/*

 * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,

 * CA 95054 USA or visit www.sun.com if you need additional information or

 * have any questions.

 */

/**

 * @test

 * @bug 4635230 6283345 6303830 6824440 6867348

 * @summary Basic unit tests for generating XML Signatures with JSR 105

 * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java

 *     X509KeySelector.java GenerationTests.java

 * @run main GenerationTests

 * @author Sean Mullan

 */

import java.io.*;

import java.math.BigInteger;

import java.security.Key;

import java.security.KeyFactory;

import java.security.KeyStore;

import java.security.PrivateKey;

import java.security.PublicKey;

import java.security.cert.Certificate;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.security.cert.X509CRL;

import java.security.spec.KeySpec;

import java.security.spec.DSAPrivateKeySpec;

import java.security.spec.DSAPublicKeySpec;

import java.security.spec.RSAPrivateKeySpec;

import java.security.spec.RSAPublicKeySpec;

import java.util.*;

import javax.crypto.SecretKey;

import javax.xml.XMLConstants;

import javax.xml.parsers.*;

import org.w3c.dom.*;

import javax.xml.crypto.Data;

import javax.xml.crypto.KeySelector;

import javax.xml.crypto.OctetStreamData;

import javax.xml.crypto.URIDereferencer;

import javax.xml.crypto.URIReference;

import javax.xml.crypto.URIReferenceException;

import javax.xml.crypto.XMLCryptoContext;

import javax.xml.crypto.XMLStructure;

import javax.xml.crypto.dsig.*;

import javax.xml.crypto.dom.*;

import javax.xml.crypto.dsig.dom.DOMSignContext;

import javax.xml.crypto.dsig.dom.DOMValidateContext;

import javax.xml.crypto.dsig.keyinfo.*;

import javax.xml.crypto.dsig.spec.*;

import javax.xml.transform.*;

import javax.xml.transform.dom.DOMSource;

import javax.xml.transform.stream.StreamResult;

/**

 * Test that recreates merlin-xmldsig-twenty-three test vectors but with

 * different keys and X.509 data.

 */

public class GenerationTests {

    private static XMLSignatureFactory fac;

    private static KeyInfoFactory kifac;

    private static DocumentBuilder db;

    private static CanonicalizationMethod withoutComments;

    private static SignatureMethod dsaSha1, rsaSha1, rsaSha256, rsaSha384, rsaSha512;

    private static DigestMethod sha1, sha256, sha384, sha512;

    private static KeyInfo dsa, rsa, rsa1024;

    private static KeySelector kvks = new KeySelectors.KeyValueKeySelector();

    private static KeySelector sks;

    private static Key signingKey;

    private static PublicKey validatingKey;

    private static Certificate signingCert;

    private static KeyStore ks;

    private final static String DIR = System.getProperty("test.src", ".");

//    private final static String DIR = ".";

    private final static String DATA_DIR =

        DIR + System.getProperty("file.separator") + "data";

    private final static String KEYSTORE =

        DATA_DIR + System.getProperty("file.separator") + "certs" +

        System.getProperty("file.separator") + "test.jks";

    private final static String CRL =

        DATA_DIR + System.getProperty("file.separator") + "certs" +

        System.getProperty("file.separator") + "crl";

    private final static String ENVELOPE =

        DATA_DIR + System.getProperty("file.separator") + "envelope.xml";

    private static URIDereferencer httpUd = null;

    private final static String STYLESHEET =

        "http://www.w3.org/TR/xml-stylesheet";

    private final static String STYLESHEET_B64 =

        "http://www.w3.org/Signature/2002/04/xml-stylesheet.b64";

    public static void main(String args[]) throws Exception {

        setup();

        test_create_signature_enveloped_dsa();

        test_create_signature_enveloping_b64_dsa();

        test_create_signature_enveloping_dsa();

        test_create_signature_enveloping_hmac_sha1_40();

        test_create_signature_enveloping_hmac_sha256();

        test_create_signature_enveloping_hmac_sha384();

        test_create_signature_enveloping_hmac_sha512();

        test_create_signature_enveloping_rsa();

        test_create_signature_external_b64_dsa();

        test_create_signature_external_dsa();

        test_create_signature_keyname();

        test_create_signature_retrievalmethod_rawx509crt();

        test_create_signature_x509_crt_crl();

        test_create_signature_x509_crt();

        test_create_signature_x509_is();

        test_create_signature_x509_ski();

        test_create_signature_x509_sn();

        test_create_signature();

        test_create_exc_signature();

        test_create_sign_spec();

        test_create_signature_enveloping_sha256_dsa();

        test_create_signature_enveloping_sha384_rsa_sha256();

        test_create_signature_enveloping_sha512_rsa_sha384();

        test_create_signature_enveloping_sha512_rsa_sha512();

        test_create_signature_reference_dependency();

