END_TEST START_TEST(test06_lib_statuscode) { /* check status code value in samlp:Response; it is a QName, if it * starts with lib:, that namespace must be defined. (was bug#416) */ LassoSamlpResponse *response = LASSO_SAMLP_RESPONSE(lasso_samlp_response_new()); char *dump = NULL; lasso_assign_string(response->Status->StatusCode->Value, LASSO_SAML_STATUS_CODE_SUCCESS); dump = lasso_node_dump(LASSO_NODE(response)); fail_unless(strstr(dump, "xmlns:lib=") == NULL, "liberty namespace should not be defined"); lasso_release_string(dump); lasso_assign_string(response->Status->StatusCode->Value, LASSO_SAML_STATUS_CODE_RESPONDER); response->Status->StatusCode->StatusCode = lasso_samlp_status_code_new(); response->Status->StatusCode->StatusCode->Value = g_strdup( LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL); dump = lasso_node_dump(LASSO_NODE(response)); fail_unless(strstr(dump, "xmlns:lib=") != NULL, "liberty namespace should be defined"); lasso_release_string(dump); g_object_unref(response); }
END_TEST START_TEST(test03_server_new_from_dump) { LassoServer *server1, *server2; char *dump; server1 = lasso_server_new( TESTSDATADIR "/idp1-la/metadata.xml", TESTSDATADIR "/idp1-la/private-key-raw.pem", NULL, /* Secret key to unlock private key */ TESTSDATADIR "/idp1-la/certificate.pem"); lasso_server_add_provider( server1, LASSO_PROVIDER_ROLE_SP, TESTSDATADIR "/sp1-la/metadata.xml", TESTSDATADIR "/sp1-la/public-key.pem", TESTSDATADIR "/ca1-la/certificate.pem"); dump = lasso_node_dump(LASSO_NODE(server1)); server2 = lasso_server_new_from_dump(dump); g_free(dump); dump = lasso_node_dump(LASSO_NODE(server2)); g_object_unref(server1); g_object_unref(server2); g_free(dump); }
END_TEST START_TEST(test04_node_new_from_dump) { LassoNode *node; char *msg = \ "<lib:LogoutRequest xmlns:lib=\"urn:liberty:iff:2003-08\" "\ "xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" "\ "RequestID=\"_52EDD5A8A0BF74977C0A16B827CA4229\" MajorVersion=\"1\" "\ "MinorVersion=\"2\" IssueInstant=\"2004-12-04T11:05:26Z\">" \ "<lib:ProviderID>https://idp1/metadata</lib:ProviderID>" \ "<saml:NameIdentifier xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" "\ "NameQualifier=\"https://idp1/metadata\" "\ "Format=\"urn:liberty:iff:nameid:federated\">_AF452F97C9E1590DDEB91D5BA6AA48ED"\ "</saml:NameIdentifier>"\ "</lib:LogoutRequest>"; char *dump; node = lasso_node_new_from_dump(msg); fail_unless(node != NULL, "new_from_dump failed"); dump = lasso_node_dump(node); fail_unless(dump != NULL, "node_dump failed"); g_object_unref(node); g_free(dump); }
END_TEST START_TEST(test02_server_add_provider) { LassoServer *server; char *dump; server = lasso_server_new( TESTSDATADIR "/idp1-la/metadata.xml", TESTSDATADIR "/idp1-la/private-key-raw.pem", NULL, /* Secret key to unlock private key */ TESTSDATADIR "/idp1-la/certificate.pem"); fail_unless(LASSO_IS_SERVER(server)); fail_unless(server->private_key != NULL); fail_unless(! server->private_key_password); fail_unless(server->certificate != NULL); fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1); fail_unless(server->providers != NULL); lasso_server_add_provider( server, LASSO_PROVIDER_ROLE_SP, TESTSDATADIR "/sp1-la/metadata.xml", TESTSDATADIR "/sp1-la/public-key.pem", TESTSDATADIR "/ca1-la/certificate.pem"); fail_unless(g_hash_table_size(server->providers) == 1); dump = lasso_node_dump(LASSO_NODE(server)); g_object_unref(server); lasso_release_string(dump); }
