0N/A/*
6159N/A * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/**
0N/A * @test
4604N/A * @bug 4635230 6365103 6366054 6824440 7131084
0N/A * @summary Basic unit tests for validating XML Signatures with JSR 105
0N/A * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java
0N/A * X509KeySelector.java ValidationTests.java
6159N/A * @run main/othervm ValidationTests
0N/A * @author Sean Mullan
0N/A */
0N/Aimport java.io.File;
0N/Aimport java.io.FileInputStream;
0N/Aimport java.security.*;
0N/Aimport javax.xml.crypto.Data;
0N/Aimport javax.xml.crypto.KeySelector;
0N/Aimport javax.xml.crypto.OctetStreamData;
0N/Aimport javax.xml.crypto.URIDereferencer;
0N/Aimport javax.xml.crypto.URIReference;
0N/Aimport javax.xml.crypto.URIReferenceException;
0N/Aimport javax.xml.crypto.XMLCryptoContext;
1515N/Aimport javax.xml.crypto.dsig.XMLSignatureException;
0N/Aimport javax.xml.crypto.dsig.XMLSignatureFactory;
0N/A
0N/Apublic class ValidationTests {
0N/A
0N/A private static SignatureValidator validator;
0N/A private final static String DIR = System.getProperty("test.src", ".");
0N/A private final static String DATA_DIR =
0N/A DIR + System.getProperty("file.separator") + "data";
0N/A private final static String KEYSTORE =
0N/A DATA_DIR + System.getProperty("file.separator") + "certs" +
0N/A System.getProperty("file.separator") + "xmldsig.jks";
0N/A private final static String STYLESHEET =
0N/A "http://www.w3.org/TR/xml-stylesheet";
0N/A private final static String STYLESHEET_B64 =
0N/A "http://www.w3.org/Signature/2002/04/xml-stylesheet.b64";
0N/A
4604N/A static class Test {
4604N/A String file;
4604N/A KeySelector ks;
4604N/A Test(String file, KeySelector ks) {
4604N/A this.file = file;
4604N/A this.ks = ks;
4604N/A }
4604N/A }
0N/A
0N/A static KeySelector skks;
0N/A static {
0N/A try {
0N/A skks =
0N/A new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));
0N/A } catch (Exception e) {
0N/A //should not occur
0N/A }
0N/A }
0N/A private final static KeySelector SKKS = skks;
0N/A private final static KeySelector KVKS =
0N/A new KeySelectors.KeyValueKeySelector();
0N/A private final static KeySelector CKS =
0N/A new KeySelectors.CollectionKeySelector(new File(DATA_DIR));
0N/A private final static KeySelector RXKS =
0N/A new KeySelectors.RawX509KeySelector();
0N/A private final static KeySelector XKS = null;
4604N/A private static URIDereferencer httpUd = null;
4604N/A
4604N/A private final static Test[] VALID_TESTS = {
4604N/A new Test("signature-enveloped-dsa.xml", KVKS),
4604N/A new Test("signature-enveloping-b64-dsa.xml", KVKS),
4604N/A new Test("signature-enveloping-dsa.xml", KVKS),
4604N/A new Test("signature-enveloping-rsa.xml", KVKS),
4604N/A new Test("signature-enveloping-hmac-sha1.xml", SKKS),
4604N/A new Test("signature-external-dsa.xml", KVKS),
4604N/A new Test("signature-external-b64-dsa.xml", KVKS),
4604N/A new Test("signature-retrievalmethod-rawx509crt.xml", CKS),
4604N/A new Test("signature-keyname.xml", CKS),
4604N/A new Test("signature-x509-crt-crl.xml", RXKS),
4604N/A new Test("signature-x509-crt.xml", RXKS),
4604N/A new Test("signature-x509-is.xml", CKS),
4604N/A new Test("signature-x509-ski.xml", CKS),
4604N/A new Test("signature-x509-sn.xml", CKS),
4604N/A new Test("signature.xml", XKS),
