jdk/test/javax/xml/crypto/dsig/GenerationTests.java
author mullan
Mon, 22 Nov 2010 10:16:07 -0500
changeset 7291 9fefa2786251
parent 5506 202f599c92aa
child 10888 1aa4710eb4f6
permissions -rw-r--r--
6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile Reviewed-by: mchung
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     1
/*
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4506
diff changeset
     2
 * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     4
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load
duke
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
90ce3da70b43 Initial load
duke
parents:
diff changeset
     7
 * published by the Free Software Foundation.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     8
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
     9
 * This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load
duke
parents:
diff changeset
    10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
90ce3da70b43 Initial load
duke
parents:
diff changeset
    12
 * version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    13
 * accompanied this code).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    14
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    15
 * You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load
duke
parents:
diff changeset
    16
 * 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    18
 *
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4506
diff changeset
    19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4506
diff changeset
    20
 * or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 4506
diff changeset
    21
 * questions.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    22
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    23
90ce3da70b43 Initial load
duke
parents:
diff changeset
    24
/**
90ce3da70b43 Initial load
duke
parents:
diff changeset
    25
 * @test
4506
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
    26
 * @bug 4635230 6283345 6303830 6824440 6867348
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    27
 * @summary Basic unit tests for generating XML Signatures with JSR 105
90ce3da70b43 Initial load
duke
parents:
diff changeset
    28
 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java
90ce3da70b43 Initial load
duke
parents:
diff changeset
    29
 *     X509KeySelector.java GenerationTests.java
90ce3da70b43 Initial load
duke
parents:
diff changeset
    30
 * @run main GenerationTests
90ce3da70b43 Initial load
duke
parents:
diff changeset
    31
 * @author Sean Mullan
90ce3da70b43 Initial load
duke
parents:
diff changeset
    32
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    33
90ce3da70b43 Initial load
duke
parents:
diff changeset
    34
import java.io.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    35
import java.math.BigInteger;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    36
import java.security.Key;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    37
import java.security.KeyFactory;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    38
import java.security.KeyStore;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    39
import java.security.PrivateKey;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    40
import java.security.PublicKey;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    41
import java.security.cert.Certificate;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    42
import java.security.cert.CertificateFactory;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    43
import java.security.cert.X509Certificate;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    44
import java.security.cert.X509CRL;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    45
import java.security.spec.KeySpec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    46
import java.security.spec.DSAPrivateKeySpec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    47
import java.security.spec.DSAPublicKeySpec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    48
import java.security.spec.RSAPrivateKeySpec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    49
import java.security.spec.RSAPublicKeySpec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    50
import java.util.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    51
import javax.crypto.SecretKey;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    52
import javax.xml.XMLConstants;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    53
import javax.xml.parsers.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    54
import org.w3c.dom.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    55
import javax.xml.crypto.Data;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    56
import javax.xml.crypto.KeySelector;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    57
import javax.xml.crypto.OctetStreamData;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    58
import javax.xml.crypto.URIDereferencer;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    59
import javax.xml.crypto.URIReference;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    60
import javax.xml.crypto.URIReferenceException;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    61
import javax.xml.crypto.XMLCryptoContext;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    62
import javax.xml.crypto.XMLStructure;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    63
import javax.xml.crypto.dsig.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    64
import javax.xml.crypto.dom.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    65
import javax.xml.crypto.dsig.dom.DOMSignContext;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    66
import javax.xml.crypto.dsig.dom.DOMValidateContext;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    67
import javax.xml.crypto.dsig.keyinfo.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    68
import javax.xml.crypto.dsig.spec.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    69
import javax.xml.transform.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    70
import javax.xml.transform.dom.DOMSource;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    71
import javax.xml.transform.stream.StreamResult;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    72
90ce3da70b43 Initial load
duke
parents:
diff changeset
    73
/**
90ce3da70b43 Initial load
duke
parents:
diff changeset
    74
 * Test that recreates merlin-xmldsig-twenty-three test vectors but with
90ce3da70b43 Initial load
duke
parents:
diff changeset
    75
 * different keys and X.509 data.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    76
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    77
public class GenerationTests {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    78
90ce3da70b43 Initial load
duke
parents:
diff changeset
    79
    private static XMLSignatureFactory fac;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    80
    private static KeyInfoFactory kifac;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    81
    private static DocumentBuilder db;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    82
    private static CanonicalizationMethod withoutComments;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    83
    private static SignatureMethod dsaSha1, rsaSha1, rsaSha256, rsaSha384, rsaSha512;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    84
    private static DigestMethod sha1, sha256, sha384, sha512;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    85
    private static KeyInfo dsa, rsa, rsa1024;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    86
    private static KeySelector kvks = new KeySelectors.KeyValueKeySelector();
90ce3da70b43 Initial load
duke
parents:
diff changeset
    87
    private static KeySelector sks;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    88
    private static Key signingKey;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    89
    private static PublicKey validatingKey;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    90
    private static Certificate signingCert;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    91
    private static KeyStore ks;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    92
    private final static String DIR = System.getProperty("test.src", ".");
1337
e8d6cef36199 6469266: Integrate Apache XMLSec 1.4.2 into JDK 7
mullan
parents: 2
diff changeset
    93
//    private final static String DIR = ".";
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    94
    private final static String DATA_DIR =
90ce3da70b43 Initial load
duke
parents:
diff changeset
    95
        DIR + System.getProperty("file.separator") + "data";
90ce3da70b43 Initial load
duke
parents:
diff changeset
    96
    private final static String KEYSTORE =
90ce3da70b43 Initial load
duke
parents:
diff changeset
    97
        DATA_DIR + System.getProperty("file.separator") + "certs" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
    98
        System.getProperty("file.separator") + "test.jks";
90ce3da70b43 Initial load
duke
parents:
diff changeset
    99
    private final static String CRL =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   100
        DATA_DIR + System.getProperty("file.separator") + "certs" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   101
        System.getProperty("file.separator") + "crl";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   102
    private final static String ENVELOPE =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   103
        DATA_DIR + System.getProperty("file.separator") + "envelope.xml";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   104
    private static URIDereferencer httpUd = null;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   105
    private final static String STYLESHEET =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   106
        "http://www.w3.org/TR/xml-stylesheet";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   107
    private final static String STYLESHEET_B64 =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   108
        "http://www.w3.org/Signature/2002/04/xml-stylesheet.b64";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   109
90ce3da70b43 Initial load
duke
parents:
diff changeset
   110
    public static void main(String args[]) throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   111
        setup();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   112
        test_create_signature_enveloped_dsa();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   113
        test_create_signature_enveloping_b64_dsa();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   114
        test_create_signature_enveloping_dsa();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   115
        test_create_signature_enveloping_hmac_sha1_40();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   116
        test_create_signature_enveloping_hmac_sha256();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   117
        test_create_signature_enveloping_hmac_sha384();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   118
        test_create_signature_enveloping_hmac_sha512();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   119
        test_create_signature_enveloping_rsa();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   120
        test_create_signature_external_b64_dsa();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   121
        test_create_signature_external_dsa();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   122
        test_create_signature_keyname();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   123
        test_create_signature_retrievalmethod_rawx509crt();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   124
        test_create_signature_x509_crt_crl();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   125
        test_create_signature_x509_crt();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   126
        test_create_signature_x509_is();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   127
        test_create_signature_x509_ski();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   128
        test_create_signature_x509_sn();
4506
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   129
        test_create_signature();
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   130
        test_create_exc_signature();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   131
        test_create_sign_spec();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   132
        test_create_signature_enveloping_sha256_dsa();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   133
        test_create_signature_enveloping_sha384_rsa_sha256();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   134
        test_create_signature_enveloping_sha512_rsa_sha384();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   135
        test_create_signature_enveloping_sha512_rsa_sha512();
4506
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   136
        test_create_signature_reference_dependency();
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   137
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   138
90ce3da70b43 Initial load
duke
parents:
diff changeset
   139
    private static void setup() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   140
        fac = XMLSignatureFactory.getInstance();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   141
        kifac = fac.getKeyInfoFactory();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   142
