func decodeAuthnRequest(in io.Reader, verify bool) (*AuthnRequest, error) { r := flate.NewReader(base64.NewDecoder(b64enc, in)) buf := bytes.Buffer{} if _, err := io.Copy(&buf, r); err != nil { if pdebug.Enabled { pdebug.Printf("Failed to copy from flate.Reader to bytes.Buffer: %s", err) } return nil, err } if err := r.Close(); err != nil { if pdebug.Enabled { pdebug.Printf("Failed to Close() flat.Reader: %s", err) } return nil, err } if buf.Len() <= 0 { if pdebug.Enabled { pdebug.Printf("buf.Len() is 0") } return nil, errors.New("empty request") } xmlbytes := buf.Bytes() if verify { verifier, err := dsig.NewSignatureVerify() if err != nil { return nil, err } if err := verifier.Verify(xmlbytes); err != nil { return nil, err } } if pdebug.Enabled { pdebug.Printf("base64 decode/uncompress/xml signature verification complete") } return ParseAuthnRequest(xmlbytes) }
func TestXmlSecDSigCtx(t *testing.T) { xmlsec.Init() defer xmlsec.Shutdown() privkey, err := rsa.GenerateKey(rand.Reader, 2048) if !assert.NoError(t, err, "Generating private key should succeed") { return } privfile, err := writePrivateKey(privkey) if !assert.NoError(t, err, "Writing private key should succeed") { return } defer os.Remove(privfile) pubfile, err := writePublicKey(&privkey.PublicKey) if !assert.NoError(t, err, "Writing public key should succeed") { return } defer os.Remove(pubfile) src := `<?xml version="1.0" encoding="UTF-8"?> <!-- XML Security Library example: Simple signature template file for sign1 example. --> <Envelope xmlns="urn:envelope"> <Data> Hello, World! </Data> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue/> <KeyInfo> <KeyName/> </KeyInfo> </Signature> </Envelope>` p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt) doc, err := p.ParseString(src) if !assert.NoError(t, err, "Parsing template should succeed") { return } defer doc.Free() { ctx, err := dsig.NewCtx(nil) if !assert.NoError(t, err, "dsig.NewCtx should succeed") { return } defer ctx.Free() key, err := crypto.LoadKeyFromFile(privfile, crypto.KeyDataFormatPem) if !assert.NoError(t, err, "Loading private key '%s' should succeed", privfile) { return } ctx.SetKey(key) if !assert.NoError(t, ctx.Sign(doc), "Sign should succeed") { return } } signed := doc.String() t.Logf("%s", signed) { ctx, err := dsig.NewCtx(nil) if !assert.NoError(t, err, "dsig.NewCtx should succeed") { return } defer ctx.Free() key, err := crypto.LoadKeyFromFile(pubfile, crypto.KeyDataFormatPem) if !assert.NoError(t, err, "Loading public key '%s' should succeed", pubfile) { return } ctx.SetKey(key) if !assert.NoError(t, ctx.Verify(doc), "Verify should succeed") { return } } { verify, err := dsig.NewSignatureVerify() if !assert.NoError(t, err, "NewSignatureVerify succeeds") { return } if !assert.NoError(t, verify.LoadKeyFromFile(pubfile, crypto.KeyDataFormatPem), "LoadKeyFromFile succeeds") { return } if !assert.NoError(t, verify.VerifyString(signed), "VerifyString succeeds") { return } if !assert.NoError(t, verify.Verify([]byte(signed)), "Verify succeeds") { return } } }
func TestSignature(t *testing.T) { xmlsec.Init() defer xmlsec.Shutdown() doc := dom.CreateDocument() defer doc.Free() message, err := doc.CreateElement("Message") if !assert.NoError(t, err, "CreateElement succeeds") { return } doc.SetDocumentElement(message) data, err := doc.CreateElement("Data") if !assert.NoError(t, err, "CreateElement succeeds") { return } message.AddChild(data) data.AppendText("Hello, World!") sig, err := dsig.NewSignature(message, dsig.ExclC14N, dsig.RsaSha1, "") if !assert.NoError(t, err, "NewSignature succeeds") { return } if !assert.NoError(t, sig.AddReference(dsig.Sha1, "", "", ""), "AddReference succeeds") { return } if !assert.NoError(t, sig.AddTransform(dsig.Enveloped), "AddTransform succeeds") { return } if !assert.NoError(t, sig.AddKeyValue(), "AddKeyValue succeeds") { return } if !assert.NoError(t, sig.AddX509Data(), "AddX509Data succeeds") { return } keyfile := filepath.Join("test", "key.pem") certfile := filepath.Join("test", "cert.pem") key, err := crypto.LoadKeyFromFile(keyfile, crypto.KeyDataFormatPem) if !assert.NoError(t, err, "Load key from file succeeds") { return } key.LoadCertFromFile(certfile, crypto.KeyDataFormatPem) if !assert.NoError(t, sig.Sign(key), "Sign succeeds") { return } t.Logf("%s", doc.Dump(true)) verify, err := dsig.NewSignatureVerify() if !assert.NoError(t, err, "NewSignatureVerify succeeds") { return } if !assert.NoError(t, verify.VerifyString(doc.Dump(false)), "VerifyString succeeds") { return } }