[shibboleth/cpp-opensaml.git] / samltest / signature / SAML1AssertionTest.h

/*\r
 *  Copyright 2001-2005 Internet2\r
 * \r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 *\r
 *     http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 */\r
\r
#include "internal.h"\r
#include <saml/saml1/core/Assertions.h>\r
#include <saml/signature/SigningContext.h>\r
#include <saml/signature/VerifyingContext.h>\r
\r
using namespace opensaml::saml1;\r
\r
#include <fstream>\r
#include <openssl/pem.h>\r
#include <xercesc/util/XMLUniDefs.hpp>\r
#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>\r
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>\r
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
#include <xmltooling/signature/Signature.h>\r
\r
class TestContext : public virtual CredentialResolver, public SigningContext, public VerifyingContext\r
{\r
    vector<XSECCryptoX509*> m_certs;\r
    OpenSSLCryptoKeyRSA* m_key;\r
public:\r
    TestContext(const XMLCh* uri) : VerifyingContext(uri), SigningContext(uri,*this), m_key(NULL) {\r
        string keypath=data_path + "key.pem";\r
        BIO* in=BIO_new(BIO_s_file_internal());\r
        if (in && BIO_read_filename(in,keypath.c_str())>0) {\r
            EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);\r
            if (pkey) {\r
                m_key=new OpenSSLCryptoKeyRSA(pkey);\r
                EVP_PKEY_free(pkey);\r
            }\r
        }\r
        if (in) BIO_free(in);\r
        TS_ASSERT(m_key!=NULL);\r
\r
        string certpath=data_path + "cert.pem";\r
        in=BIO_new(BIO_s_file_internal());\r
        if (in && BIO_read_filename(in,certpath.c_str())>0) {\r
            X509* x=NULL;\r
            while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) {\r
                m_certs.push_back(new OpenSSLCryptoX509(x));\r
                X509_free(x);\r
            }\r
        }\r
        if (in) BIO_free(in);\r
        TS_ASSERT(m_certs.size()>0);\r
    }\r
    \r
    virtual ~TestContext() {\r
        delete m_key;\r
        for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
    }\r
    \r
    void verifySignature(DSIGSignature* sig) const {\r
        VerifyingContext::verifySignature(sig);\r
        sig->setSigningKey(NULL);\r
        XSECKeyInfoResolverDefault resolver;\r
        sig->setKeyInfoResolver(&resolver);\r
        sig->verify();\r
    }\r
\r
    xmlsignature::KeyInfo* getKeyInfo() { return NULL; }\r
    const char* getId() const { return "test"; }\r
    const vector<XSECCryptoX509*>* getX509Certificates() { return &m_certs; }\r
    XSECCryptoKey* getPublicKey() { return m_key; }\r
    XSECCryptoKey* getPrivateKey() { return m_key; }\r
    Lockable& lock() { return *this; }\r
    void unlock() {}\r
};\r
\r
class SAML1AssertionTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {\r
public:\r
    void setUp() {\r
        childElementsFile  = data_path + "signature/SAML1Assertion.xml";\r
        SAMLObjectBaseTestCase::setUp();\r
    }\r
\r
    void tearDown() {\r
        SAMLObjectBaseTestCase::tearDown();\r
    }\r
\r
    void testSignature() {\r
        auto_ptr_XMLCh issuer("issuer");\r
        auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z");\r
        auto_ptr_XMLCh id("ident");\r
        auto_ptr_XMLCh method("method");\r
        auto_ptr_XMLCh nameid("John Doe");\r
        \r
        NameIdentifier* n=NameIdentifierBuilder::buildNameIdentifier();\r
        n->setName(nameid.get());        \r
        Subject* subject=SubjectBuilder::buildSubject();\r
        subject->setNameIdentifier(n);\r
\r
        AuthenticationStatement* statement=AuthenticationStatementBuilder::buildAuthenticationStatement();\r
        statement->setAuthenticationInstant(issueInstant.get());\r
        statement->setAuthenticationMethod(method.get());\r
        statement->setSubject(subject);\r
        \r
        auto_ptr<Assertion> assertion(AssertionBuilder::buildAssertion());\r
        assertion->setAssertionID(id.get());\r
        assertion->setIssueInstant(issueInstant.get());\r
        assertion->setIssuer(issuer.get());\r
        assertion->getAuthenticationStatements().push_back(statement);\r
\r
        // Append a Signature.\r
        xmlsignature::Signature* sig=xmlsignature::SignatureBuilder::newSignature();\r
        assertion->setSignature(sig);\r
        \r
        // Signing context for the assertion.\r
        TestContext tc(id.get());\r
        MarshallingContext mctx(sig,&tc);\r
        DOMElement* rootElement = assertion->marshall((DOMDocument*)NULL,&mctx);\r
        \r
        string buf;\r
        XMLHelper::serialize(rootElement, buf);\r
        istringstream in(buf);\r
        DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
        const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());\r
        \r
        assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));\r
        \r
        try {\r
            assertion->getSignature()->verify(tc);\r
        }\r
        catch (xmlsignature::SignatureException& e) {\r
            TS_TRACE(e.what());\r
            throw;\r
        }\r
    }\r
\r
};\r