    }

    private static void setup() throws Exception {

        fac = XMLSignatureFactory.getInstance();

        kifac = fac.getKeyInfoFactory();

        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

        dbf.setNamespaceAware(true);

        db = dbf.newDocumentBuilder();

        // get key & self-signed certificate from keystore

        FileInputStream fis = new FileInputStream(KEYSTORE);

        ks = KeyStore.getInstance("JKS");

        ks.load(fis, "changeit".toCharArray());

        signingKey = ks.getKey("user", "changeit".toCharArray());

        signingCert = ks.getCertificate("user");

        validatingKey = signingCert.getPublicKey();

        // create common objects

        withoutComments = fac.newCanonicalizationMethod

            (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null);

        dsaSha1 = fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null);

        sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);

        sha256 = fac.newDigestMethod(DigestMethod.SHA256, null);

        sha384 = fac.newDigestMethod

            ("http://www.w3.org/2001/04/xmldsig-more#sha384", null);

        sha512 = fac.newDigestMethod(DigestMethod.SHA512, null);

        dsa = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyValue(validatingKey)));

        rsa = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyValue(getPublicKey("RSA"))));

        rsa1024 = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyValue(getPublicKey("RSA", 1024))));

        rsaSha1 = fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null);

        rsaSha256 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);

        rsaSha384 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null);

        rsaSha512 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null);

        sks = new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));

        httpUd = new HttpURIDereferencer();

    }

    static void test_create_signature_enveloped_dsa() throws Exception {

        System.out.println("* Generating signature-enveloped-dsa.xml");

        // create SignedInfo

        SignedInfo si = fac.newSignedInfo

            (withoutComments, dsaSha1, Collections.singletonList

                (fac.newReference

                    ("", sha1, Collections.singletonList

                        (fac.newTransform(Transform.ENVELOPED,

                            (TransformParameterSpec) null)),

                 null, null)));

        // create XMLSignature

        XMLSignature sig = fac.newXMLSignature(si, dsa);

        Document doc = db.newDocument();

        Element envelope = doc.createElementNS

            ("http://example.org/envelope", "Envelope");

        envelope.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI,

            "xmlns", "http://example.org/envelope");

        doc.appendChild(envelope);

        DOMSignContext dsc = new DOMSignContext(signingKey, envelope);

        sig.sign(dsc);

//      StringWriter sw = new StringWriter();

//      dumpDocument(doc, sw);

//      System.out.println(sw.toString());

        DOMValidateContext dvc = new DOMValidateContext

            (kvks, envelope.getFirstChild());

        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);

        if (sig.equals(sig2) == false) {

            throw new Exception

                ("Unmarshalled signature is not equal to generated signature");

        }

        if (sig2.validate(dvc) == false) {

            throw new Exception("Validation of generated signature failed");

        }

        System.out.println();

    }

    static void test_create_signature_enveloping_b64_dsa() throws Exception {

        System.out.println("* Generating signature-enveloping-b64-dsa.xml");

        test_create_signature_enveloping

            (sha1, dsaSha1, dsa, signingKey, kvks, true);

        System.out.println();

    }

    static void test_create_signature_enveloping_dsa() throws Exception {

        System.out.println("* Generating signature-enveloping-dsa.xml");

        test_create_signature_enveloping

            (sha1, dsaSha1, dsa, signingKey, kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_sha256_dsa() throws Exception {

        System.out.println("* Generating signature-enveloping-sha256-dsa.xml");

        test_create_signature_enveloping

            (sha256, dsaSha1, dsa, signingKey, kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_hmac_sha1_40()

        throws Exception {

        System.out.println("* Generating signature-enveloping-hmac-sha1-40.xml");

        SignatureMethod hmacSha1 = fac.newSignatureMethod

            (SignatureMethod.HMAC_SHA1, new HMACParameterSpec(40));

        try {

            test_create_signature_enveloping(sha1, hmacSha1, null,

                getSecretKey("secret".getBytes("ASCII")), sks, false);

        } catch (Exception e) {

            if (!(e instanceof XMLSignatureException)) {

                throw e;

            }

        }

        System.out.println();

