javax.xml.crypto.dsig.dom.DOMValidateContext Java Examples
The following examples show how to use
javax.xml.crypto.dsig.dom.DOMValidateContext.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TmchXmlSignature.java From nomulus with Apache License 2.0 | 6 votes |
|
private static String explainValidationProblem(
DOMValidateContext context, XMLSignature signature)
throws XMLSignatureException {
@SuppressWarnings("unchecked") // Safe by specification.
List<Reference> references = signature.getSignedInfo().getReferences();
StringBuilder builder = new StringBuilder();
builder.append("Signature failed core validation\n");
boolean sv = signature.getSignatureValue().validate(context);
builder.append(String.format("Signature validation status: %s\n", sv));
for (Reference ref : references) {
builder.append("references[");
builder.append(ref.getURI());
builder.append("] validity status: ");
builder.append(ref.validate(context));
builder.append("\n");
}
return builder.toString();
}
Example #2
| Source File: XMLUtils.java From Websocket-Smart-Card-Signer with GNU Affero General Public License v3.0 | 5 votes |
|
public static boolean verifySignature(Document doc , X509Certificate cert) {
try{
if (doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature").getLength() == 0)
throw new Exception("Cannot find Signature element");
DOMValidateContext valContext = new DOMValidateContext(cert.getPublicKey(), doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature").item(0));
XMLSignature signature = XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(valContext);
return signature.validate(valContext);
}catch(Exception e){e.printStackTrace();}
return false;
}
Example #3
| Source File: DOMXMLSignatureFactory.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
public XMLSignature unmarshalXMLSignature(XMLValidateContext context)
throws MarshalException {
if (context == null) {
throw new NullPointerException("context cannot be null");
}
return unmarshal(((DOMValidateContext) context).getNode(), context);
}
Example #4
| Source File: XMLDSigVerifier.java From alpha-wallet-android with MIT License | 5 votes |
|
XMLSignature getValidXMLSignature(InputStream fileStream)
throws ParserConfigurationException,
IOException,
SAXException,
MarshalException,
XMLSignatureException,
DOMException
{
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
dbFactory.setNamespaceAware(true);
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
Document xml = dBuilder.parse(fileStream);
xml.getDocumentElement().normalize();
// Find Signature element
NodeList nl = xml.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0)
{
throw new DOMException(DOMException.INDEX_SIZE_ERR, "Missing elements");
}
// Create a DOM XMLSignatureFactory that will be used to unmarshal the
// document containing the XMLSignature
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create a DOMValidateContext and specify a KeyValue KeySelector
// and document context
DOMValidateContext valContext = new DOMValidateContext(new SigningCertSelector(), nl.item(0));
// unmarshal the XMLSignature
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean validSig = signature.validate(valContext);
if(!validSig)
{
throw new XMLSignatureException("Invalid XML signature");
}
return signature;
}
Example #5
| Source File: DOMXMLSignatureFactory.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
public XMLSignature unmarshalXMLSignature(XMLValidateContext context)
throws MarshalException {
if (context == null) {
throw new NullPointerException("context cannot be null");
}
return unmarshal(((DOMValidateContext) context).getNode(), context);
}
Example #6
| Source File: DOMXMLSignatureFactory.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
public XMLSignature unmarshalXMLSignature(XMLValidateContext context)
throws MarshalException {
if (context == null) {
throw new NullPointerException("context cannot be null");
}
return unmarshal(((DOMValidateContext) context).getNode(), context);
}
Example #7
| Source File: DOMXMLSignatureFactory.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
public XMLSignature unmarshalXMLSignature(XMLValidateContext context)
throws MarshalException {
if (context == null) {
throw new NullPointerException("context cannot be null");
}
return unmarshal(((DOMValidateContext) context).getNode(), context);
}
Example #8
| Source File: DOMXMLSignatureFactory.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
public XMLSignature unmarshalXMLSignature(XMLValidateContext context)
throws MarshalException {
if (context == null) {
throw new NullPointerException("context cannot be null");
}
return unmarshal(((DOMValidateContext) context).getNode(), context);
}
Example #9
| Source File: DOMXMLSignatureFactory.java From hottub with GNU General Public License v2.0 | 5 votes |
|
public XMLSignature unmarshalXMLSignature(XMLValidateContext context)
throws MarshalException {
if (context == null) {
throw new NullPointerException("context cannot be null");
}
return unmarshal(((DOMValidateContext) context).getNode(), context);
}
Example #10
| Source File: DOMXMLSignatureFactory.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public XMLSignature unmarshalXMLSignature(XMLValidateContext context)
throws MarshalException {
if (context == null) {
throw new NullPointerException("context cannot be null");
}
return unmarshal(((DOMValidateContext) context).getNode(), context);
}
Example #11
| Source File: TmchXmlSignature.java From nomulus with Apache License 2.0 | 5 votes |
|
/**
* Verifies that signed mark data contains a valid signature.
