samltest/saml1/binding/SAML1ArtifactTest.h

   1 /*
   2  *  Copyright 2001-2005 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include "binding.h"
  18
  19 #include <saml/binding/ArtifactMap.h>
  20 #include <saml/saml1/core/Assertions.h>
  21 #include <saml/saml1/core/Protocols.h>
  22 #include <saml/saml1/binding/SAMLArtifactType0001.h>
  23 #include <xmltooling/validation/ValidatorSuite.h>
  24
  25 using namespace opensaml::saml1p;
  26 using namespace opensaml::saml1;
  27
  28 namespace {\r
  29     class SAML_DLLLOCAL _addcert : public binary_function<X509Data*,XSECCryptoX509*,void> {\r
  30     public:\r
  31         void operator()(X509Data* bag, XSECCryptoX509* cert) const {\r
  32             safeBuffer& buf=cert->getDEREncodingSB();\r
  33             X509Certificate* x=X509CertificateBuilder::buildX509Certificate();\r
  34             x->setValue(buf.sbStrToXMLCh());\r
  35             bag->getX509Certificates().push_back(x);\r
  36         }\r
  37     };\r
  38 };\r
  39
  40 class SAML1ArtifactTest : public CxxTest::TestSuite,
  41     public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver {
  42 public:
  43     void setUp() {
  44         SAMLBindingBaseTestCase::setUp();
  45     }
  46
  47     void tearDown() {
  48         SAMLBindingBaseTestCase::tearDown();
  49     }
  50
  51     void testSAML1Artifact() {
  52         try {
  53             // Read message to use from file.
  54             string path = data_path + "saml1/binding/SAML1Assertion.xml";
  55             ifstream in(path.c_str());
  56             DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
  57             XercesJanitor<DOMDocument> janitor(doc);
  58             auto_ptr<Assertion> toSend(
  59                 dynamic_cast<Assertion*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))
  60                 );
  61             janitor.release();
  62
  63             // Encode message.
  64             auto_ptr<MessageEncoder> encoder(
  65                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL)
  66                 );
  67             encoder->setArtifactGenerator(this);
  68             encoder->encode(*this,toSend.get(),"https://sp.example.org/SAML/Artifact","https://sp.example.org/","state",m_creds);
  69             toSend.release();
  70
  71             // Decode message.
  72             string relayState;
  73             const RoleDescriptor* issuer=NULL;
  74             const XMLCh* securityMech=NULL;
  75             QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
  76             auto_ptr<MessageDecoder> decoder(
  77                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(samlconstants::SAML1_PROFILE_BROWSER_ARTIFACT, NULL)
  78                 );
  79             decoder->setArtifactResolver(this);
  80             Locker locker(m_metadata);
  81             auto_ptr<Response> response(
  82                 dynamic_cast<Response*>(
  83                     decoder->decode(relayState,issuer,securityMech,*this,m_metadata,&idprole,m_trust)
  84                     )
  85                 );
  86
  87             // Test the results.
  88             TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state");
  89             TSM_ASSERT("SAML Response not decoded successfully.", response.get());
  90             TSM_ASSERT("Message was not verified.", issuer && securityMech && securityMech==samlconstants::SAML1P_NS);
  91             auto_ptr_char entityID(dynamic_cast<const EntityDescriptor*>(issuer->getParent())->getEntityID());
  92             TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
  93             TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
  94
  95             // Trigger a replay.
  96             TSM_ASSERT_THROWS("Did not catch the replay.",
  97                 decoder->decode(relayState,issuer,securityMech,*this,m_metadata,&idprole,m_trust),
  98                 BindingException);
  99         }
 100         catch (XMLToolingException& ex) {
 101             TS_TRACE(ex.what());
 102             throw;
 103         }
 104     }
 105
 106     SAMLArtifact* generateSAML1Artifact(const char* relyingParty) const {
 107         return new SAMLArtifactType0001(SAMLConfig::getConfig().hashSHA1("https://idp.example.org/"));
 108     }
 109
 110     saml2p::SAML2Artifact* generateSAML2Artifact(const char* relyingParty) const {
 111         throw BindingException("Not implemented.");
 112     }
 113
 114     Signature* buildSignature(const CredentialResolver* credResolver) const\r
 115     {\r
 116         // Build a Signature.\r
 117         Signature* sig = SignatureBuilder::buildSignature();\r
 118         sig->setSigningKey(credResolver->getKey());\r
 119 \r
 120         // Build KeyInfo.\r
 121         const vector<XSECCryptoX509*>& certs = credResolver->getCertificates();\r
 122         if (!certs.empty()) {\r
 123             KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();\r
 124             X509Data* x509Data=X509DataBuilder::buildX509Data();\r
 125             keyInfo->getX509Datas().push_back(x509Data);\r
 126             for_each(certs.begin(),certs.end(),bind1st(_addcert(),x509Data));\r
 127             sig->setKeyInfo(keyInfo);\r
 128         }\r
 129         \r
 130         return sig;\r
 131     }\r
 132
 133     Response* resolve(
 134         const XMLCh*& securityMech,
 135         const vector<SAMLArtifact*>& artifacts,
 136         const IDPSSODescriptor& idpDescriptor,
 137         const X509TrustEngine* trustEngine=NULL
 138         ) const {
 139         TSM_ASSERT_EQUALS("Too many artifacts.", artifacts.size(), 1);
 140         XMLObject* xmlObject =
 141             SAMLConfig::getConfig().getArtifactMap()->retrieveContent(artifacts.front(), "https://sp.example.org/");
 142         Assertion* assertion = dynamic_cast<Assertion*>(xmlObject);
 143         TSM_ASSERT("Not an assertion.", assertion!=NULL);
 144         auto_ptr<Response> response(ResponseBuilder::buildResponse());
 145         response->getAssertions().push_back(assertion);
 146         Status* status = StatusBuilder::buildStatus();
 147         response->setStatus(status);
 148         StatusCode* sc = StatusCodeBuilder::buildStatusCode();
 149         status->setStatusCode(sc);
 150         sc->setValue(&StatusCode::SUCCESS);
 151         response->setSignature(buildSignature(m_creds));
 152         vector<Signature*> sigs(1,response->getSignature());
 153         response->marshall((DOMDocument*)NULL,&sigs);
 154         SchemaValidators.validate(response.get());
 155         securityMech = NULL;
 156         return response.release();
 157     }
 158
 159     saml2p::ArtifactResponse* resolve(
 160         const XMLCh*& securityMech,
 161         const saml2p::SAML2Artifact& artifact,
 162         const SSODescriptorType& ssoDescriptor,
 163         const X509TrustEngine* trustEngine=NULL
 164         ) const {
 165         throw BindingException("Not implemented.");
 166     }
 167 };