Add SAML 2 signed assertion test.

diff --git a/samltest/Makefile.am b/samltest/Makefile.am
index 7c519e5..f7594ae 100644 (file)
--- a/samltest/Makefile.am
+++ b/samltest/Makefile.am
@@ -12,6 +12,7 @@ samltest_h = \
     signature/SAML1AssertionTest.h \
     signature/SAML1RequestTest.h \
     signature/SAML1ResponseTest.h \
+    signature/SAML2AssertionTest.h \
     saml1/core/impl/ActionTest.h \
     saml1/core/impl/AdviceTest.h \
     saml1/core/impl/AssertionIDReferenceTest.h \

diff --git a/samltest/data/signature/SAML2Assertion.xml b/samltest/data/signature/SAML2Assertion.xml
new file mode 100644 (file)
index 0000000..ef2d5d5
--- /dev/null
+++ b/samltest/data/signature/SAML2Assertion.xml
@@ -0,0 +1,32 @@
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z"
+Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<ds:Reference URI="#ident">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<ds:DigestValue>8DSEsWJl4wOiwY15f7fAurDWpbo=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>zgKU42nQKyB9m8RkDz1I2r7h0N9pc5ys9kve7oN9/Dugrn583/3bMgQBfk1rw4Pq
+BfztAZNcf2lstzvgpVB9fVTsTUuEDtT0mhc+f5t8kbCkABGu0SrfCnDjbYpmEeLC
+j8rJO4aSZIV4tN21aAkQyys28l4oB3KGTTDASjEPVgQ=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
+BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
+b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
+VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
+/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
+qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
+7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p
+JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw
+CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt
+cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
+gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
+LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
+gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement
+AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
\ No newline at end of file

diff --git a/samltest/samltest.vcproj b/samltest/samltest.vcproj
index 5aca512..6543228 100644 (file)
--- a/samltest/samltest.vcproj
+++ b/samltest/samltest.vcproj
@@ -249,6 +249,10 @@
                                        RelativePath=".\signature\SAML1ResponseTest.cpp"\r
                                        >\r
                                </File>\r
+                               <File\r
+                                       RelativePath=".\signature\SAML2AssertionTest.cpp"\r
+                                       >\r
+                               </File>\r
                        </Filter>\r
                </Filter>\r
                <Filter\r
@@ -584,6 +588,28 @@
                                        </FileConfiguration>\r
                                </File>\r
                                <File\r
+                                       RelativePath=".\signature\SAML2AssertionTest.h"\r
+                                       >\r
+                                       <FileConfiguration\r
+                                               Name="Debug|Win32"\r
+                                               >\r
+                                               <Tool\r
+                                                       Name="VCCustomBuildTool"\r
+                                                       CommandLine="\perl\bin\perl.exe -w \cxxtest\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o &quot;$(InputDir)$(InputName)&quot;.cpp &quot;$(InputPath)&quot;"\r
+                                                       Outputs="&quot;$(InputDir)$(InputName)&quot;.cpp"\r
+                                               />\r
+                                       </FileConfiguration>\r
+                                       <FileConfiguration\r
+                                               Name="Release|Win32"\r
+                                               >\r
+                                               <Tool\r
+                                                       Name="VCCustomBuildTool"\r
+                                                       CommandLine="\perl\bin\perl.exe -w \cxxtest\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o &quot;$(InputDir)$(InputName)&quot;.cpp &quot;$(InputPath)&quot;"\r
+                                                       Outputs="&quot;$(InputDir)$(InputName)&quot;.cpp"\r
+                                               />\r
+                                       </FileConfiguration>\r
+                               </File>\r
+                               <File\r
                                        RelativePath=".\signature\SAMLSignatureTestBase.h"\r
                                        >\r
                                </File>\r

