test/javax/xml/crypto/dsig/ValidationTests.java

Print this page




  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /**
  25  * @test
  26  * @bug 4635230 6365103 6366054 6824440 7131084 8046724
  27  * @summary Basic unit tests for validating XML Signatures with JSR 105
  28  * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java
  29  *     X509KeySelector.java ValidationTests.java
  30  * @run main/othervm ValidationTests
  31  * @author Sean Mullan
  32  */
  33 import java.io.File;
  34 import java.io.FileInputStream;
  35 import java.security.*;
  36 import javax.xml.crypto.Data;
  37 import javax.xml.crypto.KeySelector;

  38 import javax.xml.crypto.OctetStreamData;
  39 import javax.xml.crypto.URIDereferencer;
  40 import javax.xml.crypto.URIReference;
  41 import javax.xml.crypto.URIReferenceException;
  42 import javax.xml.crypto.XMLCryptoContext;
  43 import javax.xml.crypto.dsig.XMLSignatureException;
  44 import javax.xml.crypto.dsig.XMLSignatureFactory;
  45 
  46 public class ValidationTests {
  47 
  48     private static SignatureValidator validator;
  49     private final static String DIR = System.getProperty("test.src", ".");
  50     private final static String DATA_DIR =
  51         DIR + System.getProperty("file.separator") + "data";
  52     private final static String KEYSTORE =
  53         DATA_DIR + System.getProperty("file.separator") + "certs" +
  54         System.getProperty("file.separator") + "xmldsig.jks";
  55     private final static String STYLESHEET =
  56         "http://www.w3.org/TR/xml-stylesheet";
  57     private final static String STYLESHEET_B64 =
  58         "http://www.w3.org/Signature/2002/04/xml-stylesheet.b64";
  59 
  60     static class Test {
  61         String file;
  62         KeySelector ks;
  63         Test(String file, KeySelector ks) {


  64             this.file = file;
  65             this.ks = ks;






  66         }
  67     }
  68 
  69     static KeySelector skks;
  70     static {
  71         try {
  72             skks =
  73                 new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));
  74         } catch (Exception e) {
  75             //should not occur
  76         }
  77     }
  78     private final static KeySelector SKKS = skks;
  79     private final static KeySelector KVKS =
  80         new KeySelectors.KeyValueKeySelector();
  81     private final static KeySelector CKS =
  82         new KeySelectors.CollectionKeySelector(new File(DATA_DIR));
  83     private final static KeySelector RXKS =
  84         new KeySelectors.RawX509KeySelector();
  85     private final static KeySelector XKS = null;


  93         new Test("signature-enveloping-p256-sha1.xml", KVKS),
  94         new Test("signature-enveloping-hmac-sha1.xml", SKKS),
  95         new Test("signature-external-dsa.xml", KVKS),
  96         new Test("signature-external-b64-dsa.xml", KVKS),
  97         new Test("signature-retrievalmethod-rawx509crt.xml", CKS),
  98         new Test("signature-keyname.xml", CKS),
  99         new Test("signature-x509-crt-crl.xml", RXKS),
 100         new Test("signature-x509-crt.xml", RXKS),
 101         new Test("signature-x509-is.xml", CKS),
 102         new Test("signature-x509-ski.xml", CKS),
 103         new Test("signature-x509-sn.xml", CKS),
 104         new Test("signature.xml", XKS),
 105         new Test("exc-signature.xml", KVKS),
 106         new Test("sign-spec.xml", RXKS),
 107         new Test("xmldsig-xfilter2.xml", KVKS)
 108     };
 109 
 110     private final static Test[] INVALID_TESTS = {
 111         new Test("signature-enveloping-hmac-sha1-40.xml", SKKS),
 112         new Test("signature-enveloping-hmac-sha1-trunclen-0-attack.xml", SKKS),
 113         new Test("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", SKKS)