        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   143
        dbf.setNamespaceAware(true);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   144
        db = dbf.newDocumentBuilder();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   145
90ce3da70b43 Initial load
duke
parents:
diff changeset
   146
        // get key & self-signed certificate from keystore
90ce3da70b43 Initial load
duke
parents:
diff changeset
   147
        FileInputStream fis = new FileInputStream(KEYSTORE);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   148
        ks = KeyStore.getInstance("JKS");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   149
        ks.load(fis, "changeit".toCharArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   150
        signingKey = ks.getKey("user", "changeit".toCharArray());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   151
        signingCert = ks.getCertificate("user");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   152
        validatingKey = signingCert.getPublicKey();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   153
90ce3da70b43 Initial load
duke
parents:
diff changeset
   154
        // create common objects
90ce3da70b43 Initial load
duke
parents:
diff changeset
   155
        withoutComments = fac.newCanonicalizationMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   156
            (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   157
        dsaSha1 = fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   158
        sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   159
        sha256 = fac.newDigestMethod(DigestMethod.SHA256, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   160
        sha384 = fac.newDigestMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   161
            ("http://www.w3.org/2001/04/xmldsig-more#sha384", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   162
        sha512 = fac.newDigestMethod(DigestMethod.SHA512, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   163
        dsa = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   164
            (kifac.newKeyValue(validatingKey)));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   165
        rsa = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   166
            (kifac.newKeyValue(getPublicKey("RSA"))));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   167
        rsa1024 = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   168
            (kifac.newKeyValue(getPublicKey("RSA", 1024))));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   169
        rsaSha1 = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   170
        rsaSha256 = fac.newSignatureMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   171
            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   172
        rsaSha384 = fac.newSignatureMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   173
            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   174
        rsaSha512 = fac.newSignatureMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   175
            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   176
        sks = new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   177
90ce3da70b43 Initial load
duke
parents:
diff changeset
   178
        httpUd = new HttpURIDereferencer();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   179
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   180
90ce3da70b43 Initial load
duke
parents:
diff changeset
   181
    static void test_create_signature_enveloped_dsa() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   182
        System.out.println("* Generating signature-enveloped-dsa.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   183
        // create SignedInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   184
        SignedInfo si = fac.newSignedInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   185
            (withoutComments, dsaSha1, Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   186
                (fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   187
                    ("", sha1, Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   188
                        (fac.newTransform(Transform.ENVELOPED,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   189
                            (TransformParameterSpec) null)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   190
                 null, null)));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   191
90ce3da70b43 Initial load
duke
parents:
diff changeset
   192
        // create XMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   193
        XMLSignature sig = fac.newXMLSignature(si, dsa);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   194
90ce3da70b43 Initial load
duke
parents:
diff changeset
   195
        Document doc = db.newDocument();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   196
        Element envelope = doc.createElementNS
90ce3da70b43 Initial load
duke
parents:
diff changeset
   197
            ("http://example.org/envelope", "Envelope");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   198
        envelope.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   199
            "xmlns", "http://example.org/envelope");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   200
        doc.appendChild(envelope);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   201
90ce3da70b43 Initial load
duke
parents:
diff changeset
   202
        DOMSignContext dsc = new DOMSignContext(signingKey, envelope);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   203
90ce3da70b43 Initial load
duke
parents:
diff changeset
   204
        sig.sign(dsc);
1337
e8d6cef36199 6469266: Integrate Apache XMLSec 1.4.2 into JDK 7
mullan
parents: 2
diff changeset
   205
//      StringWriter sw = new StringWriter();
e8d6cef36199 6469266: Integrate Apache XMLSec 1.4.2 into JDK 7
mullan
parents: 2
diff changeset
   206
//      dumpDocument(doc, sw);
e8d6cef36199 6469266: Integrate Apache XMLSec 1.4.2 into JDK 7
mullan
parents: 2
diff changeset
   207
//      System.out.println(sw.toString());
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   208
90ce3da70b43 Initial load
duke
parents:
diff changeset
   209
        DOMValidateContext dvc = new DOMValidateContext
90ce3da70b43 Initial load
duke
parents:
diff changeset
   210
            (kvks, envelope.getFirstChild());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   211
        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   212
90ce3da70b43 Initial load
duke
parents:
diff changeset
   213
        if (sig.equals(sig2) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   214
            throw new Exception
90ce3da70b43 Initial load
duke
parents:
diff changeset
   215
                ("Unmarshalled signature is not equal to generated signature");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   216
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   217
90ce3da70b43 Initial load
duke
parents:
diff changeset
   218
        if (sig2.validate(dvc) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   219
            throw new Exception("Validation of generated signature failed");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   220
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   221
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   222
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   223
90ce3da70b43 Initial load
duke
parents:
diff changeset
   224
    static void test_create_signature_enveloping_b64_dsa() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   225
        System.out.println("* Generating signature-enveloping-b64-dsa.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   226
        test_create_signature_enveloping
90ce3da70b43 Initial load
duke
parents:
diff changeset
   227
            (sha1, dsaSha1, dsa, signingKey, kvks, true);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   228
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   229
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   230
90ce3da70b43 Initial load
duke
parents:
diff changeset
   231
    static void test_create_signature_enveloping_dsa() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   232
        System.out.println("* Generating signature-enveloping-dsa.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   233
        test_create_signature_enveloping
90ce3da70b43 Initial load
duke
parents:
diff changeset
   234
            (sha1, dsaSha1, dsa, signingKey, kvks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   235
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   236
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   237
90ce3da70b43 Initial load
duke
parents:
diff changeset
   238
    static void test_create_signature_enveloping_sha256_dsa() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   239
        System.out.println("* Generating signature-enveloping-sha256-dsa.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   240
        test_create_signature_enveloping
90ce3da70b43 Initial load
duke
parents:
diff changeset
   241
            (sha256, dsaSha1, dsa, signingKey, kvks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   242
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   243
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   244
90ce3da70b43 Initial load
duke
parents:
diff changeset
   245
    static void test_create_signature_enveloping_hmac_sha1_40()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   246
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   247
        System.out.println("* Generating signature-enveloping-hmac-sha1-40.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   248
        SignatureMethod hmacSha1 = fac.newSignatureMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   249
            (SignatureMethod.HMAC_SHA1, new HMACParameterSpec(40));
3462
4477fb399895 6824440: XML Signature HMAC issue
mullan
parents: 1639
diff changeset
   250
        try {
4477fb399895 6824440: XML Signature HMAC issue
mullan
parents: 1639
diff changeset
   251
            test_create_signature_enveloping(sha1, hmacSha1, null,
4477fb399895 6824440: XML Signature HMAC issue
mullan
parents: 1639
diff changeset
   252
                getSecretKey("secret".getBytes("ASCII")), sks, false);
4477fb399895 6824440: XML Signature HMAC issue
mullan
parents: 1639
diff changeset
   253
        } catch (Exception e) {
4477fb399895 6824440: XML Signature HMAC issue
mullan
parents: 1639
diff changeset
   254
            if (!(e instanceof XMLSignatureException)) {
4477fb399895 6824440: XML Signature HMAC issue
mullan
parents: 1639
diff changeset
   255
                throw e;
4477fb399895 6824440: XML Signature HMAC issue
mullan
parents: 1639
diff changeset
   256
            }
4477fb399895 6824440: XML Signature HMAC issue
mullan
parents: 1639
diff changeset
   257
        }
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   258
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   259
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   260
90ce3da70b43 Initial load
duke
parents:
diff changeset
   261
    static void test_create_signature_enveloping_hmac_sha256()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   262
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   263
        System.out.println("* Generating signature-enveloping-hmac-sha256.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   264
        SignatureMethod hmacSha256 = fac.newSignatureMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   265
            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   266
        test_create_signature_enveloping(sha1, hmacSha256, null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   267
            getSecretKey("secret".getBytes("ASCII")), sks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   268
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   269
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   270
90ce3da70b43 Initial load
duke
parents:
diff changeset
   271
    static void test_create_signature_enveloping_hmac_sha384()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   272
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   273
        System.out.println("* Generating signature-enveloping-hmac-sha384.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   274
        SignatureMethod hmacSha384 = fac.newSignatureMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   275
            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   276
        test_create_signature_enveloping(sha1, hmacSha384, null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   277
            getSecretKey("secret".getBytes("ASCII")), sks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   278
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   279
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   280
90ce3da70b43 Initial load
duke
parents:
diff changeset
   281
    static void test_create_signature_enveloping_hmac_sha512()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   282
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   283
        System.out.println("* Generating signature-enveloping-hmac-sha512.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   284
        SignatureMethod hmacSha512 = fac.newSignatureMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   285
            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   286
        test_create_signature_enveloping(sha1, hmacSha512, null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   287
