samltest/saml2/binding/SAML2ArtifactTest.h

   1 /*
   2  *  Copyright 2001-2007 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include "binding.h"
  18
  19 #include <saml/binding/ArtifactMap.h>
  20 #include <saml/saml2/core/Protocols.h>
  21 #include <saml/saml2/binding/SAML2ArtifactType0004.h>
  22 #include <xmltooling/security/SecurityHelper.h>
  23 #include <xmltooling/validation/ValidatorSuite.h>
  24
  25 using namespace opensaml::saml2p;
  26 using namespace opensaml::saml2;
  27
  28 class SAML2ArtifactTest : public CxxTest::TestSuite,
  29         public SAMLBindingBaseTestCase, public MessageEncoder::ArtifactGenerator, public MessageDecoder::ArtifactResolver {
  30 public:
  31     void setUp() {
  32         SAMLBindingBaseTestCase::setUp();
  33     }
  34
  35     void tearDown() {
  36         SAMLBindingBaseTestCase::tearDown();
  37     }
  38
  39     void testSAML2Artifact() {
  40         try {
  41             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
  42             SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
  43             policy.getRules().assign(m_rules.begin(), m_rules.end());
  44
  45             // Read message to use from file.
  46             string path = data_path + "saml2/binding/SAML2Response.xml";
  47             ifstream in(path.c_str());
  48             DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
  49             XercesJanitor<DOMDocument> janitor(doc);
  50             auto_ptr<Response> toSend(
  51                 dynamic_cast<Response*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))
  52                 );
  53             janitor.release();
  54
  55             CredentialCriteria cc;
  56             cc.setUsage(Credential::SIGNING_CREDENTIAL);
  57             Locker clocker(m_creds);
  58             const Credential* cred = m_creds->resolve(&cc);
  59             TSM_ASSERT("Retrieved credential was null", cred!=NULL);
  60
  61             // Freshen timestamp.
  62             toSend->setIssueInstant(time(NULL));
  63
  64             // Encode message.
  65             auto_ptr<MessageEncoder> encoder(
  66                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
  67                     samlconstants::SAML20_BINDING_HTTP_ARTIFACT, pair<const DOMElement*,const XMLCh*>(NULL,NULL)
  68                     )
  69                 );
  70             Locker locker(m_metadata);
  71             encoder->encode(
  72                 *this,
  73                 toSend.get(),
  74                 "https://sp.example.org/SAML/SSO",
  75                 m_metadata->getEntityDescriptor(MetadataProvider::Criteria("https://sp.example.org/")).first,
  76                 "state",
  77                 this,
  78                 cred
  79                 );
  80             toSend.release();
  81
  82             // Decode message.
  83             string relayState;
  84             auto_ptr<MessageDecoder> decoder(
  85                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
  86                     samlconstants::SAML20_BINDING_HTTP_ARTIFACT, pair<const DOMElement*,const XMLCh*>(NULL,NULL)
  87                     )
  88                 );
  89             decoder->setArtifactResolver(this);
  90             auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
  91
  92             // Test the results.
  93             TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
  94             TSM_ASSERT("SAML Response not decoded successfully.", response.get());
  95             TSM_ASSERT("Message was not verified.", policy.isAuthenticated());
  96             auto_ptr_char entityID(policy.getIssuer()->getName());
  97             TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
  98             TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
  99
 100             // Trigger a replay.
 101             policy.reset();
 102             TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), BindingException);
 103         }
 104         catch (XMLToolingException& ex) {
 105             TS_TRACE(ex.what());
 106             throw;
 107         }
 108     }
 109
 110     SAMLArtifact* generateSAML1Artifact(const EntityDescriptor* relyingParty) const {
 111         throw BindingException("Not implemented.");
 112     }
 113
 114     saml2p::SAML2Artifact* generateSAML2Artifact(const EntityDescriptor* relyingParty) const {
 115         static const char* providerIdStr = "https://idp.example.org/";
 116         return new SAML2ArtifactType0004(
 117             SecurityHelper::doHash("SHA1", providerIdStr, strlen(providerIdStr), false), 1
 118             );
 119     }
 120
 121     saml1p::Response* resolve(
 122         const vector<SAMLArtifact*>& artifacts,
 123         const IDPSSODescriptor& idpDescriptor,
 124         SecurityPolicy& policy
 125         ) const {
 126         throw BindingException("Not implemented.");
 127     }
 128
 129     ArtifactResponse* resolve(
 130         const SAML2Artifact& artifact,
 131         const SSODescriptorType& ssoDescriptor,
 132         SecurityPolicy& policy
 133         ) const {
 134         XMLObject* xmlObject =
 135             SAMLConfig::getConfig().getArtifactMap()->retrieveContent(&artifact, "https://sp.example.org/");
 136         Response* payload = dynamic_cast<Response*>(xmlObject);
 137         TSM_ASSERT("Not a response.", payload!=NULL);
 138
 139         auto_ptr<ArtifactResponse> response(ArtifactResponseBuilder::buildArtifactResponse());
 140         response->setPayload(payload);
 141         Status* status = StatusBuilder::buildStatus();
 142         response->setStatus(status);
 143         StatusCode* sc = StatusCodeBuilder::buildStatusCode();
 144         status->setStatusCode(sc);
 145         sc->setValue(StatusCode::SUCCESS);
 146         response->marshall();
 147         SchemaValidators.validate(response.get());
 148         policy.evaluate(*(response.get()), this);
 149         return response.release();
 150     }
 151 };