File 0015-CPPXT-110-test-for-code-changes-to-OpenSSL... of Package xmltooling.29631

Overview Repositories Revisions Requests Users Attributes Meta

File 0015-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyE.patch of Package xmltooling.29631

From b1dab00582efa014f37eba699b0868443e899c16 Mon Sep 17 00:00:00 2001
From: Rod Widdowson <rdw@steadingsoftware.com>
Date: Thu, 10 Nov 2016 07:27:04 -0500
Subject: [PATCH 15/31] CPPXT-110 test for code changes to OpenSSLCryptoKeyEC

https://issues.shibboleth.net/jira/browse/CPPXT-110

Load a hand crafted <ds:keyInfo> EC.
Load an EC cert/key via openssl
Sign with the latter and verify with the former.
(because there is no obvious easy visibility on the contents of
an OpenSSL EC and it makes my head hurt)
---
 xmltoolingtest/InlineKeyResolverTest.h | 44 ++++++++++++++++++++++++++++++++--
 xmltoolingtest/data/KeyInfoEC.xml      |  9 +++++++
 2 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 xmltoolingtest/data/KeyInfoEC.xml

diff --git a/xmltoolingtest/InlineKeyResolverTest.h b/xmltoolingtest/InlineKeyResolverTest.h
index 87c3f0f..e0ce64c 100644
--- a/xmltoolingtest/InlineKeyResolverTest.h
+++ b/xmltoolingtest/InlineKeyResolverTest.h
@@ -40,14 +40,13 @@ extern "C" {
 
 // Force XMLSEC to assume OpenSSL
 #define XSEC_HAVE_OPENSSL 1
+#define XSEC_OPENSSL_HAVE_EC (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 
 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
 
-
-
 using namespace xmlsignature;
 
 class InlineKeyResolverTest : public CxxTest::TestSuite {
@@ -127,6 +126,47 @@ public:
         TSM_ASSERT(cmp, "PubKey/Y mismatch between keyInfo and file");
     }
 
+    void testOpenSSLEC() {
+
+        string path=data_path + "KeyInfoEC.xml";
+        ifstream fs(path.c_str());
+        DOMDocument* doc=XMLToolingConfig::getConfig().getValidatingParser().parse(fs);
+        TS_ASSERT(doc!=nullptr);
+        const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
+        TS_ASSERT(b!=nullptr);
+        auto_ptr<KeyInfo> kiObject(dynamic_cast<KeyInfo*>(b->buildFromDocument(doc)));
+        TS_ASSERT(kiObject.get()!=nullptr);
+
+        auto_ptr<X509Credential> credFromKeyInfo(dynamic_cast<X509Credential*>(m_resolver->resolve(kiObject.get())));
+        OpenSSLCryptoKeyEC* sslCredFromKeyInfo= dynamic_cast<OpenSSLCryptoKeyEC*>(credFromKeyInfo->getPublicKey());
+
+        const  EC_KEY* keyInfoEC = dynamic_cast<OpenSSLCryptoKeyEC*>(credFromKeyInfo->getPublicKey())->getOpenSSLEC();
+
+        path = data_path + "FileSystemCredentialResolver.xml";
+        ifstream in(path.c_str());
+        DOMDocument* cdoc=XMLToolingConfig::getConfig().getParser().parse(in);
+        XercesJanitor<DOMDocument> cjanitor(cdoc);
+        CredentialResolver* cresolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(
+            CHAINING_CREDENTIAL_RESOLVER,cdoc->getDocumentElement()
+            );
+
+        CredentialCriteria cc;
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
+        cc.setKeyAlgorithm("EC");
+        OpenSSLCryptoKeyEC* fileResolverCryptoKeyEC = dynamic_cast<OpenSSLCryptoKeyEC*>(cresolver->resolve(&cc)->getPublicKey());
+        const EC_KEY* fileResolverEC= fileResolverCryptoKeyEC->getOpenSSLEC();
+
+        unsigned char toSign[] = "NibbleAHappyWartHog";
+        const int bufferSize = 1024;
+        char outSig[bufferSize] = {0};
+        unsigned int len = fileResolverCryptoKeyEC->signBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], bufferSize);
+        //bool worked = fileResolverCryptoKeyEC->verifyBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], len);
+        //TSM_ASSERT("EC Round Trip Signature Failed", worked);
+        bool worked = sslCredFromKeyInfo->verifyBase64SignatureDSA(toSign, sizeof(toSign), &outSig[0], len);
+        TSM_ASSERT("EC Round Trip Signature via KeyInfo Failed", worked);
+    }
+
+
     void testOpenSSLRSA() {
         string path=data_path + "KeyInfo1.xml";
         ifstream fs(path.c_str());
diff --git a/xmltoolingtest/data/KeyInfoEC.xml b/xmltoolingtest/data/KeyInfoEC.xml
new file mode 100644
index 0000000..802ccc1
--- /dev/null
+++ b/xmltoolingtest/data/KeyInfoEC.xml
@@ -0,0 +1,9 @@
+<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds11="http://www.w3.org/2009/xmldsig11#">
+    <ds:KeyValue>
+        <ds11:ECKeyValue>
+            <ds11:NamedCurve URI="urn:oid:2.23.43.1.4.5"/>
+            <ds11:PublicKey>BAYIncGnewJiUxZdqjsBiRpzGGnXTQWSZFUxkVPmPr25FH1ckqX+2xiYsA==
+            </ds11:PublicKey>
+        </ds11:ECKeyValue>
+    </ds:KeyValue>
+</ds:KeyInfo>
-- 
2.13.6

Places

File 0015-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyE.patch of Package xmltooling.29631

Places