            getSecretKey("secret".getBytes("ASCII")), sks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   288
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   289
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   290
90ce3da70b43 Initial load
duke
parents:
diff changeset
   291
    static void test_create_signature_enveloping_rsa() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   292
        System.out.println("* Generating signature-enveloping-rsa.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   293
        test_create_signature_enveloping(sha1, rsaSha1, rsa,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   294
            getPrivateKey("RSA"), kvks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   295
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   296
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   297
90ce3da70b43 Initial load
duke
parents:
diff changeset
   298
    static void test_create_signature_enveloping_sha384_rsa_sha256()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   299
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   300
        System.out.println("* Generating signature-enveloping-sha384-rsa_sha256.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   301
        test_create_signature_enveloping(sha384, rsaSha256, rsa,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   302
            getPrivateKey("RSA"), kvks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   303
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   304
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   305
90ce3da70b43 Initial load
duke
parents:
diff changeset
   306
    static void test_create_signature_enveloping_sha512_rsa_sha384()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   307
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   308
        System.out.println("* Generating signature-enveloping-sha512-rsa_sha384.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   309
        test_create_signature_enveloping(sha512, rsaSha384, rsa1024,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   310
            getPrivateKey("RSA", 1024), kvks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   311
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   312
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   313
90ce3da70b43 Initial load
duke
parents:
diff changeset
   314
    static void test_create_signature_enveloping_sha512_rsa_sha512()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   315
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   316
        System.out.println("* Generating signature-enveloping-sha512-rsa_sha512.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   317
        test_create_signature_enveloping(sha512, rsaSha512, rsa1024,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   318
            getPrivateKey("RSA", 1024), kvks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   319
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   320
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   321
90ce3da70b43 Initial load
duke
parents:
diff changeset
   322
    static void test_create_signature_external_b64_dsa() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   323
        System.out.println("* Generating signature-external-b64-dsa.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   324
        test_create_signature_external(dsaSha1, dsa, signingKey, kvks, true);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   325
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   326
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   327
90ce3da70b43 Initial load
duke
parents:
diff changeset
   328
    static void test_create_signature_external_dsa() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   329
        System.out.println("* Generating signature-external-dsa.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   330
        test_create_signature_external(dsaSha1, dsa, signingKey, kvks, false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   331
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   332
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   333
90ce3da70b43 Initial load
duke
parents:
diff changeset
   334
    static void test_create_signature_keyname() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   335
        System.out.println("* Generating signature-keyname.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   336
        KeyInfo kn = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   337
            (kifac.newKeyName("user")));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   338
        test_create_signature_external(dsaSha1, kn, signingKey,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   339
            new X509KeySelector(ks), false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   340
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   341
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   342
90ce3da70b43 Initial load
duke
parents:
diff changeset
   343
    static void test_create_signature_retrievalmethod_rawx509crt()
90ce3da70b43 Initial load
duke
parents:
diff changeset
   344
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   345
        System.out.println(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   346
            "* Generating signature-retrievalmethod-rawx509crt.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   347
        KeyInfo rm = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   348
            (kifac.newRetrievalMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   349
            ("certs/user.crt", X509Data.RAW_X509_CERTIFICATE_TYPE, null)));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   350
        test_create_signature_external(dsaSha1, rm, signingKey,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   351
            new X509KeySelector(ks), false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   352
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   353
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   354
90ce3da70b43 Initial load
duke
parents:
diff changeset
   355
    static void test_create_signature_x509_crt_crl() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   356
        System.out.println("* Generating signature-x509-crt-crl.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   357
        List<Object> xds = new ArrayList<Object>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   358
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   359
        xds.add(signingCert);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   360
        FileInputStream fis = new FileInputStream(CRL);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   361
        X509CRL crl = (X509CRL) cf.generateCRL(fis);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   362
        fis.close();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   363
        xds.add(crl);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   364
        KeyInfo crt_crl = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   365
            (kifac.newX509Data(xds)));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   366
90ce3da70b43 Initial load
duke
parents:
diff changeset
   367
        test_create_signature_external(dsaSha1, crt_crl, signingKey,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   368
            new X509KeySelector(ks), false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   369
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   370
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   371
90ce3da70b43 Initial load
duke
parents:
diff changeset
   372
    static void test_create_signature_x509_crt() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   373
        System.out.println("* Generating signature-x509-crt.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   374
        KeyInfo crt = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   375
            (kifac.newX509Data(Collections.singletonList(signingCert))));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   376
90ce3da70b43 Initial load
duke
parents:
diff changeset
   377
        test_create_signature_external(dsaSha1, crt, signingKey,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   378
            new X509KeySelector(ks), false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   379
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   380
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   381
90ce3da70b43 Initial load
duke
parents:
diff changeset
   382
    static void test_create_signature_x509_is() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   383
        System.out.println("* Generating signature-x509-is.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   384
        KeyInfo is = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   385
            (kifac.newX509Data(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   386
            (kifac.newX509IssuerSerial
90ce3da70b43 Initial load
duke
parents:
diff changeset
   387
            ("CN=User", new BigInteger("45ef2729", 16))))));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   388
        test_create_signature_external(dsaSha1, is, signingKey,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   389
            new X509KeySelector(ks), false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   390
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   391
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   392
90ce3da70b43 Initial load
duke
parents:
diff changeset
   393
    static void test_create_signature_x509_ski() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   394
        System.out.println("* Generating signature-x509-ski.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   395
        KeyInfo ski = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   396
            (kifac.newX509Data(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   397
            ("keyid".getBytes("ASCII")))));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   398
90ce3da70b43 Initial load
duke
parents:
diff changeset
   399
        test_create_signature_external(dsaSha1, ski, signingKey,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   400
            KeySelector.singletonKeySelector(validatingKey), false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   401
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   402
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   403
90ce3da70b43 Initial load
duke
parents:
diff changeset
   404
    static void test_create_signature_x509_sn() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   405
        System.out.println("* Generating signature-x509-sn.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   406
        KeyInfo sn = kifac.newKeyInfo(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   407
            (kifac.newX509Data(Collections.singletonList("CN=User"))));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   408
90ce3da70b43 Initial load
duke
parents:
diff changeset
   409
        test_create_signature_external(dsaSha1, sn, signingKey,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   410
            new X509KeySelector(ks), false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   411
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   412
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   413
4506
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   414
    static void test_create_signature_reference_dependency() throws Exception {
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   415
        System.out.println("* Generating signature-reference-dependency.xml");
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   416
        // create references
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   417
        List<Reference> refs = Collections.singletonList
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   418
            (fac.newReference("#object-1", sha1));
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   419
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   420
        // create SignedInfo
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   421
        SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   422
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   423
        // create objects
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   424
        List<XMLStructure> objs = new ArrayList<XMLStructure>();
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   425
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   426
        // Object 1
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   427
        List<Reference> manRefs = Collections.singletonList
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   428
            (fac.newReference("#object-2", sha1));
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   429
        objs.add(fac.newXMLObject(Collections.singletonList
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   430
            (fac.newManifest(manRefs, "manifest-1")), "object-1", null, null));
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   431
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   432
        // Object 2
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   433
        Document doc = db.newDocument();
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   434
        Element nc = doc.createElementNS(null, "NonCommentandus");
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   435
        nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   436
