Example #1
0
END_TEST

START_TEST(test03_server_new_from_dump)
{
	LassoServer *server1, *server2;
	char *dump;

	server1 = lasso_server_new(
			TESTSDATADIR "/idp1-la/metadata.xml",
			TESTSDATADIR "/idp1-la/private-key-raw.pem",
			NULL, /* Secret key to unlock private key */
			TESTSDATADIR "/idp1-la/certificate.pem");
	lasso_server_add_provider(
			server1,
			LASSO_PROVIDER_ROLE_SP,
			TESTSDATADIR "/sp1-la/metadata.xml",
			TESTSDATADIR "/sp1-la/public-key.pem",
			TESTSDATADIR "/ca1-la/certificate.pem");

	dump = lasso_node_dump(LASSO_NODE(server1));

	server2 = lasso_server_new_from_dump(dump);
	g_free(dump);
	dump = lasso_node_dump(LASSO_NODE(server2));
	g_object_unref(server1);
	g_object_unref(server2);
	g_free(dump);
}
Example #2
0
END_TEST

START_TEST(test01_server_new)
{
	LassoServer *server;
	LassoProvider *provider;
	char *dump;
	char *content = NULL;
	size_t len;

	server = lasso_server_new(
			TESTSDATADIR "/idp1-la/metadata.xml",
			TESTSDATADIR "/idp1-la/private-key-raw.pem",
			NULL, /* Secret key to unlock private key */
			TESTSDATADIR "/idp1-la/certificate.pem");
	fail_unless(LASSO_IS_SERVER(server));
	provider = LASSO_PROVIDER(server);
	fail_unless(server->private_key != NULL);
	fail_unless(server->private_key_password == NULL);
	fail_unless(server->certificate != NULL);
	fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
	fail_unless(provider->ProviderID != NULL);
	fail_unless(provider->role == 0);
	fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL));
	fail_unless(strcmp(provider->metadata_filename, content) == 0);
	g_free(content);
	fail_unless(provider->public_key == NULL);
	fail_unless(provider->ca_cert_chain == NULL);

	dump = lasso_node_dump(LASSO_NODE(server));
	fail_unless(dump != NULL);
	g_object_unref(server);
	server = lasso_server_new_from_dump(dump);
	fail_unless(LASSO_IS_SERVER(server));
	provider = LASSO_PROVIDER(server);
	fail_unless(server->private_key != NULL);
	fail_unless(server->private_key_password == NULL);
	fail_unless(server->certificate != NULL);
	fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
	fail_unless(server->providers != NULL);
	fail_unless(provider->ProviderID != NULL);
	fail_unless(provider->role == 0, "provider->role != 0 => provider :=  %d", provider->role);
	fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL));
	fail_unless(strcmp(provider->metadata_filename, content) == 0);
	fail_unless(provider->public_key == NULL);
	fail_unless(provider->ca_cert_chain == NULL);
	g_object_unref(server);
	lasso_release_string(dump);
	lasso_release_string(content);
}
Example #3
0
END_TEST

START_TEST(test03_serviceProviderLogin)
{
    char *serviceProviderContextDump, *identityProviderContextDump;
    LassoServer *spContext, *idpContext;
    LassoLogin *spLoginContext, *idpLoginContext;
    LassoLibAuthnRequest *request;
    int rc = 0;
    char *relayState;
    char *authnRequestUrl, *authnRequestQuery;
    char *responseUrl, *responseQuery;
    char *idpIdentityContextDump, *idpSessionContextDump;
    char *serviceProviderId, *soapRequestMsg, *soapResponseMsg;
    char *spIdentityContextDump;
    char *spSessionDump;
    int requestType;

    serviceProviderContextDump = generateServiceProviderContextDump();
    spContext = lasso_server_new_from_dump(serviceProviderContextDump);
    spLoginContext = lasso_login_new(spContext);
    fail_unless(spLoginContext != NULL,
                "lasso_login_new() shouldn't have returned NULL");
    rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
                                        LASSO_HTTP_METHOD_REDIRECT);
    fail_unless(rc == 0, "lasso_login_init_authn_request failed");
    request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
    fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
    request->IsPassive = 0;
    request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
    request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
    relayState = "fake";
    request->RelayState = g_strdup(relayState);
    rc = lasso_login_build_authn_request_msg(spLoginContext);
    fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
    authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
    fail_unless(authnRequestUrl != NULL,
                "authnRequestUrl shouldn't be NULL");
    authnRequestQuery = strchr(authnRequestUrl, '?')+1;
    fail_unless(strlen(authnRequestQuery) > 0,
                "authnRequestRequest shouldn't be an empty string");

