[xmltooling] 08/24: CPPXT-110 test for code changes to OpenSSLCryptoKeyEC
Ferenc Wágner
wferi at moszumanska.debian.org
Fri Dec 16 11:56:11 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch master
in repository xmltooling.
commit b1dab00582efa014f37eba699b0868443e899c16
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Thu Nov 10 07:27:04 2016 -0500
CPPXT-110 test for code changes to OpenSSLCryptoKeyEC
https://issues.shibboleth.net/jira/browse/CPPXT-110
Load a hand crafted <ds:keyInfo> EC.
Load an EC cert/key via openssl
Sign with the latter and verify with the former.
(because there is no obvious easy visibility on the contents of
an OpenSSL EC and it makes my head hurt)
---
xmltoolingtest/InlineKeyResolverTest.h | 44 ++++++++++++++++++++++++++++++++--
xmltoolingtest/data/KeyInfoEC.xml | 9 +++++++
2 files changed, 51 insertions(+), 2 deletions(-)
diff --git a/xmltoolingtest/InlineKeyResolverTest.h b/xmltoolingtest/InlineKeyResolverTest.h
index 87c3f0f..e0ce64c 100644
--- a/xmltoolingtest/InlineKeyResolverTest.h
+++ b/xmltoolingtest/InlineKeyResolverTest.h
@@ -40,14 +40,13 @@ extern "C" {
// Force XMLSEC to assume OpenSSL
#define XSEC_HAVE_OPENSSL 1
+#define XSEC_OPENSSL_HAVE_EC (OPENSSL_VERSION_NUMBER >= 0x00907000L)
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
-
-
using namespace xmlsignature;
class InlineKeyResolverTest : public CxxTest::TestSuite {
@@ -127,6 +126,47 @@ public:
TSM_ASSERT(cmp, "PubKey/Y mismatch between keyInfo and file");
}
+ void testOpenSSLEC() {
+
+ string path=data_path + "KeyInfoEC.xml";
+ ifstream fs(path.c_str());
+ DOMDocument* doc=XMLToolingConfig::getConfig().getValidatingParser().parse(fs);
+ TS_ASSERT(doc!=nullptr);
+ const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
+ TS_ASSERT(b!=nullptr);
+ auto_ptr<KeyInfo> kiObject(dynamic_cast<KeyInfo*>(b->buildFromDocument(doc)));
+ TS_ASSERT(kiObject.get()!=nullptr);
+
+ auto_ptr<X509Credential> credFromKeyInfo(dynamic_cast<X509Credential*>(m_resolver->resolve(kiObject.get())));
+ OpenSSLCryptoKeyEC* sslCredFromKeyInfo= dynamic_cast<OpenSSLCryptoKeyEC*>(credFromKeyInfo->getPublicKey());
+
+ const EC_KEY* keyInfoEC = dynamic_cast<OpenSSLCryptoKeyEC*>(credFromKeyInfo->getPublicKey())->getOpenSSLEC();
+
+ path = data_path + "FileSystemCredentialResolver.xml";
+ ifstream in(path.c_str());
+ DOMDocument* cdoc=XMLToolingConfig::getConfig().getParser().parse(in);
+ XercesJanitor<DOMDocument> cjanitor(cdoc);
+ CredentialResolver* cresolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(
+ CHAINING_CREDENTIAL_RESOLVER,cdoc->getDocumentElement()
+ );
+
+ CredentialCriteria cc;
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
+ cc.setKeyAlgorithm("EC");
+ OpenSSLCryptoKeyEC* fileResolverCryptoKeyEC = dynamic_cast<OpenSSLCryptoKeyEC*>(cresolver->resolve(&cc)->getPublicKey());
+ const EC_KEY* fileResolverEC= fileResolverCryptoKeyEC->getOpenSSLEC();
+
+ unsigned char toSign[] = "NibbleAHappyWartHog";
+ const int bufferSize = 1024;
+ char outSig[bufferSize] = {0};
+ unsigned int len = fileResolverCryptoKeyEC->signBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], bufferSize);
+ //bool worked = fileResolverCryptoKeyEC->verifyBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], len);
+ //TSM_ASSERT("EC Round Trip Signature Failed", worked);
+ bool worked = sslCredFromKeyInfo->verifyBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], len);
+ TSM_ASSERT("EC Round Trip Signature via KeyInfo Failed", worked);
+ }
+
+
void testOpenSSLRSA() {
string path=data_path + "KeyInfo1.xml";
ifstream fs(path.c_str());
diff --git a/xmltoolingtest/data/KeyInfoEC.xml b/xmltoolingtest/data/KeyInfoEC.xml
new file mode 100644
index 0000000..802ccc1
--- /dev/null
+++ b/xmltoolingtest/data/KeyInfoEC.xml
@@ -0,0 +1,9 @@
+<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds11="http://www.w3.org/2009/xmldsig11#">
+ <ds:KeyValue>
+ <ds11:ECKeyValue>
+ <ds11:NamedCurve URI="urn:oid:2.23.43.1.4.5"/>
+ <ds11:PublicKey>BAYIncGnewJiUxZdqjsBiRpzGGnXTQWSZFUxkVPmPr25FH1ckqX+2xiYsA==
+ </ds11:PublicKey>
+ </ds11:ECKeyValue>
+ </ds:KeyValue>
+</ds:KeyInfo>
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/xmltooling.git
More information about the Pkg-shibboleth-devel
mailing list