PKIXSignatureTrustEngineTest (OpenSAML :: XML Security Implementation 3.1.0 API)

java.lang.Object
- org.opensaml.core.OpenSAMLInitBaseTestCase
- - org.opensaml.core.xml.XMLObjectBaseTestCase
  - - org.opensaml.xmlsec.signature.support.impl.PKIXSignatureTrustEngineTest

public class PKIXSignatureTrustEngineTest
extends org.opensaml.core.xml.XMLObjectBaseTestCase

Tests the PKIXSignatureTrustEngine implementation.

Field Summary

Fields
Modifier and Type	Field and Description
`private net.shibboleth.utilities.java.support.resolver.CriteriaSet`	`criteriaSet`
`private static String`	`DATA_PATH`
`private boolean`	`emitKeyInfo`
`private boolean`	`emitKeyValueOnly`
`private static Set<X509Certificate>`	`EMPTY_ANCHORS`
`private static Set<X509CRL>`	`EMPTY_CRLS`
`private org.opensaml.xmlsec.signature.support.impl.PKIXSignatureTrustEngine`	`engine`
`private static Integer`	`MAX_DEPTH`
`private String`	`rawAlgorithmURI`
`private org.opensaml.security.credential.Credential`	`rawCandidateCred`
`private String`	`rawData`
`private byte[]`	`rawSignature`
`private byte[]`	`rawSignedContent`
`private org.opensaml.xmlsec.signature.Signature`	`signature`
`private String`	`subjectCN`
`private boolean`	`tamperDocumentPostSigning`

Fields inherited from class org.opensaml.core.xml.XMLObjectBaseTestCase
builderFactory, marshallerFactory, parserPool, simpleXMLObjectQName, unmarshallerFactory

Constructor Summary

Constructors
Constructor and Description

PKIXSignatureTrustEngineTest()

Constructors
Constructor and Description
`PKIXSignatureTrustEngineTest()`

Method Summary

Methods
Modifier and Type	Method and Description
`private org.opensaml.xmlsec.signature.SignableXMLObject`	`buildSignedObject(org.opensaml.security.x509.X509Credential signingX509Cred)`
`private X509Certificate`	`getCertificate(String fileName)`
`private Collection<X509Certificate>`	`getCertificates(String... certNames)`
`private org.opensaml.security.x509.BasicX509Credential`	`getCredential(String entityCertFileName, String entityKeyFileName, String... chainMembers)`
`private X509CRL`	`getCRL(String fileName)`
`private Collection<X509CRL>`	`getCRLS(String... crlNames)`
`private org.opensaml.xmlsec.signature.support.impl.PKIXSignatureTrustEngine`	`getEngine(Collection<X509Certificate> certs, Collection<X509CRL> crls, Integer depth, String... trustedNames)`
`private InputStream`	`getInputStream(String fileName)`
`private org.opensaml.security.x509.PKIXValidationInformation`	`getPKIXInfoSet(Collection<X509Certificate> certs, Collection<X509CRL> crls, Integer depth)`
`private PrivateKey`	`getPrivateKey(String fileName)`
`private org.opensaml.xmlsec.signature.Signature`	`getSignature(String entityCertFileName, String entityKeyFileName, String... chainMembers)`
`protected void`	`setUp()`
`void`	`testBlacklistedDigestAlgorithm()`
`void`	`testBlacklistedSignatureAlgorithm()`
`void`	`testCertExpired()`
`void`	`testCertRevoked()`
`void`	`testGoodPathBadTrustedName()`
`void`	`testGoodPathInAnchors()`
`void`	`testGoodPathInCred()`
`void`	`testGoodPathNoTrustedNames()`
`void`	`testMissingAnchor()`
`void`	`testNoAnchors()`
`void`	`testNoCandidateCred()`
`void`	`testRawBlacklistedAlgorithm()`
`void`	`testRawCertExpired()`
`void`	`testRawCertMissingAnchor()`
`void`	`testRawCertNoAnchors()`
`void`	`testRawCertRevoked()`
`void`	`testRawGoodPathBadTrustedName()`
`void`	`testRawGoodPathInAnchors()`
`void`	`testRawGoodPathInCred()`
`void`	`testRawGoodPathNoTrustedNames()`
`void`	`testRawNoCandidateCred()`
`void`	`testRawTamperedData()`
`private void`	`testRawValidateFailure(String message)`
`private void`	`testRawValidateSuccess(String message)`
`void`	`testRawWhitelistedAlgorithm()`
`void`	`testRawWrongCredType()`
`void`	`testTamperedData()`
`private void`	`testValidateFailure(String message)`
`private void`	`testValidateSuccess(String message)` Helper methods.
`void`	`testWhitelistedAlgorithms()`
`void`	`testWrongCredType()`

