Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/javax/xml/crypto/dsig/ValidationTests.java
38853 views
/*1* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/**24* @test25* @bug 4635230 6365103 6366054 6824440 7131084 8046724 807969326* @summary Basic unit tests for validating XML Signatures with JSR 10527* @compile -XDignore.symbol.file KeySelectors.java SignatureValidator.java28* X509KeySelector.java ValidationTests.java29* @run main/othervm ValidationTests30* @author Sean Mullan31*/32import java.io.File;33import java.io.FileInputStream;34import java.security.*;35import javax.xml.crypto.Data;36import javax.xml.crypto.KeySelector;37import javax.xml.crypto.MarshalException;38import javax.xml.crypto.OctetStreamData;39import javax.xml.crypto.URIDereferencer;40import javax.xml.crypto.URIReference;41import javax.xml.crypto.URIReferenceException;42import javax.xml.crypto.XMLCryptoContext;43import javax.xml.crypto.dsig.XMLSignatureException;44import javax.xml.crypto.dsig.XMLSignatureFactory;4546public class ValidationTests {4748private static SignatureValidator validator;49private final static String DIR = System.getProperty("test.src", ".");50private final static String DATA_DIR =51DIR + System.getProperty("file.separator") + "data";52private final static String KEYSTORE =53DATA_DIR + System.getProperty("file.separator") + "certs" +54System.getProperty("file.separator") + "xmldsig.jks";55private final static String STYLESHEET =56"http://www.w3.org/TR/xml-stylesheet";57private final static String STYLESHEET_B64 =58"http://www.w3.org/Signature/2002/04/xml-stylesheet.b64";5960static class Test {61String file;62KeySelector ks;63Class exception;6465Test(String file, KeySelector ks, Class exception) {66this.file = file;67this.ks = ks;68this.exception = exception;69}7071// XMLSignatureException is expected by default72Test(String file, KeySelector ks) {73this(file, ks, XMLSignatureException.class);74}75}7677static KeySelector skks;78static {79try {80skks =81new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"));82} catch (Exception e) {83//should not occur84}85}86private final static KeySelector SKKS = skks;87private final static KeySelector KVKS =88new KeySelectors.KeyValueKeySelector();89private final static KeySelector CKS =90new KeySelectors.CollectionKeySelector(new File(DATA_DIR));91private final static KeySelector RXKS =92new KeySelectors.RawX509KeySelector();93private final static KeySelector XKS = null;94private static URIDereferencer httpUd = null;9596private final static Test[] VALID_TESTS = {97new Test("signature-enveloped-dsa.xml", KVKS),98new Test("signature-enveloping-b64-dsa.xml", KVKS),99new Test("signature-enveloping-dsa.xml", KVKS),100new Test("signature-enveloping-rsa.xml", KVKS),101new Test("signature-enveloping-p256-sha1.xml", KVKS),102new Test("signature-enveloping-p384-sha1.xml", KVKS),103new Test("signature-enveloping-p521-sha1.xml", KVKS),104new Test("signature-enveloping-hmac-sha1.xml", SKKS),105new Test("signature-external-dsa.xml", KVKS),106new Test("signature-external-b64-dsa.xml", KVKS),107new Test("signature-retrievalmethod-rawx509crt.xml", CKS),108new Test("signature-keyname.xml", CKS),109new Test("signature-x509-crt-crl.xml", RXKS),110new Test("signature-x509-crt.xml", RXKS),111new Test("signature-x509-is.xml", CKS),112new Test("signature-x509-ski.xml", CKS),113new Test("signature-x509-sn.xml", CKS),114new Test("signature.xml", XKS),115new Test("exc-signature.xml", KVKS),116new Test("sign-spec.xml", RXKS),117new Test("xmldsig-xfilter2.xml", KVKS)118};119120private final static Test[] INVALID_TESTS = {121new Test("signature-enveloping-hmac-sha1-40.xml", SKKS),122new Test("signature-enveloping-hmac-sha1-trunclen-0-attack.xml", SKKS),123new Test("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", SKKS),124new Test("signature-extra-text-in-signed-info.xml", SKKS,125MarshalException.class),126new Test("signature-wrong-canonicalization-method-algorithm.xml", SKKS,127MarshalException.class),128new Test("signature-wrong-transform-algorithm.xml", SKKS,129MarshalException.class),130new Test("signature-no-reference-uri.xml", SKKS),131new Test("signature-wrong-signature-method-algorithm.xml", SKKS,132MarshalException.class),133new Test("signature-wrong-tag-names.xml", SKKS, MarshalException.class)134};135136public static void main(String args[]) throws Exception {137httpUd = new HttpURIDereferencer();138139validator = new SignatureValidator(new File(DATA_DIR));140141boolean atLeastOneFailed = false;142for (Test test : VALID_TESTS) {143System.out.println("Validating " + test.file);144if (test_signature(test)) {145System.out.println("PASSED");146} else {147System.out.println("FAILED");148atLeastOneFailed = true;149}150}151// test with reference caching enabled152System.out.println("Validating sign-spec.xml with caching enabled");153if (test_signature(new Test("sign-spec.xml", RXKS), true)) {154System.out.println("PASSED");155} else {156System.out.println("FAILED");157atLeastOneFailed = true;158}159160for (Test test : INVALID_TESTS) {161System.out.println("Validating " + test.file);162try {163test_signature(test);164System.out.println("FAILED");165atLeastOneFailed = true;166} catch (Exception e) {167System.out.println("Exception: " + e);168if (e.getClass() != test.exception) {169System.out.println("FAILED: unexpected exception");170atLeastOneFailed = true;171} else {172System.out.println("PASSED");173}174}175}176177if (atLeastOneFailed) {178throw new Exception179("At least one signature did not validate as expected");180}181}182183public static boolean test_signature(Test test) throws Exception {184return test_signature(test, false);185}186187public static boolean test_signature(Test test, boolean cache)188throws Exception189{190if (test.ks == null) {191KeyStore keystore = KeyStore.getInstance("JKS");192try (FileInputStream fis = new FileInputStream(KEYSTORE)) {193keystore.load(fis, "changeit".toCharArray());194test.ks = new X509KeySelector(keystore, false);195}196}197return validator.validate(test.file, test.ks, httpUd, cache);198}199200/**201* This URIDereferencer returns locally cached copies of http content to202* avoid test failures due to network glitches, etc.203*/204private static class HttpURIDereferencer implements URIDereferencer {205private URIDereferencer defaultUd;206207HttpURIDereferencer() {208defaultUd = XMLSignatureFactory.getInstance().getURIDereferencer();209}210211public Data dereference(final URIReference ref, XMLCryptoContext ctx)212throws URIReferenceException {213String uri = ref.getURI();214if (uri.equals(STYLESHEET) || uri.equals(STYLESHEET_B64)) {215try {216FileInputStream fis = new FileInputStream(new File217(DATA_DIR, uri.substring(uri.lastIndexOf('/'))));218return new OctetStreamData(fis,ref.getURI(),ref.getType());219} catch (Exception e) { throw new URIReferenceException(e); }220}221222// fallback on builtin deref223return defaultUd.dereference(ref, ctx);224}225}226}227228229