        nc.appendChild(doc.createComment(" Commentandum "));
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   437
        objs.add(fac.newXMLObject(Collections.singletonList
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   438
            (new DOMStructure(nc)), "object-2", null, null));
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   439
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   440
        // create XMLSignature
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   441
        XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null);
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   442
        DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc);
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   443
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   444
        sig.sign(dsc);
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   445
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   446
//      dumpDocument(doc, new PrintWriter(System.out));
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   447
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   448
        DOMValidateContext dvc = new DOMValidateContext
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   449
            (kvks, doc.getDocumentElement());
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   450
        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   451
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   452
        if (sig.equals(sig2) == false) {
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   453
            throw new Exception
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   454
                ("Unmarshalled signature is not equal to generated signature");
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   455
        }
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   456
        if (sig2.validate(dvc) == false) {
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   457
            throw new Exception("Validation of generated signature failed");
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   458
        }
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   459
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   460
        System.out.println();
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   461
    }
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   462
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   463
    static void test_create_signature() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   464
        System.out.println("* Generating signature.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   465
90ce3da70b43 Initial load
duke
parents:
diff changeset
   466
        // create references
90ce3da70b43 Initial load
duke
parents:
diff changeset
   467
        List<Reference> refs = new ArrayList<Reference>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   468
90ce3da70b43 Initial load
duke
parents:
diff changeset
   469
        // Reference 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
   470
        refs.add(fac.newReference(STYLESHEET, sha1));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   471
90ce3da70b43 Initial load
duke
parents:
diff changeset
   472
        // Reference 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   473
        refs.add(fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   474
            (STYLESHEET_B64,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   475
            sha1, Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   476
            (fac.newTransform(Transform.BASE64,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   477
                (TransformParameterSpec) null)), null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   478
90ce3da70b43 Initial load
duke
parents:
diff changeset
   479
        // Reference 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
   480
        refs.add(fac.newReference("#object-1", sha1, Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   481
            (fac.newTransform(Transform.XPATH,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   482
            new XPathFilterParameterSpec("self::text()"))),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   483
            XMLObject.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   484
90ce3da70b43 Initial load
duke
parents:
diff changeset
   485
        // Reference 4
90ce3da70b43 Initial load
duke
parents:
diff changeset
   486
        String expr = "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   487
          + " ancestor-or-self::dsig:SignedInfo                  " + "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   488
          + "  and                                               " + "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   489
          + " count(ancestor-or-self::dsig:Reference |           " + "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   490
          + "      here()/ancestor::dsig:Reference[1]) >         " + "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   491
          + " count(ancestor-or-self::dsig:Reference)            " + "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   492
          + "  or                                                " + "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   493
          + " count(ancestor-or-self::node() |                   " + "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   494
          + "      id('notaries')) =                             " + "\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   495
          + " count(ancestor-or-self::node())                    " + "\n";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   496
90ce3da70b43 Initial load
duke
parents:
diff changeset
   497
        XPathFilterParameterSpec xfp = new XPathFilterParameterSpec(expr,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   498
            Collections.singletonMap("dsig", XMLSignature.XMLNS));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   499
        refs.add(fac.newReference("", sha1, Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   500
            (fac.newTransform(Transform.XPATH, xfp)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   501
            XMLObject.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   502
90ce3da70b43 Initial load
duke
parents:
diff changeset
   503
        // Reference 5
90ce3da70b43 Initial load
duke
parents:
diff changeset
   504
        refs.add(fac.newReference("#object-2", sha1, Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   505
            (fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   506
                (Transform.BASE64, (TransformParameterSpec) null)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   507
            XMLObject.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   508
90ce3da70b43 Initial load
duke
parents:
diff changeset
   509
        // Reference 6
90ce3da70b43 Initial load
duke
parents:
diff changeset
   510
        refs.add(fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   511
            ("#manifest-1", sha1, null, Manifest.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   512
90ce3da70b43 Initial load
duke
parents:
diff changeset
   513
        // Reference 7
90ce3da70b43 Initial load
duke
parents:
diff changeset
   514
        refs.add(fac.newReference("#signature-properties-1", sha1, null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   515
            SignatureProperties.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   516
90ce3da70b43 Initial load
duke
parents:
diff changeset
   517
        // Reference 8
90ce3da70b43 Initial load
duke
parents:
diff changeset
   518
        List<Transform> transforms = new ArrayList<Transform>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   519
        transforms.add(fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   520
            (Transform.ENVELOPED, (TransformParameterSpec) null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   521
        refs.add(fac.newReference("", sha1, transforms, null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   522
90ce3da70b43 Initial load
duke
parents:
diff changeset
   523
        // Reference 9
90ce3da70b43 Initial load
duke
parents:
diff changeset
   524
        transforms.add(fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   525
            (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   526
                (TransformParameterSpec) null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   527
        refs.add(fac.newReference("", sha1, transforms, null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   528
90ce3da70b43 Initial load
duke
parents:
diff changeset
   529
        // Reference 10
90ce3da70b43 Initial load
duke
parents:
diff changeset
   530
        Transform env = fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   531
            (Transform.ENVELOPED, (TransformParameterSpec) null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   532
        refs.add(fac.newReference("#xpointer(/)",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   533
            sha1, Collections.singletonList(env), null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   534
90ce3da70b43 Initial load
duke
parents:
diff changeset
   535
        // Reference 11
90ce3da70b43 Initial load
duke
parents:
diff changeset
   536
        transforms.clear();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   537
        transforms.add(fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   538
            (Transform.ENVELOPED, (TransformParameterSpec) null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   539
        transforms.add(fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   540
            (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   541
             (TransformParameterSpec) null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   542
        refs.add(fac.newReference("#xpointer(/)", sha1, transforms,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   543
            null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   544
90ce3da70b43 Initial load
duke
parents:
diff changeset
   545
        // Reference 12
90ce3da70b43 Initial load
duke
parents:
diff changeset
   546
        refs.add
90ce3da70b43 Initial load
duke
parents:
diff changeset
   547
            (fac.newReference("#object-3", sha1, null, XMLObject.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   548
90ce3da70b43 Initial load
duke
parents:
diff changeset
   549
        // Reference 13
90ce3da70b43 Initial load
duke
parents:
diff changeset
   550
        Transform withComments = fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   551
            (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   552
             (TransformParameterSpec) null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   553
        refs.add(fac.newReference("#object-3", sha1,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   554
            Collections.singletonList(withComments), XMLObject.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   555
90ce3da70b43 Initial load
duke
parents:
diff changeset
   556
        // Reference 14
90ce3da70b43 Initial load
duke
parents:
diff changeset
   557
        refs.add(fac.newReference("#xpointer(id('object-3'))", sha1, null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   558
            XMLObject.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   559
90ce3da70b43 Initial load
duke
parents:
diff changeset
   560
        // Reference 15
90ce3da70b43 Initial load
duke
parents:
diff changeset
   561
        withComments = fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   562
            (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   563
             (TransformParameterSpec) null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   564
        refs.add(fac.newReference("#xpointer(id('object-3'))", sha1,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   565
            Collections.singletonList(withComments), XMLObject.TYPE, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   566
90ce3da70b43 Initial load
duke
parents:
diff changeset
   567
        // Reference 16
90ce3da70b43 Initial load
duke
parents:
diff changeset
   568
        refs.add(fac.newReference("#reference-2", sha1));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   569
90ce3da70b43 Initial load
duke
parents:
diff changeset
   570
        // Reference 17
90ce3da70b43 Initial load
duke
parents:
diff changeset
   571
        refs.add(fac.newReference("#manifest-reference-1", sha1, null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   572
            null, "reference-1"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   573
90ce3da70b43 Initial load
duke
parents:
diff changeset
   574
        // Reference 18
90ce3da70b43 Initial load
duke
parents:
diff changeset
   575
        refs.add(fac.newReference("#reference-1", sha1, null, null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   576
            "reference-2"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   577
90ce3da70b43 Initial load
duke
parents:
diff changeset
   578
        // create SignedInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   579
        SignedInfo si = fac.newSignedInfo(withoutComments, dsaSha1, refs);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   580
90ce3da70b43 Initial load
duke
parents:
diff changeset
   581
        // create keyinfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   582
