You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/05/20 13:39:10 UTC
svn commit: r1596205 - in
/santuario/xml-security-java/branches/1.5.x-fixes/src:
main/java/org/apache/jcp/xml/dsig/internal/dom/
main/java/org/apache/xml/security/algorithms/
test/java/javax/xml/crypto/test/dsig/
test/java/org/apache/xml/security/test/...
Author: coheigea
Date: Tue May 20 11:39:10 2014
New Revision: 1596205
URL: http://svn.apache.org/r1596205
Log:
[SANTUARIO-388] - Add support + testing for RIPE-MD160 digest algorithm
Added:
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/javax/xml/crypto/test/dsig/SignatureDigestMethodTest.java
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/algorithms/
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/algorithms/DigestAlgorithmTest.java
Modified:
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMDigestMethod.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMDigestMethod.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMDigestMethod.java?rev=1596205&r1=1596204&r2=1596205&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMDigestMethod.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMDigestMethod.java Tue May 20 11:39:10 2014
@@ -94,6 +94,8 @@ public abstract class DOMDigestMethod ex
return new SHA384(dmElem);
} else if (alg.equals(DigestMethod.SHA512)) {
return new SHA512(dmElem);
+ } else if (alg.equals(DigestMethod.RIPEMD160)) {
+ return new RIPEMD160(dmElem);
} else {
throw new MarshalException("unsupported DigestMethod algorithm: " +
alg);
@@ -278,4 +280,22 @@ public abstract class DOMDigestMethod ex
return "SHA-512";
}
}
+
+ static final class RIPEMD160 extends DOMDigestMethod {
+ RIPEMD160(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ super(params);
+ }
+ RIPEMD160(Element dmElem) throws MarshalException {
+ super(dmElem);
+ }
+ @Override
+ public String getAlgorithm() {
+ return DigestMethod.RIPEMD160;
+ }
+ @Override
+ String getMessageDigestAlgorithm() {
+ return "RIPEMD160";
+ }
+ }
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java?rev=1596205&r1=1596204&r2=1596205&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java Tue May 20 11:39:10 2014
@@ -214,6 +214,8 @@ public final class DOMXMLSignatureFactor
return new DOMDigestMethod.SHA384(params);
} else if (algorithm.equals(DigestMethod.SHA512)) {
return new DOMDigestMethod.SHA512(params);
+ } else if (algorithm.equals(DigestMethod.RIPEMD160)) {
+ return new DOMDigestMethod.RIPEMD160(params);
} else {
throw new NoSuchAlgorithmException("unsupported algorithm");
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java?rev=1596205&r1=1596204&r2=1596205&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java Tue May 20 11:39:10 2014
@@ -54,6 +54,7 @@ public class JCEMapper {
* This method registers the default algorithms.
*/
public static void registerDefaultAlgorithms() {
+ // Digest algorithms
algorithmsMap.put(
MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5,
new Algorithm("", "MD5", "MessageDigest")
@@ -78,6 +79,7 @@ public class JCEMapper {
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512,
new Algorithm("", "SHA-512", "MessageDigest")
);
+ // Signature algorithms
algorithmsMap.put(
XMLSignature.ALGO_ID_SIGNATURE_DSA,
new Algorithm("", "SHA1withDSA", "Signature")
@@ -150,6 +152,7 @@ public class JCEMapper {
XMLSignature.ALGO_ID_MAC_HMAC_SHA512,
new Algorithm("", "HmacSHA512", "Mac")
);
+ // Encryption algorithms
algorithmsMap.put(
XMLCipher.TRIPLEDES,
new Algorithm("DESede", "DESede/CBC/ISO10126Padding", "BlockEncryption", 192)
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/javax/xml/crypto/test/dsig/SignatureDigestMethodTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/javax/xml/crypto/test/dsig/SignatureDigestMethodTest.java?rev=1596205&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/javax/xml/crypto/test/dsig/SignatureDigestMethodTest.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/javax/xml/crypto/test/dsig/SignatureDigestMethodTest.java Tue May 20 11:39:10 2014
@@ -0,0 +1,183 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package javax.xml.crypto.test.dsig;
+
+import java.lang.reflect.Constructor;
+import java.security.Key;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Collections;
+
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.dom.DOMStructure;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.XMLObject;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.test.KeySelectors;
+import javax.xml.parsers.DocumentBuilder;
+
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+/**
+ * Test signing using all available digest methods
+ */
+public class SignatureDigestMethodTest extends org.junit.Assert {
+
+ private KeySelector kvks;
+ private CanonicalizationMethod withoutComments;
+ private DigestMethod sha1, sha256, sha384, sha512, ripemd160;
+ private SignatureMethod rsaSha1;
+ private KeyInfo rsaki;
+ private XMLSignatureFactory fac;
+ private DocumentBuilder db;
+
+ static {
+ Security.insertProviderAt
+ (new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+ }
+
+ public SignatureDigestMethodTest() throws Exception {
+ //
+ // If the BouncyCastle provider is not installed, then try to load it
+ // via reflection.