*
* <p>This method DOES NOT check if the SMD ID is revoked. It's only concerned with the
* cryptographic stuff.
*
* @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH,
* incorrect keys, and for invalid, old, not-yet-valid or revoked certificates.
*/
public void verify(byte[] smdXml)
throws GeneralSecurityException, IOException, MarshalException, ParserConfigurationException,
SAXException, XMLSignatureException {
checkArgument(smdXml.length > 0);
Document doc = parseSmdDocument(new ByteArrayInputStream(smdXml));
NodeList signatureNodes = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (signatureNodes.getLength() != 1) {
throw new XMLSignatureException("Expected exactly one <ds:Signature> element.");
}
XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
KeyValueKeySelector selector = new KeyValueKeySelector(tmchCertificateAuthority);
DOMValidateContext context = new DOMValidateContext(selector, signatureNodes.item(0));
XMLSignature signature = factory.unmarshalXMLSignature(context);
boolean isValid;
try {
isValid = signature.validate(context);
} catch (XMLSignatureException e) {
throwIfInstanceOf(getRootCause(e), GeneralSecurityException.class);
throw e;
}
if (!isValid) {
throw new XMLSignatureException(explainValidationProblem(context, signature));
}
}
Example #12
| Source File: GenerationTests.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
static void test_create_sign_spec() throws Exception {
System.out.println("* Generating sign-spec.xml");
List<Reference> refs = new ArrayList<Reference>(2);
// create reference 1
List<XPathType> types = new ArrayList<XPathType>(3);
types.add(new XPathType(" //ToBeSigned ", XPathType.Filter.INTERSECT));
types.add(new XPathType(" //NotToBeSigned ",
XPathType.Filter.SUBTRACT));
types.add(new XPathType(" //ReallyToBeSigned ",
XPathType.Filter.UNION));
XPathFilter2ParameterSpec xp1 = new XPathFilter2ParameterSpec(types);
refs.add(fac.newReference
("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform(Transform.XPATH2, xp1)),
null, null));
// create reference 2
List<Transform> trans2 = new ArrayList<Transform>(2);
trans2.add(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null));
XPathFilter2ParameterSpec xp2 = new XPathFilter2ParameterSpec
(Collections.singletonList
(new XPathType(" / ", XPathType.Filter.UNION)));
trans2.add(fac.newTransform(Transform.XPATH2, xp2));
refs.add(fac.newReference("#signature-value",
fac.newDigestMethod(DigestMethod.SHA1, null), trans2, null, null));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
// create KeyInfo
List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
kits.add(kifac.newKeyValue(validatingKey));
List<Object> xds = new ArrayList<Object>(2);
xds.add("CN=User");
xds.add(signingCert);
kits.add(kifac.newX509Data(xds));
KeyInfo ki = kifac.newKeyInfo(kits);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature
(si, ki, null, null, "signature-value");
Document doc = db.newDocument();
Element tbs1 = doc.createElementNS(null, "ToBeSigned");
Comment tbs1Com = doc.createComment(" comment ");
Element tbs1Data = doc.createElementNS(null, "Data");
Element tbs1ntbs = doc.createElementNS(null, "NotToBeSigned");
Element tbs1rtbs = doc.createElementNS(null, "ReallyToBeSigned");
Comment tbs1rtbsCom = doc.createComment(" comment ");
Element tbs1rtbsData = doc.createElementNS(null, "Data");
tbs1rtbs.appendChild(tbs1rtbsCom);
tbs1rtbs.appendChild(tbs1rtbsData);
tbs1ntbs.appendChild(tbs1rtbs);
tbs1.appendChild(tbs1Com);
tbs1.appendChild(tbs1Data);
tbs1.appendChild(tbs1ntbs);
Element tbs2 = doc.createElementNS(null, "ToBeSigned");
Element tbs2Data = doc.createElementNS(null, "Data");
Element tbs2ntbs = doc.createElementNS(null, "NotToBeSigned");
Element tbs2ntbsData = doc.createElementNS(null, "Data");
tbs2ntbs.appendChild(tbs2ntbsData);
tbs2.appendChild(tbs2Data);
tbs2.appendChild(tbs2ntbs);
Element document = doc.createElementNS(null, "Document");
document.appendChild(tbs1);
document.appendChild(tbs2);
doc.appendChild(document);
DOMSignContext dsc = new DOMSignContext(signingKey, document);
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext
(new KeySelectors.KeyValueKeySelector(), document.getLastChild());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #13
| Source File: GenerationTests.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
static void test_create_signature_reference_dependency() throws Exception {
System.out.println("* Generating signature-reference-dependency.xml");
// create references
List<Reference> refs = Collections.singletonList
(fac.newReference("#object-1", sha1));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
// create objects
List<XMLStructure> objs = new ArrayList<XMLStructure>();