END_TEST START_TEST(test05_xsi_type) { /* check lib:AuthnContext element is not converted to * saml:AuthnContext xsi:type="lib:AuthnContextType" and * lib:AuthenticationStatement is converted to * saml:AuthenticationStatement * xsi:type="lib:AuthenticationStatementType" */ LassoSamlAssertion *assertion; LassoLibAuthenticationStatement *stmt; LassoSamlNameIdentifier *name_identifier; char *dump; name_identifier = lasso_saml_name_identifier_new(); assertion = LASSO_SAML_ASSERTION(lasso_lib_assertion_new_full("", "", "", "", "")); assertion->AuthenticationStatement = LASSO_SAML_AUTHENTICATION_STATEMENT( lasso_lib_authentication_statement_new_full( "toto", "toto", "toto", NULL, name_identifier)); g_object_unref(name_identifier); stmt = LASSO_LIB_AUTHENTICATION_STATEMENT(assertion->AuthenticationStatement); stmt->AuthnContext = LASSO_LIB_AUTHN_CONTEXT(lasso_lib_authn_context_new()); stmt->AuthnContext->AuthnContextClassRef = g_strdup("urn:toto"); dump = lasso_node_dump(LASSO_NODE(assertion)); fail_unless(strstr(dump, "xsi:type=\"lib:AuthnContextType\"") == NULL, "AuthnContext got a xsi:type"); g_free(dump); dump = lasso_node_dump(LASSO_NODE(assertion)); fail_unless(strstr(dump, "xsi:type=\"lib:AuthenticationStatementType\"") != NULL, "AuthenticationStatement didn't get a xsi:type"); g_free(dump); g_object_unref(assertion); }
END_TEST START_TEST(test01_server_new) { LassoServer *server; LassoProvider *provider; char *dump; char *content = NULL; size_t len; server = lasso_server_new( TESTSDATADIR "/idp1-la/metadata.xml", TESTSDATADIR "/idp1-la/private-key-raw.pem", NULL, /* Secret key to unlock private key */ TESTSDATADIR "/idp1-la/certificate.pem"); fail_unless(LASSO_IS_SERVER(server)); provider = LASSO_PROVIDER(server); fail_unless(server->private_key != NULL); fail_unless(server->private_key_password == NULL); fail_unless(server->certificate != NULL); fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1); fail_unless(provider->ProviderID != NULL); fail_unless(provider->role == 0); fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL)); fail_unless(strcmp(provider->metadata_filename, content) == 0); g_free(content); fail_unless(provider->public_key == NULL); fail_unless(provider->ca_cert_chain == NULL); dump = lasso_node_dump(LASSO_NODE(server)); fail_unless(dump != NULL); g_object_unref(server); server = lasso_server_new_from_dump(dump); fail_unless(LASSO_IS_SERVER(server)); provider = LASSO_PROVIDER(server); fail_unless(server->private_key != NULL); fail_unless(server->private_key_password == NULL); fail_unless(server->certificate != NULL); fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1); fail_unless(server->providers != NULL); fail_unless(provider->ProviderID != NULL); fail_unless(provider->role == 0, "provider->role != 0 => provider := %d", provider->role); fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL)); fail_unless(strcmp(provider->metadata_filename, content) == 0); fail_unless(provider->public_key == NULL); fail_unless(provider->ca_cert_chain == NULL); g_object_unref(server); lasso_release_string(dump); lasso_release_string(content); }
END_TEST START_TEST(test02_provider_new_from_dump) { LassoProvider *provider1, *provider2; char *dump; provider1 = lasso_provider_new(LASSO_PROVIDER_ROLE_SP, TESTSDATADIR "/sp1-la/metadata.xml", TESTSDATADIR "/sp1-la/public-key.pem", TESTSDATADIR "/ca1-la/certificate.pem"); fail_unless(LASSO_IS_PROVIDER(provider1)); dump = lasso_node_dump(LASSO_NODE(provider1)); fail_unless(dump != NULL); provider2 = lasso_provider_new_from_dump(dump); fail_unless(LASSO_IS_PROVIDER(provider2)); lasso_release_string(dump); dump = lasso_node_dump(LASSO_NODE(provider2)); fail_unless(dump != NULL); g_object_unref(provider1); g_object_unref(provider2); lasso_release_string(dump); }
END_TEST START_TEST(test02_serviceProviderLogin) { char *serviceProviderContextDump, *identityProviderContextDump; LassoServer *spContext, *idpContext; LassoLogin *spLoginContext, *idpLoginContext; LassoLibAuthnRequest *request; int rc = 0; char *relayState; char *authnRequestUrl, *authnRequestQuery; char *responseUrl, *responseQuery; char *idpIdentityContextDump, *idpSessionContextDump; char *serviceProviderId, *soapRequestMsg, *soapResponseMsg; char *spIdentityContextDump; char *spSessionDump; char *spLoginDump; int requestType; char *found; serviceProviderContextDump = generateServiceProviderContextDump(); spContext = lasso_server_new_from_dump(serviceProviderContextDump); spLoginContext = lasso_login_new(spContext); fail_unless(spLoginContext != NULL, "lasso_login_new() shouldn't have returned NULL"); rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata", LASSO_HTTP_METHOD_REDIRECT); fail_unless(rc == 0, "lasso_login_init_authn_request failed"); request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request); fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request"); request->IsPassive = 0; request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED); request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED); relayState = "fake[]"; request->RelayState = g_strdup(relayState); rc = lasso_login_build_authn_request_msg(spLoginContext); fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed"); authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url; fail_unless(authnRequestUrl != NULL, "authnRequestUrl shouldn't be NULL"); authnRequestQuery = strchr(authnRequestUrl, '?')+1; fail_unless(strlen(authnRequestQuery) > 0, "authnRequestQuery shouldn't be an empty string"); spLoginDump = lasso_node_dump(LASSO_NODE(spLoginContext)); fail_unless(strstr(authnRequestQuery, "RelayState") != NULL, "authnRequestQuery should contain a RelayState parameter"); fail_unless(strstr(authnRequestQuery, "fake%5B%5D") != NULL, "authnRequestQuery RelayState parameter should be encoded"); /* Identity provider singleSignOn, for a user having no federation. */ identityProviderContextDump = generateIdentityProviderContextDump(); idpContext = lasso_server_new_from_dump(identityProviderContextDump); idpLoginContext = lasso_login_new(idpContext); fail_unless(idpLoginContext != NULL, "lasso_login_new() shouldn't have returned NULL"); rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery); fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed"); fail_unless(lasso_login_must_authenticate(idpLoginContext), "lasso_login_must_authenticate() should be TRUE"); fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART, "protocoleProfile should be ProfileBrwsArt"); fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext), "lasso_login_must_ask_for_consent() should be FALSE"); fail_unless(idpLoginContext->parent.msg_relayState != NULL, "lasso_login_process_authn_request_msg should restore the RelayState parameter"); fail_unless(lasso_strisequal(idpLoginContext->parent.msg_relayState,relayState), "lasso_login_process_authn_request_msg should restore the same RelayState thant sent in the request"); rc = lasso_login_validate_request_msg(idpLoginContext, 1, /* authentication_result */ 0 /* is_consent_obtained */ ); rc = lasso_login_build_assertion(idpLoginContext, LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD, "FIXME: authenticationInstant", "FIXME: reauthenticateOnOrAfter", "FIXME: notBefore", "FIXME: notOnOrAfter"); rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT); fail_unless(rc == 0, "lasso_login_build_artifact_msg failed"); idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity); fail_unless(idpIdentityContextDump != NULL, "lasso_identity_dump shouldn't return NULL"); idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session); fail_unless(idpSessionContextDump != NULL, "lasso_session_dump shouldn't return NULL"); responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url; fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL"); responseQuery = strchr(responseUrl, '?')