        XPathFilterParameterSpec xpf = new XPathFilterParameterSpec(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   583
            "ancestor-or-self::dsig:X509Data",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   584
            Collections.singletonMap("dsig", XMLSignature.XMLNS));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   585
        RetrievalMethod rm = kifac.newRetrievalMethod("#object-4",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   586
            X509Data.TYPE, Collections.singletonList(fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   587
            (Transform.XPATH, xpf)));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   588
        KeyInfo ki = kifac.newKeyInfo(Collections.singletonList(rm), null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   589
90ce3da70b43 Initial load
duke
parents:
diff changeset
   590
        Document doc = db.newDocument();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   591
90ce3da70b43 Initial load
duke
parents:
diff changeset
   592
        // create objects
90ce3da70b43 Initial load
duke
parents:
diff changeset
   593
        List<XMLStructure> objs = new ArrayList<XMLStructure>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   594
90ce3da70b43 Initial load
duke
parents:
diff changeset
   595
        // Object 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
   596
        objs.add(fac.newXMLObject(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   597
            (new DOMStructure(doc.createTextNode("I am the text."))),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   598
            "object-1", "text/plain", null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   599
90ce3da70b43 Initial load
duke
parents:
diff changeset
   600
        // Object 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   601
        objs.add(fac.newXMLObject(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   602
            (new DOMStructure(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="))),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   603
            "object-2", "text/plain", Transform.BASE64));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   604
90ce3da70b43 Initial load
duke
parents:
diff changeset
   605
        // Object 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
   606
        Element nc = doc.createElementNS(null, "NonCommentandus");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   607
        nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   608
        nc.appendChild(doc.createComment(" Commentandum "));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   609
        objs.add(fac.newXMLObject(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   610
            (new DOMStructure(nc)), "object-3", null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   611
90ce3da70b43 Initial load
duke
parents:
diff changeset
   612
        // Manifest
90ce3da70b43 Initial load
duke
parents:
diff changeset
   613
        List<Reference> manRefs = new ArrayList<Reference>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   614
90ce3da70b43 Initial load
duke
parents:
diff changeset
   615
        // Manifest Reference 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
   616
        manRefs.add(fac.newReference(STYLESHEET,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   617
            sha1, null, null, "manifest-reference-1"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   618
90ce3da70b43 Initial load
duke
parents:
diff changeset
   619
        // Manifest Reference 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   620
        manRefs.add(fac.newReference("#reference-1", sha1));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   621
90ce3da70b43 Initial load
duke
parents:
diff changeset
   622
        // Manifest Reference 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
   623
        List<Transform> manTrans = new ArrayList<Transform>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   624
        String xslt = ""
90ce3da70b43 Initial load
duke
parents:
diff changeset
   625
          + "<xsl:stylesheet xmlns:xsl='http://www.w3.org/1999/XSL/Transform'\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   626
          + "            xmlns='http://www.w3.org/TR/xhtml1/strict' \n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   627
          + "            exclude-result-prefixes='foo' \n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   628
          + "            version='1.0'>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   629
          + "  <xsl:output encoding='UTF-8' \n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   630
          + "           indent='no' \n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   631
          + "           method='xml' />\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   632
          + "  <xsl:template match='/'>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   633
          + "    <html>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   634
          + "   <head>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   635
          + "    <title>Notaries</title>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   636
          + "   </head>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   637
          + "   <body>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   638
          + "    <table>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   639
          + "      <xsl:for-each select='Notaries/Notary'>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   640
          + "           <tr>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   641
          + "           <th>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   642
          + "            <xsl:value-of select='@name' />\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   643
          + "           </th>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   644
          + "           </tr>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   645
          + "      </xsl:for-each>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   646
          + "    </table>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   647
          + "   </body>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   648
          + "    </html>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   649
          + "  </xsl:template>\n"
90ce3da70b43 Initial load
duke
parents:
diff changeset
   650
          + "</xsl:stylesheet>\n";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   651
        Document docxslt = db.parse(new ByteArrayInputStream(xslt.getBytes()));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   652
        Node xslElem = docxslt.getDocumentElement();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   653
90ce3da70b43 Initial load
duke
parents:
diff changeset
   654
        manTrans.add(fac.newTransform(Transform.XSLT,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   655
            new XSLTTransformParameterSpec(new DOMStructure(xslElem))));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   656
        manTrans.add(fac.newTransform(CanonicalizationMethod.INCLUSIVE,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   657
            (TransformParameterSpec) null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   658
        manRefs.add(fac.newReference("#notaries", sha1, manTrans, null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   659
90ce3da70b43 Initial load
duke
parents:
diff changeset
   660
        objs.add(fac.newXMLObject(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   661
            (fac.newManifest(manRefs, "manifest-1")), null, null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   662
90ce3da70b43 Initial load
duke
parents:
diff changeset
   663
        // SignatureProperties
90ce3da70b43 Initial load
duke
parents:
diff changeset
   664
        Element sa = doc.createElementNS("urn:demo", "SignerAddress");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   665
        sa.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "urn:demo");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   666
        Element ip = doc.createElementNS("urn:demo", "IP");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   667
        ip.appendChild(doc.createTextNode("192.168.21.138"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   668
        sa.appendChild(ip);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   669
        SignatureProperty sp = fac.newSignatureProperty
90ce3da70b43 Initial load
duke
parents:
diff changeset
   670
            (Collections.singletonList(new DOMStructure(sa)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   671
            "#signature", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   672
        SignatureProperties sps = fac.newSignatureProperties
90ce3da70b43 Initial load
duke
parents:
diff changeset
   673
            (Collections.singletonList(sp), "signature-properties-1");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   674
        objs.add(fac.newXMLObject(Collections.singletonList(sps), null,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   675
            null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   676
90ce3da70b43 Initial load
duke
parents:
diff changeset
   677
        // Object 4
90ce3da70b43 Initial load
duke
parents:
diff changeset
   678
        List<Object> xds = new ArrayList<Object>();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   679
        xds.add("CN=User");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   680
        xds.add(kifac.newX509IssuerSerial
90ce3da70b43 Initial load
duke
parents:
diff changeset
   681
            ("CN=User", new BigInteger("45ef2729", 16)));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   682
        xds.add(signingCert);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   683
        objs.add(fac.newXMLObject(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   684
            (kifac.newX509Data(xds)), "object-4", null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   685
90ce3da70b43 Initial load
duke
parents:
diff changeset
   686
        // create XMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   687
        XMLSignature sig = fac.newXMLSignature(si, ki, objs, "signature", null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   688
90ce3da70b43 Initial load
duke
parents:
diff changeset
   689
        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   690
        dbf.setNamespaceAware(true);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   691
        dbf.setValidating(false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   692
        Document envDoc = dbf.newDocumentBuilder().parse
90ce3da70b43 Initial load
duke
parents:
diff changeset
   693
            (new FileInputStream(ENVELOPE));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   694
        Element ys = (Element)
90ce3da70b43 Initial load
duke
parents:
diff changeset
   695
            envDoc.getElementsByTagName("YoursSincerely").item(0);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   696
90ce3da70b43 Initial load
duke
parents:
diff changeset
   697
        DOMSignContext dsc = new DOMSignContext(signingKey, ys);
4506
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   698
        dsc.setURIDereferencer(httpUd);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   699
90ce3da70b43 Initial load
duke
parents:
diff changeset
   700
        sig.sign(dsc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   701
90ce3da70b43 Initial load
duke
parents:
diff changeset
   702
//      StringWriter sw = new StringWriter();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   703
//        dumpDocument(envDoc, sw);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   704
90ce3da70b43 Initial load
duke
parents:
diff changeset
   705
        NodeList nl =
90ce3da70b43 Initial load
duke
parents:
diff changeset
   706
            envDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   707
        if (nl.getLength() == 0) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   708
            throw new Exception("Couldn't find signature Element");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   709
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   710
        Element sigElement = (Element) nl.item(0);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   711
90ce3da70b43 Initial load
duke
parents:
diff changeset
   712
        DOMValidateContext dvc = new DOMValidateContext
90ce3da70b43 Initial load
duke
parents:
diff changeset
   713
            (new X509KeySelector(ks), sigElement);
4506
402b248b41de 6867348: Digest Value of References inside Manifest - calculation order problem
mullan
parents: 3462
diff changeset
   714
        dvc.setURIDereferencer(httpUd);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   715
        File f = new File(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   716
            System.getProperty("dir.test.vector.baltimore") +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   717
            System.getProperty("file.separator") +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   718
            "merlin-xmldsig-twenty-three" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
   719
            System.getProperty("file.separator"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   720
        dvc.setBaseURI(f.toURI().toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   721
90ce3da70b43 Initial load
duke
parents:
diff changeset
