KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > protocol > xkms > TestXKMSSig


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13
14 package org.ejbca.core.protocol.xkms;
15
16 import java.io.ByteArrayInputStream JavaDoc;
17 import java.io.ByteArrayOutputStream JavaDoc;
18 import java.io.File JavaDoc;
19 import java.io.FileInputStream JavaDoc;
20 import java.security.Key JavaDoc;
21 import java.security.KeyPair JavaDoc;
22 import java.security.KeyStore JavaDoc;
23 import java.security.cert.Certificate JavaDoc;
24 import java.security.cert.X509Certificate JavaDoc;
25 import java.security.interfaces.RSAPublicKey JavaDoc;
26 import java.util.ArrayList JavaDoc;
27 import java.util.Random JavaDoc;
28
29 import javax.crypto.SecretKey;
30 import javax.naming.Context JavaDoc;
31 import javax.naming.NamingException JavaDoc;
32 import javax.xml.bind.JAXBContext;
33 import javax.xml.bind.JAXBElement;
34 import javax.xml.bind.JAXBException;
35 import javax.xml.bind.Marshaller;
36 import javax.xml.bind.PropertyException;
37 import javax.xml.parsers.DocumentBuilderFactory JavaDoc;
38
39 import junit.framework.TestCase;
40
41 import org.apache.log4j.Logger;
42 import org.apache.xml.security.utils.XMLUtils;
43 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
44 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
45 import org.ejbca.core.model.SecConst;
46 import org.ejbca.core.model.ca.crl.RevokedCertInfo;
47 import org.ejbca.core.model.log.Admin;
48 import org.ejbca.core.protocol.xkms.client.XKMSInvoker;
49 import org.ejbca.core.protocol.xkms.common.XKMSConstants;
50 import org.ejbca.core.protocol.xkms.common.XKMSNamespacePrefixMapper;
51 import org.ejbca.core.protocol.xkms.common.XKMSUtil;
52 import org.ejbca.ui.cli.batch.BatchMakeP12;
53 import org.ejbca.util.CertTools;
54 import org.ejbca.util.KeyTools;
55 import org.w3._2000._09.xmldsig_.KeyInfoType;
56 import org.w3._2000._09.xmldsig_.RSAKeyValueType;
57 import org.w3._2002._03.xkms_.ObjectFactory;
58 import org.w3._2002._03.xkms_.PrototypeKeyBindingType;
59 import org.w3._2002._03.xkms_.QueryKeyBindingType;
60 import org.w3._2002._03.xkms_.RegisterRequestType;
61 import org.w3._2002._03.xkms_.UseKeyWithType;
62 import org.w3._2002._03.xkms_.ValidateRequestType;
63 import org.w3._2002._03.xkms_.ValidateResultType;
64 import org.w3c.dom.Document JavaDoc;
65 import org.w3c.dom.Element JavaDoc;
66
67 /**
68  *
69  *
70  *
71  * @author Philip Vendil 2006 sep 27
72  *
73  * @version $Id: TestXKMSSig.java,v 1.3 2007/01/05 05:33:27 herrvendil Exp $
74  */

75
76 public class TestXKMSSig extends TestCase {
77     
78     private static Logger log = Logger.getLogger(TestXKMSSig.class);
79         
80     private ObjectFactory xKMSObjectFactory = new ObjectFactory();
81     private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
82     
83     private static String JavaDoc baseUsername;
84     private IUserAdminSessionRemote cacheAdmin;
85     private IUserAdminSessionHome cacheHome;
86     
87     private static String JavaDoc username;
88     private static File JavaDoc tmpfile;
89     private static File JavaDoc keystorefile;
90     
91     private static JAXBContext jAXBContext = null;
92     private static Marshaller marshaller = null;
93     //private static Unmarshaller unmarshaller = null;
94
private static DocumentBuilderFactory JavaDoc dbf = null;
95
96     
97     static{
98         try {
99             CertTools.installBCProvider();
100             org.apache.xml.security.Init.init();
101
102             jAXBContext = JAXBContext.newInstance("org.w3._2002._03.xkms_:org.w3._2001._04.xmlenc_:org.w3._2000._09.xmldsig_");
103             marshaller = jAXBContext.createMarshaller();
104             try {
105                 marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper",new XKMSNamespacePrefixMapper());
106             } catch( PropertyException e ) {
107                 log.error("Error registering namespace mapper property",e);
108             }
109             dbf = DocumentBuilderFactory.newInstance();
110             dbf.setNamespaceAware(true);
111             //unmarshaller = jAXBContext.createUnmarshaller();
112

113         } catch (JAXBException e) {
114             log.error("Error initializing RequestAbstractTypeResponseGenerator",e);
115         }
116
117     }
118
119     protected void setUp() throws Exception JavaDoc {
120         log.debug(">setUp()");
121         
122         
123         
124         if (cacheAdmin == null) {
125             if (cacheHome == null) {
126                 Context JavaDoc jndiContext = getInitialContext();
127                 Object JavaDoc obj1 = jndiContext.lookup("UserAdminSession");
128                 cacheHome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj1, IUserAdminSessionHome.class);
129             }
130
