1 13 14 package org.ejbca.core.protocol.xkms; 15 16 import java.io.ByteArrayInputStream ; 17 import java.io.ByteArrayOutputStream ; 18 import java.io.File ; 19 import java.io.FileInputStream ; 20 import java.security.Key ; 21 import java.security.KeyPair ; 22 import java.security.KeyStore ; 23 import java.security.cert.Certificate ; 24 import java.security.cert.X509Certificate ; 25 import java.security.interfaces.RSAPublicKey ; 26 import java.util.ArrayList ; 27 import java.util.Random ; 28 29 import javax.crypto.SecretKey; 30 import javax.naming.Context ; 31 import javax.naming.NamingException ; 32 import javax.xml.bind.JAXBContext; 33 import javax.xml.bind.JAXBElement; 34 import javax.xml.bind.JAXBException; 35 import javax.xml.bind.Marshaller; 36 import javax.xml.bind.PropertyException; 37 import javax.xml.parsers.DocumentBuilderFactory ; 38 39 import junit.framework.TestCase; 40 41 import org.apache.log4j.Logger; 42 import org.apache.xml.security.utils.XMLUtils; 43 import org.ejbca.core.ejb.ra.IUserAdminSessionHome; 44 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote; 45 import org.ejbca.core.model.SecConst; 46 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 47 import org.ejbca.core.model.log.Admin; 48 import org.ejbca.core.protocol.xkms.client.XKMSInvoker; 49 import org.ejbca.core.protocol.xkms.common.XKMSConstants; 50 import org.ejbca.core.protocol.xkms.common.XKMSNamespacePrefixMapper; 51 import org.ejbca.core.protocol.xkms.common.XKMSUtil; 52 import org.ejbca.ui.cli.batch.BatchMakeP12; 53 import org.ejbca.util.CertTools; 54 import org.ejbca.util.KeyTools; 55 import org.w3._2000._09.xmldsig_.KeyInfoType; 56 import org.w3._2000._09.xmldsig_.RSAKeyValueType; 57 import org.w3._2002._03.xkms_.ObjectFactory; 58 import org.w3._2002._03.xkms_.PrototypeKeyBindingType; 59 import org.w3._2002._03.xkms_.QueryKeyBindingType; 60 import org.w3._2002._03.xkms_.RegisterRequestType; 61 import org.w3._2002._03.xkms_.UseKeyWithType; 62 import org.w3._2002._03.xkms_.ValidateRequestType; 63 import org.w3._2002._03.xkms_.ValidateResultType; 64 import org.w3c.dom.Document ; 65 import org.w3c.dom.Element ; 66 67 75 76 public class TestXKMSSig extends TestCase { 77 78 private static Logger log = Logger.getLogger(TestXKMSSig.class); 79 80 private ObjectFactory xKMSObjectFactory = new ObjectFactory(); 81 private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory(); 82 83 private static String baseUsername; 84 private IUserAdminSessionRemote cacheAdmin; 85 private IUserAdminSessionHome cacheHome; 86 87 private static String username; 88 private static File tmpfile; 89 private static File keystorefile; 90 91 private static JAXBContext jAXBContext = null; 92 private static Marshaller marshaller = null; 93 private static DocumentBuilderFactory dbf = null; 95 96 97 static{ 98 try { 99 CertTools.installBCProvider(); 100 org.apache.xml.security.Init.init(); 101 102 jAXBContext = JAXBContext.newInstance("org.w3._2002._03.xkms_:org.w3._2001._04.xmlenc_:org.w3._2000._09.xmldsig_"); 103 marshaller = jAXBContext.createMarshaller(); 104 try { 105 marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper",new XKMSNamespacePrefixMapper()); 106 } catch( PropertyException e ) { 107 log.error("Error registering namespace mapper property",e); 108 } 109 dbf = DocumentBuilderFactory.newInstance(); 110 dbf.setNamespaceAware(true); 111 113 } catch (JAXBException e) { 114 log.error("Error initializing RequestAbstractTypeResponseGenerator",e); 115 } 116 117 } 118 119 protected void setUp() throws Exception { 120 log.debug(">setUp()"); 121 122 123 124 if (cacheAdmin == null) { 125 if (cacheHome == null) { 126 Context jndiContext = getInitialContext(); 127 Object obj1 = jndiContext.lookup("UserAdminSession"); 128 cacheHome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IUserAdminSessionHome.class); 129 } 130 131 cacheAdmin = cacheHome.create(); 132 } 133 134 135 136 Random ran = new Random (); 137 if(baseUsername == null){ 138 baseUsername = "xkmstestadmin" + (ran.nextInt() % 1000) + "-"; 139 } 140 141 log.debug("<setUp()"); 142 } 143 144 protected void tearDown() throws Exception { 145 } 146 147 148 public void test00SetupAccessRights() throws Exception { 149 Admin administrator = new Admin(Admin.TYPE_RA_USER); 150 Object o = null; 151 username = baseUsername + "1"; 152 try { 153 int caid = CertTools.stringToBCDNString("CN=AdminCA1,O=EJBCA Sample,C=SE").hashCode(); 154 155 cacheAdmin.addUser(administrator, username, "foo123", "CN=superadmin", null,null, false, 156 SecConst.EMPTY_ENDENTITYPROFILE, SecConst.CERTPROFILE_FIXED_ENDUSER, 157 