+/*\r
+ * Copyright 2001-2005 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+#include "internal.h"\r
+#include <saml/saml1/core/Assertions.h>\r
+#include <saml/signature/SigningContext.h>\r
+#include <saml/signature/VerifyingContext.h>\r
+\r
+using namespace opensaml::saml1;\r
+\r
+#include <fstream>\r
+#include <openssl/pem.h>\r
+#include <xercesc/util/XMLUniDefs.hpp>\r
+#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>\r
+#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>\r
+#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
+#include <xmltooling/signature/Signature.h>\r
+\r
+class TestContext : public VerifyingContext\r
+{\r
+ SigningContext* m_signing;\r
+ vector<XSECCryptoX509*> m_certs;\r
+public:\r
+ TestContext(const XMLCh* uri) : VerifyingContext(uri), m_signing(NULL) {\r
+ OpenSSLCryptoKeyRSA* key=NULL;\r
+ string keypath=data_path + "key.pem";\r
+ BIO* in=BIO_new(BIO_s_file_internal());\r
+ if (in && BIO_read_filename(in,keypath.c_str())>0) {\r
+ EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);\r
+ if (pkey) {\r
+ key=new OpenSSLCryptoKeyRSA(pkey);\r
+ EVP_PKEY_free(pkey);\r
+ }\r
+ }\r
+ if (in) BIO_free(in);\r
+ TS_ASSERT(key!=NULL);\r
+\r
+ string certpath=data_path + "cert.pem";\r
+ in=BIO_new(BIO_s_file_internal());\r
+ if (in && BIO_read_filename(in,certpath.c_str())>0) {\r
+ X509* x=NULL;\r
+ while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) {\r
+ m_certs.push_back(new OpenSSLCryptoX509(x));\r
+ X509_free(x);\r
+ }\r
+ }\r
+ if (in) BIO_free(in);\r
+ TS_ASSERT(m_certs.size()>0);\r
+ m_signing=new SigningContext(uri, key, &m_certs);\r
+ }\r
+ \r
+ virtual ~TestContext() {\r
+ delete m_signing;\r
+ for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
+ }\r
+ \r
+ SigningContext* getSigningContext() { return m_signing; }\r
+ \r
+ void verifySignature(DSIGSignature* sig) const {\r
+ VerifyingContext::verifySignature(sig);\r
+ sig->setSigningKey(NULL);\r
+ XSECKeyInfoResolverDefault resolver;\r
+ sig->setKeyInfoResolver(&resolver);\r
+ sig->verify();\r
+ }\r
+};\r
+\r
+class SAML1AssertionTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {\r
+public:\r
+ void setUp() {\r
+ childElementsFile = data_path + "signature/SAML1Assertion.xml";\r
+ SAMLObjectBaseTestCase::setUp();\r
+ }\r
+\r
+ void tearDown() {\r
+ SAMLObjectBaseTestCase::tearDown();\r
+ }\r
+\r
+ void testSignature() {\r
+ auto_ptr_XMLCh issuer("issuer");\r
+ auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z");\r
+ auto_ptr_XMLCh id("ident");\r
+ auto_ptr_XMLCh method("method");\r
+ auto_ptr_XMLCh nameid("John Doe");\r
+ \r
+ NameIdentifier* n=NameIdentifierBuilder::buildNameIdentifier();\r
+ n->setName(nameid.get()); \r
+ Subject* subject=SubjectBuilder::buildSubject();\r
+ subject->setNameIdentifier(n);\r
+\r
+ AuthenticationStatement* statement=AuthenticationStatementBuilder::buildAuthenticationStatement();\r
+ statement->setAuthenticationInstant(issueInstant.get());\r
+ statement->setAuthenticationMethod(method.get());\r
+ statement->setSubject(subject);\r
+ \r
+ auto_ptr<Assertion> assertion(AssertionBuilder::buildAssertion());\r
+ assertion->setAssertionID(id.get());\r
+ assertion->setIssueInstant(issueInstant.get());\r
+ assertion->setIssuer(issuer.get());\r
+ assertion->getAuthenticationStatements().push_back(statement);\r
+\r
+ // Append a Signature.\r
+ xmlsignature::Signature* sig=xmlsignature::SignatureBuilder::newSignature();\r
+ assertion->setSignature(sig);\r
+ \r
+ // Signing context for the assertion.\r
+ TestContext tc(id.get());\r
+ MarshallingContext mctx(sig,tc.getSigningContext());\r
+ DOMElement* rootElement = assertion->marshall((DOMDocument*)NULL,&mctx);\r
+ \r
+ string buf;\r
+ XMLHelper::serialize(rootElement, buf);\r
+ istringstream in(buf);\r
+ DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
+ const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());\r
+ \r
+ assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));\r
+ \r
+ try {\r
+ assertion->getSignature()->verify(tc);\r
+ }\r
+ catch (xmlsignature::SignatureException& e) {\r
+ TS_TRACE(e.what());\r
+ throw;\r
+ }\r
+ }\r
+\r
+};\r