/*

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

/**

 * @test

 * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 8038349 8046949

 * @summary Basic unit tests for generating XML Signatures with JSR 105

 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java

 *     X509KeySelector.java GenerationTests.java

 * @run main/othervm GenerationTests

 * @author Sean Mullan

 */

import java.io.*;

import java.math.BigInteger;

import java.security.Key;

import java.security.KeyFactory;

import java.security.KeyStore;

import java.security.PrivateKey;

import java.security.PublicKey;

import java.security.cert.Certificate;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.security.cert.X509CRL;

import java.security.spec.KeySpec;

import java.security.spec.DSAPrivateKeySpec;

import java.security.spec.DSAPublicKeySpec;

import java.security.spec.RSAPrivateKeySpec;

import java.security.spec.RSAPublicKeySpec;

import java.util.*;

import javax.crypto.SecretKey;

import javax.xml.XMLConstants;

import javax.xml.parsers.*;

import org.w3c.dom.*;

import javax.xml.crypto.Data;

import javax.xml.crypto.KeySelector;

import javax.xml.crypto.OctetStreamData;

import javax.xml.crypto.URIDereferencer;

import javax.xml.crypto.URIReference;

import javax.xml.crypto.URIReferenceException;

import javax.xml.crypto.XMLCryptoContext;

import javax.xml.crypto.XMLStructure;

import javax.xml.crypto.dsig.*;

import javax.xml.crypto.dom.*;

import javax.xml.crypto.dsig.dom.DOMSignContext;

import javax.xml.crypto.dsig.dom.DOMValidateContext;

import javax.xml.crypto.dsig.keyinfo.*;

import javax.xml.crypto.dsig.spec.*;

import javax.xml.transform.*;

import javax.xml.transform.dom.DOMSource;

import javax.xml.transform.stream.StreamResult;

/**

 * Test that recreates merlin-xmldsig-twenty-three test vectors but with

 * different keys and X.509 data.

 */

public class GenerationTests {

    private static XMLSignatureFactory fac;

    private static KeyInfoFactory kifac;

    private static DocumentBuilder db;

    private static CanonicalizationMethod withoutComments;

    private static SignatureMethod dsaSha1, dsaSha256, rsaSha1,

    private static DigestMethod sha1, sha256, sha384, sha512;

    private static KeySelector kvks = new KeySelectors.KeyValueKeySelector();

    private static KeySelector sks;

    private static Key signingKey;

    private static PublicKey validatingKey;

    private static Certificate signingCert;

    private static KeyStore ks;

    private final static String DIR = System.getProperty("test.src", ".");

//    private final static String DIR = ".";

    private final static String DATA_DIR =

        DIR + System.getProperty("file.separator") + "data";

    private final static String KEYSTORE =

        DATA_DIR + System.getProperty("file.separator") + "certs" +

        System.getProperty("file.separator") + "test.jks";

    private final static String CRL =

        DATA_DIR + System.getProperty("file.separator") + "certs" +

        System.getProperty("file.separator") + "crl";

    private final static String ENVELOPE =

        DATA_DIR + System.getProperty("file.separator") + "envelope.xml";

    private static URIDereferencer httpUd = null;

    private final static String STYLESHEET =

        "http://www.w3.org/TR/xml-stylesheet";

    private final static String STYLESHEET_B64 =

        "http://www.w3.org/Signature/2002/04/xml-stylesheet.b64";

    private final static String DSA_SHA256 =

        "http://www.w3.org/2009/xmldsig11#dsa-sha256";

    public static void main(String args[]) throws Exception {

        setup();

        test_create_signature_enveloped_dsa(1024);

        test_create_signature_enveloped_dsa(2048);

        test_create_signature_enveloping_b64_dsa();

        test_create_signature_enveloping_dsa();

        test_create_signature_enveloping_hmac_sha1_40();

        test_create_signature_enveloping_hmac_sha256();

        test_create_signature_enveloping_hmac_sha384();

        test_create_signature_enveloping_hmac_sha512();