   722
        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   723
90ce3da70b43 Initial load
duke
parents:
diff changeset
   724
        if (sig.equals(sig2) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   725
            throw new Exception
90ce3da70b43 Initial load
duke
parents:
diff changeset
   726
                ("Unmarshalled signature is not equal to generated signature");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   727
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   728
        if (sig2.validate(dvc) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   729
            throw new Exception("Validation of generated signature failed");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   730
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   731
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   732
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   733
90ce3da70b43 Initial load
duke
parents:
diff changeset
   734
    private static void dumpDocument(Document doc, Writer w) throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   735
        TransformerFactory tf = TransformerFactory.newInstance();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   736
        Transformer trans = tf.newTransformer();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   737
//      trans.setOutputProperty(OutputKeys.INDENT, "yes");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   738
        trans.transform(new DOMSource(doc), new StreamResult(w));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   739
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   740
90ce3da70b43 Initial load
duke
parents:
diff changeset
   741
    private static void test_create_signature_external
90ce3da70b43 Initial load
duke
parents:
diff changeset
   742
        (SignatureMethod sm, KeyInfo ki, Key signingKey, KeySelector ks,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   743
        boolean b64) throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   744
90ce3da70b43 Initial load
duke
parents:
diff changeset
   745
        // create reference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   746
        Reference ref;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   747
        if (b64) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   748
            ref = fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   749
                (STYLESHEET_B64,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   750
                sha1, Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   751
                (fac.newTransform(Transform.BASE64,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   752
                 (TransformParameterSpec) null)), null, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   753
        } else {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   754
            ref = fac.newReference(STYLESHEET, sha1);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   755
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   756
90ce3da70b43 Initial load
duke
parents:
diff changeset
   757
        // create SignedInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   758
        SignedInfo si = fac.newSignedInfo(withoutComments, sm,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   759
            Collections.singletonList(ref));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   760
90ce3da70b43 Initial load
duke
parents:
diff changeset
   761
        Document doc = db.newDocument();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   762
90ce3da70b43 Initial load
duke
parents:
diff changeset
   763
        // create XMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   764
        XMLSignature sig = fac.newXMLSignature(si, ki);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   765
90ce3da70b43 Initial load
duke
parents:
diff changeset
   766
        DOMSignContext dsc = new DOMSignContext(signingKey, doc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   767
        dsc.setURIDereferencer(httpUd);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   768
90ce3da70b43 Initial load
duke
parents:
diff changeset
   769
        sig.sign(dsc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   770
90ce3da70b43 Initial load
duke
parents:
diff changeset
   771
        DOMValidateContext dvc = new DOMValidateContext
90ce3da70b43 Initial load
duke
parents:
diff changeset
   772
            (ks, doc.getDocumentElement());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   773
        File f = new File(DATA_DIR);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   774
        dvc.setBaseURI(f.toURI().toString());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   775
        dvc.setURIDereferencer(httpUd);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   776
90ce3da70b43 Initial load
duke
parents:
diff changeset
   777
        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   778
90ce3da70b43 Initial load
duke
parents:
diff changeset
   779
        if (sig.equals(sig2) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   780
            throw new Exception
90ce3da70b43 Initial load
duke
parents:
diff changeset
   781
                ("Unmarshalled signature is not equal to generated signature");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   782
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   783
        if (sig2.validate(dvc) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   784
            throw new Exception("Validation of generated signature failed");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   785
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   786
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   787
90ce3da70b43 Initial load
duke
parents:
diff changeset
   788
    private static void test_create_signature_enveloping
90ce3da70b43 Initial load
duke
parents:
diff changeset
   789
        (DigestMethod dm, SignatureMethod sm, KeyInfo ki, Key signingKey,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   790
         KeySelector ks, boolean b64) throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   791
90ce3da70b43 Initial load
duke
parents:
diff changeset
   792
        // create reference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   793
        Reference ref;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   794
        if (b64) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   795
            ref = fac.newReference("#object", dm, Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   796
                (fac.newTransform(Transform.BASE64,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   797
                 (TransformParameterSpec) null)), null, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   798
        } else {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   799
            ref = fac.newReference("#object", dm);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   800
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   801
90ce3da70b43 Initial load
duke
parents:
diff changeset
   802
        // create SignedInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   803
        SignedInfo si = fac.newSignedInfo(withoutComments, sm,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   804
            Collections.singletonList(ref));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   805
90ce3da70b43 Initial load
duke
parents:
diff changeset
   806
        Document doc = db.newDocument();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   807
        // create Objects
90ce3da70b43 Initial load
duke
parents:
diff changeset
   808
        String text = b64 ? "c29tZSB0ZXh0" : "some text";
90ce3da70b43 Initial load
duke
parents:
diff changeset
   809
        XMLObject obj = fac.newXMLObject(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   810
            (new DOMStructure(doc.createTextNode(text))),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   811
            "object", null, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   812
90ce3da70b43 Initial load
duke
parents:
diff changeset
   813
        // create XMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   814
        XMLSignature sig = fac.newXMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   815
            (si, ki, Collections.singletonList(obj), null, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   816
90ce3da70b43 Initial load
duke
parents:
diff changeset
   817
        DOMSignContext dsc = new DOMSignContext(signingKey, doc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   818
90ce3da70b43 Initial load
duke
parents:
diff changeset
   819
        sig.sign(dsc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   820
90ce3da70b43 Initial load
duke
parents:
diff changeset
   821
//        dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   822
90ce3da70b43 Initial load
duke
parents:
diff changeset
   823
        DOMValidateContext dvc = new DOMValidateContext
90ce3da70b43 Initial load
duke
parents:
diff changeset
   824
            (ks, doc.getDocumentElement());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   825
        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   826
90ce3da70b43 Initial load
duke
parents:
diff changeset
   827
        if (sig.equals(sig2) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   828
            throw new Exception
90ce3da70b43 Initial load
duke
parents:
diff changeset
   829
                ("Unmarshalled signature is not equal to generated signature");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   830
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   831
        if (sig2.validate(dvc) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   832
            throw new Exception("Validation of generated signature failed");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   833
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   834
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   835
90ce3da70b43 Initial load
duke
parents:
diff changeset
   836
    static void test_create_exc_signature() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   837
        System.out.println("* Generating exc_signature.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   838
        List<Reference> refs = new ArrayList<Reference>(4);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   839
90ce3da70b43 Initial load
duke
parents:
diff changeset
   840
        // create reference 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
   841
        refs.add(fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   842
            ("#xpointer(id('to-be-signed'))",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   843
             fac.newDigestMethod(DigestMethod.SHA1, null),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   844
             Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   845
                (fac.newTransform(CanonicalizationMethod.EXCLUSIVE,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   846
                 (TransformParameterSpec) null)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   847
             null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   848
90ce3da70b43 Initial load
duke
parents:
diff changeset
   849
        // create reference 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   850
        List<String> prefixList = new ArrayList<String>(2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   851
        prefixList.add("bar");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   852
        prefixList.add("#default");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   853
        ExcC14NParameterSpec params = new ExcC14NParameterSpec(prefixList);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   854
        refs.add(fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   855
            ("#xpointer(id('to-be-signed'))",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   856
             fac.newDigestMethod(DigestMethod.SHA1, null),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   857
             Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   858
                (fac.newTransform(CanonicalizationMethod.EXCLUSIVE, params)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   859
             null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   860
90ce3da70b43 Initial load
duke
parents:
diff changeset
   861
        // create reference 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
   862
        refs.add(fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   863
            ("#xpointer(id('to-be-signed'))",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   864
             fac.newDigestMethod(DigestMethod.SHA1, null),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   865
             Collections.singletonList(fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   866
                (CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   867
                 (TransformParameterSpec) null)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   868
             null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   869
90ce3da70b43 Initial load
duke
parents:
diff changeset
   870
        // create reference 4
90ce3da70b43 Initial load
duke
parents:
diff changeset
   871
        prefixList = new ArrayList<String>(2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   872
        prefixList.add("bar");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   873
        prefixList.add("#default");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   874
