X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samltest%2Fsaml2%2Fbinding%2FSAML2POSTTest.h;h=c2998df16f64b872b6b4e61878106c4b9a339ef3;hb=c2f3cb788f744ebb8d89b22e0676b68737abfa9f;hp=ada0f3e03fea23750ae9bc45e2af9a0bc86f03f2;hpb=84c0834e26fc15d19f01ab5267f8433c07ee8001;p=shibboleth%2Fopensaml2.git diff --git a/samltest/saml2/binding/SAML2POSTTest.h b/samltest/saml2/binding/SAML2POSTTest.h index ada0f3e..c2998df 100644 --- a/samltest/saml2/binding/SAML2POSTTest.h +++ b/samltest/saml2/binding/SAML2POSTTest.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2005 Internet2 + * Copyright 2001-2007 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -34,7 +34,7 @@ public: void testSAML2POST() { try { QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules, m_metadata, &idprole, m_trust); + SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false); // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; @@ -46,6 +46,12 @@ public: ); janitor.release(); + CredentialCriteria cc; + cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + Locker clocker(m_creds); + const Credential* cred = m_creds->resolve(&cc); + TSM_ASSERT("Retrieved credential was null", cred!=NULL); + // Freshen timestamp and ID. toSend->setIssueInstant(time(NULL)); toSend->setID(NULL); @@ -61,30 +67,35 @@ public: encoder_config->getDocumentElement()->setAttributeNS(NULL,lit2.get(),lit3.get()); auto_ptr encoder( SAMLConfig::getConfig().MessageEncoderManager.newPlugin( - samlconstants::SAML20_BINDING_HTTP_POST, encoder_config->getDocumentElement() + samlconstants::SAML20_BINDING_HTTP_POST, pair(encoder_config->getDocumentElement(), NULL) ) ); - encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",m_creds); + Locker locker(m_metadata); + encoder->encode( + *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",NULL,cred + ); toSend.release(); // Decode message. string relayState; auto_ptr decoder( - SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_POST, NULL) + SAMLConfig::getConfig().MessageDecoderManager.newPlugin( + samlconstants::SAML20_BINDING_HTTP_POST, pair(NULL,NULL) + ) ); - Locker locker(m_metadata); auto_ptr response(dynamic_cast(decoder->decode(relayState,*this,policy))); // Test the results. TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", policy.getIssuer()!=NULL); + TSM_ASSERT("Message was not verified.", policy.isSecure()); auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); // Trigger a replay. - TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException); + policy.reset(); + TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), SecurityPolicyException); } catch (XMLToolingException& ex) { TS_TRACE(ex.what()); @@ -95,7 +106,7 @@ public: void testSAML2POSTSimpleSign() { try { QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules, m_metadata, &idprole, m_trust); + SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false); // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; @@ -107,6 +118,12 @@ public: ); janitor.release(); + CredentialCriteria cc; + cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + Locker clocker(m_creds); + const Credential* cred = m_creds->resolve(&cc); + TSM_ASSERT("Retrieved credential was null", cred!=NULL); + // Freshen timestamp and ID. toSend->setIssueInstant(time(NULL)); toSend->setID(NULL); @@ -122,30 +139,35 @@ public: encoder_config->getDocumentElement()->setAttributeNS(NULL,lit2.get(),lit3.get()); auto_ptr encoder( SAMLConfig::getConfig().MessageEncoderManager.newPlugin( - samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, encoder_config->getDocumentElement() + samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, pair(encoder_config->getDocumentElement(),NULL) ) ); - encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/SSO","https://sp.example.org/","state",m_creds); + Locker locker(m_metadata); + encoder->encode( + *this,toSend.get(),"https://sp.example.org/SAML/SSO",m_metadata->getEntityDescriptor("https://sp.example.org/"),"state",NULL,cred + ); toSend.release(); // Decode message. string relayState; auto_ptr decoder( - SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, NULL) + SAMLConfig::getConfig().MessageDecoderManager.newPlugin( + samlconstants::SAML20_BINDING_HTTP_POST_SIMPLESIGN, pair(NULL,NULL) + ) ); - Locker locker(m_metadata); auto_ptr response(dynamic_cast(decoder->decode(relayState,*this,policy))); // Test the results. TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", policy.getIssuer()!=NULL); + TSM_ASSERT("Message was not verified.", policy.isSecure()); auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); // Trigger a replay. - TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException); + policy.reset(); + TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), SecurityPolicyException); } catch (XMLToolingException& ex) { TS_TRACE(ex.what());