+ //
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons = null;
+ try {
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+ } catch (Exception e) {
+ //ignore
+ }
+ if (cons == null) {
+ // BouncyCastle is not available so just return
+ return;
+ } else {
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+
+ db = XMLUtils.createDocumentBuilder(false);
+ // create common objects
+ fac = XMLSignatureFactory.getInstance();
+ KeyInfoFactory kifac = fac.getKeyInfoFactory();
+ withoutComments = fac.newCanonicalizationMethod
+ (CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null);
+ sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);
+ sha256 = fac.newDigestMethod(DigestMethod.SHA256, null);
+ sha384 = fac.newDigestMethod("http://www.w3.org/2001/04/xmldsig-more#sha384", null);
+ sha512 = fac.newDigestMethod(DigestMethod.SHA512, null);
+ ripemd160 = fac.newDigestMethod(DigestMethod.RIPEMD160, null);
+
+ rsaSha1 = fac.newSignatureMethod
+ ("http://www.w3.org/2000/09/xmldsig#rsa-sha1", null);
+
+ rsaki = kifac.newKeyInfo(Collections.singletonList
+ (kifac.newKeyValue(
+ TestUtils.getPublicKey("RSA"))));
+
+ kvks = new KeySelectors.KeyValueKeySelector();
+ }
+
+ @org.junit.Test
+ public void testSHA1() throws Exception {
+ test_create_signature_enveloping(rsaSha1, sha1, rsaki,
+ TestUtils.getPrivateKey("RSA"), kvks);
+ }
+
+ @org.junit.Test
+ public void testSHA256() throws Exception {
+ test_create_signature_enveloping(rsaSha1, sha256, rsaki,
+ TestUtils.getPrivateKey("RSA"), kvks);
+ }
+
+
+ @org.junit.Test
+ public void testSHA384() throws Exception {
+ test_create_signature_enveloping(rsaSha1, sha384, rsaki,
+ TestUtils.getPrivateKey("RSA"), kvks);
+ }
+
+ @org.junit.Test
+ public void testSHA512() throws Exception {
+ test_create_signature_enveloping(rsaSha1, sha512, rsaki,
+ TestUtils.getPrivateKey("RSA"), kvks);
+ }
+
+ @org.junit.Test
+ public void testRIPEMD160() throws Exception {
+ test_create_signature_enveloping(rsaSha1, ripemd160, rsaki,
+ TestUtils.getPrivateKey("RSA"), kvks);
+ }
+
+ private void test_create_signature_enveloping(
+ SignatureMethod sm, DigestMethod dm, KeyInfo ki, Key signingKey, KeySelector ks
+ ) throws Exception {
+
+ // create reference
+ Reference ref = fac.newReference("#DSig.Object_1", dm, null,
+ XMLObject.TYPE, null);
+
+ // create SignedInfo
+ SignedInfo si = fac.newSignedInfo(withoutComments, sm,
+ Collections.singletonList(ref));
+
+ Document doc = db.newDocument();
+ // create Objects
+ Element webElem = doc.createElementNS(null, "Web");
+ Text text = doc.createTextNode("up up and away");
+ webElem.appendChild(text);
+ XMLObject obj = fac.newXMLObject(Collections.singletonList
+ (new DOMStructure(webElem)), "DSig.Object_1", "text/xml", null);
+
+ // create XMLSignature
+ XMLSignature sig = fac.newXMLSignature
+ (si, ki, Collections.singletonList(obj), null, null);
+
+ DOMSignContext dsc = new DOMSignContext(signingKey, doc);
+ dsc.setDefaultNamespacePrefix("dsig");
+
+ sig.sign(dsc);
+ TestUtils.validateSecurityOrEncryptionElement(doc.getDocumentElement());
+
+ // XMLUtils.outputDOM(doc.getDocumentElement(), System.out);
+
+ DOMValidateContext dvc = new DOMValidateContext
+ (ks, doc.getDocumentElement());
+ XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);
+
+ assertTrue(sig.equals(sig2));
+ assertTrue(sig2.validate(dvc));
+ }
+
+}
Added: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/algorithms/DigestAlgorithmTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/algorithms/DigestAlgorithmTest.java?rev=1596205&view=auto
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/algorithms/DigestAlgorithmTest.java (added)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/dom/algorithms/DigestAlgorithmTest.java Tue May 20 11:39:10 2014
@@ -0,0 +1,175 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.algorithms;
+
+import java.lang.reflect.Constructor;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Arrays;
+
+import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+
+/**
+ * A test to make sure that the various digest algorithms are working
+ */
+public class DigestAlgorithmTest extends org.junit.Assert {
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ public DigestAlgorithmTest() throws Exception {
+ //
+ // If the BouncyCastle provider is not installed, then try to load it
+ // via reflection.
