List of usage examples for javax.xml.crypto.dsig XMLSignature validate
boolean validate(XMLValidateContext validateContext) throws XMLSignatureException;
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractODFSignatureServiceTest.java
/** * Verification via the default JSR105 implementation triggers some * canonicalization errors./*from w w w . ja va2s . co m*/ * * @param odfUrl * @param signatureNode * @throws MarshalException * @throws XMLSignatureException */ private boolean verifySignature(URL odfUrl, Node signatureNode) throws MarshalException, XMLSignatureException { DOMValidateContext domValidateContext = new DOMValidateContext(new KeyInfoKeySelector(), signatureNode); ODFURIDereferencer dereferencer = new ODFURIDereferencer(odfUrl); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); LOG.debug("java version: " + System.getProperty("java.version")); /* * Requires Java 6u10 because of a bug. See also: * http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6696582 */ XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); return validity; }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testSignEnvelopingDocument() throws Exception { // setup//from w ww .j av a2 s . c om DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement); Element dataElement = document.createElementNS("urn:test", "tns:data"); dataElement.setAttributeNS(null, "Id", "id-1234"); dataElement.setIdAttribute("Id", true); dataElement.setTextContent("data to be signed"); rootElement.appendChild(dataElement); SignatureTestFacet signatureFacet = new SignatureTestFacet(); signatureFacet.addReferenceUri("#id-1234"); XmlSignatureTestService testedInstance = new XmlSignatureTestService(signatureFacet); testedInstance.setEnvelopingDocument(document); testedInstance.setSignatureDescription("test-signature-description"); // operate DigestInfo digestInfo = testedInstance.preSign(null, null); // verify assertNotNull(digestInfo); LOG.debug("digest info description: " + digestInfo.description); assertEquals("test-signature-description", digestInfo.description); assertNotNull(digestInfo.digestValue); LOG.debug("digest algo: " + digestInfo.digestAlgo); assertEquals("SHA-1", digestInfo.digestAlgo); TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance .getTemporaryDataStorage(); assertNotNull(temporaryDataStorage); InputStream tempInputStream = temporaryDataStorage.getTempInputStream(); assertNotNull(tempInputStream); Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream); LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument)); Element nsElement = tmpDocument.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); /* * Sign the received XML signature digest value. */ KeyPair keyPair = PkiTestUtils.generateKeyPair(); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue); byte[] signatureValue = cipher.doFinal(digestInfoValue); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation)); /* * Operate: postSign */ testedInstance.postSign(signatureValue, Collections.singletonList(certificate)); byte[] signedDocumentData = testedInstance.getSignedDocumentData(); assertNotNull(signedDocumentData); Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData)); LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument)); NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext( KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode); domValidateContext.setIdAttributeNS((Element) signedDocument.getDocumentElement().getFirstChild(), null, "Id"); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); assertTrue(validity); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testSignExternalUri() throws Exception { // setup/* w ww . ja v a2 s .c o m*/ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); SignatureTestFacet signatureFacet = new SignatureTestFacet(); signatureFacet.addReferenceUri("external-uri"); XmlSignatureTestService testedInstance = new XmlSignatureTestService(signatureFacet); testedInstance.setEnvelopingDocument(document); testedInstance.setSignatureDescription("test-signature-description"); UriTestDereferencer uriDereferencer = new UriTestDereferencer(); uriDereferencer.addResource("external-uri", "hello world".getBytes()); testedInstance.setUriDereferencer(uriDereferencer); // operate DigestInfo digestInfo = testedInstance.preSign(null, null); // verify assertNotNull(digestInfo); LOG.debug("digest info description: " + digestInfo.description); assertEquals("test-signature-description", digestInfo.description); assertNotNull(digestInfo.digestValue); LOG.debug("digest algo: " + digestInfo.digestAlgo); assertEquals("SHA-1", digestInfo.digestAlgo); TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance .getTemporaryDataStorage(); assertNotNull(temporaryDataStorage); InputStream tempInputStream = temporaryDataStorage.getTempInputStream(); assertNotNull(tempInputStream); Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream); LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument)); Element nsElement = tmpDocument.