 114     };
 115 
 116     public static void main(String args[]) throws Exception {
 117         httpUd = new HttpURIDereferencer();
 118 
 119         validator = new SignatureValidator(new File(DATA_DIR));
 120 
 121         boolean atLeastOneFailed = false;
 122         for (Test test : VALID_TESTS) {
 123             System.out.println("Validating " + test.file);
 124             if (test_signature(test)) {
 125                 System.out.println("PASSED");
 126             } else {
 127                 System.out.println("FAILED");
 128                 atLeastOneFailed = true;
 129             }
 130         }
 131         // test with reference caching enabled
 132         System.out.println("Validating sign-spec.xml with caching enabled");
 133         if (test_signature(new Test("sign-spec.xml", RXKS), true)) {
 134             System.out.println("PASSED");
 135         } else {
 136             System.out.println("FAILED");
 137             atLeastOneFailed = true;
 138         }
 139 
 140         for (Test test : INVALID_TESTS) {
 141             System.out.println("Validating " + test.file);
 142             try {
 143                 test_signature(test);
 144                 System.out.println("FAILED");
 145                 atLeastOneFailed = true;
 146             } catch (XMLSignatureException xse) {
 147                 System.out.println(xse.getMessage());




 148                 System.out.println("PASSED");

 149             }
 150         }
 151 
 152         if (atLeastOneFailed) {
 153             throw new Exception
 154                 ("At least one signature did not validate as expected");
 155         }
 156     }
 157 
 158     public static boolean test_signature(Test test) throws Exception {
 159         return test_signature(test, false);
 160     }
 161 
 162     public static boolean test_signature(Test test, boolean cache)
 163         throws Exception
 164     {
 165         if (test.ks == null) {
 166             KeyStore keystore = KeyStore.getInstance("JKS");
 167             try (FileInputStream fis = new FileInputStream(KEYSTORE)) {
 168                 keystore.load(fis, "changeit".toCharArray());




  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /**
  25  * @test
  26  * @bug 4635230 6365103 6366054 6824440 7131084 8046724
  27  * @summary Basic unit tests for validating XML Signatures with JSR 105
  28  * @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java
  29  *     X509KeySelector.java ValidationTests.java
  30  * @run main/othervm ValidationTests
  31  * @author Sean Mullan
  32  */
  33 import java.io.File;
  34 import java.io.FileInputStream;
  35 import java.security.*;
  36 import javax.xml.crypto.Data;
  37 import javax.xml.crypto.KeySelector;
  38 import javax.xml.crypto.MarshalException;
  39 import javax.xml.crypto.OctetStreamData;
  40 import javax.xml.crypto.URIDereferencer;
  41 import javax.xml.crypto.URIReference;
  42 import javax.xml.crypto.URIReferenceException;
  43 import javax.xml.crypto.XMLCryptoContext;
  44 import javax.xml.crypto.dsig.XMLSignatureException;
  45 import javax.xml.crypto.dsig.XMLSignatureFactory;
  46 
  47 public class ValidationTests {
  48 
  49     private static SignatureValidator validator;
  50     private final static String DIR = System.getProperty("test.src", ".");
  51     private final static String DATA_DIR =
  52         DIR + System.getProperty("file.separator") + "data";
  53     private final static String KEYSTORE =
  54         DATA_DIR + System.getProperty("file.separator") + "certs" +
  55         System.getProperty("file.separator") + "xmldsig.jks";
  56     private final static String STYLESHEET =
  57         "http://www.w3.org/TR/xml-stylesheet";
  58     private final static String STYLESHEET_B64 =
  59         "http://www.w3.org/Signature/2002/04/xml-stylesheet.b64";
  60 
  61     static class Test {
  62         String file;
  63         KeySelector ks;
  64         Class exception;
  65 
  66         Test(String file, KeySelector ks, Class exception) {
  67             this.file = file;
  68             this.ks = ks;
  69             this.exception = exception;
  70         }
  71 
  72         // XMLSignatureException is expected by default
  73         Test(String file, KeySelector ks) {
  74             this(file, ks, XMLSignatureException.class);
  75         }
  76     }
  77 
  78     static KeySelector skks;
  79     static {
  80         try {
  81             skks =
  82                 new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));
  83         } catch (Exception e) {
  84             //should not occur
  85         }
  86     }
  87     private final static KeySelector SKKS = skks;
  88     private final static KeySelector KVKS =
  89         new KeySelectors.KeyValueKeySelector();
  90     private final static KeySelector CKS =
  91         new KeySelectors.CollectionKeySelector(new File(DATA_DIR));
  92     private final static KeySelector RXKS =
  93         new KeySelectors.RawX509KeySelector();
  94     private final static KeySelector XKS = null;