+ //
+ if (Security.getProvider("BC") == null) {
+ Constructor<?> cons = null;
+ try {
+ Class<?> c = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+ cons = c.getConstructor(new Class[] {});
+ } catch (Exception e) {
+ //ignore
+ }
+ if (cons == null) {
+ // BouncyCastle is not available so just return
+ return;
+ } else {
+ Provider provider = (java.security.Provider)cons.newInstance();
+ Security.insertProviderAt(provider, 2);
+ }
+ }
+ }
+
+ @org.junit.Test
+ public void testSHA1() throws Exception {
+ Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
+
+ MessageDigestAlgorithm digestAlgorithm =
+ MessageDigestAlgorithm.getInstance(doc, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);
+ assertEquals(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1, digestAlgorithm.getAlgorithmURI());
+
+ byte[] digest = digestAlgorithm.digest("test-string".getBytes());
+ assertNotNull(digest);
+ assertTrue(digest.length > 0);
+
+ // Now compare against a JDK MessageDigest Object
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] digest2 = md.digest("test-string".getBytes());
+ assertTrue(Arrays.equals(digest, digest2));
+ }
+
+ @org.junit.Test
+ public void testSHA256() throws Exception {
+ Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
+
+ MessageDigestAlgorithm digestAlgorithm =
+ MessageDigestAlgorithm.getInstance(doc, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256);
+ assertEquals(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256, digestAlgorithm.getAlgorithmURI());
+
+ byte[] digest = digestAlgorithm.digest("test-string".getBytes());
+ assertNotNull(digest);
+ assertTrue(digest.length > 0);
+
+ // Now compare against a JDK MessageDigest Object
+ MessageDigest md = MessageDigest.getInstance("SHA-256");
+ byte[] digest2 = md.digest("test-string".getBytes());
+ assertTrue(Arrays.equals(digest, digest2));
+ }
+
+ @org.junit.Test
+ public void testSHA384() throws Exception {
+ Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
+
+ MessageDigestAlgorithm digestAlgorithm =
+ MessageDigestAlgorithm.getInstance(doc, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA384);
+ assertEquals(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA384, digestAlgorithm.getAlgorithmURI());
+
+ byte[] digest = digestAlgorithm.digest("test-string".getBytes());
+ assertNotNull(digest);
+ assertTrue(digest.length > 0);
+
+ // Now compare against a JDK MessageDigest Object
+ MessageDigest md = MessageDigest.getInstance("SHA-384");
+ byte[] digest2 = md.digest("test-string".getBytes());
+ assertTrue(Arrays.equals(digest, digest2));
+ }
+
+ @org.junit.Test
+ public void testSHA512() throws Exception {
+ Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
+
+ MessageDigestAlgorithm digestAlgorithm =
+ MessageDigestAlgorithm.getInstance(doc, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512);
+ assertEquals(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512, digestAlgorithm.getAlgorithmURI());
+
+ byte[] digest = digestAlgorithm.digest("test-string".getBytes());
+ assertNotNull(digest);
+ assertTrue(digest.length > 0);
+
+ // Now compare against a JDK MessageDigest Object
+ MessageDigest md = MessageDigest.getInstance("SHA-512");
+ byte[] digest2 = md.digest("test-string".getBytes());
+ assertTrue(Arrays.equals(digest, digest2));
+ }
+
+ @org.junit.Test
+ public void testMD5() throws Exception {
+ Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
+
+ MessageDigestAlgorithm digestAlgorithm =
+ MessageDigestAlgorithm.getInstance(doc, MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5);
+ assertEquals(MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5, digestAlgorithm.getAlgorithmURI());
+
+ byte[] digest = digestAlgorithm.digest("test-string".getBytes());
+ assertNotNull(digest);
+ assertTrue(digest.length > 0);
+
+ // Now compare against a JDK MessageDigest Object
+ MessageDigest md = MessageDigest.getInstance("MD5");
+ byte[] digest2 = md.digest("test-string".getBytes());
+ assertTrue(Arrays.equals(digest, digest2));
+ }
+
+ @org.junit.Test
+ public void testRIPEMD160() throws Exception {
+ // This only works with BouncyCastle
+ if (Security.getProvider("BC") == null) {
+ return;
+ }
+ Document doc = XMLUtils.createDocumentBuilder(false).newDocument();
+
+ MessageDigestAlgorithm digestAlgorithm =
+ MessageDigestAlgorithm.getInstance(doc, MessageDigestAlgorithm.ALGO_ID_DIGEST_RIPEMD160);
+ assertEquals(MessageDigestAlgorithm.ALGO_ID_DIGEST_RIPEMD160, digestAlgorithm.getAlgorithmURI());
+
+ byte[] digest = digestAlgorithm.digest("test-string".getBytes());
+ assertNotNull(digest);
+ assertTrue(digest.length > 0);
+
+ // Now compare against a JDK MessageDigest Object
+ MessageDigest md = MessageDigest.getInstance("RIPEMD160");
+ byte[] digest2 = md.digest("test-string".getBytes());
+ assertTrue(Arrays.equals(digest, digest2));
+ }
+
+}