SecConst.USER_ADMINISTRATOR, SecConst.TOKEN_SOFT_JKS, 0, caid); 158 cacheAdmin.setClearTextPassword(administrator, username, "foo123"); 159 o = new String (""); 160 } catch (Exception e) { 161 assertNotNull("Failed to create user " + username, o); 162 } 163 164 BatchMakeP12 makep12 = new BatchMakeP12(); 165 tmpfile = new File ("p12"); 166 167 makep12.setMainStoreDir(tmpfile.getAbsolutePath()); 169 makep12.createAllNew(); 170 171 } 172 173 public void test01ClientSignature() throws Exception { 174 KeyStore clientKeyStore = Constants.getUserKeyStore(); 175 176 ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType(); 178 validateRequestType.setId("200"); 179 180 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 181 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 182 useKeyWithType.setIdentifier("Test"); 183 184 validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 185 186 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 187 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 188 validateRequestType.setQueryKeyBinding(queryKeyBindingType); 189 190 JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType); 191 192 193 String alias = "TEST"; 194 java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate )clientKeyStore.getCertificate(alias); 195 196 Key key = clientKeyStore.getKey(alias,"foo123".toCharArray()); 197 198 Document doc = dbf.newDocumentBuilder().newDocument(); 199 marshaller.marshal( validateRequest, doc ); 200 201 org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(doc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); 202 org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(doc); 203 transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_ENVELOPED_SIGNATURE); 204 transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS); 205 xmlSig.addDocument("#" + validateRequest.getValue().getId(), transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1); 206 xmlSig.addKeyInfo(pkCert); 207 doc.getDocumentElement().insertBefore( xmlSig.getElement() ,doc.getDocumentElement().getFirstChild()); 208 xmlSig.sign(key); 209 210 ByteArrayOutputStream baos = new ByteArrayOutputStream (); 212 213 XMLUtils.outputDOMc14nWithComments(doc, System.out); 214 215 XMLUtils.outputDOMc14nWithComments(doc, baos); 216 217 ByteArrayInputStream bais = new ByteArrayInputStream (baos.toByteArray()); 218 219 javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); 220 221 Document doc2 = db.parse(bais); 222 223 XMLUtils.outputDOMc14nWithComments(doc2, System.out); 224 225 org.w3c.dom.NodeList xmlSigs = doc2.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature"); 226 org.w3c.dom.Element xmlSigElement = (org.w3c.dom.Element )xmlSigs.item(0); 227 org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(xmlSigElement, null); 228 229 org.apache.xml.security.keys.KeyInfo keyInfo = xmlVerifySig.getKeyInfo(); 230 java.security.cert.X509Certificate verCert = keyInfo.getX509Certificate(); 231 232 assertTrue(xmlVerifySig.checkSignatureValue(verCert)); 233 234 } 235 public void test02SendSignedRequest() throws Exception { 236 237 KeyStore clientKeyStore = KeyStore.getInstance("JKS"); 238 keystorefile = new File (tmpfile.getAbsolutePath() + "/" + username + ".jks"); 239 clientKeyStore.load(new FileInputStream (keystorefile), "foo123".toCharArray()); 240 241 String alias = "superadmin"; 242 java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate )clientKeyStore.getCertificate(alias); 243 Key key = clientKeyStore.getKey(alias,"foo123".toCharArray()); 244 Certificate [] trustedcerts = clientKeyStore.getCertificateChain(alias); 245 ArrayList trustcol = new ArrayList (); 246 for(int i=0;i<trustedcerts.length;i++ ){ 247 if(((X509Certificate )trustedcerts[i]).getBasicConstraints() != -1){ 248 trustcol.add(trustedcerts[i]); 249 } 250 } 251 252 XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",trustcol); 253 254 ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType(); 256 validateRequestType.setId("200"); 257 258 259 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 260 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 261 useKeyWithType.setIdentifier("Test"); 262 263 validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 264 265 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 266 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 267 validateRequestType.setQueryKeyBinding(queryKeyBindingType); 268 269 JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType); 270 271 272 273 Document doc = dbf.newDocumentBuilder().newDocument(); 274 marshaller.marshal( validateRequest, doc ); 275 276 ValidateResultType validateResultType = xKMSInvoker.validate(validateRequestType, pkCert, key); 277 278 279 assertTrue(validateResultType.getRequestId().equals("200")); 280 assertTrue(validateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS)); 281 282 } 283 284 public void test03SendUntrustedRequest() throws Exception { 285 KeyStore clientKeyStore = Constants.getUserKeyStore(); 286 KeyStore trustKeyStore = KeyStore.getInstance("JKS"); 287 keystorefile = new File (tmpfile.getAbsolutePath() + "/" + username + ".jks"); 288 trustKeyStore.load(new FileInputStream (keystorefile), "foo123".toCharArray()); 289 290 String alias = "TEST"; 291 java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate )clientKeyStore.getCertificate(alias); 292 Key key = clientKeyStore.getKey(alias,"foo123".toCharArray()); 293 Certificate [] trustedcerts = trustKeyStore.getCertificateChain("superadmin"); 294 ArrayList trustcol = new ArrayList (); 295 for(int i=0;i<trustedcerts.length;i++ ){ 296 if(((X509Certificate )trustedcerts[i]).getBasicConstraints() != -1){ 297 trustcol.add(trustedcerts[i]); 298 } 299 } 300 301 XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",trustcol); 302 303 ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType(); 305 validateRequestType.setId("201"); 306 307 308 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 309 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 310 useKeyWithType.setIdentifier("Test"); 311 312 validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 313 314 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 315 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 316 validateRequestType.setQueryKeyBinding(queryKeyBindingType); 317 318 JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType); 319 320 321 322 Document doc = dbf.newDocumentBuilder().newDocument(); 323 marshaller.marshal( validateRequest, doc ); 324 325 ValidateResultType validateResultType = xKMSInvoker.validate(validateRequestType, pkCert, key); 326 327 328 assertTrue(validateResultType.getRequestId().equals("201")); 329 assertTrue(validateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 330 assertTrue(validateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)); 331 } 332 333 public void test04SendRevokedRequest() throws Exception { 334 335 cacheAdmin.revokeUser(new Admin(Admin.TYPE_RA_USER), username, RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE); 336 337 KeyStore clientKeyStore = KeyStore.getInstance("JKS"); 338 keystorefile = new File (tmpfile.getAbsolutePath() + "/" + username + ".jks"); 339 clientKeyStore.load(new FileInputStream (keystorefile), "foo123".toCharArray()); 340 341 String alias = "superadmin"; 342 java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate )clientKeyStore.getCertificate(alias); 343 Key key = clientKeyStore.getKey(alias,"foo123".toCharArray()); 344 Certificate [] trustedcerts = clientKeyStore.getCertificateChain(alias); 345 ArrayList trustcol = new ArrayList (); 346 for(int i=0;i<trustedcerts.length;i++ ){ 347 if(((X509Certificate )trustedcerts[i]).getBasicConstraints() != -1){ 348 trustcol.add(trustedcerts[i]); 349 } 350 } 351 352 XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",trustcol); 353 354 ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType(); 356 validateRequestType.setId("200"); 357 358 359 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 360 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP); 361 useKeyWithType.setIdentifier("Test"); 362 363 validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 364 365 QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType(); 366 queryKeyBindingType.getUseKeyWith().add(useKeyWithType); 367 validateRequestType.setQueryKeyBinding(queryKeyBindingType); 368 369 JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType); 370 371 372 373 Document doc = dbf.newDocumentBuilder().newDocument(); 374 marshaller.marshal( validateRequest, doc ); 375 376 ValidateResultType validateResultType = xKMSInvoker.validate(validateRequestType, pkCert, key); 377 378 379 assertTrue(validateResultType.getRequestId().equals("200")); 380 assertTrue(validateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER)); 381 assertTrue(validateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION)); 382 383 } 384 public void test05POPSignature() throws Exception { 385 386 KeyStore clientKeyStore = Constants.getUserKeyStore(); 387 388 String alias = "TEST"; 389 java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate )clientKeyStore.getCertificate(alias); 390 391 Key key = clientKeyStore.getKey(alias,"foo123".toCharArray()); 392 393 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 394 registerRequestType.setId("500"); 395 396 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 397 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 398 useKeyWithType.setIdentifier("CN=Test Testarsson"); 399 400 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 401 402 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 403 RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType(); 404 rsaKeyValueType.setExponent(((RSAPublicKey ) pkCert.getPublicKey()).getPublicExponent().toByteArray()); 405 rsaKeyValueType.setModulus(((RSAPublicKey ) pkCert.getPublicKey()).getModulus().toByteArray()); 406 JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType); 407 keyInfoType.getContent().add(rsaKeyValue); 408 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 409 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 410 prototypeKeyBindingType.setKeyInfo(keyInfoType); 411 prototypeKeyBindingType.setId("100231"); 412 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 413 JAXBElement<RegisterRequestType> registerRequest = xKMSObjectFactory.createRegisterRequest(registerRequestType); 414 415 Document registerRequestDoc = dbf.newDocumentBuilder().newDocument(); 416 marshaller.marshal( registerRequest, registerRequestDoc ); 417 418 Element prototypeKeyBindingTag = (Element) registerRequestDoc.getDocumentElement().getElementsByTagNameNS("http://www.w3.org/2002/03/xkms#", "PrototypeKeyBinding").item(0); 419 assertTrue(prototypeKeyBindingTag != null); 420 421 org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(registerRequestDoc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); 422 org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(registerRequestDoc); 423 transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS); 424 xmlSig.addDocument("#" + prototypeKeyBindingType.getId(), transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1); 425 426 xmlSig.sign(key); 427 428 Element pOPElement = registerRequestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "ProofOfPossession"); 429 pOPElement.appendChild(xmlSig.getElement().cloneNode(true)); 430 registerRequestDoc.getDocumentElement().appendChild(pOPElement); 431 432 XMLUtils.outputDOMc14nWithComments(registerRequestDoc, System.out); 433 434 435 436 ByteArrayOutputStream baos = new ByteArrayOutputStream (); 437 438 XMLUtils.outputDOMc14nWithComments(registerRequestDoc, baos); 439 440 ByteArrayInputStream bais = new ByteArrayInputStream (baos.toByteArray()); 441 442 javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); 443 444 Document doc2 = db.parse(bais); 445 446 XMLUtils.outputDOMc14nWithComments(doc2, System.out); 447 448 org.w3c.dom.NodeList xmlSigs = doc2.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature"); 449 org.w3c.dom.Element xmlSigElement = (org.w3c.dom.Element )xmlSigs.item(0); 450 org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(xmlSigElement, null); 451 452 453 assertTrue(xmlVerifySig.checkSignatureValue(pkCert.getPublicKey())); 454 455 KeyPair keyPair= KeyTools.genKeys("1024", "RSA"); 456 assertFalse(xmlVerifySig.checkSignatureValue(keyPair.getPublic())); 457 } 458 459 460 public void test06AuthenticationKeyBindingSignature() throws Exception { 461 KeyStore clientKeyStore = Constants.getUserKeyStore(); 462 KeyPair keyPair= KeyTools.genKeys("1024", "RSA"); 463 464 String alias = "TEST"; 465 java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate )clientKeyStore.getCertificate(alias); 466 467 RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType(); 468 registerRequestType.setId("500"); 469 470 UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType(); 471 useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX); 472 useKeyWithType.setIdentifier("CN=Test Testarsson"); 473 474 registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN); 475 476 KeyInfoType keyInfoType = sigFactory.createKeyInfoType(); 477 RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType(); 478 rsaKeyValueType.setExponent(((RSAPublicKey ) keyPair.getPublic()).getPublicExponent().toByteArray()); 479 rsaKeyValueType.setModulus(((RSAPublicKey ) keyPair.getPublic()).getModulus().toByteArray()); 480 JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType); 481 keyInfoType.getContent().add(rsaKeyValue); 482 PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType(); 483 prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType); 484 prototypeKeyBindingType.setKeyInfo(keyInfoType); 485 prototypeKeyBindingType.setId("100231"); 