-/*\r
- * Copyright 2001-2006 Internet2\r
- * \r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-#include "internal.h"\r
-#include <saml/SAMLConfig.h>\r
-#include <saml/security/AbstractPKIXTrustEngine.h>\r
-#include <saml/saml2/metadata/MetadataProvider.h>\r
-\r
-using namespace opensaml::saml2;\r
-using namespace opensaml::saml2md;\r
-using namespace xmlsignature;\r
-\r
-namespace {\r
- class SampleTrustEngine : public AbstractPKIXTrustEngine {\r
- public:\r
- SampleTrustEngine() {}\r
- ~SampleTrustEngine() {}\r
- \r
- class SampleIterator : public PKIXValidationInfoIterator {\r
- vector<XSECCryptoX509CRL*> m_crls;\r
- KeyResolver::ResolvedCertificates m_certs;\r
- KeyResolver* m_resolver;\r
- bool m_done;\r
- public:\r
- SampleIterator() : m_resolver(NULL), m_done(false) {\r
- string config = data_path + "security/FilesystemKeyResolver.xml";\r
- ifstream in(config.c_str());\r
- DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
- XercesJanitor<DOMDocument> janitor(doc);\r
- m_resolver = XMLToolingConfig::getConfig().KeyResolverManager.newPlugin(\r
- FILESYSTEM_KEY_RESOLVER,doc->getDocumentElement()\r
- );\r
- m_resolver->resolveCertificates((KeyInfo*)NULL,m_certs);\r
- }\r
- \r
- ~SampleIterator() {\r
- delete m_resolver;\r
- }\r
-\r
- bool next() {\r
- if (m_done)\r
- return false;\r
- m_done = true;\r
- return true;\r
- }\r
- \r
- int getVerificationDepth() const {\r
- return 0;\r
- }\r
- \r
- const vector<XSECCryptoX509*>& getTrustAnchors() const {\r
- return m_certs.v();\r
- }\r
- \r
- const vector<XSECCryptoX509CRL*>& getCRLs() const {\r
- return m_crls;\r
- }\r
- };\r
- \r
- PKIXValidationInfoIterator* getPKIXValidationInfoIterator(const RoleDescriptor& role) const {\r
- return new SampleIterator();\r
- }\r
- };\r
-};\r
-\r
-class AbstractPKIXTrustEngineTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {\r
-public:\r
- void setUp() {\r
- SAMLObjectBaseTestCase::setUp();\r
- }\r
- \r
- void tearDown() {\r
- SAMLObjectBaseTestCase::tearDown();\r
- }\r
-\r
- void testExplicitKeyTrustEngine() {\r
- string config = data_path + "security/FilesystemMetadataProvider.xml";\r
- ifstream in(config.c_str());\r
- DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
- XercesJanitor<DOMDocument> janitor(doc);\r
-\r
- auto_ptr_XMLCh path("path");\r
- string s = data_path + "security/example-metadata.xml";\r
- auto_ptr_XMLCh file(s.c_str());\r
- doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());\r
-\r
- // Build metadata provider.\r
- auto_ptr<MetadataProvider> metadataProvider(\r
- SAMLConfig::getConfig().MetadataProviderManager.newPlugin(FILESYSTEM_METADATA_PROVIDER,doc->getDocumentElement())\r
- );\r
- try {\r
- metadataProvider->init();\r
- }\r
- catch (XMLToolingException& ex) {\r
- TS_TRACE(ex.what());\r
- throw;\r
- }\r
- \r
- // Build trust engine.\r
- auto_ptr<opensaml::TrustEngine> trustEngine(new SampleTrustEngine());\r
- \r
- // Get signed assertion.\r
- config = data_path + "signature/SAML2Assertion.xml";\r
- ifstream in2(config.c_str());\r
- DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);\r
- XercesJanitor<DOMDocument> janitor2(doc2);\r
- auto_ptr<Assertion> assertion(dynamic_cast<Assertion*>(XMLObjectBuilder::getBuilder(doc2->getDocumentElement())->buildFromDocument(doc2)));\r
- janitor2.release();\r
-\r
- Locker locker(metadataProvider.get());\r
- const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor("https://idp.example.org");\r
- TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);\r
- \r
- RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();\r
- TSM_ASSERT("Role not present", role!=NULL);\r
- \r
- Signature* sig=assertion->getSignature();\r
- TSM_ASSERT("Signature not present", sig!=NULL);\r
- TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));\r
-\r
- descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org");\r
- TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);\r
- \r
- role=descriptor->getIDPSSODescriptors().front();\r
