| # Copyright 2002-2004 The Apache Software Foundation. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # All these setting come from the configure script |
| # We use configure to do most of the hard work as it is more |
| # designed to handle different system complexity than make |
| # |
| |
| # A perl based test script for running all the interop examples |
| |
| # There can be a number of failures. |
| # |
| # 1. the file http://xmldsig.pothole.com/xml-stylesheet.txt no |
| # longer exists. I have it on a test http server to make these |
| # tests work. |
| # 2. If you are not online to the Internet, the checks for documents |
| # at www.w3.org will also fail. |
| |
| require 5.000; |
| use strict; |
| |
| # Counters |
| |
| my $dsig_failure_count = 0; |
| my $dsig_pass_count = 0; |
| my $dsig_skipped_count = 0; |
| |
| my $xenc_failure_count = 0; |
| my $xenc_pass_count = 0; |
| my $xenc_skipped_count = 0; |
| |
| my $failure_count = 0; |
| my $pass_count = 0; |
| |
| my $total_dsig_count = 0; |
| my $total_xenc_count = 0; |
| |
| # Checksig setup |
| my $checksig_args = "-x"; |
| |
| # Program setup |
| |
| my $checksig; |
| my $cipher; |
| |
| my $checksig_vc8 = "../Build/Win32/VC8/Debug/checksig.exe"; |
| my $cipher_vc8 = "../Build/Win32/VC8/Debug/cipher.exe"; |
| |
| my $checksig_vc7 = "../Build/Win32/VC7/Debug/checksig.exe"; |
| my $cipher_vc7 = "../Build/Win32/VC7/Debug/cipher.exe"; |
| |
| my $checksig_release = "../Build/Win32/VC6/Release/checksig.exe"; |
| my $cipher_release = "../Build/Win32/VC6/Release/cipher.exe"; |
| |
| my $checksig_vc7release = "../Build/Win32/VC7/Release/checksig.exe"; |
| my $cipher_vc7release = "../Build/Win32/VC7/Release/cipher.exe"; |
| |
| my $checksig_vc8release = "../Build/Win32/VC8/Release/checksig.exe"; |
| my $cipher_vc8release = "../Build/Win32/VC8/Release/cipher.exe"; |
| |
| if ($^O =~ m/Win/) { |
| $checksig = "../Build/Win32/VC6/Debug/checksig.exe"; |
| $cipher = "../Build/Win32/VC6/Debug/cipher.exe"; |
| } |
| else { |
| $checksig = ".libs/checksig"; |
| $cipher = ".libs/cipher"; |
| } |
| |
| # Directory setup |
| my $data_dir = "../../xml-security-java/src/test/resources"; |
| |
| # Digital Signature Tests |
| |
| my $dsig_file = 0; |
| my $dsig_args = 1; |
| # Does this test require Xalan (y/n) |
| my $dsig_flag_xalan = 2; |
| # Does this test require pothole.com (y/n) |
| my $dsig_flag_pothole = 3; |
| |
| # What components do we have available? |
| my $have_pothole = 1; |
| my $have_xalan = 1; |
| my $have_aes = 1; |
| |
| # What kind of test results should we expect? |
| # Without xalan, 13 tests will fail |
| my $no_xalan_failures = 13; |
| my $expected_failures = 0; |
| |
| # What tests should we run? |
| |
| my $doenc = 1; |
| my $dosig = 1; |
| |
| # The following array defines how checksig will be called to validate the sig |
| # |
| # The fields are: |
| # Filename = the file that contains the signature. Relative to the data dir |
| # Flags = additional flags to pass to checksig |
| # Requires Xalan = y/n - if y only run if Xalan available |
| # Requires pothole = y/n - if y only run if pothole site available |
| |
| my @dsig_array=( |
| |
| "at/iaik/ixsil/coreFeatures/signatures/anonymousReferenceSignature.xml,-a,n,n", |
| "at/iaik/ixsil/coreFeatures/signatures/manifestSignature.xml,,n,n", |
| |
| # will fail if no network |
| |
| "at/iaik/ixsil/coreFeatures/signatures/signatureTypesSignature.xml,,y,n", |
| "at/iaik/ixsil/signatureAlgorithms/signatures/dSASignature.xml,,n,n", |
| "at/iaik/ixsil/signatureAlgorithms/signatures/hMACShortSignature.xml,-h secret,n,n", |
| "at/iaik/ixsil/signatureAlgorithms/signatures/hMACSignature.xml,-h secret,n,n", |
| "at/iaik/ixsil/signatureAlgorithms/signatures/rSASignature.xml,,n,n", |
