001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.core.protocol.xkms;
013:
014: import java.io.ByteArrayInputStream;
015: import java.io.ByteArrayOutputStream;
016: import java.io.File;
017: import java.io.FileInputStream;
018: import java.security.Key;
019: import java.security.KeyPair;
020: import java.security.KeyStore;
021: import java.security.cert.Certificate;
022: import java.security.cert.X509Certificate;
023: import java.security.interfaces.RSAPublicKey;
024: import java.util.ArrayList;
025: import java.util.Random;
026:
027: import javax.crypto.SecretKey;
028: import javax.naming.Context;
029: import javax.naming.NamingException;
030: import javax.xml.bind.JAXBContext;
031: import javax.xml.bind.JAXBElement;
032: import javax.xml.bind.JAXBException;
033: import javax.xml.bind.Marshaller;
034: import javax.xml.bind.PropertyException;
035: import javax.xml.parsers.DocumentBuilderFactory;
036:
037: import junit.framework.TestCase;
038:
039: import org.apache.log4j.Logger;
040: import org.apache.xml.security.utils.XMLUtils;
041: import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
042: import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
043: import org.ejbca.core.model.SecConst;
044: import org.ejbca.core.model.ca.crl.RevokedCertInfo;
045: import org.ejbca.core.model.log.Admin;
046: import org.ejbca.core.protocol.xkms.client.XKMSInvoker;
047: import org.ejbca.core.protocol.xkms.common.XKMSConstants;
048: import org.ejbca.core.protocol.xkms.common.XKMSNamespacePrefixMapper;
049: import org.ejbca.core.protocol.xkms.common.XKMSUtil;
050: import org.ejbca.ui.cli.batch.BatchMakeP12;
051: import org.ejbca.util.CertTools;
052: import org.ejbca.util.KeyTools;
053: import org.w3._2000._09.xmldsig_.KeyInfoType;
054: import org.w3._2000._09.xmldsig_.RSAKeyValueType;
055: import org.w3._2002._03.xkms_.ObjectFactory;
056: import org.w3._2002._03.xkms_.PrototypeKeyBindingType;
057: import org.w3._2002._03.xkms_.QueryKeyBindingType;
058: import org.w3._2002._03.xkms_.RegisterRequestType;
059: import org.w3._2002._03.xkms_.UseKeyWithType;
060: import org.w3._2002._03.xkms_.ValidateRequestType;
061: import org.w3._2002._03.xkms_.ValidateResultType;
062: import org.w3c.dom.Document;
063: import org.w3c.dom.Element;
064:
065: /**
066: * To Run this test, there must be a CA with DN "CN=AdminCA1,O=EJBCA Sample,C=SE", and it must have XKMS service enabled.
067: *
068: *
069: * @author Philip Vendil 2006 sep 27
070: *
071: * @version $Id: TestXKMSSig.java,v 1.4 2007/11/20 08:45:52 anatom Exp $
072: */
073:
074: public class TestXKMSSig extends TestCase {
075:
076: private static Logger log = Logger.getLogger(TestXKMSSig.class);
077:
078: private ObjectFactory xKMSObjectFactory = new ObjectFactory();
079: private org.w3._2000._09.xmldsig_.ObjectFactory sigFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
080:
081: private static String baseUsername;
082: private IUserAdminSessionRemote cacheAdmin;
083: private IUserAdminSessionHome cacheHome;
084:
085: private static String username;
086: private static File tmpfile;
087: private static File keystorefile;
088:
089: private static JAXBContext jAXBContext = null;
090: private static Marshaller marshaller = null;
091: //private static Unmarshaller unmarshaller = null;
092: private static DocumentBuilderFactory dbf = null;
093:
094: private static int caid;
095:
096: static {
097: try {
098: CertTools.installBCProvider();
099: org.apache.xml.security.Init.init();
100:
101: jAXBContext = JAXBContext
102: .newInstance("org.w3._2002._03.xkms_:org.w3._2001._04.xmlenc_:org.w3._2000._09.xmldsig_");
103: marshaller = jAXBContext.createMarshaller();
104: try {
105: marshaller.setProperty(
106: "com.sun.xml.bind.namespacePrefixMapper",
107: new XKMSNamespacePrefixMapper());
108: } catch (PropertyException e) {
