You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/05/22 14:14:11 UTC
svn commit: r1596831 - in /santuario/xml-security-java/trunk/src:
main/resources/ test/java/org/apache/xml/security/test/stax/signature/
Author: coheigea
Date: Thu May 22 12:14:10 2014
New Revision: 1596831
URL: http://svn.apache.org/r1596831
Log:
Adding some streaming HMAC Signature tests for various algorithms
Added:
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java
Modified:
santuario/xml-security-java/trunk/src/main/resources/security-config.xml
santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java
Modified: santuario/xml-security-java/trunk/src/main/resources/security-config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/security-config.xml?rev=1596831&r1=1596830&r2=1596831&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/security-config.xml (original)
+++ santuario/xml-security-java/trunk/src/main/resources/security-config.xml Thu May 22 12:14:10 2014
@@ -292,6 +292,14 @@
RequiredKey="HmacSHA1"
JCEName="HmacSHA1"/>
+ <Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
+ Description="Message Authentication code using SHA-224"
+ AlgorithmClass="Mac"
+ RequirementLevel="OPTIONAL"
+ KeyLength="224"
+ RequiredKey="HmacSHA224"
+ JCEName="HmacSHA224"/>
+
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
Description="Message Authentication code using SHA-256"
AlgorithmClass="Mac"
Modified: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java?rev=1596831&r1=1596830&r2=1596831&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java (original)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java Thu May 22 12:14:10 2014
@@ -22,7 +22,6 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.lang.reflect.Constructor;
-import java.lang.reflect.Field;
import java.security.Key;
import java.security.KeyStore;
import java.security.Provider;
@@ -30,38 +29,22 @@ import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
-import java.util.Map;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-import org.apache.xml.security.c14n.Canonicalizer;
-import org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.keys.KeyInfo;
-import org.apache.xml.security.keys.content.KeyName;
-import org.apache.xml.security.keys.content.X509Data;
-import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.stax.config.Init;
-import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
-import org.apache.xml.security.stax.ext.*;
-import org.apache.xml.security.stax.securityEvent.*;
-import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
+import org.apache.xml.security.stax.ext.InboundXMLSec;
+import org.apache.xml.security.stax.ext.XMLSec;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.test.stax.utils.StAX2DOM;
-import org.apache.xml.security.test.stax.utils.TestUtils;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
-import org.apache.xml.security.transforms.Transform;
-import org.apache.xml.security.transforms.implementations.TransformC14N;
import org.apache.xml.security.utils.XMLUtils;
-import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Document;
Added: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java?rev=1596831&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java Thu May 22 12:14:10 2014
@@ -0,0 +1,333 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.stax.signature;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.security.Provider;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.xml.security.stax.ext.OutboundXMLSec;
+import org.apache.xml.security.stax.ext.SecurePart;
+import org.apache.xml.security.stax.ext.XMLSec;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.test.stax.utils.XmlReaderToWriter;
+import org.apache.xml.security.utils.XMLUtils;
+import org.junit.Test;
+import org.w3c.dom.Document;
+
+/**
+ * A set of test-cases for Signature creation with various HMAC algorithms
+ */
+public class SignatureHMACCreationTest extends AbstractSignatureCreationTest {
+
+ public SignatureHMACCreationTest() throws Exception {
+ //
+ // If the BouncyCastle provider is not installed, then try to load it
+ // via reflection.
+ //
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons = null;
+ try {
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+ } catch (Exception e) {
+ //ignore
+ }
+ if (cons == null) {
+ // BouncyCastle is not available so just return
+ return;
+ } else {
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+ }
+
+ @Test
+ public void testHMACSHA1() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+ properties.setSignatureKey(key);
+
+ properties.setSignatureAlgorithm(signatureAlgorithm);
+
+ SecurePart securePart = new SecurePart(
+ new QName("urn:example:po", "PaymentInfo"),
+ SecurePart.Modifier.Content,
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
+ "http://www.w3.org/2000/09/xmldsig#sha1");
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify using DOM
+ verifyUsingDOM(document, key, properties.getSignatureSecureParts());
+ }
+
+ @Test
+ public void testHMACSHA_224() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+ properties.setSignatureKey(key);
+
+ properties.setSignatureAlgorithm(signatureAlgorithm);
+
+ SecurePart securePart = new SecurePart(
+ new QName("urn:example:po", "PaymentInfo"),
+ SecurePart.Modifier.Content,
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
+ "http://www.w3.org/2000/09/xmldsig#sha1");
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify using DOM
+ verifyUsingDOM(document, key, properties.getSignatureSecureParts());
+ }
+
+ @Test
+ public void testHMACSHA_256() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+ properties.setSignatureKey(key);
+
+ properties.setSignatureAlgorithm(signatureAlgorithm);
+
+ SecurePart securePart = new SecurePart(
+ new QName("urn:example:po", "PaymentInfo"),
+ SecurePart.Modifier.Content,
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
+ "http://www.w3.org/2000/09/xmldsig#sha1");
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify using DOM
+ verifyUsingDOM(document, key, properties.getSignatureSecureParts());
+ }
+
+ @Test
+ public void testHMACSHA_384() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+ properties.setSignatureKey(key);
+
+ properties.setSignatureAlgorithm(signatureAlgorithm);
+
+ SecurePart securePart = new SecurePart(
+ new QName("urn:example:po", "PaymentInfo"),
+ SecurePart.Modifier.Content,
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
+ "http://www.w3.org/2000/09/xmldsig#sha1");
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify using DOM
+ verifyUsingDOM(document, key, properties.getSignatureSecureParts());
+ }
+
+ @Test