// Object 1
List<Reference> manRefs = Collections.singletonList
(fac.newReference("#object-2", sha1));
objs.add(fac.newXMLObject(Collections.singletonList
(fac.newManifest(manRefs, "manifest-1")), "object-1", null, null));
// Object 2
Document doc = db.newDocument();
Element nc = doc.createElementNS(null, "NonCommentandus");
nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");
nc.appendChild(doc.createComment(" Commentandum "));
objs.add(fac.newXMLObject(Collections.singletonList
(new DOMStructure(nc)), "object-2", null, null));
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);
sig.sign(dsc);
// dumpDocument(doc, new PrintWriter(System.out));
DOMValidateContext dvc = new DOMValidateContext
(kvks, doc.getDocumentElement());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #14
| Source File: GenerationTests.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
static void test_create_sign_spec() throws Exception {
System.out.println("* Generating sign-spec.xml");
List<Reference> refs = new ArrayList<Reference>(2);
// create reference 1
List<XPathType> types = new ArrayList<XPathType>(3);
types.add(new XPathType(" //ToBeSigned ", XPathType.Filter.INTERSECT));
types.add(new XPathType(" //NotToBeSigned ",
XPathType.Filter.SUBTRACT));
types.add(new XPathType(" //ReallyToBeSigned ",
XPathType.Filter.UNION));
XPathFilter2ParameterSpec xp1 = new XPathFilter2ParameterSpec(types);
refs.add(fac.newReference
("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform(Transform.XPATH2, xp1)),
null, null));
// create reference 2
List<Transform> trans2 = new ArrayList<Transform>(2);
trans2.add(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null));
XPathFilter2ParameterSpec xp2 = new XPathFilter2ParameterSpec
(Collections.singletonList
(new XPathType(" / ", XPathType.Filter.UNION)));
trans2.add(fac.newTransform(Transform.XPATH2, xp2));
refs.add(fac.newReference("#signature-value",
fac.newDigestMethod(DigestMethod.SHA1, null), trans2, null, null));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
// create KeyInfo
List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
kits.add(kifac.newKeyValue(validatingKey));
List<Object> xds = new ArrayList<Object>(2);
xds.add("CN=User");
xds.add(signingCert);
kits.add(kifac.newX509Data(xds));
KeyInfo ki = kifac.newKeyInfo(kits);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature
(si, ki, null, null, "signature-value");
Document doc = db.newDocument();
Element tbs1 = doc.createElementNS(null, "ToBeSigned");
Comment tbs1Com = doc.createComment(" comment ");
Element tbs1Data = doc.createElementNS(null, "Data");
Element tbs1ntbs = doc.createElementNS(null, "NotToBeSigned");
Element tbs1rtbs = doc.createElementNS(null, "ReallyToBeSigned");
Comment tbs1rtbsCom = doc.createComment(" comment ");
Element tbs1rtbsData = doc.createElementNS(null, "Data");
tbs1rtbs.appendChild(tbs1rtbsCom);
tbs1rtbs.appendChild(tbs1rtbsData);
tbs1ntbs.appendChild(tbs1rtbs);
tbs1.appendChild(tbs1Com);
tbs1.appendChild(tbs1Data);
tbs1.appendChild(tbs1ntbs);
Element tbs2 = doc.createElementNS(null, "ToBeSigned");
Element tbs2Data = doc.createElementNS(null, "Data");
Element tbs2ntbs = doc.createElementNS(null, "NotToBeSigned");
Element tbs2ntbsData = doc.createElementNS(null, "Data");
tbs2ntbs.appendChild(tbs2ntbsData);
tbs2.appendChild(tbs2Data);
tbs2.appendChild(tbs2ntbs);
Element document = doc.createElementNS(null, "Document");
document.appendChild(tbs1);
document.appendChild(tbs2);
doc.appendChild(document);
DOMSignContext dsc = new DOMSignContext(signingKey, document);
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext
(new KeySelectors.KeyValueKeySelector(), document.getLastChild());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #15
| Source File: GenerationTests.java From hottub with GNU General Public License v2.0 | 4 votes |
|
private static void test_create_signature_external
(SignatureMethod sm, KeyInfo ki, Key signingKey, KeySelector ks,
boolean b64) throws Exception {
// create reference
Reference ref;
if (b64) {
ref = fac.newReference
(STYLESHEET_B64,
sha1, Collections.singletonList
(fac.newTransform(Transform.BASE64,
(TransformParameterSpec) null)), null, null);
} else {
ref = fac.newReference(STYLESHEET, sha1);
}
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, sm,
Collections.singletonList(ref));
Document doc = db.newDocument();
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, ki);
DOMSignContext dsc = new DOMSignContext(signingKey, doc);
dsc.setURIDereferencer(httpUd);
sig.sign(dsc);
DOMValidateContext dvc = new DOMValidateContext
(ks, doc.getDocumentElement());
File f = new File(DATA_DIR);
dvc.setBaseURI(f.toURI().toString());
