xmltoolingtest/SignatureTest.h

   1 /*\r
   2  *  Copyright 2001-2005 Internet2\r
   3  * \r
   4  * Licensed under the Apache License, Version 2.0 (the "License");\r
   5  * you may not use this file except in compliance with the License.\r
   6  * You may obtain a copy of the License at\r
   7  *\r
   8  *     http://www.apache.org/licenses/LICENSE-2.0\r
   9  *\r
  10  * Unless required by applicable law or agreed to in writing, software\r
  11  * distributed under the License is distributed on an "AS IS" BASIS,\r
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  13  * See the License for the specific language governing permissions and\r
  14  * limitations under the License.\r
  15  */\r
  16 \r
  17 #include "XMLObjectBaseTestCase.h"\r
  18 \r
  19 #include <fstream>\r
  20 #include <openssl/pem.h>\r
  21 #include <xercesc/util/XMLUniDefs.hpp>\r
  22 #include <xsec/dsig/DSIGReference.hpp>\r
  23 #include <xsec/enc/XSECKeyInfoResolverDefault.hpp>\r
  24 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>\r
  25 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
  26 #include <xsec/enc/XSECCryptoException.hpp>\r
  27 #include <xsec/framework/XSECException.hpp>\r
  28 \r
  29 class TestContext : public ContentReference\r
  30 {\r
  31     XMLCh* m_uri;\r
  32     \r
  33 public:\r
  34     TestContext(const XMLCh* uri) {\r
  35         m_uri=XMLString::replicate(uri);\r
  36     }\r
  37     \r
  38     virtual ~TestContext() {\r
  39         XMLString::release(&m_uri);\r
  40     }\r
  41 \r
  42     void createReferences(DSIGSignature* sig) {\r
  43         DSIGReference* ref=sig->createReference(m_uri);\r
  44         ref->appendEnvelopedSignatureTransform();\r
  45         ref->appendCanonicalizationTransform(CANON_C14NE_NOC);\r
  46     }\r
  47 };\r
  48 \r
  49 class TestValidator : public Validator\r
  50 {\r
  51     XMLCh* m_uri;\r
  52     \r
  53 public:\r
  54     TestValidator(const XMLCh* uri) {\r
  55         m_uri=XMLString::replicate(uri);\r
  56     }\r
  57     \r
  58     virtual ~TestValidator() {\r
  59         XMLString::release(&m_uri);\r
  60     }\r
  61 \r
  62     Validator* clone() const {\r
  63         return new TestValidator(m_uri);\r
  64     }\r
  65 \r
  66     void validate(const XMLObject* xmlObject) const {\r
  67         DSIGSignature* sig=dynamic_cast<const Signature*>(xmlObject)->getXMLSignature();\r
  68         if (!sig)\r
  69             throw SignatureException("Only a marshalled Signature object can be verified.");\r
  70         const XMLCh* uri=sig->getReferenceList()->item(0)->getURI();\r
  71         TSM_ASSERT_SAME_DATA("Reference URI does not match.",uri,m_uri,XMLString::stringLen(uri));\r
  72         XSECKeyInfoResolverDefault resolver;\r
  73         sig->setKeyInfoResolver(&resolver); // It will clone the resolver for us.\r
  74         try {\r
  75             if (!sig->verify())\r
  76                 throw SignatureException("Signature did not verify.");\r
  77         }\r
  78         catch(XSECException& e) {\r
  79             auto_ptr_char temp(e.getMsg());\r
  80             throw SignatureException(string("Caught an XMLSecurity exception verifying signature: ") + temp.get());\r
  81         }\r
  82         catch(XSECCryptoException& e) {\r
  83             throw SignatureException(string("Caught an XMLSecurity exception verifying signature: ") + e.getMsg());\r
  84         }\r
  85     }\r
  86 };\r
  87 \r
  88 class _addcert : public std::binary_function<X509Data*,XSECCryptoX509*,void> {\r
  89 public:\r
  90     void operator()(X509Data* bag, XSECCryptoX509* cert) const {\r
  91         safeBuffer& buf=cert->getDEREncodingSB();\r
  92         X509Certificate* x=X509CertificateBuilder::buildX509Certificate();\r
  93         x->setValue(buf.sbStrToXMLCh());\r
  94         bag->getX509Certificates().push_back(x);\r
  95     }\r
  96 };\r
  97 \r
  98 class SignatureTest : public CxxTest::TestSuite {\r
  99     XSECCryptoKey* m_key;\r
 100     vector<XSECCryptoX509*> m_certs;\r
 101 public:\r
 102     void setUp() {\r
 103         QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME);\r
 104         QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME);\r
 105         XMLObjectBuilder::registerBuilder(qname, new SimpleXMLObjectBuilder());\r
