1 /* |
1 /* |
2 * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
22 */ |
22 */ |
23 |
23 |
24 /** |
24 /** |
25 * @test |
25 * @test |
26 * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 8038349 8046949 |
26 * @bug 4635230 6283345 6303830 6824440 6867348 7094155 8038184 8038349 8046949 |
|
27 * 8046724 |
27 * @summary Basic unit tests for generating XML Signatures with JSR 105 |
28 * @summary Basic unit tests for generating XML Signatures with JSR 105 |
28 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java |
29 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java |
29 * X509KeySelector.java GenerationTests.java |
30 * X509KeySelector.java GenerationTests.java |
30 * @run main/othervm GenerationTests |
31 * @run main/othervm GenerationTests |
31 * @author Sean Mullan |
32 * @author Sean Mullan |
43 import java.security.cert.X509Certificate; |
44 import java.security.cert.X509Certificate; |
44 import java.security.cert.X509CRL; |
45 import java.security.cert.X509CRL; |
45 import java.security.spec.KeySpec; |
46 import java.security.spec.KeySpec; |
46 import java.security.spec.DSAPrivateKeySpec; |
47 import java.security.spec.DSAPrivateKeySpec; |
47 import java.security.spec.DSAPublicKeySpec; |
48 import java.security.spec.DSAPublicKeySpec; |
|
49 import java.security.spec.ECField; |
|
50 import java.security.spec.ECFieldFp; |
|
51 import java.security.spec.ECParameterSpec; |
|
52 import java.security.spec.ECPoint; |
|
53 import java.security.spec.ECPrivateKeySpec; |
|
54 import java.security.spec.ECPublicKeySpec; |
|
55 import java.security.spec.EllipticCurve; |
48 import java.security.spec.RSAPrivateKeySpec; |
56 import java.security.spec.RSAPrivateKeySpec; |
49 import java.security.spec.RSAPublicKeySpec; |
57 import java.security.spec.RSAPublicKeySpec; |
50 import java.util.*; |
58 import java.util.*; |
51 import javax.crypto.SecretKey; |
59 import javax.crypto.SecretKey; |
52 import javax.xml.XMLConstants; |
60 import javax.xml.XMLConstants; |
79 private static XMLSignatureFactory fac; |
87 private static XMLSignatureFactory fac; |
80 private static KeyInfoFactory kifac; |
88 private static KeyInfoFactory kifac; |
81 private static DocumentBuilder db; |
89 private static DocumentBuilder db; |
82 private static CanonicalizationMethod withoutComments; |
90 private static CanonicalizationMethod withoutComments; |
83 private static SignatureMethod dsaSha1, dsaSha256, rsaSha1, |
91 private static SignatureMethod dsaSha1, dsaSha256, rsaSha1, |
84 rsaSha256, rsaSha384, rsaSha512; |
92 rsaSha256, rsaSha384, rsaSha512, |
|
93 ecdsaSha1; |
85 private static DigestMethod sha1, sha256, sha384, sha512; |
94 private static DigestMethod sha1, sha256, sha384, sha512; |
86 private static KeyInfo dsa1024, dsa2048, rsa, rsa1024; |
95 private static KeyInfo dsa1024, dsa2048, rsa, rsa1024, p256ki; |
87 private static KeySelector kvks = new KeySelectors.KeyValueKeySelector(); |
96 private static KeySelector kvks = new KeySelectors.KeyValueKeySelector(); |
88 private static KeySelector sks; |
97 private static KeySelector sks; |
89 private static Key signingKey; |
98 private static Key signingKey; |
90 private static PublicKey validatingKey; |
99 private static PublicKey validatingKey; |
91 private static Certificate signingCert; |
100 private static Certificate signingCert; |
119 test_create_signature_enveloping_hmac_sha1_40(); |
128 test_create_signature_enveloping_hmac_sha1_40(); |
120 test_create_signature_enveloping_hmac_sha256(); |
129 test_create_signature_enveloping_hmac_sha256(); |
121 test_create_signature_enveloping_hmac_sha384(); |
130 test_create_signature_enveloping_hmac_sha384(); |
122 test_create_signature_enveloping_hmac_sha512(); |
131 test_create_signature_enveloping_hmac_sha512(); |
123 test_create_signature_enveloping_rsa(); |
132 test_create_signature_enveloping_rsa(); |
|
133 test_create_signature_enveloping_p256_sha1(); |
124 test_create_signature_external_b64_dsa(); |
134 test_create_signature_external_b64_dsa(); |
125 test_create_signature_external_dsa(); |
135 test_create_signature_external_dsa(); |
126 test_create_signature_keyname(); |
