added tests for encryption functional

bgaifullin · bgaifullin · commit fa6c66af8fff · 2015-03-07T04:47:46.000+03:00
diff --git a/src/xmlsec/constants.pxd b/src/xmlsec/constants.pxd
@@ -24,8 +24,21 @@ cdef extern from "xmlsec.h":  # xmlsec/strings.h
     const_xmlChar* xmlSecNodeObject
     const_xmlChar* xmlSecNodeManifest
     const_xmlChar* xmlSecNodeSignatureProperties
+
+    # Encypted nodes
     const_xmlChar* xmlSecNodeEncryptedData
     const_xmlChar* xmlSecNodeEncryptedKey
+    const_xmlChar* xmlSecNodeEncryptionMethod
+    const_xmlChar* xmlSecNodeEncryptionProperties
+    const_xmlChar* xmlSecNodeEncryptionProperty
+    const_xmlChar* xmlSecNodeCipherData
+    const_xmlChar* xmlSecNodeCipherValue
+    const_xmlChar* xmlSecNodeCipherReference
+    const_xmlChar* xmlSecNodeReferenceList
+    const_xmlChar* xmlSecNodeDataReference
+    const_xmlChar* xmlSecNodeKeyReference
+    const_xmlChar* xmlSecNodeKeyInfo
+
 
     # encryption types
     const_xmlChar* xmlSecTypeEncContent
diff --git a/src/xmlsec/constants.pyx b/src/xmlsec/constants.pyx
@@ -44,6 +44,16 @@ class Node:
     SIGNATURE_PROPERTIES = _u(xmlSecNodeSignatureProperties)
     ENCRYPTED_DATA = _u(xmlSecNodeEncryptedData)
     ENCRYPTED_KEY = _u(xmlSecNodeEncryptedKey)
+    ENCRYPTION_METHOD = _u(xmlSecNodeEncryptionMethod)
+    ENCRYPTION_PROPERTIES = _u(xmlSecNodeEncryptionProperties)
+    ENCRYPTION_PROPERTY = _u(xmlSecNodeEncryptionProperty)
+    CIPHER_DATA = _u(xmlSecNodeCipherData)
+    CIPHER_VALUE = _u(xmlSecNodeCipherValue)
+    CIPHER_REFERENCE = _u(xmlSecNodeCipherReference)
+    REFERENCE_LIST = _u(xmlSecNodeReferenceList)
+    DATA_REFERENCE = _u(xmlSecNodeDataReference)
+    KEY_REFERENCE = _u(xmlSecNodeKeyReference)
+    KEY_INFO = _u(xmlSecNodeKeyInfo)
 
 
 cdef class _Transform:
diff --git a/src/xmlsec/enc.pyx b/src/xmlsec/enc.pyx
@@ -45,15 +45,11 @@ cdef class EncryptionContext:
         cdef xmlSecEncCtxPtr handle = xmlSecEncCtxCreate(_manager)
         if handle == NULL:
             raise InternalError("failed to create encryption context")
-        if xmlSecEncCtxInitialize(handle, _manager) < 0:
-            xmlSecEncCtxDestroy(handle)
-            raise InternalError("failed to init encryption context")
 
         self._handle = handle
 
     def __dealloc__(self):
         if self._handle != NULL:
-            xmlSecEncCtxFinalize(self._handle)
             xmlSecEncCtxDestroy(self._handle)
 
     property key:
@@ -77,13 +73,10 @@ cdef class EncryptionContext:
         Note: *template* is modified in place.
         """
         cdef int rv
-        cdef size_t c_size
-        cdef const_xmlSecByte* c_data
 
         # Data to bytes
-        text = _b(data)
-        c_data = <const_xmlSecByte*>text
-        c_size = len(text)
+        cdef const_xmlSecByte* c_data = <const_xmlSecByte*>data
+        cdef size_t c_size = len(data)
 
         with nogil:
             rv = xmlSecEncCtxBinaryEncrypt(self._handle, template._c_node, c_data, c_size)
diff --git a/src/xmlsec/template.pyx b/src/xmlsec/template.pyx
@@ -5,7 +5,7 @@ from lxml.includes.etreepublic cimport import_lxml__etree
 import_lxml__etree()
 
 from lxml.includes.etreepublic cimport _Element, elementFactory
-from lxml.includes.tree cimport const_xmlChar, xmlNode
+from lxml.includes.tree cimport const_xmlChar, xmlNode, xmlStrdup
 from .constants cimport _Transform
 from .utils cimport *
 from .template cimport *
@@ -111,9 +111,10 @@ def encrypted_data_create(_Element node not None,
                           id=None,
                           type=None,
                           mime_type=None,
-                          encoding=None):
+                          encoding=None,
+                          ns=None):
     """
-    Creates new <enc:EncryptedData /> node for encryption template.
+    Creates new <{ns}:EncryptedData /> node for encryption template.
     """
     cdef xmlNode* c_node
     cdef const_xmlChar* c_id = _b(id)
@@ -124,14 +125,22 @@ def encrypted_data_create(_Element node not None,
     c_node = xmlSecTmplEncDataCreate(
         node._doc._c_doc, method.target, c_id, c_type, c_mtype, c_encoding)
 
