Pass KeyResolver into PKIX layer.

[shibboleth/cpp-opensaml.git] / samltest / binding.h

/*\r
 *  Copyright 2001-2006 Internet2\r
 * \r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 *\r
 *     http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 */\r
\r
#include "internal.h"\r
\r
#include <saml/SAMLConfig.h>\r
#include <saml/binding/HTTPRequest.h>\r
#include <saml/binding/HTTPResponse.h>\r
#include <saml/binding/MessageDecoder.h>\r
#include <saml/binding/MessageEncoder.h>\r
#include <saml/binding/SecurityPolicyRule.h>\r
#include <saml/binding/URLEncoder.h>\r
#include <saml/saml2/metadata/Metadata.h>\r
#include <saml/saml2/metadata/MetadataProvider.h>\r
#include <xmltooling/security/TrustEngine.h>\r
\r
using namespace opensaml::saml2md;\r
using namespace xmlsignature;\r
\r
class SAMLBindingBaseTestCase : public HTTPRequest, public HTTPResponse\r
{\r
protected:\r
    CredentialResolver* m_creds; \r
    MetadataProvider* m_metadata;\r
    TrustEngine* m_trust;\r
    map<string,string> m_fields;\r
    map<string,string> m_headers;\r
    string m_method,m_url,m_query;\r
    vector<XSECCryptoX509*> m_clientCerts;\r
    vector<const SecurityPolicyRule*> m_rules1;\r
    vector<const SecurityPolicyRule*> m_rules2;\r
\r
public:\r
    void setUp() {\r
        m_creds=NULL;\r
        m_metadata=NULL;\r
        m_trust=NULL;\r
        m_fields.clear();\r
        m_headers.clear();\r
        m_method.erase();\r
        m_url.erase();\r
        m_query.erase();\r
\r
        try {\r
            string config = data_path + "binding/ExampleMetadataProvider.xml";\r
            ifstream in(config.c_str());\r
            DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
            XercesJanitor<DOMDocument> janitor(doc);\r
    \r
            auto_ptr_XMLCh path("path");\r
            string s = data_path + "binding/example-metadata.xml";\r
            auto_ptr_XMLCh file(s.c_str());\r
            doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());\r
    \r
            m_metadata = SAMLConfig::getConfig().MetadataProviderManager.newPlugin(\r
                FILESYSTEM_METADATA_PROVIDER,doc->getDocumentElement()\r
                );\r
            m_metadata->init();\r
\r
            config = data_path + "FilesystemCredentialResolver.xml";\r
            ifstream in2(config.c_str());\r
            DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);\r
            XercesJanitor<DOMDocument> janitor2(doc2);\r
            m_creds = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(\r
                FILESYSTEM_CREDENTIAL_RESOLVER,doc2->getDocumentElement()\r
                );\r
                \r
            m_trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, NULL);\r
\r
            m_rules1.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(SAML1MESSAGE_POLICY_RULE,NULL));\r
            m_rules1.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(MESSAGEFLOW_POLICY_RULE,NULL));\r
            m_rules1.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(SIMPLESIGNING_POLICY_RULE,NULL));\r
            m_rules1.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(XMLSIGNING_POLICY_RULE,NULL));\r
\r
            m_rules2.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(SAML2MESSAGE_POLICY_RULE,NULL));\r
            m_rules2.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(MESSAGEFLOW_POLICY_RULE,NULL));\r
            m_rules2.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(SIMPLESIGNING_POLICY_RULE,NULL));\r
            m_rules2.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(XMLSIGNING_POLICY_RULE,NULL));\r
        }\r
        catch (XMLToolingException& ex) {\r
            TS_TRACE(ex.what());\r
            tearDown();\r
            throw;\r
        }\r
\r
    }\r
    \r
    void tearDown() {\r
        for_each(m_rules1.begin(), m_rules1.end(), xmltooling::cleanup<SecurityPolicyRule>());\r
        m_rules1.clear();\r
        for_each(m_rules2.begin(), m_rules2.end(), xmltooling::cleanup<SecurityPolicyRule>());\r
        m_rules2.clear();\r
        delete m_creds;\r
        delete m_metadata;\r
        delete m_trust;\r
        m_creds=NULL;\r
        m_metadata=NULL;\r
        m_trust=NULL;\r
        m_fields.clear();\r
        m_headers.clear();\r
        m_method.erase();\r
        m_url.erase();\r
        m_query.erase();\r
    }\r
\r
    // HTTPRequest methods\r
\r
    const char* getMethod() const {\r
        return m_method.c_str();\r
    }\r
\r
    const char* getScheme() const {\r
        return "https";\r
    }\r
\r
    bool isSecure() const {\r
        return true;\r
    }\r
\r
    string getContentType() const {\r