        params = new ExcC14NParameterSpec(prefixList);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   875
        refs.add(fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   876
            ("#xpointer(id('to-be-signed'))",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   877
             fac.newDigestMethod(DigestMethod.SHA1, null),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   878
             Collections.singletonList(fac.newTransform
90ce3da70b43 Initial load
duke
parents:
diff changeset
   879
                (CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, params)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   880
             null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   881
90ce3da70b43 Initial load
duke
parents:
diff changeset
   882
        // create SignedInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   883
        SignedInfo si = fac.newSignedInfo(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   884
            fac.newCanonicalizationMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   885
                (CanonicalizationMethod.EXCLUSIVE,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   886
                 (C14NMethodParameterSpec) null),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   887
            fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   888
90ce3da70b43 Initial load
duke
parents:
diff changeset
   889
        // create KeyInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   890
        List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   891
        kits.add(kifac.newKeyValue(validatingKey));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   892
        KeyInfo ki = kifac.newKeyInfo(kits);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   893
90ce3da70b43 Initial load
duke
parents:
diff changeset
   894
        // create Objects
90ce3da70b43 Initial load
duke
parents:
diff changeset
   895
        Document doc = db.newDocument();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   896
        Element baz = doc.createElementNS("urn:bar", "bar:Baz");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   897
        Comment com = doc.createComment(" comment ");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   898
        baz.appendChild(com);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   899
        XMLObject obj = fac.newXMLObject(Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   900
            (new DOMStructure(baz)), "to-be-signed", null, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   901
90ce3da70b43 Initial load
duke
parents:
diff changeset
   902
        // create XMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   903
        XMLSignature sig = fac.newXMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   904
            (si, ki, Collections.singletonList(obj), null, null);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   905
90ce3da70b43 Initial load
duke
parents:
diff changeset
   906
        Element foo = doc.createElementNS("urn:foo", "Foo");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   907
        foo.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "urn:foo");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   908
        foo.setAttributeNS
90ce3da70b43 Initial load
duke
parents:
diff changeset
   909
            ("http://www.w3.org/2000/xmlns/", "xmlns:bar", "urn:bar");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   910
        doc.appendChild(foo);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   911
90ce3da70b43 Initial load
duke
parents:
diff changeset
   912
        DOMSignContext dsc = new DOMSignContext(signingKey, foo);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   913
        dsc.putNamespacePrefix(XMLSignature.XMLNS, "dsig");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   914
90ce3da70b43 Initial load
duke
parents:
diff changeset
   915
        sig.sign(dsc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   916
90ce3da70b43 Initial load
duke
parents:
diff changeset
   917
//      dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   918
90ce3da70b43 Initial load
duke
parents:
diff changeset
   919
        DOMValidateContext dvc = new DOMValidateContext
90ce3da70b43 Initial load
duke
parents:
diff changeset
   920
            (new KeySelectors.KeyValueKeySelector(), foo.getLastChild());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   921
        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   922
90ce3da70b43 Initial load
duke
parents:
diff changeset
   923
        if (sig.equals(sig2) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   924
            throw new Exception
90ce3da70b43 Initial load
duke
parents:
diff changeset
   925
                ("Unmarshalled signature is not equal to generated signature");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   926
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   927
        if (sig2.validate(dvc) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   928
            throw new Exception("Validation of generated signature failed");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   929
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   930
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   931
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   932
90ce3da70b43 Initial load
duke
parents:
diff changeset
   933
    static void test_create_sign_spec() throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   934
        System.out.println("* Generating sign-spec.xml");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   935
        List<Reference> refs = new ArrayList<Reference>(2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   936
90ce3da70b43 Initial load
duke
parents:
diff changeset
   937
        // create reference 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
   938
        List<XPathType> types = new ArrayList<XPathType>(3);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   939
        types.add(new XPathType(" //ToBeSigned ", XPathType.Filter.INTERSECT));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   940
        types.add(new XPathType(" //NotToBeSigned ",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   941
            XPathType.Filter.SUBTRACT));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   942
        types.add(new XPathType(" //ReallyToBeSigned ",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   943
            XPathType.Filter.UNION));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   944
        XPathFilter2ParameterSpec xp1 = new XPathFilter2ParameterSpec(types);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   945
        refs.add(fac.newReference
90ce3da70b43 Initial load
duke
parents:
diff changeset
   946
            ("", fac.newDigestMethod(DigestMethod.SHA1, null),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   947
             Collections.singletonList(fac.newTransform(Transform.XPATH2, xp1)),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   948
             null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   949
90ce3da70b43 Initial load
duke
parents:
diff changeset
   950
        // create reference 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   951
        List<Transform> trans2 = new ArrayList<Transform>(2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   952
        trans2.add(fac.newTransform(Transform.ENVELOPED,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   953
            (TransformParameterSpec) null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   954
        XPathFilter2ParameterSpec xp2 = new XPathFilter2ParameterSpec
90ce3da70b43 Initial load
duke
parents:
diff changeset
   955
            (Collections.singletonList
90ce3da70b43 Initial load
duke
parents:
diff changeset
   956
                (new XPathType(" / ", XPathType.Filter.UNION)));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   957
        trans2.add(fac.newTransform(Transform.XPATH2, xp2));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   958
        refs.add(fac.newReference("#signature-value",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   959
            fac.newDigestMethod(DigestMethod.SHA1, null), trans2, null, null));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   960
90ce3da70b43 Initial load
duke
parents:
diff changeset
   961
        // create SignedInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   962
        SignedInfo si = fac.newSignedInfo(
90ce3da70b43 Initial load
duke
parents:
diff changeset
   963
            fac.newCanonicalizationMethod
90ce3da70b43 Initial load
duke
parents:
diff changeset
   964
                (CanonicalizationMethod.INCLUSIVE,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   965
                 (C14NMethodParameterSpec) null),
90ce3da70b43 Initial load
duke
parents:
diff changeset
   966
            fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   967
90ce3da70b43 Initial load
duke
parents:
diff changeset
   968
        // create KeyInfo
90ce3da70b43 Initial load
duke
parents:
diff changeset
   969
        List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   970
        kits.add(kifac.newKeyValue(validatingKey));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   971
        List<Object> xds = new ArrayList<Object>(2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   972
        xds.add("CN=User");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   973
        xds.add(signingCert);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   974
        kits.add(kifac.newX509Data(xds));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   975
        KeyInfo ki = kifac.newKeyInfo(kits);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   976
90ce3da70b43 Initial load
duke
parents:
diff changeset
   977
        // create XMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   978
        XMLSignature sig = fac.newXMLSignature
90ce3da70b43 Initial load
duke
parents:
diff changeset
   979
            (si, ki, null, null, "signature-value");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   980
90ce3da70b43 Initial load
duke
parents:
diff changeset
   981
        Document doc = db.newDocument();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   982
        Element tbs1 = doc.createElementNS(null, "ToBeSigned");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   983
        Comment tbs1Com = doc.createComment(" comment ");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   984
        Element tbs1Data = doc.createElementNS(null, "Data");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   985
        Element tbs1ntbs = doc.createElementNS(null, "NotToBeSigned");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   986
        Element tbs1rtbs = doc.createElementNS(null, "ReallyToBeSigned");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   987
        Comment tbs1rtbsCom = doc.createComment(" comment ");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   988
        Element tbs1rtbsData = doc.createElementNS(null, "Data");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   989
        tbs1rtbs.appendChild(tbs1rtbsCom);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   990
        tbs1rtbs.appendChild(tbs1rtbsData);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   991
        tbs1ntbs.appendChild(tbs1rtbs);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   992
        tbs1.appendChild(tbs1Com);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   993
        tbs1.appendChild(tbs1Data);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   994
        tbs1.appendChild(tbs1ntbs);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   995
90ce3da70b43 Initial load
duke
parents:
diff changeset
   996
        Element tbs2 = doc.createElementNS(null, "ToBeSigned");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   997
        Element tbs2Data = doc.createElementNS(null, "Data");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   998
        Element tbs2ntbs = doc.createElementNS(null, "NotToBeSigned");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   999
        Element tbs2ntbsData = doc.createElementNS(null, "Data");
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1000
        tbs2ntbs.appendChild(tbs2ntbsData);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1001
        tbs2.appendChild(tbs2Data);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1002
        tbs2.appendChild(tbs2ntbs);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1003
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1004
        Element document = doc.createElementNS(null, "Document");
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1005
        document.appendChild(tbs1);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1006
        document.appendChild(tbs2);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1007
        doc.appendChild(document);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1008
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1009
        DOMSignContext dsc = new DOMSignContext(signingKey, document);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1010
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1011
        sig.sign(dsc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1012
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1013
//      dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1014
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1015