131             cacheAdmin = cacheHome.create();
132         }
133
134         
135         
136         Random JavaDoc ran = new Random JavaDoc();
137         if(baseUsername == null){
138           baseUsername = "xkmstestadmin" + (ran.nextInt() % 1000) + "-";
139         }
140
141         log.debug("<setUp()");
142     }
143
144     protected void tearDown() throws Exception JavaDoc {
145     }
146
147     
148     public void test00SetupAccessRights() throws Exception JavaDoc {
149         Admin administrator = new Admin(Admin.TYPE_RA_USER);
150         Object JavaDoc o = null;
151         username = baseUsername + "1";
152         try {
153             int caid = CertTools.stringToBCDNString("CN=AdminCA1,O=EJBCA Sample,C=SE").hashCode();
154             
155             cacheAdmin.addUser(administrator, username, "foo123", "CN=superadmin", null,null, false,
156                     SecConst.EMPTY_ENDENTITYPROFILE, SecConst.CERTPROFILE_FIXED_ENDUSER,
157                     SecConst.USER_ADMINISTRATOR, SecConst.TOKEN_SOFT_JKS, 0, caid);
158             cacheAdmin.setClearTextPassword(administrator, username, "foo123");
159             o = new String JavaDoc("");
160         } catch (Exception JavaDoc e) {
161             assertNotNull("Failed to create user " + username, o);
162         }
163         
164         BatchMakeP12 makep12 = new BatchMakeP12();
165         tmpfile = new File JavaDoc("p12");
166
167         //System.out.println("tempdir="+tmpfile.getParent());
168
makep12.setMainStoreDir(tmpfile.getAbsolutePath());
169         makep12.createAllNew();
170         
171     }
172     
173     public void test01ClientSignature() throws Exception JavaDoc {
174         KeyStore JavaDoc clientKeyStore = Constants.getUserKeyStore();
175         
176         // Test simple validate
177
ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType();
178         validateRequestType.setId("200");
179             
180         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
181         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
182         useKeyWithType.setIdentifier("Test");
183         
184         validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
185         
186         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
187         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
188         validateRequestType.setQueryKeyBinding(queryKeyBindingType);
189
190         JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType);
191         
192         
193         String JavaDoc alias = "TEST";
194         java.security.cert.X509Certificate JavaDoc pkCert = (java.security.cert.X509Certificate JavaDoc)clientKeyStore.getCertificate(alias);
195             
196         Key JavaDoc key = clientKeyStore.getKey(alias,"foo123".toCharArray());
197         
198         Document JavaDoc doc = dbf.newDocumentBuilder().newDocument();
199         marshaller.marshal( validateRequest, doc );
200
201         org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(doc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
202         org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(doc);
203         transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
204         transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
205         xmlSig.addDocument("#" + validateRequest.getValue().getId(), transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
206         xmlSig.addKeyInfo(pkCert);
207         doc.getDocumentElement().insertBefore( xmlSig.getElement() ,doc.getDocumentElement().getFirstChild());
208         xmlSig.sign(key);
209         
210         //DOMSource dOMSource = new DOMSource(doc);
211
ByteArrayOutputStream JavaDoc baos = new ByteArrayOutputStream JavaDoc();
212         
213         XMLUtils.outputDOMc14nWithComments(doc, System.out);
214         
215         XMLUtils.outputDOMc14nWithComments(doc, baos);
216         
217         ByteArrayInputStream JavaDoc bais = new ByteArrayInputStream JavaDoc(baos.toByteArray());
218         
219         javax.xml.parsers.DocumentBuilder JavaDoc db = dbf.newDocumentBuilder();
220         
221         Document JavaDoc doc2 = db.parse(bais);
222         
223         XMLUtils.outputDOMc14nWithComments(doc2, System.out);
224         
225         org.w3c.dom.NodeList JavaDoc xmlSigs = doc2.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
226         org.w3c.dom.Element JavaDoc xmlSigElement = (org.w3c.dom.Element JavaDoc)xmlSigs.item(0);
227         org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(xmlSigElement, null);
228         
229         org.apache.xml.security.keys.KeyInfo keyInfo = xmlVerifySig.getKeyInfo();
230         java.security.cert.X509Certificate JavaDoc verCert = keyInfo.getX509Certificate();
231         
232         assertTrue(xmlVerifySig.checkSignatureValue(verCert));
