Alter trust engine test to leverage KeyInfoReference.

[shibboleth/cpp-opensaml.git] / samltest / security / ExplicitKeyTrustEngineTest.h

diff --git a/samltest/security/ExplicitKeyTrustEngineTest.h b/samltest/security/ExplicitKeyTrustEngineTest.h
index a172a49..b43de44 100644 (file)
--- a/samltest/security/ExplicitKeyTrustEngineTest.h
+++ b/samltest/security/ExplicitKeyTrustEngineTest.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2010 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,8 +18,9 @@
 #include <saml/SAMLConfig.h>
 #include <saml/saml2/core/Assertions.h>
 #include <saml/saml2/metadata/Metadata.h>
+#include <saml/saml2/metadata/MetadataCredentialCriteria.h>
 #include <saml/saml2/metadata/MetadataProvider.h>
-#include <xmltooling/security/TrustEngine.h>
+#include <xmltooling/security/SignatureTrustEngine.h>
 
 using namespace opensaml::saml2;
 using namespace opensaml::saml2md;
@@ -44,7 +45,7 @@ public:
         auto_ptr_XMLCh path("path");
         string s = data_path + "security/example-metadata.xml";
         auto_ptr_XMLCh file(s.c_str());
-        doc->getDocumentElement()->setAttributeNS(NULL,path.get(),file.get());
+        doc->getDocumentElement()->setAttributeNS(nullptr,path.get(),file.get());
 
         // Build metadata provider.
         auto_ptr<MetadataProvider> metadataProvider(
@@ -60,7 +61,7 @@ public:
         
         // Build trust engine.
         auto_ptr<TrustEngine> trustEngine(
-            XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, NULL)
+            XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, nullptr)
             );
         
         // Get signed assertion.
@@ -72,22 +73,27 @@ public:
         janitor2.release();
 
         Locker locker(metadataProvider.get());
-        const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor("https://idp.example.org");
-        TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
+        const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria("https://idp3.example.org")).first;
+        TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
         
         RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();
-        TSM_ASSERT("Role not present", role!=NULL);
+        TSM_ASSERT("Role not present", role!=nullptr);
         
         Signature* sig=assertion->getSignature();
-        TSM_ASSERT("Signature not present", sig!=NULL);
-        TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));
+        TSM_ASSERT("Signature not present", sig!=nullptr);
 
-        descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org");
-        TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);
+        MetadataCredentialCriteria cc(*role);
+        cc.setPeerName("https://idp3.example.org");
+        TSM_ASSERT("Signature failed to validate.", dynamic_cast<SignatureTrustEngine*>(trustEngine.get())->validate(*sig, *metadataProvider, &cc));
+
+        descriptor = metadataProvider->getEntityDescriptor(MetadataProvider::Criteria("https://idp2.example.org")).first;
+        TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=nullptr);
         
         role=descriptor->getIDPSSODescriptors().front();
-        TSM_ASSERT("Role not present", role!=NULL);
+        TSM_ASSERT("Role not present", role!=nullptr);
 
-        TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));
+        MetadataCredentialCriteria cc2(*role);
+        cc2.setPeerName("https://idp2.example.org");
+        TSM_ASSERT("Signature validated.", !dynamic_cast<SignatureTrustEngine*>(trustEngine.get())->validate(*sig, *metadataProvider, &cc2));
     }
 };