2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 #include <saml/SAMLConfig.h>
23 #include <saml/saml2/metadata/Metadata.h>
24 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
25 #include <saml/saml2/metadata/MetadataProvider.h>
26 #include <xmltooling/security/SignatureTrustEngine.h>
28 using namespace opensaml::saml2;
29 using namespace opensaml::saml2md;
30 using namespace xmlsignature;
32 class StaticPKIXTrustEngineTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
35 SAMLObjectBaseTestCase::setUp();
39 SAMLObjectBaseTestCase::tearDown();
42 void testStaticPKIXTrustEngine() {
43 string config = data_path + "security/XMLMetadataProvider.xml";
44 ifstream in(config.c_str());
45 DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
46 XercesJanitor<DOMDocument> janitor(doc);
48 auto_ptr_XMLCh path("path");
49 string s = data_path + "security/example-metadata.xml";
50 auto_ptr_XMLCh file(s.c_str());
51 doc->getDocumentElement()->setAttributeNS(nullptr,path.get(),file.get());
53 // Build metadata provider.
54 auto_ptr<MetadataProvider> metadataProvider(
55 opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
58 metadataProvider->init();
60 catch (XMLToolingException& ex) {
65 // Build trust engine.
66 config = data_path + "security/StaticPKIXTrustEngine.xml";
67 ifstream in2(config.c_str());
68 DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);
69 XercesJanitor<DOMDocument> janitor2(doc2);
70 auto_ptr<TrustEngine> trustEngine(
71 XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(STATIC_PKIX_TRUSTENGINE,doc2->getDocumentElement())
74 // Get signed assertion.
75 config = data_path + "signature/SAML2Assertion.xml";
76 ifstream in3(config.c_str());
77 DOMDocument* doc3=XMLToolingConfig::getConfig().getParser().parse(in3);
78 XercesJanitor<DOMDocument> janitor3(doc3);
79 auto_ptr<Assertion> assertion(dynamic_cast<Assertion*>(XMLObjectBuilder::getBuilder(doc3->getDocumentElement())->buildFromDocument(doc3)));
82 Locker locker(metadataProvider.get());
83 const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria("https://idp.example.org")).first;
84 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
86 RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();
87 TSM_ASSERT("Role not present", role!=nullptr);
89 Signature* sig=assertion->getSignature();
90 TSM_ASSERT("Signature not present", sig!=nullptr);
92 MetadataCredentialCriteria cc(*role);
93 cc.setPeerName("https://idp.example.org");
94 TSM_ASSERT("Signature failed to validate.", dynamic_cast<SignatureTrustEngine*>(trustEngine.get())->validate(*sig, *metadataProvider, &cc));
96 descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria("https://idp2.example.org")).first;
97 TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
99 role=descriptor->getIDPSSODescriptors().front();
100 TSM_ASSERT("Role not present", role!=nullptr);
102 MetadataCredentialCriteria cc2(*role);
103 cc2.setPeerName("https://idp2.example.org");
104 TSM_ASSERT("Signature validated.", !dynamic_cast<SignatureTrustEngine*>(trustEngine.get())->validate(*sig, *metadataProvider, &cc2));