diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3f6f5d6..2771858 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,24 +13,18 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] - jdk: [1.8, 9, 11, 15] + jdk: [8] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up JDK - uses: actions/setup-java@v1 + uses: actions/setup-java@v4 with: java-version: ${{ matrix.jdk }} - - name: Cache Maven packages - uses: actions/cache@v2 - with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 + distribution: liberica - name: Maven Build - run: mvn -V -B -DskipTests=true install + run: mvn -V -B -Dgpg.skip -DskipTests=true install + shell: bash - name: Maven Test - run: mvn -B verify -# - name: Maven Code Coverage -# if: ${{ github.ref == 'refs/heads/main' && matrix.jdk == '1.8' && matrix.os == 'ubuntu-latest' }} -# run: mvn -B jacoco:report coveralls:report -DrepoToken=${{ secrets.COVERALLS_TOKEN }} + run: mvn -V -B -Dgpg.skip verify + shell: bash diff --git a/README.md b/README.md index f7302e4..59cdade 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ [![CI](https://github.com/eXist-db/expath-crypto-module/workflows/CI/badge.svg)](https://github.com/eXist-db/expath-crypto-module/actions?query=workflow%3ACI) -# eXist-db implementation for EXPath Cryptographic Module +# Implementation of EXPath Cryptographic Module for eXist-db and Elemental -This is an eXist-db implementation of the [EXPath HTTP Crypto Module specification](http://expath.org/spec/crypto). +This is an implementation of the [EXPath HTTP Crypto Module specification](http://expath.org/spec/crypto). ## Building from source Requires: @@ -15,7 +15,7 @@ $ cd expath-crypto-module $ mvn clean package ``` -This will create a "expath-crypto-module-.xar" file in the target folder. The .xar file can be uploaded to any eXist-db version > 5.3.0 via the Dashboard. +This will create a "expath-crypto-module-.xar" file in the target folder. The .xar file can be uploaded to any eXist-db or Elemental version >= 6.0.0 via the Dashboard. ### Currently implemented functions diff --git a/pom.xml b/pom.xml index b7ecde9..6043689 100644 --- a/pom.xml +++ b/pom.xml @@ -27,16 +27,18 @@ org.exist-db exist-apps-parent - 1.11.0 + 2.0.0 + org.exist-db.xquery.extensions.expath expath-crypto-module 6.0.2-SNAPSHOT + jar eXist-db EXPath Cryptographic library eXist-db wrapper for EXPath Cryptographic Java library - http://expath.org/spec/crypto + https://expath.org/spec/crypto 2016 @@ -92,8 +94,9 @@ EXPath Cryptographic Module Implementation - 1.8.0 - 5.3.0 + 1.9.0 + 6.0.0 + 6.4.0 http://expath.org/ns/crypto org.expath.exist.crypto.ExistExpathCryptoModule crypto @@ -109,7 +112,7 @@ org.exist-db exist-core - ${exist.version} + ${existdb.version} provided @@ -121,7 +124,7 @@ org.slf4j slf4j-api - 1.7.30 + 1.7.33 provided @@ -139,7 +142,7 @@ commons-io commons-io - 2.10.0 + 2.11.0 provided @@ -152,6 +155,12 @@ + + + src/main/resources + false + + src/test/resources @@ -167,7 +176,6 @@ com.mycila license-maven-plugin - 4.1 true true @@ -209,49 +217,15 @@ pom.xml src/test/java/xquery/crypto/CryptoIT.java - - - org.apache.maven.plugins - maven-jar-plugin - 3.2.2 - - - - true - true - - - ${build-tag} - ${build-commit} - ${build-commit-abbrev} - ${build-version} - ${build-tstamp} - ${project.scm.connection} - ${project.description} - ${project.url} - - - - org.apache.maven.plugins maven-failsafe-plugin - 3.0.0-M5 + 3.5.3 @@ -264,7 +238,7 @@ com.ruleoftech markdown-page-generator-plugin - 2.3.0 + 2.4.2 prepare-package @@ -314,26 +288,17 @@ - - org.apache.maven.plugins - maven-gpg-plugin - - true - - org.apache.maven.plugins maven-release-plugin - forked-path - true @{project.version} de.jutzig github-release-plugin - 1.4.0 + 1.6.0 github-upload @@ -343,14 +308,14 @@ false - eXist implementation for EXPath Cryptographic Module - v6.0.0 + Implementation of EXPath Cryptographic Module + EXPath Crypto Module ${project.version} ${project.version} ${project.build.directory} - ${project.artifactId}*.xar + ${package-final-name}.xar @@ -361,4 +326,4 @@ - + \ No newline at end of file diff --git a/src/main/java/org/expath/exist/crypto/digest/HashFunction.java b/src/main/java/org/expath/exist/crypto/digest/HashFunction.java index 0fa4bb5..1e29271 100644 --- a/src/main/java/org/expath/exist/crypto/digest/HashFunction.java +++ b/src/main/java/org/expath/exist/crypto/digest/HashFunction.java @@ -58,10 +58,19 @@ public class HashFunction extends BasicFunction { "The cryptographic hashing algorithm."); public static final FunctionSignature FS_HASH[] = functionSignatures(FS_HASH_NAME, - "resulting hash value, as string.", returnsOptMany(Type.BYTE), - arities(arity(FS_HASH_PARAM_DATA, FS_HASH_PARAM_ALGORITHM), - arity(FS_HASH_PARAM_DATA, FS_HASH_PARAM_ALGORITHM, param("encoding", Type.STRING, - "The encoding of the output. The legal values are \"hex\" and \"base64\". The default value is \"base64\".")))); + "resulting hash value, as string.", returnsOpt(Type.STRING), + arities( + arity( + FS_HASH_PARAM_DATA, + FS_HASH_PARAM_ALGORITHM + ), + arity( + FS_HASH_PARAM_DATA, + FS_HASH_PARAM_ALGORITHM, + optParam("encoding", Type.STRING, "The encoding of the output. The legal values are \"hex\" and \"base64\". The default value is \"base64\".") + ) + ) + ); public HashFunction(final XQueryContext context, final FunctionSignature signature) { super(context, signature); diff --git a/src/main/java/org/expath/exist/crypto/digest/HmacFunction.java b/src/main/java/org/expath/exist/crypto/digest/HmacFunction.java index 933bd2b..915bac2 100644 --- a/src/main/java/org/expath/exist/crypto/digest/HmacFunction.java +++ b/src/main/java/org/expath/exist/crypto/digest/HmacFunction.java @@ -19,11 +19,7 @@ */ package org.expath.exist.crypto.digest; -import static org.exist.xquery.FunctionDSL.arities; -import static org.exist.xquery.FunctionDSL.arity; -import static org.exist.xquery.FunctionDSL.optManyParam; -import static org.exist.xquery.FunctionDSL.param; -import static org.exist.xquery.FunctionDSL.returnsOptMany; +import static org.exist.xquery.FunctionDSL.*; import static org.expath.exist.crypto.ExistExpathCryptoModule.functionSignatures; import java.io.IOException; @@ -60,10 +56,21 @@ public class HmacFunction extends BasicFunction { "The cryptographic hashing algorithm."); public final static FunctionSignature FS_HMAC[] = functionSignatures(FS_HMAC_NAME, "Hashes the input message.", - returnsOptMany(Type.BYTE), - arities(arity(FS_HMAC_PARAM_DATA, FS_HMAC_PARAM_KEY, FS_HMAC_PARAM_ALGORITHM), - arity(FS_HMAC_PARAM_DATA, FS_HMAC_PARAM_KEY, FS_HMAC_PARAM_ALGORITHM, param("encoding", Type.STRING, - "The encoding of the output. The legal values are \"hex\" and \"base64\". The result is generated accordingly as xs:base64Binary string or xs:hexBinary string.")))); + returnsOpt(Type.STRING), + arities( + arity( + FS_HMAC_PARAM_DATA, + FS_HMAC_PARAM_KEY, + FS_HMAC_PARAM_ALGORITHM + ), + arity( + FS_HMAC_PARAM_DATA, + FS_HMAC_PARAM_KEY, + FS_HMAC_PARAM_ALGORITHM, + param("encoding", Type.STRING, "The encoding of the output. The