samltest/saml1/binding/SAML1POSTTest.h

   1 /**
   2  * Licensed to the University Corporation for Advanced Internet
   3  * Development, Inc. (UCAID) under one or more contributor license
   4  * agreements. See the NOTICE file distributed with this work for
   5  * additional information regarding copyright ownership.
   6  *
   7  * UCAID licenses this file to you under the Apache License,
   8  * Version 2.0 (the "License"); you may not use this file except
   9  * in compliance with the License. You may obtain a copy of the
  10  * License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
  17  * either express or implied. See the License for the specific
  18  * language governing permissions and limitations under the License.
  19  */
  20
  21 #include "binding.h"
  22
  23 #include <saml/saml1/core/Protocols.h>
  24
  25 using namespace opensaml::saml1p;
  26 using namespace opensaml::saml1;
  27
  28 class SAML1POSTTest : public CxxTest::TestSuite, public SAMLBindingBaseTestCase {
  29 public:
  30     void setUp() {
  31         SAMLBindingBaseTestCase::setUp();
  32     }
  33
  34     void tearDown() {
  35         SAMLBindingBaseTestCase::tearDown();
  36     }
  37
  38     void testSAML1POST() {
  39         try {
  40             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
  41             SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
  42             policy.getRules().assign(m_rules.begin(), m_rules.end());
  43
  44             // Read message to use from file.
  45             string path = data_path + "saml1/binding/SAML1Response.xml";
  46             ifstream in(path.c_str());
  47             DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
  48             XercesJanitor<DOMDocument> janitor(doc);
  49             auto_ptr<Response> toSend(
  50                 dynamic_cast<Response*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))
  51                 );
  52             janitor.release();
  53
  54             CredentialCriteria cc;
  55             cc.setUsage(Credential::SIGNING_CREDENTIAL);
  56             Locker clocker(m_creds);
  57             const Credential* cred = m_creds->resolve(&cc);
  58             TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
  59
  60             // Freshen timestamp and ID.
  61             toSend->setIssueInstant(time(nullptr));
  62             toSend->setResponseID(nullptr);
  63
  64             // Encode message.
  65             auto_ptr_XMLCh lit1("MessageEncoder");
  66             auto_ptr_XMLCh lit2("template");
  67             path = data_path + "binding/template.html";
  68             auto_ptr_XMLCh lit3(path.c_str());
  69             DOMDocument* encoder_config = XMLToolingConfig::getConfig().getParser().newDocument();
  70             XercesJanitor<DOMDocument> janitor2(encoder_config);
  71             encoder_config->appendChild(encoder_config->createElementNS(nullptr,lit1.get()));
  72             encoder_config->getDocumentElement()->setAttributeNS(nullptr,lit2.get(),lit3.get());
  73             auto_ptr<MessageEncoder> encoder(
  74                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
  75                     samlconstants::SAML1_PROFILE_BROWSER_POST, pair<const DOMElement*,const XMLCh*>(encoder_config->getDocumentElement(),nullptr)
  76                     )
  77                 );
  78
  79             Locker locker(m_metadata);
  80             encoder->encode(
  81                 *this,
  82                 toSend.get(),
  83                 "https://sp.example.org/SAML/SSO",
  84                 m_metadata->getEntityDescriptor(MetadataProvider::Criteria("https://sp.example.org/")).first,
  85                 "state",
  86                 nullptr,
  87                 cred
  88                 );
  89             toSend.release();
  90
  91             // Decode message.
  92             string relayState;
  93             auto_ptr<MessageDecoder> decoder(
  94                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
  95                     samlconstants::SAML1_PROFILE_BROWSER_POST, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
  96                     )
  97                 );
  98             auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
  99
 100             // Test the results.
 101             TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state");
 102             TSM_ASSERT("SAML Response not decoded successfully.", response.get());
 103             TSM_ASSERT("Message was not verified.", policy.isAuthenticated());
 104             auto_ptr_char entityID(policy.getIssuer()->getName());
 105             TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
 106             TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
 107
 108             // Trigger a replay.
 109             policy.reset();
 110             TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), SecurityPolicyException);
 111         }
 112         catch (XMLToolingException& ex) {
 113             TS_TRACE(ex.what());
 114             throw;
 115         }
 116     }
 117 };