 106         XMLObjectBuilder::registerBuilder(qtype, new SimpleXMLObjectBuilder());\r
 107         string keypath=data_path + "key.pem";\r
 108         BIO* in=BIO_new(BIO_s_file_internal());\r
 109         if (in && BIO_read_filename(in,keypath.c_str())>0) {\r
 110             EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);\r
 111             if (pkey) {\r
 112                 m_key=new OpenSSLCryptoKeyRSA(pkey);\r
 113                 EVP_PKEY_free(pkey);\r
 114             }\r
 115         }\r
 116         if (in) BIO_free(in);\r
 117         TS_ASSERT(m_key!=NULL);\r
 118 \r
 119         string certpath=data_path + "cert.pem";\r
 120         in=BIO_new(BIO_s_file_internal());\r
 121         if (in && BIO_read_filename(in,certpath.c_str())>0) {\r
 122             X509* x=NULL;\r
 123             while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) {\r
 124                 m_certs.push_back(new OpenSSLCryptoX509(x));\r
 125                 X509_free(x);\r
 126             }\r
 127         }\r
 128         if (in) BIO_free(in);\r
 129         TS_ASSERT(m_certs.size()>0);\r
 130         \r
 131     }\r
 132 \r
 133     void tearDown() {\r
 134         QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME);\r
 135         QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME);\r
 136         XMLObjectBuilder::deregisterBuilder(qname);\r
 137         XMLObjectBuilder::deregisterBuilder(qtype);\r
 138         delete m_key;\r
 139         for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
 140     }\r
 141 \r
 142     void testSignature() {\r
 143         TS_TRACE("testSignature");\r
 144 \r
 145         QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME);\r
 146         const SimpleXMLObjectBuilder* b=dynamic_cast<const SimpleXMLObjectBuilder*>(XMLObjectBuilder::getBuilder(qname));\r
 147         TS_ASSERT(b!=NULL);\r
 148         \r
 149         auto_ptr<SimpleXMLObject> sxObject(b->buildObject());\r
 150         TS_ASSERT(sxObject.get()!=NULL);\r
 151         VectorOf(SimpleXMLObject) kids=sxObject->getSimpleXMLObjects();\r
 152         kids.push_back(b->buildObject());\r
 153         kids.push_back(b->buildObject());\r
 154         \r
 155         // Test some collection stuff\r
 156         auto_ptr_XMLCh foo("Foo");\r
 157         auto_ptr_XMLCh bar("Bar");\r
 158         kids.begin()->setId(foo.get());\r
 159         kids[1]->setValue(bar.get());\r
 160         \r
 161         // Append a Signature.\r
 162         Signature* sig=SignatureBuilder::buildSignature();\r
 163         sxObject->setSignature(sig);\r
 164         sig->setContentReference(new TestContext(&chNull));\r
 165         sig->setSigningKey(m_key->clone());\r
 166         \r
 167         // Build KeyInfo.\r
 168         KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();\r
 169         X509Data* x509Data=X509DataBuilder::buildX509Data();\r
 170         keyInfo->getX509Datas().push_back(x509Data);\r
 171         for_each(m_certs.begin(),m_certs.end(),bind1st(_addcert(),x509Data));\r
 172         sig->setKeyInfo(keyInfo);\r
 173         \r
 174         // Signing context for the whole document.\r
 175         vector<Signature*> sigs(1,sig);\r
 176         DOMElement* rootElement = NULL;\r
 177         try {\r
 178             rootElement=sxObject->marshall((DOMDocument*)NULL,&sigs);\r
 179         }\r
 180         catch (XMLToolingException& e) {\r
 181             TS_TRACE(e.what());\r
 182             throw;\r
 183         }\r
 184         \r
 185         string buf;\r
 186         XMLHelper::serialize(rootElement, buf);\r
 187         //TS_TRACE(buf.c_str());\r
 188 \r
 189         istringstream in(buf);\r
 190         DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
 191         auto_ptr<SimpleXMLObject> sxObject2(dynamic_cast<SimpleXMLObject*>(b->buildFromDocument(doc)));\r
 192         TS_ASSERT(sxObject2.get()!=NULL);\r
 193         TS_ASSERT(sxObject2->getSignature()!=NULL);\r
 194         sxObject2->getSignature()->registerValidator(new TestValidator(&chNull));\r
 195         \r
 196         try {\r
 197             sxObject2->getSignature()->validate(false);\r
 198         }\r
 199         catch (XMLToolingException& e) {\r
 200             TS_TRACE(e.what());\r
 201             throw;\r
 202         }\r
 203     }\r
 204 \r
 205 };\r