136 test_create_signature_keyname(); |
127 test_create_signature_retrievalmethod_rawx509crt(); |
137 test_create_signature_retrievalmethod_rawx509crt(); |
128 test_create_signature_x509_crt_crl(); |
138 test_create_signature_x509_crt_crl(); |
173 (kifac.newKeyValue(getPublicKey("DSA", 2048)))); |
183 (kifac.newKeyValue(getPublicKey("DSA", 2048)))); |
174 rsa = kifac.newKeyInfo(Collections.singletonList |
184 rsa = kifac.newKeyInfo(Collections.singletonList |
175 (kifac.newKeyValue(getPublicKey("RSA", 512)))); |
185 (kifac.newKeyValue(getPublicKey("RSA", 512)))); |
176 rsa1024 = kifac.newKeyInfo(Collections.singletonList |
186 rsa1024 = kifac.newKeyInfo(Collections.singletonList |
177 (kifac.newKeyValue(getPublicKey("RSA", 1024)))); |
187 (kifac.newKeyValue(getPublicKey("RSA", 1024)))); |
|
188 p256ki = kifac.newKeyInfo(Collections.singletonList |
|
189 (kifac.newKeyValue(getECPublicKey()))); |
178 rsaSha1 = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null); |
190 rsaSha1 = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null); |
179 rsaSha256 = fac.newSignatureMethod |
191 rsaSha256 = fac.newSignatureMethod |
180 ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null); |
192 ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null); |
181 rsaSha384 = fac.newSignatureMethod |
193 rsaSha384 = fac.newSignatureMethod |
182 ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null); |
194 ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null); |
183 rsaSha512 = fac.newSignatureMethod |
195 rsaSha512 = fac.newSignatureMethod |
184 ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null); |
196 ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null); |
|
197 ecdsaSha1 = fac.newSignatureMethod |
|
198 ("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", null); |
185 sks = new KeySelectors.SecretKeySelector("secret".getBytes("ASCII")); |
199 sks = new KeySelectors.SecretKeySelector("secret".getBytes("ASCII")); |
186 |
200 |
187 httpUd = new HttpURIDereferencer(); |
201 httpUd = new HttpURIDereferencer(); |
188 } |
202 } |
189 |
203 |
337 static void test_create_signature_enveloping_sha512_rsa_sha512() |
351 static void test_create_signature_enveloping_sha512_rsa_sha512() |
338 throws Exception { |
352 throws Exception { |
339 System.out.println("* Generating signature-enveloping-sha512-rsa_sha512.xml"); |
353 System.out.println("* Generating signature-enveloping-sha512-rsa_sha512.xml"); |
340 test_create_signature_enveloping(sha512, rsaSha512, rsa1024, |
354 test_create_signature_enveloping(sha512, rsaSha512, rsa1024, |
341 getPrivateKey("RSA", 1024), kvks, false); |
355 getPrivateKey("RSA", 1024), kvks, false); |
|
356 System.out.println(); |
|
357 } |
|
358 |
|
359 static void test_create_signature_enveloping_p256_sha1() throws Exception { |
|
360 System.out.println("* Generating signature-enveloping-p256-sha1.xml"); |
|
361 test_create_signature_enveloping(sha1, ecdsaSha1, p256ki, |
|
362 getECPrivateKey(), kvks, false); |
342 System.out.println(); |
363 System.out.println(); |
343 } |
364 } |
344 |
365 |
345 static void test_create_signature_external_b64_dsa() throws Exception { |
366 static void test_create_signature_external_b64_dsa() throws Exception { |
346 System.out.println("* Generating signature-external-b64-dsa.xml"); |
367 System.out.println("* Generating signature-external-b64-dsa.xml"); |
1166 "297021581096848810374110568017963075809477047466189822987258068867" + |
1187 "297021581096848810374110568017963075809477047466189822987258068867" + |
1167 "704855380407747867998863645890602646601140183818953428006646987710" + |
1188 "704855380407747867998863645890602646601140183818953428006646987710" + |
1168 "237008997971129772408397621801631622129297063463868593083106979716" + |
1189 "237008997971129772408397621801631622129297063463868593083106979716" + |
1169 "204903524890556839550490384015324575598723478554854070823335021842" + |
1190 "204903524890556839550490384015324575598723478554854070823335021842" + |
1170 "210112348400928769"; |
1191 "210112348400928769"; |
1171 |
1192 private static final String EC_X = |
|
1193 "335863644451761614592446380116804721648611739647823420286081723541" + |