        test_create_signature_enveloping_rsa();

        test_create_signature_external_b64_dsa();

        test_create_signature_external_dsa();

        test_create_signature_keyname();

        test_create_signature_retrievalmethod_rawx509crt();

        test_create_signature_x509_crt_crl();

        test_create_signature_x509_crt();

        test_create_signature_x509_is();

        test_create_signature_x509_ski();

        test_create_signature_x509_sn();

        test_create_signature();

        test_create_exc_signature();

        test_create_sign_spec();

        test_create_signature_enveloping_sha256_dsa();

        test_create_signature_enveloping_sha384_rsa_sha256();

        test_create_signature_enveloping_sha512_rsa_sha384();

        test_create_signature_enveloping_sha512_rsa_sha512();

        test_create_signature_reference_dependency();

        test_create_signature_with_attr_in_no_namespace();

        test_create_signature_with_empty_id();

    }

    private static void setup() throws Exception {

        fac = XMLSignatureFactory.getInstance();

        kifac = fac.getKeyInfoFactory();

        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

        dbf.setNamespaceAware(true);

        db = dbf.newDocumentBuilder();

        // get key & self-signed certificate from keystore

        FileInputStream fis = new FileInputStream(KEYSTORE);

        ks = KeyStore.getInstance("JKS");

        ks.load(fis, "changeit".toCharArray());

        signingKey = ks.getKey("user", "changeit".toCharArray());

        signingCert = ks.getCertificate("user");

        validatingKey = signingCert.getPublicKey();

        // create common objects

        withoutComments = fac.newCanonicalizationMethod

            (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null);

        dsaSha1 = fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null);

        dsaSha256 = fac.newSignatureMethod(DSA_SHA256, null);

        sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);

        sha256 = fac.newDigestMethod(DigestMethod.SHA256, null);

        sha384 = fac.newDigestMethod

            ("http://www.w3.org/2001/04/xmldsig-more#sha384", null);

        sha512 = fac.newDigestMethod(DigestMethod.SHA512, null);

        dsa1024 = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyValue(validatingKey)));

        dsa2048 = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyValue(getPublicKey("DSA", 2048))));

        rsa = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyValue(getPublicKey("RSA", 512))));

        rsa1024 = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyValue(getPublicKey("RSA", 1024))));

        rsaSha1 = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null);

        rsaSha256 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);

        rsaSha384 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null);

        rsaSha512 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null);

        sks = new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));

        httpUd = new HttpURIDereferencer();

    }

    static void test_create_signature_enveloped_dsa(int size) throws Exception {

        System.out.println("* Generating signature-enveloped-dsa-"

                           + size + ".xml");

        SignatureMethod sm = null;

        KeyInfo ki = null;

        Key privKey;

        if (size == 1024) {

            sm = dsaSha1;

            ki = dsa1024;

            privKey = signingKey;

        } else if (size == 2048) {

            sm = dsaSha256;

            ki = dsa2048;

            privKey = getPrivateKey("DSA", 2048);

        } else throw new RuntimeException("unsupported keysize:" + size);

        // create SignedInfo

        SignedInfo si = fac.newSignedInfo

            (withoutComments, sm, Collections.singletonList

                (fac.newReference

                    ("", sha1, Collections.singletonList

                        (fac.newTransform(Transform.ENVELOPED,

                            (TransformParameterSpec) null)),

                 null, null)));

        // create XMLSignature

        XMLSignature sig = fac.newXMLSignature(si, ki);

        Document doc = db.newDocument();

        Element envelope = doc.createElementNS

            ("http://example.org/envelope", "Envelope");

        envelope.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI,

            "xmlns", "http://example.org/envelope");

        doc.appendChild(envelope);

        DOMSignContext dsc = new DOMSignContext(privKey, envelope);

        sig.sign(dsc);

//        StringWriter sw = new StringWriter();

//        dumpDocument(doc, sw);

//        System.out.println(sw.toString());

        DOMValidateContext dvc = new DOMValidateContext

            (kvks, envelope.getFirstChild());

