X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltoolingtest%2FSignatureTest.h;h=fc682e1afacb2a8100a0b83dad7b6b7a85cdc38d;hb=b383e021ae585cf97bf24285f65ae1e451b893e8;hp=70db6b01cd3f2be9c833712676bf9f7837937338;hpb=f5b90f477199ecd86ab3925b3c576693552e12e8;p=shibboleth%2Fxmltooling.git diff --git a/xmltoolingtest/SignatureTest.h b/xmltoolingtest/SignatureTest.h index 70db6b0..fc682e1 100644 --- a/xmltoolingtest/SignatureTest.h +++ b/xmltoolingtest/SignatureTest.h @@ -1,150 +1,157 @@ -/* - * Copyright 2001-2005 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "XMLObjectBaseTestCase.h" - -#include -#include -#include -#include -#include -#include -#include - -class TestContext : public SigningContext, public VerifyingContext -{ - XSECCryptoKey* m_key; - vector m_certs; - XMLCh* m_uri; - -public: - TestContext(const XMLCh* uri) { - string keypath=data_path + "key.pem"; - BIO* in=BIO_new(BIO_s_file_internal()); - if (in && BIO_read_filename(in,keypath.c_str())>0) { - EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); - if (pkey) { - m_key=new OpenSSLCryptoKeyRSA(pkey); - EVP_PKEY_free(pkey); - } - } - if (in) BIO_free(in); - TS_ASSERT(m_key!=NULL); - - string certpath=data_path + "cert.pem"; - in=BIO_new(BIO_s_file_internal()); - if (in && BIO_read_filename(in,certpath.c_str())>0) { - X509* x=NULL; - while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) { - m_certs.push_back(new OpenSSLCryptoX509(x)); - X509_free(x); - } - } - if (in) BIO_free(in); - TS_ASSERT(m_certs.size()>0); - - m_uri=XMLString::replicate(uri); - } - - virtual ~TestContext() { - delete m_key; - for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup()); - XMLString::release(&m_uri); - } - - void createSignature(DSIGSignature* sig) const { - DSIGReference* ref=sig->createReference(m_uri); - ref->appendEnvelopedSignatureTransform(); - ref->appendCanonicalizationTransform(CANON_C14NE_NOC); - } - - void verifySignature(DSIGSignature* sig) const { - const XMLCh* uri=sig->getReferenceList()->item(0)->getURI(); - TSM_ASSERT_SAME_DATA("Reference URI does not match.",uri,m_uri,XMLString::stringLen(uri)); - XSECKeyInfoResolverDefault resolver; - sig->setKeyInfoResolver(&resolver); // It will clone the resolver for us. - sig->verify(); - } - - const std::vector& getX509Certificates() const { return m_certs; } - XSECCryptoKey* getSigningKey() const { return m_key->clone(); } -}; - -class SignatureTest : public CxxTest::TestSuite { -public: - void setUp() { - QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME); - QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME); - XMLObjectBuilder::registerBuilder(qname, new SimpleXMLObjectBuilder()); - XMLObjectBuilder::registerBuilder(qtype, new SimpleXMLObjectBuilder()); - } - - void tearDown() { - QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME); - QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME); - XMLObjectBuilder::deregisterBuilder(qname); - XMLObjectBuilder::deregisterBuilder(qtype); - } - - void testSignature() { - TS_TRACE("testSignature"); - - QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME); - const SimpleXMLObjectBuilder* b=dynamic_cast(XMLObjectBuilder::getBuilder(qname)); - TS_ASSERT(b!=NULL); - - auto_ptr sxObject(b->buildObject()); - TS_ASSERT(sxObject.get()!=NULL); - VectorOf(SimpleXMLObject) kids=sxObject->getSimpleXMLObjects(); - kids.push_back(b->buildObject()); - kids.push_back(b->buildObject()); - - // Test some collection stuff - auto_ptr_XMLCh foo("Foo"); - auto_ptr_XMLCh bar("Bar"); - kids.begin()->setId(foo.get()); - kids[1]->setValue(bar.get()); - - // Append a Signature. - const SignatureBuilder* sigb=dynamic_cast(XMLObjectBuilder::getBuilder(QName(XMLConstants::XMLSIG_NS,Signature::LOCAL_NAME))); - Signature* sig=sigb->buildObject(); - sxObject->setSignature(sig); - - // Signing context for the whole document. - TestContext tc(&chNull); - MarshallingContext mctx(sig,&tc); - DOMElement* rootElement = sxObject->marshall((DOMDocument*)NULL,&mctx); - - string buf; - XMLHelper::serialize(rootElement, buf); - //TS_TRACE(buf.c_str()); - - istringstream in(buf); - DOMDocument* doc=nonvalidatingPool->parse(in); - auto_ptr sxObject2(dynamic_cast(b->buildFromDocument(doc))); - TS_ASSERT(sxObject2.get()!