package javax.xml.crypto.test.dsig;

import java.io.*;
import java.security.Security;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.dom.*;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.*;

import junit.framework.*;
import javax.xml.crypto.test.KeySelectors;

public class SecureXSLTTest extends TestCase {

    static {
        Security.insertProviderAt
            (new org.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
    }

    public SecureXSLTTest(String name) {
	super(name);
    }

    public void test() throws Exception {

        String fs = System.getProperty("file.separator");
        File baseDir = new File(System.getProperty("basedir") + fs + "data" 
	    + fs + "javax" + fs + "xml" + fs + "crypto", "dsig");

        String[] signatures =
            { "signature1.xml", "signature2.xml", "signature3.xml" };

        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
        dbf.setNamespaceAware(true);
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
        File f = new File("doc.xml");
        for (int i=0; i<signatures.length; i++) {
	    String signature = signatures[i];
            System.out.println("Validating " + signature);
            Document doc = dbf.newDocumentBuilder().parse
                (new FileInputStream(new File(baseDir, signature)));

            NodeList nl =
                doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
            if (nl.getLength() == 0) {
                throw new Exception("Cannot find Signature element");
            }

            DOMValidateContext valContext = new DOMValidateContext
                (new KeySelectors.KeyValueKeySelector(), nl.item(0));
	    // enable reference caching in your validation context 
	    valContext.setProperty
    		("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);

            // make sure file is not left over from previous run
            f.delete();

            XMLSignature sig = fac.unmarshalXMLSignature(valContext);
            try {
                if (sig.validate(valContext)) {
                    System.err.println("Signature UNEXPECTEDLY passed validation");
                }
		Reference ref = (Reference) sig.getSignedInfo().getReferences().get(0);
            } catch (XMLSignatureException xse) {
                // this is good, but still make sure attack was not successful
                // by falling through and checking if file was created
//		xse.printStackTrace();
            }
            if (f.exists()) {
                f.delete(); // cleanup file. comment out when debugging
                throw new Exception
                    ("Test FAILED: doc.xml was successfully created");
            }
        }
        System.out.println("Test PASSED");
    }
}