X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samltest%2Fsaml2%2Fbinding%2FSAML2POSTTest.h;h=4737679fb3019296d893edc31d69ef7b82c6dc1e;hb=6b5c75d27994ca1f9d450a81576a1bde4873edf3;hp=77cd153c076e6e007a679c243719794bd0f26d7d;hpb=b66d32ed939fcf6db7bc52c8626b6ac06a2e97f9;p=shibboleth%2Fcpp-opensaml.git diff --git a/samltest/saml2/binding/SAML2POSTTest.h b/samltest/saml2/binding/SAML2POSTTest.h index 77cd153..4737679 100644 --- a/samltest/saml2/binding/SAML2POSTTest.h +++ b/samltest/saml2/binding/SAML2POSTTest.h @@ -24,17 +24,18 @@ using namespace opensaml::saml2; class SAML2POSTTest : public CxxTest::TestSuite, public SAMLBindingBaseTestCase { public: void setUp() { - m_fields.clear(); SAMLBindingBaseTestCase::setUp(); } void tearDown() { - m_fields.clear(); SAMLBindingBaseTestCase::tearDown(); } - void testSAML2POSTTrusted() { + void testSAML2POST() { try { + QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); + SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust); + // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; ifstream in(path.c_str()); @@ -45,38 +46,46 @@ public: ); janitor.release(); - // Freshen timestamp. + // Freshen timestamp and ID. toSend->setIssueInstant(time(NULL)); + toSend->setID(NULL); // Encode message. + auto_ptr_XMLCh lit1("MessageEncoder"); + auto_ptr_XMLCh lit2("template"); + path = data_path + "binding/template.html"; + auto_ptr_XMLCh lit3(path.c_str()); + DOMDocument* encoder_config = XMLToolingConfig::getConfig().getParser().newDocument(); + XercesJanitor janitor2(encoder_config); + encoder_config->appendChild(encoder_config->createElementNS(NULL,lit1.get())); + encoder_config->getDocumentElement()->setAttributeNS(NULL,lit2.get(),lit3.get()); auto_ptr encoder( - SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAMLConstants::SAML20_BINDING_HTTP_POST, NULL) + SAMLConfig::getConfig().MessageEncoderManager.newPlugin( + samlconstants::SAML20_BINDING_HTTP_POST, encoder_config->getDocumentElement() + ) ); - encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state",m_creds); + encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",m_creds); toSend.release(); // Decode message. string relayState; - const RoleDescriptor* issuer=NULL; - bool trusted=false; - QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); auto_ptr decoder( - SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAMLConstants::SAML20_BINDING_HTTP_POST, NULL) + SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_POST, NULL) ); Locker locker(m_metadata); - auto_ptr response( - dynamic_cast( - decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust) - ) - ); + auto_ptr response(dynamic_cast(decoder->decode(relayState,*this,policy))); // Test the results. TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", issuer && trusted); - auto_ptr_char entityID(dynamic_cast(issuer->getParent())->getEntityID()); + TSM_ASSERT("Message was not verified.", policy.isSecure()); + auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); + + // Trigger a replay. + policy.reset(); + TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException); } catch (XMLToolingException& ex) { TS_TRACE(ex.what()); @@ -84,8 +93,11 @@ public: } } - void testSAML2POSTUntrusted() { + void testSAML2POSTSimpleSign() { try { + QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); + SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust); + // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; ifstream in(path.c_str()); @@ -96,60 +108,50 @@ public: ); janitor.release(); - // Freshen timestamp and clear ID. + // Freshen timestamp and ID. toSend->setIssueInstant(time(NULL)); toSend->setID(NULL); // Encode message. + auto_ptr_XMLCh lit1("MessageEncoder"); + auto_ptr_XMLCh lit2("template"); + path = data_path + "binding/template.html"; + auto_ptr_XMLCh lit3(path.c_str()); + DOMDocument* encoder_config = XMLToolingConfig::getConfig().getParser().newDocument(); + XercesJanitor janitor2(encoder_config); + encoder_config->appendChild(encoder_config->createElementNS(NULL,lit1.get())); + encoder_config->getDocumentElement()->setAttributeNS(NULL,lit2.get(),lit3.get()); auto_ptr encoder( - SAMLConfig::getConfig().MessageEncoderManager.newPlugin(SAMLConstants::SAML20_BINDING_HTTP_POST, NULL) + SAMLConfig::getConfig().MessageEncoderManager.newPlugin( + samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, encoder_config->getDocumentElement() + ) ); - encoder->encode(m_fields,toSend.get(),"https://sp.example.org/","state"); + encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",m_creds); toSend.release(); // Decode message. string relayState; - const RoleDescriptor* issuer=NULL; - bool trusted=false; - QName idprole(SAMLConstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); auto_ptr decoder( - SAMLConfig::getConfig().MessageDecoderManager.newPlugin(SAMLConstants::SAML20_BINDING_HTTP_POST, NULL) + SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, NULL) ); Locker locker(m_metadata); - auto_ptr response( - dynamic_cast( - decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole) - ) - ); + auto_ptr response(dynamic_cast(decoder->decode(relayState,*this,policy))); // Test the results. TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was verified.", issuer && !trusted); - auto_ptr_char entityID(dynamic_cast(issuer->getParent())->getEntityID()); + TSM_ASSERT("Message was not verified.", policy.isSecure()); + auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); // Trigger a replay. - TSM_ASSERT_THROWS("Did not catch the replay.", - decoder->decode(relayState,issuer,trusted,*this,m_metadata,&idprole,m_trust), - BindingException); + policy.reset(); + TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException); } catch (XMLToolingException& ex) { TS_TRACE(ex.what()); throw; } } - - const char* getMethod() const { - return "POST"; - } - - const char* getRequestURL() const { - return "https://sp.example.org/SAML/POST"; - } - - const char* getQueryString() const { - return NULL; - } };