legal values are \"hex\" and \"base64\". The result is generated accordingly as xs:base64Binary string or xs:hexBinary string.") + ) + ) + ); public HmacFunction(final XQueryContext context, final FunctionSignature signature) { super(context, signature); @@ -87,24 +94,25 @@ public Sequence eval(final Sequence[] args, final Sequence contextSequence) thro final String algorithm = args[2].getStringValue(); LOG.debug("algorithm = {}", algorithm); + final String encoding; + final String resultString; if (argsLength == 3) { + encoding = "base64"; final byte[] resultBytes; if (data.isLeft()) { try (final InputStream is = data.left().get()) { - resultBytes = Hmac.hmac(is, secretKey, algorithm); + resultString = Hmac.hmac(is, secretKey, algorithm, encoding); } dataStreamClosed = true; } else { - resultBytes = Hmac.hmac(data.right().get(), secretKey, algorithm); + resultString = Hmac.hmac(data.right().get(), secretKey, algorithm, encoding); } - result = Conversion.byteArrayToIntegerSequence(resultBytes); + result = new StringValue(resultString); } else if (argsLength == 4) { - final String encoding = args[3].getStringValue().isEmpty() ? "base64" : args[3].getStringValue(); + encoding = args[3].getStringValue().isEmpty() ? "base64" : args[3].getStringValue(); LOG.debug("encoding = {}", encoding); - final String resultString; - if (data.isLeft()) { try (final InputStream is = data.left().get()) { resultString = Hmac.hmac(is, secretKey, algorithm, encoding); diff --git a/src/main/java/org/expath/exist/crypto/digitalSignature/GenerateSignatureFunction.java b/src/main/java/org/expath/exist/crypto/digitalSignature/GenerateSignatureFunction.java index f908d56..b612b29 100644 --- a/src/main/java/org/expath/exist/crypto/digitalSignature/GenerateSignatureFunction.java +++ b/src/main/java/org/expath/exist/crypto/digitalSignature/GenerateSignatureFunction.java @@ -30,7 +30,9 @@ import java.io.StringReader; import java.net.URISyntaxException; import java.security.PrivateKey; +import java.util.Optional; +import javax.annotation.Nullable; import javax.xml.crypto.dsig.XMLSignatureException; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -38,12 +40,17 @@ import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; +import com.evolvedbinary.j8fu.function.ConsumerE; +import org.exist.EXistException; import org.exist.Namespaces; import org.exist.dom.memtree.SAXAdapter; import org.exist.dom.persistent.BinaryDocument; import org.exist.dom.persistent.DocumentImpl; import org.exist.dom.persistent.LockedDocument; import org.exist.security.PermissionDeniedException; +import org.exist.security.Subject; +import org.exist.storage.BrokerPool; +import org.exist.storage.DBBroker; import org.exist.storage.lock.Lock.LockMode; import org.exist.storage.serializers.Serializer; import org.exist.storage.txn.TransactionException; @@ -170,11 +177,25 @@ public Sequence eval(final Sequence[] args, final Sequence contextSequence) thro return new StringValue(output); } else { - Serializer serializer = context.getBroker().getSerializer(); NodeValue inputNode = (NodeValue) args[0].itemAt(0); Document inputDOMDoc; - try (InputStream inputNodeStream = new NodeInputStream(context.getBroker().getBrokerPool(), serializer, + final BrokerPool brokerPool = context.getBroker().getBrokerPool(); + final Subject activeSubject = context.getSubject(); + final ConsumerE, IOException> withSerializerFn = fn -> { + try (final DBBroker broker = brokerPool.get(Optional.of(activeSubject))) { + final Serializer serializer = broker.borrowSerializer(); + try { + fn.accept(serializer); + } finally { + context.getBroker().returnSerializer(serializer); + } + } catch (final EXistException e) { + throw new IOException(e.getMessage(), e); + } + }; + + try (final InputStream inputNodeStream = new NodeInputStream(context.getBroker().getBrokerPool(), withSerializerFn, inputNode)) { inputDOMDoc = inputStreamToDocument(inputNodeStream); } catch (IOException e) { @@ -191,7 +212,7 @@ public Sequence eval(final Sequence[] args, final Sequence contextSequence) thro Document signatureDocument = null; // get the XPath expression and/or the certificate's details - String xpathExprString = null; + @Nullable String xpathExprString = null; String[] certificateDetails = new String[5]; certificateDetails[0] = ""; InputStream keyStoreInputStream = null; @@ -200,7 +221,7 @@ public Sequence eval(final Sequence[] args, final Sequence contextSequence) thro // signature with 7 arguments if (args.length == 7) { - if (args[6].itemAt(0).getType() == 22) { + if (args[6].getItemCount() > 0 && args[6].itemAt(0).getType() == Type.STRING) { xpathExprString = args[6].getStringValue(); } else if (args[6].itemAt(0).getType() == 1) { final Node certificateDetailsNode = ((NodeValue) args[6].itemAt(0)).getNode(); @@ -213,7 +234,9 @@ public Sequence eval(final Sequence[] args, final Sequence contextSequence) thro // signature with 8 arguments if (args.length == 8) { - xpathExprString = args[6].getStringValue(); + if (args[6].getItemCount() > 0) { + xpathExprString = args[6].getStringValue(); + } final Node certificateDetailsNode = ((NodeValue) args[7].itemAt(0)).getNode(); // get the certificate details certificateDetails = getDigitalCertificateDetails(certificateDetails, certificateDetailsNode); diff --git a/src/main/java/org/expath/exist/crypto/encrypt/EncryptionFunctions.java b/src/main/java/org/expath/exist/crypto/encrypt/EncryptionFunctions.java index 4b09943..6b74f05 100644 --- a/src/main/java/org/expath/exist/crypto/encrypt/EncryptionFunctions.java +++ b/src/main/java/org/expath/exist/crypto/encrypt/EncryptionFunctions.java @@ -139,9 +139,7 @@ private Sequence encrypt(byte[] data, CryptType encryptType, String secretKey, S LOG.debug("encrypt result = {}", result); return new StringValue(result); - } catch ( - - CryptoException e) { + } catch (final CryptoException e) { throw new EXpathCryptoException(this, e.getCryptoError()); } catch (IOException e) { throw new EXpathCryptoException(this, e); diff --git a/src/test/java/xquery/crypto/CryptoIT.java b/src/test/java/xquery/crypto/CryptoIT.java index 951938b..9bb2e29 100644 --- a/src/test/java/xquery/crypto/CryptoIT.java +++ b/src/test/java/xquery/crypto/CryptoIT.java @@ -17,7 +17,7 @@ * along with this library; if not, write to the Free Software Foundation, * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -package xquery.maps; +package xquery.crypto; import org.exist.test.runner.XSuite; import org.junit.runner.RunWith; diff --git a/src/test/resources/xquery/crypto/ar.bmp b/src/test/resources/xquery/crypto/ar.bmp new file mode 100644 index 0000000..05c4879 Binary files /dev/null and b/src/test/resources/xquery/crypto/ar.bmp differ diff --git a/src/test/xquery/crypto/crypto-tests.xqm b/src/test/xquery/crypto/crypto-tests.xqm index a3e0780..1cd66c8 100644 --- a/src/test/xquery/crypto/crypto-tests.xqm +++ b/src/test/xquery/crypto/crypto-tests.xqm @@ -25,7 +25,7 @@ module namespace ct = "http://expath.org/ns/crypto/test"; import module "http://expath.org/ns/crypto"; -declare