X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samltest%2Fsaml1%2Fbinding%2FSAML1ArtifactTest.h;h=d7ddf2c159a08da67f027bf30f22c79135d6ee04;hb=5d4b679f292a46494e822e9634f0ffa06f8f421c;hp=decc34f8477d62b797a394ab6afdf83f5996fd99;hpb=6ab457e2f63d1e0698d0ece6b171043f601b3677;p=shibboleth%2Fcpp-opensaml.git diff --git a/samltest/saml1/binding/SAML1ArtifactTest.h b/samltest/saml1/binding/SAML1ArtifactTest.h index decc34f..d7ddf2c 100644 --- a/samltest/saml1/binding/SAML1ArtifactTest.h +++ b/samltest/saml1/binding/SAML1ArtifactTest.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2005 Internet2 + * Copyright 2001-2007 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,69 +17,76 @@ #include "binding.h" #include +#include #include #include +#include using namespace opensaml::saml1p; using namespace opensaml::saml1; class SAML1ArtifactTest : public CxxTest::TestSuite, - public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver { + public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver { public: void setUp() { - m_fields.clear(); SAMLBindingBaseTestCase::setUp(); } void tearDown() { - m_fields.clear(); SAMLBindingBaseTestCase::tearDown(); } void testSAML1Artifact() { try { + QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); + SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust, false); + // Read message to use from file. string path = data_path + "saml1/binding/SAML1Assertion.xml"; ifstream in(path.c_str()); DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); XercesJanitor janitor(doc); - auto_ptr toSend( - dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) + auto_ptr toSend( + dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) ); janitor.release(); + CredentialCriteria cc; + cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + Locker clocker(m_creds); + const Credential* cred = m_creds->resolve(&cc); + TSM_ASSERT("Retrieved credential was null", cred!=NULL); + // Encode message. - auto_ptr encoder(SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAML1_ARTIFACT_ENCODER, NULL)); + auto_ptr encoder( + SAMLConfig::getConfig().MessageEncoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL) + ); encoder->setArtifactGenerator(this); - encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state",m_creds); + Locker locker(m_metadata); + encoder->encode( + *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",cred + ); toSend.release(); // Decode message. string relayState; - const RoleDescriptor* issuer=NULL; - bool trusted=false; - QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - auto_ptr decoder(SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAML1_ARTIFACT_DECODER, NULL)); - decoder->setArtifactResolver(this); - Locker locker(m_metadata); - auto_ptr response( - dynamic_cast( - decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust) - ) + auto_ptr decoder( + SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL) ); + decoder->setArtifactResolver(this); + auto_ptr response(dynamic_cast(decoder->decode(relayState,*this,policy))); // Test the results. TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", issuer && trusted); - auto_ptr_char entityID(dynamic_cast(issuer->getParent())->getEntityID()); + TSM_ASSERT("Message was not verified.", policy.isSecure()); + auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); // Trigger a replay. - TSM_ASSERT_THROWS("Did not catch the replay.", - decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust), - BindingException); + policy.reset(); + TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException); } catch (XMLToolingException& ex) { TS_TRACE(ex.what()); @@ -87,36 +94,23 @@ public: } } - const char* getMethod() const { - return "GET"; - } - - const char* getRequestURL() const { - return "https://sp.example.org/SAML/Artifact"; - } - - const char* getQueryString() const { - return NULL; - } - - SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const { + SAMLArtifact* generateSAML1Artifact(const EntityDescriptor* relyingParty) const { return new SAMLArtifactType0001(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/")); } - saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const { + saml2p::SAML2Artifact* generateSAML2Artifact(const EntityDescriptor* relyingParty) const { throw BindingException("Not implemented."); } Response* resolve( - bool& authenticated, const vector& artifacts, const IDPSSODescriptor& idpDescriptor, - const X509TrustEngine* trustEngine=NULL + SecurityPolicy& policy ) const { TSM_ASSERT_EQUALS("Too many artifacts.", artifacts.size(), 1); XMLObject* xmlObject = SAMLConfig::getConfig().getArtifactMap()->retrieveContent(artifacts.front(), "https://sp.example.org/"); - Assertion* assertion = dynamic_cast(xmlObject); + saml1::Assertion* assertion = dynamic_cast(xmlObject); TSM_ASSERT("Not an assertion.", assertion!=NULL); auto_ptr response(ResponseBuilder::buildResponse()); response->getAssertions().push_back(assertion); @@ -125,17 +119,23 @@ public: StatusCode* sc = StatusCodeBuilder::buildStatusCode(); status->setStatusCode(sc); sc->setValue(&StatusCode::SUCCESS); - response->marshall(); + response->setSignature(SignatureBuilder::buildSignature()); + vector sigs(1,response->getSignature()); + CredentialCriteria cc; + cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + Locker clocker(m_creds); + const Credential* cred = m_creds->resolve(&cc); + TSM_ASSERT("Retrieved credential was null", cred!=NULL); + response->marshall((DOMDocument*)NULL,&sigs,cred); SchemaValidators.validate(response.get()); - authenticated = true; + policy.evaluate(*(response.get()), this); return response.release(); } - XMLObject* resolve( - bool& authenticated, + saml2p::ArtifactResponse* resolve( const saml2p::SAML2Artifact& artifact, const SSODescriptorType& ssoDescriptor, - const X509TrustEngine* trustEngine=NULL + SecurityPolicy& policy ) const { throw BindingException("Not implemented."); }