HMAC verification

Author: fcorneli

.gitignore

@@ -5,4 +5,5 @@ p.txt
 .DS_Store
 *.*~
 *.swp
-npm-debug.log
+npm-debug.log
+/test/validators/XmlCryptoJava/target/

lib/signed-xml.js

@@ -163,6 +163,15 @@ function RSASHA512() {
   }
 }
 
+function HMACSHA1() {
+    this.verifySignature = function(str, key, signatureValue) {
+        var verifier = crypto.createHmac("SHA1", key);
+        verifier.update(str);
+        var res = verifier.digest('base64');
+        return res === signatureValue;
+    }
+}
+
 /**
 * Xml signature implementation
 *
@@ -202,7 +211,8 @@ SignedXml.HashAlgorithms = {
 SignedXml.SignatureAlgorithms = {
   'http://www.w3.org/2000/09/xmldsig#rsa-sha1': RSASHA1,
   'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': RSASHA256,
-  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': RSASHA512
+  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': RSASHA512,
+  'http://www.w3.org/2000/09/xmldsig#hmac-sha1': HMACSHA1
 }
 
 SignedXml.prototype.checkSignature = function(xml) {

package.json

@@ -34,6 +34,6 @@
     }
   ],
   "scripts": {
-    "test": "nodeunit ./test/canonicalization-unit-tests.js ./test/c14nWithComments-unit-tests.js ./test/signature-unit-tests.js ./test/saml-response-test.js ./test/signature-integration-tests.js ./test/document-test.js"
+    "test": "nodeunit ./test/canonicalization-unit-tests.js ./test/c14nWithComments-unit-tests.js ./test/signature-unit-tests.js ./test/saml-response-test.js ./test/signature-integration-tests.js ./test/document-test.js ./test/hmac-tests.js"
   }
 }

test/hmac-tests.js

@@ -0,0 +1,27 @@
+var crypto = require('../index');
+var xmldom = require('xmldom');
+var fs = require('fs');
+
+exports['test validating HMAC signature'] = function (test) {
+    var xml = fs.readFileSync('./test/static/hmac_signature.xml', 'utf-8');
+    var doc = new xmldom.DOMParser().parseFromString(xml);
+    var signature = crypto.xpath(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
+    var sig = new crypto.SignedXml();
+    sig.keyInfoProvider = new crypto.FileKeyInfo("./test/static/hmac.key");
+    sig.loadSignature(signature);
+    var result = sig.checkSignature(xml);
+    test.equal(result, true);
+    test.done();
+};
+
+exports['test HMAC signature with incorrect key'] = function (test) {
+    var xml = fs.readFileSync('./test/static/hmac_signature.xml', 'utf-8');
+    var doc = new xmldom.DOMParser().parseFromString(xml);
+    var signature = crypto.xpath(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
+    var sig = new crypto.SignedXml();
+    sig.keyInfoProvider = new crypto.FileKeyInfo("./test/static/hmac-foobar.key");
+    sig.loadSignature(signature);
+    var result = sig.checkSignature(xml);
+    test.equal(result, false);
+    test.done();
+};

test/static/hmac-foobar.key

@@ -0,0 +1,2 @@
+���F������G�}�P\���+=�(�9��(��z��
+)e�� �,�z6��8��ã

test/static/hmac.key

@@ -0,0 +1 @@
+R���� -��B��%��P)����A�kl�`9��7�<�YzC�Y^q�q_�"q؎1�C�o� 

test/static/hmac_signature.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><test:Root xmlns:test="urn:test"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>8ZvjCBK4twpNullktn5R4thOSezHWxuouNf6siHYJ1E=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>EEX7i+HCAfEELjwwKP1vKyPrW10=</ds:SignatureValue><ds:KeyInfo><ds:KeyName>some-key-name</ds:KeyName></ds:KeyInfo></ds:Signature></test:Root>

test/validators/XmlCryptoJava/pom.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <name>XML Crypto Java Tests</name>
+    <groupId>org.nodejs</groupId>
+    <artifactId>xml-crypto-java</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+    <inceptionYear>2015</inceptionYear>
+    <licenses>
+        <license>
+            <name>MIT License</name>
+            <url>http://www.opensource.org/licenses/mit-license.php</url>
+        </license>
+    </licenses>
+    <developers>
+        <developer>
+            <id>fcorneli</id>
+            <name>Frank Cornelis</name>
+            <email>[email protected]</email>
+        </developer>
+    </developers>
+    <dependencies>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.12</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.12</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+            <version>1.7.12</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>1.2.17</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.4</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.3</version>
+                <configuration>
+                    <source>1.7</source>
+                    <target>1.7</target>
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+</project>