233
234     }
235     public void test02SendSignedRequest() throws Exception JavaDoc {
236         
237         KeyStore JavaDoc clientKeyStore = KeyStore.getInstance("JKS");
238         keystorefile = new File JavaDoc(tmpfile.getAbsolutePath() + "/" + username + ".jks");
239         clientKeyStore.load(new FileInputStream JavaDoc(keystorefile), "foo123".toCharArray());
240         
241         String JavaDoc alias = "superadmin";
242         java.security.cert.X509Certificate JavaDoc pkCert = (java.security.cert.X509Certificate JavaDoc)clientKeyStore.getCertificate(alias);
243         Key JavaDoc key = clientKeyStore.getKey(alias,"foo123".toCharArray());
244         Certificate JavaDoc[] trustedcerts = clientKeyStore.getCertificateChain(alias);
245         ArrayList JavaDoc trustcol = new ArrayList JavaDoc();
246         for(int i=0;i<trustedcerts.length;i++ ){
247             if(((X509Certificate JavaDoc)trustedcerts[i]).getBasicConstraints() != -1){
248               trustcol.add(trustedcerts[i]);
249             }
250         }
251         
252         XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",trustcol);
253         
254         // Test simple validate
255
ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType();
256         validateRequestType.setId("200");
257             
258         
259         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
260         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
261         useKeyWithType.setIdentifier("Test");
262         
263         validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
264         
265         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
266         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
267         validateRequestType.setQueryKeyBinding(queryKeyBindingType);
268
269         JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType);
270         
271
272         
273         Document JavaDoc doc = dbf.newDocumentBuilder().newDocument();
274         marshaller.marshal( validateRequest, doc );
275         
276         ValidateResultType validateResultType = xKMSInvoker.validate(validateRequestType, pkCert, key);
277         
278         
279         assertTrue(validateResultType.getRequestId().equals("200"));
280         assertTrue(validateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SUCCESS));
281  
282     }
283         
284     public void test03SendUntrustedRequest() throws Exception JavaDoc {
285         KeyStore JavaDoc clientKeyStore = Constants.getUserKeyStore();
286         KeyStore JavaDoc trustKeyStore = KeyStore.getInstance("JKS");
287         keystorefile = new File JavaDoc(tmpfile.getAbsolutePath() + "/" + username + ".jks");
288         trustKeyStore.load(new FileInputStream JavaDoc(keystorefile), "foo123".toCharArray());
289         
290         String JavaDoc alias = "TEST";
291         java.security.cert.X509Certificate JavaDoc pkCert = (java.security.cert.X509Certificate JavaDoc)clientKeyStore.getCertificate(alias);
292         Key JavaDoc key = clientKeyStore.getKey(alias,"foo123".toCharArray());
293         Certificate JavaDoc[] trustedcerts = trustKeyStore.getCertificateChain("superadmin");
294         ArrayList JavaDoc trustcol = new ArrayList JavaDoc();
295         for(int i=0;i<trustedcerts.length;i++ ){
296             if(((X509Certificate JavaDoc)trustedcerts[i]).getBasicConstraints() != -1){
297               trustcol.add(trustedcerts[i]);
298             }
299         }
300         
301         XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",trustcol);
302         
303         // Test simple validate
304
ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType();
305         validateRequestType.setId("201");
306             
307         
308         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
309         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
310         useKeyWithType.setIdentifier("Test");
311         
312         validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
313         
314         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
315         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
316         validateRequestType.setQueryKeyBinding(queryKeyBindingType);
317
318         JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType);
319         
320
321         
322         Document JavaDoc doc = dbf.newDocumentBuilder().newDocument();
323         marshaller.marshal( validateRequest, doc );
324         
325         ValidateResultType validateResultType = xKMSInvoker.validate(validateRequestType, pkCert, key);
326         
327         
328         assertTrue(validateResultType.getRequestId().equals("201"));
329         assertTrue(validateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER));
