You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/05/23 11:52:37 UTC
svn commit: r1597051 - in /santuario/xml-security-java/trunk/src:
main/java/org/apache/jcp/xml/dsig/internal/dom/
main/java/org/apache/xml/security/algorithms/
main/java/org/apache/xml/security/algorithms/implementations/
main/java/org/apache/xml/secur...
Author: coheigea
Date: Fri May 23 09:52:36 2014
New Revision: 1597051
URL: http://svn.apache.org/r1597051
Log:
Adding more PublicKey Signature testing
Added:
santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java?rev=1597051&r1=1597050&r2=1597051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java Fri May 23 09:52:36 2014
@@ -58,8 +58,12 @@ public abstract class DOMSignatureMethod
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
static final String RSA_SHA512 =
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+ static final String RSA_RIPEMD160 =
+ "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
static final String ECDSA_SHA1 =
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+ static final String ECDSA_SHA224 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224";
static final String ECDSA_SHA256 =
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
static final String ECDSA_SHA384 =
@@ -117,12 +121,16 @@ public abstract class DOMSignatureMethod
return new SHA384withRSA(smElem);
} else if (alg.equals(RSA_SHA512)) {
return new SHA512withRSA(smElem);
+ } else if (alg.equals(RSA_RIPEMD160)) {
+ return new RIPEMD160withRSA(smElem);
} else if (alg.equals(SignatureMethod.DSA_SHA1)) {
return new SHA1withDSA(smElem);
} else if (alg.equals(DSA_SHA256)) {
return new SHA256withDSA(smElem);
} else if (alg.equals(ECDSA_SHA1)) {
return new SHA1withECDSA(smElem);
+ } else if (alg.equals(ECDSA_SHA224)) {
+ return new SHA224withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA256)) {
return new SHA256withECDSA(smElem);
} else if (alg.equals(ECDSA_SHA384)) {
@@ -333,6 +341,28 @@ public abstract class DOMSignatureMethod
return Type.RSA;
}
}
+
+ static final class RIPEMD160withRSA extends DOMSignatureMethod {
+ RIPEMD160withRSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ RIPEMD160withRSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ @Override
+ public String getAlgorithm() {
+ return RSA_RIPEMD160;
+ }
+ @Override
+ String getJCAAlgorithm() {
+ return "RIPEMD160withRSA";
+ }
+ @Override
+ Type getAlgorithmType() {
+ return Type.RSA;
+ }
+ }
static final class SHA1withDSA extends DOMSignatureMethod {
SHA1withDSA(AlgorithmParameterSpec params)
@@ -396,6 +426,28 @@ public abstract class DOMSignatureMethod
return Type.ECDSA;
}
}
+
+ static final class SHA224withECDSA extends DOMSignatureMethod {
+ SHA224withECDSA(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ SHA224withECDSA(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ @Override
+ public String getAlgorithm() {
+ return ECDSA_SHA224;
+ }
+ @Override
+ String getJCAAlgorithm() {
+ return "SHA224withECDSA";
+ }
+ @Override
+ Type getAlgorithmType() {
+ return Type.ECDSA;
+ }
+ }
static final class SHA256withECDSA extends DOMSignatureMethod {
SHA256withECDSA(AlgorithmParameterSpec params)
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java?rev=1597051&r1=1597050&r2=1597051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java Fri May 23 09:52:36 2014
@@ -265,6 +265,10 @@ public final class DOMXMLSignatureFactor
return new DOMSignatureMethod.SHA384withRSA(params);
} else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512)) {
return new DOMSignatureMethod.SHA512withRSA(params);
+ } else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512)) {
+ return new DOMSignatureMethod.SHA512withRSA(params);
+ } else if (algorithm.equals(DOMSignatureMethod.RSA_RIPEMD160)) {
+ return new DOMSignatureMethod.RIPEMD160withRSA(params);
} else if (algorithm.equals(SignatureMethod.DSA_SHA1)) {
return new DOMSignatureMethod.SHA1withDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.DSA_SHA256)) {
@@ -283,6 +287,8 @@ public final class DOMXMLSignatureFactor
return new DOMHMACSignatureMethod.RIPEMD160(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA1)) {
return new DOMSignatureMethod.SHA1withECDSA(params);
+ } else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA224)) {
+ return new DOMSignatureMethod.SHA224withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA256)) {
return new DOMSignatureMethod.SHA256withECDSA(params);
} else if (algorithm.equals(DOMSignatureMethod.ECDSA_SHA384)) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java?rev=1597051&r1=1597050&r2=1597051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java Fri May 23 09:52:36 2014
@@ -140,6 +140,10 @@ public class JCEMapper {
new Algorithm("SHA1withECDSA", "SHA1withECDSA", "Signature")
);
algorithmsMap.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224,
+ new Algorithm("SHA224withECDSA", "SHA224withECDSA", "Signature")
+ );
+ algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256,
new Algorithm("SHA256withECDSA", "SHA256withECDSA", "Signature")
);
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java?rev=1597051&r1=1597050&r2=1597051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java Fri May 23 09:52:36 2014
@@ -409,6 +409,9 @@ public class SignatureAlgorithm extends
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
);
algorithmHash.put(
+ XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224, SignatureECDSA.SignatureECDSASHA224.class
+ );
+ algorithmHash.put(
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureECDSA.SignatureECDSASHA256.class
);
algorithmHash.put(
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java?rev=1597051&r1=1597050&r2=1597051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java Fri May 23 09:52:36 2014
@@ -362,13 +362,13 @@ public abstract class SignatureECDSA ext
}
/**
- * Class SignatureRSASHA1
+ * Class SignatureECDSASHA1
*
* @author $Author: marcx $
*/
public static class SignatureECDSASHA1 extends SignatureECDSA {
/**
- * Constructor SignatureRSASHA1
+ * Constructor SignatureECDSASHA1
*
* @throws XMLSignatureException
*/
@@ -383,14 +383,34 @@ public abstract class SignatureECDSA ext
}
/**
- * Class SignatureRSASHA256
+ * Class SignatureECDSASHA224
+ */
+ public static class SignatureECDSASHA224 extends SignatureECDSA {
+
+ /**
+ * Constructor SignatureECDSASHA224
+ *
+ * @throws XMLSignatureException
+ */
+ public SignatureECDSASHA224() throws XMLSignatureException {
+ super();
+ }
+
+ /** @inheritDoc */
+ public String engineGetURI() {
+ return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224;
+ }
+ }
+
+ /**
+ * Class SignatureECDSASHA256
*
* @author Alex Dupre
*/
public static class SignatureECDSASHA256 extends SignatureECDSA {
/**
- * Constructor SignatureRSASHA256
+ * Constructor SignatureECDSASHA256
*
* @throws XMLSignatureException
*/
@@ -405,14 +425,14 @@ public abstract class SignatureECDSA ext
}
/**
- * Class SignatureRSASHA384
+ * Class SignatureECDSASHA384
*
* @author Alex Dupre
*/
public static class SignatureECDSASHA384 extends SignatureECDSA {
/**
- * Constructor SignatureRSASHA384
+ * Constructor SignatureECDSASHA384
*
* @throws XMLSignatureException
*/
@@ -427,14 +447,14 @@ public abstract class SignatureECDSA ext
}
/**
- * Class SignatureRSASHA512
+ * Class SignatureECDSASHA512
*
* @author Alex Dupre
*/
public static class SignatureECDSASHA512 extends SignatureECDSA {
/**
- * Constructor SignatureRSASHA512
+ * Constructor SignatureECDSASHA512
*
* @throws XMLSignatureException
*/
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml?rev=1597051&r1=1597050&r2=1597051&view=diff
==============================================================================
Binary files - no diff available.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java?rev=1597051&r1=1597050&r2=1597051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignature.java Fri May 23 09:52:36 2014
@@ -141,6 +141,10 @@ public final class XMLSignature extends
public static final String ALGO_ID_SIGNATURE_ECDSA_SHA1 =
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+ /**Signature - Optional ECDSAwithSHA224 */
+ public static final String ALGO_ID_SIGNATURE_ECDSA_SHA224 =
+ "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224";
+
/**Signature - Optional ECDSAwithSHA256 */
public static final String ALGO_ID_SIGNATURE_ECDSA_SHA256 =
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
Added: santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java?rev=1597051&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/javax/xml/crypto/test/dsig/PKSignatureAlgorithmTest.java Fri May 23 09:52:36 2014
@@ -0,0 +1,227 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package javax.xml.crypto.test.dsig;
+
+import java.lang.reflect.Constructor;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Collections;
+
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.XMLObject;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.test.KeySelectors;
+import javax.xml.parsers.DocumentBuilder;
+
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+/**
+ * Test signing using all available PublicKey signing algorithms
+ */
+public class PKSignatureAlgorithmTest extends org.junit.Assert {
+
+ private KeySelector kvks;
+ private CanonicalizationMethod withoutComments;
+ private DigestMethod sha1;
+ private SignatureMethod rsaSha1, rsaSha256, rsaSha384, rsaSha512, rsaRipemd160;
+ private SignatureMethod ecdsaSha1, ecdsaSha224, ecdsaSha256, ecdsaSha384, ecdsaSha512;
+ private XMLSignatureFactory fac;
+ private DocumentBuilder db;
+ private KeyPair rsaKeyPair, ecKeyPair;
+ private KeyInfo rsaki, ecki;
+
+ static {
+ Security.insertProviderAt
+ (new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ }
+
+ public PKSignatureAlgorithmTest() throws Exception {
+ //
+ // If the BouncyCastle provider is not installed, then try to load it
+ // via reflection.