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); /* * Sign the received XML signature digest value. */ KeyPair keyPair = PkiTestUtils.generateKeyPair(); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue); byte[] signatureValue = cipher.doFinal(digestInfoValue); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation)); /* * Operate: postSign */ testedInstance.postSign(signatureValue, Collections.singletonList(certificate)); byte[] signedDocumentData = testedInstance.getSignedDocumentData(); assertNotNull(signedDocumentData); Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData)); LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument)); NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext( KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode); domValidateContext.setURIDereferencer(uriDereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); assertTrue(validity); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testSignEnvelopingDocumentWithExternalDigestInfo() throws Exception { // setup/*from w w w . j av a 2s . c om*/ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement); XmlSignatureTestService testedInstance = new XmlSignatureTestService(); testedInstance.setEnvelopingDocument(document); testedInstance.setSignatureDescription("test-signature-description"); byte[] refData = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); messageDigest.update(refData); byte[] digestValue = messageDigest.digest(); DigestInfo refDigestInfo = new DigestInfo(digestValue, "SHA-1", "urn:test:ref"); // operate DigestInfo digestInfo = testedInstance.preSign(Collections.singletonList(refDigestInfo), null); // verify assertNotNull(digestInfo); LOG.debug("digest info description: " + digestInfo.description); assertEquals("test-signature-description", digestInfo.description); assertNotNull(digestInfo.digestValue); LOG.debug("digest algo: " + digestInfo.digestAlgo); assertEquals("SHA-1", digestInfo.digestAlgo); TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance .getTemporaryDataStorage(); assertNotNull(temporaryDataStorage); InputStream tempInputStream = temporaryDataStorage.getTempInputStream(); assertNotNull(tempInputStream); Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream); LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument)); Element nsElement = tmpDocument.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); /* * Sign the received XML signature digest value. */ KeyPair keyPair = PkiTestUtils.generateKeyPair(); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue); byte[] signatureValue = cipher.doFinal(digestInfoValue); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation)); /* * Operate: postSign */ testedInstance.postSign(signatureValue, Collections.singletonList(certificate)); byte[] signedDocumentData = testedInstance.getSignedDocumentData(); assertNotNull(signedDocumentData); Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData)); LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument)); NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext( KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode); URIDereferencer dereferencer = new URITest2Dereferencer(); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); assertTrue(validity); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testSignExternalDigestInfo() throws Exception { // setup/* w w w . ja va2 s .c o m*/ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); XmlSignatureTestService testedInstance = new XmlSignatureTestService(); testedInstance.setEnvelopingDocument(document); testedInstance.setSignatureDescription("test-signature-description"); byte[] refData = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); messageDigest.update(refData); byte[] digestValue = messageDigest.digest(); DigestInfo refDigestInfo = new DigestInfo(digestValue, "SHA-1", "urn:test:ref"); // operate DigestInfo digestInfo = testedInstance.preSign(Collections.singletonList(refDigestInfo), null); // verify assertNotNull(digestInfo); LOG.debug("digest info description: " + digestInfo.description); assertEquals("test-signature-description", digestInfo.description); assertNotNull(digestInfo.digestValue); LOG.debug("digest algo: " + digestInfo.digestAlgo); assertEquals("SHA-1", digestInfo.digestAlgo); TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance .getTemporaryDataStorage(); assertNotNull(temporaryDataStorage); InputStream tempInputStream = temporaryDataStorage.getTempInputStream(); assertNotNull(tempInputStream); Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream); LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument)); Element nsElement = tmpDocument.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); /* * Sign the received XML signature digest value. */ KeyPair keyPair = PkiTestUtils.generateKeyPair(); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue); byte[] signatureValue = cipher.doFinal(digestInfoValue); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation)); /* * Operate: postSign */ testedInstance.postSign(signatureValue, Collections.singletonList(certificate)); byte[] signedDocumentData = testedInstance.getSignedDocumentData(); assertNotNull(signedDocumentData); Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData)); LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument)); NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext( KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode); URIDereferencer dereferencer = new URITest2Dereferencer(); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); assertTrue(validity); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testSignEnvelopingDocumentWithDTD() throws Exception { // setup//from ww w . j a v a 2s. c o m InputStream documentInputStream = AbstractXmlSignatureServiceTest.class .getResourceAsStream("/bookstore.xml"); InputSource inputSource = new InputSource(documentInputStream); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); EntityResolver entityResolver = new MyEntityResolver(); documentBuilder.setEntityResolver(entityResolver); Document document = documentBuilder.parse(inputSource); SignatureFacet signatureFacet = new EnvelopedSignatureFacet(); XmlSignatureTestService testedInstance = new XmlSignatureTestService(signatureFacet); testedInstance.setEnvelopingDocument(document); testedInstance.setSignatureDescription("test-signature-description"); // operate DigestInfo digestInfo = testedInstance.preSign(null, null); // verify assertNotNull(digestInfo); LOG.debug("digest info description: " + digestInfo.description); assertEquals("test-signature-description", digestInfo.description); assertNotNull(digestInfo.digestValue); LOG.debug("digest algo: " + digestInfo.digestAlgo); assertEquals("SHA-1", digestInfo.digestAlgo); TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance .getTemporaryDataStorage(); assertNotNull(temporaryDataStorage); InputStream tempInputStream = temporaryDataStorage.getTempInputStream(); assertNotNull(tempInputStream); Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream); LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument)); Element nsElement = tmpDocument.