330         assertTrue(validateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION));
331     }
332     
333     public void test04SendRevokedRequest() throws Exception JavaDoc {
334         
335         cacheAdmin.revokeUser(new Admin(Admin.TYPE_RA_USER), username, RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE);
336         
337         KeyStore JavaDoc clientKeyStore = KeyStore.getInstance("JKS");
338         keystorefile = new File JavaDoc(tmpfile.getAbsolutePath() + "/" + username + ".jks");
339         clientKeyStore.load(new FileInputStream JavaDoc(keystorefile), "foo123".toCharArray());
340         
341         String JavaDoc alias = "superadmin";
342         java.security.cert.X509Certificate JavaDoc pkCert = (java.security.cert.X509Certificate JavaDoc)clientKeyStore.getCertificate(alias);
343         Key JavaDoc key = clientKeyStore.getKey(alias,"foo123".toCharArray());
344         Certificate JavaDoc[] trustedcerts = clientKeyStore.getCertificateChain(alias);
345         ArrayList JavaDoc trustcol = new ArrayList JavaDoc();
346         for(int i=0;i<trustedcerts.length;i++ ){
347             if(((X509Certificate JavaDoc)trustedcerts[i]).getBasicConstraints() != -1){
348               trustcol.add(trustedcerts[i]);
349             }
350         }
351         
352         XKMSInvoker xKMSInvoker = new XKMSInvoker("http://localhost:8080/ejbca/xkms/xkms",trustcol);
353         
354         // Test simple validate
355
ValidateRequestType validateRequestType = xKMSObjectFactory.createValidateRequestType();
356         validateRequestType.setId("200");
357             
358         
359         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
360         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
361         useKeyWithType.setIdentifier("Test");
362         
363         validateRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
364         
365         QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory.createQueryKeyBindingType();
366         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
367         validateRequestType.setQueryKeyBinding(queryKeyBindingType);
368
369         JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory.createValidateRequest(validateRequestType);
370         
371
372         
373         Document JavaDoc doc = dbf.newDocumentBuilder().newDocument();
374         marshaller.marshal( validateRequest, doc );
375         
376         ValidateResultType validateResultType = xKMSInvoker.validate(validateRequestType, pkCert, key);
377         
378         
379         assertTrue(validateResultType.getRequestId().equals("200"));
380         assertTrue(validateResultType.getResultMajor().equals(XKMSConstants.RESULTMAJOR_SENDER));
381         assertTrue(validateResultType.getResultMinor().equals(XKMSConstants.RESULTMINOR_NOAUTHENTICATION));
382
383     }
384     public void test05POPSignature() throws Exception JavaDoc {
385
386         KeyStore JavaDoc clientKeyStore = Constants.getUserKeyStore();
387         
388         String JavaDoc alias = "TEST";
389         java.security.cert.X509Certificate JavaDoc pkCert = (java.security.cert.X509Certificate JavaDoc)clientKeyStore.getCertificate(alias);
390             
391         Key JavaDoc key = clientKeyStore.getKey(alias,"foo123".toCharArray());
392         
393         RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType();
394         registerRequestType.setId("500");
395             
396         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
397         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
398         useKeyWithType.setIdentifier("CN=Test Testarsson");
399         
400         registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
401         
402         KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
403         RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType();
404         rsaKeyValueType.setExponent(((RSAPublicKey JavaDoc) pkCert.getPublicKey()).getPublicExponent().toByteArray());
405         rsaKeyValueType.setModulus(((RSAPublicKey JavaDoc) pkCert.getPublicKey()).getModulus().toByteArray());
406         JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType);
407         keyInfoType.getContent().add(rsaKeyValue);
408         PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType();
409         prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
410         prototypeKeyBindingType.setKeyInfo(keyInfoType);
411         prototypeKeyBindingType.setId("100231");
412         registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType);
413         JAXBElement<RegisterRequestType> registerRequest = xKMSObjectFactory.createRegisterRequest(registerRequestType);
414                         
415         Document JavaDoc registerRequestDoc = dbf.newDocumentBuilder().newDocument();
