projects
/
shibboleth
/
cpp-opensaml.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Settable digest algorithm, enhanced prefix handling in signatures, pending xmlsec...
[shibboleth/cpp-opensaml.git]
/
samltest
/
saml2
/
binding
/
SAML2ArtifactTest.h
diff --git
a/samltest/saml2/binding/SAML2ArtifactTest.h
b/samltest/saml2/binding/SAML2ArtifactTest.h
index
1d08453
..
ee5b5f0
100644
(file)
--- a/
samltest/saml2/binding/SAML2ArtifactTest.h
+++ b/
samltest/saml2/binding/SAML2ArtifactTest.h
@@
-1,5
+1,5
@@
/*
\r
/*
\r
- * Copyright 2001-200
5
Internet2
\r
+ * Copyright 2001-200
7
Internet2
\r
*
\r
* Licensed under the Apache License, Version 2.0 (the "License");
\r
* you may not use this file except in compliance with the License.
\r
*
\r
* Licensed under the Apache License, Version 2.0 (the "License");
\r
* you may not use this file except in compliance with the License.
\r
@@
-25,20
+25,21
@@
using namespace opensaml::saml2p;
using namespace opensaml::saml2;
\r
\r
class SAML2ArtifactTest : public CxxTest::TestSuite,
\r
using namespace opensaml::saml2;
\r
\r
class SAML2ArtifactTest : public CxxTest::TestSuite,
\r
- public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver {
\r
+
public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver {
\r
public:
\r
void setUp() {
\r
public:
\r
void setUp() {
\r
- m_fields.clear();
\r
SAMLBindingBaseTestCase::setUp();
\r
}
\r
\r
void tearDown() {
\r
SAMLBindingBaseTestCase::setUp();
\r
}
\r
\r
void tearDown() {
\r
- m_fields.clear();
\r
SAMLBindingBaseTestCase::tearDown();
\r
}
\r
\r
void testSAML2Artifact() {
\r
try {
\r
SAMLBindingBaseTestCase::tearDown();
\r
}
\r
\r
void testSAML2Artifact() {
\r
try {
\r
+ QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
\r
+ SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false);
\r
+
\r
// Read message to use from file.
\r
string path = data_path + "saml2/binding/SAML2Response.xml";
\r
ifstream in(path.c_str());
\r
// Read message to use from file.
\r
string path = data_path + "saml2/binding/SAML2Response.xml";
\r
ifstream in(path.c_str());
\r
@@
-49,59
+50,49
@@
public:
);
\r
janitor.release();
\r
\r
);
\r
janitor.release();
\r
\r
+ CredentialCriteria cc;
\r
+ cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
\r
+ Locker clocker(m_creds);
\r
+ const Credential* cred = m_creds->resolve(&cc);
\r
+ TSM_ASSERT("Retrieved credential was null", cred!=NULL);
\r
+
\r
// Freshen timestamp.
\r
toSend->setIssueInstant(time(NULL));
\r
\r
// Encode message.
\r
// Freshen timestamp.
\r
toSend->setIssueInstant(time(NULL));
\r
\r
// Encode message.
\r
- auto_ptr<MessageEncoder> encoder(SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAML2_ARTIFACT_ENCODER, NULL));
\r
+ auto_ptr<MessageEncoder> encoder(
\r
+ SAMLConfig::getConfig().MessageEncoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_ARTIFACT, NULL)
\r
+ );
\r
encoder->setArtifactGenerator(this);
\r
encoder->setArtifactGenerator(this);
\r
- encoder->encode(
m_fields,toSend.get(),"https://sp.example.org/","state",m_creds
);
\r
+ encoder->encode(
*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",cred
);
\r
toSend.release();
\r
\r
// Decode message.
\r
string relayState;
\r
toSend.release();
\r
\r
// Decode message.
\r
string relayState;
\r
- const RoleDescriptor* issuer=NULL;
\r
- bool trusted=false;
\r
- QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
\r
- auto_ptr<MessageDecoder> decoder(SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAML2_ARTIFACT_DECODER, NULL));
\r
+ auto_ptr<MessageDecoder> decoder(
\r
+ SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_ARTIFACT, NULL)
\r
+ );
\r
decoder->setArtifactResolver(this);
\r
Locker locker(m_metadata);
\r
decoder->setArtifactResolver(this);
\r
Locker locker(m_metadata);
\r
- auto_ptr<Response> response(
\r
- dynamic_cast<Response*>(
\r
- decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust)
\r
- )
\r
- );
\r
+ auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
\r
\r
// Test the results.
