Java tutorial
/* * eID Applet Project. * Copyright (C) 2009 FedICT. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License version * 3.0 as published by the Free Software Foundation. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, see * http://www.gnu.org/licenses/. */ /* * Copyright (C) 2009 FedICT. * This file is part of the eID Applet Project. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package test.unit.be.fedict.eid.applet.service.signer; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import java.util.logging.Level; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.XMLSignatureFactory; import javax.xml.crypto.dsig.dom.DOMValidateContext; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.commons.io.IOUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.poi.POIXMLDocument; import org.apache.poi.openxml4j.opc.OPCPackage; import org.apache.poi.openxml4j.opc.PackagePart; import org.apache.poi.openxml4j.opc.signature.PackageDigitalSignatureManager; import org.apache.xml.security.utils.Constants; import org.apache.xpath.XPathAPI; import org.junit.BeforeClass; import org.junit.Test; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.InputSource; import org.xml.sax.SAXException; import be.fedict.eid.applet.service.signer.KeyInfoKeySelector; import be.fedict.eid.applet.service.signer.ooxml.OOXMLProvider; import be.fedict.eid.applet.service.signer.ooxml.OOXMLSignatureVerifier; import be.fedict.eid.applet.service.signer.ooxml.OOXMLURIDereferencer; public class OOXMLSignatureVerifierTest { private static final Log LOG = LogFactory.getLog(OOXMLSignatureVerifierTest.class); @BeforeClass public static void setUp() { OOXMLProvider.install(); } @Test public void testIsOOXMLDocument() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-unsigned.docx"); // operate boolean result = OOXMLSignatureVerifier.isOOXML(url); // verify assertTrue(result); } @Test public void testIsOOXMLDocument2() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/signed-ooxml.docx"); // operate boolean result = OOXMLSignatureVerifier.isOOXML(url); // verify assertTrue(result); } @Test public void testODFIsNotOOXML() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world.odt"); // operate boolean result = OOXMLSignatureVerifier.isOOXML(url); // verify assertFalse(result); } @Test public void testPOI() throws Exception { // setup InputStream inputStream = OOXMLSignatureVerifierTest.class .getResourceAsStream("/hello-world-unsigned.docx"); // operate boolean result = POIXMLDocument.hasOOXMLHeader(inputStream); // verify assertTrue(result); } @Test public void testOPC() throws Exception { // setup InputStream inputStream = OOXMLSignatureVerifierTest.class.getResourceAsStream("/hello-world-signed.docx"); // operate OPCPackage opcPackage = OPCPackage.open(inputStream); ArrayList<PackagePart> parts = opcPackage.getParts(); for (PackagePart part : parts) { LOG.debug("part name: " + part.getPartName().getName()); LOG.debug("part content type: " + part.getContentType()); } ArrayList<PackagePart> signatureParts = opcPackage .getPartsByContentType("application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml"); assertFalse(signatureParts.isEmpty()); PackagePart signaturePart = signatureParts.get(0); LOG.debug("signature part class type: " + signaturePart.getClass().getName()); PackageDigitalSignatureManager packageDigitalSignatureManager = new PackageDigitalSignatureManager(); // yeah... POI implementation still missing } @Test public void testGetSignerUnsigned() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-unsigned.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertTrue(result.isEmpty()); } @Test public void testGetSignerOffice2010Unsigned() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class .getResource("/hello-world-office-2010-technical-preview-unsigned.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertTrue(result.isEmpty()); } @Test public void testGetSignerUnsignedPowerpoint() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-unsigned.pptx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertTrue(result.isEmpty()); } @Test public void testGetSignerUnsignedExcel() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-unsigned.xlsx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertTrue(result.isEmpty()); } @Test public void testGetSigner() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-signed.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); } @Test public void testSignedOOXML() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/signed-ooxml.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); } @Test public void testSignedOOXML2() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/signed.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); byte[] document = IOUtils.toByteArray(url.openStream()); List<String> signatureResourceNames = verifier.getSignatureResourceNames(document); Document signatureDocument = verifier.getSignatureDocument(new ByteArrayInputStream(document), signatureResourceNames.get(0)); NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); Element signatureElement = (Element) signatureNodeList.item(0); KeyInfoKeySelector keySelector = new KeyInfoKeySelector(); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureElement); domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE); OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(document); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); assertTrue(verifier.isValidOOXMLSignature(xmlSignature, document)); } @Test public void testSignedOOXMLOffice2010() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/ms-office-2010-signed.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); } @Test public void testSignedOOXMLOffice2010ValidOOXML() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hallo.