projects / shibboleth / opensaml2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Additional signature tests, including nesting.
[shibboleth/opensaml2.git] / samltest / signature / SAML1RequestTest.h
1 /*\r
2  *  Copyright 2001-2005 Internet2\r
3  * \r
4  * Licensed under the Apache License, Version 2.0 (the "License");\r
5  * you may not use this file except in compliance with the License.\r
6  * You may obtain a copy of the License at\r
7  *\r
8  *     http://www.apache.org/licenses/LICENSE-2.0\r
9  *\r
10  * Unless required by applicable law or agreed to in writing, software\r
11  * distributed under the License is distributed on an "AS IS" BASIS,\r
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
13  * See the License for the specific language governing permissions and\r
14  * limitations under the License.\r
15  */\r
16 \r
17 #include "internal.h"\r
18 #include <saml/saml1/core/Protocols.h>\r
19 #include <saml/signature/SignatureProfileValidator.h>\r
20 \r
21 #include <xmltooling/signature/Signature.h>\r
22 \r
23 #include <fstream>\r
24 #include <openssl/pem.h>\r
25 #include <xercesc/util/XMLUniDefs.hpp>\r
26 #include <xsec/enc/XSECKeyInfoResolverDefault.hpp>\r
27 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>\r
28 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
29 #include <xsec/enc/XSECCryptoException.hpp>\r
30 #include <xsec/framework/XSECException.hpp>\r
31 \r
32 using namespace opensaml::saml1;\r
33 using namespace xmlsignature;\r
34 \r
35 class TestValidator : public Validator\r
36 {\r
37 public:\r
38     TestValidator() {}\r
39     virtual ~TestValidator() {}\r
40 \r
41     Validator* clone() const {\r
42         return new TestValidator();\r
43     }\r
44 \r
45     void validate(const XMLObject* xmlObject) const {\r
46         DSIGSignature* sig=dynamic_cast<const Signature*>(xmlObject)->getXMLSignature();\r
47         if (!sig)\r
48             throw SignatureException("Only a marshalled Signature object can be verified.");\r
49         XSECKeyInfoResolverDefault resolver;\r
50         sig->setKeyInfoResolver(&resolver); // It will clone the resolver for us.\r
51         try {\r
52             if (!sig->verify())\r
53                 throw SignatureException("Signature did not verify.");\r
54         }\r
55         catch(XSECException& e) {\r
56             auto_ptr_char temp(e.getMsg());\r
57             throw SignatureException(string("Caught an XMLSecurity exception verifying signature: ") + temp.get());\r
58         }\r
59         catch(XSECCryptoException& e) {\r
60             throw SignatureException(string("Caught an XMLSecurity exception verifying signature: ") + e.getMsg());\r
61         }\r
62     }\r
63 };\r
64 \r
65 class _addcert : public std::binary_function<X509Data*,XSECCryptoX509*,void> {\r
66 public:\r
67     void operator()(X509Data* bag, XSECCryptoX509* cert) const {\r
68         safeBuffer& buf=cert->getDEREncodingSB();\r
69         X509Certificate* x=X509CertificateBuilder::buildX509Certificate();\r
70         x->setValue(buf.sbStrToXMLCh());\r
71         bag->getX509Certificates().push_back(x);\r
72     }\r
73 };\r
74 \r
75 class SAML1RequestTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase {\r
76     XSECCryptoKey* m_key;\r
77     vector<XSECCryptoX509*> m_certs;\r
78 public:\r
79     void setUp() {\r
80         childElementsFile  = data_path + "signature/SAML1Request.xml";\r
81         SAMLObjectBaseTestCase::setUp();\r
82         string keypath=data_path + "key.pem";\r
83         BIO* in=BIO_new(BIO_s_file_internal());\r
84         if (in && BIO_read_filename(in,keypath.c_str())>0) {\r
85             EVP_PKEY* pkey=PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);\r
86             if (pkey) {\r
87                 m_key=new OpenSSLCryptoKeyRSA(pkey);\r
88                 EVP_PKEY_free(pkey);\r
89             }\r
90         }\r
91         if (in) BIO_free(in);\r
92         TS_ASSERT(m_key!=NULL);\r
93 \r
94         string certpath=data_path + "cert.pem";\r
95         in=BIO_new(BIO_s_file_internal());\r
96         if (in && BIO_read_filename(in,certpath.c_str())>0) {\r
97             X509* x=NULL;\r
98             while (x=PEM_read_bio_X509(in,NULL,NULL,NULL)) {\r
99                 m_certs.push_back(new OpenSSLCryptoX509(x));\r
100                 X509_free(x);\r
101             }\r
102         }\r
103         if (in) BIO_free(in);\r
104         TS_ASSERT(m_certs.size()>0);\r
105     }\r
106 \r
107     void tearDown() {\r
108         SAMLObjectBaseTestCase::tearDown();\r
109         delete m_key;\r
110         for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
111     }\r
112 \r
113     void testSignature() {\r
114         auto_ptr_XMLCh issueInstant("1970-01-02T01:01:02.100Z");\r
115         auto_ptr_XMLCh id("ident");\r
116         auto_ptr_XMLCh method("method");\r
117         auto_ptr_XMLCh nameid("John Doe");\r
118         \r
119         NameIdentifier* n=NameIdentifierBuilder::buildNameIdentifier();\r
120         n->setName(nameid.get());        \r
121         Subject* subject=SubjectBuilder::buildSubject();\r
122         subject->setNameIdentifier(n);\r
123 \r
124         AuthenticationQuery* query=AuthenticationQueryBuilder::buildAuthenticationQuery();\r
125         query->setAuthenticationMethod(method.get());\r
126         query->setSubject(subject);\r
127         \r
128         auto_ptr<Request> request(RequestBuilder::buildRequest());\r
129         request->setRequestID(id.get());\r
130         request->setIssueInstant(issueInstant.get());\r
131         request->setAuthenticationQuery(query);\r
132 \r
133         // Append a Signature.\r
134         Signature* sig=SignatureBuilder::buildSignature();\r
135         request->setSignature(sig);\r
136         sig->setSigningKey(m_key->clone());\r
137 \r
138         // Build KeyInfo.\r
139         KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();\r
140         X509Data* x509Data=X509DataBuilder::buildX509Data();\r
141         keyInfo->getX509Datas().push_back(x509Data);\r
142         for_each(m_certs.begin(),m_certs.end(),bind1st(_addcert(),x509Data));\r
143         sig->setKeyInfo(keyInfo);\r
144 \r
145         // Sign while marshalling.\r
146         vector<Signature*> sigs(1,sig);\r
147         DOMElement* rootElement = NULL;\r
148         try {\r
149             rootElement=request->marshall((DOMDocument*)NULL,&sigs);\r
150         }\r
151         catch (XMLToolingException& e) {\r
152             TS_TRACE(e.what());\r
153             throw;\r
154         }\r
155         \r
156         string buf;\r
157         XMLHelper::serialize(rootElement, buf);\r
158         istringstream in(buf);\r
159         DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
160         const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());\r
161 \r
162         assertEquals(expectedChildElementsDOM, b->buildFromDocument(doc));\r
163         \r
164         try {\r
165             request->getSignature()->registerValidator(new SignatureProfileValidator());\r
166             request->getSignature()->registerValidator(new TestValidator());\r
167             request->getSignature()->validate(true);\r
168         }\r
169         catch (XMLToolingException& e) {\r
170             TS_TRACE(e.what());\r
171             throw;\r
172         }\r
173     }\r
174 \r
175 };\r
Unnamed repository; edit this file 'description' to name the repository.