| |
| "at/iaik/ixsil/transforms/signatures/base64DecodeSignature.xml,,n,n", |
| "at/iaik/ixsil/transforms/signatures/c14nSignature.xml,,n,n", |
| "at/iaik/ixsil/transforms/signatures/envelopedSignatureSignature.xml,,n,n", |
| "at/iaik/ixsil/transforms/signatures/xPathSignature.xml,,y,n", |
| |
| |
| |
| "com/rsasecurity/bdournaee/certj201_enveloped.xml,,n,n", |
| "com/rsasecurity/bdournaee/certj201_enveloping.xml,,n,n", |
| "ie/baltimore/merlin-examples/ec-merlin-iaikTests-two/signature.xml,,y,n", |
| "ie/baltimore/merlin-examples/merlin-exc-c14n-one/exc-signature.xml,,n,n", |
| |
| "ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-keyname.xml,-i,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-retrievalmethod-rawx509crt.xml,-i,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt-crl.xml,-i,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt.xml,,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-is.xml,-i,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-ski.xml,-i,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-sn.xml,-i,n,n", |
| |
| |
| |
| "ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloped-dsa.xml,,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-b64-dsa.xml,,y,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-dsa.xml,,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1-40.xml,-h secret,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1.xml,-h secret,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-rsa.xml,,n,n", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-b64-dsa.xml,,n,y", |
| "ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-dsa.xml,,n,n", |
| |
| # These two are removed, as this is a pre-release syntax that the library |
| # does not understand |
| |
| # testSig $data_dir/ie/baltimore/merlin-examples/merlin-xmldsig-filter2-one/sign-xfdl.xml |
| # testSig $data_dir/ie/baltimore/merlin-examples/merlin-xmldsig-filter2-one/signature.xml |
| |
| "ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/signature.xml,,y,y", |
| "interop/c14n/Y1/exc-signature.xml,,n,n", |
| |
| # MD5 now implemented |
| |
| "interop/c14n/Y2/signature-joseph-exc.xml,,y,n", |
| "interop/c14n/Y3/signature.xml,,y,n", |
| "interop/c14n/Y4/signature.xml,,y,n", |
| "interop/c14n/Y5/signature.xml,,y,n", |
| "interop/c14n/Y5/signatureCommented.xml,,y,n", |
| |
| # XPath Filter |
| |
| "interop/xfilter2/merlin-xpath-filter2-three/sign-spec.xml,,y,n", |
| "interop/xfilter2/merlin-xpath-filter2-three/sign-xfdl.xml,,y,n", |
| |
| # Extra unit tests provided for bug reports |
| |
| "org/apache/xml/security/testcases/SAML2ArtifactResponse.xml,--id ID,n,n", |
| |
| ); |
| |
| # XML Encryption Tests |
| |
| my $xenc_result = 0; |
| my $xenc_file = 1; |
| my $xenc_args = 2; |
| my $xenc_flag_xalan = 3; |
| my $xenc_flag_aes = 4; |
| |
| my @xenc_array=( |
| #bad-encrypt-content-aes128-cbc-kw-aes192.xml |
| #decryption-transform-except.xml |
| #decryption-transform.xml |
| "<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml,-i -de,n,y", |
| "<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml,-i -de,n,y", |
| "<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml,-i -de,n,n", |
| |
| "top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes128-cbc.xml,-i,n,y", |
| "top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.xml,-i,n,y", |
| "top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.xml,-i,n,y", |
| "top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml,-i,n,n", |
| |
| # NOT Supported as of V1.2 (OpenSSL 0.9.8 supports SHA256 digest, not OAEP) |
| #"top secret message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml,-i,n,n", |
| |
| "<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml,-i -de,n,y", |
