8079138: Additional negative tests for XML signature processing
Reviewed-by: mullan
--- a/jdk/test/javax/xml/crypto/dsig/ValidationTests.java Mon May 18 18:57:35 2015 +0530
+++ b/jdk/test/javax/xml/crypto/dsig/ValidationTests.java Mon May 18 17:34:48 2015 +0300
@@ -35,6 +35,7 @@
import java.security.*;
import javax.xml.crypto.Data;
import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.MarshalException;
import javax.xml.crypto.OctetStreamData;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.URIReference;
@@ -60,9 +61,17 @@
static class Test {
String file;
KeySelector ks;
- Test(String file, KeySelector ks) {
+ Class exception;
+
+ Test(String file, KeySelector ks, Class exception) {
this.file = file;
this.ks = ks;
+ this.exception = exception;
+ }
+
+ // XMLSignatureException is expected by default
+ Test(String file, KeySelector ks) {
+ this(file, ks, XMLSignatureException.class);
}
}
@@ -110,7 +119,17 @@
private final static Test[] INVALID_TESTS = {
new Test("signature-enveloping-hmac-sha1-40.xml", SKKS),
new Test("signature-enveloping-hmac-sha1-trunclen-0-attack.xml", SKKS),
- new Test("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", SKKS)
+ new Test("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", SKKS),
+ new Test("signature-extra-text-in-signed-info.xml", SKKS,
+ MarshalException.class),
+ new Test("signature-wrong-canonicalization-method-algorithm.xml", SKKS,
+ MarshalException.class),
+ new Test("signature-wrong-transform-algorithm.xml", SKKS,
+ MarshalException.class),
+ new Test("signature-no-reference-uri.xml", SKKS),
+ new Test("signature-wrong-signature-method-algorithm.xml", SKKS,
+ MarshalException.class),
+ new Test("signature-wrong-tag-names.xml", SKKS, MarshalException.class)
};
public static void main(String args[]) throws Exception {
@@ -143,9 +162,14 @@
test_signature(test);
System.out.println("FAILED");
atLeastOneFailed = true;
- } catch (XMLSignatureException xse) {
- System.out.println(xse.getMessage());
- System.out.println("PASSED");
+ } catch (Exception e) {
+ System.out.println("Exception: " + e);
+ if (e.getClass() != test.exception) {
+ System.out.println("FAILED: unexpected exception");
+ atLeastOneFailed = true;
+ } else {
+ System.out.println("PASSED");
+ }
}
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/xml/crypto/dsig/data/signature-extra-text-in-signed-info.xml Mon May 18 17:34:48 2015 +0300
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue><test>extra text</test></Reference></SignedInfo><SignatureValue>iTrgJERmYeD5hFwY8/MwJpkF+nd++AAOgf/Kxt9SwdE6BIYq2Vyxq4CQPhD+t2971BGTgvF6ejZd
++/Ko4Zs5Dqf4Lt65Vck0q43rM0PdP1e8gJov0IPYnZ1zeqFpah+N/OjmqTbshaZWRIjf3eqS6en5
+ZKjn+TkCQ1kOX/YUNDc=</SignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/xml/crypto/dsig/data/signature-no-reference-uri.xml Mon May 18 17:34:48 2015 +0300
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue></Reference></SignedInfo><SignatureValue>BNPSYlNcyXcO/Tc1tr9mQ/KAZ40eFybLTDyB/HH1EHHMpc972A+nOX2EWBaLsVgG8apl0Isp1ZqV
+gmoDHNF6xrcJJQVydVJzU08GVV4GiXHMqRYQbted7STQLhlhssvNNdMEoVApsX5ByL66wxKZQXrT
+z1kZtOHAi88DOrmIJu0=</SignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/xml/crypto/dsig/data/signature-wrong-canonicalization-method-algorithm.xml Mon May 18 17:34:48 2015 +0300
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://oracle.com"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue></Reference></SignedInfo><SignatureValue>EBbyEV7e+1CTUsyCTyxiN8p+U3/za1oTjK7q+kF8Q87r8e/7C1z4ndGWbk6zyI3w6leT+I2suW9U
+KkdvkrDXX2OyLw0GfgJfLkNn+1pGK6kyWpL95NoWJZhHkUAKKBZ0ikfZ4j33gYxrYK+IYCLeZYzr
+hlZjdXXXCiSH0Sq+weQ=</SignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/xml/crypto/dsig/data/signature-wrong-signature-method-algorithm.xml Mon May 18 17:34:48 2015 +0300
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="bogus://bogus"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue></Reference></SignedInfo><SignatureValue>RjL9nfQg9u6+KEFfAlBBH7E7ilFgB7YEQ5MxOIJN/fOdQmc5iDD+YuhiHzNGXGi/UOyo6t8LxTxl
+X4oFE1RNlPVkSAZK4LcTWhVa757WwgW1/EZo8PQYWp5NScLq6PumYaujoovSYBKW2N6+jQpnD/L6
+4cuEVNnwEFqvOLrjogY=</SignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/xml/crypto/dsig/data/signature-wrong-tag-names.xml Mon May 18 17:34:48 2015 +0300
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><aSignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><aCanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></aCanonicalizationMethod><aSignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></aSignatureMethod><aReference URI=""><Transforms><aTransform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></aTransform></Transforms><aDigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></aDigestMethod><aDigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</aDigestValue></aReference></aSignedInfo><aSignatureValue>cbNpPGavhM0BGUtrvLxvy2SCIt+I27BPpVEt0Q9mXrdPYurMqWF/67AdY9m5RqS7+ZZlwUtem083
+MczRYbKoOIq7sMbCqKKdzbSE/U6rfmky/ACQ5wgemZl8jtipwu5LhAUzjhzT8hhTjVqOYpHdkVJz
+l9dnd9eWbLmEr3BI0VA=</aSignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/xml/crypto/dsig/data/signature-wrong-transform-algorithm.xml Mon May 18 17:34:48 2015 +0300
@@ -0,0 +1,4 @@
+<!-- This XML signature contains a Transform with wrong algorithm -->
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="bogus://bogus"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue></Reference></SignedInfo><SignatureValue>Wzyx3jgEKGwY+pBXBmqWLWhASHQYCCGZVii5sKKKeZUBKxNBthjiSVfzKANuLgX6zAt16XRycrSL
+zFKTPuvGeWVPDvd+KTNKCJxN9ccrG7v23EM7RY2eMJGu2r5DLfKwV7H6YuJPsOuWifVkKAhvq7gd
+6akJshxyAj9Ud+mjo48=</SignatureValue></Signature></test>
\ No newline at end of file