Path: blob/master/test/jdk/javax/xml/crypto/dsig/SignatureValidator.java
41152 views
/*1* Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.io.*;24import java.util.*;25import java.security.MessageDigest;26import javax.xml.crypto.*;27import javax.xml.crypto.dsig.*;28import javax.xml.crypto.dsig.dom.DOMValidateContext;29import javax.xml.crypto.dom.*;30import javax.xml.parsers.DocumentBuilderFactory;31import javax.xml.parsers.DocumentBuilder;32import org.w3c.dom.Document;33import org.w3c.dom.Node;34import org.w3c.dom.NodeList;35import org.w3c.dom.Element;3637/**38* This is a class which performs xml signature validation upon request39*/40class SignatureValidator {4142private File dir;4344SignatureValidator(File base) {45dir = base;46}4748boolean validate(String fn, KeySelector ks, boolean cache)49throws Exception {50return validate(fn, ks, null, cache);51}5253boolean validate(String fn, KeySelector ks, URIDereferencer ud,54boolean cache) throws Exception {5556DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();57dbf.setNamespaceAware(true);58dbf.setValidating(false);59Document doc = dbf.newDocumentBuilder().parse(new File(dir, fn));60NodeList nl =61doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");62if (nl.getLength() == 0) {63throw new Exception("Couldn't find signature Element");64}65Element sigElement = (Element) nl.item(0);66DOMValidateContext vc = new DOMValidateContext(ks, sigElement);67vc.setBaseURI(dir.toURI().toString());68if (cache) {69vc.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);70}71XMLSignatureFactory factory = XMLSignatureFactory.getInstance();72XMLSignature signature = factory.unmarshalXMLSignature(vc);73if (ud != null) {74vc.setURIDereferencer(ud);75}76boolean coreValidity = signature.validate(vc);7778// Check reference cache79if (cache) {80Iterator<Reference> i =81signature.getSignedInfo().getReferences().iterator();82for (int j = 0; i.hasNext(); j++) {83Reference ref = i.next();84if (!digestInputEqual(ref)) {85throw new Exception86("cached data for Reference[" + j + "] is not correct");87}88// check that dereferenced data does not contain comment nodes89if (ref.getURI() == "") {90System.out.println("checking deref data");91@SuppressWarnings("unchecked")92NodeSetData<Node> data =93(NodeSetData<Node>)ref.getDereferencedData();94for (Node n : data) {95if (n.getNodeType() == Node.COMMENT_NODE) {96throw new Exception("dereferenced data for " +97" Reference[" + j + " contains comment node");98}99}100}101}102}103return coreValidity;104}105106private boolean digestInputEqual(Reference ref) throws Exception {107MessageDigest md = MessageDigest.getInstance("SHA1");108InputStream is = ref.getDigestInputStream();109int nbytes;110byte[] buf = new byte[256];111while ((nbytes = is.read(buf, 0, buf.length)) != -1) {112md.update(buf, 0, nbytes);113}114return Arrays.equals(md.digest(), ref.getDigestValue());115}116}117118119