[xmltooling] 08/24: CPPXT-110 test for code changes to OpenSSLCryptoKeyEC

Ferenc Wágner wferi at moszumanska.debian.org
Fri Dec 16 11:56:11 UTC 2016 

This is an automated email from the git hooks/post-receive script.

wferi pushed a commit to branch master
in repository xmltooling.

commit b1dab00582efa014f37eba699b0868443e899c16
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date:   Thu Nov 10 07:27:04 2016 -0500

    CPPXT-110 test for code changes to OpenSSLCryptoKeyEC
    
        https://issues.shibboleth.net/jira/browse/CPPXT-110
    
    Load a hand crafted <ds:keyInfo> EC.
    Load an EC cert/key via openssl
    Sign with the latter and verify with the former.
    (because there is no obvious easy visibility on the contents of
    an OpenSSL EC and it makes my head hurt)
---
 xmltoolingtest/InlineKeyResolverTest.h | 44 ++++++++++++++++++++++++++++++++--
 xmltoolingtest/data/KeyInfoEC.xml      |  9 +++++++
 2 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/xmltoolingtest/InlineKeyResolverTest.h b/xmltoolingtest/InlineKeyResolverTest.h
index 87c3f0f..e0ce64c 100644
--- a/xmltoolingtest/InlineKeyResolverTest.h
+++ b/xmltoolingtest/InlineKeyResolverTest.h
@@ -40,14 +40,13 @@ extern "C" {
 
 // Force XMLSEC to assume OpenSSL
 #define XSEC_HAVE_OPENSSL 1
+#define XSEC_OPENSSL_HAVE_EC (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 
 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
 
-
-
 using namespace xmlsignature;
 
 class InlineKeyResolverTest : public CxxTest::TestSuite {
@@ -127,6 +126,47 @@ public:
         TSM_ASSERT(cmp, "PubKey/Y mismatch between keyInfo and file");
     }
 
+    void testOpenSSLEC() {
+
+        string path=data_path + "KeyInfoEC.xml";
+        ifstream fs(path.c_str());
+        DOMDocument* doc=XMLToolingConfig::getConfig().getValidatingParser().parse(fs);
+        TS_ASSERT(doc!=nullptr);
+        const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
+        TS_ASSERT(b!=nullptr);
+        auto_ptr<KeyInfo> kiObject(dynamic_cast<KeyInfo*>(b->buildFromDocument(doc)));
+        TS_ASSERT(kiObject.get()!=nullptr);
+
+        auto_ptr<X509Credential> credFromKeyInfo(dynamic_cast<X509Credential*>(m_resolver->resolve(kiObject.get())));
+        OpenSSLCryptoKeyEC* sslCredFromKeyInfo= dynamic_cast<OpenSSLCryptoKeyEC*>(credFromKeyInfo->getPublicKey());
+
+        const  EC_KEY* keyInfoEC = dynamic_cast<OpenSSLCryptoKeyEC*>(credFromKeyInfo->getPublicKey())->getOpenSSLEC();
+
+        path = data_path + "FileSystemCredentialResolver.xml";
+        ifstream in(path.c_str());
+        DOMDocument* cdoc=XMLToolingConfig::getConfig().getParser().parse(in);
+        XercesJanitor<DOMDocument> cjanitor(cdoc);
+        CredentialResolver* cresolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(
+            CHAINING_CREDENTIAL_RESOLVER,cdoc->getDocumentElement()
+            );
+
+        CredentialCriteria cc;
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
+        cc.setKeyAlgorithm("EC");
+        OpenSSLCryptoKeyEC* fileResolverCryptoKeyEC = dynamic_cast<OpenSSLCryptoKeyEC*>(cresolver->resolve(&cc)->getPublicKey());
+        const EC_KEY* fileResolverEC= fileResolverCryptoKeyEC->getOpenSSLEC();
+
+        unsigned char toSign[] = "NibbleAHappyWartHog";
+        const int bufferSize = 1024;
+        char outSig[bufferSize] = {0};
+        unsigned int len = fileResolverCryptoKeyEC->signBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], bufferSize);
+        //bool worked = fileResolverCryptoKeyEC->verifyBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], len);
+        //TSM_ASSERT("EC Round Trip Signature Failed", worked);
+        bool worked = sslCredFromKeyInfo->verifyBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], len);
+        TSM_ASSERT("EC Round Trip Signature via KeyInfo Failed", worked);
+    }
+
+
     void testOpenSSLRSA() {
         string path=data_path + "KeyInfo1.xml";
         ifstream fs(path.c_str());
diff --git a/xmltoolingtest/data/KeyInfoEC.xml b/xmltoolingtest/data/KeyInfoEC.xml
new file mode 100644
index 0000000..802ccc1
--- /dev/null
+++ b/xmltoolingtest/data/KeyInfoEC.xml
@@ -0,0 +1,9 @@
+<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds11="http://www.w3.org/2009/xmldsig11#">
+    <ds:KeyValue>
+        <ds11:ECKeyValue>
+            <ds11:NamedCurve URI="urn:oid:2.23.43.1.4.5"/>
+            <ds11:PublicKey>BAYIncGnewJiUxZdqjsBiRpzGGnXTQWSZFUxkVPmPr25FH1ckqX+2xiYsA==
+            </ds11:PublicKey>
+        </ds11:ECKeyValue>
+    </ds:KeyValue>
+</ds:KeyInfo>

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/xmltooling.git

More information about the Pkg-shibboleth-devel mailing list