/*
 * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;

import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.transforms.Transform;
import com.sun.org.apache.xml.internal.security.transforms.TransformationException;
import com.sun.org.apache.xml.internal.security.transforms.TransformSpi;

/**
 * @test
 * @bug 6994263
 * @key closed-security
 * @summary Check that standard transform algorithms can't be replaced
 * @library ../../../../../../javax/xml/crypto/dsig
 * @build KeySelectors SignatureValidator
 * @compile -XDignore.symbol.file ReplaceTransform.java
 * @run main ReplaceTransform
 */
public class ReplaceTransform {

    public static void main(String args[]) throws Exception {
        // try it twice
        replaceTransform();
        replaceTransform();
    }

    private static void replaceTransform() throws Exception {
        try {
            Transform.register
                (javax.xml.crypto.dsig.CanonicalizationMethod.INCLUSIVE,
                 "ReplaceTransform$MyBogusC14NTransform");
        } catch (Exception e) {
            // Exception expected, but continue and validate signature to be
            // positive that transform has not been replaced
            e.printStackTrace();
        }

        String file = "signature-enveloping-dsa.xml";
        File d = new File(System.getProperty("test.src", "."));
        File f = new File(d, file);

        SignatureValidator validator = new SignatureValidator(d);
        System.out.println("Validating " + file);
        try {
            if (validator.validate
                   (file, new KeySelectors.KeyValueKeySelector(), false)) {
                System.out.println("PASSED");
            } else {
                System.err.println("FAILED: signature failed to validate");
                throw new Exception("Signature failed to validate");
            }
        } catch (XMLSignatureException xse) {
            System.err.println("FAILED: caught XMLSignatureException");
            // unwrap causes and look for message
            Throwable cause = xse.getCause();
            while (cause != null) {
                if (cause instanceof IOException &&
                    cause.getMessage().equals("You have been attacked!")) {
                    System.err.println
                        ("Standard C14N Transform has been replaced");
                    throw new Exception
                        ("Standard C14N Transform has been replaced", xse);
                }
                cause = cause.getCause();
            }
            throw new Exception("Caught XMLSignatureException", xse);
        }
    }

    public static class MyBogusC14NTransform extends TransformSpi {
        protected String engineGetURI() {
            return javax.xml.crypto.dsig.CanonicalizationMethod.INCLUSIVE;
        }

        protected XMLSignatureInput enginePerformTransform
            (XMLSignatureInput input) throws IOException,
                CanonicalizationException, InvalidCanonicalizerException,
                TransformationException, ParserConfigurationException,
                SAXException {
            throw new IOException("You have been attacked!");
        }

        protected XMLSignatureInput enginePerformTransform
            (XMLSignatureInput input, Transform transform) throws IOException,
                CanonicalizationException, InvalidCanonicalizerException,
                TransformationException, ParserConfigurationException,
                SAXException {
            throw new IOException("You have been attacked!");
        }

        protected XMLSignatureInput enginePerformTransform
            (XMLSignatureInput input, OutputStream os, Transform transform)
                throws IOException, CanonicalizationException,
                InvalidCanonicalizerException, TransformationException,
                ParserConfigurationException, SAXException {
            throw new IOException("You have been attacked!");
        }
    }
}