X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=samltest%2Fsignature%2FSAML1ResponseTest.h;h=f4a5bb1d055dcd5cdd6c7b86c5cea0655b2baa3d;hb=e9554c255ad3c91c7c4976e7a1a54905903e66a2;hp=e63856f18323ab48c1969b62e4fa91e6fab65b18;hpb=9bc387d0cb9ce0a9151d9c081fc9dd823bdd2094;p=shibboleth%2Fcpp-opensaml.git diff --git a/samltest/signature/SAML1ResponseTest.h b/samltest/signature/SAML1ResponseTest.h index e63856f..f4a5bb1 100644 --- a/samltest/signature/SAML1ResponseTest.h +++ b/samltest/signature/SAML1ResponseTest.h @@ -1,208 +1,131 @@ -/* - * Copyright 2001-2005 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "internal.h" -#include -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace opensaml::saml1; -using namespace xmlsignature; - -class TestValidator : public Validator -{ -public: - TestValidator() {} - virtual ~TestValidator() {} - - Validator* clone() const { - return new TestValidator(); - } - - void validate(const XMLObject* xmlObject) const { - DSIGSignature* sig=dynamic_cast(xmlObject)->getXMLSignature(); - if (!sig) - throw SignatureException("Only a marshalled Signature object can be verified."); - XSECKeyInfoResolverDefault resolver; - sig->setKeyInfoResolver(&resolver); // It will clone the resolver for us. - try { - if (!sig->verify()) - throw SignatureException("Signature did not verify."); - } - catch(XSECException& e) { - auto_ptr_char temp(e.getMsg()); - throw SignatureException(string("Caught an XMLSecurity exception verifying signature: ") + temp.get()); - } - catch(XSECCryptoException& e) { - throw SignatureException(string("Caught an XMLSecurity exception verifying signature: ") + e.getMsg()); - } - } -}; - -class _addcert : public std::binary_function { -public: - void operator()(X509Data* bag, XSECCryptoX509* cert) const { - safeBuffer& buf=cert->getDEREncodingSB(); - X509Certificate* x=X509CertificateBuilder::buildX509Certificate(); - x->setValue(buf.sbStrToXMLCh()); - bag->getX509Certificates().push_back(x); - } -}; - -class SAML1ResponseTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase { - XSECCryptoKey* m_key; - vector m_certs; -public: - void setUp() { - childElementsFile = data_path + "signature/SAML1Response.xml"; - SAMLObjectBaseTestCase::setUp(); - string keypath=data_path + "key.pem"; - BIO* in=BIO_new(BIO_s_file_internal()); - if (in && BIO_read_filename(in,keypath.c_str())>0) { - EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); - if (pkey) { - m_key=new OpenSSLCryptoKeyRSA(pkey); - EVP_PKEY_free(pkey); - } - } - if (in) BIO_free(in); - TS_ASSERT(m_key!=NULL); - - string certpath=data_path + "cert.pem"; - in=BIO_new(BIO_s_file_internal()); - if (in && BIO_read_filename(in,certpath.c_str())>0) { - X509* x=NULL; - while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) { - m_certs.push_back(new OpenSSLCryptoX509(x)); - X509_free(x); - } - } - if (in) BIO_free(in); - TS_ASSERT(m_certs.size()>0); - } - - void tearDown() { - SAMLObjectBaseTestCase::tearDown(); - delete m_key; - for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup()); - } - - void testSignature() { - auto_ptr_XMLCh issuer("issuer"); - auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z"); - auto_ptr_XMLCh aid("aident"); - auto_ptr_XMLCh rid("rident"); - auto_ptr_XMLCh method("method"); - auto_ptr_XMLCh nameid("John Doe"); - - NameIdentifier* n=NameIdentifierBuilder::buildNameIdentifier(); - n->setName(nameid.get()); - Subject* subject=SubjectBuilder::buildSubject(); - subject->setNameIdentifier(n); - - AuthenticationStatement* statement=AuthenticationStatementBuilder::buildAuthenticationStatement(); - statement->setAuthenticationInstant(issueInstant.get()); - statement->setAuthenticationMethod(method.get()); - statement->setSubject(subject); - - Assertion* assertion=AssertionBuilder::buildAssertion(); - assertion->setAssertionID(aid.get()); - assertion->setIssueInstant(issueInstant.get()); - assertion->setIssuer(issuer.get()); - assertion->getAuthenticationStatements().push_back(statement); - - // Append a Signature. - assertion->setSignature(SignatureBuilder::buildSignature()); - assertion->getSignature()->setSigningKey(m_key->clone()); - - // Build KeyInfo. - KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo(); - X509Data* x509Data=X509DataBuilder::buildX509Data(); - keyInfo->getX509Datas().push_back(x509Data); - for_each(m_certs.begin(),m_certs.end(),bind1st(_addcert(),x509Data)); - assertion->getSignature()->setKeyInfo(keyInfo); - - // Sign assertion while marshalling. - vector sigs(1,assertion->getSignature()); - DOMElement* rootElement = NULL; - try { - rootElement=assertion->marshall((DOMDocument*)NULL,&sigs); - } - catch (XMLToolingException& e) { - TS_TRACE(e.what()); - delete assertion; - throw; - } - - StatusCode* sc=StatusCodeBuilder::buildStatusCode(); - sc->setValue(&StatusCode::SUCCESS); - Status* status=StatusBuilder::buildStatus(); - status->setStatusCode(sc); - - auto_ptr