dvc.setURIDereferencer(httpUd);
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
}
Example #16
| Source File: GenerationTests.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
static void test_create_exc_signature() throws Exception {
System.out.println("* Generating exc_signature.xml");
List<Reference> refs = new ArrayList<Reference>(4);
// create reference 1
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform(CanonicalizationMethod.EXCLUSIVE,
(TransformParameterSpec) null)),
null, null));
// create reference 2
List<String> prefixList = new ArrayList<String>(2);
prefixList.add("bar");
prefixList.add("#default");
ExcC14NParameterSpec params = new ExcC14NParameterSpec(prefixList);
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform(CanonicalizationMethod.EXCLUSIVE, params)),
null, null));
// create reference 3
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform
(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS,
(TransformParameterSpec) null)),
null, null));
// create reference 4
prefixList = new ArrayList<String>(2);
prefixList.add("bar");
prefixList.add("#default");
params = new ExcC14NParameterSpec(prefixList);
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform
(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, params)),
null, null));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod
(CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
// create KeyInfo
List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
kits.add(kifac.newKeyValue(validatingKey));
KeyInfo ki = kifac.newKeyInfo(kits);
// create Objects
Document doc = db.newDocument();
Element baz = doc.createElementNS("urn:bar", "bar:Baz");
Comment com = doc.createComment(" comment ");
baz.appendChild(com);
XMLObject obj = fac.newXMLObject(Collections.singletonList
(new DOMStructure(baz)), "to-be-signed", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature
(si, ki, Collections.singletonList(obj), null, null);
Element foo = doc.createElementNS("urn:foo", "Foo");
foo.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "urn:foo");
foo.setAttributeNS
("http://www.w3.org/2000/xmlns/", "xmlns:bar", "urn:bar");
doc.appendChild(foo);
DOMSignContext dsc = new DOMSignContext(signingKey, foo);
dsc.putNamespacePrefix(XMLSignature.XMLNS, "dsig");
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext
(new KeySelectors.KeyValueKeySelector(), foo.getLastChild());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #17
| Source File: GenerationTests.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
static void test_create_signature_with_attr_in_no_namespace()
throws Exception
{
System.out.println
("* Generating signature-with-attr-in-no-namespace.xml");
// create references
List<Reference> refs = Collections.singletonList
(fac.newReference("#unknown", sha1));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
// create object-1
Document doc = db.newDocument();
Element nc = doc.createElementNS(null, "NonCommentandus");
// add attribute with no namespace
nc.setAttribute("Id", "unknown");
XMLObject obj = fac.newXMLObject(Collections.singletonList
(new DOMStructure(nc)), "object-1", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, rsa,
Collections.singletonList(obj),
"signature", null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);
dsc.setIdAttributeNS(nc, null, "Id");
sig.sign(dsc);
// dumpDocument(doc, new PrintWriter(System.out));
DOMValidateContext dvc = new DOMValidateContext
(kvks, doc.getDocumentElement());
dvc.setIdAttributeNS(nc, null, "Id");
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #18
| Source File: XMLDSigWithSecMgr.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
XMLDSigWithSecMgr() throws Exception {
setup();
Document doc = db.newDocument();
Element envelope = doc.createElementNS
("http://example.org/envelope", "Envelope");
envelope.setAttributeNS("http://www.w3.org/2000/xmlns/",
"xmlns", "http://example.org/envelope");
doc.appendChild(envelope);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair kp = kpg.genKeyPair();
// the policy only grants this test SocketPermission to accept, resolve
// and connect to localhost so that it can dereference 2nd reference
System.setProperty("java.security.policy",
System.getProperty("test.src", ".") + File.separator + "policy");
System.setSecurityManager(new SecurityManager());
try {
// generate a signature with SecurityManager enabled
ArrayList refs = new ArrayList();
refs.add(fac.newReference
("", sha1,
Collections.singletonList
(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null));
refs.add(fac.newReference("http://localhost:" + ss.getLocalPort()
+ "/anything.txt", sha1));
SignedInfo si = fac.newSignedInfo(withoutComments,
