X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samltest%2Fsaml1%2Fbinding%2FSAML1ArtifactTest.h;h=245f0e0b4cafd9d72795892844d4d1dc68cffa5a;hb=932cfaae2176c2eba1a9938dc420591a9551a7f3;hp=decc34f8477d62b797a394ab6afdf83f5996fd99;hpb=6ab457e2f63d1e0698d0ece6b171043f601b3677;p=shibboleth%2Fcpp-opensaml.git

diff --git a/samltest/saml1/binding/SAML1ArtifactTest.h b/samltest/saml1/binding/SAML1ArtifactTest.h
index decc34f..245f0e0 100644
--- a/samltest/saml1/binding/SAML1ArtifactTest.h
+++ b/samltest/saml1/binding/SAML1ArtifactTest.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2005 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,27 +17,42 @@
 #include "binding.h"
 
 #include <saml/binding/ArtifactMap.h>
+#include <saml/saml1/core/Assertions.h>
 #include <saml/saml1/core/Protocols.h>
 #include <saml/saml1/binding/SAMLArtifactType0001.h>
+#include <xmltooling/validation/ValidatorSuite.h>
 
 using namespace opensaml::saml1p;
 using namespace opensaml::saml1;
 
+namespace {
+    class SAML_DLLLOCAL _addcert : public binary_function<X509Data*,XSECCryptoX509*,void> {
+    public:
+        void operator()(X509Data* bag, XSECCryptoX509* cert) const {
+            safeBuffer& buf=cert->getDEREncodingSB();
+            X509Certificate* x=X509CertificateBuilder::buildX509Certificate();
+            x->setValue(buf.sbStrToXMLCh());
+            bag->getX509Certificates().push_back(x);
+        }
+    };
+};
+
 class SAML1ArtifactTest : public CxxTest::TestSuite,
-    public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver {
+        public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver {
 public:
     void setUp() {
-        m_fields.clear();
         SAMLBindingBaseTestCase::setUp();
     }
 
     void tearDown() {
-        m_fields.clear();
         SAMLBindingBaseTestCase::tearDown();
     }
 
     void testSAML1Artifact() {
         try {
+            QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
+            SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust);
+
             // Read message to use from file.
             string path = data_path + "saml1/binding/SAML1Assertion.xml";
             ifstream in(path.c_str());
@@ -49,37 +64,33 @@ public:
             janitor.release();
 
             // Encode message.
-            auto_ptr<MessageEncoder> encoder(SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAML1_ARTIFACT_ENCODER, NULL));
+            auto_ptr<MessageEncoder> encoder(
+                SAMLConfig::getConfig().MessageEncoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL)
+                );
             encoder->setArtifactGenerator(this);
-            encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state",m_creds);
+            encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",m_creds);
             toSend.release();
             
             // Decode message.
             string relayState;
-            const RoleDescriptor* issuer=NULL;
-            bool trusted=false;
-            QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
-            auto_ptr<MessageDecoder> decoder(SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAML1_ARTIFACT_DECODER, NULL));
+            auto_ptr<MessageDecoder> decoder(
+                SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL)
+                );
             decoder->setArtifactResolver(this);
             Locker locker(m_metadata);
-            auto_ptr<Response> response(
-                dynamic_cast<Response*>(
-                    decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust)
-                    )
-                );
+            auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
             
             // Test the results.
             TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state");
             TSM_ASSERT("SAML Response not decoded successfully.", response.get());
-            TSM_ASSERT("Message was not verified.", issuer && trusted);
-            auto_ptr_char entityID(dynamic_cast<const EntityDescriptor*>(issuer->getParent())->getEntityID());
+            TSM_ASSERT("Message was not verified.", policy.isSecure());
+            auto_ptr_char entityID(policy.getIssuer()->getName());
             TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
             TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
 
             // Trigger a replay.
-            TSM_ASSERT_THROWS("Did not catch the replay.", 
-                decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust),
-                BindingException);
+            policy.reset();
+            TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException);
         }
         catch (XMLToolingException& ex) {
             TS_TRACE(ex.what());
@@ -87,18 +98,6 @@ public:
         }
     }
 
-    const char* getMethod() const {
-        return "GET";
-    } 
-
-    const char* getRequestURL() const {
-        return "https://sp.example.org/SAML/Artifact";
-    }
-    
-    const char* getQueryString() const {
-        return NULL;
-    }
-    
     SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const {
         return new SAMLArtifactType0001(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/"));
     }
@@ -107,11 +106,29 @@ public:
         throw BindingException("Not implemented.");
     }
     
+    Signature* buildSignature(const CredentialResolver* credResolver) const
+    {
+        // Build a Signature.
+        Signature* sig = SignatureBuilder::buildSignature();
+        sig->setSigningKey(credResolver->getKey());
+
+        // Build KeyInfo.
+        const vector<XSECCryptoX509*>& certs = credResolver->getCertificates();
+        if (!certs.empty()) {
+            KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();
+            X509Data* x509Data=X509DataBuilder::buildX509Data();
+            keyInfo->getX509Datas().push_back(x509Data);
+            for_each(certs.begin(),certs.end(),bind1st(_addcert(),x509Data));
+            sig->setKeyInfo(keyInfo);
+        }
+        
+        return sig;
+    }
+
     Response* resolve(
-        bool& authenticated,
         const vector<SAMLArtifact*>& artifacts,
         const IDPSSODescriptor& idpDescriptor,
-        const X509TrustEngine* trustEngine=NULL
+        SecurityPolicy& policy
         ) const {
         TSM_ASSERT_EQUALS("Too many artifacts.", artifacts.size(), 1);
         XMLObject* xmlObject =
@@ -125,17 +142,18 @@ public:
         StatusCode* sc = StatusCodeBuilder::buildStatusCode();
         status->setStatusCode(sc);
         sc->setValue(&StatusCode::SUCCESS);
-        response->marshall();
+        response->setSignature(buildSignature(m_creds));
+        vector<Signature*> sigs(1,response->getSignature());
+        response->marshall((DOMDocument*)NULL,&sigs);
         SchemaValidators.validate(response.get());
-        authenticated = true;
+        policy.evaluate(*(response.get()), this);
         return response.release();
     }
 
-    XMLObject* resolve(
-        bool& authenticated,
+    saml2p::ArtifactResponse* resolve(
         const saml2p::SAML2Artifact& artifact,
         const SSODescriptorType& ssoDescriptor,
-        const X509TrustEngine* trustEngine=NULL
+        SecurityPolicy& policy
         ) const {
         throw BindingException("Not implemented.");
     }