+ //
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons = null;
+ try {
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+ } catch (Exception e) {
+ //ignore
+ }
+ if (cons == null) {
+ // BouncyCastle is not available so just return
+ return;
+ } else {
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+
+ db = XMLUtils.createDocumentBuilder(false);
+ // create common objects
+ fac = XMLSignatureFactory.getInstance();
+ withoutComments = fac.newCanonicalizationMethod
+ (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
+
+ // Digest Methods
+ sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);
+
+ rsaSha1 = fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", null);
+ rsaSha256 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null);
+ rsaSha384 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", null);
+ rsaSha512 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", null);
+ rsaRipemd160 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160", null);
+
+ ecdsaSha1 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", null);
+ ecdsaSha224 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224", null);
+ ecdsaSha256 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", null);
+ ecdsaSha384 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384", null);
+ ecdsaSha512 = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", null);
+
+ kvks = new KeySelectors.KeyValueKeySelector();
+
+ rsaKeyPair = KeyPairGenerator.getInstance("RSA").genKeyPair();
+ ecKeyPair = KeyPairGenerator.getInstance("EC").genKeyPair();
+
+ KeyInfoFactory kifac = fac.getKeyInfoFactory();
+ rsaki = kifac.newKeyInfo(Collections.singletonList
+ (kifac.newKeyValue(rsaKeyPair.getPublic())));
+ ecki = kifac.newKeyInfo(Collections.singletonList
+ (kifac.newKeyValue(ecKeyPair.getPublic())));
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA1() throws Exception {
+ test_create_signature_enveloping(rsaSha1, sha1, rsaki,
+ rsaKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA_256() throws Exception {
+ test_create_signature_enveloping(rsaSha256, sha1, rsaki,
+ rsaKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA_384() throws Exception {
+ test_create_signature_enveloping(rsaSha384, sha1, rsaki,
+ rsaKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA_512() throws Exception {
+ test_create_signature_enveloping(rsaSha512, sha1, rsaki,
+ rsaKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testRSA_RIPEMD160() throws Exception {
+ test_create_signature_enveloping(rsaRipemd160, sha1, rsaki,
+ rsaKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA1() throws Exception {
+ test_create_signature_enveloping(ecdsaSha1, sha1, ecki,
+ ecKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA224() throws Exception {
+ test_create_signature_enveloping(ecdsaSha224, sha1, ecki,
+ ecKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA256() throws Exception {
+ test_create_signature_enveloping(ecdsaSha256, sha1, ecki,
+ ecKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA384() throws Exception {
+ test_create_signature_enveloping(ecdsaSha384, sha1, ecki,
+ ecKeyPair.getPrivate(), kvks);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA512() throws Exception {
+ test_create_signature_enveloping(ecdsaSha512, sha1, ecki,
+ ecKeyPair.getPrivate(), kvks);
+ }
+
+ private void test_create_signature_enveloping(
+ SignatureMethod sm, DigestMethod dm, KeyInfo ki, Key signingKey, KeySelector ks
+ ) throws Exception {
+
+ // create reference
+ Reference ref = fac.newReference("#DSig.Object_1", dm, null,
+ XMLObject.TYPE, null);
+
+ // create SignedInfo
+ SignedInfo si = fac.newSignedInfo(withoutComments, sm,
+ Collections.singletonList(ref));
+
+ Document doc = db.newDocument();
+ // create Objects
+ Element webElem = doc.createElementNS(null, "Web");
+ Text text = doc.createTextNode("up up and away");
+ webElem.appendChild(text);
+ XMLObject obj = fac.newXMLObject(Collections.singletonList
+ (new DOMStructure(webElem)), "DSig.Object_1", "text/xml", null);
+
+ // create XMLSignature
+ XMLSignature sig = fac.newXMLSignature
+ (si, ki, Collections.singletonList(obj), null, null);
+
+ DOMSignContext dsc = new DOMSignContext(signingKey, doc);
+ dsc.setDefaultNamespacePrefix("dsig");
+
+ sig.sign(dsc);
+ TestUtils.validateSecurityOrEncryptionElement(doc.getDocumentElement());
+
+ // XMLUtils.outputDOM(doc.getDocumentElement(), System.out);
+
+ DOMValidateContext dvc = new DOMValidateContext
+ (ks, doc.getDocumentElement());
+ XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
+
+ assertTrue(sig.equals(sig2));
+ assertTrue(sig2.validate(dvc));
+ }
+
+}
Added: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java?rev=1597051&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/algorithms/PKSignatureAlgorithmTest.java Fri May 23 09:52:36 2014