        DOMValidateContext dvc = new DOMValidateContext
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1016
            (new KeySelectors.KeyValueKeySelector(), document.getLastChild());
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1017
        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1018
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1019
        if (sig.equals(sig2) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1020
            throw new Exception
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1021
                ("Unmarshalled signature is not equal to generated signature");
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1022
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1023
        if (sig2.validate(dvc) == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1024
            throw new Exception("Validation of generated signature failed");
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1025
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1026
        System.out.println();
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1027
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1028
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1029
    private static final String DSA_Y =
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1030
        "070662842167565771936588335128634396171789331656318483584455493822" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1031
        "400811200853331373030669235424928346190274044631949560438023934623" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1032
        "71310375123430985057160";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1033
    private static final String DSA_P =
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1034
        "013232376895198612407547930718267435757728527029623408872245156039" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1035
        "757713029036368719146452186041204237350521785240337048752071462798" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1036
        "273003935646236777459223";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1037
    private static final String DSA_Q =
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1038
        "0857393771208094202104259627990318636601332086981";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1039
    private static final String DSA_G =
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1040
        "054216440574364751416096484883257051280474283943804743768346673007" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1041
        "661082626139005426812890807137245973106730741193551360857959820973" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1042
        "90670890367185141189796";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1043
    private static final String DSA_X =
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1044
        "0527140396812450214498055937934275626078768840117";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1045
    private static final String RSA_MOD =
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1046
        "010800185049102889923150759252557522305032794699952150943573164381" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1047
        "936603255999071981574575044810461362008102247767482738822150129277" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1048
        "490998033971789476107463";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1049
    private static final String RSA_PRIV =
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1050
        "016116973584421969795445996229612671947635798429212816611707210835" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1051
        "915586591340598683996088487065438751488342251960069575392056288063" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1052
        "6800379454345804879553";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1053
    private static final String RSA_PUB = "065537";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1054
    private static final String RSA_1024_MOD = "098871307553789439961130765" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1055
        "909423744508062468450669519128736624058048856940468016843888594585" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1056
        "322862378444314635412341974900625010364163960238734457710620107530" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1057
        "573945081856371709138380902553309075505688814637544923038853658690" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1058
        "857672483016239697038853418682988686871489963827000080098971762923" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1059
        "833614557257607521";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1060
    private static final String RSA_1024_PRIV = "03682574144968491431483287" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1061
        "297021581096848810374110568017963075809477047466189822987258068867" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1062
        "704855380407747867998863645890602646601140183818953428006646987710" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1063
        "237008997971129772408397621801631622129297063463868593083106979716" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1064
        "204903524890556839550490384015324575598723478554854070823335021842" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1065
        "210112348400928769";
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1066
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1067
    private static PublicKey getPublicKey(String algo) throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1068
        return getPublicKey(algo, 512);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1069
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1070
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1071
    private static PublicKey getPublicKey(String algo, int keysize)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1072
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1073
        KeyFactory kf = KeyFactory.getInstance(algo);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1074
        KeySpec kspec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1075
        if (algo.equalsIgnoreCase("DSA")) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1076
            kspec = new DSAPublicKeySpec(new BigInteger(DSA_Y),
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1077
                                         new BigInteger(DSA_P),
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1078
                                         new BigInteger(DSA_Q),
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1079
                                         new BigInteger(DSA_G));
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1080
        } else if (algo.equalsIgnoreCase("RSA")) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1081
            if (keysize == 512) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1082
                kspec = new RSAPublicKeySpec(new BigInteger(RSA_MOD),
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1083
                                             new BigInteger(RSA_PUB));
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1084
            } else {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1085
                kspec = new RSAPublicKeySpec(new BigInteger(RSA_1024_MOD),
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1086
                                             new BigInteger(RSA_PUB));
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1087
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1088
        } else throw new RuntimeException("Unsupported key algorithm " + algo);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1089
        return kf.generatePublic(kspec);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1090
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1091
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1092
    private static PrivateKey getPrivateKey(String algo) throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1093
        return getPrivateKey(algo, 512);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1094
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1095
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1096
    private static PrivateKey getPrivateKey(String algo, int keysize)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1097
        throws Exception {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1098
        KeyFactory kf = KeyFactory.getInstance(algo);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1099
        KeySpec kspec;
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1100
        if (algo.equalsIgnoreCase("DSA")) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1101
            kspec = new DSAPrivateKeySpec
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1102
                (new BigInteger(DSA_X), new BigInteger(DSA_P),
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1103
                 new BigInteger(DSA_Q), new BigInteger(DSA_G));
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1104
        } else if (algo.equalsIgnoreCase("RSA")) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1105
            if (keysize == 512) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1106
                kspec = new RSAPrivateKeySpec
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1107
                    (new BigInteger(RSA_MOD), new BigInteger(RSA_PRIV));
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1108
            } else {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1109
                kspec = new RSAPrivateKeySpec(new BigInteger(RSA_1024_MOD),
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1110
                                              new BigInteger(RSA_1024_PRIV));
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1111
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1112
        } else throw new RuntimeException("Unsupported key algorithm " + algo);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1113
        return kf.generatePrivate(kspec);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1114
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1115
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1116
    private static SecretKey getSecretKey(final byte[] secret) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1117
        return new SecretKey() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1118
            public String getFormat()   { return "RAW"; }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1119
            public byte[] getEncoded()  { return secret; }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1120
            public String getAlgorithm(){ return "SECRET"; }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1121
        };
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1122
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1123
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1124
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1125
     * This URIDereferencer returns locally cached copies of http content to
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1126
     * avoid test failures due to network glitches, etc.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1127
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1128
    private static class HttpURIDereferencer implements URIDereferencer {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1129
        private URIDereferencer defaultUd;
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1130
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1131
        HttpURIDereferencer() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1132
            defaultUd = XMLSignatureFactory.getInstance().getURIDereferencer();
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1133
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1134
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1135
        public Data dereference(final URIReference ref, XMLCryptoContext ctx)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1136
        throws URIReferenceException {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1137
            String uri = ref.getURI();
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1138
            if (uri.equals(STYLESHEET) || uri.equals(STYLESHEET_B64)) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1139
                try {
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1140
                    FileInputStream fis = new FileInputStream(new File
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1141
                        (DATA_DIR, uri.substring(uri.lastIndexOf('/'))));
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1142
                    return new OctetStreamData(fis,ref.getURI(),ref.getType());
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1143
                } catch (Exception e) { throw new URIReferenceException(e); }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1144
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1145
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1146
            // fallback on builtin deref
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1147
            return defaultUd.dereference(ref, ctx);
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1148
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1149
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1150
}