    }

    static void test_create_signature_enveloping_hmac_sha256()

        throws Exception {

        System.out.println("* Generating signature-enveloping-hmac-sha256.xml");

        SignatureMethod hmacSha256 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", null);

        test_create_signature_enveloping(sha1, hmacSha256, null,

            getSecretKey("secret".getBytes("ASCII")), sks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_hmac_sha384()

        throws Exception {

        System.out.println("* Generating signature-enveloping-hmac-sha384.xml");

        SignatureMethod hmacSha384 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384", null);

        test_create_signature_enveloping(sha1, hmacSha384, null,

            getSecretKey("secret".getBytes("ASCII")), sks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_hmac_sha512()

        throws Exception {

        System.out.println("* Generating signature-enveloping-hmac-sha512.xml");

        SignatureMethod hmacSha512 = fac.newSignatureMethod

            ("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512", null);

        test_create_signature_enveloping(sha1, hmacSha512, null,

            getSecretKey("secret".getBytes("ASCII")), sks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_rsa() throws Exception {

        System.out.println("* Generating signature-enveloping-rsa.xml");

        test_create_signature_enveloping(sha1, rsaSha1, rsa,

            getPrivateKey("RSA"), kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_sha384_rsa_sha256()

        throws Exception {

        System.out.println("* Generating signature-enveloping-sha384-rsa_sha256.xml");

        test_create_signature_enveloping(sha384, rsaSha256, rsa,

            getPrivateKey("RSA"), kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_sha512_rsa_sha384()

        throws Exception {

        System.out.println("* Generating signature-enveloping-sha512-rsa_sha384.xml");

        test_create_signature_enveloping(sha512, rsaSha384, rsa1024,

            getPrivateKey("RSA", 1024), kvks, false);

        System.out.println();

    }

    static void test_create_signature_enveloping_sha512_rsa_sha512()

        throws Exception {

        System.out.println("* Generating signature-enveloping-sha512-rsa_sha512.xml");

        test_create_signature_enveloping(sha512, rsaSha512, rsa1024,

            getPrivateKey("RSA", 1024), kvks, false);

        System.out.println();

    }

    static void test_create_signature_external_b64_dsa() throws Exception {

        System.out.println("* Generating signature-external-b64-dsa.xml");

        test_create_signature_external(dsaSha1, dsa, signingKey, kvks, true);

        System.out.println();

    }

    static void test_create_signature_external_dsa() throws Exception {

        System.out.println("* Generating signature-external-dsa.xml");

        test_create_signature_external(dsaSha1, dsa, signingKey, kvks, false);

        System.out.println();

    }

    static void test_create_signature_keyname() throws Exception {

        System.out.println("* Generating signature-keyname.xml");

        KeyInfo kn = kifac.newKeyInfo(Collections.singletonList

            (kifac.newKeyName("user")));

        test_create_signature_external(dsaSha1, kn, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_retrievalmethod_rawx509crt()

        throws Exception {

        System.out.println(

            "* Generating signature-retrievalmethod-rawx509crt.xml");

        KeyInfo rm = kifac.newKeyInfo(Collections.singletonList

            (kifac.newRetrievalMethod

            ("certs/user.crt", X509Data.RAW_X509_CERTIFICATE_TYPE, null)));

        test_create_signature_external(dsaSha1, rm, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_x509_crt_crl() throws Exception {

        System.out.println("* Generating signature-x509-crt-crl.xml");

        List<Object> xds = new ArrayList<Object>();

        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        xds.add(signingCert);

        FileInputStream fis = new FileInputStream(CRL);

        X509CRL crl = (X509CRL) cf.generateCRL(fis);

        fis.close();

        xds.add(crl);

        KeyInfo crt_crl = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(xds)));

        test_create_signature_external(dsaSha1, crt_crl, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_x509_crt() throws Exception {

        System.out.println("* Generating signature-x509-crt.xml");

        KeyInfo crt = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(Collections.singletonList(signingCert))));

        test_create_signature_external(dsaSha1, crt, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_x509_is() throws Exception {

        System.out.println("* Generating signature-x509-is.xml");

        KeyInfo is = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(Collections.singletonList

            (kifac.newX509IssuerSerial

            ("CN=User", new BigInteger("45ef2729", 16))))));

        test_create_signature_external(dsaSha1, is, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_x509_ski() throws Exception {

        System.out.println("* Generating signature-x509-ski.xml");

        KeyInfo ski = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(Collections.singletonList