        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);

        if (sig.equals(sig2) == false) {

            throw new Exception

                ("Unmarshalled signature is not equal to generated signature");

        }

        if (sig2.validate(dvc) == false) {

            throw new Exception("Validation of generated signature failed");

        }

        System.out.println();

    }

    static void test_create_signature_enveloping_b64_dsa() throws Exception {

        System.out.println("* Generating signature-enveloping-b64-dsa.xml");

        test_create_signature_enveloping

            (sha1, dsaSha1, dsa1024, signingKey, kvks, true);

        System.out.println();

    }

    static void test_create_signature_enveloping_dsa() throws Exception {

        System.out.println("* Generating signature-enveloping-dsa.xml");

        test_create_signature_enveloping

            (sha1, dsaSha1, dsa1024, signingKey, kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_sha256_dsa() throws Exception {

        System.out.println("* Generating signature-enveloping-sha256-dsa.xml");

        test_create_signature_enveloping

            (sha256, dsaSha1, dsa1024, signingKey, kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_hmac_sha1_40()

        throws Exception {

        System.out.println("* Generating signature-enveloping-hmac-sha1-40.xml");

        SignatureMethod hmacSha1 = fac.newSignatureMethod

            (SignatureMethod.HMAC_SHA1, new HMACParameterSpec(40));

        try {

            test_create_signature_enveloping(sha1, hmacSha1, null,

                getSecretKey("secret".getBytes("ASCII")), sks, false);

        } catch (Exception e) {

            if (!(e instanceof XMLSignatureException)) {

                throw e;

            }

        }

        System.out.println();

    }

    static void test_create_signature_enveloping_hmac_sha256()

        throws Exception {

        System.out.println("* Generating signature-enveloping-hmac-sha256.xml");

        SignatureMethod hmacSha256 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", null);

        test_create_signature_enveloping(sha1, hmacSha256, null,

            getSecretKey("secret".getBytes("ASCII")), sks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_hmac_sha384()

        throws Exception {

        System.out.println("* Generating signature-enveloping-hmac-sha384.xml");

        SignatureMethod hmacSha384 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", null);

        test_create_signature_enveloping(sha1, hmacSha384, null,

            getSecretKey("secret".getBytes("ASCII")), sks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_hmac_sha512()

        throws Exception {

        System.out.println("* Generating signature-enveloping-hmac-sha512.xml");

        SignatureMethod hmacSha512 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", null);

        test_create_signature_enveloping(sha1, hmacSha512, null,

            getSecretKey("secret".getBytes("ASCII")), sks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_rsa() throws Exception {

        System.out.println("* Generating signature-enveloping-rsa.xml");

        test_create_signature_enveloping(sha1, rsaSha1, rsa,

            getPrivateKey("RSA", 512), kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_sha384_rsa_sha256()

        throws Exception {

        System.out.println("* Generating signature-enveloping-sha384-rsa_sha256.xml");

        test_create_signature_enveloping(sha384, rsaSha256, rsa,

            getPrivateKey("RSA", 512), kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_sha512_rsa_sha384()

        throws Exception {

        System.out.println("* Generating signature-enveloping-sha512-rsa_sha384.xml");

        test_create_signature_enveloping(sha512, rsaSha384, rsa1024,

            getPrivateKey("RSA", 1024), kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_sha512_rsa_sha512()

        throws Exception {

        System.out.println("* Generating signature-enveloping-sha512-rsa_sha512.xml");

        test_create_signature_enveloping(sha512, rsaSha512, rsa1024,

            getPrivateKey("RSA", 1024), kvks, false);

        System.out.println();

    }

    static void test_create_signature_external_b64_dsa() throws Exception {

        System.out.println("* Generating signature-external-b64-dsa.xml");

        test_create_signature_external(dsaSha1, dsa1024, signingKey, kvks, true);

        System.out.println();

    }

    static void test_create_signature_external_dsa() throws Exception {

        System.out.println("* Generating signature-external-dsa.xml");

        test_create_signature_external(dsaSha1, dsa1024, signingKey, kvks, false);