486 registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType); 487 JAXBElement<RegisterRequestType> registerRequest = xKMSObjectFactory.createRegisterRequest(registerRequestType); 488 489 Document registerRequestDoc = dbf.newDocumentBuilder().newDocument(); 490 marshaller.marshal( registerRequest, registerRequestDoc ); 491 492 String authenticationData= "024837"; 493 494 SecretKey sk = XKMSUtil.getSecretKeyFromPassphrase(authenticationData, true, 20, XKMSUtil.KEY_AUTHENTICATION); 495 496 org.apache.xml.security.signature.XMLSignature authXMLSig = new org.apache.xml.security.signature.XMLSignature(registerRequestDoc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_MAC_HMAC_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); 497 org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(registerRequestDoc); 498 transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS); 499 authXMLSig.addDocument("#" + prototypeKeyBindingType.getId(), transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1); 500 501 authXMLSig.sign(sk); 502 503 Element authenticationElement = registerRequestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "Authentication"); 504 Element keyBindingAuthenticationElement = registerRequestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "KeyBindingAuthentication"); 505 keyBindingAuthenticationElement.appendChild(authXMLSig.getElement().cloneNode(true)); 506 authenticationElement.appendChild(keyBindingAuthenticationElement); 507 registerRequestDoc.getDocumentElement().appendChild(authenticationElement); 508 509 org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(registerRequestDoc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); 510 transforms = new org.apache.xml.security.transforms.Transforms(registerRequestDoc); 511 transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS); 512 513 xmlSig.addDocument("#" + prototypeKeyBindingType.getId(), transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1); 514 515 xmlSig.sign(keyPair.getPrivate()); 516 517 Element pOPElement = registerRequestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "ProofOfPossession"); 518 pOPElement.appendChild(xmlSig.getElement().cloneNode(true)); 519 registerRequestDoc.getDocumentElement().appendChild(pOPElement); 520 521 XMLUtils.outputDOMc14nWithComments(registerRequestDoc, System.out); 522 523 ByteArrayOutputStream baos = new ByteArrayOutputStream (); 524 525 XMLUtils.outputDOMc14nWithComments(registerRequestDoc, baos); 526 527 ByteArrayInputStream bais = new ByteArrayInputStream (baos.toByteArray()); 528 529 javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); 530 531 Document doc2 = db.parse(bais); 532 533 XMLUtils.outputDOMc14nWithComments(doc2, System.out); 534 535 org.w3c.dom.NodeList authenticationElements = doc2.getElementsByTagNameNS("http://www.w3.org/2002/03/xkms#", "Authentication"); 537 assertTrue(authenticationElements.getLength() == 1); 538 Element ae = (Element) authenticationElements.item(0); 539 540 org.w3c.dom.NodeList xmlSigs = ae.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature"); 541 542 org.w3c.dom.Element xmlSigElement = (org.w3c.dom.Element )xmlSigs.item(0); 543 org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(xmlSigElement, null); 544 545 assertTrue(xmlVerifySig.checkSignatureValue(sk)); 546 547 548 org.w3c.dom.NodeList pOPElements = doc2.getElementsByTagNameNS("http://www.w3.org/2002/03/xkms#", "ProofOfPossession"); 550 assertTrue(pOPElements.getLength() == 1); 551 Element pOPe = (Element) pOPElements.item(0); 552 org.w3c.dom.NodeList popVerXmlSigs = pOPe.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature"); 553 assertTrue(popVerXmlSigs.getLength() == 1); 554 org.w3c.dom.Element popVerXmlSigElement = (org.w3c.dom.Element )popVerXmlSigs.item(0); 555 org.apache.xml.security.signature.XMLSignature popVerXmlSig = new org.apache.xml.security.signature.XMLSignature(popVerXmlSigElement, null); 556 assertTrue(popVerXmlSig.checkSignatureValue(keyPair.getPublic())); 557 assertFalse(popVerXmlSig.checkSignatureValue(pkCert.getPublicKey())); 558 } 559 560 561 562 563 public void test99RemoveUser() throws Exception { 564 Admin administrator = new Admin(Admin.TYPE_RA_USER); 565 cacheAdmin.deleteUser(administrator, username); 566 keystorefile.deleteOnExit(); 567 } 568 569 570 571 572 573 574 private Context getInitialContext() throws NamingException { 575 log.debug(">getInitialContext"); 576 577 Context ctx = new javax.naming.InitialContext (); 578 log.debug("<getInitialContext"); 579 580 return ctx; 581 } 582 583 584 } 585 | Popular Tags |