+    if ns is not None:
+        c_node.ns.prefix = xmlStrdup(_b(ns))
     return elementFactory(node._doc, c_node)
 
 
-def encrypted_data_ensure_key_info(_Element node not None, id=None):
+def encrypted_data_ensure_key_info(_Element node not None, id=None, ns=None):
+    """
+        Adds <{ns}:KeyInfo/> to the <enc:EncryptedData/> node encNode.
+    """
+
     cdef xmlNode* c_node
     cdef const_xmlChar* c_id = _b(id)
 
     c_node = xmlSecTmplEncDataEnsureKeyInfo(node._c_node, c_id)
+    if ns is not None:
+        c_node.ns.prefix = xmlStrdup(_b(ns))
 
     return elementFactory(node._doc, c_node)
 
diff --git a/tests/examples/base.py b/tests/examples/base.py
@@ -1,9 +1,21 @@
 from os import path
-import xmlsec
 from lxml import etree
 
 BASE_DIR = path.dirname(__file__)
 
 
 def parse_xml(name):
     return etree.parse(path.join(BASE_DIR, name)).getroot()
+
+
+def compare(name, result):
+    # Parse the expected file.
+    xml = parse_xml(name)
+
+    # Stringify the root, <Envelope/> nodes of the two documents.
+    expected_text = etree.tostring(xml, pretty_print=False)
+    result_text = etree.tostring(result, pretty_print=False)
+
+    # Compare the results.
+    assert expected_text == result_text
+
diff --git a/tests/examples/enc1-doc.xml b/tests/examples/enc1-doc.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Original XML doc file for enc example.
+-->
+<Envelope>
+<Data>Hello, World!</Data>
+</Envelope>
diff --git a/tests/examples/enc1-res.xml b/tests/examples/enc1-res.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope>
+<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<xenc:EncryptedKey>
+<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+<xenc:CipherData>
+<xenc:CipherValue>UrTgE0UxQa8xevs4SyRA0rsibEz/ZFDjCBD+t4pKSdajB/cefYObZzqq2l41Q6R/
+tqYLht5hEBh26AHfjmQSJAL+eChXOt/EaOf63zzJedO90HGqIQyzOeOPURAl3Li8
+ivPyLVyocJDeVNeh7W+7kYwpFQ6PLuQxWsFFQXVoRAWbXHpZkSzVheR+5RpYJRTb
+1UYXKxu8jg4NqbjucVMDIxUOzsVCDRyk8R8sQrM7D/H/N0y7DAY8oX/WZ45xLwUy
+DY/U86tTpTn95NwHD10SLyrL6rpXdbEuoIQHhWLwV9uQxnJA/Pn1KZ+xXK/fePfP
+26PBo/hUrN5pm5U8ycc4iw==</xenc:CipherValue>
+</xenc:CipherData>
+</xenc:EncryptedKey>
+</dsig:KeyInfo>
+<xenc:CipherData>
+<xenc:CipherValue>2pb5Mxd0f+AW56Cs3MfQ9HJkUVeliSi1hVCNCVHTKeMyC2VL6lPhQ9+L01aSeTSY</xenc:CipherValue>
+</xenc:CipherData>
+</xenc:EncryptedData>
+</Envelope>
diff --git a/tests/examples/enc2-res.xml b/tests/examples/enc2-res.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope>
+<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content" MimeType="binary/octet-stream">
+<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<xenc:EncryptedKey>
+<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+<xenc:CipherData>
+<xenc:CipherValue>HJwrfL7kOIB0QaldMJdza1HitpLCjw+eoult1C6yExDXJ09zKaSQER+pUL9Vt5fm
+d4Oitsf0CUNkjG1xWJdFsftqUIuvYGnkUNhT0vtqoYbdhJkCcB9cCwvTrww2+VTF
+NIasTdechlSD1qQOR8uf6+S94Ae4PVSfWU+5YLTJFpMjR+OT7f6BSbYNv1By6Cko
+G39WTSKTRcVDzcMxRepAGb59r508yKIJhwabCf3Opu+Ams7ia7BH4oa4ro9YSWwm
+hAJ0CN4a6b5odcRbNvuHcwWSxpoysWKbOROQ0H4xC4nGZeL/AXlpSc8eNuNG+g6D
