--- /dev/null
+/*
+ * Copyright 2001-2007 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file saml/Assertion.h
+ *
+ * Base class for SAML assertions.
+ */
+
+#ifndef __saml_assertion_h__
+#define __saml_assertion_h__
+
+#include <saml/RootObject.h>
+
+namespace opensaml {
+
+ /**
+ * Base class for SAML assertions.
+ * Currently just a marker interface.
+ */
+ class SAML_API Assertion : public virtual RootObject
+ {
+ public:
+ virtual ~Assertion() {}
+ protected:
+ Assertion() {}
+ };
+
+};
+
+#endif /* __saml_assertion_h__ */
saml2mdincludedir = $(includedir)/saml/saml2/metadata
libsamlinclude_HEADERS = \
+ Assertion.h \
base.h \
exceptions.h \
version.h \
* Base class for SAML objects at the root of core schemas.
* Root objects are signable, and have message identifiers and timestamps.
*/
- class SAML_API RootObject : public virtual SignableObject
+ class SAML_API RootObject : public SignableObject
{
public:
virtual ~RootObject() {}
/**
- * Indicates whether the object is an assertion.
- *
- * @return true iff the object is an assertion
- */
- virtual bool isAssertion() const {
- return false;
- }
-
- /**
* Returns the unique SAML ID of the object.
*
* @return the unique SAML ID
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
>\r
<File\r
+ RelativePath=".\Assertion.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\base.h"\r
>\r
</File>\r
#ifndef __saml1_assertions_h__
#define __saml1_assertions_h__
-#include <saml/RootObject.h>
+#include <saml/Assertion.h>
#include <saml/util/SAMLConstants.h>
#include <xmltooling/ElementProxy.h>
static const XMLCh TYPE_NAME[];
END_XMLOBJECT;
- BEGIN_XMLOBJECT(SAML_API,Assertion,RootObject,SAML 1.x Assertion element);
- bool isAssertion() const {
- return true;
- }
+ BEGIN_XMLOBJECT(SAML_API,Assertion,opensaml::Assertion,SAML 1.x Assertion element);
DECL_INTEGER_ATTRIB(MinorVersion,MINORVERSION);
DECL_STRING_ATTRIB(AssertionID,ASSERTIONID);
DECL_STRING_ATTRIB(Issuer,ISSUER);
#include <xercesc/util/XMLUniDefs.hpp>
using namespace opensaml::saml1;
-using namespace opensaml;
using namespace xmlsignature;
using namespace xmltooling;
using namespace std;
using namespace opensaml::saml1p;
using namespace opensaml::saml1;
-using namespace opensaml;
using namespace xmlsignature;
using namespace xmltooling;
using namespace std;
init();
if (src.getStatus())
setStatus(src.getStatus()->cloneStatus());
- VectorOf(Assertion) v=getAssertions();
- for (vector<Assertion*>::const_iterator i=src.m_Assertions.begin(); i!=src.m_Assertions.end(); i++) {
+ VectorOf(saml1::Assertion) v=getAssertions();
+ for (vector<saml1::Assertion*>::const_iterator i=src.m_Assertions.begin(); i!=src.m_Assertions.end(); i++) {
if (*i) {
v.push_back((*i)->cloneAssertion());
}
return cloneResponse();
}
IMPL_TYPED_CHILD(Status);
- IMPL_TYPED_CHILDREN(Assertion, m_children.end());
+ IMPL_TYPED_FOREIGN_CHILDREN(Assertion,saml1,m_children.end());
protected:
void processChildElement(XMLObject* childXMLObject, const DOMElement* root) {
PROC_TYPED_CHILD(Status,SAML1P_NS,false);
- PROC_TYPED_CHILDREN(Assertion,SAML1_NS,true);
+ PROC_TYPED_FOREIGN_CHILDREN(Assertion,saml1,SAML1_NS,true);
ResponseAbstractTypeImpl::processChildElement(childXMLObject,root);
}
};
}
else if (XMLString::equals(q.getLocalPart(), Response::LOCAL_NAME)) {
// No issuer in the message, so we have to try the Response approach.
