Path: blob/master/test/jdk/javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java
41154 views
/*1* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/**24* @test25* @bug 6436919 646093026* @summary check that XML Signatures can be generated and validated with27* SecurityManager enabled and default policy28* @run main/othervm -Djava.security.manager=allow XMLDSigWithSecMgr29* @author Sean Mullan30*/31import java.io.*;32import java.net.*;33import java.security.KeyPair;34import java.security.KeyPairGenerator;35import java.util.ArrayList;36import java.util.Collections;37import javax.xml.crypto.dsig.*;38import javax.xml.crypto.dsig.dom.DOMSignContext;39import javax.xml.crypto.dsig.dom.DOMValidateContext;40import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;41import javax.xml.crypto.dsig.spec.TransformParameterSpec;42import javax.xml.parsers.DocumentBuilder;43import javax.xml.parsers.DocumentBuilderFactory;44import org.w3c.dom.Document;45import org.w3c.dom.Element;4647public class XMLDSigWithSecMgr implements Runnable {4849private XMLSignatureFactory fac;50private DigestMethod sha1;51private CanonicalizationMethod withoutComments;52private DocumentBuilder db;5354private ServerSocket ss;5556private void setup() throws Exception {57ss = new ServerSocket(0);58Thread thr = new Thread(this);59thr.start();6061fac = XMLSignatureFactory.getInstance();62DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();63dbf.setNamespaceAware(true);64db = dbf.newDocumentBuilder();65sha1 = fac.newDigestMethod(DigestMethod.SHA1, null);66withoutComments = fac.newCanonicalizationMethod67(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec)null);68}6970public void run() {71try {7273for (int i=0; i<2; i++) {74Socket s = ss.accept();75s.setTcpNoDelay(true);7677PrintStream out = new PrintStream(78new BufferedOutputStream(79s.getOutputStream() ));8081out.print("HTTP/1.1 200 OK\r\n");82out.print("Content-Length: 11\r\n");83out.print("Content-Type: text/plain\r\n");84out.print("\r\n");85out.print("l;ajfdjafd\n");86out.flush();8788// don't close the connection immediately as otherwise89// the http headers may not have been received and the90// http client will re-connect.91Thread.currentThread().sleep(2000);9293s.close();94}9596} catch (Exception e) {97e.printStackTrace();98}99}100101XMLDSigWithSecMgr() throws Exception {102setup();103Document doc = db.newDocument();104Element envelope = doc.createElementNS105("http://example.org/envelope", "Envelope");106envelope.setAttributeNS("http://www.w3.org/2000/xmlns/",107"xmlns", "http://example.org/envelope");108doc.appendChild(envelope);109110KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");111KeyPair kp = kpg.genKeyPair();112113// the policy only grants this test SocketPermission to accept, resolve114// and connect to localhost so that it can dereference 2nd reference115System.setProperty("java.security.policy",116System.getProperty("test.src", ".") + File.separator + "policy");117System.setSecurityManager(new SecurityManager());118119try {120// generate a signature with SecurityManager enabled121ArrayList refs = new ArrayList();122refs.add(fac.newReference123("", sha1,124Collections.singletonList125(fac.newTransform(Transform.ENVELOPED,126(TransformParameterSpec) null)), null, null));127refs.add(fac.newReference("http://localhost:" + ss.getLocalPort()128+ "/anything.txt", sha1));129SignedInfo si = fac.newSignedInfo(withoutComments,130fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), refs);131XMLSignature sig = fac.newXMLSignature(si, null);132DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), envelope);133sig.sign(dsc);134135// validate a signature with SecurityManager enabled136DOMValidateContext dvc = new DOMValidateContext137(kp.getPublic(), envelope.getFirstChild());138139// disable secure validation mode so that http reference will work140dvc.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.FALSE);141142sig = fac.unmarshalXMLSignature(dvc);143if (!sig.validate(dvc)) {144throw new Exception145("XMLDSigWithSecMgr signature validation FAILED");146}147} catch (SecurityException se) {148throw new Exception("XMLDSigWithSecMgr FAILED", se);149}150ss.close();151}152153public static void main(String[] args) throws Exception {154new XMLDSigWithSecMgr();155}156}157158159