/*
* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 6436919 6460930
* @summary check that XML Signatures can be generated and validated with
* SecurityManager enabled and default policy
* @run main/othervm XMLDSigWithSecMgr
* @author Sean Mullan
*/
import java.io.*;
import java.net.*;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Policy;
import java.security.URIParameter;
import java.util.ArrayList;
import java.util.Collections;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class XMLDSigWithSecMgr implements Runnable {
private XMLSignatureFactory fac;
private DigestMethod sha1;
private CanonicalizationMethod withoutComments;
private DocumentBuilder db;
private ServerSocket ss;
private void setup() throws Exception {
ss = new ServerSocket(0);
Thread thr = new Thread(this);
thr.start();
fac = XMLSignatureFactory.getInstance();
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
db = dbf.newDocumentBuilder();
sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);
withoutComments = fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null);
}
public void run() {
try {
for (int i=0; i<2; i++) {
Socket s = ss.accept();
s.setTcpNoDelay(true);
PrintStream out = new PrintStream(
new BufferedOutputStream(
s.getOutputStream() ));
out.print("HTTP/1.1 200 OK\r\n");
out.print("Content-Length: 11\r\n");
out.print("Content-Type: text/plain\r\n");
out.print("\r\n");
out.print("l;ajfdjafd\n");
out.flush();
// don't close the connection immediately as otherwise
// the http headers may not have been received and the
// http client will re-connect.
Thread.currentThread().sleep(2000);
s.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
XMLDSigWithSecMgr() throws Exception {
setup();
Document doc = db.newDocument();
Element envelope = doc.createElementNS
("http://example.org/envelope", "Envelope");
envelope.setAttributeNS("http://www.w3.org/2000/xmlns/",
"xmlns", "http://example.org/envelope");
doc.appendChild(envelope);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair kp = kpg.genKeyPair();
// the policy only grants this test SocketPermission to accept, resolve
// and connect to localhost so that it can dereference 2nd reference
URI policyURI =
new File(System.getProperty("test.src", "."), "policy").toURI();
Policy.setPolicy
(Policy.getInstance("JavaPolicy", new URIParameter(policyURI)));
System.setSecurityManager(new SecurityManager());
try {
// generate a signature with SecurityManager enabled
ArrayList refs = new ArrayList();
refs.add(fac.newReference
("", sha1,
Collections.singletonList
(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null));
refs.add(fac.newReference("http://localhost:" + ss.getLocalPort()
+ "/anything.txt", sha1));
SignedInfo si = fac.newSignedInfo(withoutComments,
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);
XMLSignature sig = fac.newXMLSignature(si, null);
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), envelope);
sig.sign(dsc);
// validate a signature with SecurityManager enabled
DOMValidateContext dvc = new DOMValidateContext
(kp.getPublic(), envelope.getFirstChild());
// disable secure validation mode so that http reference will work
dvc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
sig = fac.unmarshalXMLSignature(dvc);
if (!sig.validate(dvc)) {
throw new Exception
("XMLDSigWithSecMgr signature validation FAILED");
}
} catch (SecurityException se) {
throw new Exception("XMLDSigWithSecMgr FAILED", se);
}
ss.close();
}
public static void main(String[] args) throws Exception {
new XMLDSigWithSecMgr();
}
}