|
1194 "6166183710"; |
|
1195 private static final String EC_Y = |
|
1196 "951559601159729477487064127150143688502130342917782252098602422796" + |
|
1197 "95457910701"; |
|
1198 private static final String EC_S = |
|
1199 "425976209773168452211813225517384419928639977904006759709292218082" + |
|
1200 "7440083936"; |
|
1201 private static final ECParameterSpec EC_PARAMS; |
|
1202 |
|
1203 static { |
|
1204 final String ec_sfield, ec_a, ec_b, ec_gx, ec_gy, ec_n; |
|
1205 ec_sfield = |
|
1206 "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"; |
|
1207 ec_a = |
|
1208 "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"; |
|
1209 ec_b = |
|
1210 "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"; |
|
1211 ec_gx = |
|
1212 "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; |
|
1213 ec_gy = |
|
1214 "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"; |
|
1215 ec_n = |
|
1216 "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"; |
|
1217 final int ec_h = 1; |
|
1218 final ECField ec_field = new ECFieldFp(bigInt(ec_sfield)); |
|
1219 final EllipticCurve ec_curve = new EllipticCurve(ec_field, |
|
1220 bigInt(ec_a), bigInt(ec_b)); |
|
1221 final ECPoint ec_g = new ECPoint(bigInt(ec_gx), bigInt(ec_gy)); |
|
1222 EC_PARAMS = new ECParameterSpec(ec_curve, ec_g, bigInt(ec_n), ec_h); |
|
1223 } |
|
1224 |
|
1225 private static BigInteger bigInt(String s) { |
|
1226 return new BigInteger(s, 16); |
|
1227 } |
1172 private static PublicKey getPublicKey(String algo, int keysize) |
1228 private static PublicKey getPublicKey(String algo, int keysize) |
1173 throws Exception { |
1229 throws Exception { |
1174 KeyFactory kf = KeyFactory.getInstance(algo); |
1230 KeyFactory kf = KeyFactory.getInstance(algo); |
1175 KeySpec kspec; |
1231 KeySpec kspec; |
1176 if (algo.equalsIgnoreCase("DSA")) { |
1232 if (algo.equalsIgnoreCase("DSA")) { |
1195 } else throw new RuntimeException("Unsupported keysize:" + keysize); |
1251 } else throw new RuntimeException("Unsupported keysize:" + keysize); |
1196 } else throw new RuntimeException("Unsupported key algorithm " + algo); |
1252 } else throw new RuntimeException("Unsupported key algorithm " + algo); |
1197 return kf.generatePublic(kspec); |
1253 return kf.generatePublic(kspec); |
1198 } |
1254 } |
1199 |
1255 |
|
1256 private static PublicKey getECPublicKey() throws Exception { |
|
1257 KeyFactory kf = KeyFactory.getInstance("EC"); |
|
1258 KeySpec kspec = new ECPublicKeySpec(new ECPoint(new BigInteger(EC_X), |
|
1259 new BigInteger(EC_Y)), |
|
1260 EC_PARAMS); |
|
1261 return kf.generatePublic(kspec); |
|
1262 } |
|
1263 |
1200 private static PrivateKey getPrivateKey(String algo, int keysize) |
1264 private static PrivateKey getPrivateKey(String algo, int keysize) |
1201 throws Exception { |
1265 throws Exception { |
1202 KeyFactory kf = KeyFactory.getInstance(algo); |
1266 KeyFactory kf = KeyFactory.getInstance(algo); |
1203 KeySpec kspec; |
1267 KeySpec kspec; |
1204 if (algo.equalsIgnoreCase("DSA")) { |
1268 if (algo.equalsIgnoreCase("DSA")) { |
1221 } |
1285 } |
1222 } else throw new RuntimeException("Unsupported key algorithm " + algo); |
1286 } else throw new RuntimeException("Unsupported key algorithm " + algo); |
1223 return kf.generatePrivate(kspec); |
1287 return kf.generatePrivate(kspec); |
1224 } |
1288 } |
1225 |
1289 |
|
1290 private static PrivateKey getECPrivateKey() throws Exception { |
|
1291 KeyFactory kf = KeyFactory.getInstance("EC"); |
|
1292 KeySpec kspec = new ECPrivateKeySpec(new BigInteger(EC_S), EC_PARAMS); |
|
1293 return kf.generatePrivate(kspec); |
|
1294 } |
|
1295 |
1226 private static SecretKey getSecretKey(final byte[] secret) { |
1296 private static SecretKey getSecretKey(final byte[] secret) { |
1227 return new SecretKey() { |
1297 return new SecretKey() { |
1228 public String getFormat() { return "RAW"; } |
1298 public String getFormat() { return "RAW"; } |
1229 public byte[] getEncoded() { return secret; } |
1299 public byte[] getEncoded() { return secret; } |
1230 public String getAlgorithm(){ return "SECRET"; } |
1300 public String getAlgorithm(){ return "SECRET"; } |