+CTBwsOXCAEJYXPkTrnB3qQ==</xenc:CipherValue>
+</xenc:CipherData>
+</xenc:EncryptedKey>
+</dsig:KeyInfo>
+<xenc:CipherData>
+<xenc:CipherValue>4m5BRKEswOe8JISY7NrPGLBYv7Ay5pBV+nG6it51gz0=</xenc:CipherValue>
+</xenc:CipherData>
+</xenc:EncryptedData>
+</Envelope>
diff --git a/tests/examples/test_decrypt.py b/tests/examples/test_decrypt.py
@@ -0,0 +1,37 @@
+from os import path
+import xmlsec
+from .base import parse_xml, BASE_DIR, compare
+
+
+def test_decrypt1():
+    manager = xmlsec.KeysManager()
+    filename = path.join(BASE_DIR, 'rsakey.pem')
+    key = xmlsec.Key.from_memory(open(filename, 'rb').read(), xmlsec.KeyFormat.PEM, None)
+    assert key is not None
+    manager.add_key(key)
+
+    enc_ctx = xmlsec.EncryptionContext(manager)
+
+    root = parse_xml("enc1-res.xml")
+    enc_data = xmlsec.tree.find_child(root, "EncryptedData", xmlsec.Namespace.ENC)
+    assert enc_data is not None
+    decrypted = enc_ctx.decrypt(enc_data)
+    assert decrypted.tag == "Data"
+
+    compare("enc1-doc.xml", root)
+
+
+def test_decrypt2():
+    manager = xmlsec.KeysManager()
+    filename = path.join(BASE_DIR, 'rsakey.pem')
+    key = xmlsec.Key.from_memory(open(filename, 'rb').read(), xmlsec.KeyFormat.PEM, None)
+    assert key is not None
+    manager.add_key(key)
+
+    enc_ctx = xmlsec.EncryptionContext(manager)
+
+    root = parse_xml("enc2-res.xml")
+    enc_data = xmlsec.tree.find_child(root, xmlsec.constants.Node.ENCRYPTED_DATA, xmlsec.Namespace.ENC)
+    assert enc_data is not None
+    decrypted = enc_ctx.decrypt(enc_data)
+    assert decrypted.text == "\ntest\n"
diff --git a/tests/examples/test_encrypt.py b/tests/examples/test_encrypt.py
@@ -0,0 +1,80 @@
+from os import path
+import xmlsec
+from .base import parse_xml, BASE_DIR
+from lxml import etree
+
+
+def test_encrypt_xml():
+    # Load the public cert
+    manager = xmlsec.KeysManager()
+    filename = path.join(BASE_DIR, 'rsacert.pem')
+    key = xmlsec.Key.from_memory(open(filename, 'rb').read(), xmlsec.KeyFormat.CERT_PEM, None)
+    assert key is not None
+    manager.add_key(key)
+    template = parse_xml('enc1-doc.xml')
+    assert template is not None
+    # Prepare for encryption
+    enc_data = xmlsec.template.encrypted_data_create(
+        template, xmlsec.Transform.AES128, type=xmlsec.EncryptionType.ELEMENT, ns="xenc")
+
+    xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
+    key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
+    enc_key = xmlsec.template.add_encrypted_key(key_info, xmlsec.Transform.RSA_OAEP)
+    xmlsec.template.encrypted_data_ensure_cipher_value(enc_key)
+
+    data = template.find('./Data')
+
+    assert data is not None
+    # Encrypt!
+    enc_ctx = xmlsec.EncryptionContext(manager)
+    enc_ctx.key = xmlsec.Key.generate(xmlsec.KeyData.AES, 128, xmlsec.KeyDataType.SESSION)
+    enc_data = enc_ctx.encrypt_xml(enc_data, data)
+    assert enc_data is not None
+    enc_method = xmlsec.tree.find_child(enc_data, xmlsec.Node.ENCRYPTION_METHOD, xmlsec.Namespace.ENC)
+    assert enc_method is not None
