[xmlsec] xmlsec test harness

Tejkumar Arora tej at netscape.com
Wed May 14 22:44:30 PDT 2003


Aleksey Sanin wrote:

> Well, I would think that PKCS12 is better (IMHO). I did not have a 
> need to convert
> keys to pkcs12 but if you are willing to do it then go ahead. I think 
> it's a good idea.
>
> Aleksey

The thing with PKCS12 files is that they cannot contain just a
public key, or a private key or a cert. A minimum of pvt key and
associated cert is needed. With DER files, each of these
can be separately contained.
Since your test harness has pvt keys, pub keys, certs in their own
individual files, I used DER format.

Anyway, I'm attaching the changes I made to run the test harness
with DER files. I left the existing tests/*.sh scripts alone and
created tests/*-std.sh scripts, and a new make target "check-std".
I ran the DER-based script (make check-std) with openssl and it
worked fine (results identical to make check).

I'm attaching the diff file, and a zip file containing the new
files.

cheers,

-Tej

-------------- next part --------------
? tests/README
? tests/testDSig-std.sh
? tests/testEnc-std.sh
? tests/testKeys-std.sh
? tests/keys/dsakey.der
? tests/keys/rsakey.der
? tests/merlin-xmldsig-twenty-three/certs/badb.der
? tests/merlin-xmldsig-twenty-three/certs/ca.der
? tests/merlin-xmldsig-twenty-three/certs/lugh.der
? tests/merlin-xmldsig-twenty-three/certs/macha.der
? tests/merlin-xmldsig-twenty-three/certs/merlin.der
? tests/merlin-xmldsig-twenty-three/certs/nemain.der
? tests/merlin-xmlenc-five/rsapriv.der
cvs server: Diffing .
Index: Makefile.am
===================================================================
RCS file: /cvs/gnome/xmlsec/Makefile.am,v
retrieving revision 1.36
diff -u -r1.36 Makefile.am
--- Makefile.am	9 Apr 2003 05:23:52 -0000	1.36
+++ Makefile.am	15 May 2003 05:09:59 -0000
@@ -50,6 +50,8 @@
 
 check: check-info check-km check-dsig check-enc
 
+check-std: check-info check-km-std check-dsig-std check-enc-std
+
 check-info:
 	@echo "-------------------------- ATTENTION -----------------------------------"
 	@echo "--- 1) Some of the following tests use resources located on external ---"
@@ -68,6 +70,15 @@
 
 check-enc: $(TEST_APP)
 	@$(SHELL) $(top_srcdir)/tests/testEnc.sh $(top_srcdir)/tests $(top_builddir)/$(TEST_APP)
+
+check-km-std: $(TEST_APP)
+	@$(SHELL) $(top_srcdir)/tests/testKeys-std.sh $(top_srcdir)/tests $(top_builddir)/$(TEST_APP)
+
+check-dsig-std: $(TEST_APP)
+	@$(SHELL) $(top_srcdir)/tests/testDSig-std.sh $(top_srcdir)/tests $(top_builddir)/$(TEST_APP)
+
+check-enc-std: $(TEST_APP)
+	@$(SHELL) $(top_srcdir)/tests/testEnc-std.sh $(top_srcdir)/tests $(top_builddir)/$(TEST_APP)
 
 memcheck-res:
 	@grep -i lost /tmp/*.log | sed 's/==.*== *//' | sort -u
cvs server: Diffing apps
Index: apps/crypto.c
===================================================================
RCS file: /cvs/gnome/xmlsec/apps/crypto.c,v
retrieving revision 1.20
diff -u -r1.20 crypto.c
--- apps/crypto.c	15 Apr 2003 03:35:46 -0000	1.20
+++ apps/crypto.c	15 May 2003 05:09:59 -0000
@@ -100,11 +100,11 @@
 #endif /* XMLSEC_NO_X509 */    
 }
 
-
-int 
-xmlSecAppCryptoSimpleKeysMngrPemKeyAndCertsLoad(xmlSecKeysMngrPtr mngr, 
+static int 
+xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(xmlSecKeysMngrPtr mngr, 
 					     const char* files, const char* pwd, 
-					     const char* name) {
+					     const char* name, 
+					     xmlSecKeyDataFormat format) {
     xmlSecKeyPtr key;
     int ret;
 
@@ -112,7 +112,7 @@
     xmlSecAssert2(files != NULL, -1);
 
     /* first is the key file */
-    key = xmlSecCryptoAppKeyLoad(files, xmlSecKeyDataFormatPem, pwd, NULL, NULL);
+    key = xmlSecCryptoAppKeyLoad(files, format, pwd, NULL, NULL);
     if(key == NULL) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    NULL,
@@ -139,7 +139,7 @@
 
