2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 #include <saml/SAMLConfig.h>
19 #include <saml/saml2/metadata/Metadata.h>
20 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
21 #include <saml/saml2/metadata/MetadataProvider.h>
22 #include <xmltooling/security/SignatureTrustEngine.h>
24 using namespace opensaml::saml2;
25 using namespace opensaml::saml2md;
26 using namespace xmlsignature;
28 class StaticPKIXTrustEngineTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
31 SAMLObjectBaseTestCase::setUp();
35 SAMLObjectBaseTestCase::tearDown();
38 void testStaticPKIXTrustEngine() {
39 string config = data_path + "security/XMLMetadataProvider.xml";
40 ifstream in(config.c_str());
41 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
42 XercesJanitor<DOMDocument> janitor(doc);
44 auto_ptr_XMLCh path("path");
45 string s = data_path + "security/example-metadata.xml";
46 auto_ptr_XMLCh file(s.c_str());
47 doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());
49 // Build metadata provider.
50 auto_ptr<MetadataProvider> metadataProvider(
51 opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
54 metadataProvider->init();
56 catch (XMLToolingException& ex) {
61 // Build trust engine.
62 config = data_path + "security/StaticPKIXTrustEngine.xml";
63 ifstream in2(config.c_str());
64 DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);
65 XercesJanitor<DOMDocument> janitor2(doc2);
66 auto_ptr<TrustEngine> trustEngine(
67 XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(STATIC_PKIX_TRUSTENGINE,doc2->getDocumentElement())
70 // Get signed assertion.
71 config = data_path + "signature/SAML2Assertion.xml";
72 ifstream in3(config.c_str());
73 DOMDocument* doc3=XMLToolingConfig::getConfig().getParser().parse(in3);
74 XercesJanitor<DOMDocument> janitor3(doc3);
75 auto_ptr<Assertion> assertion(dynamic_cast<Assertion*>(XMLObjectBuilder::getBuilder(doc3->getDocumentElement())->buildFromDocument(doc3)));
78 Locker locker(metadataProvider.get());
79 const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria("https://idp.example.org")).first;
80 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
82 RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();
83 TSM_ASSERT("Role not present", role!=NULL);
85 Signature* sig=assertion->getSignature();
86 TSM_ASSERT("Signature not present", sig!=NULL);
88 MetadataCredentialCriteria cc(*role);
89 cc.setPeerName("https://idp.example.org");
90 TSM_ASSERT("Signature failed to validate.", dynamic_cast<SignatureTrustEngine*>(trustEngine.get())->validate(*sig, *metadataProvider, &cc));
92 descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria("https://idp2.example.org")).first;
93 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
95 role=descriptor->getIDPSSODescriptors().front();
96 TSM_ASSERT("Role not present", role!=NULL);
98 MetadataCredentialCriteria cc2(*role);
99 cc2.setPeerName("https://idp2.example.org");
100 TSM_ASSERT("Signature validated.", !dynamic_cast<SignatureTrustEngine*>(trustEngine.get())->validate(*sig, *metadataProvider, &cc2));