test/validators/XmlCryptoJava/src/test/java/org/nodejs/xmlcrypto/HMACTest.java

@@ -0,0 +1,119 @@
+package org.nodejs.xmlcrypto;
+
+import java.io.File;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import org.apache.commons.io.FileUtils;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+public class HMACTest {
+    
+    public static final String NamespaceSpecNS = "http://www.w3.org/2000/xmlns/";
+    
+    private static final Logger LOGGER = LoggerFactory
+            .getLogger(HMACTest.class);
+    
+    @Test
+    public void testCreateHMACSignature() throws Exception {
+        // generate key
+        KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacSHA1");
+        SecretKey secretKey = keyGenerator.generateKey();
+
+        // generate DOM document
+        DocumentBuilderFactory documentBuilderFactory
+                = DocumentBuilderFactory.newInstance();
+        documentBuilderFactory.setNamespaceAware(true);
+        DocumentBuilder documentBuilder = documentBuilderFactory
+                .newDocumentBuilder();
+        Document document = documentBuilder.newDocument();
+        Element rootElement = document.createElementNS("urn:test",
+                "test:Root");
+        rootElement.setAttributeNS(NamespaceSpecNS,
+                "xmlns:test", "urn:test");
+        document.appendChild(rootElement);
+        
+        XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory
+                .getInstance("DOM");
+
+        // XML Signature references
+        List<Reference> references = new LinkedList<>();
+        List<Transform> transforms = new LinkedList<>();
+        Transform envTransform = xmlSignatureFactory.newTransform(
+                CanonicalizationMethod.ENVELOPED,
+                (C14NMethodParameterSpec) null);
+        transforms.add(envTransform);
+        Transform exclTransform = xmlSignatureFactory.newTransform(
+                CanonicalizationMethod.EXCLUSIVE,
+                (C14NMethodParameterSpec) null);
+        transforms.add(exclTransform);
+        Reference reference = xmlSignatureFactory.newReference("",
+                xmlSignatureFactory.newDigestMethod(DigestMethod.SHA256,
+                        null), transforms, null, null);
+        references.add(reference);
+
+        // XML Signature SignedInfo
+        SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
+                xmlSignatureFactory.newCanonicalizationMethod(
+                        CanonicalizationMethod.EXCLUSIVE,
+                        (C14NMethodParameterSpec) null),
+                xmlSignatureFactory.newSignatureMethod(
+                        SignatureMethod.HMAC_SHA1,
+                        null), references);
+
+        // XML Signature KeyInfo
+        KeyInfoFactory keyInfoFactory
+                = xmlSignatureFactory.getKeyInfoFactory();
+        KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections
+                .singletonList(keyInfoFactory.newKeyName("some-key-name")));
+        
+        Element parentElement = document.getDocumentElement();
+        DOMSignContext domSignContext = new DOMSignContext(
+                secretKey, parentElement);
+        domSignContext.setDefaultNamespacePrefix("ds");
+        XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(
+                signedInfo, keyInfo);
+        xmlSignature.sign(domSignContext);
+        
+        File tmpFile = File.createTempFile("xml-signature-hmac-", ".xml");
+        LOGGER.debug("XML signature file: {}", tmpFile.getAbsolutePath());
+        toFile(document, tmpFile);
+        
+        File tmpKeyFile = File.createTempFile("hmac-", ".key");
+        FileUtils.writeByteArrayToFile(tmpKeyFile, secretKey.getEncoded());
+        LOGGER.debug("key file: {}", tmpKeyFile.getAbsolutePath());
+        
+    }
+    
+    private void toFile(Node node, File file) throws Exception {
+        TransformerFactory transformerFactory = TransformerFactory
+                .newInstance();
+        Transformer transformer = transformerFactory.newTransformer();
+        transformer.transform(new DOMSource(node), new StreamResult(file));
+    }
+}

test/validators/XmlCryptoJava/src/test/resources/log4j.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"
+                     debug="false">
+    <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+        <param name="Target" value="System.out" />
+        <param name="Threshold" value="DEBUG" />
+        <layout class="org.apache.log4j.PatternLayout">
+            <param name="ConversionPattern"
+                   value="%-5p [%c{1}] %m%n" />
+        </layout>
+    </appender>
+    <root>
+        <appender-ref ref="CONSOLE" />
+    </root>
+</log4j:configuration>