2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 #include <saml/SAMLConfig.h>
23 #include <saml/saml2/binding/SAML2ArtifactType0004.h>
24 #include <saml/saml2/metadata/Metadata.h>
25 #include <saml/saml2/metadata/MetadataProvider.h>
26 #include <xmltooling/security/SecurityHelper.h>
28 using namespace opensaml::saml2md;
29 using namespace opensaml::saml2p;
30 using namespace opensaml;
32 class XMLMetadataProviderTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
35 XMLCh* supportedProtocol;
36 XMLCh* supportedProtocol2;
40 entityID=XMLString::transcode("urn:mace:incommon:washington.edu");
41 entityID2=XMLString::transcode("urn:mace:incommon:psu.edu");
42 supportedProtocol=XMLString::transcode("urn:oasis:names:tc:SAML:1.1:protocol");
43 supportedProtocol2=XMLString::transcode("urn:mace:shibboleth:1.0");
44 SAMLObjectBaseTestCase::setUp();
48 XMLString::release(&entityID);
49 XMLString::release(&entityID2);
50 XMLString::release(&supportedProtocol);
51 XMLString::release(&supportedProtocol2);
52 SAMLObjectBaseTestCase::tearDown();
55 void testXMLProvider() {
56 string config = data_path + "saml2/metadata/XMLMetadataProvider.xml";
57 ifstream in(config.c_str());
58 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
59 XercesJanitor<DOMDocument> janitor(doc);
61 auto_ptr_XMLCh path("path");
62 string s = data_path + "saml2/metadata/InCommon-metadata.xml";
63 auto_ptr_XMLCh file(s.c_str());
64 doc->getDocumentElement()->setAttributeNS(nullptr,path.get(),file.get());
66 auto_ptr<MetadataProvider> metadataProvider(
67 SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
70 metadataProvider->init();
72 catch (XMLToolingException& ex) {
77 Locker locker(metadataProvider.get());
78 const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria(entityID,nullptr,nullptr,false)).first;
79 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
80 assertEquals("Entity's ID does not match requested ID", entityID, descriptor->getEntityID());
81 TSM_ASSERT_EQUALS("Unexpected number of roles", 1, descriptor->getIDPSSODescriptors().size());
82 TSM_ASSERT("Role lookup failed", find_if(descriptor->getIDPSSODescriptors(), isValidForProtocol(supportedProtocol))!=nullptr);
83 TSM_ASSERT("Role lookup failed", find_if(descriptor->getIDPSSODescriptors(), isValidForProtocol(supportedProtocol2))!=nullptr);
85 static const char* providerIdStr = "urn:mace:incommon:washington.edu";
86 auto_ptr<SAML2ArtifactType0004> artifact(
87 new SAML2ArtifactType0004(
88 SecurityHelper::doHash("SHA1", providerIdStr, strlen(providerIdStr), false), 1
91 descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria(artifact.get(),nullptr,nullptr,false)).first;
92 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
93 assertEquals("Entity's ID does not match requested ID", entityID, descriptor->getEntityID());
96 void testXMLWithBlacklists() {
97 string config = data_path + "saml2/metadata/XMLWithBlacklists.xml";
98 ifstream in(config.c_str());
99 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
100 XercesJanitor<DOMDocument> janitor(doc);
102 auto_ptr_XMLCh path("path");
103 string s = data_path + "saml2/metadata/InCommon-metadata.xml";
104 auto_ptr_XMLCh file(s.c_str());
105 doc->getDocumentElement()->setAttributeNS(nullptr,path.get(),file.get());
107 auto_ptr<MetadataProvider> metadataProvider(
108 SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
111 metadataProvider->init();
113 catch (XMLToolingException& ex) {
118 Locker locker(metadataProvider.get());
119 const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria(entityID,nullptr,nullptr,false)).first;
120 TSM_ASSERT("Retrieved entity descriptor was not null", descriptor==nullptr);
121 descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria(entityID2,nullptr,nullptr,false)).first;
122 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
123 assertEquals("Entity's ID does not match requested ID", entityID2, descriptor->getEntityID());
126 void testXMLWithWhitelists() {
127 string config = data_path + "saml2/metadata/XMLWithWhitelists.xml";
128 ifstream in(config.c_str());
129 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
130 XercesJanitor<DOMDocument> janitor(doc);
132 auto_ptr_XMLCh path("path");
133 string s = data_path + "saml2/metadata/InCommon-metadata.xml";
134 auto_ptr_XMLCh file(s.c_str());
135 doc->getDocumentElement()->setAttributeNS(nullptr,path.get(),file.get());
137 auto_ptr<MetadataProvider> metadataProvider(
138 SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
141 metadataProvider->init();
143 catch (XMLToolingException& ex) {
148 Locker locker(metadataProvider.get());
149 const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria(entityID2,nullptr,nullptr,false)).first;
150 TSM_ASSERT("Retrieved entity descriptor was not null", descriptor==nullptr);
151 descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria(entityID,nullptr,nullptr,false)).first;
152 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
153 assertEquals("Entity's ID does not match requested ID", entityID, descriptor->getEntityID());