xmltoolingtest/SecurityHelperTest.h

   1 /**
   2  * Licensed to the University Corporation for Advanced Internet
   3  * Development, Inc. (UCAID) under one or more contributor license
   4  * agreements. See the NOTICE file distributed with this work for
   5  * additional information regarding copyright ownership.
   6  *
   7  * UCAID licenses this file to you under the Apache License,
   8  * Version 2.0 (the "License"); you may not use this file except
   9  * in compliance with the License. You may obtain a copy of the
  10  * License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
  17  * either express or implied. See the License for the specific
  18  * language governing permissions and limitations under the License.
  19  */
  20
  21 #include "XMLObjectBaseTestCase.h"
  22
  23 #include <xmltooling/security/SecurityHelper.h>
  24
  25 #include <xsec/enc/XSECCryptoKey.hpp>
  26 #include <xsec/enc/XSECCryptoX509.hpp>
  27
  28 class SecurityHelperTest : public CxxTest::TestSuite {
  29     vector<XSECCryptoX509*> certs;
  30
  31     SOAPTransport* getTransport(const char* url) {
  32         SOAPTransport::Address addr("SecurityHelperTest", "spaces.internet2.edu", url);
  33         string scheme(addr.m_endpoint, strchr(addr.m_endpoint,':') - addr.m_endpoint);
  34         return XMLToolingConfig::getConfig().SOAPTransportManager.newPlugin(scheme.c_str(), addr);
  35     }
  36 public:
  37     void setUp() {
  38     }
  39
  40     void tearDown() {
  41         for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
  42         certs.clear();
  43     }
  44
  45     void testKeysFromFiles() {
  46         string pathname = data_path + "key.pem";
  47         auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromFile(pathname.c_str()));
  48         pathname = data_path + "key.der";
  49         auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromFile(pathname.c_str()));
  50         pathname = data_path + "test.pfx";
  51         auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromFile(pathname.c_str(), nullptr, "password"));
  52
  53         TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
  54         TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
  55
  56         pathname = data_path + "key2.pem";
  57         auto_ptr<XSECCryptoKey> key4(SecurityHelper::loadKeyFromFile(pathname.c_str()));
  58         TSM_ASSERT("Different keys matched", !SecurityHelper::matches(*key3.get(), *key4.get()));
  59     }
  60
  61     void testKeysFromURLs() {
  62         string pathname = data_path + "key.pem.bak";
  63         auto_ptr<SOAPTransport> t1(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/key.pem"));
  64         auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromURL(*t1.get(), pathname.c_str()));
  65         pathname = data_path + "key.der.bak";
  66         auto_ptr<SOAPTransport> t2(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/key.der"));
  67         auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromURL(*t2.get(), pathname.c_str()));
  68         pathname = data_path + "test.pfx.bak";
  69         auto_ptr<SOAPTransport> t3(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/test.pfx"));
  70         auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromURL(*t3.get(), pathname.c_str(), nullptr, "password"));
  71
  72         TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
  73         TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
  74     }
  75
  76     void testCertificatesFromFiles() {
  77         string pathname = data_path + "cert.pem";
  78         SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
  79         pathname = data_path + "cert.der";
  80         SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
  81         pathname = data_path + "test.pfx";
  82         SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str(), nullptr, "password");
  83
  84         TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
  85
  86         auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
  87         auto_ptr<XSECCryptoKey> key2(certs[1]->clonePublicKey());
  88         auto_ptr<XSECCryptoKey> key3(certs[2]->clonePublicKey());
  89
  90         TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
  91         TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
  92
  93         TSM_ASSERT_EQUALS(
  94             "Certificate and its key produced different DER encodings",
  95             SecurityHelper::getDEREncoding(*certs[2]), SecurityHelper::getDEREncoding(*key1.get())
  96             );
  97
  98         TSM_ASSERT_EQUALS(
  99             "Certificate and its key produced different hashed encodings",
 100             SecurityHelper::getDEREncoding(*certs[2], "SHA1"), SecurityHelper::getDEREncoding(*key1.get(), "SHA1")
 101             );
 102
 103         TSM_ASSERT_EQUALS(
 104             "Certificate and its key produced different hashed encodings",
 105             SecurityHelper::getDEREncoding(*certs[2], "SHA256"), SecurityHelper::getDEREncoding(*key1.get(), "SHA256")
 106             );
 107
 108         for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
 109         certs.clear();
 110     }
 111
 112     void testCertificatesFromURLs() {
 113         string pathname = data_path + "cert.pem.bak";
 114         auto_ptr<SOAPTransport> t1(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/cert.pem"));
 115         SecurityHelper::loadCertificatesFromURL(certs, *t1.get(), pathname.c_str());
 116         pathname = data_path + "cert.der.bak";
 117         auto_ptr<SOAPTransport> t2(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/cert.der"));
 118         SecurityHelper::loadCertificatesFromURL(certs, *t2.get(), pathname.c_str());
 119         pathname = data_path + "test.pfx.bak";
 120         auto_ptr<SOAPTransport> t3(getTransport("https://wiki.shibboleth.net/confluence/download/attachments/3277026/test.pfx"));
 121         SecurityHelper::loadCertificatesFromURL(certs, *t3.get(), pathname.c_str(), nullptr, "password");
 122
 123         TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
 124
 125         auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
 126         auto_ptr<XSECCryptoKey> key2(certs[0]->clonePublicKey());
 127         auto_ptr<XSECCryptoKey> key3(certs[0]->clonePublicKey());
 128
 129         TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
 130         TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
 131
 132         for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
 133         certs.clear();
 134     }
 135 };