236777459223";
0N/A private static final String DSA_Q =
0N/A "0857393771208094202104259627990318636601332086981";
0N/A private static final String DSA_G =
0N/A "054216440574364751416096484883257051280474283943804743768346673007" +
0N/A "661082626139005426812890807137245973106730741193551360857959820973" +
0N/A "90670890367185141189796";
0N/A private static final String DSA_X =
0N/A "0527140396812450214498055937934275626078768840117";
0N/A private static final String RSA_MOD =
0N/A "010800185049102889923150759252557522305032794699952150943573164381" +
0N/A "936603255999071981574575044810461362008102247767482738822150129277" +
0N/A "490998033971789476107463";
0N/A private static final String RSA_PRIV =
0N/A "016116973584421969795445996229612671947635798429212816611707210835" +
0N/A "915586591340598683996088487065438751488342251960069575392056288063" +
0N/A "6800379454345804879553";
0N/A private static final String RSA_PUB = "065537";
0N/A private static final String RSA_1024_MOD = "098871307553789439961130765" +
0N/A "909423744508062468450669519128736624058048856940468016843888594585" +
0N/A "322862378444314635412341974900625010364163960238734457710620107530" +
0N/A "573945081856371709138380902553309075505688814637544923038853658690" +
0N/A "857672483016239697038853418682988686871489963827000080098971762923" +
0N/A "833614557257607521";
0N/A private static final String RSA_1024_PRIV = "03682574144968491431483287" +
0N/A "297021581096848810374110568017963075809477047466189822987258068867" +
0N/A "704855380407747867998863645890602646601140183818953428006646987710" +
0N/A "237008997971129772408397621801631622129297063463868593083106979716" +
0N/A "204903524890556839550490384015324575598723478554854070823335021842" +
0N/A "210112348400928769";
0N/A
0N/A private static PublicKey getPublicKey(String algo) throws Exception {
0N/A return getPublicKey(algo, 512);
0N/A }
0N/A
0N/A private static PublicKey getPublicKey(String algo, int keysize)
0N/A throws Exception {
0N/A KeyFactory kf = KeyFactory.getInstance(algo);
0N/A KeySpec kspec;
0N/A if (algo.equalsIgnoreCase("DSA")) {
0N/A kspec = new DSAPublicKeySpec(new BigInteger(DSA_Y),
0N/A new BigInteger(DSA_P),
0N/A new BigInteger(DSA_Q),
0N/A new BigInteger(DSA_G));
0N/A } else if (algo.equalsIgnoreCase("RSA")) {
0N/A if (keysize == 512) {
0N/A kspec = new RSAPublicKeySpec(new BigInteger(RSA_MOD),
0N/A new BigInteger(RSA_PUB));
0N/A } else {
0N/A kspec = new RSAPublicKeySpec(new BigInteger(RSA_1024_MOD),
0N/A new BigInteger(RSA_PUB));
0N/A }
0N/A } else throw new RuntimeException("Unsupported key algorithm " + algo);
0N/A return kf.generatePublic(kspec);
0N/A }
0N/A
0N/A private static PrivateKey getPrivateKey(String algo) throws Exception {
0N/A return getPrivateKey(algo, 512);
0N/A }
0N/A
0N/A private static PrivateKey getPrivateKey(String algo, int keysize)
0N/A throws Exception {
0N/A KeyFactory kf = KeyFactory.getInstance(algo);
0N/A KeySpec kspec;
0N/A if (algo.equalsIgnoreCase("DSA")) {
0N/A kspec = new DSAPrivateKeySpec
0N/A (new BigInteger(DSA_X), new BigInteger(DSA_P),
0N/A new BigInteger(DSA_Q), new BigInteger(DSA_G));
0N/A } else if (algo.equalsIgnoreCase("RSA")) {
0N/A if (keysize == 512) {
0N/A kspec = new RSAPrivateKeySpec
0N/A (new BigInteger(RSA_MOD), new BigInteger(RSA_PRIV));
0N/A } else {
0N/A kspec = new RSAPrivateKeySpec(new BigInteger(RSA_1024_MOD),
0N/A new BigInteger(RSA_1024_PRIV));
0N/A }
0N/A } else throw new RuntimeException("Unsupported key algorithm " + algo);
0N/A return kf.generatePrivate(kspec);
0N/A }
0N/A
0N/A private static SecretKey getSecretKey(final byte[] secret) {
0N/A return new SecretKey() {
0N/A public String getFormat() { return "RAW"; }
0N/A public byte[] getEncoded() { return secret; }
0N/A public String getAlgorithm(){ return "SECRET"; }
0N/A };
0N/A }
0N/A
0N/A /**
0N/A * This URIDereferencer returns locally cached copies of http content to
0N/A * avoid test failures due to network glitches, etc.
0N/A */
0N/A private static class HttpURIDereferencer implements URIDereferencer {
0N/A private URIDereferencer defaultUd;
0N/A
0N/A HttpURIDereferencer() {
0N/A defaultUd = XMLSignatureFactory.getInstance().getURIDereferencer();
0N/A }
0N/A
0N/A public Data dereference(final URIReference ref, XMLCryptoContext ctx)
0N/A throws URIReferenceException {
0N/A String uri = ref.getURI();
0N/A if (uri.equals(STYLESHEET) || uri.equals(STYLESHEET_B64)) {
0N/A try {
0N/A FileInputStream fis = new FileInputStream(new File
0N/A (DATA_DIR, uri.substring(uri.lastIndexOf('/'))));
0N/A return new OctetStreamData(fis,ref.getURI(),ref.getType());
0N/A } catch (Exception e) { throw new URIReferenceException(e); }
0N/A }
0N/A
0N/A // fallback on builtin deref
0N/A return defaultUd.dereference(ref, ctx);
0N/A }
0N/A }
0N/A}