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);
XMLSignature sig = fac.newXMLSignature(si, null);
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), envelope);
sig.sign(dsc);
// validate a signature with SecurityManager enabled
DOMValidateContext dvc = new DOMValidateContext
(kp.getPublic(), envelope.getFirstChild());
// disable secure validation mode so that http reference will work
dvc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
sig = fac.unmarshalXMLSignature(dvc);
if (!sig.validate(dvc)) {
throw new Exception
("XMLDSigWithSecMgr signature validation FAILED");
}
} catch (SecurityException se) {
throw new Exception("XMLDSigWithSecMgr FAILED", se);
}
ss.close();
}
Example #19
| Source File: SignatureValidator.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
boolean validate(String fn, KeySelector ks, URIDereferencer ud,
boolean cache) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setValidating(false);
Document doc = dbf.newDocumentBuilder().parse(new File(dir, fn));
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Couldn't find signature Element");
}
Element sigElement = (Element) nl.item(0);
DOMValidateContext vc = new DOMValidateContext(ks, sigElement);
vc.setBaseURI(dir.toURI().toString());
if (cache) {
vc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
}
XMLSignatureFactory factory = XMLSignatureFactory.getInstance();
XMLSignature signature = factory.unmarshalXMLSignature(vc);
if (ud != null) {
vc.setURIDereferencer(ud);
}
boolean coreValidity = signature.validate(vc);
// Check reference cache
if (cache) {
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
Reference ref = (Reference) i.next();
if (!digestInputEqual(ref)) {
throw new Exception
("cached data for Reference[" + j + "] is not correct");
}
// check that dereferenced data does not contain comment nodes
if (ref.getURI() == "") {
System.out.println("checking deref data");
NodeSetData data = (NodeSetData) ref.getDereferencedData();
Iterator ni = data.iterator();
while (ni.hasNext()) {
Node n = (Node) ni.next();
if (n.getNodeType() == Node.COMMENT_NODE) {
throw new Exception("dereferenced data for " +
" Reference[" + j + " contains comment node");
}
}
}
}
}
return coreValidity;
}
Example #20
| Source File: GenerationTests.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
private static void test_create_signature_external
(SignatureMethod sm, KeyInfo ki, Key signingKey, KeySelector ks,
boolean b64) throws Exception {
// create reference
Reference ref;
if (b64) {
ref = fac.newReference
(STYLESHEET_B64,
sha1, Collections.singletonList
(fac.newTransform(Transform.BASE64,
(TransformParameterSpec) null)), null, null);
} else {
ref = fac.newReference(STYLESHEET, sha1);
}
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, sm,
Collections.singletonList(ref));
Document doc = db.newDocument();
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, ki);
DOMSignContext dsc = new DOMSignContext(signingKey, doc);
dsc.setURIDereferencer(httpUd);
sig.sign(dsc);
DOMValidateContext dvc = new DOMValidateContext
(ks, doc.getDocumentElement());
File f = new File(DATA_DIR);
dvc.setBaseURI(f.toURI().toString());
dvc.setURIDereferencer(httpUd);
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
}
Example #21
| Source File: SignatureValidator.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
boolean validate(String fn, KeySelector ks, URIDereferencer ud,
boolean cache) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setValidating(false);
Document doc = dbf.newDocumentBuilder().parse(new File(dir, fn));
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Couldn't find signature Element");
}
Element sigElement = (Element) nl.item(0);
DOMValidateContext vc = new DOMValidateContext(ks, sigElement);
vc.setBaseURI(dir.toURI().toString());
if (cache) {
vc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
}
XMLSignatureFactory factory = XMLSignatureFactory.getInstance();
XMLSignature signature = factory.unmarshalXMLSignature(vc);
if (ud != null) {
vc.setURIDereferencer(ud);
}
boolean coreValidity = signature.validate(vc);
// Check reference cache
if (cache) {
Iterator<Reference> i =
signature.getSignedInfo().getReferences().iterator();
for (int j = 0; i.hasNext(); j++) {
Reference ref = i.next();
if (!digestInputEqual(ref)) {
throw new Exception
("cached data for Reference[" + j + "] is not correct");
}
// check that dereferenced data does not contain comment nodes
if (ref.getURI() == "") {
System.out.println("checking deref data");
@SuppressWarnings("unchecked")
NodeSetData<Node> data =
(NodeSetData<Node>)ref.getDereferencedData();
for (Node n : data) {
if (n.getNodeType() == Node.COMMENT_NODE) {