namespace test="http://exist-db.org/xquery/xqsuite"; +declare namespace test = "http://exist-db.org/xquery/xqsuite"; declare variable $ct:doc-1 := document { @@ -60,6 +60,9 @@ ZpJmWV2y1zIqxRnsjBlPLraX4Sx9DBEDw2H8aWhN1oIjAoGBANc0gizRHGfOK2UASXskuO5Ueias s1tkDtD9uOJN6CsLuVjfuo4ZT5SwC7pq842aQrqJveKWKdzEorQjWKeN8OM2wzEMs0P1 -----END RSA PRIVATE KEY-----"; +(: Inline representation of xquery/crypto/ar.bmp :) +declare variable $ct:bin-file-b64 := xs:base64Binary("Qk2KAgAAAAAAAIoAAAB8AAAAEAAAABAAAAABABAAAwAAAAACAAAjLgAAIy4AAAAAAAAAAAAAAPgAAOAHAAAfAAAAAAAAAEJHUnMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////wAA//8AAAAAAAAAAAAA/////wAAAAD//wAAAAAAAP//AAD//wAAAAAAAAAA//8AAP///////wAAAAAAAAAA//8AAP//AAAAAAAA//8AAAAAAAD//////////////////wAA//////////8AAAAAAAAAAAAA//8AAAAAAAD//wAA////////AAAAAAAAAAAAAAAAAAD//wAAAAAAAP//AAD///////8AAAAAAAAAAAAAAAAAAP//AAAAAP//AAAAAP//AAAAAP//AAAAAAAAAAAAAAAAAAD//wAA//8AAAAA//8AAAAA//8AAAAAAAAAAAAAAAAAAP//AAD//wAAAAD//wAAAAAAAP//AAAAAAAAAAAAAAAA/////wAAAAAAAP//AAAAAAAA//8AAAAAAAAAAAAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAAAAAAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAAAAAAAAAAAAD//wAAAAAAAP//////////AAAAAAAAAAAAAAAAAAAAAP//AAAAAAAA//8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="); + declare %test:setUp function ct:setup() { @@ -67,6 +70,7 @@ function ct:setup() { return ( xmldb:store("/db/test", "doc-1.xml", $ct:doc-1), + xmldb:store-as-binary("/db/test", "ar.bmp", $ct:bin-file-b64), let $keystore := fn:unparsed-text("resource:xquery/crypto/keystore.ks") return @@ -89,7 +93,7 @@ function ct:aws-rest-request() { c8fdb181845a4ca6b8fec737b3581d76 text/html Thu, 17 Nov 2005 18:49:58 GMT -x-amz-magic:password +x-amz-magic:abracadabra x-amz-meta-author:foo@bar.com /quotes/nelson" let $private-key := "OtxrzxIsfpFjA7SwPzILwy8Bw21TLhquhboDYROV" @@ -121,7 +125,7 @@ declare function ct:decrypt-string-with-aes-symmetric-key-cbc-mode() { let $iv := crypto:hash("initialization vector", "MD5", "base64") return - crypto:decrypt("51-143-171-200-187-20-34-252-231-243-254-42-36-13-9-123-191-251-243-42-3-238-193-13-155-168-139-67-135-3-143-54", "symmetric", "1234567890123456", "AES/CBC/PKCS5Padding", $iv, "SunJCE") + crypto:decrypt("M4+ryLsUIvzn8/4qJA0Je7/78yoD7sENm6iLQ4cDjzY=", "symmetric", "1234567890123456", "AES/CBC/PKCS5Padding", $iv, "SunJCE") }; (:~ Symmetric decryption of a string with AES/CBC/PKCS5Padding transformation, 128 bytes key, and default provider. :) @@ -131,7 +135,7 @@ declare function ct:decrypt-string-with-aes-symmetric-key-cbc-mode-default-provider() { let $iv := crypto:hash("initialization vector", "MD5", "base64") return - crypto:decrypt("51-143-171-200-187-20-34-252-231-243-254-42-36-13-9-123-191-251-243-42-3-238-193-13-155-168-139-67-135-3-143-54", "symmetric", "1234567890123456", "AES/CBC/PKCS5Padding", $iv, ()) + crypto:decrypt("M4+ryLsUIvzn8/4qJA0Je7/78yoD7sENm6iLQ4cDjzY=", "symmetric", "1234567890123456", "AES/CBC/PKCS5Padding", $iv, ()) }; (:~ Symmetric decryption of a string with AES transformation (implicit ECB mode), and 128 bytes key. :) @@ -139,13 +143,13 @@ declare %test:name("Symmetric decryption of string, AES") %test:assertEquals("Short string for tests.") function ct:decrypt-string-with-aes-symmetric-key-ecb-mode() { - crypto:decrypt("222-157-20-54-132-99-46-30-73-43-253-148-61-155-86-141-51-56-40-42-31-168-189-56-236-102-58-237-175-171-9-87", "symmetric", "1234567890123456", "AES", (), "SunJCE") + crypto:decrypt("3p0UNoRjLh5JK/2UPZtWjTM4KCofqL047GY67a+rCVc=", "symmetric", "1234567890123456", "AES", (), "SunJCE") }; (:~ Symmetric encryption of a string with AES/CBC/PKCS5Padding transformation, and 128 bytes key. :) declare %test:name("Symmetric encryption of string, AES/CBC/PKCS5Padding") - %test:assertEquals("51-143-171-200-187-20-34-252-231-243-254-42-36-13-9-123-191-251-243-42-3-238-193-13-155-168-139-67-135-3-143-54") + %test:assertEquals("M4+ryLsUIvzn8/4qJA0Je7/78yoD7sENm6iLQ4cDjzY=") function ct:encrypt-string-with-aes-symmetric-key-cbc-mode() { let $iv := crypto:hash("initialization vector", "MD5", "base64") return @@ -155,7 +159,7 @@ function ct:encrypt-string-with-aes-symmetric-key-cbc-mode() { (:~ Symmetric encryption of a string with AES/CBC/PKCS5Padding transformation, 128 bytes key, and default provider. :) declare %test:name("Symmetric encryption of string, AES/CBC/PKCS5Padding, default provider") - %test:assertEquals("51-143-171-200-187-20-34-252-231-243-254-42-36-13-9-123-191-251-243-42-3-238-193-13-155-168-139-67-135-3-143-54") + %test:assertEquals("M4+ryLsUIvzn8/4qJA0Je7/78yoD7sENm6iLQ4cDjzY=") function ct:encrypt-string-with-aes-symmetric-key-cbc-mode-default-provider() { let $iv := crypto:hash("initialization vector", "MD5", "base64") return @@ -165,7 +169,7 @@ function ct:encrypt-string-with-aes-symmetric-key-cbc-mode-default-provider() { (:~ Symmetric encryption of a string with AES transformation (implicit ECB mode), and 128 bytes key. :) declare %test:name("Symmetric encryption of string, AES") - %test:assertEquals("222-157-20-54-132-99-46-30-73-43-253-148-61-155-86-141-51-56-40-42-31-168-189-56-236-102-58-237-175-171-9-87") + %test:assertEquals("3p0UNoRjLh5JK/2UPZtWjTM4KCofqL047GY67a+rCVc=") function ct:encrypt-string-with-aes-symmetric-key-ecb-mode() { crypto:encrypt("Short string for tests.", "symmetric", "1234567890123456", "AES", (), "SunJCE") }; @@ -173,7 +177,7 @@ function ct:encrypt-string-with-aes-symmetric-key-ecb-mode() { (:~ Symmetric encryption of a string with AES/CBC/PKCS5Padding transformation, and wrong key. :) declare %test:name("Symmetric encryption of string, AES/CBC/PKCS5Padding, wrong key") - %test:assertError("err:CX19: The secret key is invalid") + %test:assertError("crypto:invalid-crypto-key") function ct:encrypt-string-with-aes-wrong-symmetric-key-cbc-Mode() { let $iv := crypto:hash("initialization vector", "MD5", "") return @@ -183,7 +187,7 @@ function ct:encrypt-string-with-aes-wrong-symmetric-key-cbc-Mode() { (:~ Symmetric encryption of a string with AES/CBC/PKCS5Padding transformation, wrong key, and default provider. :) declare %test:name("Symmetric encryption of string, AES/CBC/PKCS5Padding, wrong key, default provider") - %test:assertEquals("err:CX19: The secret key is invalid") + %test:assertError("crypto:invalid-crypto-key") function ct:encrypt-string-with-aes-wrong-symmetric-key-cbc-mode-default-provider() { let $iv := crypto:hash("initialization vector", "MD5", "") return @@ -198,6 +202,7 @@ function ct:encrypt-string-with-aes-wrong-symmetric-key-cbc-mode-default-provide declare %test:name("Generate enveloped digital signature") %test:assertEquals("/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9xD7nN1kuFw==") + %test:pending("Need to find a way to load the keystore.ks correctly from the filesystem") function ct:generate-enveloped-digital-signature() { let $sample-doc := $ct:doc-1 let $certificate-details := @@ -208,7 +213,7 @@ function ct:generate-enveloped-digital-signature() { kpi135 xmldb:///db/test/keystore.ks - let $signed-doc := crypto:generate-signature($sample-doc, "inclusive", "SHA1", "DSA_SHA1", "dsig", "enveloped") + let $signed-doc := crypto:generate-signature($sample-doc, "inclusive", "SHA1", "DSA_SHA1", "dsig", "enveloped", $certificate-details) return $signed-doc//*[local-name() = 'P']/text() }; @@ -216,9 +221,9 @@ function ct:generate-enveloped-digital-signature() { (:~ Hashing a binary by using 'MD5' algorithm. :) declare %test:name("'MD5' hashing for binary") - %test:assertEquals("UI/aOJodA6gtJPitQ6xcJA==") + %test:assertEquals("VNwDbnAq3AQR6ZK3Bvwprg==") function ct:hash-binary-with-md5() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "MD5", "base64") }; @@ -226,9 +231,9 @@ function ct:hash-binary-with-md5() { (:~ Hashing a binary by using 'MD5' algorithm and the default format. :) declare %test:name("'MD5' hashing for binary, default format") - %test:assertEquals("UI/aOJodA6gtJPitQ6xcJA==") + %test:assertEquals("VNwDbnAq3AQR6ZK3Bvwprg==") function ct:hash-binary-with-md5-and-default-format() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "MD5", ()) }; @@ -236,9 +241,9 @@ function ct:hash-binary-with-md5-and-default-format() { (:~ Hashing a binary by using 'SHA-1' algorithm. :) declare %test:name("'SHA-1' hashing for binary") - %test:assertEquals("GyscHvnJKxInsBLgSg/FRAmQXYU=") + %test:assertEquals("S2F5A7L9ZAiVm65/aomONS1+3EM=") function ct:hash-binary-with-sha1() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-1", "base64") }; @@ -246,9 +251,9 @@ function ct:hash-binary-with-sha1() { (:~ Hashing a binary by using 'SHA-1' algorithm and the default format. :) declare %test:name("'SHA-1' hashing for binary, default format") - %test:assertEquals("GyscHvnJKxInsBLgSg/FRAmQXYU=") + %test:assertEquals("S2F5A7L9ZAiVm65/aomONS1+3EM=") function ct:hash-binary-with-sha1-and-default-format() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-1", ()) }; @@ -256,9 +261,9 @@ function ct:hash-binary-with-sha1-and-default-format() { (:~ Hashing a binary by using 'SHA-256' algorithm. :) declare %test:name("'SHA-256' hashing for binary") - %test:assertEquals("37JiNBym250ye3aUJ04RaZg3SFSP03qJ8FR/I1JckVI=") + %test:assertEquals("uW6xdcIIbWTjz/j3ypYMNuFqIbD2Iy3wn7+g+qY8VUY=") function ct:hash-binary-with-sha256() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-256", "base64") }; @@ -266,9 +271,9 @@ function ct:hash-binary-with-sha256() { (:~ Hashing a binary by using 'SHA-256' algorithm and the default format. :) declare %test:name("'SHA-256' hashing for binary, default format") - %test:assertEquals("37JiNBym250ye3aUJ04RaZg3SFSP03qJ8FR/I1JckVI=") + %test:assertEquals("uW6xdcIIbWTjz/j3ypYMNuFqIbD2Iy3wn7+g+qY8VUY=") function ct:hash-binary-with-sha256-and-default-format() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-256", ()) }; @@ -276,9 +281,9 @@ function ct:hash-binary-with-sha256-and-default-format() { (:~ Hashing a binary by using 'SHA-384' algorithm. :) declare %test:name("'SHA-384' hashing for binary") - %test:assertEquals("DcQ3caBftiQCIQn96Pr8PC2vzs17Re0tZ8/CZnOoucu/N+818uqAXxR7l9oxYgoW") + %test:assertEquals("lA162A+CFLzsc4PNnskzkFJlw4DE++P9h4Ve83o0CMiGBd1vuR5wNoXQdnPa8fP6") function ct:hash-binary-with-sha384() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-384", "base64") }; @@ -286,9 +291,9 @@ function ct:hash-binary-with-sha384() { (:~ Hashing a string by using 'SHA-384' algorithm and the default format. :) declare %test:name("'SHA-384' hashing for binary, default