use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class CreateSignatureTest method testCanonicalizedOctetStream.
@org.junit.Test
public void testCanonicalizedOctetStream() throws Exception {
String signedXML = doSign();
Document doc = null;
try (InputStream is = new ByteArrayInputStream(signedXML.getBytes())) {
doc = db.parse(is);
}
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//ds:Signature[1]";
Element sigElement = (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
XMLSignature signature = new XMLSignature(sigElement, "");
KeyInfo ki = signature.getKeyInfo();
if (ki == null) {
throw new RuntimeException("No keyinfo");
}
PublicKey pk = signature.getKeyInfo().getPublicKey();
if (pk == null) {
throw new RuntimeException("No public key");
}
SignedInfo si = signature.getSignedInfo();
SignatureAlgorithm sa = si.getSignatureAlgorithm();
sa.initVerify(pk);
byte[] sigBytes = signature.getSignatureValue();
byte[] canonicalizedBytes = si.getCanonicalizedOctetStream();
sa.update(canonicalizedBytes, 0, canonicalizedBytes.length);
assertTrue(sa.verify(sigBytes));
assertTrue(si.verify(false));
}
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class HMACOutputLengthTest method test_generate_hmac_sha1_40.
@org.junit.Test
public void test_generate_hmac_sha1_40() throws Exception {
Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_MAC_HMAC_SHA1, 40, Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
try {
sig.sign(getSecretKey("secret".getBytes(StandardCharsets.US_ASCII)));
fail("Expected HMACOutputLength Exception");
} catch (XMLSignatureException xse) {
// System.out.println(xse.getMessage());
if (!xse.getMsgID().equals("algorithms.HMACOutputLengthMin")) {
fail(xse.getMessage());
}
}
}
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class KeyValueTest method testDSAPublicKey.
@org.junit.Test
public void testDSAPublicKey() throws Exception {
File f = null;
String filename = "src/test/resources/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml";
if (BASEDIR != null && !"".equals(BASEDIR)) {
f = new File(BASEDIR + SEP + filename);
} else {
f = new File(filename);
}
Document doc = db.parse(new FileInputStream(f));
NodeList nl = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, "Signature");
XMLSignature sig = new XMLSignature((Element) nl.item(0), f.toURI().toURL().toString());
KeyInfo ki = sig.getKeyInfo();
KeyValue kv = ki.itemKeyValue(0);
PublicKey pk = kv.getPublicKey();
assertNotNull(pk);
}
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class SignatureVerificationReferenceURIResolverTest method testSignatureVerificationWithSameDocumentXPointerIdDoubleQuoteReference.
@Test
public void testSignatureVerificationWithSameDocumentXPointerIdDoubleQuoteReference() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
xpath.setNamespaceContext(new DSNamespaceContext());
String expression = "//*[local-name()='ShippingAddress']";
Element elementToSign = (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
Assert.assertNotNull(elementToSign);
String id = UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
ReferenceInfo referenceInfo = new ReferenceInfo("#xpointer(id(\"" + id + "\"))", new String[] { "http://www.w3.org/2001/10/xml-exc-c14n#" }, "http://www.w3.org/2000/09/xmldsig#sha1", false);
List<ReferenceInfo> referenceInfos = new ArrayList<>();
referenceInfos.add(referenceInfo);
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, referenceInfos);
// Add KeyInfo
sig.addKeyInfo(cert);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
}
use of org.apache.xml.security.signature.XMLSignature in project santuario-java by apache.
the class SignatureVerificationReferenceURIResolverTest method testSignatureVerificationWithExternalFilesystemXMLReference.
@Test
public void testSignatureVerificationWithExternalFilesystemXMLReference() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
File file = new File(BASEDIR + "/src/test/resources/ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml").getCanonicalFile();
ReferenceInfo referenceInfo = new ReferenceInfo(file.toURI().toString(), new String[] { "http://www.w3.org/2001/10/xml-exc-c14n#" }, "http://www.w3.org/2000/09/xmldsig#sha1", false);
List<ReferenceInfo> referenceInfos = new ArrayList<>();
referenceInfos.add(referenceInfo);
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key, referenceInfos);
// Add KeyInfo
sig.addKeyInfo(cert);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader);
try {
TestUtils.switchAllowNotSameDocumentReferences(true);
StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
} finally {
TestUtils.switchAllowNotSameDocumentReferences(false);
}
}
Aggregations