diff --git a/samltest/signature/SAML2AssertionTest.h b/samltest/signature/SAML2AssertionTest.h
new file mode 100644 (file)
index 0000000..124ade2
--- /dev/null
+++ b/samltest/signature/SAML2AssertionTest.h
@@ -0,0 +1,108 @@
+/*\r
+ *  Copyright 2001-2005 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ *     http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+#include "signature/SAMLSignatureTestBase.h"\r
+#include <saml/saml2/core/Assertions.h>\r
+\r
+#include <fstream>\r
+\r
+using namespace opensaml::saml2;\r
+\r
+class SAML2AssertionTest : public CxxTest::TestSuite, public SAMLSignatureTestBase {\r
+public:\r
+    void setUp() {\r
+        childElementsFile  = data_path + "signature/SAML2Assertion.xml";\r
+        SAMLSignatureTestBase::setUp();\r
+    }\r
+\r
+    void tearDown() {\r
+        SAMLSignatureTestBase::tearDown();\r
+    }\r
+\r
+    void testSignature() {\r
+        auto_ptr_XMLCh issuer("issuer");\r
+        auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z");\r
+        auto_ptr_XMLCh id("ident");\r
+        auto_ptr_XMLCh method("method");\r
+        auto_ptr_XMLCh nameid("John Doe");\r
+        \r
+        Issuer* is=IssuerBuilder::buildIssuer();\r
+        is->setName(issuer.get());\r
+\r
+        NameID* n=NameIDBuilder::buildNameID();\r
+        n->setName(nameid.get());        \r
+        Subject* subject=SubjectBuilder::buildSubject();\r
+        subject->setNameID(n);\r
+\r
+        AuthnStatement* statement=AuthnStatementBuilder::buildAuthnStatement();\r
+        statement->setAuthnInstant(issueInstant.get());\r
+\r
+        AuthnContext* ac=AuthnContextBuilder::buildAuthnContext();\r
+        AuthnContextClassRef* acc=AuthnContextClassRefBuilder::buildAuthnContextClassRef();\r
+        acc->setReference(method.get());\r
+        ac->setAuthnContextClassRef(acc);\r
+        statement->setAuthnContext(ac);\r
+        \r
+        auto_ptr<Assertion> assertion(AssertionBuilder::buildAssertion());\r
+        assertion->setID(id.get());\r
+        assertion->setIssueInstant(issueInstant.get());\r
+        assertion->setIssuer(is);\r
+        assertion->setSubject(subject);\r
+        assertion->getAuthnStatements().push_back(statement);\r
+\r
+        // Append a Signature.\r
+        Signature* sig=SignatureBuilder::buildSignature();\r
+        assertion->setSignature(sig);\r
+        sig->setSigningKey(m_key->clone());\r
+\r
+        // Build KeyInfo.\r
+        KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();\r
+        X509Data* x509Data=X509DataBuilder::buildX509Data();\r
+        keyInfo->getX509Datas().push_back(x509Data);\r
+        for_each(m_certs.begin(),m_certs.end(),bind1st(_addcert(),x509Data));\r
+        sig->setKeyInfo(keyInfo);\r
+\r
+        // Sign while marshalling.\r
+        vector<Signature*> sigs(1,sig);\r
+        DOMElement* rootElement = NULL;\r
+        try {\r
+            rootElement=assertion->marshall((DOMDocument*)NULL,&sigs);\r
+        }\r
+        catch (XMLToolingException& e) {\r
+            TS_TRACE(e.what());\r
+            throw;\r
+        }\r
+        \r
+        string buf;\r
+        XMLHelper::serialize(rootElement, buf);\r
+        istringstream in(buf);\r
+        DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
+        const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());\r
+        \r
+        assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));\r
+        \r
+        try {\r
+            assertion->getSignature()->registerValidator(new SignatureProfileValidator());\r
+            assertion->getSignature()->registerValidator(new SignatureValidator(new KeyResolver(m_key->clone())));\r
+            assertion->getSignature()->validate(true);\r
+        }\r
+        catch (XMLToolingException& e) {\r
+            TS_TRACE(e.what());\r
+            throw;\r
+        }\r
+    }\r
+\r
+};\r