\r
TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
\r
TSM_ASSERT("SAML Response not decoded successfully.", response.get());
\r
\r
// Test the results.
\r
TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
\r
TSM_ASSERT("SAML Response not decoded successfully.", response.get());
\r
- TSM_ASSERT("Message was not verified.",
issuer && trusted
);
\r
- auto_ptr_char entityID(
dynamic_cast<const EntityDescriptor*>(issuer->getParent())->getEntityID
());
\r
+ TSM_ASSERT("Message was not verified.",
policy.isSecure()
);
\r
+ auto_ptr_char entityID(
policy.getIssuer()->getName
());
\r
TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
\r
TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
\r
\r
// Trigger a replay.
\r
TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
\r
TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
\r
\r
// Trigger a replay.
\r
- TSM_ASSERT_THROWS("Did not catch the replay.",
\r
- decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust),
\r
- BindingException);
\r
+ policy.reset();
\r
+ TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException);
\r
}
\r
catch (XMLToolingException& ex) {
\r
TS_TRACE(ex.what());
\r
throw;
\r
}
\r
}
\r
}
\r
catch (XMLToolingException& ex) {
\r
TS_TRACE(ex.what());
\r
throw;
\r
}
\r
}
\r
-
\r
- const char* getMethod() const {
\r
- return "GET";
\r
- }
\r
-
\r
- const char* getRequestURL() const {
\r
- return "https://sp.example.org/SAML/Artifact";
\r
- }
\r
-
\r
- const char* getQueryString() const {
\r
- return NULL;
\r
- }
\r
\r
SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const {
\r
throw BindingException("Not implemented.");
\r
\r
SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const {
\r
throw BindingException("Not implemented.");
\r
@@
-112,24
+103,23
@@
public:
}
\r
\r
saml1p::Response* resolve(
\r
}
\r
\r
saml1p::Response* resolve(
\r
- bool& authenticated,
\r
const vector<SAMLArtifact*>& artifacts,
\r
const IDPSSODescriptor& idpDescriptor,
\r
const vector<SAMLArtifact*>& artifacts,
\r
const IDPSSODescriptor& idpDescriptor,
\r
- const X509TrustEngine* trustEngine=NULL
\r
+ SecurityPolicy& policy
\r
) const {
\r
throw BindingException("Not implemented.");
\r
}
\r
\r
ArtifactResponse* resolve(
\r
) const {
\r
throw BindingException("Not implemented.");
\r
}
\r
\r
ArtifactResponse* resolve(
\r
- bool& authenticated,
\r
const SAML2Artifact& artifact,
\r
const SSODescriptorType& ssoDescriptor,
\r
const SAML2Artifact& artifact,
\r
const SSODescriptorType& ssoDescriptor,
\r
- const X509TrustEngine* trustEngine=NULL
\r
+ SecurityPolicy& policy
\r
) const {
\r
XMLObject* xmlObject =
\r
SAMLConfig::getConfig().getArtifactMap()->retrieveContent(&artifact, "https://sp.example.org/");
\r
Response* payload = dynamic_cast<Response*>(xmlObject);
\r
TSM_ASSERT("Not a response.", payload!=NULL);
\r
) const {
\r
XMLObject* xmlObject =
\r
SAMLConfig::getConfig().getArtifactMap()->retrieveContent(&artifact, "https://sp.example.org/");
\r
Response* payload = dynamic_cast<Response*>(xmlObject);
\r
TSM_ASSERT("Not a response.", payload!=NULL);
\r
+
\r
auto_ptr<ArtifactResponse> response(ArtifactResponseBuilder::buildArtifactResponse());
\r
response->setPayload(payload);
\r
Status* status = StatusBuilder::buildStatus();
\r
auto_ptr<ArtifactResponse> response(ArtifactResponseBuilder::buildArtifactResponse());
\r
response->setPayload(payload);
\r
Status* status = StatusBuilder::buildStatus();
\r
@@
-139,7
+129,7
@@
public:
sc->setValue(StatusCode::SUCCESS);
\r
response->marshall();
\r
SchemaValidators.validate(response.get());
\r
sc->setValue(StatusCode::SUCCESS);
\r
response->marshall();
\r
SchemaValidators.validate(response.get());
\r
-
authenticated = true
;
\r
+
policy.evaluate(*(response.get()), this)
;
\r
return response.release();
\r
}
\r
};
\r
return response.release();
\r
}
\r
};
\r