X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltoolingtest%2FSignatureTest.h;h=c50b86f6453d135d718e8ec2836132009e9e3dff;hb=39502d6e48aec30be6d00ca60575b9a4cf414733;hp=01262bddb43dfeef20bd579a4b631345b38315af;hpb=5abd16757f109ccf2b6a7c3b40b98ae858bddae8;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltoolingtest/SignatureTest.h b/xmltoolingtest/SignatureTest.h index 01262bd..c50b86f 100644 --- a/xmltoolingtest/SignatureTest.h +++ b/xmltoolingtest/SignatureTest.h @@ -16,80 +16,83 @@ #include "XMLObjectBaseTestCase.h" +#include +#include + #include -#include #include #include -#include -#include -#include -class TestContext : public SigningContext, public VerifyingContext +class TestContext : public ContentReference { - XSECCryptoKey* m_key; - vector m_certs; XMLCh* m_uri; public: TestContext(const XMLCh* uri) { - string keypath=data_path + "key.pem"; - BIO* in=BIO_new(BIO_s_file_internal()); - if (in && BIO_read_filename(in,keypath.c_str())>0) { - EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); - if (pkey) { - m_key=new OpenSSLCryptoKeyRSA(pkey); - EVP_PKEY_free(pkey); - } - } - if (in) BIO_free(in); - TS_ASSERT(m_key!=NULL); - - string certpath=data_path + "cert.pem"; - in=BIO_new(BIO_s_file_internal()); - if (in && BIO_read_filename(in,certpath.c_str())>0) { - X509* x=NULL; - while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) { - m_certs.push_back(new OpenSSLCryptoX509(x)); - X509_free(x); - } - } - if (in) BIO_free(in); - TS_ASSERT(m_certs.size()>0); - m_uri=XMLString::replicate(uri); } virtual ~TestContext() { - delete m_key; - for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup()); XMLString::release(&m_uri); } - void createSignature(DSIGSignature* sig) const { + void createReferences(DSIGSignature* sig) { DSIGReference* ref=sig->createReference(m_uri); ref->appendEnvelopedSignatureTransform(); ref->appendCanonicalizationTransform(CANON_C14NE_NOC); } +}; + +class TestValidator : public SignatureValidator +{ + XMLCh* m_uri; + +public: + TestValidator(const XMLCh* uri) : SignatureValidator(XMLToolingConfig::getConfig().KeyResolverManager.newPlugin(INLINE_KEY_RESOLVER,NULL)) { + m_uri=XMLString::replicate(uri); + } + + virtual ~TestValidator() { + XMLString::release(&m_uri); + } - void verifySignature(DSIGSignature* sig) const { + void validate(const Signature* sigObj) const { + DSIGSignature* sig=sigObj->getXMLSignature(); + if (!sig) + throw SignatureException("Only a marshalled Signature object can be verified."); const XMLCh* uri=sig->getReferenceList()->item(0)->getURI(); TSM_ASSERT_SAME_DATA("Reference URI does not match.",uri,m_uri,XMLString::stringLen(uri)); - XSECKeyInfoResolverDefault resolver; - sig->setKeyInfoResolver(&resolver); // It will clone the resolver for us. - sig->verify(); + SignatureValidator::validate(sigObj); + } +}; + +class _addcert : public std::binary_function { +public: + void operator()(X509Data* bag, XSECCryptoX509* cert) const { + safeBuffer& buf=cert->getDEREncodingSB(); + X509Certificate* x=X509CertificateBuilder::buildX509Certificate(); + x->setValue(buf.sbStrToXMLCh()); + bag->getX509Certificates().push_back(x); } - - const std::vector& getX509Certificates() const { return m_certs; } - XSECCryptoKey* getSigningKey() const { return m_key->clone(); } }; class SignatureTest : public CxxTest::TestSuite { + CredentialResolver* m_resolver; public: void setUp() { + m_resolver=NULL; QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME); QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME); XMLObjectBuilder::registerBuilder(qname, new SimpleXMLObjectBuilder()); XMLObjectBuilder::registerBuilder(qtype, new SimpleXMLObjectBuilder()); + + string config = data_path + "FilesystemCredentialResolver.xml"; + ifstream in(config.c_str()); + DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); + XercesJanitor janitor(doc); + m_resolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin( + FILESYSTEM_CREDENTIAL_RESOLVER,doc->getDocumentElement() + ); } void tearDown() { @@ -97,11 +100,10 @@ public: QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME); XMLObjectBuilder::deregisterBuilder(qname); XMLObjectBuilder::deregisterBuilder(qtype); + delete m_resolver; } void testSignature() { - TS_TRACE("testSignature"); - QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME); const SimpleXMLObjectBuilder* b=dynamic_cast(XMLObjectBuilder::getBuilder(qname)); TS_ASSERT(b!=NULL); @@ -119,13 +121,30 @@ public: kids[1]->setValue(bar.get()); // Append a Signature. - Signature* sig=SignatureBuilder::newSignature(); + Signature* sig=SignatureBuilder::buildSignature(); sxObject->setSignature(sig); + sig->setContentReference(new TestContext(&chNull)); + + Locker locker(m_resolver); + sig->setSigningKey(m_resolver->getKey()); + + // Build KeyInfo. + KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo(); + X509Data* x509Data=X509DataBuilder::buildX509Data(); + keyInfo->getX509Datas().push_back(x509Data); + for_each(m_resolver->getCertificates().begin(),m_resolver->getCertificates().end(),bind1st(_addcert(),x509Data)); + sig->setKeyInfo(keyInfo); // Signing context for the whole document. - TestContext tc(&chNull); - MarshallingContext mctx(sig,&tc); - DOMElement* rootElement = sxObject->marshall((DOMDocument*)NULL,&mctx); + vector sigs(1,sig); + DOMElement* rootElement = NULL; + try { + rootElement=sxObject->marshall((DOMDocument*)NULL,&sigs); + } + catch (XMLToolingException& e) { + TS_TRACE(e.what()); + throw; + } string buf; XMLHelper::serialize(rootElement, buf); @@ -138,9 +157,10 @@ public: TS_ASSERT(sxObject2->getSignature()!=NULL); try { - sxObject2->getSignature()->verify(tc); + TestValidator tv(&chNull); + tv.validate(sxObject2->getSignature()); } - catch (SignatureException& e) { + catch (XMLToolingException& e) { TS_TRACE(e.what()); throw; }