        System.out.println();

    }

    static void test_create_signature_keyname() throws Exception {

        System.out.println("* Generating signature-keyname.xml");

        KeyInfo kn = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyName("user")));

        test_create_signature_external(dsaSha1, kn, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_retrievalmethod_rawx509crt()

        throws Exception {

        System.out.println(

            "* Generating signature-retrievalmethod-rawx509crt.xml");

        KeyInfo rm = kifac.newKeyInfo(Collections.singletonList

            (kifac.newRetrievalMethod

            ("certs/user.crt", X509Data.RAW_X509_CERTIFICATE_TYPE, null)));

        test_create_signature_external(dsaSha1, rm, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_x509_crt_crl() throws Exception {

        System.out.println("* Generating signature-x509-crt-crl.xml");

        List<Object> xds = new ArrayList<>();

        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        xds.add(signingCert);

        FileInputStream fis = new FileInputStream(CRL);

        X509CRL crl = (X509CRL) cf.generateCRL(fis);

        fis.close();

        xds.add(crl);

        KeyInfo crt_crl = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(xds)));

        test_create_signature_external(dsaSha1, crt_crl, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_x509_crt() throws Exception {

        System.out.println("* Generating signature-x509-crt.xml");

        KeyInfo crt = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(Collections.singletonList(signingCert))));

        test_create_signature_external(dsaSha1, crt, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_x509_is() throws Exception {

        System.out.println("* Generating signature-x509-is.xml");

        KeyInfo is = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(Collections.singletonList

            (kifac.newX509IssuerSerial

            ("CN=User", new BigInteger("45ef2729", 16))))));

        test_create_signature_external(dsaSha1, is, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_x509_ski() throws Exception {

        System.out.println("* Generating signature-x509-ski.xml");

        KeyInfo ski = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(Collections.singletonList

            ("keyid".getBytes("ASCII")))));

        test_create_signature_external(dsaSha1, ski, signingKey,

            KeySelector.singletonKeySelector(validatingKey), false);

        System.out.println();

    }

    static void test_create_signature_x509_sn() throws Exception {

        System.out.println("* Generating signature-x509-sn.xml");

        KeyInfo sn = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(Collections.singletonList("CN=User"))));

        test_create_signature_external(dsaSha1, sn, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_reference_dependency() throws Exception {

        System.out.println("* Generating signature-reference-dependency.xml");

        // create references

        List<Reference> refs = Collections.singletonList

            (fac.newReference("#object-1", sha1));

        // create SignedInfo

        SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);

        // create objects

        List<XMLObject> objs = new ArrayList<>();

        // Object 1

        List<Reference> manRefs = Collections.singletonList

            (fac.newReference("#object-2", sha1));

        objs.add(fac.newXMLObject(Collections.singletonList

            (fac.newManifest(manRefs, "manifest-1")), "object-1", null, null));

        // Object 2

        Document doc = db.newDocument();

        Element nc = doc.createElementNS(null, "NonCommentandus");

        nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");

        nc.appendChild(doc.createComment(" Commentandum "));

        objs.add(fac.newXMLObject(Collections.singletonList

            (new DOMStructure(nc)), "object-2", null, null));

        // create XMLSignature

        XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null);

        DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);

        sig.sign(dsc);

//      dumpDocument(doc, new PrintWriter(System.out));

        DOMValidateContext dvc = new DOMValidateContext

            (kvks, doc.getDocumentElement());

        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);

        if (sig.equals(sig2) == false) {

            throw new Exception

                ("Unmarshalled signature is not equal to generated signature");

        }

        if (sig2.validate(dvc) == false) {

            throw new Exception("Validation of generated signature failed");

        }

        System.out.println();

    }

    static void test_create_signature_with_attr_in_no_namespace()

        throws Exception

    {

        System.out.println

            ("* Generating signature-with-attr-in-no-namespace.xml");

        // create references

        List<Reference> refs = Collections.singletonList