| |
| # CipherRef now supported |
| |
| "<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml,-i -de,y,y", |
| |
| "<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml,-i -de,n,y", |
| "<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.xml,-i -de,n,y", |
| "<Number>1234 567890 12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml,-i -de,n,y", |
| |
| |
| # Unsupported Key-wraps |
| #encrypt-content-aes192-cbc-dh-sha512.xml |
| #encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml |
| |
| # Don't yet support encrypted keysin signatures (or SHA-2/Ripemd) |
| |
| #encsig-hmac-sha256-dh.xml |
| #encsig-hmac-sha256-kw-tripledes-dh.xml |
| #encsig-hmac-sha256-rsa-1_5.xml |
| #encsig-hmac-sha256-rsa-oaep-mgf1p.xml |
| #encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml |
| #encsig-sha256-hmac-sha256-kw-aes128.xml |
| #encsig-sha384-hmac-sha384-kw-aes192.xml |
| #encsig-sha512-hmac-sha512-kw-aes256.xml |
| |
| # Don't yet check for bad encryption |
| |
| #bad-encrypt-content-aes128-cbc-kw-aes192.xml |
| |
| # Don't yet support signature decryption transforms |
| |
| #decryption-transform-except.xml |
| #decryption-transform.xml |
| |
| # PHAOS interop tests. Commented out tests are currently |
| # not supported |
| # bad-alg-enc-element-aes128-kw-3des.xml |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-3des-kw-aes192.xml,-i -de,n,y", |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes128-kw-3des.xml,-i -de,n,y", |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes192-kw-aes256.xml,-i -de,n,y", |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.xml,-i -de,n,y", |
| # enc-element-3des-ka-dh.xml |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.xml,-i -de,n,n", |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.xml,-i -de,n,n", |
| # enc-element-3des-kt-rsa_oaep_sha256.xml |
| # enc-element-3des-kt-rsa_oaep_sha512.xml |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kw-3des.xml,-i -de,n,n", |
| # enc-element-aes128-ka-dh.xml |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.xml,-i -de,n,y", |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.xml,-i -de,n,y", |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kw-aes128.xml,-i -de,n,y", |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kw-aes256.xml,-i -de,n,y", |
| # enc-element-aes192-ka-dh.xml |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.xml,-i -de,n,y", |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes192-kw-aes192.xml,-i -de,n,y", |
| # enc-element-aes256-ka-dh.xml |
| "<Number>4019 2445 0277 5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes256-kw-aes256.xml,-i -de,n,y", |
| "4019 2445 0277 5567,com/phaos/phaos-xmlenc-3/enc-text-3des-kw-aes256.xml,-i,n,y", |
| "4019 2445 0277 5567,com/phaos/phaos-xmlenc-3/enc-text-aes128-kw-aes192.xml,-i,n,y", |
| "4019 2445 0277 5567,com/phaos/phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.xml,-i,n,y", |
| "4019 2445 0277 5567,com/phaos/phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.xml,-i,n,y" |
| |
| ); |
| |
| sub print_args { |
| |
| print STDERR "\nUsage: basicTests.pl [--noxalan] [--nopothole] [--noaes] [--vc8] [--vc8release] [--vc7] [--vc7release] [--vc6release] [--nosig] --[noenc]\n\n"; |
| exit(1); |
| |
| } |
| |
| # Process command line options |
| |
| foreach (@ARGV) { |
| |
| SWITCH: { |
| if (/^--noxalan$/ || /^-x$/) {$have_xalan = 0; last SWITCH;} |
| if (/^--nopothole$/ || /^-p$/) {$have_pothole = 0; last SWITCH;} |
| if (/^--noaes$/ || /^-a$/) {$have_aes = 0; last SWITCH;} |
| if (/^--vc8$/) {$checksig = $checksig_vc8 ; $cipher = $cipher_vc8; last SWITCH;} |
| if (/^--vc8release$/) {$checksig = $checksig_vc8release ; $cipher = $cipher_vc8release; last SWITCH;} |