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); byte[] document = IOUtils.toByteArray(url.openStream()); List<String> signatureResourceNames = verifier.getSignatureResourceNames(document); Document signatureDocument = verifier.getSignatureDocument(new ByteArrayInputStream(document), signatureResourceNames.get(0)); NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); Element signatureElement = (Element) signatureNodeList.item(0); KeyInfoKeySelector keySelector = new KeyInfoKeySelector(); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureElement); domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE); OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(document); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); assertTrue(verifier.isValidOOXMLSignature(xmlSignature, document)); } @Test public void testSignedOOXMLOffice2010Powerpoint() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/ms-office-2010-signed.pptx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); } @Test public void testSignedOOXMLOffice2010Excel() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/ms-office-2010-signed.xlsx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); } // @Test public void testOffice2010TechnicalPreview() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-office-2010-technical-preview.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); } // @Test public void testGetSignerPowerpoint() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-signed.pptx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); } @Test public void testGetSignerExcel() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-signed.xlsx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); X509Certificate signer = result.get(0); LOG.debug("signer: " + signer.getSubjectX500Principal()); } @Test public void testGetSigners() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-signed-twice.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(2, result.size()); X509Certificate signer1 = result.get(0); X509Certificate signer2 = result.get(1); LOG.debug("signer 1: " + signer1.getSubjectX500Principal()); LOG.debug("signer 2: " + signer2.getSubjectX500Principal()); } @Test public void testVerifyHyperlink() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/hyperlink-example-signed.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); } @Test public void testGetSignersOffice2010SP1() throws Exception { // setup URL url = OOXMLSignatureVerifierTest.class.getResource("/Office2010-SP1-XAdES-X-L.docx"); // operate OOXMLSignatureVerifier verifier = new OOXMLSignatureVerifier(); List<X509Certificate> result = verifier.getSigners(url); // verify assertNotNull(result); assertEquals(1, result.size()); } @Test public void testVerifySignature() throws Exception { java.util.logging.Logger logger = java.util.logging.Logger.getLogger("org.jcp.xml.dsig.internal.dom"); logger.log(Level.FINE, "test"); URL url = OOXMLSignatureVerifierTest.class.getResource("/hello-world-signed.docx"); String signatureResourceName = getSignatureResourceName(url); LOG.debug("signature resource name: " + signatureResourceName); OOXMLProvider.install(); ZipInputStream zipInputStream = new ZipInputStream(url.openStream()); ZipEntry zipEntry; while (null != (zipEntry = zipInputStream.getNextEntry())) { if (false == signatureResourceName.equals(zipEntry.getName())) { continue; } Document signatureDocument = loadDocument(zipInputStream); LOG.debug("signature loaded"); NodeList signatureNodeList = signatureDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); assertEquals(1, signatureNodeList.getLength()); Node signatureNode = signatureNodeList.item(0); KeyInfoKeySelector keySelector = new KeyInfoKeySelector(); DOMValidateContext domValidateContext = new DOMValidateContext(keySelector, signatureNode); domValidateContext.setProperty("org.jcp.xml.dsig.validateManifests", Boolean.TRUE); OOXMLURIDereferencer dereferencer = new OOXMLURIDereferencer(url); domValidateContext.setURIDereferencer(dereferencer); XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance(); XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext); boolean validity = xmlSignature.validate(domValidateContext); assertTrue(validity); List<?> objects = xmlSignature.getObjects(); for (Object object : objects) { LOG.debug("ds:Object class type: " + object.getClass().getName()); } break; } } private String getSignatureResourceName(URL url) throws IOException, ParserConfigurationException, SAXException, TransformerException { InputStream inputStream = url.openStream(); ZipInputStream zipInputStream = new ZipInputStream(inputStream); ZipEntry zipEntry; while (null != (zipEntry = zipInputStream.getNextEntry())) { if (false == "[Content_Types].xml".equals(zipEntry.getName())) { continue; } Document contentTypesDocument = loadDocument(zipInputStream); Element nsElement = contentTypesDocument.createElement("ns"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:tns", "http://schemas.openxmlformats.org/package/2006/content-types"); NodeList nodeList = XPathAPI.selectNodeList(contentTypesDocument, "/tns:Types/tns:Override[@ContentType='application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml']/@PartName", nsElement); if (nodeList.getLength() == 0) { return null; } String partName = nodeList.item(0).getTextContent(); LOG.debug("part name: " + partName); partName = partName.substring(1); // remove '/' return partName; } return null; } private Document loadDocument(InputStream documentInputStream) throws ParserConfigurationException, SAXException, IOException { InputSource inputSource = new InputSource(documentInputStream); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.parse(inputSource); return document; } }