samltest/encryption/EncryptedAssertionTest.h

   1 /*
   2  *  Copyright 2001-2007 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include "signature/SAMLSignatureTestBase.h"
  18
  19 #include <fstream>
  20 #include <sstream>
  21 #include <saml/SAMLConfig.h>
  22 #include <saml/saml2/core/Assertions.h>
  23 #include <saml/saml2/metadata/Metadata.h>
  24 #include <saml/saml2/metadata/MetadataProvider.h>
  25 #include <saml/saml2/metadata/MetadataCredentialContext.h>
  26 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
  27
  28 using namespace opensaml::saml2md;
  29 using namespace opensaml::saml2;
  30
  31 class EncryptedAssertionTest : public CxxTest::TestSuite, public SAMLSignatureTestBase {
  32     MetadataProvider* m_metadata;
  33 public:
  34     void setUp() {
  35         childElementsFile  = data_path + "signature/SAML2Assertion.xml";
  36         SAMLSignatureTestBase::setUp();
  37
  38         string config = data_path + "binding/ExampleMetadataProvider.xml";
  39         ifstream in(config.c_str());
  40         DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
  41         XercesJanitor<DOMDocument> janitor(doc);
  42
  43         auto_ptr_XMLCh path("path");
  44         string s = data_path + "binding/example-metadata.xml";
  45         auto_ptr_XMLCh file(s.c_str());
  46         doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());
  47
  48         m_metadata = opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(
  49             XML_METADATA_PROVIDER,doc->getDocumentElement()
  50             );
  51         m_metadata->init();
  52     }
  53
  54     void tearDown() {
  55         delete m_metadata;
  56         m_metadata=NULL;
  57         SAMLSignatureTestBase::tearDown();
  58     }
  59
  60     void testEncryptedAssertion() {
  61         auto_ptr_XMLCh issuer("issuer");
  62         auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z");
  63         auto_ptr_XMLCh id("ident");
  64         auto_ptr_XMLCh method("method");
  65         auto_ptr_XMLCh nameid("John Doe");
  66
  67         Issuer* is=IssuerBuilder::buildIssuer();
  68         is->setName(issuer.get());
  69
  70         NameID* n=NameIDBuilder::buildNameID();
  71         n->setName(nameid.get());
  72         Subject* subject=SubjectBuilder::buildSubject();
  73         subject->setNameID(n);
  74
  75         AuthnStatement* statement=AuthnStatementBuilder::buildAuthnStatement();
  76         statement->setAuthnInstant(issueInstant.get());
  77
  78         AuthnContext* ac=AuthnContextBuilder::buildAuthnContext();
  79         AuthnContextClassRef* acc=AuthnContextClassRefBuilder::buildAuthnContextClassRef();
  80         acc->setReference(method.get());
  81         ac->setAuthnContextClassRef(acc);
  82         statement->setAuthnContext(ac);
  83
  84         auto_ptr<Assertion> assertion(AssertionBuilder::buildAssertion());
  85         assertion->setID(id.get());
  86         assertion->setIssueInstant(issueInstant.get());
  87         assertion->setIssuer(is);
  88         assertion->setSubject(subject);
  89         assertion->getAuthnStatements().push_back(statement);
  90
  91         // Append a Signature.
  92         Signature* sig=SignatureBuilder::buildSignature();
  93         assertion->setSignature(sig);
  94
  95         // Sign while marshalling.
  96         vector<Signature*> sigs(1,sig);
  97         CredentialCriteria cc;
  98         cc.setUsage(Credential::SIGNING_CREDENTIAL);
  99         Locker locker(m_resolver);
 100         const Credential* cred = m_resolver->resolve(&cc);
 101         TSM_ASSERT("Retrieved credential was null", cred!=NULL);
 102
 103         DOMElement* rootElement = NULL;
 104         try {
 105             rootElement=assertion->marshall((DOMDocument*)NULL,&sigs,cred);
 106         }
 107         catch (XMLToolingException& e) {
 108             TS_TRACE(e.what());
 109             throw;
 110         }
 111
 112         // Now encrypt this puppy to the SP role in the example metadata.
 113         auto_ptr<EncryptedAssertion> encrypted(EncryptedAssertionBuilder::buildEncryptedAssertion());
 114         Locker mlocker(m_metadata);
 115         const EntityDescriptor* sp = m_metadata->getEntityDescriptor("https://sp.example.org/");
 116         TSM_ASSERT("No metadata for recipient.", sp!=NULL);
 117         const SPSSODescriptor* sprole =  sp->getSPSSODescriptor(samlconstants::SAML20P_NS);
 118         TSM_ASSERT("No SP role for recipient.", sprole!=NULL);
 119         MetadataCredentialCriteria mcc(*sprole);
 120         vector< pair<const MetadataProvider*,MetadataCredentialCriteria*> > recipients(
 121             1, pair<const MetadataProvider*,MetadataCredentialCriteria*>(m_metadata, &mcc)
 122             );
 123         encrypted->encrypt(*assertion.get(), recipients);
 124
 125         // Roundtrip it.
 126         string buf;
 127         XMLHelper::serialize(encrypted->marshall(), buf);
 128         //TS_TRACE(buf.c_str());
 129         istringstream in(buf);
 130         DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
 131         const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
 132
 133         // Unpack, then decypt with our key.
 134         auto_ptr<EncryptedAssertion> encrypted2(dynamic_cast<EncryptedAssertion*>(b->buildFromDocument(doc)));
 135         auto_ptr<Assertion> assertion2(dynamic_cast<Assertion*>(encrypted2->decrypt(*m_resolver, sp->getEntityID())));
 136         assertEquals("Unmarshalled assertion does not match", expectedChildElementsDOM, assertion2.get(), false);
 137
 138         // And check the signature.
 139         try {
 140             opensaml::SignatureProfileValidator spv;
 141             SignatureValidator sv(cred);
 142             spv.validate(dynamic_cast<Assertion*>(assertion2.get())->getSignature());
 143             sv.validate(dynamic_cast<Assertion*>(assertion2.get())->getSignature());
 144         }
 145         catch (XMLToolingException& e) {
 146             TS_TRACE(e.what());
 147             throw;
 148         }
 149     }
 150
 151 };