samltest/saml2/binding/SAML2RedirectTest.h

   1 /**
   2  * Licensed to the University Corporation for Advanced Internet
   3  * Development, Inc. (UCAID) under one or more contributor license
   4  * agreements. See the NOTICE file distributed with this work for
   5  * additional information regarding copyright ownership.
   6  *
   7  * UCAID licenses this file to you under the Apache License,
   8  * Version 2.0 (the "License"); you may not use this file except
   9  * in compliance with the License. You may obtain a copy of the
  10  * License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
  17  * either express or implied. See the License for the specific
  18  * language governing permissions and limitations under the License.
  19  */
  20
  21 #include "binding.h"
  22
  23 #include <saml/saml2/core/Protocols.h>
  24
  25 using namespace opensaml::saml2p;
  26 using namespace opensaml::saml2;
  27
  28 class SAML2RedirectTest : public CxxTest::TestSuite, public SAMLBindingBaseTestCase {
  29 public:
  30     void setUp() {
  31         SAMLBindingBaseTestCase::setUp();
  32     }
  33
  34     void tearDown() {
  35         SAMLBindingBaseTestCase::tearDown();
  36     }
  37
  38     void testSAML2Redirect() {
  39         try {
  40             xmltooling::QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
  41             SecurityPolicy policy(m_metadata, &idprole, m_trust, false);
  42             policy.getRules().assign(m_rules.begin(), m_rules.end());
  43
  44             // Read message to use from file.
  45             string path = data_path + "saml2/binding/SAML2Response.xml";
  46             ifstream in(path.c_str());
  47             DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
  48             XercesJanitor<DOMDocument> janitor(doc);
  49             auto_ptr<Response> toSend(
  50                 dynamic_cast<Response*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))
  51                 );
  52             janitor.release();
  53
  54             CredentialCriteria cc;
  55             cc.setUsage(Credential::SIGNING_CREDENTIAL);
  56             Locker clocker(m_creds);
  57             const Credential* cred = m_creds->resolve(&cc);
  58             TSM_ASSERT("Retrieved credential was null", cred!=nullptr);
  59
  60             // Freshen timestamp and ID.
  61             toSend->setIssueInstant(time(nullptr));
  62             toSend->setID(nullptr);
  63
  64             // Encode message.
  65             auto_ptr<MessageEncoder> encoder(
  66                 SAMLConfig::getConfig().MessageEncoderManager.newPlugin(
  67                     samlconstants::SAML20_BINDING_HTTP_REDIRECT, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
  68                     )
  69                 );
  70             Locker locker(m_metadata);
  71             encoder->encode(
  72                 *this,
  73                 toSend.get(),
  74                 "https://sp.example.org/SAML/SSO",
  75                 m_metadata->getEntityDescriptor(MetadataProvider::Criteria("https://sp.example.org/")).first,
  76                 "state",
  77                 nullptr,
  78                 cred
  79                 );
  80             toSend.release();
  81
  82             // Decode message.
  83             string relayState;
  84             auto_ptr<MessageDecoder> decoder(
  85                 SAMLConfig::getConfig().MessageDecoderManager.newPlugin(
  86                     samlconstants::SAML20_BINDING_HTTP_REDIRECT, pair<const DOMElement*,const XMLCh*>(nullptr,nullptr)
  87                     )
  88                 );
  89             auto_ptr<Response> response(dynamic_cast<Response*>(decoder->decode(relayState,*this,policy)));
  90
  91             // Test the results.
  92             TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
  93             TSM_ASSERT("SAML Response not decoded successfully.", response.get());
  94             TSM_ASSERT("Message was not verified.", policy.isAuthenticated());
  95             auto_ptr_char entityID(policy.getIssuer()->getName());
  96             TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
  97             TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
  98
  99             // Trigger a replay.
 100             policy.reset();
 101             TSM_ASSERT_THROWS("Did not catch the replay.", decoder->decode(relayState,*this,policy), SecurityPolicyException);
 102         }
 103         catch (XMLToolingException& ex) {
 104             TS_TRACE(ex.what());
 105             throw;
 106         }
 107     }
 108 };