+ public void testHMACSHA_512() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+ properties.setSignatureKey(key);
+
+ properties.setSignatureAlgorithm(signatureAlgorithm);
+
+ SecurePart securePart = new SecurePart(
+ new QName("urn:example:po", "PaymentInfo"),
+ SecurePart.Modifier.Content,
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
+ "http://www.w3.org/2000/09/xmldsig#sha1");
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify using DOM
+ verifyUsingDOM(document, key, properties.getSignatureSecureParts());
+ }
+
+ @Test
+ public void testRIPEMD160() throws Exception {
+ // Set up the Configuration
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ List<XMLSecurityConstants.Action> actions = new ArrayList<XMLSecurityConstants.Action>();
+ actions.add(XMLSecurityConstants.SIGNATURE);
+ properties.setActions(actions);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+ properties.setSignatureKey(key);
+
+ properties.setSignatureAlgorithm(signatureAlgorithm);
+
+ SecurePart securePart = new SecurePart(
+ new QName("urn:example:po", "PaymentInfo"),
+ SecurePart.Modifier.Content,
+ new String[]{"http://www.w3.org/2001/10/xml-exc-c14n#"},
+ "http://www.w3.org/2000/09/xmldsig#sha1");
+ properties.addSignaturePart(securePart);
+
+ OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ XMLStreamWriter xmlStreamWriter = outboundXMLSec.processOutMessage(baos, "UTF-8");
+
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ // System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify using DOM
+ verifyUsingDOM(document, key, properties.getSignatureSecureParts());
+ }
+
+
+}
Added: santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java?rev=1596831&view=auto
==============================================================================
--- santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java (added)
+++ santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java Thu May 22 12:14:10 2014
@@ -0,0 +1,347 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.stax.signature;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.security.Provider;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.xml.security.stax.config.Init;
+import org.apache.xml.security.stax.ext.InboundXMLSec;
+import org.apache.xml.security.stax.ext.XMLSec;
+import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import org.apache.xml.security.test.stax.utils.StAX2DOM;
+import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
+import org.apache.xml.security.utils.XMLUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.w3c.dom.Document;
+
+/**
+ * A set of test-cases for Signature verification with various HMAC algorithms
+ */
+public class SignatureHMACVerificationTest extends AbstractSignatureVerificationTest {
+
+ private XMLInputFactory xmlInputFactory;
+ private TransformerFactory transformerFactory = TransformerFactory.newInstance();
+
+ @Before
+ public void setUp() throws Exception {
+ Init.init(SignatureHMACVerificationTest.class.getClassLoader().getResource("security-config.xml").toURI(),
+ this.getClass());
+ org.apache.xml.security.Init.init();
+
+ xmlInputFactory = XMLInputFactory.newInstance();
+ xmlInputFactory.setEventAllocator(new XMLSecEventAllocator());
+
+ //
+ // If the BouncyCastle provider is not installed, then try to load it
+ // via reflection.
+ //
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons = null;
+ try {
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+ } catch (Exception e) {
+ //ignore
+ }
+ if (cons == null) {
+ // BouncyCastle is not available so just return
+ return;
+ } else {
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+ }
+
+ @Test
+ public void testHMACSHA1() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ signUsingDOM(
+ signatureAlgorithm, document, localNames, key,
+ "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1"
+ );
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(key);
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
+ }
+
+ @Test
+ public void testHMACSHA_224() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ signUsingDOM(
+ signatureAlgorithm, document, localNames, key,
+ "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1"
+ );
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(key);
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
+ }
+
+ @Test
+ public void testHMACSHA_256() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ signUsingDOM(
+ signatureAlgorithm, document, localNames, key,
+ "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1"
+ );
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(key);
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
+ }
+
+ @Test
+ public void testHMACSHA_384() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ signUsingDOM(
+ signatureAlgorithm, document, localNames, key,
+ "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1"
+ );
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(key);
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
+ }
+
+ @Test
+ public void testHMACSHA_512() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ signUsingDOM(
+ signatureAlgorithm, document, localNames, key,
+ "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1"
+ );
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(key);
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
+ }
+
+ @Test
+ public void testRIPEMD160() throws Exception {
+ // Read in plaintext document
+ InputStream sourceDocument =
+ this.getClass().getClassLoader().getResourceAsStream(
+ "ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
+ DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
+ Document document = builder.parse(sourceDocument);
+
+ // Set the key up
+ byte[] hmacKey = "secret".getBytes("ASCII");
+ String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
+ SecretKey key = new SecretKeySpec(hmacKey, signatureAlgorithm);
+
+ // Sign using DOM
+ List<String> localNames = new ArrayList<String>();
+ localNames.add("PaymentInfo");
+
+ signUsingDOM(
+ signatureAlgorithm, document, localNames, key,
+ "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/2000/09/xmldsig#sha1"
+ );
+
+ // XMLUtils.outputDOM(document, System.out);
+
+ // Convert Document to a Stream Reader
+ javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
+ // Verify signature
+ XMLSecurityProperties properties = new XMLSecurityProperties();
+ properties.setSignatureVerificationKey(key);
+ InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
+ TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
+ XMLStreamReader securityStreamReader =
+ inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
+
+ StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
+ }
+
+}