From 0a4143144486b90fa4b77b81c21187d1b8d8a17a Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Fri, 23 Jun 2006 20:02:59 +0000
Subject: [PATCH] Add SAML 2 signed assertion test.

---
 samltest/Makefile.am                       |   1 +
 samltest/data/signature/SAML2Assertion.xml |  32 +++++++++
 samltest/samltest.vcproj                   |  26 +++++++
 samltest/signature/SAML2AssertionTest.h    | 108 +++++++++++++++++++++++++++++
 4 files changed, 167 insertions(+)
 create mode 100644 samltest/data/signature/SAML2Assertion.xml
 create mode 100644 samltest/signature/SAML2AssertionTest.h

diff --git a/samltest/Makefile.am b/samltest/Makefile.am
index 7c519e5..f7594ae 100644
--- a/samltest/Makefile.am
+++ b/samltest/Makefile.am
@@ -12,6 +12,7 @@ samltest_h = \
     signature/SAML1AssertionTest.h \
     signature/SAML1RequestTest.h \
     signature/SAML1ResponseTest.h \
+    signature/SAML2AssertionTest.h \
     saml1/core/impl/ActionTest.h \
     saml1/core/impl/AdviceTest.h \
     saml1/core/impl/AssertionIDReferenceTest.h \
diff --git a/samltest/data/signature/SAML2Assertion.xml b/samltest/data/signature/SAML2Assertion.xml
new file mode 100644
index 0000000..ef2d5d5
--- /dev/null
+++ b/samltest/data/signature/SAML2Assertion.xml
@@ -0,0 +1,32 @@
+<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ident" IssueInstant="1970-01-02T01:01:02.100Z"
+Version="2.0"><saml:Issuer>issuer</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<ds:Reference URI="#ident">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<ds:DigestValue>8DSEsWJl4wOiwY15f7fAurDWpbo=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>zgKU42nQKyB9m8RkDz1I2r7h0N9pc5ys9kve7oN9/Dugrn583/3bMgQBfk1rw4Pq
+BfztAZNcf2lstzvgpVB9fVTsTUuEDtT0mhc+f5t8kbCkABGu0SrfCnDjbYpmEeLC
+j8rJO4aSZIV4tN21aAkQyys28l4oB3KGTTDASjEPVgQ=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV
+BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu
+b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC
+VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
+/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
+qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
+7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p
+JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw
+CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt
+cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
+gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC
+LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p
+gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID>John Doe</saml:NameID></saml:Subject><saml:AuthnStatement
+AuthnInstant="1970-01-02T01:01:02.100Z"><saml:AuthnContext><saml:AuthnContextClassRef>method</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
\ No newline at end of file
diff --git a/samltest/samltest.vcproj b/samltest/samltest.vcproj
index 5aca512..6543228 100644
--- a/samltest/samltest.vcproj
+++ b/samltest/samltest.vcproj
@@ -249,6 +249,10 @@
 					RelativePath=".\signature\SAML1ResponseTest.cpp"
 					>
 				</File>
+				<File
+					RelativePath=".\signature\SAML2AssertionTest.cpp"
+					>
+				</File>
 			</Filter>
 		</Filter>
 		<Filter
@@ -584,6 +588,28 @@
 					</FileConfiguration>
 				</File>
 				<File
+					RelativePath=".\signature\SAML2AssertionTest.h"
+					>
+					<FileConfiguration
+						Name="Debug|Win32"
+						>
+						<Tool
+							Name="VCCustomBuildTool"
+							CommandLine="\perl\bin\perl.exe -w \cxxtest\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o &quot;$(InputDir)$(InputName)&quot;.cpp &quot;$(InputPath)&quot;"
+							Outputs="&quot;$(InputDir)$(InputName)&quot;.cpp"
+						/>
+					</FileConfiguration>
+					<FileConfiguration
+						Name="Release|Win32"
+						>
+						<Tool
+							Name="VCCustomBuildTool"
+							CommandLine="\perl\bin\perl.exe -w \cxxtest\cxxtestgen.pl --part --have-eh --have-std --abort-on-fail -o &quot;$(InputDir)$(InputName)&quot;.cpp &quot;$(InputPath)&quot;"
