xmltoolingtest/SecurityHelperTest.h

   1 /*
   2  *  Copyright 2001-2009 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include "XMLObjectBaseTestCase.h"
  18
  19 #include <xmltooling/security/SecurityHelper.h>
  20
  21 #include <xsec/enc/XSECCryptoKey.hpp>
  22 #include <xsec/enc/XSECCryptoX509.hpp>
  23
  24 class SecurityHelperTest : public CxxTest::TestSuite {
  25     vector<XSECCryptoX509*> certs;
  26
  27     SOAPTransport* getTransport(const char* url) {
  28         SOAPTransport::Address addr("SecurityHelperTest", "spaces.internet2.edu", url);
  29         string scheme(addr.m_endpoint, strchr(addr.m_endpoint,':') - addr.m_endpoint);
  30         return XMLToolingConfig::getConfig().SOAPTransportManager.newPlugin(scheme.c_str(), addr);
  31     }
  32 public:
  33     void setUp() {
  34     }
  35
  36     void tearDown() {
  37         for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
  38         certs.clear();
  39     }
  40
  41     void testKeysFromFiles() {
  42         string pathname = data_path + "key.pem";
  43         auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromFile(pathname.c_str()));
  44         pathname = data_path + "key.der";
  45         auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromFile(pathname.c_str()));
  46         pathname = data_path + "test.pfx";
  47         auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromFile(pathname.c_str(), NULL, "password"));
  48
  49         TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
  50         TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
  51
  52         pathname = data_path + "key2.pem";
  53         auto_ptr<XSECCryptoKey> key4(SecurityHelper::loadKeyFromFile(pathname.c_str()));
  54         TSM_ASSERT("Different keys matched", !SecurityHelper::matches(*key3.get(), *key4.get()));
  55     }
  56
  57     void testKeysFromURLs() {
  58         string pathname = data_path + "key.pem.bak";
  59         auto_ptr<SOAPTransport> t1(getTransport("https://spaces.internet2.edu/download/attachments/5305/key.pem"));
  60         auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromURL(*t1.get(), pathname.c_str()));
  61         pathname = data_path + "key.der.bak";
  62         auto_ptr<SOAPTransport> t2(getTransport("https://spaces.internet2.edu/download/attachments/5305/key.der"));
  63         auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromURL(*t2.get(), pathname.c_str()));
  64         pathname = data_path + "test.pfx.bak";
  65         auto_ptr<SOAPTransport> t3(getTransport("https://spaces.internet2.edu/download/attachments/5305/test.pfx"));
  66         auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromURL(*t3.get(), pathname.c_str(), NULL, "password"));
  67
  68         TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
  69         TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
  70     }
  71
  72     void testCertificatesFromFiles() {
  73         string pathname = data_path + "cert.pem";
  74         SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
  75         pathname = data_path + "cert.der";
  76         SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
  77         pathname = data_path + "test.pfx";
  78         SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str(), NULL, "password");
  79
  80         TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
  81
  82         auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
  83         auto_ptr<XSECCryptoKey> key2(certs[1]->clonePublicKey());
  84         auto_ptr<XSECCryptoKey> key3(certs[2]->clonePublicKey());
  85
  86         TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
  87         TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
  88
  89         TSM_ASSERT_EQUALS(
  90             "Certificate and its key produced different DER encodings",
  91             SecurityHelper::getDEREncoding(*certs[2]), SecurityHelper::getDEREncoding(*key1.get())
  92             );
  93
  94         TSM_ASSERT_EQUALS(
  95             "Certificate and its key produced different hashed encodings",
  96             SecurityHelper::getDEREncoding(*certs[2], true), SecurityHelper::getDEREncoding(*key1.get(), true)
  97             );
  98
  99         TSM_ASSERT_EQUALS(
 100             "Certificate and its key produced different hashed encodings",
 101             SecurityHelper::getDEREncoding(*certs[2], true, true, "SHA256"), SecurityHelper::getDEREncoding(*key1.get(), true, true, "SHA256")
 102             );
 103
 104         for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
 105         certs.clear();
 106     }
 107
 108     void testCertificatesFromURLs() {
 109         string pathname = data_path + "cert.pem.bak";
 110         auto_ptr<SOAPTransport> t1(getTransport("https://spaces.internet2.edu/download/attachments/5305/cert.pem"));
 111         SecurityHelper::loadCertificatesFromURL(certs, *t1.get(), pathname.c_str());
 112         pathname = data_path + "cert.der.bak";
 113         auto_ptr<SOAPTransport> t2(getTransport("https://spaces.internet2.edu/download/attachments/5305/cert.der"));
 114         SecurityHelper::loadCertificatesFromURL(certs, *t2.get(), pathname.c_str());
 115         pathname = data_path + "test.pfx.bak";
 116         auto_ptr<SOAPTransport> t3(getTransport("https://spaces.internet2.edu/download/attachments/5305/test.pfx"));
 117         SecurityHelper::loadCertificatesFromURL(certs, *t3.get(), pathname.c_str(), NULL, "password");
 118
 119         TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
 120
 121         auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
 122         auto_ptr<XSECCryptoKey> key2(certs[0]->clonePublicKey());
 123         auto_ptr<XSECCryptoKey> key3(certs[0]->clonePublicKey());
 124
 125         TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
 126         TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
 127
 128         for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
 129         certs.clear();
 130     }
 131 };