X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samltest%2Fsaml2%2Fbinding%2FSAML2POSTTest.h;h=24d7bc553433bb9bfeca288a97ce95db479b083c;hb=04482c5c0e5fac5b688b0d23713526a15c51bd31;hp=3f23b184a621d32d89d3dd79e282593ea15cd651;hpb=caf2465dc6143bd473a648470aeb11b29038b18d;p=shibboleth%2Fcpp-opensaml.git diff --git a/samltest/saml2/binding/SAML2POSTTest.h b/samltest/saml2/binding/SAML2POSTTest.h index 3f23b18..24d7bc5 100644 --- a/samltest/saml2/binding/SAML2POSTTest.h +++ b/samltest/saml2/binding/SAML2POSTTest.h @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2005 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * http://www.apache.org/licenses/LICENSE-2.0 + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ #include "binding.h" @@ -33,8 +37,9 @@ public: void testSAML2POST() { try { - QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules, m_metadata, &idprole, m_trust); + xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); + SecurityPolicy policy(m_metadata, &idprole, m_trust, false); + policy.getRules().assign(m_rules.begin(), m_rules.end()); // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; @@ -46,9 +51,15 @@ public: ); janitor.release(); + CredentialCriteria cc; + cc.setUsage(Credential::SIGNING_CREDENTIAL); + Locker clocker(m_creds); + const Credential* cred = m_creds->resolve(&cc); + TSM_ASSERT("Retrieved credential was null", cred!=nullptr); + // Freshen timestamp and ID. - toSend->setIssueInstant(time(NULL)); - toSend->setID(NULL); + toSend->setIssueInstant(time(nullptr)); + toSend->setID(nullptr); // Encode message. auto_ptr_XMLCh lit1("MessageEncoder"); @@ -57,34 +68,124 @@ public: auto_ptr_XMLCh lit3(path.c_str()); DOMDocument* encoder_config = XMLToolingConfig::getConfig().getParser().newDocument(); XercesJanitor janitor2(encoder_config); - encoder_config->appendChild(encoder_config->createElementNS(NULL,lit1.get())); - encoder_config->getDocumentElement()->setAttributeNS(NULL,lit2.get(),lit3.get()); + encoder_config->appendChild(encoder_config->createElementNS(nullptr,lit1.get())); + encoder_config->getDocumentElement()->setAttributeNS(nullptr,lit2.get(),lit3.get()); auto_ptr encoder( SAMLConfig::getConfig().MessageEncoderManager.newPlugin( - samlconstants::SAML20_BINDING_HTTP_POST, encoder_config->getDocumentElement() + samlconstants::SAML20_BINDING_HTTP_POST, pair(encoder_config->getDocumentElement(), nullptr) ) ); - encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",m_creds); + Locker locker(m_metadata); + encoder->encode( + *this, + toSend.get(), + "https://sp.example.org/SAML/SSO", + m_metadata->getEntityDescriptor(MetadataProvider::Criteria("https://sp.example.org/")).first, + "state", + nullptr, + cred + ); toSend.release(); // Decode message. string relayState; auto_ptr decoder( - SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_POST, NULL) + SAMLConfig::getConfig().MessageDecoderManager.newPlugin( + samlconstants::SAML20_BINDING_HTTP_POST, pair(nullptr,nullptr) + ) + ); + auto_ptr response(dynamic_cast(decoder->decode(relayState,*this,policy))); + + // Test the results. + TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); + TSM_ASSERT("SAML Response not decoded successfully.", response.get()); + TSM_ASSERT("Message was not verified.", policy.isAuthenticated()); + auto_ptr_char entityID(policy.getIssuer()->getName()); + TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); + TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); + + // Trigger a replay. + policy.reset(); + TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), SecurityPolicyException); + } + catch (XMLToolingException& ex) { + TS_TRACE(ex.what()); + throw; + } + } + + void testSAML2POSTSimpleSign() { + try { + xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); + SecurityPolicy policy(m_metadata, &idprole, m_trust, false); + policy.getRules().assign(m_rules.begin(), m_rules.end()); + + // Read message to use from file. + string path = data_path + "saml2/binding/SAML2Response.xml"; + ifstream in(path.c_str()); + DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); + XercesJanitor janitor(doc); + auto_ptr toSend( + dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) + ); + janitor.release(); + + CredentialCriteria cc; + cc.setUsage(Credential::SIGNING_CREDENTIAL); + Locker clocker(m_creds); + const Credential* cred = m_creds->resolve(&cc); + TSM_ASSERT("Retrieved credential was null", cred!=nullptr); + + // Freshen timestamp and ID. + toSend->setIssueInstant(time(nullptr)); + toSend->setID(nullptr); + + // Encode message. + auto_ptr_XMLCh lit1("MessageEncoder"); + auto_ptr_XMLCh lit2("template"); + path = data_path + "binding/template.html"; + auto_ptr_XMLCh lit3(path.c_str()); + DOMDocument* encoder_config = XMLToolingConfig::getConfig().getParser().newDocument(); + XercesJanitor janitor2(encoder_config); + encoder_config->appendChild(encoder_config->createElementNS(nullptr,lit1.get())); + encoder_config->getDocumentElement()->setAttributeNS(nullptr,lit2.get(),lit3.get()); + auto_ptr encoder( + SAMLConfig::getConfig().MessageEncoderManager.newPlugin( + samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, pair(encoder_config->getDocumentElement(),nullptr) + ) ); Locker locker(m_metadata); + encoder->encode( + *this, + toSend.get(), + "https://sp.example.org/SAML/SSO", + m_metadata->getEntityDescriptor(MetadataProvider::Criteria("https://sp.example.org/")).first, + "state", + nullptr, + cred + ); + toSend.release(); + + // Decode message. + string relayState; + auto_ptr decoder( + SAMLConfig::getConfig().MessageDecoderManager.newPlugin( + samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, pair(nullptr,nullptr) + ) + ); auto_ptr response(dynamic_cast(decoder->decode(relayState,*this,policy))); // Test the results. TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", policy.getIssuer()!=NULL); + TSM_ASSERT("Message was not verified.", policy.isAuthenticated()); auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); // Trigger a replay. - TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException); + policy.reset(); + TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), SecurityPolicyException); } catch (XMLToolingException& ex) { TS_TRACE(ex.what());