109: log.error(
110: "Error registering namespace mapper property",
111: e);
112: }
113: dbf = DocumentBuilderFactory.newInstance();
114: dbf.setNamespaceAware(true);
115: //unmarshaller = jAXBContext.createUnmarshaller();
116:
117: } catch (JAXBException e) {
118: log
119: .error(
120: "Error initializing RequestAbstractTypeResponseGenerator",
121: e);
122: }
123:
124: }
125:
126: protected void setUp() throws Exception {
127: log.debug(">setUp()");
128:
129: if (cacheAdmin == null) {
130: if (cacheHome == null) {
131: Context jndiContext = getInitialContext();
132: Object obj1 = jndiContext.lookup("UserAdminSession");
133: cacheHome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject
134: .narrow(obj1, IUserAdminSessionHome.class);
135: }
136:
137: cacheAdmin = cacheHome.create();
138: }
139:
140: caid = CertTools.stringToBCDNString(
141: "CN=AdminCA1,O=EJBCA Sample,C=SE").hashCode();
142:
143: Random ran = new Random();
144: if (baseUsername == null) {
145: baseUsername = "xkmstestadmin" + (ran.nextInt() % 1000)
146: + "-";
147: }
148:
149: log.debug("<setUp()");
150: }
151:
152: protected void tearDown() throws Exception {
153: }
154:
155: public void test00SetupAccessRights() throws Exception {
156: Admin administrator = new Admin(Admin.TYPE_RA_USER);
157: Object o = null;
158: username = baseUsername + "1";
159: try {
160:
161: cacheAdmin.addUser(administrator, username, "foo123",
162: "CN=superadmin", null, null, false,
163: SecConst.EMPTY_ENDENTITYPROFILE,
164: SecConst.CERTPROFILE_FIXED_ENDUSER,
165: SecConst.USER_ADMINISTRATOR,
166: SecConst.TOKEN_SOFT_JKS, 0, caid);
167: cacheAdmin.setClearTextPassword(administrator, username,
168: "foo123");
169: o = new String("");
170: } catch (Exception e) {
171: assertNotNull("Failed to create user " + username, o);
172: }
173:
174: BatchMakeP12 makep12 = new BatchMakeP12();
175: tmpfile = new File("p12");
176:
177: //System.out.println("tempdir="+tmpfile.getParent());
178: makep12.setMainStoreDir(tmpfile.getAbsolutePath());
179: makep12.createAllNew();
180:
181: }
182:
183: public void test01ClientSignature() throws Exception {
184: KeyStore clientKeyStore = Constants.getUserKeyStore();
185:
186: // Test simple validate
187: ValidateRequestType validateRequestType = xKMSObjectFactory
188: .createValidateRequestType();
189: validateRequestType.setId("200");
190:
191: UseKeyWithType useKeyWithType = xKMSObjectFactory
192: .createUseKeyWithType();
193: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
194: useKeyWithType.setIdentifier("Test");
195:
196: validateRequestType.getRespondWith().add(
197: XKMSConstants.RESPONDWITH_X509CHAIN);
198:
199: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
200: .createQueryKeyBindingType();
201: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
202: validateRequestType.setQueryKeyBinding(queryKeyBindingType);
203:
204: JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory
205: .createValidateRequest(validateRequestType);
206:
207: String alias = "TEST";
208: java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate) clientKeyStore
209: .getCertificate(alias);
210:
211: Key key = clientKeyStore.getKey(alias, "foo123".toCharArray());
212:
213: Document doc = dbf.newDocumentBuilder().newDocument();
214: marshaller.marshal(validateRequest, doc);
215:
216: org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(
217: doc,
218: "",
219: org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
220: org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
221: org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(
222: doc);
223: transforms
224: .addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
225: transforms
226: .addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
227: xmlSig
228: .addDocument(
229: "#" + validateRequest.getValue().getId(),