- TSM_ASSERT("Role not present", role!=NULL);\r
-\r
- TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));\r
- }\r
-};\r
+/*
+ * Copyright 2001-2006 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "internal.h"
+#include <saml/SAMLConfig.h>
+#include <saml/security/AbstractPKIXTrustEngine.h>
+#include <saml/saml2/metadata/MetadataProvider.h>
+
+using namespace opensaml::saml2;
+using namespace opensaml::saml2md;
+using namespace xmlsignature;
+
+namespace {
+ class SampleTrustEngine : public AbstractPKIXTrustEngine {
+ public:
+ SampleTrustEngine() {}
+ ~SampleTrustEngine() {}
+
+ class SampleIterator : public PKIXValidationInfoIterator {
+ vector<XSECCryptoX509CRL*> m_crls;
+ KeyResolver::ResolvedCertificates m_certs;
+ KeyResolver* m_resolver;
+ bool m_done;
+ public:
+ SampleIterator() : m_resolver(NULL), m_done(false) {
+ string config = data_path + "security/FilesystemKeyResolver.xml";
+ ifstream in(config.c_str());
+ DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
+ XercesJanitor<DOMDocument> janitor(doc);
+ m_resolver = XMLToolingConfig::getConfig().KeyResolverManager.newPlugin(
+ FILESYSTEM_KEY_RESOLVER,doc->getDocumentElement()
+ );
+ m_resolver->resolveCertificates((KeyInfo*)NULL,m_certs);
+ }
+
+ ~SampleIterator() {
+ delete m_resolver;
+ }
+
+ bool next() {
+ if (m_done)
+ return false;
+ m_done = true;
+ return true;
+ }
+
+ int getVerificationDepth() const {
+ return 0;
+ }
+
+ const vector<XSECCryptoX509*>& getTrustAnchors() const {
+ return m_certs.v();
+ }
+
+ const vector<XSECCryptoX509CRL*>& getCRLs() const {
+ return m_crls;
+ }
+ };
+
+ PKIXValidationInfoIterator* getPKIXValidationInfoIterator(const RoleDescriptor& role) const {
+ return new SampleIterator();
+ }
+ };
+};
+
+class AbstractPKIXTrustEngineTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
+public:
+ void setUp() {
+ SAMLObjectBaseTestCase::setUp();
+ }
+
+ void tearDown() {
+ SAMLObjectBaseTestCase::tearDown();
+ }
+
+ void testExplicitKeyTrustEngine() {
+ string config = data_path + "security/FilesystemMetadataProvider.xml";
+ ifstream in(config.c_str());
+ DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
+ XercesJanitor<DOMDocument> janitor(doc);
+
+ auto_ptr_XMLCh path("path");
+ string s = data_path + "security/example-metadata.xml";
+ auto_ptr_XMLCh file(s.c_str());
+ doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());
+
+ // Build metadata provider.
+ auto_ptr<MetadataProvider> metadataProvider(
+ SAMLConfig::getConfig().MetadataProviderManager.newPlugin(FILESYSTEM_METADATA_PROVIDER,doc->getDocumentElement())
+ );
+ try {
+ metadataProvider->init();
+ }
+ catch (XMLToolingException& ex) {
+ TS_TRACE(ex.what());
+ throw;
+ }
+
+ // Build trust engine.
+ auto_ptr<opensaml::TrustEngine> trustEngine(new SampleTrustEngine());
+
+ // Get signed assertion.
+ config = data_path + "signature/SAML2Assertion.xml";
+ ifstream in2(config.c_str());
+ DOMDocument* doc2=XMLToolingConfig::getConfig().getParser().parse(in2);
+ XercesJanitor<DOMDocument> janitor2(doc2);
+ auto_ptr<Assertion> assertion(dynamic_cast<Assertion*>(XMLObjectBuilder::getBuilder(doc2->getDocumentElement())->buildFromDocument(doc2)));
+ janitor2.release();
+
+ Locker locker(metadataProvider.get());
+ const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor("https://idp.example.org");
+ TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
+
+ RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();
+ TSM_ASSERT("Role not present", role!=NULL);
+
+ Signature* sig=assertion->getSignature();
+ TSM_ASSERT("Signature not present", sig!=NULL);
+ TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));
+
+ descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org");
+ TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
+
+ role=descriptor->getIDPSSODescriptors().front();
+ TSM_ASSERT("Role not present", role!=NULL);
+
+ TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));
+ }
+};