xmltoolingtest/SignatureTest.h

   1 /*\r
   2  *  Copyright 2001-2005 Internet2\r
   3  * \r
   4  * Licensed under the Apache License, Version 2.0 (the "License");\r
   5  * you may not use this file except in compliance with the License.\r
   6  * You may obtain a copy of the License at\r
   7  *\r
   8  *     http://www.apache.org/licenses/LICENSE-2.0\r
   9  *\r
  10  * Unless required by applicable law or agreed to in writing, software\r
  11  * distributed under the License is distributed on an "AS IS" BASIS,\r
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  13  * See the License for the specific language governing permissions and\r
  14  * limitations under the License.\r
  15  */\r
  16 \r
  17 #include "XMLObjectBaseTestCase.h"\r
  18 \r
  19 #include <fstream>\r
  20 #include <openssl/pem.h>\r
  21 #include <xercesc/util/XMLUniDefs.hpp>\r
  22 #include <xsec/dsig/DSIGReference.hpp>\r
  23 #include <xsec/enc/XSECKeyInfoResolverDefault.hpp>\r
  24 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>\r
  25 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
  26 \r
  27 class TestContext : public SigningContext, public VerifyingContext\r
  28 {\r
  29     XSECCryptoKey* m_key;\r
  30     vector<XSECCryptoX509*> m_certs;\r
  31     XMLCh* m_uri;\r
  32     \r
  33 public:\r
  34     TestContext(const XMLCh* uri) {\r
  35         string keypath=data_path + "key.pem";\r
  36         BIO* in=BIO_new(BIO_s_file_internal());\r
  37         if (in && BIO_read_filename(in,keypath.c_str())>0) {\r
  38             EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);\r
  39             if (pkey) {\r
  40                 m_key=new OpenSSLCryptoKeyRSA(pkey);\r
  41                 EVP_PKEY_free(pkey);\r
  42             }\r
  43         }\r
  44         if (in) BIO_free(in);\r
  45         TS_ASSERT(m_key!=NULL);\r
  46 \r
  47         string certpath=data_path + "cert.pem";\r
  48         in=BIO_new(BIO_s_file_internal());\r
  49         if (in && BIO_read_filename(in,certpath.c_str())>0) {\r
  50             X509* x=NULL;\r
  51             while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) {\r
  52                 m_certs.push_back(new OpenSSLCryptoX509(x));\r
  53                 X509_free(x);\r
  54             }\r
  55         }\r
  56         if (in) BIO_free(in);\r
  57         TS_ASSERT(m_certs.size()>0);\r
  58         \r
  59         m_uri=XMLString::replicate(uri);\r
  60     }\r
  61     \r
  62     virtual ~TestContext() {\r
  63         delete m_key;\r
  64         for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
  65         XMLString::release(&m_uri);\r
  66     }\r
  67 \r
  68     void createSignature(DSIGSignature* sig) const {\r
  69         DSIGReference* ref=sig->createReference(m_uri);\r
  70         ref->appendEnvelopedSignatureTransform();\r
  71         ref->appendCanonicalizationTransform(CANON_C14NE_NOC);\r
  72     }\r
  73 \r
  74     void verifySignature(DSIGSignature* sig) const {\r
  75         const XMLCh* uri=sig->getReferenceList()->item(0)->getURI();\r
  76         TSM_ASSERT_SAME_DATA("Reference URI does not match.",uri,m_uri,XMLString::stringLen(uri));\r
  77         XSECKeyInfoResolverDefault resolver;\r
  78         sig->setKeyInfoResolver(&resolver); // It will clone the resolver for us.\r
  79         sig->verify();\r
  80     }\r
  81     \r
  82     const std::vector<XSECCryptoX509*>& getX509Certificates() const { return m_certs; }\r
  83     XSECCryptoKey* getSigningKey() const { return m_key->clone(); }\r
  84 };\r
  85 \r
  86 class SignatureTest : public CxxTest::TestSuite {\r
  87     QName m_qname;\r
  88 public:\r
  89     SignatureTest() : m_qname(SimpleXMLObject::NAMESPACE,SimpleXMLObject::LOCAL_NAME) {}\r
  90 \r
  91     void setUp() {\r
  92         XMLObjectBuilder::registerBuilder(m_qname, new SimpleXMLObjectBuilder());\r
  93     }\r
  94 \r
  95     void tearDown() {\r
  96         XMLObjectBuilder::deregisterBuilder(m_qname);\r
  97     }\r
  98 \r
  99     void testSignature() {\r
 100         TS_TRACE("testSignature");\r
 101 \r
 102         const SimpleXMLObjectBuilder* b=dynamic_cast<const SimpleXMLObjectBuilder*>(XMLObjectBuilder::getBuilder(m_qname));\r
 103         TS_ASSERT(b!=NULL);\r
 104         \r
 105         auto_ptr<SimpleXMLObject> sxObject(b->buildObject());\r
 106         TS_ASSERT(sxObject.get()!=NULL);\r
 107         VectorOf(SimpleXMLObject) kids=sxObject->getSimpleXMLObjects();\r
 108         kids.push_back(b->buildObject());\r
 109         kids.push_back(b->buildObject());\r
 110         \r
 111         // Test some collection stuff\r
 112         auto_ptr_XMLCh foo("Foo");\r
 113         auto_ptr_XMLCh bar("Bar");\r
 114         kids.begin()->setId(foo.get());\r
 115         kids[1]->setValue(bar.get());\r
 116         \r
 117         // Append a Signature.\r
 118         Signature* sig=dynamic_cast<Signature*>(XMLObjectBuilder::buildObject(QName(XMLConstants::XMLSIG_NS,Signature::LOCAL_NAME)));\r
 119         sxObject->setSignature(sig);\r
 120         \r
 121         // Signing context for the whole document.\r
 122         TestContext tc(&chNull);\r
 123         MarshallingContext mctx(sig,&tc);\r
 124         DOMElement* rootElement = sxObject->marshall((DOMDocument*)NULL,&mctx);\r
 125         \r
 126         string buf;\r
 127         XMLHelper::serialize(rootElement, buf);\r
 128         TS_TRACE(buf.c_str());\r
 129 \r
 130         istringstream in(buf);\r
 131         DOMDocument* doc=nonvalidatingPool->parse(in);\r
 132         auto_ptr<SimpleXMLObject> sxObject2(dynamic_cast<SimpleXMLObject*>(b->buildObject()->unmarshall(doc->getDocumentElement(),true)));\r
 133         TS_ASSERT(sxObject2.get()!=NULL);\r
 134         TS_ASSERT(sxObject2->getSignature()!=NULL);\r
 135         \r
 136         try {\r
 137             sxObject2->getSignature()->verify(tc);\r
 138         }\r
 139         catch (SignatureException& e) {\r
 140             TS_TRACE(e.what());\r
 141             throw;\r
 142         }\r
 143     }\r
 144 \r
 145 };\r