Пример #1
0
func decodeAuthnRequest(in io.Reader, verify bool) (*AuthnRequest, error) {
	r := flate.NewReader(base64.NewDecoder(b64enc, in))

	buf := bytes.Buffer{}
	if _, err := io.Copy(&buf, r); err != nil {
		if pdebug.Enabled {
			pdebug.Printf("Failed to copy from flate.Reader to bytes.Buffer: %s", err)
		}
		return nil, err
	}

	if err := r.Close(); err != nil {
		if pdebug.Enabled {
			pdebug.Printf("Failed to Close() flat.Reader: %s", err)
		}
		return nil, err
	}

	if buf.Len() <= 0 {
		if pdebug.Enabled {
			pdebug.Printf("buf.Len() is 0")
		}
		return nil, errors.New("empty request")
	}

	xmlbytes := buf.Bytes()
	if verify {
		verifier, err := dsig.NewSignatureVerify()
		if err != nil {
			return nil, err
		}

		if err := verifier.Verify(xmlbytes); err != nil {
			return nil, err
		}
	}

	if pdebug.Enabled {
		pdebug.Printf("base64 decode/uncompress/xml signature verification complete")
	}

	return ParseAuthnRequest(xmlbytes)
}
Пример #2
0
func TestXmlSecDSigCtx(t *testing.T) {
	xmlsec.Init()
	defer xmlsec.Shutdown()

	privkey, err := rsa.GenerateKey(rand.Reader, 2048)
	if !assert.NoError(t, err, "Generating private key should succeed") {
		return
	}

	privfile, err := writePrivateKey(privkey)
	if !assert.NoError(t, err, "Writing private key should succeed") {
		return
	}
	defer os.Remove(privfile)

	pubfile, err := writePublicKey(&privkey.PublicKey)
	if !assert.NoError(t, err, "Writing public key should succeed") {
		return
	}
	defer os.Remove(pubfile)

	src := `<?xml version="1.0" encoding="UTF-8"?>
<!-- XML Security Library example: Simple signature template file for sign1 example.  -->
<Envelope xmlns="urn:envelope">
  <Data>
	Hello, World!
  </Data>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue></DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue/>
    <KeyInfo>
      <KeyName/>
    </KeyInfo>
  </Signature>
</Envelope>`

	p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt)
	doc, err := p.ParseString(src)

	if !assert.NoError(t, err, "Parsing template should succeed") {
		return
	}
	defer doc.Free()

	{
		ctx, err := dsig.NewCtx(nil)
		if !assert.NoError(t, err, "dsig.NewCtx should succeed") {
			return
		}
		defer ctx.Free()

		key, err := crypto.LoadKeyFromFile(privfile, crypto.KeyDataFormatPem)
		if !assert.NoError(t, err, "Loading private key '%s' should succeed", privfile) {
			return
		}
		ctx.SetKey(key)

		if !assert.NoError(t, ctx.Sign(doc), "Sign should succeed") {
			return
		}
	}

	signed := doc.String()
	t.Logf("%s", signed)

	{
		ctx, err := dsig.NewCtx(nil)
		if !assert.NoError(t, err, "dsig.NewCtx should succeed") {
			return
		}
		defer ctx.Free()

		key, err := crypto.LoadKeyFromFile(pubfile, crypto.KeyDataFormatPem)
		if !assert.NoError(t, err, "Loading public key '%s' should succeed", pubfile) {
			return
		}
		ctx.SetKey(key)

		if !assert.NoError(t, ctx.Verify(doc), "Verify should succeed") {
			return
		}
	}

	{
		verify, err := dsig.NewSignatureVerify()
		if !assert.NoError(t, err, "NewSignatureVerify succeeds") {
			return
		}

		if !assert.NoError(t, verify.LoadKeyFromFile(pubfile, crypto.KeyDataFormatPem), "LoadKeyFromFile succeeds") {
			return
		}

		if !assert.NoError(t, verify.VerifyString(signed), "VerifyString succeeds") {
			return
		}
		if !assert.NoError(t, verify.Verify([]byte(signed)), "Verify succeeds") {
			return
		}
	}
}
Пример #3
0
func TestSignature(t *testing.T) {
	xmlsec.Init()
	defer xmlsec.Shutdown()

	doc := dom.CreateDocument()
	defer doc.Free()

	message, err := doc.CreateElement("Message")
	if !assert.NoError(t, err, "CreateElement succeeds") {
		return
	}
	doc.SetDocumentElement(message)

	data, err := doc.CreateElement("Data")
	if !assert.NoError(t, err, "CreateElement succeeds") {
		return
	}
	message.AddChild(data)
	data.AppendText("Hello, World!")

	sig, err := dsig.NewSignature(message, dsig.ExclC14N, dsig.RsaSha1, "")
	if !assert.NoError(t, err, "NewSignature succeeds") {
		return
	}

	if !assert.NoError(t, sig.AddReference(dsig.Sha1, "", "", ""), "AddReference succeeds") {
		return
	}

	if !assert.NoError(t, sig.AddTransform(dsig.Enveloped), "AddTransform succeeds") {
		return
	}

	if !assert.NoError(t, sig.AddKeyValue(), "AddKeyValue succeeds") {
		return
	}

	if !assert.NoError(t, sig.AddX509Data(), "AddX509Data succeeds") {
		return
	}

	keyfile := filepath.Join("test", "key.pem")
	certfile := filepath.Join("test", "cert.pem")
	key, err := crypto.LoadKeyFromFile(keyfile, crypto.KeyDataFormatPem)
	if !assert.NoError(t, err, "Load key from file succeeds") {
		return
	}

	key.LoadCertFromFile(certfile, crypto.KeyDataFormatPem)

	if !assert.NoError(t, sig.Sign(key), "Sign succeeds") {
		return
	}

	t.Logf("%s", doc.Dump(true))

	verify, err := dsig.NewSignatureVerify()
	if !assert.NoError(t, err, "NewSignatureVerify succeeds") {
		return
	}

	if !assert.NoError(t, verify.VerifyString(doc.Dump(false)), "VerifyString succeeds") {
		return
	}
}