+    assert enc_method.get("Algorithm") == "http://www.w3.org/2001/04/xmlenc#aes128-cbc"
+    key_info = xmlsec.tree.find_child(enc_data, xmlsec.Node.KEY_INFO, xmlsec.Namespace.DS)
+    assert key_info is not None
+    enc_method = xmlsec.tree.find_node(key_info, xmlsec.Node.ENCRYPTION_METHOD, xmlsec.Namespace.ENC)
+    assert enc_method is not None
+    assert enc_method.get("Algorithm") == "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
+    cipher_value = xmlsec.tree.find_node(key_info, xmlsec.Node.CIPHER_VALUE, xmlsec.Namespace.ENC)
+    assert cipher_value is not None
+
+
+def test_encrypt_binary():
+    # Load the public cert
+    manager = xmlsec.KeysManager()
+    filename = path.join(BASE_DIR, 'rsacert.pem')
+    key = xmlsec.Key.from_memory(open(filename, 'rb').read(), xmlsec.KeyFormat.CERT_PEM, None)
+    assert key is not None
+    manager.add_key(key)
+    template = etree.Element("root")
+    assert template is not None
+    # Prepare for encryption
+    enc_data = xmlsec.template.encrypted_data_create(
+        template, xmlsec.Transform.AES128, type=xmlsec.EncryptionType.CONTENT, ns="xenc",
+        mime_type="binary/octet-stream")
+
+    xmlsec.template.encrypted_data_ensure_cipher_value(enc_data)
+    key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig")
+    enc_key = xmlsec.template.add_encrypted_key(key_info, xmlsec.Transform.RSA_OAEP)
+    xmlsec.template.encrypted_data_ensure_cipher_value(enc_key)
+
+    # Encrypt!
+    enc_ctx = xmlsec.EncryptionContext(manager)
+    enc_ctx.key = xmlsec.Key.generate(xmlsec.KeyData.AES, 128, xmlsec.KeyDataType.SESSION)
+    enc_data = enc_ctx.encrypt_binary(enc_data, b'test')
+    assert enc_data is not None
+    assert enc_data.tag == "{%s}%s" % (xmlsec.Namespace.ENC, xmlsec.Node.ENCRYPTED_DATA)
+    print(xmlsec.Node.ENCRYPTION_METHOD)
+    enc_method = xmlsec.tree.find_child(enc_data, xmlsec.Node.ENCRYPTION_METHOD, xmlsec.Namespace.ENC)
+    assert enc_method is not None
+    assert enc_method.get("Algorithm") == "http://www.w3.org/2001/04/xmlenc#aes128-cbc"
+    key_info = xmlsec.tree.find_child(enc_data, xmlsec.Node.KEY_INFO, xmlsec.Namespace.DS)
+    assert key_info is not None
+    enc_method = xmlsec.tree.find_node(key_info, xmlsec.Node.ENCRYPTION_METHOD, xmlsec.Namespace.ENC)
+    assert enc_method is not None
+    assert enc_method.get("Algorithm") == "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
+    cipher_value = xmlsec.tree.find_node(key_info, xmlsec.Node.CIPHER_VALUE, xmlsec.Namespace.ENC)
+    assert cipher_value is not None
diff --git a/tests/examples/test_sign.py b/tests/examples/test_sign.py
@@ -1,19 +1,6 @@
 from os import path
 import xmlsec
-from lxml import etree
-from .base import parse_xml, BASE_DIR
-
-
-def compare(name, result):
-    # Parse the expected file.
-    xml = parse_xml(name)
-
-    # Stringify the root, <Envelope/> nodes of the two documents.
-    expected_text = etree.tostring(xml)
-    result_text = etree.tostring(result)
-
-    # Compare the results.
-    assert expected_text == result_text
+from .base import parse_xml, compare, BASE_DIR
 
