func decodeAuthnRequest(in io.Reader, verify bool) (*AuthnRequest, error) {
r := flate.NewReader(base64.NewDecoder(b64enc, in))
buf := bytes.Buffer{}
if _, err := io.Copy(&buf, r); err != nil {
if pdebug.Enabled {
pdebug.Printf("Failed to copy from flate.Reader to bytes.Buffer: %s", err)
}
return nil, err
}
if err := r.Close(); err != nil {
if pdebug.Enabled {
pdebug.Printf("Failed to Close() flat.Reader: %s", err)
}
return nil, err
}
if buf.Len() <= 0 {
if pdebug.Enabled {
pdebug.Printf("buf.Len() is 0")
}
return nil, errors.New("empty request")
}
xmlbytes := buf.Bytes()
if verify {
verifier, err := dsig.NewSignatureVerify()
if err != nil {
return nil, err
}
if err := verifier.Verify(xmlbytes); err != nil {
return nil, err
}
}
if pdebug.Enabled {
pdebug.Printf("base64 decode/uncompress/xml signature verification complete")
}
return ParseAuthnRequest(xmlbytes)
}
func TestXmlSecDSigCtx(t *testing.T) {
xmlsec.Init()
defer xmlsec.Shutdown()
privkey, err := rsa.GenerateKey(rand.Reader, 2048)
if !assert.NoError(t, err, "Generating private key should succeed") {
return
}
privfile, err := writePrivateKey(privkey)
if !assert.NoError(t, err, "Writing private key should succeed") {
return
}
defer os.Remove(privfile)
pubfile, err := writePublicKey(&privkey.PublicKey)
if !assert.NoError(t, err, "Writing public key should succeed") {
return
}
defer os.Remove(pubfile)
src := `<?xml version="1.0" encoding="UTF-8"?>
<!-- XML Security Library example: Simple signature template file for sign1 example. -->
<Envelope xmlns="urn:envelope">
<Data>
Hello, World!
</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<KeyName/>
</KeyInfo>
</Signature>
</Envelope>`
p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt)
doc, err := p.ParseString(src)
if !assert.NoError(t, err, "Parsing template should succeed") {
return
}
defer doc.Free()
{
ctx, err := dsig.NewCtx(nil)
if !assert.NoError(t, err, "dsig.NewCtx should succeed") {
return
}
defer ctx.Free()
key, err := crypto.LoadKeyFromFile(privfile, crypto.KeyDataFormatPem)
if !assert.NoError(t, err, "Loading private key '%s' should succeed", privfile) {
return
}
ctx.SetKey(key)
if !assert.NoError(t, ctx.Sign(doc), "Sign should succeed") {
return
}
}
signed := doc.String()
t.Logf("%s", signed)
{
ctx, err := dsig.NewCtx(nil)
if !assert.NoError(t, err, "dsig.NewCtx should succeed") {
return
}
defer ctx.Free()
key, err := crypto.LoadKeyFromFile(pubfile, crypto.KeyDataFormatPem)
if !assert.NoError(t, err, "Loading public key '%s' should succeed", pubfile) {
return
}
ctx.SetKey(key)
if !assert.NoError(t, ctx.Verify(doc), "Verify should succeed") {
return
}
}
{
verify, err := dsig.NewSignatureVerify()
if !assert.NoError(t, err, "NewSignatureVerify succeeds") {
return
}
if !assert.NoError(t, verify.LoadKeyFromFile(pubfile, crypto.KeyDataFormatPem), "LoadKeyFromFile succeeds") {
return
}
if !assert.NoError(t, verify.VerifyString(signed), "VerifyString succeeds") {
return
}
if !assert.NoError(t, verify.Verify([]byte(signed)), "Verify succeeds") {
return
}
}
}
func TestSignature(t *testing.T) {
xmlsec.Init()
defer xmlsec.Shutdown()
doc := dom.CreateDocument()
defer doc.Free()
message, err := doc.CreateElement("Message")
if !assert.NoError(t, err, "CreateElement succeeds") {
return
}
doc.SetDocumentElement(message)
data, err := doc.CreateElement("Data")
if !assert.NoError(t, err, "CreateElement succeeds") {
return
}
message.AddChild(data)
data.AppendText("Hello, World!")
sig, err := dsig.NewSignature(message, dsig.ExclC14N, dsig.RsaSha1, "")
if !assert.NoError(t, err, "NewSignature succeeds") {
return
}
if !assert.NoError(t, sig.AddReference(dsig.Sha1, "", "", ""), "AddReference succeeds") {
return
}
if !assert.NoError(t, sig.AddTransform(dsig.Enveloped), "AddTransform succeeds") {
return
}
if !assert.NoError(t, sig.AddKeyValue(), "AddKeyValue succeeds") {
return
}
if !assert.NoError(t, sig.AddX509Data(), "AddX509Data succeeds") {
return
}
keyfile := filepath.Join("test", "key.pem")
certfile := filepath.Join("test", "cert.pem")
key, err := crypto.LoadKeyFromFile(keyfile, crypto.KeyDataFormatPem)
if !assert.NoError(t, err, "Load key from file succeeds") {
return
}
key.LoadCertFromFile(certfile, crypto.KeyDataFormatPem)
if !assert.NoError(t, sig.Sign(key), "Sign succeeds") {
return
}
t.Logf("%s", doc.Dump(true))
verify, err := dsig.NewSignatureVerify()
if !assert.NoError(t, err, "NewSignatureVerify succeeds") {
return
}
if !assert.NoError(t, verify.VerifyString(doc.Dump(false)), "VerifyString succeeds") {
return
}
}