230: transforms,
231: org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
232: xmlSig.addKeyInfo(pkCert);
233: doc.getDocumentElement().insertBefore(xmlSig.getElement(),
234: doc.getDocumentElement().getFirstChild());
235: xmlSig.sign(key);
236:
237: //DOMSource dOMSource = new DOMSource(doc);
238: ByteArrayOutputStream baos = new ByteArrayOutputStream();
239:
240: XMLUtils.outputDOMc14nWithComments(doc, System.out);
241:
242: XMLUtils.outputDOMc14nWithComments(doc, baos);
243:
244: ByteArrayInputStream bais = new ByteArrayInputStream(baos
245: .toByteArray());
246:
247: javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
248:
249: Document doc2 = db.parse(bais);
250:
251: XMLUtils.outputDOMc14nWithComments(doc2, System.out);
252:
253: org.w3c.dom.NodeList xmlSigs = doc2.getElementsByTagNameNS(
254: "http://www.w3.org/2000/09/xmldsig#", "Signature");
255: org.w3c.dom.Element xmlSigElement = (org.w3c.dom.Element) xmlSigs
256: .item(0);
257: org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(
258: xmlSigElement, null);
259:
260: org.apache.xml.security.keys.KeyInfo keyInfo = xmlVerifySig
261: .getKeyInfo();
262: java.security.cert.X509Certificate verCert = keyInfo
263: .getX509Certificate();
264:
265: assertTrue(xmlVerifySig.checkSignatureValue(verCert));
266:
267: }
268:
269: public void test02SendSignedRequest() throws Exception {
270:
271: KeyStore clientKeyStore = KeyStore.getInstance("JKS");
272: keystorefile = new File(tmpfile.getAbsolutePath() + "/"
273: + username + ".jks");
274: clientKeyStore.load(new FileInputStream(keystorefile), "foo123"
275: .toCharArray());
276:
277: String alias = "superadmin";
278: java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate) clientKeyStore
279: .getCertificate(alias);
280: Key key = clientKeyStore.getKey(alias, "foo123".toCharArray());
281: Certificate[] trustedcerts = clientKeyStore
282: .getCertificateChain(alias);
283: ArrayList trustcol = new ArrayList();
284: for (int i = 0; i < trustedcerts.length; i++) {
285: if (((X509Certificate) trustedcerts[i])
286: .getBasicConstraints() != -1) {
287: trustcol.add(trustedcerts[i]);
288: }
289: }
290:
291: XKMSInvoker xKMSInvoker = new XKMSInvoker(
292: "http://localhost:8080/ejbca/xkms/xkms", trustcol);
293:
294: // Test simple validate
295: ValidateRequestType validateRequestType = xKMSObjectFactory
296: .createValidateRequestType();
297: validateRequestType.setId("200");
298:
299: UseKeyWithType useKeyWithType = xKMSObjectFactory
300: .createUseKeyWithType();
301: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
302: useKeyWithType.setIdentifier("Test");
303:
304: validateRequestType.getRespondWith().add(
305: XKMSConstants.RESPONDWITH_X509CHAIN);
306:
307: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
308: .createQueryKeyBindingType();
309: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
310: validateRequestType.setQueryKeyBinding(queryKeyBindingType);
311:
312: JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory
313: .createValidateRequest(validateRequestType);
314:
315: Document doc = dbf.newDocumentBuilder().newDocument();
316: marshaller.marshal(validateRequest, doc);
317:
318: ValidateResultType validateResultType = xKMSInvoker.validate(
319: validateRequestType, pkCert, key);
320:
321: assertTrue(validateResultType.getRequestId().equals("200"));
322: assertTrue(validateResultType.getResultMajor().equals(
323: XKMSConstants.RESULTMAJOR_SUCCESS));
324:
325: }
326:
327: public void test03SendUntrustedRequest() throws Exception {
328: KeyStore clientKeyStore = Constants.getUserKeyStore();
329: KeyStore trustKeyStore = KeyStore.getInstance("JKS");
330: keystorefile = new File(tmpfile.getAbsolutePath() + "/"
331: + username + ".jks");
332: trustKeyStore.load(new FileInputStream(keystorefile), "foo123"
333: .toCharArray());