Methods inherited from class org.opensaml.core.xml.XMLObjectBaseTestCase
assertXMLEquals, assertXMLEquals, buildXMLObject, fetchDuration, getBuilder, getMarshaller, getMarshaller, getUnmarshaller, getUnmarshaller, getUnmarshaller, initXMLObjectSupport, parseXMLDocument, printXML, printXML, unmarshallElement

Methods inherited from class org.opensaml.core.OpenSAMLInitBaseTestCase
initOpenSAML

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DATA_PATH
```
private static final String DATA_PATH
```
See Also:
Constant Field Values

EMPTY_CRLS

private static final Set<X509CRL> EMPTY_CRLS

EMPTY_ANCHORS

private static final Set<X509Certificate> EMPTY_ANCHORS

MAX_DEPTH
```
private static final Integer MAX_DEPTH
```

engine

private org.opensaml.xmlsec.signature.support.impl.PKIXSignatureTrustEngine engine

signature

private org.opensaml.xmlsec.signature.Signature signature

criteriaSet

private net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet

subjectCN
```
private String subjectCN
```

tamperDocumentPostSigning

private boolean tamperDocumentPostSigning

emitKeyInfo
```
private boolean emitKeyInfo
```

emitKeyValueOnly
```
private boolean emitKeyValueOnly
```

rawData
```
private String rawData
```

rawSignedContent
```
private byte[] rawSignedContent
```

rawAlgorithmURI
```
private String rawAlgorithmURI
```

rawSignature
```
private byte[] rawSignature
```

rawCandidateCred

private org.opensaml.security.credential.Credential rawCandidateCred

Constructor Detail
- PKIXSignatureTrustEngineTest
```
public PKIXSignatureTrustEngineTest()
```

Method Detail

setUp

protected void setUp()
              throws Exception

Throws:: Exception

testGoodPathInAnchors
```
public void testGoodPathInAnchors()
```

testGoodPathInCred
```
public void testGoodPathInCred()
```

testGoodPathNoTrustedNames

public void testGoodPathNoTrustedNames()

testGoodPathBadTrustedName

public void testGoodPathBadTrustedName()

testCertRevoked
```
public void testCertRevoked()
```

testCertExpired
```
public void testCertExpired()
```

testMissingAnchor
```
public void testMissingAnchor()
```

testNoAnchors
```
public void testNoAnchors()
```

testTamperedData

public void testTamperedData()
                      throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testNoCandidateCred

public void testNoCandidateCred()
                         throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testWrongCredType

public void testWrongCredType()
                       throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testWhitelistedAlgorithms

public void testWhitelistedAlgorithms()

testBlacklistedSignatureAlgorithm

public void testBlacklistedSignatureAlgorithm()

testBlacklistedDigestAlgorithm

public void testBlacklistedDigestAlgorithm()

testRawGoodPathInAnchors

public void testRawGoodPathInAnchors()
                              throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawGoodPathInCred

public void testRawGoodPathInCred()
                           throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawGoodPathNoTrustedNames

public void testRawGoodPathNoTrustedNames()
                                   throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawGoodPathBadTrustedName

public void testRawGoodPathBadTrustedName()
                                   throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawCertRevoked

public void testRawCertRevoked()
                        throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawCertExpired

public void testRawCertExpired()
                        throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawCertMissingAnchor

public void testRawCertMissingAnchor()
                              throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawCertNoAnchors

public void testRawCertNoAnchors()
                          throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawTamperedData

public void testRawTamperedData()
                         throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawNoCandidateCred

public void testRawNoCandidateCred()
                            throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawWrongCredType

public void testRawWrongCredType()
                          throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawWhitelistedAlgorithm

public void testRawWhitelistedAlgorithm()
                                 throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testRawBlacklistedAlgorithm

public void testRawBlacklistedAlgorithm()
                                 throws org.opensaml.security.SecurityException

