github.com/crewjam/saml@v0.4.14/xmlenc/decrypt_test.go (about) 1 package xmlenc 2 3 import ( 4 "crypto/x509" 5 "encoding/pem" 6 "testing" 7 8 "gotest.tools/assert" 9 is "gotest.tools/assert/cmp" 10 "gotest.tools/golden" 11 12 "github.com/beevik/etree" 13 ) 14 15 func TestCanDecrypt(t *testing.T) { 16 t.Run("CBC", func(t *testing.T) { 17 doc := etree.NewDocument() 18 err := doc.ReadFromBytes(golden.Get(t, "input.xml")) 19 assert.Check(t, err) 20 21 keyPEM := "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDU8wdiaFmPfTyRYuFlVPi866WrH/2JubkHzp89bBQopDaLXYxi\n3PTu3O6Q/KaKxMOFBqrInwqpv/omOGZ4ycQ51O9I+Yc7ybVlW94lTo2gpGf+Y/8E\nPsVbnZaFutRctJ4dVIp9aQ2TpLiGT0xX1OzBO/JEgq9GzDRf+B+eqSuglwIDAQAB\nAoGBAMuy1eN6cgFiCOgBsB3gVDdTKpww87Qk5ivjqEt28SmXO13A1KNVPS6oQ8SJ\nCT5Azc6X/BIAoJCURVL+LHdqebogKljhH/3yIel1kH19vr4E2kTM/tYH+qj8afUS\nJEmArUzsmmK8ccuNqBcllqdwCZjxL4CHDUmyRudFcHVX9oyhAkEA/OV1OkjM3CLU\nN3sqELdMmHq5QZCUihBmk3/N5OvGdqAFGBlEeewlepEVxkh7JnaNXAXrKHRVu/f/\nfbCQxH+qrwJBANeQERF97b9Sibp9xgolb749UWNlAdqmEpmlvmS202TdcaaT1msU\n4rRLiQN3X9O9mq4LZMSVethrQAdX1whawpkCQQDk1yGf7xZpMJ8F4U5sN+F4rLyM\nRq8Sy8p2OBTwzCUXXK+fYeXjybsUUMr6VMYTRP2fQr/LKJIX+E5ZxvcIyFmDAkEA\nyfjNVUNVaIbQTzEbRlRvT6MqR+PTCefC072NF9aJWR93JimspGZMR7viY6IM4lrr\nvBkm0F5yXKaYtoiiDMzlOQJADqmEwXl0D72ZG/2KDg8b4QZEmC9i5gidpQwJXUc6\nhU+IVQoLxRq0fBib/36K9tcrrO5Ba4iEvDcNY+D8yGbUtA==\n-----END RSA PRIVATE KEY-----\n" 22 b, _ := pem.Decode([]byte(keyPEM)) 23 key, err := x509.ParsePKCS1PrivateKey(b.Bytes) 24 assert.Check(t, err) 25 26 el := doc.Root().FindElement("//EncryptedKey") 27 buf, err := Decrypt(key, el) 28 assert.Check(t, err) 29 assert.Check(t, is.DeepEqual([]byte{0xc, 0x70, 0xa2, 0xc8, 0x15, 0x74, 0x89, 0x3f, 0x36, 0xd2, 0x7c, 0x14, 0x2a, 0x9b, 0xaa, 0xd9}, 30 buf)) 31 32 el = doc.Root().FindElement("//EncryptedData") 33 buf, err = Decrypt(key, el) 34 assert.Check(t, err) 35 golden.Assert(t, string(buf), "plaintext.xml") 36 }) 37 38 t.Run("GCM", func(t *testing.T) { 39 doc := etree.NewDocument() 40 err := doc.ReadFromBytes(golden.Get(t, "input_gcm.xml")) 41 assert.Check(t, err) 42 43 keyPEM := golden.Get(t, "cert.key") 44 b, _ := pem.Decode(keyPEM) 45 key, err := x509.ParsePKCS8PrivateKey(b.Bytes) 46 assert.Check(t, err) 47 48 el := doc.Root().FindElement("//EncryptedKey") 49 _, err = Decrypt(key, el) 50 assert.Check(t, err) 51 52 el = doc.Root().FindElement("//EncryptedData") 53 _, err = Decrypt(key, el) 54 assert.Check(t, err) 55 }) 56 } 57 58 func TestCanDecryptWithoutCertificate(t *testing.T) { 59 t.Run("CBC", func(t *testing.T) { 60 doc := etree.NewDocument() 61 err := doc.ReadFromBytes(golden.Get(t, "input.xml")) 62 assert.Check(t, err) 63 64 el := doc.FindElement("//ds:X509Certificate") 65 el.Parent().RemoveChild(el) 66 67 keyPEM := golden.Get(t, "key.pem") 68 b, _ := pem.Decode(keyPEM) 69 key, err := x509.ParsePKCS1PrivateKey(b.Bytes) 70 assert.Check(t, err) 71 72 el = doc.Root().FindElement("//EncryptedKey") 73 buf, err := Decrypt(key, el) 74 assert.Check(t, err) 75 assert.Check(t, is.DeepEqual([]byte{0xc, 0x70, 0xa2, 0xc8, 0x15, 0x74, 0x89, 0x3f, 0x36, 0xd2, 0x7c, 0x14, 0x2a, 0x9b, 0xaa, 0xd9}, buf)) 76 77 el = doc.Root().FindElement("//EncryptedData") 78 buf, err = Decrypt(key, el) 79 assert.Check(t, err) 80 golden.Assert(t, string(buf), "plaintext.xml") 81 }) 82 83 t.Run("GCM", func(t *testing.T) { 84 doc := etree.NewDocument() 85 err := doc.ReadFromBytes(golden.Get(t, "input_gcm.xml")) 86 assert.Check(t, err) 87 88 el := doc.FindElement("//ds:X509Certificate") 89 el.Parent().RemoveChild(el) 90 91 keyPEM := golden.Get(t, "cert.key") 92 b, _ := pem.Decode(keyPEM) 93 key, err := x509.ParsePKCS8PrivateKey(b.Bytes) 94 assert.Check(t, err) 95 96 el = doc.Root().FindElement("//EncryptedKey") 97 _, err = Decrypt(key, el) 98 assert.Check(t, err) 99 100 el = doc.Root().FindElement("//EncryptedData") 101 _, err = Decrypt(key, el) 102 assert.Check(t, err) 103 }) 104 }