334:
335: String alias = "TEST";
336: java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate) clientKeyStore
337: .getCertificate(alias);
338: Key key = clientKeyStore.getKey(alias, "foo123".toCharArray());
339: Certificate[] trustedcerts = trustKeyStore
340: .getCertificateChain("superadmin");
341: ArrayList trustcol = new ArrayList();
342: for (int i = 0; i < trustedcerts.length; i++) {
343: if (((X509Certificate) trustedcerts[i])
344: .getBasicConstraints() != -1) {
345: trustcol.add(trustedcerts[i]);
346: }
347: }
348:
349: XKMSInvoker xKMSInvoker = new XKMSInvoker(
350: "http://localhost:8080/ejbca/xkms/xkms", trustcol);
351:
352: // Test simple validate
353: ValidateRequestType validateRequestType = xKMSObjectFactory
354: .createValidateRequestType();
355: validateRequestType.setId("201");
356:
357: UseKeyWithType useKeyWithType = xKMSObjectFactory
358: .createUseKeyWithType();
359: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
360: useKeyWithType.setIdentifier("Test");
361:
362: validateRequestType.getRespondWith().add(
363: XKMSConstants.RESPONDWITH_X509CHAIN);
364:
365: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
366: .createQueryKeyBindingType();
367: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
368: validateRequestType.setQueryKeyBinding(queryKeyBindingType);
369:
370: JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory
371: .createValidateRequest(validateRequestType);
372:
373: Document doc = dbf.newDocumentBuilder().newDocument();
374: marshaller.marshal(validateRequest, doc);
375:
376: ValidateResultType validateResultType = xKMSInvoker.validate(
377: validateRequestType, pkCert, key);
378:
379: assertTrue(validateResultType.getRequestId().equals("201"));
380: assertTrue(validateResultType.getResultMajor().equals(
381: XKMSConstants.RESULTMAJOR_SENDER));
382: assertTrue(validateResultType.getResultMinor().equals(
383: XKMSConstants.RESULTMINOR_NOAUTHENTICATION));
384: }
385:
386: public void test04SendRevokedRequest() throws Exception {
387:
388: cacheAdmin.revokeUser(new Admin(Admin.TYPE_RA_USER), username,
389: RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE);
390:
391: KeyStore clientKeyStore = KeyStore.getInstance("JKS");
392: keystorefile = new File(tmpfile.getAbsolutePath() + "/"
393: + username + ".jks");
394: clientKeyStore.load(new FileInputStream(keystorefile), "foo123"
395: .toCharArray());
396:
397: String alias = "superadmin";
398: java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate) clientKeyStore
399: .getCertificate(alias);
400: Key key = clientKeyStore.getKey(alias, "foo123".toCharArray());
401: Certificate[] trustedcerts = clientKeyStore
402: .getCertificateChain(alias);
403: ArrayList trustcol = new ArrayList();
404: for (int i = 0; i < trustedcerts.length; i++) {
405: if (((X509Certificate) trustedcerts[i])
406: .getBasicConstraints() != -1) {
407: trustcol.add(trustedcerts[i]);
408: }
409: }
410:
411: XKMSInvoker xKMSInvoker = new XKMSInvoker(
412: "http://localhost:8080/ejbca/xkms/xkms", trustcol);
413:
414: // Test simple validate
415: ValidateRequestType validateRequestType = xKMSObjectFactory
416: .createValidateRequestType();
417: validateRequestType.setId("200");
418:
419: UseKeyWithType useKeyWithType = xKMSObjectFactory
420: .createUseKeyWithType();
421: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_TLSHTTP);
422: useKeyWithType.setIdentifier("Test");
423:
424: validateRequestType.getRespondWith().add(
425: XKMSConstants.RESPONDWITH_X509CHAIN);
426:
427: QueryKeyBindingType queryKeyBindingType = xKMSObjectFactory
428: .createQueryKeyBindingType();
429: queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
430: validateRequestType.setQueryKeyBinding(queryKeyBindingType);
431:
432: JAXBElement<ValidateRequestType> validateRequest = xKMSObjectFactory
