1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements. See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership. The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License. You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied. See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 package org.apache.xml.security.samples.signature;
20 
21 import java.io.File;
22 import java.io.FileInputStream;
23 import java.io.FileNotFoundException;
24 import java.security.PublicKey;
25 import java.security.cert.X509Certificate;
26 
27 import javax.xml.parsers.DocumentBuilderFactory;
28 import javax.xml.xpath.XPath;
29 import javax.xml.xpath.XPathConstants;
30 import javax.xml.xpath.XPathFactory;
31 
32 import org.apache.xml.security.keys.KeyInfo;
33 import org.apache.xml.security.signature.XMLSignature;
34 import org.apache.xml.security.samples.DSNamespaceContext;
35 import org.apache.xml.security.samples.SampleUtils;
36 import org.apache.xml.security.utils.Constants;
37 import org.apache.xml.security.utils.XMLUtils;
38 import org.w3c.dom.Element;
39 
40 /**
41  *
42  * @author $Author: mullan $
43  */
44 public class VerifyMerlinsExamplesTwentyThree {
45 
46     /** {@link org.apache.commons.logging} logging facility */
47     static org.apache.commons.logging.Log log =
48         org.apache.commons.logging.LogFactory.getLog(VerifyMerlinsExamplesTwentyThree.class.getName());
49 
50     /** Field schemaValidate */
51     static final boolean schemaValidate = false;
52 
53     /** Field signatureSchemaFile */
54     static final String signatureSchemaFile = "samples/data/xmldsig-core-schema.xsd";
55 
56     static {
org.apache.xml.security.Init.init()57         org.apache.xml.security.Init.init();
58     }
59 
60     /**
61      * Method main
62      *
63      * @param unused
64      */
main(String unused[])65     public static void main(String unused[]) {
66 
67         if (schemaValidate) {
68             System.out.println("We do schema-validation");
69         } else {
70             System.out.println("We do not schema-validation");
71         }
72 
73         javax.xml.parsers.DocumentBuilderFactory dbf =
74             javax.xml.parsers.DocumentBuilderFactory.newInstance();
75 
76         if (VerifyMerlinsExamplesTwentyThree.schemaValidate) {
77             dbf.setAttribute("http://apache.org/xml/features/validation/schema",
78                              Boolean.TRUE);
79             dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion",
80                              Boolean.TRUE);
81             dbf.setValidating(true);
82             dbf.setAttribute("http://xml.org/sax/features/validation",
83                              Boolean.TRUE);
84             dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation",
85                              Constants.SignatureSpecNS + " "
86                              + VerifyMerlinsExamplesTwentyThree.signatureSchemaFile);
87         }
88 
89         dbf.setNamespaceAware(true);
90         dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
91 
92         String merlinsDir =
93             "samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/";
94         String filenames[] = { // "23signature.xml"
95                                // "merlinsTwentyThreeRecreated.xml"
96                                merlinsDir + "signature.xml",
97                                merlinsDir + "signature-enveloped-dsa.xml",
98                                merlinsDir + "signature-enveloping-b64-dsa.xml",
99                                merlinsDir + "signature-enveloping-dsa.xml",
100                                merlinsDir + "signature-enveloping-hmac-sha1.xml",
101                                merlinsDir + "signature-enveloping-rsa.xml",
102                                merlinsDir + "signature-external-b64-dsa.xml",
103                                merlinsDir + "signature-external-dsa.xml"
104         };
105         int start = 0;
106         int end = filenames.length;
107 
108         for (int i = start; i < end; i++) {
109             String signatureFileName = filenames[i];
110 
111             try {
112                 verify(dbf, signatureFileName);
113             } catch (Exception ex) {
114                 ex.printStackTrace();
115             }
116         }
117     }
118 
119     /**
120      * Method verify
121      *
122      * @param dbf
123      * @param filename
124      * @throws Exception
125      */
verify(DocumentBuilderFactory dbf, String filename)126     public static void verify(DocumentBuilderFactory dbf, String filename)
127         throws Exception {
128 
129         File f = new File(filename);
130 
131         System.out.println("Try to verify " + f.toURI().toURL().toString());
132 
133         javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
134 
135         if (VerifyMerlinsExamplesTwentyThree.schemaValidate) {
136             db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
137             db.setEntityResolver(new org.xml.sax.EntityResolver() {
138 
139                 public org.xml.sax.InputSource resolveEntity(String publicId, String systemId)
140                     throws org.xml.sax.SAXException {
141 
142                     if (systemId.endsWith("xmldsig-core-schema.xsd")) {
143                         try {
144                             return new org.xml.sax.InputSource(new FileInputStream(signatureSchemaFile));
145                         } catch (FileNotFoundException ex) {
146                             throw new org.xml.sax.SAXException(ex);
147                         }
148                     } else {
149                         return null;
150                     }
151                 }
152             });
153         }
154 
155         org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(f));
156 
157         XPathFactory xpf = XPathFactory.newInstance();
158         XPath xpath = xpf.newXPath();
159         xpath.setNamespaceContext(new DSNamespaceContext());
160 
161         String expression = "//ds:Signature[1]";
162         Element sigElement =
163             (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
164         XMLSignature signature =
165             new XMLSignature(sigElement, f.toURI().toURL().toString());
166 
167         signature.getSignedInfo()
168             .addResourceResolver(new org.apache.xml.security.samples.utils.resolver.OfflineResolver());
169 
170         signature.setFollowNestedManifests(false);
171 
172         KeyInfo ki = signature.getKeyInfo();
173 
174         if (ki != null) {
175             X509Certificate cert = signature.getKeyInfo().getX509Certificate();
176 
177             if (cert != null) {
178                 System.out.println("The XML signature in file "
179                                    + f.toURI().toURL().toString() + " is "
180                                    + (signature.checkSignatureValue(cert)
181                                        ? "valid (good)" : "invalid !!!!! (bad)"));
182             } else {
183                 PublicKey pk = signature.getKeyInfo().getPublicKey();
184 
185                 if (pk != null) {
186                     System.out.println("The XML signature in file "
187                                        + f.toURI().toURL().toString() + " is "
188                                        + (signature.checkSignatureValue(pk)
189                                            ? "valid (good)" : "invalid !!!!! (bad)"));
190                 } else {
191                     System.out.println(
192                     "Did not find a public key, so I can't check the signature");
193                 }
194             }
195         } else {
196             System.out.println("Did not find a KeyInfo");
197         }
198 
199     }
200 
201 }
202