Generating benchmarks for C++ OpenSAML signature and encryption testing

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Generating benchmarks for C++ OpenSAML signature and encryption testing

Rod Widdowson
I've been working through the OpenSAML-C case about dealing with the default digest algorithm having moved from sha1 to sha256 and
some tests failing as a result.

I can (and will) make the tests pass just by forcing the algorithm back to sha1, but rather badly do not want to stop there.    

All that stopping there achieves is testing our old default behavior and it seems sensible to test our new default behavior.  So the
sensible thing to do is to extend the tests so that it tests both sha1 and sha256.  The means that I need to generate test files
with the correctly signed DOM in them.

This is already going to be exciting because I work on windows and I need to create a file which will not have its white-space
destroyed in a signature corrupting manner by checking in to git (and having CRLF converted to LF). But my real question is what the
suggested best method is for generating the benchmark.

My initial through was to just capture the serialized DOM in the debugger and paste that into a file.  This issue here is that this
is a leap of faith - we test against what we generated, so this tests for regression but not the current functionality.     Given
the relatively wide deployment of 3.0.2 (and indeed Santuario 2) this is not bad strategy (we'd have known by now if the signature
was bad), but should we do better?

SAMLSign is an option but we are using the same basic code.  So the sensible thing (I suppose) is to capture the output from java.
Which is not going to be a bunch of fun.

Any thoughts, suggestions, other feedback?

/Rod

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Generating benchmarks for C++ OpenSAML signature and encryption testing

Ian Young-3


On 10 Aug 2018, at 13:44, Rod Widdowson <[hidden email]> wrote:

SAMLSign is an option but we are using the same basic code.

XMLSecTool?

    -- Ian





--
To unsubscribe from this list send an email to [hidden email]

smime.p7s (5K) Download Attachment