- const vector<Assertion*>& assertions = dynamic_cast<const Response&>(samlRoot).getAssertions();
+ const vector<saml2::Assertion*>& assertions = dynamic_cast<const Response&>(samlRoot).getAssertions();
if (!assertions.empty()) {
issuer = assertions.front()->getIssuer();
if (issuer && issuer->getName()) {
#ifndef __saml2_assertions_h__
#define __saml2_assertions_h__
-#include <saml/RootObject.h>
+#include <saml/Assertion.h>
#include <saml/util/SAMLConstants.h>
#include <xmltooling/XMLObjectBuilder.h>
virtual Issuer* getIssuer() const=0;
};
- BEGIN_XMLOBJECT(SAML_API,Assertion,saml2::RootObject,SAML 2.0 Assertion element);
- bool isAssertion() const {
- return true;
- }
+ BEGIN_XMLOBJECT2(SAML_API,Assertion,saml2::RootObject,opensaml::Assertion,SAML 2.0 Assertion element);
DECL_INHERITED_STRING_ATTRIB(Version,VER);
DECL_INHERITED_STRING_ATTRIB(ID,ID);
DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
#include <xercesc/util/XMLUniDefs.hpp>
using namespace opensaml::saml2;
-using namespace opensaml;
using namespace xmlencryption;
using namespace xmlsignature;
using namespace xmltooling;
using namespace opensaml::saml2p;
using namespace opensaml::saml2;
-using namespace opensaml;
using namespace xmlsignature;
using namespace xmlencryption;
using namespace xmltooling;
ResponseImpl(const ResponseImpl& src) : AbstractXMLObject(src), StatusResponseTypeImpl(src) {
for (list<XMLObject*>::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) {
if (*i) {
- Assertion* assertion=dynamic_cast<Assertion*>(*i);
+ saml2::Assertion* assertion=dynamic_cast<saml2::Assertion*>(*i);
if (assertion) {
getAssertions().push_back(assertion->cloneAssertion());
continue;
#include <xmltooling/security/TrustEngine.h>\r
\r
using namespace opensaml::saml2md;\r
+using namespace opensaml;\r
using namespace xmlsignature;\r
\r
class SAMLBindingBaseTestCase : public HTTPRequest, public HTTPResponse\r
* limitations under the License.
*/
-#ifdef WIN32\r
-# define _CRT_SECURE_NO_DEPRECATE 1\r
-# define _CRT_NONSTDC_NO_DEPRECATE 1\r
-#endif\r
+#ifdef WIN32
+# define _CRT_SECURE_NO_DEPRECATE 1
+# define _CRT_NONSTDC_NO_DEPRECATE 1
+#endif
#include <cxxtest/TestSuite.h>
#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/validation/Validator.h>
-using namespace opensaml;
using namespace xmltooling;
using namespace std;
void testSAML1Artifact() {\r
try {\r
QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);\r
- SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust);\r
+ SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust, false);\r
\r
// Read message to use from file.\r
string path = data_path + "saml1/binding/SAML1Assertion.xml";\r
ifstream in(path.c_str());\r
DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
XercesJanitor<DOMDocument> janitor(doc);\r
- auto_ptr<Assertion> toSend(\r
- dynamic_cast<Assertion*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))\r
+ auto_ptr<saml1::Assertion> toSend(\r
+ dynamic_cast<saml1::Assertion*>(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true))\r
);\r
janitor.release();\r
\r
TSM_ASSERT_EQUALS("Too many artifacts.", artifacts.size(), 1);\r
XMLObject* xmlObject =\r
SAMLConfig::getConfig().getArtifactMap()->retrieveContent(artifacts.front(), "https://sp.example.org/");\r
- Assertion* assertion = dynamic_cast<Assertion*>(xmlObject);\r
+ saml1::Assertion* assertion = dynamic_cast<saml1::Assertion*>(xmlObject);\r
TSM_ASSERT("Not an assertion.", assertion!=NULL);\r
auto_ptr<Response> response(ResponseBuilder::buildResponse());\r
response->getAssertions().push_back(assertion);\r
void testSAML1POST() {
try {
QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
- SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust);
+ SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust, false);
// Read message to use from file.
string path = data_path + "saml1/binding/SAML1Response.xml";
// Test the results.
TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state");
TSM_ASSERT("SAML Response not decoded successfully.", response.get());
- TSM_ASSERT("Message was not verified.", policy.isSecure());\r
+ TSM_ASSERT("Message was not verified.", policy.isSecure());
auto_ptr_char entityID(policy.getIssuer()->getName());
TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
void testSAML2Artifact() {\r
try {\r
QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);\r
- SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust);\r
+ SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false);\r
\r
// Read message to use from file.\r
string path = data_path + "saml2/binding/SAML2Response.xml";\r
void testSAML2POST() {
try {
QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
- SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust);
+ SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false);
// Read message to use from file.
string path = data_path + "saml2/binding/SAML2Response.xml";
// Test the results.
TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
TSM_ASSERT("SAML Response not decoded successfully.", response.get());
- TSM_ASSERT("Message was not verified.", policy.isSecure());\r
+ TSM_ASSERT("Message was not verified.", policy.isSecure());
auto_ptr_char entityID(policy.getIssuer()->getName());
TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
void testSAML2POSTSimpleSign() {
try {
QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
- SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust);
+ SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false);
// Read message to use from file.
string path = data_path + "saml2/binding/SAML2Response.xml";
// Test the results.
TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
TSM_ASSERT("SAML Response not decoded successfully.", response.get());
- TSM_ASSERT("Message was not verified.", policy.isSecure());\r
+ TSM_ASSERT("Message was not verified.", policy.isSecure());
auto_ptr_char entityID(policy.getIssuer()->getName());
TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
void testSAML2Redirect() {
try {
QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME);
- SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust);
+ SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false);
// Read message to use from file.
string path = data_path + "saml2/binding/SAML2Response.xml";
// Test the results.
TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state");
TSM_ASSERT("SAML Response not decoded successfully.", response.get());
- TSM_ASSERT("Message was not verified.", policy.isSecure());\r
+ TSM_ASSERT("Message was not verified.", policy.isSecure());
auto_ptr_char entityID(policy.getIssuer()->getName());
TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/"));
TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1);
using namespace opensaml::saml2md;
using namespace opensaml::saml2p;
+using namespace opensaml;
class XMLMetadataProviderTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {
XMLCh* entityID;
#include <xmltooling/util/ReplayCache.h>
#include <xmltooling/util/TemplateEngine.h>
+using namespace opensaml;
+
//#define SAML_LEAKCHECK
std::string data_path = "../samltest/data/";
// Build metadata provider.
auto_ptr<MetadataProvider> metadataProvider(
- SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
+ opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
);
try {
metadataProvider->init();
// Build metadata provider.
auto_ptr<MetadataProvider> metadataProvider(
- SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
+ opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement())
);
try {
metadataProvider->init();
assertEquals("Unmarshalled assertion does not match", expectedChildElementsDOM, assertion2.get(), false);
try {
- SignatureProfileValidator spv;
+ opensaml::SignatureProfileValidator spv;
SignatureValidator sv(new KeyResolver(m_resolver->getKey()));
spv.validate(dynamic_cast<Assertion*>(assertion2.get())->getSignature());
sv.validate(dynamic_cast<Assertion*>(assertion2.get())->getSignature());
assertEquals("Unmarshalled request does not match", expectedChildElementsDOM, request2.get(), false);
try {
- SignatureProfileValidator spv;
+ opensaml::SignatureProfileValidator spv;
SignatureValidator sv(new KeyResolver(m_resolver->getKey()));
spv.validate(dynamic_cast<Request*>(request2.get())->getSignature());
sv.validate(dynamic_cast<Request*>(request2.get())->getSignature());
assertEquals("Unmarshalled response does not match", expectedChildElementsDOM, response2.get(), false);
try {
- SignatureProfileValidator spv;
+ opensaml::SignatureProfileValidator spv;
spv.validate(dynamic_cast<Response*>(response2.get())->getAssertions().front()->getSignature());
spv.validate(dynamic_cast<Response*>(response2.get())->getSignature());
assertEquals("Unmarshalled assertion does not match", expectedChildElementsDOM, assertion2.get(), false);
try {
- SignatureProfileValidator spv;
+ opensaml::SignatureProfileValidator spv;
SignatureValidator sv(new KeyResolver(m_resolver->getKey()));
spv.validate(dynamic_cast<Assertion*>(assertion2.get())->getSignature());
sv.validate(dynamic_cast<Assertion*>(assertion2.get())->getSignature());