X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=samltest%2Fsaml1%2Fbinding%2FSAML1POSTTest.h;h=6872867356fc60f7b2fdd4db8c4a04bed91fb174;hb=1ffcb743f90aeb3da11054316f3d005ff7edbf7b;hp=27e96eefbd82c1be369eeac8ef963867b6e69868;hpb=e8d75900802dfa84c06290f88e365fd355ce6881;p=shibboleth%2Fcpp-opensaml.git diff --git a/samltest/saml1/binding/SAML1POSTTest.h b/samltest/saml1/binding/SAML1POSTTest.h index 27e96ee..6872867 100644 --- a/samltest/saml1/binding/SAML1POSTTest.h +++ b/samltest/saml1/binding/SAML1POSTTest.h @@ -1,147 +1,147 @@ -/* - * Copyright 2001-2005 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "binding.h" - -#include - -using namespace opensaml::saml1p; -using namespace opensaml::saml1; - -class SAML1POSTTest : public CxxTest::TestSuite, public SAMLBindingBaseTestCase { -public: - void setUp() { - m_fields.clear(); - SAMLBindingBaseTestCase::setUp(); - } - - void tearDown() { - m_fields.clear(); - SAMLBindingBaseTestCase::tearDown(); - } - - void testSAML1POSTTrusted() { - try { - // Read message to use from file. - string path = data_path + "saml1/binding/SAML1Response.xml"; - ifstream in(path.c_str()); - DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); - XercesJanitor janitor(doc); - auto_ptr toSend( - dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) - ); - janitor.release(); - - // Freshen timestamp. - toSend->setIssueInstant(time(NULL)); - - // Encode message. - auto_ptr encoder(SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAML1_POST_ENCODER, NULL)); - encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state",m_creds); - toSend.release(); - - // Decode message. - string relayState; - const RoleDescriptor* issuer=NULL; - bool trusted=false; - QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - auto_ptr decoder(SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAML1_POST_DECODER, NULL)); - Locker locker(m_metadata); - auto_ptr response( - dynamic_cast( - decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust) - ) - ); - - // Test the results. - TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state"); - TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", issuer && trusted); - auto_ptr_char entityID(dynamic_cast(issuer->getParent())->getEntityID()); - TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); - TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); - } - catch (XMLToolingException& ex) { - TS_TRACE(ex.what()); - throw; - } - } - - void testSAML1POSTUntrusted() { - try { - // Read message to use from file. - string path = data_path + "saml1/binding/SAML1Response.xml"; - ifstream in(path.c_str()); - DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); - XercesJanitor janitor(doc); - auto_ptr toSend( - dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) - ); - janitor.release(); - - // Freshen timestamp and clear ID. - toSend->setIssueInstant(time(NULL)); - toSend->setResponseID(NULL); - - // Encode message. - auto_ptr encoder(SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAML1_POST_ENCODER, NULL)); - encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state"); - toSend.release(); - - // Decode message. - string relayState; - const RoleDescriptor* issuer=NULL; - bool trusted=false; - QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - auto_ptr decoder(SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAML1_POST_DECODER, NULL)); - Locker locker(m_metadata); - auto_ptr response( - dynamic_cast( - decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole) - ) - ); - - // Test the results. - TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state"); - TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was verified.", issuer && !trusted); - auto_ptr_char entityID(dynamic_cast(issuer->getParent())->getEntityID()); - TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); - TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); - - // Trigger a replay. - TSM_ASSERT_THROWS("Did not catch the replay.", - decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust), - BindingException); - } - catch (XMLToolingException& ex) { - TS_TRACE(ex.what()); - throw; - } - } - - const char* getMethod() const { - return "POST"; - } - - const char* getRequestURL() const { - return "https://sp.example.org/SAML/POST"; - } - - const char* getQueryString() const { - return NULL; - } -}; +/* + * Copyright 2001-2005 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "binding.h" + +#include + +using namespace opensaml::saml1p; +using namespace opensaml::saml1; + +class SAML1POSTTest : public CxxTest::TestSuite, public SAMLBindingBaseTestCase { +public: + void setUp() { + m_fields.clear(); + SAMLBindingBaseTestCase::setUp(); + } + + void tearDown() { + m_fields.clear(); + SAMLBindingBaseTestCase::tearDown(); + } + + void testSAML1POSTTrusted() { + try { + // Read message to use from file. + string path = data_path + "saml1/binding/SAML1Response.xml"; + ifstream in(path.c_str()); + DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); + XercesJanitor janitor(doc); + auto_ptr toSend( + dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) + ); + janitor.release(); + + // Freshen timestamp. + toSend->setIssueInstant(time(NULL)); + + // Encode message. + auto_ptr encoder(SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAML1_POST_ENCODER, NULL)); + encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state",m_creds); + toSend.release(); + + // Decode message. + string relayState; + const RoleDescriptor* issuer=NULL; + bool trusted=false; + QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); + auto_ptr decoder(SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAML1_POST_DECODER, NULL)); + Locker locker(m_metadata); + auto_ptr response( + dynamic_cast( + decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust) + ) + ); + + // Test the results. + TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state"); + TSM_ASSERT("SAML Response not decoded successfully.", response.get()); + TSM_ASSERT("Message was not verified.", issuer && trusted); + auto_ptr_char entityID(dynamic_cast(issuer->getParent())->getEntityID()); + TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); + TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); + } + catch (XMLToolingException& ex) { + TS_TRACE(ex.what()); + throw; + } + } + + void testSAML1POSTUntrusted() { + try { + // Read message to use from file. + string path = data_path + "saml1/binding/SAML1Response.xml"; + ifstream in(path.c_str()); + DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); + XercesJanitor janitor(doc); + auto_ptr toSend( + dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) + ); + janitor.release(); + + // Freshen timestamp and clear ID. + toSend->setIssueInstant(time(NULL)); + toSend->setResponseID(NULL); + + // Encode message. + auto_ptr encoder(SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAML1_POST_ENCODER, NULL)); + encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state"); + toSend.release(); + + // Decode message. + string relayState; + const RoleDescriptor* issuer=NULL; + bool trusted=false; + QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); + auto_ptr decoder(SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAML1_POST_DECODER, NULL)); + Locker locker(m_metadata); + auto_ptr response( + dynamic_cast( + decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole) + ) + ); + + // Test the results. + TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state"); + TSM_ASSERT("SAML Response not decoded successfully.", response.get()); + TSM_ASSERT("Message was verified.", issuer && !trusted); + auto_ptr_char entityID(dynamic_cast(issuer->getParent())->getEntityID()); + TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); + TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); + + // Trigger a replay. + TSM_ASSERT_THROWS("Did not catch the replay.", + decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust), + BindingException); + } + catch (XMLToolingException& ex) { + TS_TRACE(ex.what()); + throw; + } + } + + const char* getMethod() const { + return "POST"; + } + + const char* getRequestURL() const { + return "https://sp.example.org/SAML/POST"; + } + + const char* getQueryString() const { + return NULL; + } +};