throw new Exception("dereferenced data for " +
" Reference[" + j + " contains comment node");
}
}
}
}
}
return coreValidity;
}
Example #22
| Source File: GenerationTests.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
static void test_create_signature_with_attr_in_no_namespace()
throws Exception
{
System.out.println
("* Generating signature-with-attr-in-no-namespace.xml");
// create references
List<Reference> refs = Collections.singletonList
(fac.newReference("#unknown", sha1));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
// create object-1
Document doc = db.newDocument();
Element nc = doc.createElementNS(null, "NonCommentandus");
// add attribute with no namespace
nc.setAttribute("Id", "unknown");
XMLObject obj = fac.newXMLObject(Collections.singletonList
(new DOMStructure(nc)), "object-1", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, rsa,
Collections.singletonList(obj),
"signature", null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA"), doc);
dsc.setIdAttributeNS(nc, null, "Id");
sig.sign(dsc);
// dumpDocument(doc, new PrintWriter(System.out));
DOMValidateContext dvc = new DOMValidateContext
(kvks, doc.getDocumentElement());
dvc.setIdAttributeNS(nc, null, "Id");
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #23
| Source File: GenerationTests.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
static void test_create_signature_enveloped_dsa() throws Exception {
System.out.println("* Generating signature-enveloped-dsa.xml");
// create SignedInfo
SignedInfo si = fac.newSignedInfo
(withoutComments, dsaSha1, Collections.singletonList
(fac.newReference
("", sha1, Collections.singletonList
(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)),
null, null)));
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, dsa);
Document doc = db.newDocument();
Element envelope = doc.createElementNS
("http://example.org/envelope", "Envelope");
envelope.setAttributeNS(XMLConstants.XMLNS_ATTRIBUTE_NS_URI,
"xmlns", "http://example.org/envelope");
doc.appendChild(envelope);
DOMSignContext dsc = new DOMSignContext(signingKey, envelope);
sig.sign(dsc);
// StringWriter sw = new StringWriter();
// dumpDocument(doc, sw);
// System.out.println(sw.toString());
DOMValidateContext dvc = new DOMValidateContext
(kvks, envelope.getFirstChild());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #24
| Source File: GenerationTests.java From hottub with GNU General Public License v2.0 | 4 votes |
|
static void test_create_exc_signature() throws Exception {
System.out.println("* Generating exc_signature.xml");
List<Reference> refs = new ArrayList<Reference>(4);
// create reference 1
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform(CanonicalizationMethod.EXCLUSIVE,
(TransformParameterSpec) null)),
null, null));
// create reference 2
List<String> prefixList = new ArrayList<String>(2);
prefixList.add("bar");
prefixList.add("#default");
ExcC14NParameterSpec params = new ExcC14NParameterSpec(prefixList);
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform(CanonicalizationMethod.EXCLUSIVE, params)),
null, null));
// create reference 3
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform
(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS,
(TransformParameterSpec) null)),
null, null));
// create reference 4
prefixList = new ArrayList<String>(2);
prefixList.add("bar");
prefixList.add("#default");
params = new ExcC14NParameterSpec(prefixList);
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform
(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, params)),
null, null));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod
(CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
// create KeyInfo
List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
kits.add(kifac.newKeyValue(validatingKey));
KeyInfo ki = kifac.newKeyInfo(kits);
// create Objects
Document doc = db.newDocument();
Element baz = doc.createElementNS("urn:bar", "bar:Baz");
Comment com = doc.createComment(" comment ");
baz.appendChild(com);
XMLObject obj = fac.newXMLObject(Collections.singletonList
(new DOMStructure(baz)), "to-be-signed", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature
(si, ki, Collections.singletonList(obj), null, null);
Element foo = doc.createElementNS("urn:foo", "Foo");
foo.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "urn:foo");
foo.setAttributeNS
("http://www.w3.org/2000/xmlns/", "xmlns:bar", "urn:bar");
doc.appendChild(foo);
DOMSignContext dsc = new DOMSignContext(signingKey, foo);
dsc.putNamespacePrefix(XMLSignature.XMLNS, "dsig");
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext
(new KeySelectors.KeyValueKeySelector(), foo.getLastChild());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #25
