1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/**
* Licensed to the University Corporation for Advanced Internet
* Development, Inc. (UCAID) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for
* additional information regarding copyright ownership.
*
* UCAID licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the
* License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the License.
*/
#include "XMLObjectBaseTestCase.h"
#include <xmltooling/security/SecurityHelper.h>
#include <xsec/enc/XSECCryptoKey.hpp>
#include <xsec/enc/XSECCryptoX509.hpp>
class SecurityHelperTest : public CxxTest::TestSuite {
vector<XSECCryptoX509*> certs;
SOAPTransport* getTransport(const char* url) {
SOAPTransport::Address addr("SecurityHelperTest", "spaces.internet2.edu", url);
string scheme(addr.m_endpoint, strchr(addr.m_endpoint,':') - addr.m_endpoint);
return XMLToolingConfig::getConfig().SOAPTransportManager.newPlugin(scheme.c_str(), addr);
}
public:
void setUp() {
}
void tearDown() {
for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
certs.clear();
}
void testKeysFromFiles() {
string pathname = data_path + "key.pem";
auto_ptr<XSECCryptoKey> key1(SecurityHelper::loadKeyFromFile(pathname.c_str()));
pathname = data_path + "key.der";
auto_ptr<XSECCryptoKey> key2(SecurityHelper::loadKeyFromFile(pathname.c_str()));
pathname = data_path + "test.pfx";
auto_ptr<XSECCryptoKey> key3(SecurityHelper::loadKeyFromFile(pathname.c_str(), nullptr, "password"));
TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
pathname = data_path + "key2.pem";
auto_ptr<XSECCryptoKey> key4(SecurityHelper::loadKeyFromFile(pathname.c_str()));
TSM_ASSERT("Different keys matched", !SecurityHelper::matches(*key3.get(), *key4.get()));
}
void testCertificatesFromFiles() {
string pathname = data_path + "cert.pem";
SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
pathname = data_path + "cert.der";
SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str());
pathname = data_path + "test.pfx";
SecurityHelper::loadCertificatesFromFile(certs, pathname.c_str(), nullptr, "password");
TSM_ASSERT_EQUALS("Wrong certificate count", certs.size(), 3);
auto_ptr<XSECCryptoKey> key1(certs[0]->clonePublicKey());
auto_ptr<XSECCryptoKey> key2(certs[1]->clonePublicKey());
auto_ptr<XSECCryptoKey> key3(certs[2]->clonePublicKey());
TSM_ASSERT("PEM/DER keys did not match", SecurityHelper::matches(*key1.get(), *key2.get()));
TSM_ASSERT("DER/PKCS12 keys did not match", SecurityHelper::matches(*key2.get(), *key3.get()));
TSM_ASSERT_EQUALS(
"Certificate and its key produced different DER encodings",
SecurityHelper::getDEREncoding(*certs[2]), SecurityHelper::getDEREncoding(*key1.get())
);
TSM_ASSERT_EQUALS(
"Certificate and its key produced different hashed encodings",
SecurityHelper::getDEREncoding(*certs[2], "SHA1"), SecurityHelper::getDEREncoding(*key1.get(), "SHA1")
);
TSM_ASSERT_EQUALS(
"Certificate and its key produced different hashed encodings",
SecurityHelper::getDEREncoding(*certs[2], "SHA256"), SecurityHelper::getDEREncoding(*key1.get(), "SHA256")
);
for_each(certs.begin(), certs.end(), xmltooling::cleanup<XSECCryptoX509>());
certs.clear();
}
};
|
