X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samltest%2Fsaml1%2Fbinding%2FSAML1ArtifactTest.h;h=55b6bdf9e6e76e6220c4ee8a76cd0eefc5b7c417;hb=9424cbad0360d512935936e6410fca5e32eb29bc;hp=30f4dc9dc156f1b30eaa379839c7e3ccd2fe7390;hpb=caf2465dc6143bd473a648470aeb11b29038b18d;p=shibboleth%2Fcpp-opensaml.git

diff --git a/samltest/saml1/binding/SAML1ArtifactTest.h b/samltest/saml1/binding/SAML1ArtifactTest.h
index 30f4dc9..55b6bdf 100644
--- a/samltest/saml1/binding/SAML1ArtifactTest.h
+++ b/samltest/saml1/binding/SAML1ArtifactTest.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2005 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,18 +25,6 @@
 using namespace opensaml::saml1p;
 using namespace opensaml::saml1;
 
-namespace {
-    class SAML_DLLLOCAL _addcert : public binary_function<X509Data*,XSECCryptoX509*,void> {
-    public:
-        void operator()(X509Data* bag, XSECCryptoX509* cert) const {
-            safeBuffer& buf=cert->getDEREncodingSB();
-            X509Certificate* x=X509CertificateBuilder::buildX509Certificate();
-            x->setValue(buf.sbStrToXMLCh());
-            bag->getX509Certificates().push_back(x);
-        }
-    };
-};
-
 class SAML1ArtifactTest : public CxxTest::TestSuite,
         public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver {
 public:
@@ -51,44 +39,57 @@ public:
     void testSAML1Artifact() {
         try {
             QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
-            SecurityPolicy policy(m_rules, m_metadata, &idprole, m_trust);
+            SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
+            policy.getRules().assign(m_rules.begin(), m_rules.end());
 
             // Read message to use from file.
             string path = data_path + "saml1/binding/SAML1Assertion.xml";
             ifstream in(path.c_str());
             DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
             XercesJanitor<DOMDocument> janitor(doc);
-            auto_ptr<Assertion> toSend(
-                dynamic_cast<Assertion*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))
+            auto_ptr<saml1::Assertion> toSend(
+                dynamic_cast<saml1::Assertion*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))
                 );
             janitor.release();
 
+            CredentialCriteria cc;
+            cc.setUsage(Credential::SIGNING_CREDENTIAL);
+            Locker clocker(m_creds);
+            const Credential* cred = m_creds->resolve(&cc);
+            TSM_ASSERT("Retrieved credential was null", cred!=NULL);
+
             // Encode message.
             auto_ptr<MessageEncoder> encoder(
-                SAMLConfig::getConfig().MessageEncoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL)
+                SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
+                    samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, pair<const DOMElement*,const XMLCh*>(NULL,NULL)
+                    )
+                );
+            Locker locker(m_metadata);
+            encoder->encode(
+                *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",this,cred
                 );
-            encoder->setArtifactGenerator(this);
-            encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",m_creds);
             toSend.release();
             
             // Decode message.
             string relayState;
             auto_ptr<MessageDecoder> decoder(
-                SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL)
+                SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
+                    samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, pair<const DOMElement*,const XMLCh*>(NULL,NULL)
+                    )
                 );
             decoder->setArtifactResolver(this);
-            Locker locker(m_metadata);
             auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
             
             // Test the results.
             TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state");
             TSM_ASSERT("SAML Response not decoded successfully.", response.get());
-            TSM_ASSERT("Message was not verified.", policy.getIssuer()!=NULL);
+            TSM_ASSERT("Message was not verified.", policy.isAuthenticated());
             auto_ptr_char entityID(policy.getIssuer()->getName());
             TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
             TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
 
             // Trigger a replay.
+            policy.reset();
             TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException);
         }
         catch (XMLToolingException& ex) {
@@ -97,33 +98,14 @@ public:
         }
     }
 
-    SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const {
+    SAMLArtifact* generateSAML1Artifact(const EntityDescriptor* relyingParty) const {
         return new SAMLArtifactType0001(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/"));
     }
     
-    saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const {
+    saml2p::SAML2Artifact* generateSAML2Artifact(const EntityDescriptor* relyingParty) const {
         throw BindingException("Not implemented.");
     }
     
-    Signature* buildSignature(const CredentialResolver* credResolver) const
-    {
-        // Build a Signature.
-        Signature* sig = SignatureBuilder::buildSignature();
-        sig->setSigningKey(credResolver->getKey());
-
-        // Build KeyInfo.
-        const vector<XSECCryptoX509*>& certs = credResolver->getCertificates();
-        if (!certs.empty()) {
-            KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();
-            X509Data* x509Data=X509DataBuilder::buildX509Data();
-            keyInfo->getX509Datas().push_back(x509Data);
-            for_each(certs.begin(),certs.end(),bind1st(_addcert(),x509Data));
-            sig->setKeyInfo(keyInfo);
-        }
-        
-        return sig;
-    }
-
     Response* resolve(
         const vector<SAMLArtifact*>& artifacts,
         const IDPSSODescriptor& idpDescriptor,
@@ -132,7 +114,7 @@ public:
         TSM_ASSERT_EQUALS("Too many artifacts.", artifacts.size(), 1);
         XMLObject* xmlObject =
             SAMLConfig::getConfig().getArtifactMap()->retrieveContent(artifacts.front(), "https://sp.example.org/");
-        Assertion* assertion = dynamic_cast<Assertion*>(xmlObject);
+        saml1::Assertion* assertion = dynamic_cast<saml1::Assertion*>(xmlObject);
         TSM_ASSERT("Not an assertion.", assertion!=NULL);
         auto_ptr<Response> response(ResponseBuilder::buildResponse());
         response->getAssertions().push_back(assertion);
@@ -141,10 +123,16 @@ public:
         StatusCode* sc = StatusCodeBuilder::buildStatusCode();
         status->setStatusCode(sc);
         sc->setValue(&StatusCode::SUCCESS);
-        response->setSignature(buildSignature(m_creds));
+        response->setSignature(SignatureBuilder::buildSignature());
         vector<Signature*> sigs(1,response->getSignature());
-        response->marshall((DOMDocument*)NULL,&sigs);
+        CredentialCriteria cc;
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
+        Locker clocker(m_creds);
+        const Credential* cred = m_creds->resolve(&cc);
+        TSM_ASSERT("Retrieved credential was null", cred!=NULL);
+        response->marshall((DOMDocument*)NULL,&sigs,cred);
         SchemaValidators.validate(response.get());
+        policy.evaluate(*(response.get()), this);
         return response.release();
     }