samltest/encryption/EncryptedAssertionTest.h

   1 /*
   2  *  Copyright 2001-2009 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include "signature/SAMLSignatureTestBase.h"
  18
  19 #include <fstream>
  20 #include <sstream>
  21 #include <saml/SAMLConfig.h>
  22 #include <saml/saml2/core/Assertions.h>
  23 #include <saml/saml2/metadata/Metadata.h>
  24 #include <saml/saml2/metadata/MetadataProvider.h>
  25 #include <saml/saml2/metadata/MetadataCredentialContext.h>
  26 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
  27 #include <xmltooling/security/Credential.h>
  28
  29 using namespace opensaml::saml2md;
  30 using namespace opensaml::saml2;
  31
  32 class EncryptedAssertionTest : public CxxTest::TestSuite, public SAMLSignatureTestBase {
  33     MetadataProvider* m_metadata;
  34 public:
  35     void setUp() {
  36         childElementsFile  = data_path + "signature/SAML2Assertion.xml";
  37         SAMLSignatureTestBase::setUp();
  38
  39         string config = data_path + "binding/ExampleMetadataProvider.xml";
  40         ifstream in(config.c_str());
  41         DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
  42         XercesJanitor<DOMDocument> janitor(doc);
  43
  44         auto_ptr_XMLCh path("path");
  45         string s = data_path + "binding/example-metadata.xml";
  46         auto_ptr_XMLCh file(s.c_str());
  47         doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());
  48
  49         m_metadata = opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(
  50             XML_METADATA_PROVIDER,doc->getDocumentElement()
  51             );
  52         m_metadata->init();
  53     }
  54
  55     void tearDown() {
  56         delete m_metadata;
  57         m_metadata=NULL;
  58         SAMLSignatureTestBase::tearDown();
  59     }
  60
  61     void testEncryptedAssertion() {
  62         auto_ptr_XMLCh issuer("issuer");
  63         auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z");
  64         auto_ptr_XMLCh id("ident");
  65         auto_ptr_XMLCh method("method");
  66         auto_ptr_XMLCh nameid("John Doe");
  67
  68         Issuer* is=IssuerBuilder::buildIssuer();
  69         is->setName(issuer.get());
  70
  71         NameID* n=NameIDBuilder::buildNameID();
  72         n->setName(nameid.get());
  73         Subject* subject=SubjectBuilder::buildSubject();
  74         subject->setNameID(n);
  75
  76         AuthnStatement* statement=AuthnStatementBuilder::buildAuthnStatement();
  77         statement->setAuthnInstant(issueInstant.get());
  78
  79         AuthnContext* ac=AuthnContextBuilder::buildAuthnContext();
  80         AuthnContextClassRef* acc=AuthnContextClassRefBuilder::buildAuthnContextClassRef();
  81         acc->setReference(method.get());
  82         ac->setAuthnContextClassRef(acc);
  83         statement->setAuthnContext(ac);
  84
  85         auto_ptr<Assertion> assertion(AssertionBuilder::buildAssertion());
  86         assertion->setID(id.get());
  87         assertion->setIssueInstant(issueInstant.get());
  88         assertion->setIssuer(is);
  89         assertion->setSubject(subject);
  90         assertion->getAuthnStatements().push_back(statement);
  91
  92         // Append a Signature.
  93         Signature* sig=SignatureBuilder::buildSignature();
  94         assertion->setSignature(sig);
  95
  96         // Sign while marshalling.
  97         vector<Signature*> sigs(1,sig);
  98         CredentialCriteria cc;
  99         cc.setUsage(Credential::SIGNING_CREDENTIAL);
 100         Locker locker(m_resolver);
 101         const Credential* cred = m_resolver->resolve(&cc);
 102         TSM_ASSERT("Retrieved credential was null", cred!=NULL);
 103
 104         DOMElement* rootElement = NULL;
 105         try {
 106             rootElement=assertion->marshall((DOMDocument*)NULL,&sigs,cred);
 107         }
 108         catch (XMLToolingException& e) {
 109             TS_TRACE(e.what());
 110             throw;
 111         }
 112
 113         // Now encrypt this puppy to the SP role in the example metadata.
 114         auto_ptr<EncryptedAssertion> encrypted(EncryptedAssertionBuilder::buildEncryptedAssertion());
 115         Locker mlocker(m_metadata);
 116         MetadataProvider::Criteria mc("https://sp.example.org/", &SPSSODescriptor::ELEMENT_QNAME, samlconstants::SAML20P_NS);
 117         pair<const EntityDescriptor*,const RoleDescriptor*> sp = m_metadata->getEntityDescriptor(mc);
 118         TSM_ASSERT("No metadata for recipient.", sp.first!=NULL);
 119         TSM_ASSERT("No SP role for recipient.", sp.second!=NULL);
 120         MetadataCredentialCriteria mcc(*sp.second);
 121         vector< pair<const MetadataProvider*,MetadataCredentialCriteria*> > recipients(
 122             1, pair<const MetadataProvider*,MetadataCredentialCriteria*>(m_metadata, &mcc)
 123             );
 124         encrypted->encrypt(*assertion.get(), recipients);
 125
 126         // Roundtrip it.
 127         string buf;
 128         XMLHelper::serialize(encrypted->marshall(), buf);
 129         //TS_TRACE(buf.c_str());
 130         istringstream in(buf);
 131         DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
 132         const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
 133
 134         // Unpack, then decypt with our key.
 135         auto_ptr<EncryptedAssertion> encrypted2(dynamic_cast<EncryptedAssertion*>(b->buildFromDocument(doc)));
 136         auto_ptr<Assertion> assertion2(dynamic_cast<Assertion*>(encrypted2->decrypt(*m_resolver, sp.first->getEntityID())));
 137         assertEquals("Unmarshalled assertion does not match", expectedChildElementsDOM, assertion2.get(), false);
 138
 139         // And check the signature.
 140         try {
 141             opensaml::SignatureProfileValidator spv;
 142             SignatureValidator sv(cred);
 143             spv.validate(dynamic_cast<Assertion*>(assertion2.get())->getSignature());
 144             sv.validate(dynamic_cast<Assertion*>(assertion2.get())->getSignature());
 145         }
 146         catch (XMLToolingException& e) {
 147             TS_TRACE(e.what());
 148             throw;
 149         }
 150     }
 151
 152 };