158 lines
5.8 KiB
Java
158 lines
5.8 KiB
Java
/*
|
|
* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/**
|
|
* @test
|
|
* @bug 6436919 6460930
|
|
* @summary check that XML Signatures can be generated and validated with
|
|
* SecurityManager enabled and default policy
|
|
* @run main/othervm XMLDSigWithSecMgr
|
|
* @author Sean Mullan
|
|
*/
|
|
import java.io.*;
|
|
import java.net.*;
|
|
import java.security.KeyPair;
|
|
import java.security.KeyPairGenerator;
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import javax.xml.crypto.dsig.*;
|
|
import javax.xml.crypto.dsig.dom.DOMSignContext;
|
|
import javax.xml.crypto.dsig.dom.DOMValidateContext;
|
|
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
|
|
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
|
|
import javax.xml.parsers.DocumentBuilder;
|
|
import javax.xml.parsers.DocumentBuilderFactory;
|
|
import org.w3c.dom.Document;
|
|
import org.w3c.dom.Element;
|
|
|
|
public class XMLDSigWithSecMgr implements Runnable {
|
|
|
|
private XMLSignatureFactory fac;
|
|
private DigestMethod sha1;
|
|
private CanonicalizationMethod withoutComments;
|
|
private DocumentBuilder db;
|
|
|
|
private ServerSocket ss;
|
|
|
|
private void setup() throws Exception {
|
|
ss = new ServerSocket(0);
|
|
Thread thr = new Thread(this);
|
|
thr.start();
|
|
|
|
fac = XMLSignatureFactory.getInstance();
|
|
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
|
dbf.setNamespaceAware(true);
|
|
db = dbf.newDocumentBuilder();
|
|
sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);
|
|
withoutComments = fac.newCanonicalizationMethod
|
|
(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null);
|
|
}
|
|
|
|
public void run() {
|
|
try {
|
|
|
|
for (int i=0; i<2; i++) {
|
|
Socket s = ss.accept();
|
|
s.setTcpNoDelay(true);
|
|
|
|
PrintStream out = new PrintStream(
|
|
new BufferedOutputStream(
|
|
s.getOutputStream() ));
|
|
|
|
out.print("HTTP/1.1 200 OK\r\n");
|
|
out.print("Content-Length: 11\r\n");
|
|
out.print("Content-Type: text/plain\r\n");
|
|
out.print("\r\n");
|
|
out.print("l;ajfdjafd\n");
|
|
out.flush();
|
|
|
|
// don't close the connection immediately as otherwise
|
|
// the http headers may not have been received and the
|
|
// http client will re-connect.
|
|
Thread.currentThread().sleep(2000);
|
|
|
|
s.close();
|
|
}
|
|
|
|
} catch (Exception e) {
|
|
e.printStackTrace();
|
|
}
|
|
}
|
|
|
|
XMLDSigWithSecMgr() throws Exception {
|
|
setup();
|
|
Document doc = db.newDocument();
|
|
Element envelope = doc.createElementNS
|
|
("http://example.org/envelope", "Envelope");
|
|
envelope.setAttributeNS("http://www.w3.org/2000/xmlns/",
|
|
"xmlns", "http://example.org/envelope");
|
|
doc.appendChild(envelope);
|
|
|
|
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
|
|
KeyPair kp = kpg.genKeyPair();
|
|
|
|
// the policy only grants this test SocketPermission to accept, resolve
|
|
// and connect to localhost so that it can dereference 2nd reference
|
|
System.setProperty("java.security.policy",
|
|
System.getProperty("test.src", ".") + File.separator + "policy");
|
|
System.setSecurityManager(new SecurityManager());
|
|
|
|
try {
|
|
// generate a signature with SecurityManager enabled
|
|
ArrayList refs = new ArrayList();
|
|
refs.add(fac.newReference
|
|
("", sha1,
|
|
Collections.singletonList
|
|
(fac.newTransform(Transform.ENVELOPED,
|
|
(TransformParameterSpec) null)), null, null));
|
|
refs.add(fac.newReference("http://localhost:" + ss.getLocalPort()
|
|
+ "/anything.txt", sha1));
|
|
SignedInfo si = fac.newSignedInfo(withoutComments,
|
|
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);
|
|
XMLSignature sig = fac.newXMLSignature(si, null);
|
|
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), envelope);
|
|
sig.sign(dsc);
|
|
|
|
// validate a signature with SecurityManager enabled
|
|
DOMValidateContext dvc = new DOMValidateContext
|
|
(kp.getPublic(), envelope.getFirstChild());
|
|
|
|
// disable secure validation mode so that http reference will work
|
|
dvc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);
|
|
|
|
sig = fac.unmarshalXMLSignature(dvc);
|
|
if (!sig.validate(dvc)) {
|
|
throw new Exception
|
|
("XMLDSigWithSecMgr signature validation FAILED");
|
|
}
|
|
} catch (SecurityException se) {
|
|
throw new Exception("XMLDSigWithSecMgr FAILED", se);
|
|
}
|
|
ss.close();
|
|
}
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
new XMLDSigWithSecMgr();
|
|
}
|
|
}
|