416         marshaller.marshal( registerRequest, registerRequestDoc );
417
418         Element prototypeKeyBindingTag = (Element) registerRequestDoc.getDocumentElement().getElementsByTagNameNS("http://www.w3.org/2002/03/xkms#", "PrototypeKeyBinding").item(0);
419         assertTrue(prototypeKeyBindingTag != null);
420         
421         org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(registerRequestDoc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
422         org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(registerRequestDoc);
423         transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
424         xmlSig.addDocument("#" + prototypeKeyBindingType.getId(), transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
425     
426         xmlSig.sign(key);
427         
428         Element pOPElement = registerRequestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "ProofOfPossession");
429         pOPElement.appendChild(xmlSig.getElement().cloneNode(true));
430         registerRequestDoc.getDocumentElement().appendChild(pOPElement);
431         
432         XMLUtils.outputDOMc14nWithComments(registerRequestDoc, System.out);
433         
434         
435                         
436         ByteArrayOutputStream JavaDoc baos = new ByteArrayOutputStream JavaDoc();
437
438         XMLUtils.outputDOMc14nWithComments(registerRequestDoc, baos);
439         
440         ByteArrayInputStream JavaDoc bais = new ByteArrayInputStream JavaDoc(baos.toByteArray());
441         
442         javax.xml.parsers.DocumentBuilder JavaDoc db = dbf.newDocumentBuilder();
443         
444         Document JavaDoc doc2 = db.parse(bais);
445         
446         XMLUtils.outputDOMc14nWithComments(doc2, System.out);
447         
448         org.w3c.dom.NodeList JavaDoc xmlSigs = doc2.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
449         org.w3c.dom.Element JavaDoc xmlSigElement = (org.w3c.dom.Element JavaDoc)xmlSigs.item(0);
450         org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(xmlSigElement, null);
451         
452         
453         assertTrue(xmlVerifySig.checkSignatureValue(pkCert.getPublicKey()));
454
455         KeyPair JavaDoc keyPair= KeyTools.genKeys("1024", "RSA");
456         assertFalse(xmlVerifySig.checkSignatureValue(keyPair.getPublic()));
457     }
458         
459     
460     public void test06AuthenticationKeyBindingSignature() throws Exception JavaDoc {
461         KeyStore JavaDoc clientKeyStore = Constants.getUserKeyStore();
462         KeyPair JavaDoc keyPair= KeyTools.genKeys("1024", "RSA");
463         
464         String JavaDoc alias = "TEST";
465         java.security.cert.X509Certificate JavaDoc pkCert = (java.security.cert.X509Certificate JavaDoc)clientKeyStore.getCertificate(alias);
466         
467         RegisterRequestType registerRequestType = xKMSObjectFactory.createRegisterRequestType();
468         registerRequestType.setId("500");
469             
470         UseKeyWithType useKeyWithType = xKMSObjectFactory.createUseKeyWithType();
471         useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
472         useKeyWithType.setIdentifier("CN=Test Testarsson");
473         
474         registerRequestType.getRespondWith().add(XKMSConstants.RESPONDWITH_X509CHAIN);
475         
476         KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
477         RSAKeyValueType rsaKeyValueType = sigFactory.createRSAKeyValueType();
478         rsaKeyValueType.setExponent(((RSAPublicKey JavaDoc) keyPair.getPublic()).getPublicExponent().toByteArray());
479         rsaKeyValueType.setModulus(((RSAPublicKey JavaDoc) keyPair.getPublic()).getModulus().toByteArray());
480         JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory.createRSAKeyValue(rsaKeyValueType);
481         keyInfoType.getContent().add(rsaKeyValue);
482         PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory.createPrototypeKeyBindingType();
483         prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
484         prototypeKeyBindingType.setKeyInfo(keyInfoType);
485         prototypeKeyBindingType.setId("100231");
486         registerRequestType.setPrototypeKeyBinding(prototypeKeyBindingType);
487         JAXBElement<RegisterRequestType> registerRequest = xKMSObjectFactory.createRegisterRequest(registerRequestType);
488                         
489         Document JavaDoc registerRequestDoc = dbf.newDocumentBuilder().newDocument();
490         marshaller.marshal( registerRequest, registerRequestDoc );
491         
492         String JavaDoc authenticationData= "024837";
493         
494         SecretKey sk = XKMSUtil.getSecretKeyFromPassphrase(authenticationData, true, 20, XKMSUtil.KEY_AUTHENTICATION);
495         
