END_TEST START_TEST(test03_server_new_from_dump) { LassoServer *server1, *server2; char *dump; server1 = lasso_server_new( TESTSDATADIR "/idp1-la/metadata.xml", TESTSDATADIR "/idp1-la/private-key-raw.pem", NULL, /* Secret key to unlock private key */ TESTSDATADIR "/idp1-la/certificate.pem"); lasso_server_add_provider( server1, LASSO_PROVIDER_ROLE_SP, TESTSDATADIR "/sp1-la/metadata.xml", TESTSDATADIR "/sp1-la/public-key.pem", TESTSDATADIR "/ca1-la/certificate.pem"); dump = lasso_node_dump(LASSO_NODE(server1)); server2 = lasso_server_new_from_dump(dump); g_free(dump); dump = lasso_node_dump(LASSO_NODE(server2)); g_object_unref(server1); g_object_unref(server2); g_free(dump); }
END_TEST START_TEST(test01_server_new) { LassoServer *server; LassoProvider *provider; char *dump; char *content = NULL; size_t len; server = lasso_server_new( TESTSDATADIR "/idp1-la/metadata.xml", TESTSDATADIR "/idp1-la/private-key-raw.pem", NULL, /* Secret key to unlock private key */ TESTSDATADIR "/idp1-la/certificate.pem"); fail_unless(LASSO_IS_SERVER(server)); provider = LASSO_PROVIDER(server); fail_unless(server->private_key != NULL); fail_unless(server->private_key_password == NULL); fail_unless(server->certificate != NULL); fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1); fail_unless(provider->ProviderID != NULL); fail_unless(provider->role == 0); fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL)); fail_unless(strcmp(provider->metadata_filename, content) == 0); g_free(content); fail_unless(provider->public_key == NULL); fail_unless(provider->ca_cert_chain == NULL); dump = lasso_node_dump(LASSO_NODE(server)); fail_unless(dump != NULL); g_object_unref(server); server = lasso_server_new_from_dump(dump); fail_unless(LASSO_IS_SERVER(server)); provider = LASSO_PROVIDER(server); fail_unless(server->private_key != NULL); fail_unless(server->private_key_password == NULL); fail_unless(server->certificate != NULL); fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1); fail_unless(server->providers != NULL); fail_unless(provider->ProviderID != NULL); fail_unless(provider->role == 0, "provider->role != 0 => provider := %d", provider->role); fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL)); fail_unless(strcmp(provider->metadata_filename, content) == 0); fail_unless(provider->public_key == NULL); fail_unless(provider->ca_cert_chain == NULL); g_object_unref(server); lasso_release_string(dump); lasso_release_string(content); }
END_TEST START_TEST(test03_serviceProviderLogin) { char *serviceProviderContextDump, *identityProviderContextDump; LassoServer *spContext, *idpContext; LassoLogin *spLoginContext, *idpLoginContext; LassoLibAuthnRequest *request; int rc = 0; char *relayState; char *authnRequestUrl, *authnRequestQuery; char *responseUrl, *responseQuery; char *idpIdentityContextDump, *idpSessionContextDump; char *serviceProviderId, *soapRequestMsg, *soapResponseMsg; char *spIdentityContextDump; char *spSessionDump; int requestType; serviceProviderContextDump = generateServiceProviderContextDump(); spContext = lasso_server_new_from_dump(serviceProviderContextDump); spLoginContext = lasso_login_new(spContext); fail_unless(spLoginContext != NULL, "lasso_login_new() shouldn't have returned NULL"); rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata", LASSO_HTTP_METHOD_REDIRECT); fail_unless(rc == 0, "lasso_login_init_authn_request failed"); request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request); fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request"); request->IsPassive = 0; request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED); request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED); relayState = "fake"; request->RelayState = g_strdup(relayState); rc = lasso_login_build_authn_request_msg(spLoginContext); fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed"); authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url; fail_unless(authnRequestUrl != NULL, "authnRequestUrl shouldn't be NULL"); authnRequestQuery = strchr(authnRequestUrl, '?')+1; fail_unless(strlen(authnRequestQuery) > 0, "authnRequestRequest shouldn't be an empty string"); /* Identity provider singleSignOn, for a user having no federation. */ identityProviderContextDump = generateIdentityProviderContextDumpMemory(); idpContext = lasso_server_new_from_dump(identityProviderContextDump); idpLoginContext = lasso_login_new(idpContext); fail_unless(idpLoginContext != NULL, "lasso_login_new() shouldn't have returned NULL"); rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery); fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed"); fail_unless(lasso_login_must_authenticate(idpLoginContext), "lasso_login_must_authenticate() should be TRUE"); fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART, "protocoleProfile should be ProfileBrwsArt"); fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext), "lasso_login_must_ask_for_consent() should be FALSE"); rc = lasso_login_validate_request_msg(idpLoginContext, 1, /* authentication_result */ 0 /* is_consent_obtained */ ); rc = lasso_login_build_assertion(idpLoginContext, LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD, "FIXME: authenticationInstant", "FIXME: reauthenticateOnOrAfter", "FIXME: notBefore", "FIXME: notOnOrAfter"); rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT); fail_unless(rc == 0, "lasso_login_build_artifact_msg failed"); idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity); fail_unless(idpIdentityContextDump != NULL, "lasso_identity_dump shouldn't return NULL"); idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session); fail_unless(idpSessionContextDump != NULL, "lasso_session_dump shouldn't return NULL"); responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url; fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL"); responseQuery = strchr(responseUrl, '?')+1; fail_unless(strlen(responseQuery) > 0, "responseQuery shouldn't be an empty string"); serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID); fail_unless(serviceProviderId != NULL, "lasso_profile_get_remote_providerID shouldn't return NULL"); /* Service provider assertion consumer */ lasso_server_destroy(spContext); lasso_login_destroy(spLoginContext); spContext = lasso_server_new_from_dump(serviceProviderContextDump); spLoginContext = lasso_login_new(spContext); rc = lasso_login_init_request(spLoginContext, responseQuery, LASSO_HTTP_METHOD_REDIRECT); fail_unless(rc == 0, "lasso_login_init_request failed"); rc = lasso_login_build_request_msg(spLoginContext); fail_unless(rc == 0, "lasso_login_build_request_msg failed"); soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body; fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL"); /* Identity provider SOAP endpoint */ lasso_server_destroy(idpContext); lasso_login_destroy(idpLoginContext); requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg); fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN, "requestType should be LASSO_REQUEST_TYPE_LOGIN"); idpContext = lasso_server_new_from_dump(identityProviderContextDump); idpLoginContext = lasso_login_new(idpContext); rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg); fail_unless(rc == 0, "lasso_login_process_request_msg failed"); rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext), idpSessionContextDump); fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed"); rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId); fail_unless(rc == 0, "lasso_login_build_response_msg failed"); soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body; fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL"); /* Service provider assertion consumer (step 2: process SOAP response) */ rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg); fail_unless(rc == 0, "lasso_login_process_response_msg failed"); rc = lasso_login_accept_sso(spLoginContext); fail_unless(rc == 0, "lasso_login_accept_sso failed"); fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL, "spLoginContext has no identity"); spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity); fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed"); spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session); g_free(serviceProviderId); g_free(serviceProviderContextDump); g_free(identityProviderContextDump); g_free(idpSessionContextDump); g_free(idpIdentityContextDump); g_free(spIdentityContextDump); g_free(spSessionDump); g_object_unref(spContext); g_object_unref(idpContext); g_object_unref(spLoginContext); g_object_unref(idpLoginContext); }