2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
23 #include <saml/SAMLConfig.h>
24 #include <saml/binding/SecurityPolicy.h>
25 #include <saml/binding/SecurityPolicyRule.h>
26 #include <saml/saml2/core/Assertions.h>
28 using namespace opensaml;
30 class SAML2PolicyTest : public CxxTest::TestSuite {
31 SecurityPolicy* m_policy;
32 vector<SecurityPolicyRule*> m_rules;
36 m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(CONDITIONS_POLICY_RULE, nullptr));
37 m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(BEARER_POLICY_RULE, nullptr));
38 m_policy = new SecurityPolicy();
39 m_policy->getRules().assign(m_rules.begin(), m_rules.end());
43 for_each(m_rules.begin(), m_rules.end(), xmltooling::cleanup<SecurityPolicyRule>());
47 void testSAML2Policy() {
49 // Read assertion to use from file.
50 string path = data_path + "saml2/profile/SAML2Assertion.xml";
51 ifstream in(path.c_str());
52 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
53 XercesJanitor<DOMDocument> janitor(doc);
54 auto_ptr<saml2::Assertion> assertion(
55 dynamic_cast<saml2::Assertion*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))
59 auto_ptr_XMLCh requestID("_12345");
60 m_policy->setCorrelationID(requestID.get());
62 TSM_ASSERT_THROWS("Policy should have tripped on AudienceRestriction", m_policy->evaluate(*assertion.get()), SecurityPolicyException);
64 auto_ptr_XMLCh recipient("https://sp.example.org");
65 m_policy->getAudiences().push_back(recipient.get());
66 TSM_ASSERT_THROWS("Policy should have tripped on InResponseTo correlation", m_policy->evaluate(*assertion.get()), SecurityPolicyException);
68 dynamic_cast<saml2::SubjectConfirmationData*>(
69 assertion->getSubject()->getSubjectConfirmations().front()->getSubjectConfirmationData()
70 )->setInResponseTo(requestID.get());
71 m_policy->evaluate(*assertion.get());
73 catch (exception& ex) {