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); /* * Sign the received XML signature digest value. */ KeyPair keyPair = PkiTestUtils.generateKeyPair(); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue); byte[] signatureValue = cipher.doFinal(digestInfoValue); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation)); /* * Operate: postSign */ testedInstance.postSign(signatureValue, Collections.singletonList(certificate)); byte[] signedDocumentData = testedInstance.getSignedDocumentData(); assertNotNull(signedDocumentData); Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData)); LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument)); NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext( KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); assertTrue(validity); }
From source file:test.unit.be.fedict.eid.applet.service.signer.AbstractXmlSignatureServiceTest.java
@Test public void testSignExternalXMLDocument() throws Exception { // setup/*from w w w . jav a 2s.c om*/ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement); SignatureTestFacet signatureFacet = new SignatureTestFacet(); signatureFacet.addReferenceUri("/bookstore.xml"); XmlSignatureTestService testedInstance = new XmlSignatureTestService(signatureFacet); testedInstance.setUriDereferencer(new MyURIDereferencer()); testedInstance.setEnvelopingDocument(document); testedInstance.setSignatureDescription("test-signature-description"); // operate DigestInfo digestInfo = testedInstance.preSign(null, null); // verify assertNotNull(digestInfo); LOG.debug("digest info description: " + digestInfo.description); assertEquals("test-signature-description", digestInfo.description); assertNotNull(digestInfo.digestValue); LOG.debug("digest algo: " + digestInfo.digestAlgo); assertEquals("SHA-1", digestInfo.digestAlgo); TemporaryTestDataStorage temporaryDataStorage = (TemporaryTestDataStorage) testedInstance .getTemporaryDataStorage(); assertNotNull(temporaryDataStorage); InputStream tempInputStream = temporaryDataStorage.getTempInputStream(); assertNotNull(tempInputStream); Document tmpDocument = PkiTestUtils.loadDocument(tempInputStream); LOG.debug("tmp document: " + PkiTestUtils.toString(tmpDocument)); Element nsElement = tmpDocument.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", Constants.SignatureSpecNS); Node digestValueNode = XPathAPI.selectSingleNode(tmpDocument, "//ds:DigestValue", nsElement); assertNotNull(digestValueNode); String digestValueTextContent = digestValueNode.getTextContent(); LOG.debug("digest value text content: " + digestValueTextContent); assertFalse(digestValueTextContent.isEmpty()); /* * Sign the received XML signature digest value. */ KeyPair keyPair = PkiTestUtils.generateKeyPair(); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPrivate()); byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue); byte[] signatureValue = cipher.doFinal(digestInfoValue); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null, new KeyUsage(KeyUsage.nonRepudiation)); /* * Operate: postSign */ testedInstance.postSign(signatureValue, Collections.singletonList(certificate)); byte[] signedDocumentData = testedInstance.getSignedDocumentData(); assertNotNull(signedDocumentData); Document signedDocument = PkiTestUtils.loadDocument(new ByteArrayInputStream(signedDocumentData)); LOG.debug("signed document: " + PkiTestUtils.toString(signedDocument)); NodeList signatureNodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext( KeySelector.singletonKeySelector(keyPair.getPublic()), signatureNode); /* * Required to resolve the external XML document. */ domValidateContext.setURIDereferencer(new MyURIDereferencer()); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); assertTrue(validity); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CoSignatureFacetTest.java
@Test public void testCoSignature() throws Exception { // setup// ww w . ja v a 2 s. c om Document document = PkiTestUtils .loadDocument(CoSignatureFacetTest.class.getResourceAsStream("/helloworld.xml")); KeyPair keyPair = PkiTestUtils.generateKeyPair(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); CoSignatureFacet testedInstance = new CoSignatureFacet(); List<Reference> references = new LinkedList<Reference>(); testedInstance.preSign(signatureFactory, document, "foo-bar", null, references, null); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); // operate xmlSignature.sign(signContext); // verify LOG.debug("signed document: " + PkiTestUtils.toString(document)); NodeList signatureNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext(keyPair.getPublic(), signatureNode); XMLSignature validationXmlSignature = signatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = validationXmlSignature.validate(domValidateContext); assertTrue(validity); document.getDocumentElement().getFirstChild().setNodeValue("test"); LOG.debug("signed document: " + PkiTestUtils.toString(document)); assertTrue(validationXmlSignature.validate(domValidateContext)); // really have to re-load the XML signature object. validationXmlSignature = signatureFactory.unmarshalXMLSignature(domValidateContext); assertFalse(validationXmlSignature.validate(domValidateContext)); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CoSignatureFacetTest.java