433: .createValidateRequest(validateRequestType);
434:
435: Document doc = dbf.newDocumentBuilder().newDocument();
436: marshaller.marshal(validateRequest, doc);
437:
438: ValidateResultType validateResultType = xKMSInvoker.validate(
439: validateRequestType, pkCert, key);
440:
441: assertTrue(validateResultType.getRequestId().equals("200"));
442: assertTrue(validateResultType.getResultMajor().equals(
443: XKMSConstants.RESULTMAJOR_SENDER));
444: assertTrue(validateResultType.getResultMinor().equals(
445: XKMSConstants.RESULTMINOR_NOAUTHENTICATION));
446:
447: }
448:
449: public void test05POPSignature() throws Exception {
450:
451: KeyStore clientKeyStore = Constants.getUserKeyStore();
452:
453: String alias = "TEST";
454: java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate) clientKeyStore
455: .getCertificate(alias);
456:
457: Key key = clientKeyStore.getKey(alias, "foo123".toCharArray());
458:
459: RegisterRequestType registerRequestType = xKMSObjectFactory
460: .createRegisterRequestType();
461: registerRequestType.setId("500");
462:
463: UseKeyWithType useKeyWithType = xKMSObjectFactory
464: .createUseKeyWithType();
465: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
466: useKeyWithType.setIdentifier("CN=Test Testarsson");
467:
468: registerRequestType.getRespondWith().add(
469: XKMSConstants.RESPONDWITH_X509CHAIN);
470:
471: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
472: RSAKeyValueType rsaKeyValueType = sigFactory
473: .createRSAKeyValueType();
474: rsaKeyValueType.setExponent(((RSAPublicKey) pkCert
475: .getPublicKey()).getPublicExponent().toByteArray());
476: rsaKeyValueType.setModulus(((RSAPublicKey) pkCert
477: .getPublicKey()).getModulus().toByteArray());
478: JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory
479: .createRSAKeyValue(rsaKeyValueType);
480: keyInfoType.getContent().add(rsaKeyValue);
481: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
482: .createPrototypeKeyBindingType();
483: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
484: prototypeKeyBindingType.setKeyInfo(keyInfoType);
485: prototypeKeyBindingType.setId("100231");
486: registerRequestType
487: .setPrototypeKeyBinding(prototypeKeyBindingType);
488: JAXBElement<RegisterRequestType> registerRequest = xKMSObjectFactory
489: .createRegisterRequest(registerRequestType);
490:
491: Document registerRequestDoc = dbf.newDocumentBuilder()
492: .newDocument();
493: marshaller.marshal(registerRequest, registerRequestDoc);
494:
495: Element prototypeKeyBindingTag = (Element) registerRequestDoc
496: .getDocumentElement().getElementsByTagNameNS(
497: "http://www.w3.org/2002/03/xkms#",
498: "PrototypeKeyBinding").item(0);
499: assertTrue(prototypeKeyBindingTag != null);
500:
501: org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(
502: registerRequestDoc,
503: "",
504: org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
505: org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
506: org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(
507: registerRequestDoc);
508: transforms
509: .addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
510: xmlSig
511: .addDocument(
512: "#" + prototypeKeyBindingType.getId(),
513: transforms,
514: org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
515:
516: xmlSig.sign(key);
517:
518: Element pOPElement = registerRequestDoc.createElementNS(
519: "http://www.w3.org/2002/03/xkms#", "ProofOfPossession");
520: pOPElement.appendChild(xmlSig.getElement().cloneNode(true));
521: registerRequestDoc.getDocumentElement().appendChild(pOPElement);
522:
523: XMLUtils.outputDOMc14nWithComments(registerRequestDoc,
524: System.out);
525:
526: ByteArrayOutputStream baos = new ByteArrayOutputStream();
527:
528: XMLUtils.outputDOMc14nWithComments(registerRequestDoc, baos);
529:
