Integrated credential resolver API with signing context.

[shibboleth/cpp-xmltooling.git] / xmltoolingtest / SignatureTest.h

/*\r
 *  Copyright 2001-2005 Internet2\r
 * \r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 *\r
 *     http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 */\r
\r
#include "XMLObjectBaseTestCase.h"\r
\r
#include <fstream>\r
#include <openssl/pem.h>\r
#include <xercesc/util/XMLUniDefs.hpp>\r
#include <xsec/dsig/DSIGReference.hpp>\r
#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>\r
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>\r
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
\r
class TestContext : public SigningContext, public VerifyingContext, CredentialResolver\r
{\r
    XSECCryptoKey* m_key;\r
    vector<XSECCryptoX509*> m_certs;\r
    XMLCh* m_uri;\r
    \r
public:\r
    TestContext(const XMLCh* uri) {\r
        string keypath=data_path + "key.pem";\r
        BIO* in=BIO_new(BIO_s_file_internal());\r
        if (in && BIO_read_filename(in,keypath.c_str())>0) {\r
            EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);\r
            if (pkey) {\r
                m_key=new OpenSSLCryptoKeyRSA(pkey);\r
                EVP_PKEY_free(pkey);\r
            }\r
        }\r
        if (in) BIO_free(in);\r
        TS_ASSERT(m_key!=NULL);\r
\r
        string certpath=data_path + "cert.pem";\r
        in=BIO_new(BIO_s_file_internal());\r
        if (in && BIO_read_filename(in,certpath.c_str())>0) {\r
            X509* x=NULL;\r
            while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) {\r
                m_certs.push_back(new OpenSSLCryptoX509(x));\r
                X509_free(x);\r
            }\r
        }\r
        if (in) BIO_free(in);\r
        TS_ASSERT(m_certs.size()>0);\r
        \r
        m_uri=XMLString::replicate(uri);\r
    }\r
    \r
    virtual ~TestContext() {\r
        delete m_key;\r
        for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
        XMLString::release(&m_uri);\r
    }\r
\r
    bool createSignature(DSIGSignature* sig) {\r
        DSIGReference* ref=sig->createReference(m_uri);\r
        ref->appendEnvelopedSignatureTransform();\r
        ref->appendCanonicalizationTransform(CANON_C14NE_NOC);\r
        return false;\r
    }\r
\r
    void verifySignature(DSIGSignature* sig) const {\r
        const XMLCh* uri=sig->getReferenceList()->item(0)->getURI();\r
        TSM_ASSERT_SAME_DATA("Reference URI does not match.",uri,m_uri,XMLString::stringLen(uri));\r
        XSECKeyInfoResolverDefault resolver;\r
        sig->setKeyInfoResolver(&resolver); // It will clone the resolver for us.\r
        sig->verify();\r
    }\r
    \r
    KeyInfo* getKeyInfo() { return NULL; }\r
    CredentialResolver& getCredentialResolver() { return *this; }\r
    const char* getId() const { return "test"; }\r
    const std::vector<XSECCryptoX509*>* getX509Certificates() { return &m_certs; }\r
    XSECCryptoKey* getPublicKey() { return m_key; }\r
    XSECCryptoKey* getPrivateKey() { return m_key; }\r
    Lockable& lock() { return *this; }\r
    void unlock() {}\r
};\r
\r
class SignatureTest : public CxxTest::TestSuite {\r
public:\r
    void setUp() {\r
        QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME);\r
        QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME);\r
        XMLObjectBuilder::registerBuilder(qname, new SimpleXMLObjectBuilder());\r
        XMLObjectBuilder::registerBuilder(qtype, new SimpleXMLObjectBuilder());\r
    }\r
\r
    void tearDown() {\r
        QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME);\r
        QName qtype(SimpleXMLObject::NAMESPACE,SimpleXMLObject::TYPE_NAME);\r
        XMLObjectBuilder::deregisterBuilder(qname);\r
        XMLObjectBuilder::deregisterBuilder(qtype);\r
    }\r
\r
    void testSignature() {\r
        TS_TRACE("testSignature");\r
\r
        QName qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME);\r
        const SimpleXMLObjectBuilder* b=dynamic_cast<const SimpleXMLObjectBuilder*>(XMLObjectBuilder::getBuilder(qname));\r
        TS_ASSERT(b!=NULL);\r
        \r
        auto_ptr<SimpleXMLObject> sxObject(b->buildObject());\r
        TS_ASSERT(sxObject.get()!=NULL);\r
        VectorOf(SimpleXMLObject) kids=sxObject->getSimpleXMLObjects();\r
        kids.push_back(b->buildObject());\r
        kids.push_back(b->buildObject());\r
        \r
        // Test some collection stuff\r
        auto_ptr_XMLCh foo("Foo");\r
        auto_ptr_XMLCh bar("Bar");\r
        kids.begin()->setId(foo.get());\r
        kids[1]->setValue(bar.get());\r
        \r
        // Append a Signature.\r
        Signature* sig=SignatureBuilder::newSignature();\r
        sxObject->setSignature(sig);\r
        \r
        // Signing context for the whole document.\r
        TestContext tc(&chNull);\r
        MarshallingContext mctx(sig,&tc);\r
        DOMElement* rootElement = sxObject->marshall((DOMDocument*)NULL,&mctx);\r
        \r
        string buf;\r
        XMLHelper::serialize(rootElement, buf);\r
        //TS_TRACE(buf.c_str());\r
\r
        istringstream in(buf);\r
        DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
        auto_ptr<SimpleXMLObject> sxObject2(dynamic_cast<SimpleXMLObject*>(b->buildFromDocument(doc)));\r
        TS_ASSERT(sxObject2.get()!=NULL);\r
        TS_ASSERT(sxObject2->getSignature()!=NULL);\r
        \r
        try {\r
            sxObject2->getSignature()->verify(tc);\r
        }\r
        catch (SignatureException& e) {\r
            TS_TRACE(e.what());\r
            throw;\r
        }\r
    }\r
\r
};\r