response(ResponseBuilder::buildResponse()); - response->setResponseID(rid.get()); - response->setIssueInstant(issueInstant.get()); - response->setStatus(status); - response->getAssertions().push_back(assertion); - response->setSignature(SignatureBuilder::buildSignature()); - response->getSignature()->setSigningKey(m_key->clone()); - response->getSignature()->setKeyInfo(keyInfo->cloneKeyInfo()); - - // Sign response while marshalling. - sigs.clear(); - sigs.push_back(response->getSignature()); - rootElement = NULL; - try { - rootElement=response->marshall((DOMDocument*)NULL,&sigs); - } - catch (XMLToolingException& e) { - TS_TRACE(e.what()); - throw; - } - - string buf; - XMLHelper::serialize(rootElement, buf); - istringstream in(buf); - DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); - const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement()); - - assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc)); - - try { - assertion->getSignature()->registerValidator(new SignatureProfileValidator()); - assertion->getSignature()->registerValidator(new TestValidator()); - assertion->getSignature()->validate(true); - response->getSignature()->registerValidator(new SignatureProfileValidator()); - response->getSignature()->registerValidator(new TestValidator()); - response->getSignature()->validate(true); - } - catch (XMLToolingException& e) { - TS_TRACE(e.what()); - throw; - } - } - -}; +/* + * Copyright 2001-2010 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "signature/SAMLSignatureTestBase.h" + +#include +#include + +#include + +using namespace opensaml::saml1p; +using namespace opensaml::saml1; + +class SAML1ResponseTest : public CxxTest::TestSuite, public SAMLSignatureTestBase { +public: + void setUp() { + childElementsFile = data_path + "signature/SAML1Response.xml"; + SAMLSignatureTestBase::setUp(); + } + + void tearDown() { + SAMLSignatureTestBase::tearDown(); + } + + void testSignature() { + auto_ptr_XMLCh issuer("issuer"); + auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z"); + auto_ptr_XMLCh aid("aident"); + auto_ptr_XMLCh rid("rident"); + auto_ptr_XMLCh method("method"); + auto_ptr_XMLCh nameid("John Doe"); + + NameIdentifier* n=NameIdentifierBuilder::buildNameIdentifier(); + n->setName(nameid.get()); + Subject* subject=SubjectBuilder::buildSubject(); + subject->setNameIdentifier(n); + + AuthenticationStatement* statement=AuthenticationStatementBuilder::buildAuthenticationStatement(); + statement->setAuthenticationInstant(issueInstant.get()); + statement->setAuthenticationMethod(method.get()); + statement->setSubject(subject); + + Assertion* assertion=AssertionBuilder::buildAssertion(); + assertion->setAssertionID(aid.get()); + assertion->setIssueInstant(issueInstant.get()); + assertion->setIssuer(issuer.get()); + assertion->getAuthenticationStatements().push_back(statement); + + // Append a Signature. + assertion->setSignature(SignatureBuilder::buildSignature()); + + // Sign assertion while marshalling. + vector sigs(1,assertion->getSignature()); + CredentialCriteria cc; + cc.setUsage(Credential::SIGNING_CREDENTIAL); + Locker locker(m_resolver); + const Credential* cred = m_resolver->resolve(&cc); + TSM_ASSERT("Retrieved credential was null", cred!=nullptr); + + DOMElement* rootElement = nullptr; + try { + rootElement=assertion->marshall((DOMDocument*)nullptr,&sigs,cred); + } + catch (XMLToolingException& e) { + TS_TRACE(e.what()); + delete assertion; + throw; + } + + StatusCode* sc=StatusCodeBuilder::buildStatusCode(); + sc->setValue(&StatusCode::SUCCESS); + Status* status=StatusBuilder::buildStatus(); + status->setStatusCode(sc); + + auto_ptr response(ResponseBuilder::buildResponse()); + response->setResponseID(rid.get()); + response->setIssueInstant(issueInstant.get()); + response->setStatus(status); + response->getAssertions().push_back(assertion); + response->setSignature(SignatureBuilder::buildSignature()); + + // Sign response while marshalling. + sigs.clear(); + sigs.push_back(response->getSignature()); + rootElement = nullptr; + try { + rootElement=response->marshall((DOMDocument*)nullptr,&sigs,cred); + } + catch (XMLToolingException& e) { + TS_TRACE(e.what()); + throw; + } + + string buf; + XMLHelper::serialize(rootElement, buf); + istringstream in(buf); + DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); + const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement()); + + auto_ptr response2(b->buildFromDocument(doc)); + assertEquals("Unmarshalled response does not match", expectedChildElementsDOM, response2.get(), false); + + try { + opensaml::SignatureProfileValidator spv; + spv.validate(dynamic_cast(response2.get())->getAssertions().front()->getSignature()); + spv.validate(dynamic_cast(response2.get())->getSignature()); + + SignatureValidator sv(cred); + sv.validate(dynamic_cast(response2.get())->getAssertions().front()->getSignature()); + sv.validate(dynamic_cast(response2.get())->getSignature()); + } + catch (XMLToolingException& e) { + TS_TRACE(e.what()); + throw; + } + } + +};