530: ByteArrayInputStream bais = new ByteArrayInputStream(baos
531: .toByteArray());
532:
533: javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
534:
535: Document doc2 = db.parse(bais);
536:
537: XMLUtils.outputDOMc14nWithComments(doc2, System.out);
538:
539: org.w3c.dom.NodeList xmlSigs = doc2.getElementsByTagNameNS(
540: "http://www.w3.org/2000/09/xmldsig#", "Signature");
541: org.w3c.dom.Element xmlSigElement = (org.w3c.dom.Element) xmlSigs
542: .item(0);
543: org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(
544: xmlSigElement, null);
545:
546: assertTrue(xmlVerifySig.checkSignatureValue(pkCert
547: .getPublicKey()));
548:
549: KeyPair keyPair = KeyTools.genKeys("1024", "RSA");
550: assertFalse(xmlVerifySig.checkSignatureValue(keyPair
551: .getPublic()));
552: }
553:
554: public void test06AuthenticationKeyBindingSignature()
555: throws Exception {
556: KeyStore clientKeyStore = Constants.getUserKeyStore();
557: KeyPair keyPair = KeyTools.genKeys("1024", "RSA");
558:
559: String alias = "TEST";
560: java.security.cert.X509Certificate pkCert = (java.security.cert.X509Certificate) clientKeyStore
561: .getCertificate(alias);
562:
563: RegisterRequestType registerRequestType = xKMSObjectFactory
564: .createRegisterRequestType();
565: registerRequestType.setId("500");
566:
567: UseKeyWithType useKeyWithType = xKMSObjectFactory
568: .createUseKeyWithType();
569: useKeyWithType.setApplication(XKMSConstants.USEKEYWITH_PKIX);
570: useKeyWithType.setIdentifier("CN=Test Testarsson");
571:
572: registerRequestType.getRespondWith().add(
573: XKMSConstants.RESPONDWITH_X509CHAIN);
574:
575: KeyInfoType keyInfoType = sigFactory.createKeyInfoType();
576: RSAKeyValueType rsaKeyValueType = sigFactory
577: .createRSAKeyValueType();
578: rsaKeyValueType
579: .setExponent(((RSAPublicKey) keyPair.getPublic())
580: .getPublicExponent().toByteArray());
581: rsaKeyValueType.setModulus(((RSAPublicKey) keyPair.getPublic())
582: .getModulus().toByteArray());
583: JAXBElement<RSAKeyValueType> rsaKeyValue = sigFactory
584: .createRSAKeyValue(rsaKeyValueType);
585: keyInfoType.getContent().add(rsaKeyValue);
586: PrototypeKeyBindingType prototypeKeyBindingType = xKMSObjectFactory
587: .createPrototypeKeyBindingType();
588: prototypeKeyBindingType.getUseKeyWith().add(useKeyWithType);
589: prototypeKeyBindingType.setKeyInfo(keyInfoType);
590: prototypeKeyBindingType.setId("100231");
591: registerRequestType
592: .setPrototypeKeyBinding(prototypeKeyBindingType);
593: JAXBElement<RegisterRequestType> registerRequest = xKMSObjectFactory
594: .createRegisterRequest(registerRequestType);
595:
596: Document registerRequestDoc = dbf.newDocumentBuilder()
597: .newDocument();
598: marshaller.marshal(registerRequest, registerRequestDoc);
599:
600: String authenticationData = "024837";
601:
602: SecretKey sk = XKMSUtil.getSecretKeyFromPassphrase(
603: authenticationData, true, 20,
604: XKMSUtil.KEY_AUTHENTICATION);
605:
606: org.apache.xml.security.signature.XMLSignature authXMLSig = new org.apache.xml.security.signature.XMLSignature(
607: registerRequestDoc,
608: "",
609: org.apache.xml.security.signature.XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
610: org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
611: org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms(
612: registerRequestDoc);
613: transforms
614: .addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
615: authXMLSig
616: .addDocument(
617: "#" + prototypeKeyBindingType.getId(),
618: transforms,
619: org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
620:
621: authXMLSig.sign(sk);
622:
623: Element authenticationElement = registerRequestDoc
624: .createElementNS("http://www.w3.org/2002/03/xkms#",
625: "Authentication");
626: Element keyBindingAuthenticationElement = registerRequestDoc