| Source File: GenerationTests.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
static void test_create_exc_signature() throws Exception {
System.out.println("* Generating exc_signature.xml");
List<Reference> refs = new ArrayList<Reference>(4);
// create reference 1
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform(CanonicalizationMethod.EXCLUSIVE,
(TransformParameterSpec) null)),
null, null));
// create reference 2
List<String> prefixList = new ArrayList<String>(2);
prefixList.add("bar");
prefixList.add("#default");
ExcC14NParameterSpec params = new ExcC14NParameterSpec(prefixList);
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform(CanonicalizationMethod.EXCLUSIVE, params)),
null, null));
// create reference 3
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform
(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS,
(TransformParameterSpec) null)),
null, null));
// create reference 4
prefixList = new ArrayList<String>(2);
prefixList.add("bar");
prefixList.add("#default");
params = new ExcC14NParameterSpec(prefixList);
refs.add(fac.newReference
("#xpointer(id('to-be-signed'))",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform
(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, params)),
null, null));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod
(CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), refs);
// create KeyInfo
List<XMLStructure> kits = new ArrayList<XMLStructure>(2);
kits.add(kifac.newKeyValue(validatingKey));
KeyInfo ki = kifac.newKeyInfo(kits);
// create Objects
Document doc = db.newDocument();
Element baz = doc.createElementNS("urn:bar", "bar:Baz");
Comment com = doc.createComment(" comment ");
baz.appendChild(com);
XMLObject obj = fac.newXMLObject(Collections.singletonList
(new DOMStructure(baz)), "to-be-signed", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature
(si, ki, Collections.singletonList(obj), null, null);
Element foo = doc.createElementNS("urn:foo", "Foo");
foo.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "urn:foo");
foo.setAttributeNS
("http://www.w3.org/2000/xmlns/", "xmlns:bar", "urn:bar");
doc.appendChild(foo);
DOMSignContext dsc = new DOMSignContext(signingKey, foo);
dsc.putNamespacePrefix(XMLSignature.XMLNS, "dsig");
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext
(new KeySelectors.KeyValueKeySelector(), foo.getLastChild());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #26
| Source File: XMLDSigWithSecMgr.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
XMLDSigWithSecMgr() throws Exception {
setup();
Document doc = db.newDocument();
Element envelope = doc.createElementNS
("http://example.org/envelope", "Envelope");
envelope.setAttributeNS("http://www.w3.org/2000/xmlns/",
"xmlns", "http://example.org/envelope");
doc.appendChild(envelope);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair kp = kpg.genKeyPair();
// the policy only grants this test SocketPermission to accept, resolve
// and connect to localhost so that it can dereference 2nd reference
URI policyURI =
new File(System.getProperty("test.src", "."), "policy").toURI();
Policy.setPolicy
(Policy.getInstance("JavaPolicy", new URIParameter(policyURI)));
System.setSecurityManager(new SecurityManager());
try {
// generate a signature with SecurityManager enabled
ArrayList refs = new ArrayList();
refs.add(fac.newReference
("", sha1,
Collections.singletonList
(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null));
refs.add(fac.newReference("http://localhost:" + ss.getLocalPort()
+ "/anything.txt", sha1));
SignedInfo si = fac.newSignedInfo(withoutComments,
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);
XMLSignature sig = fac.newXMLSignature(si, null);
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), envelope);
sig.sign(dsc);
// validate a signature with SecurityManager enabled
DOMValidateContext dvc = new DOMValidateContext
(kp.getPublic(), envelope.getFirstChild());
// disable secure validation mode so that http reference will work
dvc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
sig = fac.unmarshalXMLSignature(dvc);
if (!sig.validate(dvc)) {
throw new Exception
("XMLDSigWithSecMgr signature validation FAILED");
}
} catch (SecurityException se) {
throw new Exception("XMLDSigWithSecMgr FAILED", se);
}
ss.close();
}
Example #27
| Source File: GenerationTests.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
private static void test_create_signature_enveloping
(DigestMethod dm, SignatureMethod sm, KeyInfo ki, Key signingKey,
KeySelector ks, boolean b64) throws Exception {
// create reference
Reference ref;
if (b64) {
ref = fac.newReference("#object", dm, Collections.singletonList
