use of javax.xml.crypto.dsig.XMLSignatureException in project santuario-java by apache.
the class Baltimore23Test method test_signature_enveloping_hmac_sha1_40.
@org.junit.Test
public void test_signature_enveloping_hmac_sha1_40() throws Exception {
String file = "signature-enveloping-hmac-sha1-40.xml";
KeySelector ks = new KeySelectors.SecretKeySelector("secret".getBytes(StandardCharsets.US_ASCII));
try {
SignatureValidator validator = new SignatureValidator(dir);
validator.validate(file, ks);
fail("Expected HMACOutputLength exception");
} catch (XMLSignatureException xse) {
System.out.println(xse.getMessage());
// pass
}
}
use of javax.xml.crypto.dsig.XMLSignatureException in project santuario-java by apache.
the class PhaosXMLDSig3Test method test_signature_hmac_sha1_40_c14n_comments_detached.
@org.junit.Test
public void test_signature_hmac_sha1_40_c14n_comments_detached() throws Exception {
String file = "signature-hmac-sha1-40-c14n-comments-detached.xml";
KeySelector ks = new KeySelectors.SecretKeySelector("test".getBytes(StandardCharsets.US_ASCII));
try {
validator.validate(file, ks);
fail("Expected HMACOutputLength Exception");
} catch (XMLSignatureException xse) {
// System.out.println(xse.getMessage());
// pass
}
}
use of javax.xml.crypto.dsig.XMLSignatureException in project santuario-java by apache.
the class JSRWrappingAttackTest method testWrappingAttack.
@org.junit.Test
public void testWrappingAttack() throws Exception {
String file = "manifestSignatureWrapping.xml";
Document doc = XMLUtils.createDocumentBuilder(false, false).parse(new File(dir, file));
Element sigElement = SignatureValidator.getSignatureElement(doc);
if (sigElement == null) {
throw new Exception("Couldn't find signature Element");
}
DOMValidateContext vc = new DOMValidateContext(new KeySelectors.KeyValueKeySelector(), sigElement);
vc.setBaseURI(dir.toURI().toString());
vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.FALSE);
boolean coreValidity = validator.validate(vc);
assertTrue("Signature failed core validation", coreValidity);
vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
Element manifestElement = (Element) doc.getElementsByTagName("Manifest").item(0);
vc.setIdAttributeNS(manifestElement, null, "Id");
try {
boolean valid = validator.validate(vc);
System.out.println("Valid: " + valid);
fail("Failure expected when secure validation is enabled");
} catch (XMLSignatureException ex) {
assertTrue(ex.getMessage().contains("URIReferenceException"));
}
}
Aggregations