2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 #include <saml/SAMLConfig.h>
23 #include <saml/saml2/core/Assertions.h>
24 #include <saml/saml2/metadata/Metadata.h>
25 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
26 #include <saml/saml2/metadata/MetadataProvider.h>
27 #include <xmltooling/security/SignatureTrustEngine.h>
29 using namespace opensaml::saml2;
30 using namespace opensaml::saml2md;
31 using namespace xmlsignature;
33 class ExplicitKeyTrustEngineTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
36 SAMLObjectBaseTestCase::setUp();
40 SAMLObjectBaseTestCase::tearDown();
43 void testExplicitKeyTrustEngine() {
44 string config = data_path + "security/XMLMetadataProvider.xml";
45 ifstream in(config.c_str());
46 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
47 XercesJanitor<DOMDocument> janitor(doc);
49 auto_ptr_XMLCh path("path");
50 string s = data_path + "security/example-metadata.xml";
51 auto_ptr_XMLCh file(s.c_str());
52 doc->getDocumentElement()->setAttributeNS(nullptr,path.get(),file.get());
54 // Build metadata provider.
55 auto_ptr<MetadataProvider> metadataProvider(
56 opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
59 metadataProvider->init();
61 catch (XMLToolingException& ex) {
66 // Build trust engine.
67 auto_ptr<TrustEngine> trustEngine(
68 XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, nullptr)
71 // Get signed assertion.
72 config = data_path + "signature/SAML2Assertion.xml";
73 ifstream in2(config.c_str());
74 DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);
75 XercesJanitor<DOMDocument> janitor2(doc2);
76 auto_ptr<Assertion> assertion(dynamic_cast<Assertion*>(XMLObjectBuilder::getBuilder(doc2->getDocumentElement())->buildFromDocument(doc2)));
79 Locker locker(metadataProvider.get());
80 const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria("https://idp3.example.org")).first;
81 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
83 RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();
84 TSM_ASSERT("Role not present", role!=nullptr);
86 Signature* sig=assertion->getSignature();
87 TSM_ASSERT("Signature not present", sig!=nullptr);
89 MetadataCredentialCriteria cc(*role);
90 cc.setPeerName("https://idp3.example.org");
91 TSM_ASSERT("Signature failed to validate.", dynamic_cast<SignatureTrustEngine*>(trustEngine.get())->validate(*sig, *metadataProvider, &cc));
93 descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria("https://idp2.example.org")).first;
94 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
96 role=descriptor->getIDPSSODescriptors().front();
97 TSM_ASSERT("Role not present", role!=nullptr);
99 MetadataCredentialCriteria cc2(*role);
100 cc2.setPeerName("https://idp2.example.org");
101 TSM_ASSERT("Signature validated.", !dynamic_cast<SignatureTrustEngine*>(trustEngine.get())->validate(*sig, *metadataProvider, &cc2));