4604N/A new Test("exc-signature.xml", KVKS),
4604N/A new Test("sign-spec.xml", RXKS),
4604N/A new Test("xmldsig-xfilter2.xml", KVKS)
0N/A };
4604N/A
4604N/A private final static Test[] INVALID_TESTS = {
4604N/A new Test("signature-enveloping-hmac-sha1-40.xml", SKKS),
4604N/A new Test("signature-enveloping-hmac-sha1-trunclen-0-attack.xml", SKKS),
4604N/A new Test("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", SKKS)
4604N/A };
0N/A
0N/A public static void main(String args[]) throws Exception {
0N/A httpUd = new HttpURIDereferencer();
0N/A
0N/A validator = new SignatureValidator(new File(DATA_DIR));
0N/A
0N/A boolean atLeastOneFailed = false;
4604N/A for (Test test : VALID_TESTS) {
4604N/A System.out.println("Validating " + test.file);
4604N/A if (test_signature(test)) {
0N/A System.out.println("PASSED");
0N/A } else {
0N/A System.out.println("FAILED");
0N/A atLeastOneFailed = true;
0N/A }
0N/A }
0N/A // test with reference caching enabled
0N/A System.out.println("Validating sign-spec.xml with caching enabled");
4604N/A if (test_signature(new Test("sign-spec.xml", RXKS), true)) {
0N/A System.out.println("PASSED");
0N/A } else {
0N/A System.out.println("FAILED");
0N/A atLeastOneFailed = true;
0N/A }
0N/A
4604N/A for (Test test : INVALID_TESTS) {
4604N/A System.out.println("Validating " + test.file);
4604N/A try {
4604N/A test_signature(test);
4604N/A System.out.println("FAILED");
4604N/A atLeastOneFailed = true;
4604N/A } catch (XMLSignatureException xse) {
4604N/A System.out.println(xse.getMessage());
4604N/A System.out.println("PASSED");
4604N/A }
1515N/A }
1515N/A
0N/A if (atLeastOneFailed) {
0N/A throw new Exception
0N/A ("At least one signature did not validate as expected");
0N/A }
0N/A }
0N/A
4604N/A public static boolean test_signature(Test test) throws Exception {
4604N/A return test_signature(test, false);
0N/A }
0N/A
4604N/A public static boolean test_signature(Test test, boolean cache)
4604N/A throws Exception
4604N/A {
4604N/A if (test.ks == null) {
0N/A KeyStore keystore = KeyStore.getInstance("JKS");
4604N/A try (FileInputStream fis = new FileInputStream(KEYSTORE)) {
4604N/A keystore.load(fis, "changeit".toCharArray());
4604N/A test.ks = new X509KeySelector(keystore, false);
4604N/A }
0N/A }
4604N/A return validator.validate(test.file, test.ks, httpUd, cache);
0N/A }
0N/A
0N/A /**
0N/A * This URIDereferencer returns locally cached copies of http content to
0N/A * avoid test failures due to network glitches, etc.
0N/A */
0N/A private static class HttpURIDereferencer implements URIDereferencer {
0N/A private URIDereferencer defaultUd;
0N/A
0N/A HttpURIDereferencer() {
0N/A defaultUd = XMLSignatureFactory.getInstance().getURIDereferencer();
0N/A }
0N/A
0N/A public Data dereference(final URIReference ref, XMLCryptoContext ctx)
0N/A throws URIReferenceException {
0N/A String uri = ref.getURI();
0N/A if (uri.equals(STYLESHEET) || uri.equals(STYLESHEET_B64)) {
0N/A try {
0N/A FileInputStream fis = new FileInputStream(new File
0N/A (DATA_DIR, uri.substring(uri.lastIndexOf('/'))));
0N/A return new OctetStreamData(fis,ref.getURI(),ref.getType());
0N/A } catch (Exception e) { throw new URIReferenceException(e); }
0N/A }
0N/A
0N/A // fallback on builtin deref
0N/A return defaultUd.dereference(ref, ctx);
0N/A }
0N/A }
0N/A}