496         org.apache.xml.security.signature.XMLSignature authXMLSig = new org.apache.xml.security.signature.XMLSignature(registerRequestDoc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_MAC_HMAC_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
497         org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(registerRequestDoc);
498         transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
499         authXMLSig.addDocument("#" + prototypeKeyBindingType.getId(), transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
500     
501         authXMLSig.sign(sk);
502         
503         Element authenticationElement = registerRequestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "Authentication");
504         Element keyBindingAuthenticationElement = registerRequestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "KeyBindingAuthentication");
505         keyBindingAuthenticationElement.appendChild(authXMLSig.getElement().cloneNode(true));
506         authenticationElement.appendChild(keyBindingAuthenticationElement);
507         registerRequestDoc.getDocumentElement().appendChild(authenticationElement);
508                                 
509         org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(registerRequestDoc, "", org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
510         transforms = new org.apache.xml.security.transforms.Transforms(registerRequestDoc);
511         transforms.addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
512         
513         xmlSig.addDocument("#" + prototypeKeyBindingType.getId(), transforms, org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
514     
515         xmlSig.sign(keyPair.getPrivate());
516         
517         Element pOPElement = registerRequestDoc.createElementNS("http://www.w3.org/2002/03/xkms#", "ProofOfPossession");
518         pOPElement.appendChild(xmlSig.getElement().cloneNode(true));
519         registerRequestDoc.getDocumentElement().appendChild(pOPElement);
520         
521         XMLUtils.outputDOMc14nWithComments(registerRequestDoc, System.out);
522                         
523         ByteArrayOutputStream JavaDoc baos = new ByteArrayOutputStream JavaDoc();
524
525         XMLUtils.outputDOMc14nWithComments(registerRequestDoc, baos);
526         
527         ByteArrayInputStream JavaDoc bais = new ByteArrayInputStream JavaDoc(baos.toByteArray());
528         
529         javax.xml.parsers.DocumentBuilder JavaDoc db = dbf.newDocumentBuilder();
530         
531         Document JavaDoc doc2 = db.parse(bais);
532         
533         XMLUtils.outputDOMc14nWithComments(doc2, System.out);
534         
535         // Verify the authentication
536
org.w3c.dom.NodeList JavaDoc authenticationElements = doc2.getElementsByTagNameNS("http://www.w3.org/2002/03/xkms#", "Authentication");
537         assertTrue(authenticationElements.getLength() == 1);
538         Element ae = (Element) authenticationElements.item(0);
539         
540         org.w3c.dom.NodeList JavaDoc xmlSigs = ae.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
541         
542         org.w3c.dom.Element JavaDoc xmlSigElement = (org.w3c.dom.Element JavaDoc)xmlSigs.item(0);
543         org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(xmlSigElement, null);
544             
545         assertTrue(xmlVerifySig.checkSignatureValue(sk));
546         
547         
548         // Verify the pop
549
org.w3c.dom.NodeList JavaDoc pOPElements = doc2.getElementsByTagNameNS("http://www.w3.org/2002/03/xkms#", "ProofOfPossession");
550         assertTrue(pOPElements.getLength() == 1);
551         Element pOPe = (Element) pOPElements.item(0);
552         org.w3c.dom.NodeList JavaDoc popVerXmlSigs = pOPe.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
553         assertTrue(popVerXmlSigs.getLength() == 1);
554         org.w3c.dom.Element JavaDoc popVerXmlSigElement = (org.w3c.dom.Element JavaDoc)popVerXmlSigs.item(0);
555         org.apache.xml.security.signature.XMLSignature popVerXmlSig = new org.apache.xml.security.signature.XMLSignature(popVerXmlSigElement, null);
556         assertTrue(popVerXmlSig.checkSignatureValue(keyPair.getPublic()));
557         assertFalse(popVerXmlSig.checkSignatureValue(pkCert.getPublicKey()));
558     }
559         
560     
561
562     
563     public void test99RemoveUser() throws Exception JavaDoc {
564         Admin administrator = new Admin(Admin.TYPE_RA_USER);
565         cacheAdmin.deleteUser(administrator, username);
566         keystorefile.deleteOnExit();
567     }
568     
569  
570
571     
572     
573     
574     private Context JavaDoc getInitialContext() throws NamingException JavaDoc {
575         log.debug(">getInitialContext");
576
577         Context JavaDoc ctx = new javax.naming.InitialContext JavaDoc();
578         log.debug("<getInitialContext");
579
580         return ctx;
581     }
582     
583
584 }
585
Popular Tags