@@ -0,0 +1,341 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.algorithms;
+
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.test.dom.DSNamespaceContext;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.XMLUtils;
+import org.junit.Assert;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * A test to make sure that the various Public Key Signature algorithms are working
+ */
+public class PKSignatureAlgorithmTest extends org.junit.Assert {
+
+ private KeyPair rsaKeyPair, ecKeyPair;
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ public PKSignatureAlgorithmTest() throws Exception {
+ //
+ // If the BouncyCastle provider is not installed, then try to load it
+ // via reflection.
+ //
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons = null;
+ try {
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+ } catch (Exception e) {
+ //ignore
+ }
+ if (cons == null) {
+ // BouncyCastle is not available so just return
+ return;
+ } else {
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+
+ rsaKeyPair = KeyPairGenerator.getInstance("RSA").genKeyPair();
+ ecKeyPair = KeyPairGenerator.getInstance("EC").genKeyPair();
+ }
+
+ @org.junit.Test
+ public void testRSA_MD5() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA1() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA_256() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA_384() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testRSA_SHA_512() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testRSA_RIPEMD160() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160, document, localNames, rsaKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, rsaKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA1() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, document, localNames, ecKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, ecKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA_224() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224, document, localNames, ecKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, ecKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA_256() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256, document, localNames, ecKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, ecKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA_384() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384, document, localNames, ecKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, ecKeyPair.getPublic(), localNames);
+ }
+
+ @org.junit.Test
+ public void testECDSA_SHA_512() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ sign(XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, document, localNames, ecKeyPair.getPrivate());
+ // XMLUtils.outputDOM(document, System.out);
+ verify(document, ecKeyPair.getPublic(), localNames);
+ }
+
+ private XMLSignature sign(
+ String algorithm,
+ Document document,
+ List<String> localNames,
+ Key signingKey
+ ) throws Exception {
+ String c14nMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
+ XMLSignature sig = new XMLSignature(document, "", algorithm, c14nMethod);
+
+ Element root = document.getDocumentElement();
+ root.appendChild(sig.getElement());
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ for (String localName : localNames) {
+ String expression = "//*[local-name()='" + localName + "']";
+ NodeList elementsToSign =
+ (NodeList) xpath.evaluate(expression, document, XPathConstants.NODESET);
+ for (int i = 0; i < elementsToSign.getLength(); i++) {
+ Element elementToSign = (Element)elementsToSign.item(i);
+ Assert.assertNotNull(elementToSign);
+ String id = UUID.randomUUID().toString();
+ elementToSign.setAttributeNS(null, "Id", id);
+ elementToSign.setIdAttributeNS(null, "Id", true);
+
+ Transforms transforms = new Transforms(document);
+ transforms.addTransform(c14nMethod);
+ String digestMethod = "http://www.w3.org/2000/09/xmldsig#sha1";
+ sig.addDocument("#" + id, transforms, digestMethod);
+ }
+ }
+
+ sig.sign(signingKey);
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(sigElement);
+
+ return sig;
+ }
+
+ private void verify(
+ Document document,
+ Key key,
+ List<String> localNames
+ ) throws Exception {
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//dsig:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(sigElement);
+
+ for (String name : localNames) {
+ expression = "//*[local-name()='" + name + "']";
+ Element signedElement =
+ (Element) xpath.evaluate(expression, document, XPathConstants.NODE);
+ Assert.assertNotNull(signedElement);
+ signedElement.setIdAttributeNS(null, "Id", true);
+ }
+
+ XMLSignature signature = new XMLSignature(sigElement, "");
+
+ Assert.assertTrue(signature.checkSignatureValue(key));
+ }
+
+}