Throws:: org.opensaml.security.SecurityException

testValidateSuccess

private void testValidateSuccess(String message)

Helper methods. *

testValidateFailure

private void testValidateFailure(String message)

getSignature

private org.opensaml.xmlsec.signature.Signature getSignature(String entityCertFileName,
                                                   String entityKeyFileName,
                                                   String... chainMembers)

getCredential

private org.opensaml.security.x509.BasicX509Credential getCredential(String entityCertFileName,
                                                           String entityKeyFileName,
                                                           String... chainMembers)

getEngine

private org.opensaml.xmlsec.signature.support.impl.PKIXSignatureTrustEngine getEngine(Collection<X509Certificate> certs,
                                                                            Collection<X509CRL> crls,
                                                                            Integer depth,
                                                                            String... trustedNames)

getPKIXInfoSet

private org.opensaml.security.x509.PKIXValidationInformation getPKIXInfoSet(Collection<X509Certificate> certs,
                                                                  Collection<X509CRL> crls,
                                                                  Integer depth)

getCertificates

private Collection<X509Certificate> getCertificates(String... certNames)

getPrivateKey

private PrivateKey getPrivateKey(String fileName)

getCertificate

private X509Certificate getCertificate(String fileName)

getCRLS

private Collection<X509CRL> getCRLS(String... crlNames)

getCRL

private X509CRL getCRL(String fileName)

getInputStream

private InputStream getInputStream(String fileName)

buildSignedObject

private org.opensaml.xmlsec.signature.SignableXMLObject buildSignedObject(org.opensaml.security.x509.X509Credential signingX509Cred)
                                                                   throws org.opensaml.xmlsec.signature.support.SignatureException

Throws:: org.opensaml.xmlsec.signature.support.SignatureException

testRawValidateSuccess

private void testRawValidateSuccess(String message)

testRawValidateFailure

private void testRawValidateFailure(String message)

Class PKIXSignatureTrustEngineTest

Field Summary

Fields inherited from class org.opensaml.core.xml.XMLObjectBaseTestCase

Constructor Summary

Method Summary

Methods inherited from class org.opensaml.core.xml.XMLObjectBaseTestCase

Methods inherited from class org.opensaml.core.OpenSAMLInitBaseTestCase

Methods inherited from class java.lang.Object

Field Detail

DATA_PATH

EMPTY_CRLS

EMPTY_ANCHORS

MAX_DEPTH

engine

signature

criteriaSet

subjectCN

tamperDocumentPostSigning

emitKeyInfo

emitKeyValueOnly

rawData

rawSignedContent

rawAlgorithmURI

rawSignature

rawCandidateCred

Constructor Detail

PKIXSignatureTrustEngineTest

Method Detail

setUp

testGoodPathInAnchors

testGoodPathInCred

testGoodPathNoTrustedNames

testGoodPathBadTrustedName

testCertRevoked

testCertExpired

testMissingAnchor

testNoAnchors

testTamperedData

testNoCandidateCred

testWrongCredType

testWhitelistedAlgorithms

testBlacklistedSignatureAlgorithm

testBlacklistedDigestAlgorithm

testRawGoodPathInAnchors

testRawGoodPathInCred

testRawGoodPathNoTrustedNames

testRawGoodPathBadTrustedName

testRawCertRevoked

testRawCertExpired

testRawCertMissingAnchor

testRawCertNoAnchors

testRawTamperedData

testRawNoCandidateCred

testRawWrongCredType

testRawWhitelistedAlgorithm

testRawBlacklistedAlgorithm

testValidateSuccess

testValidateFailure

getSignature

getCredential

getEngine

getPKIXInfoSet

getCertificates

getPrivateKey

getCertificate

getCRLS

getCRL

getInputStream

buildSignedObject

testRawValidateSuccess

testRawValidateFailure