2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 #include <saml/SAMLConfig.h>
19 #include <saml/security/TrustEngine.h>
20 #include <saml/saml2/metadata/MetadataProvider.h>
22 using namespace opensaml::saml2;
23 using namespace opensaml::saml2md;
24 using namespace xmlsignature;
26 class ExplicitKeyTrustEngineTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
29 SAMLObjectBaseTestCase::setUp();
33 SAMLObjectBaseTestCase::tearDown();
36 void testExplicitKeyTrustEngine() {
37 string config = data_path + "security/FilesystemMetadataProvider.xml";
38 ifstream in(config.c_str());
39 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
40 XercesJanitor<DOMDocument> janitor(doc);
42 auto_ptr_XMLCh path("path");
43 string s = data_path + "security/example-metadata.xml";
44 auto_ptr_XMLCh file(s.c_str());
45 doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());
47 // Build metadata provider.
48 auto_ptr<MetadataProvider> metadataProvider(
49 SAMLConfig::getConfig().MetadataProviderManager.newPlugin(FILESYSTEM_METADATA_PROVIDER,doc->getDocumentElement())
52 metadataProvider->init();
54 catch (XMLToolingException& ex) {
59 // Build trust engine.
60 auto_ptr<opensaml::TrustEngine> trustEngine(
61 SAMLConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_SAMLTRUSTENGINE, NULL)
64 // Get signed assertion.
65 config = data_path + "signature/SAML2Assertion.xml";
66 ifstream in2(config.c_str());
67 DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);
68 XercesJanitor<DOMDocument> janitor2(doc2);
69 auto_ptr<Assertion> assertion(dynamic_cast<Assertion*>(XMLObjectBuilder::getBuilder(doc2->getDocumentElement())->buildFromDocument(doc2)));
72 Locker locker(metadataProvider.get());
73 const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor("https://idp.example.org");
74 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
76 RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();
77 TSM_ASSERT("Role not present", role!=NULL);
79 Signature* sig=assertion->getSignature();
80 TSM_ASSERT("Signature not present", sig!=NULL);
81 TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));
83 descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org");
84 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
86 role=descriptor->getIDPSSODescriptors().front();
87 TSM_ASSERT("Role not present", role!=NULL);
89 TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));