=NULL); - TS_ASSERT(sxObject2->getSignature()!=NULL); - - try { - sxObject2->getSignature()->verify(tc); - } - catch (SignatureException& e) { - TS_TRACE(e.what()); - throw; - } - } - -}; +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "XMLObjectBaseTestCase.h" + +#include +#include +#include +#include +#include + +#include +#include +#include + +class TestContext : public ContentReference +{ + XMLCh* m_uri; + +public: + TestContext(const XMLCh* uri) { + m_uri=XMLString::replicate(uri); + } + + virtual ~TestContext() { + XMLString::release(&m_uri); + } + + void createReferences(DSIGSignature* sig) { + DSIGReference* ref=sig->createReference(m_uri); + ref->appendEnvelopedSignatureTransform(); + ref->appendCanonicalizationTransform(CANON_C14NE_NOC); + } +}; + +class TestValidator : public SignatureValidator +{ + XMLCh* m_uri; + +public: + TestValidator(const XMLCh* uri, const Credential* credential) : SignatureValidator(credential) { + m_uri=XMLString::replicate(uri); + } + + virtual ~TestValidator() { + XMLString::release(&m_uri); + } + + void validate(const Signature* sigObj) const { + DSIGSignature* sig=sigObj->getXMLSignature(); + if (!sig) + throw SignatureException("Only a marshalled Signature object can be verified."); + const XMLCh* uri=sig->getReferenceList()->item(0)->getURI(); + TSM_ASSERT_SAME_DATA("Reference URI does not match.",uri,m_uri,XMLString::stringLen(uri)); + SignatureValidator::validate(sigObj); + } +}; + +class SignatureTest : public CxxTest::TestSuite { + CredentialResolver* m_resolver; +public: + void setUp() { + m_resolver=NULL; + QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME); + QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME); + XMLObjectBuilder::registerBuilder(qname, new SimpleXMLObjectBuilder()); + XMLObjectBuilder::registerBuilder(qtype, new SimpleXMLObjectBuilder()); + + string config = data_path + "FilesystemCredentialResolver.xml"; + ifstream in(config.c_str()); + DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); + XercesJanitor janitor(doc); + m_resolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin( + FILESYSTEM_CREDENTIAL_RESOLVER,doc->getDocumentElement() + ); + } + + void tearDown() { + QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME); + QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME); + XMLObjectBuilder::deregisterBuilder(qname); + XMLObjectBuilder::deregisterBuilder(qtype); + delete m_resolver; + } + + void testSignature() { + QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME); + const SimpleXMLObjectBuilder* b=dynamic_cast(XMLObjectBuilder::getBuilder(qname)); + TS_ASSERT(b!=NULL); + + auto_ptr sxObject(dynamic_cast(b->buildObject())); + TS_ASSERT(sxObject.get()!=NULL); + VectorOf(SimpleXMLObject) kids=sxObject->getSimpleXMLObjects(); + kids.push_back(dynamic_cast(b->buildObject())); + kids.push_back(dynamic_cast(b->buildObject())); + + // Test some collection stuff + auto_ptr_XMLCh foo("Foo"); + auto_ptr_XMLCh bar("Bar"); + kids.begin()->setId(foo.get()); + kids[1]->setValue(bar.get()); + + // Append a Signature. + Signature* sig=SignatureBuilder::buildSignature(); + sxObject->setSignature(sig); + sig->setContentReference(new TestContext(&chNull)); + + CredentialCriteria cc; + cc.setUsage(Credential::SIGNING_CREDENTIAL); + Locker locker(m_resolver); + const Credential* cred = m_resolver->resolve(&cc); + TSM_ASSERT("Retrieved credential was null", cred!=NULL); + + DOMElement* rootElement = NULL; + try { + vector sigs(1,sig); + rootElement=sxObject->marshall((DOMDocument*)NULL,&sigs,cred); + } + catch (XMLToolingException& e) { + TS_TRACE(e.what()); + throw; + } + + string buf; + XMLHelper::serialize(rootElement, buf); + //TS_TRACE(buf.c_str()); + + istringstream in(buf); + DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); + auto_ptr sxObject2(dynamic_cast(b->buildFromDocument(doc))); + TS_ASSERT(sxObject2.get()!=NULL); + TS_ASSERT(sxObject2->getSignature()!=NULL); + + try { + TestValidator tv(&chNull, cred); + tv.validate(sxObject2->getSignature()); + } + catch (XMLToolingException& e) { + TS_TRACE(e.what()); + throw; + } + } + +};