format") - %test:assertEquals("DcQ3caBftiQCIQn96Pr8PC2vzs17Re0tZ8/CZnOoucu/N+818uqAXxR7l9oxYgoW") + %test:assertEquals("lA162A+CFLzsc4PNnskzkFJlw4DE++P9h4Ve83o0CMiGBd1vuR5wNoXQdnPa8fP6") function ct:hash-binary-with-sha384-and-default-format() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-384", ()) }; @@ -296,9 +301,9 @@ function ct:hash-binary-with-sha384-and-default-format() { (:~ Hashing a binary by using 'SHA-512' algorithm. :) declare %test:name("'SHA-512' hashing for binary") - %test:assertEquals("Be+hlGy9TNibbaE+6DA2gu6kNj2GS+7b4egFcJDMzQSFQiGgFtTh/mD61ta4pDvc+jqHFlqOyJLHirkROd86Mw==") + %test:assertEquals("i1zN/jL9ARygszMlZDdPY1ebyxD8tBNuqRlGEmnJ0cCUvEADUsJAGgVMGJqw9BMCrJWKm13O/NvX4NIFT43ctQ==") function ct:hash-binary-with-sha512() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-512", "base64") }; @@ -306,9 +311,9 @@ function ct:hash-binary-with-sha512() { (:~ Hashing a binary by using 'SHA-512' algorithm and the default format. :) declare %test:name("'SHA-512' hashing for binary, default format") - %test:assertEquals("Be+hlGy9TNibbaE+6DA2gu6kNj2GS+7b4egFcJDMzQSFQiGgFtTh/mD61ta4pDvc+jqHFlqOyJLHirkROd86Mw==") + %test:assertEquals("i1zN/jL9ARygszMlZDdPY1ebyxD8tBNuqRlGEmnJ0cCUvEADUsJAGgVMGJqw9BMCrJWKm13O/NvX4NIFT43ctQ==") function ct:hash-binary-with-sha512-and-default-format() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-512", ()) }; @@ -316,9 +321,9 @@ function ct:hash-binary-with-sha512-and-default-format() { (:~ Hashing a binary with a wrong algorithm. Test will pass if the correct error is thrown. :) declare %test:name("Hash binary with wrong algorithm") - %test:assertError("err:CX21: The algorithm is not supported.") + %test:assertError("crypto:unknown-algorithm") function ct:hash-binary-with-wrong-algorithm() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-17", "base64") }; @@ -326,9 +331,9 @@ function ct:hash-binary-with-wrong-algorithm() { (:~ Hashing a binary with a wrong algorithm and the default format. Test will pass if the correct error is thrown. :) declare %test:name("Hash binary with wrong algorithm, default format") - %test:assertError("err:CX21: The algorithm is not supported.") + %test:assertError("crypto:unknown-algorithm") function ct:hash-binary-with-wrong-algorithm-and-default-format() { - let $input := util:binary-doc("/db/test/keystore.ks") + let $input := util:binary-doc("/db/test/ar.bmp") return crypto:hash($input, "SHA-17", ()) }; @@ -541,6 +546,7 @@ function ct:hmac-string-with-sha512-and-default-format() { declare %test:name("Validate enveloped digital signature") %test:assertTrue + %test:pending("Need to find a way to load the keystore.ks correctly from the filesystem") function ct:validate-enveloped-digital-signature() { let $input := $ct:doc-1 let $certificate-details := @@ -551,7 +557,7 @@ function ct:validate-enveloped-digital-signature() { kpi135 xmldb:///db/test/keystore.ks - let $signed-doc := crypto:generate-signature($input, "inclusive", "SHA1", "DSA_SHA1", "dsig", "enveloped") + let $signed-doc := crypto:generate-signature($input, "inclusive", "SHA1", "DSA_SHA1", "dsig", "enveloped", $certificate-details) return crypto:validate-signature($signed-doc) }; diff --git a/xar-assembly.xml b/xar-assembly.xml index d944e5d..107950c 100644 --- a/xar-assembly.xml +++ b/xar-assembly.xml @@ -31,16 +31,17 @@ ${project.artifactId} expath library - exist Libraries - eXist extensions - + + + + ${project.groupId} ${project.artifactId} ${project.version} - ${project.artifactId}-exist-java-lib-${project.version}.jar + ${project.artifactId}-db-impl-java-lib-${project.version}.jar org.expath.crypto