X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltoolingtest%2FSecurityHelperTest.h;h=545ca48fb3830e6b7e1d55ecaa7317c45b2d4f3f;hb=81b488b2790e7bdeb2f43560b1d4a7d22c3dfdf5;hp=aa80fbce7def970f8860c8377dfeba59ee78554f;hpb=fe799793a4aced0cf8a21bb1c4c401215e04c8c6;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltoolingtest/SecurityHelperTest.h b/xmltoolingtest/SecurityHelperTest.h index aa80fbc..545ca48 100644 --- a/xmltoolingtest/SecurityHelperTest.h +++ b/xmltoolingtest/SecurityHelperTest.h @@ -1,31 +1,45 @@ -/* - * Copyright 2001-2007 Internet2 +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ #include "XMLObjectBaseTestCase.h" #include +#include +#include + class SecurityHelperTest : public CxxTest::TestSuite { vector certs; + + SOAPTransport* getTransport(const char* url) { + SOAPTransport::Address addr("SecurityHelperTest", "spaces.internet2.edu", url); + string scheme(addr.m_endpoint, strchr(addr.m_endpoint,':') - addr.m_endpoint); + return XMLToolingConfig::getConfig().SOAPTransportManager.newPlugin(scheme.c_str(), addr); + } public: void setUp() { } void tearDown() { for_each(certs.begin(), certs.end(), xmltooling::cleanup()); + certs.clear(); } void testKeysFromFiles() { @@ -34,14 +48,29 @@ public: pathname = data_path + "key.der"; auto_ptr key2(SecurityHelper::loadKeyFromFile(pathname.c_str())); pathname = data_path + "test.pfx"; - auto_ptr key3(SecurityHelper::loadKeyFromFile(pathname.c_str(), NULL, "password")); + auto_ptr key3(SecurityHelper::loadKeyFromFile(pathname.c_str(), nullptr, "password")); - TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(key1.get(), key2.get())); - TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(key2.get(), key3.get())); + TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get())); + TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get())); pathname = data_path + "key2.pem"; auto_ptr key4(SecurityHelper::loadKeyFromFile(pathname.c_str())); - TSM_ASSERT("Different keys matched", !SecurityHelper::matches(key3.get(), key4.get())); + TSM_ASSERT("Different keys matched", !SecurityHelper::matches(*key3.get(), *key4.get())); + } + + void testKeysFromURLs() { + string pathname = data_path + "key.pem.bak"; + auto_ptr t1(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/key.pem")); + auto_ptr key1(SecurityHelper::loadKeyFromURL(*t1.get(), pathname.c_str())); + pathname = data_path + "key.der.bak"; + auto_ptr t2(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/key.der")); + auto_ptr key2(SecurityHelper::loadKeyFromURL(*t2.get(), pathname.c_str())); + pathname = data_path + "test.pfx.bak"; + auto_ptr t3(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/test.pfx")); + auto_ptr key3(SecurityHelper::loadKeyFromURL(*t3.get(), pathname.c_str(), nullptr, "password")); + + TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get())); + TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get())); } void testCertificatesFromFiles() { @@ -50,7 +79,46 @@ public: pathname = data_path + "cert.der"; SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str()); pathname = data_path + "test.pfx"; - SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str(), NULL, "password"); + SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str(), nullptr, "password"); + + TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3); + + auto_ptr key1(certs[0]->clonePublicKey()); + auto_ptr key2(certs[1]->clonePublicKey()); + auto_ptr key3(certs[2]->clonePublicKey()); + + TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get())); + TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get())); + + TSM_ASSERT_EQUALS( + "Certificate and its key produced different DER encodings", + SecurityHelper::getDEREncoding(*certs[2]), SecurityHelper::getDEREncoding(*key1.get()) + ); + + TSM_ASSERT_EQUALS( + "Certificate and its key produced different hashed encodings", + SecurityHelper::getDEREncoding(*certs[2], "SHA1"), SecurityHelper::getDEREncoding(*key1.get(), "SHA1") + ); + + TSM_ASSERT_EQUALS( + "Certificate and its key produced different hashed encodings", + SecurityHelper::getDEREncoding(*certs[2], "SHA256"), SecurityHelper::getDEREncoding(*key1.get(), "SHA256") + ); + + for_each(certs.begin(), certs.end(), xmltooling::cleanup()); + certs.clear(); + } + + void testCertificatesFromURLs() { + string pathname = data_path + "cert.pem.bak"; + auto_ptr t1(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/cert.pem")); + SecurityHelper::loadCertificatesFromURL(certs, *t1.get(), pathname.c_str()); + pathname = data_path + "cert.der.bak"; + auto_ptr t2(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/cert.der")); + SecurityHelper::loadCertificatesFromURL(certs, *t2.get(), pathname.c_str()); + pathname = data_path + "test.pfx.bak"; + auto_ptr t3(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/test.pfx")); + SecurityHelper::loadCertificatesFromURL(certs, *t3.get(), pathname.c_str(), nullptr, "password"); TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3); @@ -58,9 +126,10 @@ public: auto_ptr key2(certs[0]->clonePublicKey()); auto_ptr key3(certs[0]->clonePublicKey()); - TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(key1.get(), key2.get())); - TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(key2.get(), key3.get())); + TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get())); + TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get())); for_each(certs.begin(), certs.end(), xmltooling::cleanup()); + certs.clear(); } };