2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <saml/SAMLConfig.h>
20 #include <saml/binding/SecurityPolicy.h>
21 #include <saml/binding/SecurityPolicyRule.h>
22 #include <saml/saml2/core/Assertions.h>
24 using namespace opensaml;
26 class SAML2PolicyTest : public CxxTest::TestSuite {
27 SecurityPolicy* m_policy;
28 vector<SecurityPolicyRule*> m_rules;
32 m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(CONDITIONS_POLICY_RULE, NULL));
33 m_rules.push_back(SAMLConfig::getConfig().SecurityPolicyRuleManager.newPlugin(BEARER_POLICY_RULE, NULL));
34 m_policy = new SecurityPolicy();
35 m_policy->getRules().assign(m_rules.begin(), m_rules.end());
39 for_each(m_rules.begin(), m_rules.end(), xmltooling::cleanup<SecurityPolicyRule>());
43 void testSAML2Policy() {
45 // Read assertion to use from file.
46 string path = data_path + "saml2/profile/SAML2Assertion.xml";
47 ifstream in(path.c_str());
48 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
49 XercesJanitor<DOMDocument> janitor(doc);
50 auto_ptr<saml2::Assertion> assertion(
51 dynamic_cast<saml2::Assertion*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))
55 auto_ptr_XMLCh requestID("_12345");
56 m_policy->setCorrelationID(requestID.get());
58 TSM_ASSERT_THROWS("Policy should have tripped on AudienceRestriction", m_policy->evaluate(*assertion.get()), SecurityPolicyException);
60 auto_ptr_XMLCh recipient("https://sp.example.org");
61 m_policy->getAudiences().push_back(recipient.get());
62 TSM_ASSERT_THROWS("Policy should have tripped on InResponseTo correlation", m_policy->evaluate(*assertion.get()), SecurityPolicyException);
64 dynamic_cast<saml2::SubjectConfirmationData*>(
65 assertion->getSubject()->getSubjectConfirmations().front()->getSubjectConfirmationData()
66 )->setInResponseTo(requestID.get());
67 m_policy->evaluate(*assertion.get());
69 catch (exception& ex) {