2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
21 #include "XMLObjectBaseTestCase.h"
23 #include <xmltooling/security/SecurityHelper.h>
25 #include <xsec/enc/XSECCryptoKey.hpp>
26 #include <xsec/enc/XSECCryptoX509.hpp>
28 class SecurityHelperTest : public CxxTest::TestSuite {
29 vector<XSECCryptoX509*> certs;
31 SOAPTransport* getTransport(const char* url) {
32 SOAPTransport::Address addr("SecurityHelperTest", "spaces.internet2.edu", url);
33 string scheme(addr.m_endpoint, strchr(addr.m_endpoint,':') - addr.m_endpoint);
34 return XMLToolingConfig::getConfig().SOAPTransportManager.newPlugin(scheme.c_str(), addr);
41 for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
45 void testKeysFromFiles() {
46 string pathname = data_path + "key.pem";
47 auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromFile(pathname.c_str()));
48 pathname = data_path + "key.der";
49 auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromFile(pathname.c_str()));
50 pathname = data_path + "test.pfx";
51 auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromFile(pathname.c_str(), nullptr, "password"));
53 TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
54 TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
56 pathname = data_path + "key2.pem";
57 auto_ptr<XSECCryptoKey> key4(SecurityHelper::loadKeyFromFile(pathname.c_str()));
58 TSM_ASSERT("Different keys matched", !SecurityHelper::matches(*key3.get(), *key4.get()));
61 void testKeysFromURLs() {
62 string pathname = data_path + "key.pem.bak";
63 auto_ptr<SOAPTransport> t1(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/key.pem"));
64 auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromURL(*t1.get(), pathname.c_str()));
65 pathname = data_path + "key.der.bak";
66 auto_ptr<SOAPTransport> t2(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/key.der"));
67 auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromURL(*t2.get(), pathname.c_str()));
68 pathname = data_path + "test.pfx.bak";
69 auto_ptr<SOAPTransport> t3(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/test.pfx"));
70 auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromURL(*t3.get(), pathname.c_str(), nullptr, "password"));
72 TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
73 TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
76 void testCertificatesFromFiles() {
77 string pathname = data_path + "cert.pem";
78 SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
79 pathname = data_path + "cert.der";
80 SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
81 pathname = data_path + "test.pfx";
82 SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str(), nullptr, "password");
84 TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
86 auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
87 auto_ptr<XSECCryptoKey> key2(certs[1]->clonePublicKey());
88 auto_ptr<XSECCryptoKey> key3(certs[2]->clonePublicKey());
90 TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
91 TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
94 "Certificate and its key produced different DER encodings",
95 SecurityHelper::getDEREncoding(*certs[2]), SecurityHelper::getDEREncoding(*key1.get())
99 "Certificate and its key produced different hashed encodings",
100 SecurityHelper::getDEREncoding(*certs[2], "SHA1"), SecurityHelper::getDEREncoding(*key1.get(), "SHA1")
104 "Certificate and its key produced different hashed encodings",
105 SecurityHelper::getDEREncoding(*certs[2], "SHA256"), SecurityHelper::getDEREncoding(*key1.get(), "SHA256")
108 for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
112 void testCertificatesFromURLs() {
113 string pathname = data_path + "cert.pem.bak";
114 auto_ptr<SOAPTransport> t1(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/cert.pem"));
115 SecurityHelper::loadCertificatesFromURL(certs, *t1.get(), pathname.c_str());
116 pathname = data_path + "cert.der.bak";
117 auto_ptr<SOAPTransport> t2(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/cert.der"));
118 SecurityHelper::loadCertificatesFromURL(certs, *t2.get(), pathname.c_str());
119 pathname = data_path + "test.pfx.bak";
120 auto_ptr<SOAPTransport> t3(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/test.pfx"));
121 SecurityHelper::loadCertificatesFromURL(certs, *t3.get(), pathname.c_str(), nullptr, "password");
123 TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
125 auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
126 auto_ptr<XSECCryptoKey> key2(certs[0]->clonePublicKey());
127 auto_ptr<XSECCryptoKey> key3(certs[0]->clonePublicKey());
129 TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
130 TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
132 for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());