Search in sources :

Example 11 with XMLSignatureException

use of javax.xml.crypto.dsig.XMLSignatureException in project santuario-java by apache.

the class Baltimore23Test method test_signature_enveloping_hmac_sha1_40.

@org.junit.Test
public void test_signature_enveloping_hmac_sha1_40() throws Exception {
    String file = "signature-enveloping-hmac-sha1-40.xml";
    KeySelector ks = new KeySelectors.SecretKeySelector("secret".getBytes(StandardCharsets.US_ASCII));
    try {
        SignatureValidator validator = new SignatureValidator(dir);
        validator.validate(file, ks);
        fail("Expected HMACOutputLength exception");
    } catch (XMLSignatureException xse) {
        System.out.println(xse.getMessage());
    // pass
    }
}
Also used : KeySelector(javax.xml.crypto.KeySelector) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException)

Example 12 with XMLSignatureException

use of javax.xml.crypto.dsig.XMLSignatureException in project santuario-java by apache.

the class PhaosXMLDSig3Test method test_signature_hmac_sha1_40_c14n_comments_detached.

@org.junit.Test
public void test_signature_hmac_sha1_40_c14n_comments_detached() throws Exception {
    String file = "signature-hmac-sha1-40-c14n-comments-detached.xml";
    KeySelector ks = new KeySelectors.SecretKeySelector("test".getBytes(StandardCharsets.US_ASCII));
    try {
        validator.validate(file, ks);
        fail("Expected HMACOutputLength Exception");
    } catch (XMLSignatureException xse) {
    // System.out.println(xse.getMessage());
    // pass
    }
}
Also used : KeySelector(javax.xml.crypto.KeySelector) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException)

Example 13 with XMLSignatureException

use of javax.xml.crypto.dsig.XMLSignatureException in project santuario-java by apache.

the class JSRWrappingAttackTest method testWrappingAttack.

@org.junit.Test
public void testWrappingAttack() throws Exception {
    String file = "manifestSignatureWrapping.xml";
    Document doc = XMLUtils.createDocumentBuilder(false, false).parse(new File(dir, file));
    Element sigElement = SignatureValidator.getSignatureElement(doc);
    if (sigElement == null) {
        throw new Exception("Couldn't find signature Element");
    }
    DOMValidateContext vc = new DOMValidateContext(new KeySelectors.KeyValueKeySelector(), sigElement);
    vc.setBaseURI(dir.toURI().toString());
    vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.FALSE);
    boolean coreValidity = validator.validate(vc);
    assertTrue("Signature failed core validation", coreValidity);
    vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
    Element manifestElement = (Element) doc.getElementsByTagName("Manifest").item(0);
    vc.setIdAttributeNS(manifestElement, null, "Id");
    try {
        boolean valid = validator.validate(vc);
        System.out.println("Valid: " + valid);
        fail("Failure expected when secure validation is enabled");
    } catch (XMLSignatureException ex) {
        assertTrue(ex.getMessage().contains("URIReferenceException"));
    }
}
Also used : KeySelectors(javax.xml.crypto.test.KeySelectors) Element(org.w3c.dom.Element) DOMValidateContext(javax.xml.crypto.dsig.dom.DOMValidateContext) Document(org.w3c.dom.Document) File(java.io.File) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException)

Aggregations

XMLSignatureException (javax.xml.crypto.dsig.XMLSignatureException)13 KeySelector (javax.xml.crypto.KeySelector)5 Reference (javax.xml.crypto.dsig.Reference)4 XMLSignatureFactory (javax.xml.crypto.dsig.XMLSignatureFactory)4 GeneralSecurityException (java.security.GeneralSecurityException)3 ArrayList (java.util.ArrayList)3 XMLSignature (javax.xml.crypto.dsig.XMLSignature)3 DOMValidateContext (javax.xml.crypto.dsig.dom.DOMValidateContext)3 Element (org.w3c.dom.Element)3 File (java.io.File)2 NoSuchProviderException (java.security.NoSuchProviderException)2 SignedInfo (javax.xml.crypto.dsig.SignedInfo)2 XMLObject (javax.xml.crypto.dsig.XMLObject)2 DOMSignContext (javax.xml.crypto.dsig.dom.DOMSignContext)2 KeySelectors (javax.xml.crypto.test.KeySelectors)2 DOMReference (org.apache.jcp.xml.dsig.internal.dom.DOMReference)2 Document (org.w3c.dom.Document)2 NodeList (org.w3c.dom.NodeList)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 URI (java.net.URI)1