santuario-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mul...@apache.org
Subject svn commit: r566775 - /xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/SecureXSLTTest.java
Date Thu, 16 Aug 2007 17:00:44 GMT
Author: mullan
Date: Thu Aug 16 10:00:42 2007
New Revision: 566775

URL: http://svn.apache.org/viewvc?view=rev&rev=566775
Log:
Test for bug 43145.

Added:
    xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/SecureXSLTTest.java

Added: xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/SecureXSLTTest.java
URL: http://svn.apache.org/viewvc/xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/SecureXSLTTest.java?view=auto&rev=566775
==============================================================================
--- xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/SecureXSLTTest.java (added)
+++ xml/security/trunk/src_unitTests/javax/xml/crypto/test/dsig/SecureXSLTTest.java Thu Aug
16 10:00:42 2007
@@ -0,0 +1,77 @@
+package javax.xml.crypto.test.dsig;
+
+import java.io.*;
+import java.security.Security;
+import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dsig.dom.*;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.w3c.dom.*;
+
+import junit.framework.*;
+import javax.xml.crypto.test.KeySelectors;
+
+public class SecureXSLTTest extends TestCase {
+
+    static {
+        Security.insertProviderAt
+            (new org.jcp.xml.dsig.internal.dom.XMLDSigRI(), 1);
+    }
+
+    public SecureXSLTTest(String name) {
+	super(name);
+    }
+
+    public void test() throws Exception {
+
+        String fs = System.getProperty("file.separator");
+        File baseDir = new File(System.getProperty("basedir") + fs + "data" 
+	    + fs + "javax" + fs + "xml" + fs + "crypto", "dsig");
+
+        String[] signatures =
+            { "signature1.xml", "signature2.xml", "signature3.xml" };
+
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(true);
+        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
+        File f = new File("doc.xml");
+        for (int i=0; i<signatures.length; i++) {
+	    String signature = signatures[i];
+            System.out.println("Validating " + signature);
+            Document doc = dbf.newDocumentBuilder().parse
+                (new FileInputStream(new File(baseDir, signature)));
+
+            NodeList nl =
+                doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+            if (nl.getLength() == 0) {
+                throw new Exception("Cannot find Signature element");
+            }
+
+            DOMValidateContext valContext = new DOMValidateContext
+                (new KeySelectors.KeyValueKeySelector(), nl.item(0));
+	    // enable reference caching in your validation context 
+	    valContext.setProperty
+    		("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+
+            // make sure file is not left over from previous run
+            f.delete();
+
+            XMLSignature sig = fac.unmarshalXMLSignature(valContext);
+            try {
+                if (sig.validate(valContext)) {
+                    System.err.println("Signature UNEXPECTEDLY passed validation");
+                }
+		Reference ref = (Reference) sig.getSignedInfo().getReferences().get(0);
+            } catch (XMLSignatureException xse) {
+                // this is good, but still make sure attack was not successful
+                // by falling through and checking if file was created
+//		xse.printStackTrace();
+            }
+            if (f.exists()) {
+                f.delete(); // cleanup file. comment out when debugging
+                throw new Exception
+                    ("Test FAILED: doc.xml was successfully created");
+            }
+        }
+        System.out.println("Test PASSED");
+    }
+}



Mime
View raw message