            ("keyid".getBytes("ASCII")))));

        test_create_signature_external(dsaSha1, ski, signingKey,

            KeySelector.singletonKeySelector(validatingKey), false);

        System.out.println();

    }

    static void test_create_signature_x509_sn() throws Exception {

        System.out.println("* Generating signature-x509-sn.xml");

        KeyInfo sn = kifac.newKeyInfo(Collections.singletonList

            (kifac.newX509Data(Collections.singletonList("CN=User"))));

        test_create_signature_external(dsaSha1, sn, signingKey,

            new X509KeySelector(ks), false);

        System.out.println();

    }

    static void test_create_signature_reference_dependency() throws Exception {

        System.out.println("* Generating signature-reference-dependency.xml");

        // create references

        List<Reference> refs = Collections.singletonList

            (fac.newReference("#object-1", sha1));

        // create SignedInfo

        SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);

        // create objects

        List<XMLStructure> objs = new ArrayList<XMLStructure>();

        // Object 1

        List<Reference> manRefs = Collections.singletonList

            (fac.newReference("#object-2", sha1));

        objs.add(fac.newXMLObject(Collections.singletonList

            (fac.newManifest(manRefs, "manifest-1")), "object-1", null, null));

        // Object 2

        Document doc = db.newDocument();

        Element nc = doc.createElementNS(null, "NonCommentandus");

        nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");

        nc.appendChild(doc.createComment(" Commentandum "));

        objs.add(fac.newXMLObject(Collections.singletonList

            (new DOMStructure(nc)), "object-2", null, null));

        // create XMLSignature

        XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null);

        DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc);

        sig.sign(dsc);

//      dumpDocument(doc, new PrintWriter(System.out));

        DOMValidateContext dvc = new DOMValidateContext

            (kvks, doc.getDocumentElement());

        XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);

        if (sig.equals(sig2) == false) {

            throw new Exception

                ("Unmarshalled signature is not equal to generated signature");

        }

        if (sig2.validate(dvc) == false) {

            throw new Exception("Validation of generated signature failed");

        }

        System.out.println();

    }

    static void test_create_signature() throws Exception {

        System.out.println("* Generating signature.xml");

        // create references

        List<Reference> refs = new ArrayList<Reference>();

        // Reference 1

        refs.add(fac.newReference(STYLESHEET, sha1));

        // Reference 2

        refs.add(fac.newReference

            (STYLESHEET_B64,

            sha1, Collections.singletonList

            (fac.newTransform(Transform.BASE64,

                (TransformParameterSpec) null)), null, null));

        // Reference 3

        refs.add(fac.newReference("#object-1", sha1, Collections.singletonList

            (fac.newTransform(Transform.XPATH,

            new XPathFilterParameterSpec("self::text()"))),

            XMLObject.TYPE, null));

        // Reference 4

        String expr = "\n"

          + " ancestor-or-self::dsig:SignedInfo                  " + "\n"

          + "  and                                               " + "\n"

          + " count(ancestor-or-self::dsig:Reference |           " + "\n"

          + "      here()/ancestor::dsig:Reference[1]) >         " + "\n"

          + " count(ancestor-or-self::dsig:Reference)            " + "\n"

          + "  or                                                " + "\n"

          + " count(ancestor-or-self::node() |                   " + "\n"

          + "      id('notaries')) =                             " + "\n"

          + " count(ancestor-or-self::node())                    " + "\n";

        XPathFilterParameterSpec xfp = new XPathFilterParameterSpec(expr,

            Collections.singletonMap("dsig", XMLSignature.XMLNS));

        refs.add(fac.newReference("", sha1, Collections.singletonList

            (fac.newTransform(Transform.XPATH, xfp)),

            XMLObject.TYPE, null));

        // Reference 5

        refs.add(fac.newReference("#object-2", sha1, Collections.singletonList

            (fac.newTransform

                (Transform.BASE64, (TransformParameterSpec) null)),

            XMLObject.TYPE, null));

        // Reference 6

        refs.add(fac.newReference

            ("#manifest-1", sha1, null, Manifest.TYPE, null));

        // Reference 7

        refs.add(fac.newReference("#signature-properties-1", sha1, null,

            SignatureProperties.TYPE, null));

        // Reference 8

        List<Transform> transforms = new ArrayList<Transform>();

        transforms.add(fac.newTransform

            (Transform.ENVELOPED, (TransformParameterSpec) null));

        refs.add(fac.newReference("", sha1, transforms, null, null));

        // Reference 9