 
 def test_sign_template_pem():
@@ -169,3 +156,23 @@ def test_sign_generated_template_pem_with_x509():
 
     # Assert the contents of the XML document against the expected result.
     compare('sign3-res.xml', template)
+
+
+def test_sign_binary():
+    ctx = xmlsec.SignatureContext()
+    filename = path.join(BASE_DIR, 'rsakey.pem')
+    key = xmlsec.Key.from_file(filename, xmlsec.KeyFormat.PEM)
+    assert key is not None
+
+    key.name = path.basename(filename)
+
+    # Set the key on the context.
+    ctx.key = key
+
+    assert ctx.key is not None
+    assert ctx.key.name == path.basename(filename)
+
+    data = b'\xa8f4dP\x82\x02\xd3\xf5.\x02\xc1\x03\xef\xc4\x86\xabC\xec\xb7>\x8e\x1f\xa3\xa3\xc5\xb9qc\xc2\x81\xb1-\xa4B\xdf\x03>\xba\xd1'
+    expected_sign = b"h\xcb\xb1\x82\xfa`e\x89x\xe5\xc5ir\xd6\xd1Q\x9a\x0b\xeaU_G\xcc'\xa4c\xa3>\x9b27\xbf^`\xa7p\xfb\x98\xcb\x81\xd2\xb1\x0c'\x9d\xe2\n\xec\xb2<\xcf@\x98=\xe0}O8}fy\xc2\xc4\xe9\xec\x87\xf6\xc1\xde\xfd\x96*o\xab\xae\x12\xc9{\xcc\x0e\x93y\x9a\x16\x80o\x92\xeb\x02^h|\xa0\x9b<\x99_\x97\xcb\xe27\xe9u\xc3\xfa_\xcct/sTb\xa0\t\xd3\x93'\xb4\xa4\x0ez\xcbL\x14D\xdb\xe3\x84\x886\xe9J[\xe7\xce\xc0\xb1\x99\x07\x17{\xc6:\xff\x1dt\xfd\xab^2\xf7\x9e\xa4\xccT\x8e~b\xdb\x9a\x04\x04\xbaM\xfa\xbd\xec)z\xbb\x89\xd7\xb2Q\xac\xaf\x13\xdcD\xcd\n6\x92\xfao\xb9\xd9\x96$\xce\xa6\xcf\xf8\xe4Bb60\xf5\xd2a\xb1o\x8c\x0f\x8bl\x88vh\xb5h\xfa\xfa\xb66\xedQ\x10\xc4\xef\xfa\x81\xf0\xc9.^\x98\x1ePQS\x9e\xafAy\x90\xe4\x95\x03V\xc2\xa0\x18\xa5d\xc2\x15*\xb6\xd7$\xc0\t2\xa1"
+    sign = ctx.sign_binary(data, xmlsec.Transform.RSA_SHA1)
+    assert sign == expected_sign
diff --git a/tests/examples/test_verify.py b/tests/examples/test_verify.py
@@ -38,3 +38,22 @@ def test_verify_with_pem_file(index):
 
     # Verify the signature.
     ctx.verify(signature_node)
+
+
+def test_validate_binary_sign():
+    ctx = xmlsec.SignatureContext()
+    filename = path.join(BASE_DIR, 'rsakey.pem')
+    key = xmlsec.Key.from_file(filename, xmlsec.KeyFormat.PEM)
+    assert key is not None
+
+    key.name = path.basename(filename)
+
+    # Set the key on the context.
+    ctx.key = key
+
+    assert ctx.key is not None
+    assert ctx.key.name == path.basename(filename)
+
+    data = b'\xa8f4dP\x82\x02\xd3\xf5.\x02\xc1\x03\xef\xc4\x86\xabC\xec\xb7>\x8e\x1f\xa3\xa3\xc5\xb9qc\xc2\x81\xb1-\xa4B\xdf\x03>\xba\xd1'
+    sign = b"h\xcb\xb1\x82\xfa`e\x89x\xe5\xc5ir\xd6\xd1Q\x9a\x0b\xeaU_G\xcc'\xa4c\xa3>\x9b27\xbf^`\xa7p\xfb\x98\xcb\x81\xd2\xb1\x0c'\x9d\xe2\n\xec\xb2<\xcf@\x98=\xe0}O8}fy\xc2\xc4\xe9\xec\x87\xf6\xc1\xde\xfd\x96*o\xab\xae\x12\xc9{\xcc\x0e\x93y\x9a\x16\x80o\x92\xeb\x02^h|\xa0\x9b<\x99_\x97\xcb\xe27\xe9u\xc3\xfa_\xcct/sTb\xa0\t\xd3\x93'\xb4\xa4\x0ez\xcbL\x14D\xdb\xe3\x84\x886\xe9J[\xe7\xce\xc0\xb1\x99\x07\x17{\xc6:\xff\x1dt\xfd\xab^2\xf7\x9e\xa4\xccT\x8e~b\xdb\x9a\x04\x04\xbaM\xfa\xbd\xec)z\xbb\x89\xd7\xb2Q\xac\xaf\x13\xdcD\xcd\n6\x92\xfao\xb9\xd9\x96$\xce\xa6\xcf\xf8\xe4Bb60\xf5\xd2a\xb1o\x8c\x0f\x8bl\x88vh\xb5h\xfa\xfa\xb66\xedQ\x10\xc4\xef\xfa\x81\xf0\xc9.^\x98\x1ePQS\x9e\xafAy\x90\xe4\x95\x03V\xc2\xa0\x18\xa5d\xc2\x15*\xb6\xd7$\xc0\t2\xa1"
+    ctx.verify_binary(data, xmlsec.Transform.RSA_SHA1, sign)
