1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
/*
* Copyright 2006-2009 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package javax.xml.crypto.test.dsig;
import java.io.*;
import java.security.Security;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.dom.*;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.*;
import junit.framework.*;
import javax.xml.crypto.test.KeySelectors;
public class SecureXSLTTest extends TestCase {
static {
Security.insertProviderAt
(new org.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
}
public SecureXSLTTest(String name) {
super(name);
}
public void test() throws Exception {
String fs = System.getProperty("file.separator");
String base = System.getProperty("basedir") == null ? "./": System.getProperty("basedir");
File baseDir = new File(base + fs + "data"
+ fs + "javax" + fs + "xml" + fs + "crypto", "dsig");
String[] signatures =
{ "signature1.xml", "signature2.xml", "signature3.xml" };
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
File f = new File("doc.xml");
for (int i=0; i<signatures.length; i++) {
String signature = signatures[i];
// System.out.println("Validating " + signature);
Document doc = dbf.newDocumentBuilder().parse
(new FileInputStream(new File(baseDir, signature)));
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
}
DOMValidateContext valContext = new DOMValidateContext
(new KeySelectors.KeyValueKeySelector(), nl.item(0));
// enable reference caching in your validation context
valContext.setProperty
("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
// make sure file is not left over from previous run
f.delete();
XMLSignature sig = fac.unmarshalXMLSignature(valContext);
try {
if (sig.validate(valContext)) {
System.err.println("Signature UNEXPECTEDLY passed validation");
}
sig.getSignedInfo().getReferences().get(0);
} catch (XMLSignatureException xse) {
// this is good, but still make sure attack was not successful
// by falling through and checking if file was created
// xse.printStackTrace();
}
if (f.exists()) {
f.delete(); // cleanup file. comment out when debugging
throw new Exception
("Test FAILED: doc.xml was successfully created");
}
}
// System.out.println("Test PASSED");
}
}
|