(fac.newTransform(Transform.BASE64,
(TransformParameterSpec) null)), null, null);
} else {
ref = fac.newReference("#object", dm);
}
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, sm,
Collections.singletonList(ref));
Document doc = db.newDocument();
// create Objects
String text = b64 ? "c29tZSB0ZXh0" : "some text";
XMLObject obj = fac.newXMLObject(Collections.singletonList
(new DOMStructure(doc.createTextNode(text))),
"object", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature
(si, ki, Collections.singletonList(obj), null, null);
DOMSignContext dsc = new DOMSignContext(signingKey, doc);
sig.sign(dsc);
// dumpDocument(doc, new FileWriter("/tmp/foo.xml"));
DOMValidateContext dvc = new DOMValidateContext
(ks, doc.getDocumentElement());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
}
Example #28
| Source File: GenerationTests.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
private static void test_create_signature_external
(SignatureMethod sm, KeyInfo ki, Key signingKey, KeySelector ks,
boolean b64) throws Exception {
// create reference
Reference ref;
if (b64) {
ref = fac.newReference
(STYLESHEET_B64,
sha1, Collections.singletonList
(fac.newTransform(Transform.BASE64,
(TransformParameterSpec) null)), null, null);
} else {
ref = fac.newReference(STYLESHEET, sha1);
}
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, sm,
Collections.singletonList(ref));
Document doc = db.newDocument();
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, ki);
DOMSignContext dsc = new DOMSignContext(signingKey, doc);
dsc.setURIDereferencer(httpUd);
sig.sign(dsc);
DOMValidateContext dvc = new DOMValidateContext
(ks, doc.getDocumentElement());
File f = new File(DATA_DIR);
dvc.setBaseURI(f.toURI().toString());
dvc.setURIDereferencer(httpUd);
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
}
Example #29
| Source File: GenerationTests.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
static void test_create_signature_with_attr_in_no_namespace()
throws Exception
{
System.out.println
("* Generating signature-with-attr-in-no-namespace.xml");
// create references
List<Reference> refs = Collections.singletonList
(fac.newReference("#unknown", sha1));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
// create object-1
Document doc = db.newDocument();
Element nc = doc.createElementNS(null, "NonCommentandus");
// add attribute with no namespace
nc.setAttribute("Id", "unknown");
XMLObject obj = fac.newXMLObject(Collections.singletonList
(new DOMStructure(nc)), "object-1", null, null);
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, rsa,
Collections.singletonList(obj),
"signature", null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);
dsc.setIdAttributeNS(nc, null, "Id");
sig.sign(dsc);
// dumpDocument(doc, new PrintWriter(System.out));
DOMValidateContext dvc = new DOMValidateContext
(kvks, doc.getDocumentElement());
dvc.setIdAttributeNS(nc, null, "Id");
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
Example #30
| Source File: GenerationTests.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
static void test_create_signature_reference_dependency() throws Exception {
System.out.println("* Generating signature-reference-dependency.xml");
// create references
List<Reference> refs = Collections.singletonList
(fac.newReference("#object-1", sha1));
// create SignedInfo
SignedInfo si = fac.newSignedInfo(withoutComments, rsaSha1, refs);
// create objects
List<XMLStructure> objs = new ArrayList<XMLStructure>();
// Object 1
List<Reference> manRefs = Collections.singletonList
(fac.newReference("#object-2", sha1));
objs.add(fac.newXMLObject(Collections.singletonList
(fac.newManifest(manRefs, "manifest-1")), "object-1", null, null));
// Object 2
Document doc = db.newDocument();
Element nc = doc.createElementNS(null, "NonCommentandus");
nc.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "");
nc.appendChild(doc.createComment(" Commentandum "));
objs.add(fac.newXMLObject(Collections.singletonList
(new DOMStructure(nc)), "object-2", null, null));
// create XMLSignature
XMLSignature sig = fac.newXMLSignature(si, rsa, objs, "signature", null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey("RSA", 512), doc);
sig.sign(dsc);
// dumpDocument(doc, new PrintWriter(System.out));
DOMValidateContext dvc = new DOMValidateContext
(kvks, doc.getDocumentElement());
XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
if (sig.equals(sig2) == false) {
throw new Exception
("Unmarshalled signature is not equal to generated signature");
}
if (sig2.validate(dvc) == false) {
throw new Exception("Validation of generated signature failed");
}
System.out.println();
}
