Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/javax/xml/crypto/dsig/SignatureValidator.java
38853 views
/*1* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.io.*;24import java.util.*;25import java.security.MessageDigest;26import javax.xml.crypto.*;27import javax.xml.crypto.dsig.*;28import javax.xml.crypto.dsig.dom.DOMValidateContext;29import javax.xml.crypto.dom.*;30import javax.xml.parsers.DocumentBuilderFactory;31import javax.xml.parsers.DocumentBuilder;32import org.w3c.dom.Document;33import org.w3c.dom.Node;34import org.w3c.dom.NodeList;35import org.w3c.dom.Element;3637/**38* This is a class which performs xml signature validation upon request39*/40class SignatureValidator {4142private File dir;4344SignatureValidator(File base) {45dir = base;46}4748boolean validate(String fn, KeySelector ks, boolean cache)49throws Exception {50return validate(fn, ks, null, cache);51}5253boolean validate(String fn, KeySelector ks, URIDereferencer ud,54boolean cache) throws Exception {5556DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();57dbf.setNamespaceAware(true);58dbf.setValidating(false);59Document doc = dbf.newDocumentBuilder().parse(new File(dir, fn));60NodeList nl =61doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");62if (nl.getLength() == 0) {63throw new Exception("Couldn't find signature Element");64}65Element sigElement = (Element) nl.item(0);66DOMValidateContext vc = new DOMValidateContext(ks, sigElement);67vc.setBaseURI(dir.toURI().toString());68if (cache) {69vc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);70}71XMLSignatureFactory factory = XMLSignatureFactory.getInstance();72XMLSignature signature = factory.unmarshalXMLSignature(vc);73if (ud != null) {74vc.setURIDereferencer(ud);75}76boolean coreValidity = signature.validate(vc);7778// Check reference cache79if (cache) {80Iterator i = signature.getSignedInfo().getReferences().iterator();81for (int j=0; i.hasNext(); j++) {82Reference ref = (Reference) i.next();83if (!digestInputEqual(ref)) {84throw new Exception85("cached data for Reference[" + j + "] is not correct");86}87// check that dereferenced data does not contain comment nodes88if (ref.getURI() == "") {89System.out.println("checking deref data");90NodeSetData data = (NodeSetData) ref.getDereferencedData();91Iterator ni = data.iterator();92while (ni.hasNext()) {93Node n = (Node) ni.next();94if (n.getNodeType() == Node.COMMENT_NODE) {95throw new Exception("dereferenced data for " +96" Reference[" + j + " contains comment node");97}98}99}100}101}102return coreValidity;103}104105private boolean digestInputEqual(Reference ref) throws Exception {106MessageDigest md = MessageDigest.getInstance("SHA1");107InputStream is = ref.getDigestInputStream();108int nbytes;109byte[] buf = new byte[256];110while ((nbytes = is.read(buf, 0, buf.length)) != -1) {111md.update(buf, 0, nbytes);112}113return Arrays.equals(md.digest(), ref.getDigestValue());114}115}116117118