627: .createElementNS("http://www.w3.org/2002/03/xkms#",
628: "KeyBindingAuthentication");
629: keyBindingAuthenticationElement.appendChild(authXMLSig
630: .getElement().cloneNode(true));
631: authenticationElement
632: .appendChild(keyBindingAuthenticationElement);
633: registerRequestDoc.getDocumentElement().appendChild(
634: authenticationElement);
635:
636: org.apache.xml.security.signature.XMLSignature xmlSig = new org.apache.xml.security.signature.XMLSignature(
637: registerRequestDoc,
638: "",
639: org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
640: org.apache.xml.security.c14n.Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
641: transforms = new org.apache.xml.security.transforms.Transforms(
642: registerRequestDoc);
643: transforms
644: .addTransform(org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
645:
646: xmlSig
647: .addDocument(
648: "#" + prototypeKeyBindingType.getId(),
649: transforms,
650: org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
651:
652: xmlSig.sign(keyPair.getPrivate());
653:
654: Element pOPElement = registerRequestDoc.createElementNS(
655: "http://www.w3.org/2002/03/xkms#", "ProofOfPossession");
656: pOPElement.appendChild(xmlSig.getElement().cloneNode(true));
657: registerRequestDoc.getDocumentElement().appendChild(pOPElement);
658:
659: XMLUtils.outputDOMc14nWithComments(registerRequestDoc,
660: System.out);
661:
662: ByteArrayOutputStream baos = new ByteArrayOutputStream();
663:
664: XMLUtils.outputDOMc14nWithComments(registerRequestDoc, baos);
665:
666: ByteArrayInputStream bais = new ByteArrayInputStream(baos
667: .toByteArray());
668:
669: javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
670:
671: Document doc2 = db.parse(bais);
672:
673: XMLUtils.outputDOMc14nWithComments(doc2, System.out);
674:
675: // Verify the authentication
676: org.w3c.dom.NodeList authenticationElements = doc2
677: .getElementsByTagNameNS(
678: "http://www.w3.org/2002/03/xkms#",
679: "Authentication");
680: assertTrue(authenticationElements.getLength() == 1);
681: Element ae = (Element) authenticationElements.item(0);
682:
683: org.w3c.dom.NodeList xmlSigs = ae.getElementsByTagNameNS(
684: "http://www.w3.org/2000/09/xmldsig#", "Signature");
685:
686: org.w3c.dom.Element xmlSigElement = (org.w3c.dom.Element) xmlSigs
687: .item(0);
688: org.apache.xml.security.signature.XMLSignature xmlVerifySig = new org.apache.xml.security.signature.XMLSignature(
689: xmlSigElement, null);
690:
691: assertTrue(xmlVerifySig.checkSignatureValue(sk));
692:
693: // Verify the pop
694: org.w3c.dom.NodeList pOPElements = doc2.getElementsByTagNameNS(
695: "http://www.w3.org/2002/03/xkms#", "ProofOfPossession");
696: assertTrue(pOPElements.getLength() == 1);
697: Element pOPe = (Element) pOPElements.item(0);
698: org.w3c.dom.NodeList popVerXmlSigs = pOPe
699: .getElementsByTagNameNS(
700: "http://www.w3.org/2000/09/xmldsig#",
701: "Signature");
702: assertTrue(popVerXmlSigs.getLength() == 1);
703: org.w3c.dom.Element popVerXmlSigElement = (org.w3c.dom.Element) popVerXmlSigs
704: .item(0);
705: org.apache.xml.security.signature.XMLSignature popVerXmlSig = new org.apache.xml.security.signature.XMLSignature(
706: popVerXmlSigElement, null);
707: assertTrue(popVerXmlSig
708: .checkSignatureValue(keyPair.getPublic()));
709: assertFalse(popVerXmlSig.checkSignatureValue(pkCert
710: .getPublicKey()));
711: }
712:
713: public void test99RemoveUser() throws Exception {
714: Admin administrator = new Admin(Admin.TYPE_RA_USER);
715: cacheAdmin.deleteUser(administrator, username);
716: keystorefile.deleteOnExit();
717: }
718:
719: private Context getInitialContext() throws NamingException {
720: log.debug(">getInitialContext");
721:
722: Context ctx = new javax.naming.InitialContext();
723: log.debug("<getInitialContext");
724:
725: return ctx;
726: }
727:
728: }
|