    /* Identity provider singleSignOn, for a user having no federation. */
    identityProviderContextDump = generateIdentityProviderContextDumpMemory();
    idpContext = lasso_server_new_from_dump(identityProviderContextDump);
    idpLoginContext = lasso_login_new(idpContext);
    fail_unless(idpLoginContext != NULL,
                "lasso_login_new() shouldn't have returned NULL");
    rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
    fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
    fail_unless(lasso_login_must_authenticate(idpLoginContext),
                "lasso_login_must_authenticate() should be TRUE");
    fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART,
                "protocoleProfile should be ProfileBrwsArt");
    fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext),
                "lasso_login_must_ask_for_consent() should be FALSE");
    rc = lasso_login_validate_request_msg(idpLoginContext,
                                          1, /* authentication_result */
                                          0 /* is_consent_obtained */
                                         );

    rc = lasso_login_build_assertion(idpLoginContext,
                                     LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
                                     "FIXME: authenticationInstant",
                                     "FIXME: reauthenticateOnOrAfter",
                                     "FIXME: notBefore",
                                     "FIXME: notOnOrAfter");
    rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
    fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");

    idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
    fail_unless(idpIdentityContextDump != NULL,
                "lasso_identity_dump shouldn't return NULL");
    idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session);
    fail_unless(idpSessionContextDump != NULL,
                "lasso_session_dump shouldn't return NULL");
    responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url;
    fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL");
    responseQuery = strchr(responseUrl, '?')+1;
    fail_unless(strlen(responseQuery) > 0,
                "responseQuery shouldn't be an empty string");
    serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
    fail_unless(serviceProviderId != NULL,
                "lasso_profile_get_remote_providerID shouldn't return NULL");

    /* Service provider assertion consumer */
    lasso_server_destroy(spContext);
    lasso_login_destroy(spLoginContext);

    spContext = lasso_server_new_from_dump(serviceProviderContextDump);
    spLoginContext = lasso_login_new(spContext);
    rc = lasso_login_init_request(spLoginContext,
                                  responseQuery,
                                  LASSO_HTTP_METHOD_REDIRECT);
    fail_unless(rc == 0, "lasso_login_init_request failed");
    rc = lasso_login_build_request_msg(spLoginContext);
    fail_unless(rc == 0, "lasso_login_build_request_msg failed");
    soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
    fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");

    /* Identity provider SOAP endpoint */
    lasso_server_destroy(idpContext);
    lasso_login_destroy(idpLoginContext);
    requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg);
    fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN,
                "requestType should be LASSO_REQUEST_TYPE_LOGIN");

    idpContext = lasso_server_new_from_dump(identityProviderContextDump);
    idpLoginContext = lasso_login_new(idpContext);
    rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
    fail_unless(rc == 0, "lasso_login_process_request_msg failed");

    rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
            idpSessionContextDump);
    fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
    rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId);
    fail_unless(rc == 0, "lasso_login_build_response_msg failed");
    soapResponseMsg =  LASSO_PROFILE(idpLoginContext)->msg_body;
    fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");

    /* Service provider assertion consumer (step 2: process SOAP response) */
    rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
    fail_unless(rc == 0, "lasso_login_process_response_msg failed");
    rc = lasso_login_accept_sso(spLoginContext);
    fail_unless(rc == 0, "lasso_login_accept_sso failed");
    fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
                "spLoginContext has no identity");
    spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
    fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed");
    spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);

    g_free(serviceProviderId);
    g_free(serviceProviderContextDump);
    g_free(identityProviderContextDump);
    g_free(idpSessionContextDump);
    g_free(idpIdentityContextDump);
    g_free(spIdentityContextDump);
    g_free(spSessionDump);
    g_object_unref(spContext);
    g_object_unref(idpContext);
    g_object_unref(spLoginContext);
    g_object_unref(idpLoginContext);
}