@Test public void testCoSignatureUri() throws Exception { // setup//from w w w . ja va 2s .c o m Document document = PkiTestUtils .loadDocument(CoSignatureFacetTest.class.getResourceAsStream("/helloworld.xml")); KeyPair keyPair = PkiTestUtils.generateKeyPair(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); XMLSignContext signContext = new DOMSignContext(keyPair.getPrivate(), document.getDocumentElement()); signContext.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); CoSignatureFacet testedInstance = new CoSignatureFacet(DigestAlgo.SHA1, "ref-1234"); List<Reference> references = new LinkedList<Reference>(); testedInstance.preSign(signatureFactory, document, "foo-bar", null, references, null); SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); // operate xmlSignature.sign(signContext); // verify LOG.debug("signed document: " + PkiTestUtils.toString(document)); NodeList signatureNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); DOMValidateContext domValidateContext = new DOMValidateContext(keyPair.getPublic(), signatureNode); XMLSignature validationXmlSignature = signatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = validationXmlSignature.validate(domValidateContext); assertTrue(validity); document.getDocumentElement().getFirstChild().setNodeValue("test"); LOG.debug("signed document: " + PkiTestUtils.toString(document)); assertTrue(validationXmlSignature.validate(domValidateContext)); // really have to re-load the XML signature object. validationXmlSignature = signatureFactory.unmarshalXMLSignature(domValidateContext); assertFalse(validationXmlSignature.validate(domValidateContext)); }
From source file:test.unit.be.fedict.eid.applet.service.signer.CoSignatureFacetTest.java
@Test public void testMultipleCoSignatures() throws Exception { // setup//from w w w .ja v a 2s . c o m DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.newDocument(); Element rootElement = document.createElementNS("urn:test", "tns:root"); rootElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "urn:test"); document.appendChild(rootElement); Element dataElement = document.createElementNS("urn:test", "tns:data"); rootElement.appendChild(dataElement); // add alot of nodes to test performance // when using xpath v1 in the co signature facet the c14n became really slow for (int i = 0; i < 80000; i++) { Element fooElement = document.createElementNS("urn:test", "tns:foo"); fooElement.setTextContent("bar"); dataElement.appendChild(fooElement); } KeyPair keyPair1 = PkiTestUtils.generateKeyPair(); KeyPair keyPair2 = PkiTestUtils.generateKeyPair(); XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()); List<Reference> references = new LinkedList<Reference>(); CoSignatureFacet testedInstance = new CoSignatureFacet(); testedInstance.preSign(signatureFactory, document, "foo-bar", null, references, null); // ds:SignedInfo SignatureMethod signatureMethod = signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); CanonicalizationMethod canonicalizationMethod = signatureFactory.newCanonicalizationMethod( CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignedInfo signedInfo = signatureFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references); XMLSignature xmlSignature = signatureFactory.newXMLSignature(signedInfo, null); XMLSignature xmlSignature2 = signatureFactory.newXMLSignature(signedInfo, null); // sign context XMLSignContext signContext1 = new DOMSignContext(keyPair1.getPrivate(), document.getDocumentElement()); signContext1.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); XMLSignContext signContext2 = new DOMSignContext(keyPair2.getPrivate(), document.getDocumentElement()); signContext2.putNamespacePrefix(javax.xml.crypto.dsig.XMLSignature.XMLNS, "ds"); // operate xmlSignature.sign(signContext1); xmlSignature2.sign(signContext2); // verify LOG.debug("signed document: " + PkiTestUtils.toString(document)); NodeList signatureNodeList = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(2, signatureNodeList.getLength()); Node signature1Node = signatureNodeList.item(0); DOMValidateContext domValidateContext1 = new DOMValidateContext(keyPair1.getPublic(), signature1Node); XMLSignature validationXmlSignature1 = signatureFactory.unmarshalXMLSignature(domValidateContext1); boolean validity1 = validationXmlSignature1.validate(domValidateContext1); assertTrue(validity1); Node signature2Node = signatureNodeList.item(1); DOMValidateContext domValidateContext2 = new DOMValidateContext(keyPair2.getPublic(), signature2Node); XMLSignature validationXmlSignature2 = signatureFactory.unmarshalXMLSignature(domValidateContext2); boolean validity2 = validationXmlSignature2.validate(domValidateContext2); assertTrue(validity2); // cut out first signature should not break second one document.getDocumentElement().removeChild(signature1Node); LOG.debug("signed document: " + PkiTestUtils.toString(document)); NodeList signatureNodeList2 = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList2.getLength()); Node signature3Node = signatureNodeList2.item(0); DOMValidateContext domValidateContext3 = new DOMValidateContext(keyPair2.getPublic(), signature3Node); XMLSignature validationXmlSignature3 = signatureFactory.unmarshalXMLSignature(domValidateContext3); boolean validity3 = validationXmlSignature3.validate(domValidateContext3); assertTrue(validity3); }