 #ifndef XMLSEC_NO_X509     
     for(files += strlen(files) + 1; (files[0] != '\0'); files += strlen(files) + 1) {
-	ret = xmlSecCryptoAppKeyCertLoad(key, files, xmlSecKeyDataFormatPem);
+	ret = xmlSecCryptoAppKeyCertLoad(key, files, format);
 	if(ret < 0){
 	    xmlSecError(XMLSEC_ERRORS_HERE,
 			NULL,
@@ -175,6 +175,25 @@
     }
     
     return(0);
+}
+
+
+int 
+xmlSecAppCryptoSimpleKeysMngrPemKeyAndCertsLoad(xmlSecKeysMngrPtr mngr, 
+					     const char* files, const char* pwd, 
+					     const char* name) {
+
+    return xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(mngr, files, pwd, name, 
+							xmlSecKeyDataFormatPem);
+}
+
+int 
+xmlSecAppCryptoSimpleKeysMngrDerKeyAndCertsLoad(xmlSecKeysMngrPtr mngr, 
+					     const char* files, const char* pwd, 
+					     const char* name) {
+
+    return xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(mngr, files, pwd, name, 
+							xmlSecKeyDataFormatDer);
 }
 
 int 
Index: apps/crypto.h
===================================================================
RCS file: /cvs/gnome/xmlsec/apps/crypto.h,v
retrieving revision 1.13
diff -u -r1.13 crypto.h
--- apps/crypto.h	7 Apr 2003 21:03:15 -0000	1.13
+++ apps/crypto.h	15 May 2003 05:09:59 -0000
@@ -46,6 +46,10 @@
 								 const char *files, 
 								 const char* pwd, 
 								 const char* name);
+int 	xmlSecAppCryptoSimpleKeysMngrDerKeyAndCertsLoad		(xmlSecKeysMngrPtr mngr, 
+								 const char *files, 
+								 const char* pwd, 
+								 const char* name);
 int 	xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad		(xmlSecKeysMngrPtr mngr, 
 								 const char *filename, 
 								 const char* pwd, 
Index: apps/xmlsec.c
===================================================================
RCS file: /cvs/gnome/xmlsec/apps/xmlsec.c,v
retrieving revision 1.86
diff -u -r1.86 xmlsec.c
--- apps/xmlsec.c	5 May 2003 21:24:50 -0000	1.86
+++ apps/xmlsec.c	15 May 2003 05:10:00 -0000
@@ -243,6 +243,17 @@
     NULL
 };
 
+static xmlSecAppCmdLineParam privkeyDerParam = { 
+    xmlSecAppCmdLineTopicKeysMngr,
+    "--privkey-der",
+    NULL,
+    "--privkey-der[:<name>] <file>[,<cafile>[,<cafile>[...]]]"
+    "\n\tload private key from DER file and certificates"
+    "\n\tthat verify this key",
+    xmlSecAppCmdLineParamTypeStringList,
+    xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+    NULL
+};
 static xmlSecAppCmdLineParam pubkeyParam = { 
     xmlSecAppCmdLineTopicKeysMngr,
     "--pubkey",
@@ -254,6 +265,17 @@
     NULL
 };
 
+static xmlSecAppCmdLineParam pubkeyDerParam = { 
+    xmlSecAppCmdLineTopicKeysMngr,
+    "--pubkey-der",
+    NULL,
+    "--pubkey-der[:<name>] <file>"
+    "\n\tload public key from DER file",
+    xmlSecAppCmdLineParamTypeStringList,
+    xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+    NULL
+};
+
 #ifndef XMLSEC_NO_AES    
 static xmlSecAppCmdLineParam aeskeyParam = { 
     xmlSecAppCmdLineTopicKeysMngr,
@@ -655,7 +677,9 @@
     &genKeyParam,
     &keysFileParam,
     &privkeyParam,
+    &privkeyDerParam,
     &pubkeyParam,
+    &pubkeyDerParam,
 #ifndef XMLSEC_NO_AES    
     &aeskeyParam,
 #endif  /* XMLSEC_NO_AES */    
@@ -1898,6 +1922,21 @@
 	}
     }
 
+    for(value = privkeyDerParam.value; value != NULL; value = value->next) {
+	if(value->strValue == NULL) {
+	    fprintf(stderr, "Error: invalid value for option \"%s\".\n", 
+		    privkeyDerParam.fullName);
+	    return(-1);
+	} else if(xmlSecAppCryptoSimpleKeysMngrDerKeyAndCertsLoad(gKeysMngr, 
+		    value->strListValue, 
+		    xmlSecAppCmdLineParamGetString(&pwdParam),
+		    value->paramNameValue) < 0) {
+	    fprintf(stderr, "Error: failed to load private key from \"%s\".\n", 
+		    value->strListValue);
+	    return(-1);
+	}
+    }
+
     /* read all public keys */
     for(value = pubkeyParam.value; value != NULL; value = value->next) {
 	if(value->strValue == NULL) {
@@ -1905,6 +1944,21 @@
 		    pubkeyParam.fullName);
 	    return(-1);
 	} else if(xmlSecAppCryptoSimpleKeysMngrPemKeyAndCertsLoad(gKeysMngr, 
+		    value->strListValue, 
+		    xmlSecAppCmdLineParamGetString(&pwdParam),
+		    value->paramNameValue) < 0) {
+	    fprintf(stderr, "Error: failed to load public key from \"%s\".\n", 
+		    value->strListValue);
+	    return(-1);
+	}
+    }
+
+    for(value = pubkeyDerParam.value; value != NULL; value = value->next) {
+	if(value->strValue == NULL) {
+	    fprintf(stderr, "Error: invalid value for option \"%s\".\n", 
+		    pubkeyDerParam.fullName);
+	    return(-1);
+	} else if(xmlSecAppCryptoSimpleKeysMngrDerKeyAndCertsLoad(gKeysMngr, 
 		    value->strListValue, 
 		    xmlSecAppCmdLineParamGetString(&pwdParam),
 		    value->paramNameValue) < 0) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: newfiles.tar.gz.tar
Type: application/x-tar
Size: 7565 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20030514/c1dd61b2/newfiles.tar.gz.tar


More information about the xmlsec mailing list