+							Outputs="&quot;$(InputDir)$(InputName)&quot;.cpp"
+						/>
+					</FileConfiguration>
+				</File>
+				<File
 					RelativePath=".\signature\SAMLSignatureTestBase.h"
 					>
 				</File>
diff --git a/samltest/signature/SAML2AssertionTest.h b/samltest/signature/SAML2AssertionTest.h
new file mode 100644
index 0000000..124ade2
--- /dev/null
+++ b/samltest/signature/SAML2AssertionTest.h
@@ -0,0 +1,108 @@
+/*
+ *  Copyright 2001-2005 Internet2
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "signature/SAMLSignatureTestBase.h"
+#include <saml/saml2/core/Assertions.h>
+
+#include <fstream>
+
+using namespace opensaml::saml2;
+
+class SAML2AssertionTest : public CxxTest::TestSuite, public SAMLSignatureTestBase {
+public:
+    void setUp() {
+        childElementsFile  = data_path + "signature/SAML2Assertion.xml";
+        SAMLSignatureTestBase::setUp();
+    }
+
+    void tearDown() {
+        SAMLSignatureTestBase::tearDown();
+    }
+
+    void testSignature() {
+        auto_ptr_XMLCh issuer("issuer");
+        auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z");
+        auto_ptr_XMLCh id("ident");
+        auto_ptr_XMLCh method("method");
+        auto_ptr_XMLCh nameid("John Doe");
+        
+        Issuer* is=IssuerBuilder::buildIssuer();
+        is->setName(issuer.get());
+
+        NameID* n=NameIDBuilder::buildNameID();
+        n->setName(nameid.get());        
+        Subject* subject=SubjectBuilder::buildSubject();
+        subject->setNameID(n);
+
+        AuthnStatement* statement=AuthnStatementBuilder::buildAuthnStatement();
+        statement->setAuthnInstant(issueInstant.get());
+
+        AuthnContext* ac=AuthnContextBuilder::buildAuthnContext();
+        AuthnContextClassRef* acc=AuthnContextClassRefBuilder::buildAuthnContextClassRef();
+        acc->setReference(method.get());
+        ac->setAuthnContextClassRef(acc);
+        statement->setAuthnContext(ac);
+        
+        auto_ptr<Assertion> assertion(AssertionBuilder::buildAssertion());
+        assertion->setID(id.get());
+        assertion->setIssueInstant(issueInstant.get());
+        assertion->setIssuer(is);
+        assertion->setSubject(subject);
+        assertion->getAuthnStatements().push_back(statement);
+
+        // Append a Signature.
+        Signature* sig=SignatureBuilder::buildSignature();
+        assertion->setSignature(sig);
+        sig->setSigningKey(m_key->clone());
+
+        // Build KeyInfo.
+        KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();
+        X509Data* x509Data=X509DataBuilder::buildX509Data();
+        keyInfo->getX509Datas().push_back(x509Data);
+        for_each(m_certs.begin(),m_certs.end(),bind1st(_addcert(),x509Data));
+        sig->setKeyInfo(keyInfo);
+
+        // Sign while marshalling.
+        vector<Signature*> sigs(1,sig);
+        DOMElement* rootElement = NULL;
+        try {
+            rootElement=assertion->marshall((DOMDocument*)NULL,&sigs);
+        }
+        catch (XMLToolingException& e) {
+            TS_TRACE(e.what());
+            throw;
+        }
+        
+        string buf;
+        XMLHelper::serialize(rootElement, buf);
+        istringstream in(buf);
+        DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);
+        const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
+        
+        assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));
+        
+        try {
+            assertion->getSignature()->registerValidator(new SignatureProfileValidator());
+            assertion->getSignature()->registerValidator(new SignatureValidator(new KeyResolver(m_key->clone())));
+            assertion->getSignature()->validate(true);
+        }
+        catch (XMLToolingException& e) {
+            TS_TRACE(e.what());
+            throw;
+        }
+    }
+
+};
-- 
2.1.4