/*
* Copyright 2008-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.xml.security.test.signature;
import java.io.FileInputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.xml.security.Init;
import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.XPathContainer;
import org.apache.xml.security.utils.Constants;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
/**
* Tests creating and validating an XML Signature with an XPath Transform.
* Tests bug #44617.
*
* @author Frank Cornelis
*/
public class XmlSecTest extends TestCase {
private static final String BASEDIR =
System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
static org.apache.commons.logging.Log log =
org.apache.commons.logging.LogFactory.getLog
(XmlSecTest.class.getName());
public static Test suite() {
return new TestSuite(XmlSecTest.class);
}
public void testCheckXmlSignatureSoftwareStack() throws Exception {
checkXmlSignatureSoftwareStack(false);
}
public void testCheckXmlSignatureSoftwareStackWithCert() throws Exception {
checkXmlSignatureSoftwareStack(true);
}
private void checkXmlSignatureSoftwareStack(boolean cert) throws Exception {
Init.init();
DocumentBuilderFactory documentBuilderFactory =
DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder documentBuilder =
documentBuilderFactory.newDocumentBuilder();
Document testDocument = documentBuilder.newDocument();
Element rootElement =
testDocument.createElementNS("urn:namespace", "tns:document");
rootElement.setAttributeNS
(Constants.NamespaceSpecNS, "xmlns:tns", "urn:namespace");
testDocument.appendChild(rootElement);
Element childElement =
testDocument.createElementNS("urn:childnamespace", "t:child");
childElement.setAttributeNS
(Constants.NamespaceSpecNS, "xmlns:t", "urn:childnamespace");
childElement.appendChild(testDocument.createTextNode("hello world"));
rootElement.appendChild(childElement);
PrivateKey privateKey = null;
PublicKey publicKey = null;
X509Certificate signingCert = null;
if (cert) {
// get key & self-signed certificate from keystore
String fs = System.getProperty("file.separator");
FileInputStream fis = new FileInputStream
(BASEDIR + fs + "data" + fs + "test.jks");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fis, "changeit".toCharArray());
signingCert = (X509Certificate) ks.getCertificate("mullan");
publicKey = signingCert.getPublicKey();
privateKey = (PrivateKey) ks.getKey("mullan", "changeit".toCharArray());
} else {
KeyPair keyPair = KeyPairGenerator.getInstance("DSA").generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
}
XMLSignature signature = new XMLSignature(testDocument, "",
XMLSignature.ALGO_ID_SIGNATURE_DSA,
Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
Element signatureElement = signature.getElement();
rootElement.appendChild(signatureElement);
Transforms transforms = new Transforms(testDocument);
XPathContainer xpath = new XPathContainer(testDocument);
xpath.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
xpath.setXPath("not(ancestor-or-self::ds:Signature)");
transforms.addTransform(Transforms.TRANSFORM_XPATH, xpath
.getElementPlusReturns());
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
signature.addDocument("", transforms,
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);
if (cert) {
signature.addKeyInfo(signingCert);
} else {
signature.addKeyInfo(publicKey);
}
Element nsElement = testDocument.createElementNS(null, "nsElement");
nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds",
Constants.SignatureSpecNS);
signature.sign(privateKey);
// TransformerFactory tf = TransformerFactory.newInstance();
// Transformer t = tf.newTransformer();
// t.transform(new DOMSource(testDocument), new StreamResult(System.out));
NodeList signatureElems = XPathAPI.selectNodeList(testDocument,
"//ds:Signature", nsElement);
signatureElement = (Element) signatureElems.item(0);
XMLSignature signatureToVerify = new XMLSignature(signatureElement, "");
boolean signResult = signatureToVerify.checkSignatureValue(publicKey);
assertTrue(signResult);
}
}