 102         new Test("signature-enveloping-p256-sha1.xml", KVKS),
 103         new Test("signature-enveloping-hmac-sha1.xml", SKKS),
 104         new Test("signature-external-dsa.xml", KVKS),
 105         new Test("signature-external-b64-dsa.xml", KVKS),
 106         new Test("signature-retrievalmethod-rawx509crt.xml", CKS),
 107         new Test("signature-keyname.xml", CKS),
 108         new Test("signature-x509-crt-crl.xml", RXKS),
 109         new Test("signature-x509-crt.xml", RXKS),
 110         new Test("signature-x509-is.xml", CKS),
 111         new Test("signature-x509-ski.xml", CKS),
 112         new Test("signature-x509-sn.xml", CKS),
 113         new Test("signature.xml", XKS),
 114         new Test("exc-signature.xml", KVKS),
 115         new Test("sign-spec.xml", RXKS),
 116         new Test("xmldsig-xfilter2.xml", KVKS)
 117     };
 118 
 119     private final static Test[] INVALID_TESTS = {
 120         new Test("signature-enveloping-hmac-sha1-40.xml", SKKS),
 121         new Test("signature-enveloping-hmac-sha1-trunclen-0-attack.xml", SKKS),
 122         new Test("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", SKKS),
 123         new Test("signature-extra-text-in-signed-info.xml", SKKS,
 124                 MarshalException.class),
 125         new Test("signature-wrong-canonicalization-method-algorithm.xml", SKKS,
 126                 MarshalException.class),
 127         new Test("signature-wrong-transform-algorithm.xml", SKKS,
 128                 MarshalException.class),
 129         new Test("signature-no-reference-uri.xml", SKKS),
 130         new Test("signature-wrong-signature-method-algorithm.xml", SKKS,
 131                 MarshalException.class),
 132         new Test("signature-wrong-tag-names.xml", SKKS, MarshalException.class)
 133     };
 134 
 135     public static void main(String args[]) throws Exception {
 136         httpUd = new HttpURIDereferencer();
 137 
 138         validator = new SignatureValidator(new File(DATA_DIR));
 139 
 140         boolean atLeastOneFailed = false;
 141         for (Test test : VALID_TESTS) {
 142             System.out.println("Validating " + test.file);
 143             if (test_signature(test)) {
 144                 System.out.println("PASSED");
 145             } else {
 146                 System.out.println("FAILED");
 147                 atLeastOneFailed = true;
 148             }
 149         }
 150         // test with reference caching enabled
 151         System.out.println("Validating sign-spec.xml with caching enabled");
 152         if (test_signature(new Test("sign-spec.xml", RXKS), true)) {
 153             System.out.println("PASSED");
 154         } else {
 155             System.out.println("FAILED");
 156             atLeastOneFailed = true;
 157         }
 158 
 159         for (Test test : INVALID_TESTS) {
 160             System.out.println("Validating " + test.file);
 161             try {
 162                 test_signature(test);
 163                 System.out.println("FAILED");
 164                 atLeastOneFailed = true;
 165             } catch (Exception e) {
 166                 System.out.println("Exception: " + e);
 167                 if (e.getClass() != test.exception) {
 168                     System.out.println("FAILED: unexpected exception");
 169                     atLeastOneFailed = true;
 170                 } else {
 171                     System.out.println("PASSED");
 172                 }
 173             }
 174         }
 175 
 176         if (atLeastOneFailed) {
 177             throw new Exception
 178                 ("At least one signature did not validate as expected");
 179         }
 180     }
 181 
 182     public static boolean test_signature(Test test) throws Exception {
 183         return test_signature(test, false);
 184     }
 185 
 186     public static boolean test_signature(Test test, boolean cache)
 187         throws Exception
 188     {
 189         if (test.ks == null) {
 190             KeyStore keystore = KeyStore.getInstance("JKS");
 191             try (FileInputStream fis = new FileInputStream(KEYSTORE)) {
 192                 keystore.load(fis, "changeit".toCharArray());