-/*\r
- * Copyright 2001-2006 Internet2\r
- * \r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-#include "internal.h"\r
-#include <saml/security/TrustEngine.h>\r
-#include <saml/saml2/metadata/MetadataProvider.h>\r
-\r
-using namespace opensaml::saml2;\r
-using namespace opensaml::saml2md;\r
-using namespace xmlsignature;\r
-\r
-class ExplicitKeyTrustEngineTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {\r
-public:\r
- void setUp() {\r
- SAMLObjectBaseTestCase::setUp();\r
- }\r
- \r
- void tearDown() {\r
- SAMLObjectBaseTestCase::tearDown();\r
- }\r
-\r
- void testExplicitKeyTrustEngine() {\r
- string config = data_path + "security/FilesystemMetadataProvider.xml";\r
- ifstream in(config.c_str());\r
- DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
- XercesJanitor<DOMDocument> janitor(doc);\r
-\r
- auto_ptr_XMLCh path("path");\r
- string s = data_path + "security/example-metadata.xml";\r
- auto_ptr_XMLCh file(s.c_str());\r
- doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());\r
-\r
- // Build metadata provider.\r
- auto_ptr<MetadataProvider> metadataProvider(\r
- SAMLConfig::getConfig().MetadataProviderManager.newPlugin(FILESYSTEM_METADATA_PROVIDER,doc->getDocumentElement())\r
- );\r
- try {\r
- metadataProvider->init();\r
- }\r
- catch (XMLToolingException& ex) {\r
- TS_TRACE(ex.what());\r
- throw;\r
- }\r
- \r
- // Build trust engine.\r
- auto_ptr<opensaml::TrustEngine> trustEngine(\r
- SAMLConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_SAMLTRUSTENGINE, NULL)\r
- );\r
- \r
- // Get signed assertion.\r
- config = data_path + "signature/SAML2Assertion.xml";\r
- ifstream in2(config.c_str());\r
- DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);\r
- XercesJanitor<DOMDocument> janitor2(doc2);\r
- auto_ptr<Assertion> assertion(dynamic_cast<Assertion*>(XMLObjectBuilder::getBuilder(doc2->getDocumentElement())->buildFromDocument(doc2)));\r
- janitor2.release();\r
-\r
- Locker locker(metadataProvider.get());\r
- const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor("https://idp.example.org");\r
- TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);\r
- \r
- RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();\r
- TSM_ASSERT("Role not present", role!=NULL);\r
- \r
- Signature* sig=assertion->getSignature();\r
- TSM_ASSERT("Signature not present", sig!=NULL);\r
- TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));\r
-\r
- descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org");\r
- TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);\r
- \r
- role=descriptor->getIDPSSODescriptors().front();\r
- TSM_ASSERT("Role not present", role!=NULL);\r
-\r
- TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));\r
- }\r
-};\r
+/*
+ * Copyright 2001-2007 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "internal.h"
+#include <saml/SAMLConfig.h>
+#include <saml/saml2/core/Assertions.h>
+#include <saml/saml2/metadata/Metadata.h>
+#include <saml/saml2/metadata/MetadataCredentialCriteria.h>
+#include <saml/saml2/metadata/MetadataProvider.h>
+#include <xmltooling/security/TrustEngine.h>
+
+using namespace opensaml::saml2;
+using namespace opensaml::saml2md;
+using namespace xmlsignature;
+
+class ExplicitKeyTrustEngineTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
+public:
+ void setUp() {
+ SAMLObjectBaseTestCase::setUp();
+ }
+
+ void tearDown() {
+ SAMLObjectBaseTestCase::tearDown();
+ }
+
+ void testExplicitKeyTrustEngine() {
+ string config = data_path + "security/XMLMetadataProvider.xml";
+ ifstream in(config.c_str());
+ DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
+ XercesJanitor<DOMDocument> janitor(doc);
+
+ auto_ptr_XMLCh path("path");
+ string s = data_path + "security/example-metadata.xml";
+ auto_ptr_XMLCh file(s.c_str());
+ doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());
+
+ // Build metadata provider.
+ auto_ptr<MetadataProvider> metadataProvider(
+ opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
+ );
+ try {
+ metadataProvider->init();
+ }
+ catch (XMLToolingException& ex) {
+ TS_TRACE(ex.what());
+ throw;
+ }
+
+ // Build trust engine.
+ auto_ptr<TrustEngine> trustEngine(
+ XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, NULL)
+ );
+
+ // Get signed assertion.
+ config = data_path + "signature/SAML2Assertion.xml";
+ ifstream in2(config.c_str());
+ DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);
+ XercesJanitor<DOMDocument> janitor2(doc2);
+ auto_ptr<Assertion> assertion(dynamic_cast<Assertion*>(XMLObjectBuilder::getBuilder(doc2->getDocumentElement())->buildFromDocument(doc2)));
+ janitor2.release();
+
+ Locker locker(metadataProvider.get());
+ const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor("https://idp.example.org");
+ TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
+
+ RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();
+ TSM_ASSERT("Role not present", role!=NULL);
+
+ Signature* sig=assertion->getSignature();
+ TSM_ASSERT("Signature not present", sig!=NULL);
+
+ MetadataCredentialCriteria cc(*role);
+ cc.setPeerName("https://idp.example.org");
+ TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *metadataProvider, &cc));
+
+ descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org");
+ TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
+
+ role=descriptor->getIDPSSODescriptors().front();
+ TSM_ASSERT("Role not present", role!=NULL);
+
+ MetadataCredentialCriteria cc2(*role);
+ cc2.setPeerName("https://idp2.example.org");
+ TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *metadataProvider, &cc2));
+ }
+};