| if (/^--vc7$/) {$checksig = $checksig_vc7 ; $cipher = $cipher_vc7; last SWITCH;} |
| if (/^--vc7release$/) {$checksig = $checksig_vc7release ; $cipher = $cipher_vc7release; last SWITCH;} |
| if (/^--vc6release$/) {$checksig = $checksig_release ; $cipher = $cipher_release; last SWITCH;} |
| if (/^--nosig$/) {$dosig = 0; last SWITCH;} |
| if (/^--noenc$/) {$doenc = 0; last SWITCH;} |
| print STDERR "Unknown command : " . $_ . "\n\n"; |
| print_args(); |
| } |
| } |
| |
| # Run the signature tests |
| |
| if ($dosig) { |
| |
| print "\n\n"; |
| print "Running XML Digital Signature Interop Tests\n"; |
| print "-------------------------------------------\n\n"; |
| |
| foreach (@dsig_array) { |
| |
| $total_dsig_count++; |
| |
| my @fields = split(/\,/, $_); |
| my $file_name = $fields[$dsig_file]; |
| my $args = $fields[$dsig_args]; |
| my $xalan_flag = $fields[$dsig_flag_xalan]; |
| my $pothole_flag = $fields[$dsig_flag_pothole]; |
| |
| if ((($xalan_flag eq "n") | $have_xalan) & (($pothole_flag eq 'n') || $have_pothole)) { |
| |
| my $result = `$checksig $checksig_args $args $data_dir/$file_name`; |
| |
| if ($? == 0) { |
| print "$file_name OK\n"; |
| $dsig_pass_count++; |
| } |
| else { |
| print "\nFAILURE\n"; |
| print "---------\n"; |
| print "\n$file_name failed. \n\nMessage was \n\n$result\n\n"; |
| print "---------\n\n"; |
| $dsig_failure_count++; |
| } |
| } else { |
| |
| print "$file_name SKIPPED\n"; |
| $dsig_skipped_count++; |
| |
| } |
| |
| }; |
| |
| print "\n\n"; |
| print "DSIG Tests complete\n\n"; |
| print "Total Tests = $total_dsig_count\n"; |
| print "Number Passed = $dsig_pass_count\n"; |
| print "Number Skipped = $dsig_skipped_count\n"; |
| print "Number Failed = $dsig_failure_count\n\n"; |
| print "-------------------------------------------\n\n"; |
| } |
| |
| # Now run the encryption tests |
| |
| if ($doenc) { |
| |
| print "\n\n"; |
| print "Running XML Encryption Interop Tests\n"; |
| print "------------------------------------\n\n"; |
| |
| foreach (@xenc_array) { |
| |
| $total_xenc_count++; |
| |
| my @fields = split(/\s*,\s*/, $_); |
| my $expected_result = $fields[$xenc_result]; |
| my $file_name = $fields[$xenc_file]; |
| my $args = $fields[$xenc_args]; |
| my $xalan_flag = $fields[$xenc_flag_xalan]; |
| my $aes_flag = $fields[$xenc_flag_aes]; |
| |
| if ((($xalan_flag eq "n") | $have_xalan) & (($aes_flag eq "n") | $have_aes)) { |
| |
| my $result = `$cipher $args $data_dir/$file_name`; |
| |
| if ($? == 0 && $result =~ /$expected_result/) { |
| print "$file_name OK\n"; |
| $xenc_pass_count++; |
| } |
| else { |
| print "\nFAILURE\n"; |
| print "---------\n"; |
| print "\n$file_name failed. \n\nOutput was \n\n$result\n\n"; |
| print "---------\n\n"; |
| $xenc_failure_count++; |
| } |
| } else { |
| |
| print "$file_name SKIPPED\n"; |
| $xenc_skipped_count++; |
| } |
| |
| }; |
| |
| print "\n\n"; |
| print "XENC Tests complete\n\n"; |
| print "Total Tests = $total_xenc_count\n"; |
| print "Number Passed = $xenc_pass_count\n"; |
| print "Number Skipped = $xenc_skipped_count\n"; |
| print "Number Failed = $xenc_failure_count\n\n"; |
| } |
| |
| # Now the totals |
| |
| my $total_count = $total_dsig_count + $total_xenc_count; |
| my $total_passed = $dsig_pass_count + $xenc_pass_count; |
| my $total_failed = $dsig_failure_count + $xenc_failure_count; |
| my $total_skipped = $dsig_skipped_count + $xenc_skipped_count; |
| |
| print "All tests complete.\n\n"; |
| print "Total Tests = $total_count\n"; |
| print "Total Passed = $total_passed\n"; |
| print "Total Skipped = $total_skipped\n"; |
| print "Total Failed = $total_failed\n\n"; |
| |
| # Now calculate error code |
| exit ($total_failed); |
| |
| |