1 /** 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.xml.security.samples.signature; 20 21 import java.io.File; 22 import java.io.FileInputStream; 23 import java.io.FileNotFoundException; 24 import java.security.PublicKey; 25 import java.security.cert.X509Certificate; 26 27 import javax.xml.parsers.DocumentBuilderFactory; 28 import javax.xml.xpath.XPath; 29 import javax.xml.xpath.XPathConstants; 30 import javax.xml.xpath.XPathFactory; 31 32 import org.apache.xml.security.keys.KeyInfo; 33 import org.apache.xml.security.signature.XMLSignature; 34 import org.apache.xml.security.samples.DSNamespaceContext; 35 import org.apache.xml.security.samples.SampleUtils; 36 import org.apache.xml.security.utils.Constants; 37 import org.apache.xml.security.utils.XMLUtils; 38 import org.w3c.dom.Element; 39 40 /** 41 * 42 * @author $Author: mullan $ 43 */ 44 public class VerifyMerlinsExamplesTwentyThree { 45 46 /** {@link org.apache.commons.logging} logging facility */ 47 static org.apache.commons.logging.Log log = 48 org.apache.commons.logging.LogFactory.getLog(VerifyMerlinsExamplesTwentyThree.class.getName()); 49 50 /** Field schemaValidate */ 51 static final boolean schemaValidate = false; 52 53 /** Field signatureSchemaFile */ 54 static final String signatureSchemaFile = "samples/data/xmldsig-core-schema.xsd"; 55 56 static { org.apache.xml.security.Init.init()57 org.apache.xml.security.Init.init(); 58 } 59 60 /** 61 * Method main 62 * 63 * @param unused 64 */ main(String unused[])65 public static void main(String unused[]) { 66 67 if (schemaValidate) { 68 System.out.println("We do schema-validation"); 69 } else { 70 System.out.println("We do not schema-validation"); 71 } 72 73 javax.xml.parsers.DocumentBuilderFactory dbf = 74 javax.xml.parsers.DocumentBuilderFactory.newInstance(); 75 76 if (VerifyMerlinsExamplesTwentyThree.schemaValidate) { 77 dbf.setAttribute("http://apache.org/xml/features/validation/schema", 78 Boolean.TRUE); 79 dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion", 80 Boolean.TRUE); 81 dbf.setValidating(true); 82 dbf.setAttribute("http://xml.org/sax/features/validation", 83 Boolean.TRUE); 84 dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation", 85 Constants.SignatureSpecNS + " " 86 + VerifyMerlinsExamplesTwentyThree.signatureSchemaFile); 87 } 88 89 dbf.setNamespaceAware(true); 90 dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE); 91 92 String merlinsDir = 93 "samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/"; 94 String filenames[] = { // "23signature.xml" 95 // "merlinsTwentyThreeRecreated.xml" 96 merlinsDir + "signature.xml", 97 merlinsDir + "signature-enveloped-dsa.xml", 98 merlinsDir + "signature-enveloping-b64-dsa.xml", 99 merlinsDir + "signature-enveloping-dsa.xml", 100 merlinsDir + "signature-enveloping-hmac-sha1.xml", 101 merlinsDir + "signature-enveloping-rsa.xml", 102 merlinsDir + "signature-external-b64-dsa.xml", 103 merlinsDir + "signature-external-dsa.xml" 104 }; 105 int start = 0; 106 int end = filenames.length; 107 108 for (int i = start; i < end; i++) { 109 String signatureFileName = filenames[i]; 110 111 try { 112 verify(dbf, signatureFileName); 113 } catch (Exception ex) { 114 ex.printStackTrace(); 115 } 116 } 117 } 118 119 /** 120 * Method verify 121 * 122 * @param dbf 123 * @param filename 124 * @throws Exception 125 */ verify(DocumentBuilderFactory dbf, String filename)126 public static void verify(DocumentBuilderFactory dbf, String filename) 127 throws Exception { 128 129 File f = new File(filename); 130 131 System.out.println("Try to verify " + f.toURI().toURL().toString()); 132 133 javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); 134 135 if (VerifyMerlinsExamplesTwentyThree.schemaValidate) { 136 db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler()); 137 db.setEntityResolver(new org.xml.sax.EntityResolver() { 138 139 public org.xml.sax.InputSource resolveEntity(String publicId, String systemId) 140 throws org.xml.sax.SAXException { 141 142 if (systemId.endsWith("xmldsig-core-schema.xsd")) { 143 try { 144 return new org.xml.sax.InputSource(new FileInputStream(signatureSchemaFile)); 145 } catch (FileNotFoundException ex) { 146 throw new org.xml.sax.SAXException(ex); 147 } 148 } else { 149 return null; 150 } 151 } 152 }); 153 } 154 155 org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(f)); 156 157 XPathFactory xpf = XPathFactory.newInstance(); 158 XPath xpath = xpf.newXPath(); 159 xpath.setNamespaceContext(new DSNamespaceContext()); 160 161 String expression = "//ds:Signature[1]"; 162 Element sigElement = 163 (Element) xpath.evaluate(expression, doc, XPathConstants.NODE); 164 XMLSignature signature = 165 new XMLSignature(sigElement, f.toURI().toURL().toString()); 166 167 signature.getSignedInfo() 168 .addResourceResolver(new org.apache.xml.security.samples.utils.resolver.OfflineResolver()); 169 170 signature.setFollowNestedManifests(false); 171 172 KeyInfo ki = signature.getKeyInfo(); 173 174 if (ki != null) { 175 X509Certificate cert = signature.getKeyInfo().getX509Certificate(); 176 177 if (cert != null) { 178 System.out.println("The XML signature in file " 179 + f.toURI().toURL().toString() + " is " 180 + (signature.checkSignatureValue(cert) 181 ? "valid (good)" : "invalid !!!!! (bad)")); 182 } else { 183 PublicKey pk = signature.getKeyInfo().getPublicKey(); 184 185 if (pk != null) { 186 System.out.println("The XML signature in file " 187 + f.toURI().toURL().toString() + " is " 188 + (signature.checkSignatureValue(pk) 189 ? "valid (good)" : "invalid !!!!! (bad)")); 190 } else { 191 System.out.println( 192 "Did not find a public key, so I can't check the signature"); 193 } 194 } 195 } else { 196 System.out.println("Did not find a KeyInfo"); 197 } 198 199 } 200 201 } 202