[shibboleth/cpp-opensaml.git] / samltest / signature / SAML1AssertionTest.h

/*\r
 *  Copyright 2001-2005 Internet2\r
 * \r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 *\r
 *     http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 */\r
\r
#include "internal.h"\r
#include <saml/saml1/core/Assertions.h>\r
#include <saml/signature/SignatureProfileValidator.h>\r
#include <xmltooling/signature/SignatureValidator.h>\r
\r
#include <fstream>\r
#include <openssl/pem.h>\r
#include <xercesc/util/XMLUniDefs.hpp>\r
#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>\r
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>\r
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
#include <xsec/enc/XSECCryptoException.hpp>\r
#include <xsec/framework/XSECException.hpp>\r
\r
using namespace opensaml::saml1;\r
using namespace xmlsignature;\r
\r
class _addcert : public std::binary_function<X509Data*,XSECCryptoX509*,void> {\r
public:\r
    void operator()(X509Data* bag, XSECCryptoX509* cert) const {\r
        safeBuffer& buf=cert->getDEREncodingSB();\r
        X509Certificate* x=X509CertificateBuilder::buildX509Certificate();\r
        x->setValue(buf.sbStrToXMLCh());\r
        bag->getX509Certificates().push_back(x);\r
    }\r
};\r
\r
class SAML1AssertionTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {\r
    XSECCryptoKey* m_key;\r
    vector<XSECCryptoX509*> m_certs;\r
public:\r
    void setUp() {\r
        childElementsFile  = data_path + "signature/SAML1Assertion.xml";\r
        SAMLObjectBaseTestCase::setUp();\r
        string keypath=data_path + "key.pem";\r
        BIO* in=BIO_new(BIO_s_file_internal());\r
        if (in && BIO_read_filename(in,keypath.c_str())>0) {\r
            EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);\r
            if (pkey) {\r
                m_key=new OpenSSLCryptoKeyRSA(pkey);\r
                EVP_PKEY_free(pkey);\r
            }\r
        }\r
        if (in) BIO_free(in);\r
        TS_ASSERT(m_key!=NULL);\r
\r
        string certpath=data_path + "cert.pem";\r
        in=BIO_new(BIO_s_file_internal());\r
        if (in && BIO_read_filename(in,certpath.c_str())>0) {\r
            X509* x=NULL;\r
            while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) {\r
                m_certs.push_back(new OpenSSLCryptoX509(x));\r
                X509_free(x);\r
            }\r
        }\r
        if (in) BIO_free(in);\r
        TS_ASSERT(m_certs.size()>0);\r
    }\r
\r
    void tearDown() {\r
        SAMLObjectBaseTestCase::tearDown();\r
        delete m_key;\r
        for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
    }\r
\r
    void testSignature() {\r
        auto_ptr_XMLCh issuer("issuer");\r
        auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z");\r
        auto_ptr_XMLCh id("ident");\r
        auto_ptr_XMLCh method("method");\r
        auto_ptr_XMLCh nameid("John Doe");\r
        \r
        NameIdentifier* n=NameIdentifierBuilder::buildNameIdentifier();\r
        n->setName(nameid.get());        \r
        Subject* subject=SubjectBuilder::buildSubject();\r
        subject->setNameIdentifier(n);\r
\r
        AuthenticationStatement* statement=AuthenticationStatementBuilder::buildAuthenticationStatement();\r
        statement->setAuthenticationInstant(issueInstant.get());\r
        statement->setAuthenticationMethod(method.get());\r
        statement->setSubject(subject);\r
        \r
        auto_ptr<Assertion> assertion(AssertionBuilder::buildAssertion());\r
        assertion->setAssertionID(id.get());\r
        assertion->setIssueInstant(issueInstant.get());\r
        assertion->setIssuer(issuer.get());\r
        assertion->getAuthenticationStatements().push_back(statement);\r
\r
        // Append a Signature.\r
        Signature* sig=SignatureBuilder::buildSignature();\r
        assertion->setSignature(sig);\r
        sig->setSigningKey(m_key->clone());\r
\r
        // Build KeyInfo.\r
        KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();\r
        X509Data* x509Data=X509DataBuilder::buildX509Data();\r
        keyInfo->getX509Datas().push_back(x509Data);\r
        for_each(m_certs.begin(),m_certs.end(),bind1st(_addcert(),x509Data));\r
        sig->setKeyInfo(keyInfo);\r
\r
        // Sign while marshalling.\r
        vector<Signature*> sigs(1,sig);\r
        DOMElement* rootElement = NULL;\r
        try {\r
            rootElement=assertion->marshall((DOMDocument*)NULL,&sigs);\r
        }\r
        catch (XMLToolingException& e) {\r
            TS_TRACE(e.what());\r
            throw;\r
        }\r
        \r
        string buf;\r
        XMLHelper::serialize(rootElement, buf);\r
        istringstream in(buf);\r
        DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
        const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());\r
        \r
        assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));\r
        \r
        try {\r
            assertion->getSignature()->registerValidator(new SignatureProfileValidator());\r
            assertion->getSignature()->registerValidator(new SignatureValidator(new KeyResolver(m_key->clone())));\r
            assertion->getSignature()->validate(true);\r
        }\r
        catch (XMLToolingException& e) {\r
            TS_TRACE(e.what());\r
            throw;\r
        }\r
    }\r
\r
};\r