2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "XMLObjectBaseTestCase.h"
19 #include <xmltooling/security/SecurityHelper.h>
21 #include <xsec/enc/XSECCryptoKey.hpp>
22 #include <xsec/enc/XSECCryptoX509.hpp>
24 class SecurityHelperTest : public CxxTest::TestSuite {
25 vector<XSECCryptoX509*> certs;
27 SOAPTransport* getTransport(const char* url) {
28 SOAPTransport::Address addr("SecurityHelperTest", "spaces.internet2.edu", url);
29 string scheme(addr.m_endpoint, strchr(addr.m_endpoint,':') - addr.m_endpoint);
30 return XMLToolingConfig::getConfig().SOAPTransportManager.newPlugin(scheme.c_str(), addr);
37 for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
41 void testKeysFromFiles() {
42 string pathname = data_path + "key.pem";
43 auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromFile(pathname.c_str()));
44 pathname = data_path + "key.der";
45 auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromFile(pathname.c_str()));
46 pathname = data_path + "test.pfx";
47 auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromFile(pathname.c_str(), NULL, "password"));
49 TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
50 TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
52 pathname = data_path + "key2.pem";
53 auto_ptr<XSECCryptoKey> key4(SecurityHelper::loadKeyFromFile(pathname.c_str()));
54 TSM_ASSERT("Different keys matched", !SecurityHelper::matches(*key3.get(), *key4.get()));
57 void testKeysFromURLs() {
58 string pathname = data_path + "key.pem.bak";
59 auto_ptr<SOAPTransport> t1(getTransport("https://spaces.internet2.edu/download/attachments/5305/key.pem"));
60 auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromURL(*t1.get(), pathname.c_str()));
61 pathname = data_path + "key.der.bak";
62 auto_ptr<SOAPTransport> t2(getTransport("https://spaces.internet2.edu/download/attachments/5305/key.der"));
63 auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromURL(*t2.get(), pathname.c_str()));
64 pathname = data_path + "test.pfx.bak";
65 auto_ptr<SOAPTransport> t3(getTransport("https://spaces.internet2.edu/download/attachments/5305/test.pfx"));
66 auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromURL(*t3.get(), pathname.c_str(), NULL, "password"));
68 TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
69 TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
72 void testCertificatesFromFiles() {
73 string pathname = data_path + "cert.pem";
74 SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
75 pathname = data_path + "cert.der";
76 SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
77 pathname = data_path + "test.pfx";
78 SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str(), NULL, "password");
80 TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
82 auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
83 auto_ptr<XSECCryptoKey> key2(certs[1]->clonePublicKey());
84 auto_ptr<XSECCryptoKey> key3(certs[2]->clonePublicKey());
86 TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
87 TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
90 "Certificate and its key produced different DER encodings",
91 SecurityHelper::getDEREncoding(*certs[2]), SecurityHelper::getDEREncoding(*key1.get())
95 "Certificate and its key produced different hashed encodings",
96 SecurityHelper::getDEREncoding(*certs[2], "SHA1"), SecurityHelper::getDEREncoding(*key1.get(), "SHA1")
100 "Certificate and its key produced different hashed encodings",
101 SecurityHelper::getDEREncoding(*certs[2], "SHA256"), SecurityHelper::getDEREncoding(*key1.get(), "SHA256")
104 for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
108 void testCertificatesFromURLs() {
109 string pathname = data_path + "cert.pem.bak";
110 auto_ptr<SOAPTransport> t1(getTransport("https://spaces.internet2.edu/download/attachments/5305/cert.pem"));
111 SecurityHelper::loadCertificatesFromURL(certs, *t1.get(), pathname.c_str());
112 pathname = data_path + "cert.der.bak";
113 auto_ptr<SOAPTransport> t2(getTransport("https://spaces.internet2.edu/download/attachments/5305/cert.der"));
114 SecurityHelper::loadCertificatesFromURL(certs, *t2.get(), pathname.c_str());
115 pathname = data_path + "test.pfx.bak";
116 auto_ptr<SOAPTransport> t3(getTransport("https://spaces.internet2.edu/download/attachments/5305/test.pfx"));
117 SecurityHelper::loadCertificatesFromURL(certs, *t3.get(), pathname.c_str(), NULL, "password");
119 TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
121 auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
122 auto_ptr<XSECCryptoKey> key2(certs[0]->clonePublicKey());
123 auto_ptr<XSECCryptoKey> key3(certs[0]->clonePublicKey());
125 TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
126 TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
128 for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());