        return "application/x-www-form-urlencoded";\r
    }\r
\r
    long getContentLength() const {\r
        return -1;\r
    }\r
\r
    const char* getRequestURL() const {\r
        return m_url.c_str();\r
    }\r
    \r
    const char* getRequestBody() const {\r
        return NULL;\r
    }\r
    \r
    const char* getQueryString() const {\r
        return m_query.c_str();\r
    }\r
    \r
    string getRemoteUser() const {\r
        return "";\r
    }\r
\r
    string getRemoteAddr() const {\r
        return "127.0.0.1";\r
    }\r
\r
    const std::vector<XSECCryptoX509*>& getClientCertificates() const {\r
        return m_clientCerts;\r
    }\r
\r
    string getHeader(const char* name) const {\r
        map<string,string>::const_iterator i=m_headers.find(name);\r
        return i==m_headers.end() ? "" : i->second;\r
    }\r
    \r
    const char* getParameter(const char* name) const {\r
        map<string,string>::const_iterator i=m_fields.find(name);\r
        return i==m_fields.end() ? NULL : i->second.c_str();\r
    }\r
\r
    vector<const char*>::size_type getParameters(const char* name, vector<const char*>& values) const {\r
        values.clear();\r
        map<string,string>::const_iterator i=m_fields.find(name);\r
        if (i!=m_fields.end())\r
            values.push_back(i->second.c_str());\r
        return values.size();\r
    }\r
    \r
    // HTTPResponse methods\r
    \r
    void setHeader(const char* name, const char* value) {\r
        m_headers[name] = value ? value : "";\r
    }\r
\r
    void setContentType(const char* type) {\r
        setHeader("Content-Type", type);\r
    }\r
    \r
    void setCookie(const char* name, const char* value) {\r
        m_headers["Set-Cookie"] = string(name) + "=" + (value ? value : "");\r
    }\r
    \r
    // The amount of error checking missing from this is incredible, but as long\r
    // as the test data isn't unexpected or malformed, it should work.\r
    \r
    long sendRedirect(const char* url) {\r
        m_method = "GET";\r
        char* dup = strdup(url);\r
        char* pch = strchr(dup,'?');\r
        if (pch) {\r
            *pch++=0;\r
            m_query = pch;\r
            char* name=pch;\r
            while (name && *name) {\r
                pch=strchr(pch,'=');\r
                *pch++=0;\r
                char* value=pch;\r
                pch=strchr(pch,'&');\r
                if (pch)\r
                    *pch++=0;\r
                SAMLConfig::getConfig().getURLEncoder()->decode(value);\r
                m_fields[name] = value;\r
                name = pch; \r
            }\r
        }\r
        m_url = dup;\r
        free(dup);\r
        return m_fields.size();\r
    }\r
    \r
    string html_decode(const string& s) const {\r
        string decoded;\r
        const char* ch=s.c_str();\r
        while (*ch) {\r
            if (*ch=='&') {\r
                if (!strncmp(ch,"&lt;",4)) {\r
                    decoded+='<'; ch+=4;\r
                }\r
                else if (!strncmp(ch,"&gt;",4)) {\r
                    decoded+='>'; ch+=4;\r
                }\r
                else if (!strncmp(ch,"&quot;",6)) {\r
                    decoded+='"'; ch+=6;\r
                }\r
                else if (*++ch=='#') {\r
                    decoded+=(char)atoi(++ch);\r
                    ch=strchr(ch,';')+1;\r
                }\r
            }\r
            else {\r
                decoded+=*ch++;\r
            }\r
        }\r
        return decoded;\r
    }\r
    \r
    long sendResponse(std::istream& inputStream) {\r
        return sendResponse(inputStream, HTTPResponse::SAML_HTTP_STATUS_OK);\r
    }\r
\r
    long sendError(std::istream& inputStream) {\r
        return sendResponse(inputStream, HTTPResponse::SAML_HTTP_STATUS_ERROR);\r
    }\r
\r
    long sendResponse(std::istream& inputStream, long status) {\r
        m_method="POST";\r
        string page,line;\r
        while (getline(inputStream,line))\r
            page += line + '\n';\r
            \r
        const char* pch=strstr(page.c_str(),"action=\"");\r
        pch+=strlen("action=\"");\r
        m_url = html_decode(page.substr(pch-page.c_str(),strchr(pch,'"')-pch));\r
\r
        while (pch=strstr(pch,"<input type=\"hidden\" name=\"")) {\r
            pch+=strlen("<input type=\"hidden\" name=\"");\r
            string name = page.substr(pch-page.c_str(),strchr(pch,'"')-pch);\r
            pch=strstr(pch,"value=\"");\r
            pch+=strlen("value=\"");\r
            m_fields[name] = html_decode(page.substr(pch-page.c_str(),strchr(pch,'"')-pch));\r
        }\r
        return m_fields.size();\r
    }\r
};\r