+1; fail_unless(strlen(responseQuery) > 0, "responseQuery shouldn't be an empty string"); fail_unless(strstr(responseQuery, "RelayState") != NULL, "responseQuery should contain a RelayState parameter"); fail_unless(strstr(responseQuery, "fake%5B%5D") != NULL, "responseQuery RelayState parameter should be encoded"); serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID); fail_unless(serviceProviderId != NULL, "lasso_profile_get_remote_providerID shouldn't return NULL"); /* Service provider assertion consumer */ lasso_server_destroy(spContext); lasso_login_destroy(spLoginContext); spContext = lasso_server_new_from_dump(serviceProviderContextDump); spLoginContext = lasso_login_new_from_dump(spContext, spLoginDump); rc = lasso_login_init_request(spLoginContext, responseQuery, LASSO_HTTP_METHOD_REDIRECT); fail_unless(spLoginContext->parent.msg_relayState != NULL, "lasso_login_init_request should restore the RelayState parameter"); fail_unless(lasso_strisequal(spLoginContext->parent.msg_relayState,relayState), "lasso_login_init_request should restore the same RelayState thant sent in the request"); fail_unless(rc == 0, "lasso_login_init_request failed"); rc = lasso_login_build_request_msg(spLoginContext); fail_unless(rc == 0, "lasso_login_build_request_msg failed"); soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body; fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL"); /* Identity provider SOAP endpoint */ lasso_server_destroy(idpContext); lasso_login_destroy(idpLoginContext); requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg); fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN, "requestType should be LASSO_REQUEST_TYPE_LOGIN"); idpContext = lasso_server_new_from_dump(identityProviderContextDump); idpLoginContext = lasso_login_new(idpContext); rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg); fail_unless(rc == 0, "lasso_login_process_request_msg failed"); rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext), idpSessionContextDump); fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed"); rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId); fail_unless(rc == 0, "lasso_login_build_response_msg failed"); soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body; fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL"); /* Service provider assertion consumer (step 2: process SOAP response) */ rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg); fail_unless(rc == 0, "lasso_login_process_response_msg failed"); rc = lasso_login_accept_sso(spLoginContext); fail_unless(rc == 0, "lasso_login_accept_sso failed"); fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL, "spLoginContext has no identity"); spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity); fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed"); spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session); /* Test InResponseTo checking */ found = strstr(soapResponseMsg, "Assertion"); fail_unless(found != NULL, "We must find an Assertion"); found = strstr(found, "InResponseTo=\""); fail_unless(found != NULL, "We must find an InResponseTo attribute"); found[sizeof("InResponseTo=\"")] = '?'; lasso_set_flag("no-verify-signature"); rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg); lasso_set_flag("verify-signature"); fail_unless(rc != 0, "lasso_login_process_response_msg must fail"); rc = lasso_login_accept_sso(spLoginContext); fail_unless(rc == 0, "lasso_login_accept_sso must fail"); g_free(spLoginDump); g_free(serviceProviderId); g_free(serviceProviderContextDump); g_free(identityProviderContextDump); g_free(idpSessionContextDump); g_free(idpIdentityContextDump); g_free(spIdentityContextDump); g_free(spSessionDump); g_object_unref(spContext); g_object_unref(idpContext); g_object_unref(spLoginContext); g_object_unref(idpLoginContext); }
/** * lasso_identity_dump: * @identity: a #LassoIdentity * * Dumps @identity content to an XML string. * * Return value:(transfer full): the dump string. It must be freed by the caller. **/ gchar* lasso_identity_dump(LassoIdentity *identity) { return lasso_node_dump(LASSO_NODE(identity)); }
/** * lasso_server_dump: * @server: a #LassoServer * * Dumps @server content to an XML string. * * Return value:(transfer full): the dump string. It must be freed by the caller. **/ gchar* lasso_server_dump(LassoServer *server) { return lasso_node_dump(LASSO_NODE(server)); }