From 3fb162362f8ec043724d182682a060fea611622a Mon Sep 17 00:00:00 2001 From: Emmanuel Raviart Date: Wed, 26 Jan 2005 00:38:00 +0000 Subject: [PATCH] Updated Java LoginTest and test metadata. --- java/tests/LoginTest.java | 276 +++++++++++++++++--------------- tests/data/idp1-la/metadata.xml | 17 ++ tests/data/idp2-la/metadata.xml | 18 ++- tests/data/sp1-la/metadata.xml | 17 ++ tests/data/sp2-la/metadata.xml | 15 ++ tests/data/sp3-la/metadata.xml | 15 ++ 6 files changed, 227 insertions(+), 131 deletions(-) diff --git a/java/tests/LoginTest.java b/java/tests/LoginTest.java index f1969ead..a346570a 100644 --- a/java/tests/LoginTest.java +++ b/java/tests/LoginTest.java @@ -41,175 +41,191 @@ import com.entrouvert.lasso.*; public class LoginTest extends TestCase { - public String generateIdentityProviderContextDump() { - LassoServer serverContext = new LassoServer( - "../../tests/data/idp1-la/metadata.xml'", - NULL, //"../../tests/data/idp1-la/public-key.pem", + public String generateIdentityProviderDump() { + Server server = new Server( + "../../tests/data/idp1-la/metadata.xml", "../../tests/data/idp1-la/private-key-raw.pem", - "../../tests/data/idp1-la/certificate.pem", - Lasso.SIGNATURE_METHOD_RSA_SHA1); - serverContext.addProvider( + null, + "../../tests/data/idp1-la/certificate.pem"); + server.addProvider( + lasso.PROVIDER_ROLE_SP, "../../tests/data/sp1-la/metadata.xml", "../../tests/data/sp1-la/public-key.pem", "../../tests/data/ca1-la/certificate.pem"); - String serverContextDump = serverContext.dump(); - return serverContextDump; + String serverDump = server.dump(); + return serverDump; } - public String generateServiceProviderContextDump() { - LassoServer serverContext = new LassoServer( - "../../tests/data/sp1-la/metadata.xml'", - NULL, //"../../tests/data/sp1-la/public-key.pem", + public String generateServiceProviderDump() { + Server server = new Server( + "../../tests/data/sp1-la/metadata.xml", "../../tests/data/sp1-la/private-key-raw.pem", - "../../tests/data/sp1-la/certificate.pem", - Lasso.SIGNATURE_METHOD_RSA_SHA1); - serverContext.addProvider( + null, + "../../tests/data/sp1-la/certificate.pem"); + server.addProvider( + lasso.PROVIDER_ROLE_IDP, "../../tests/data/idp1-la/metadata.xml", "../../tests/data/idp1-la/public-key.pem", "../../tests/data/ca1-la/certificate.pem"); - String serverContextDump = serverContext.dump(); - return serverContextDump; + String serverDump = server.dump(); + return serverDump; } - public void test01_generateServersContextDumps() { - String identityProviderContextDump = generateIdentityProviderContextDump(); - assertNotNull(identityProviderContextDump); - String serviceProviderContextDump = generateServiceProviderContextDump(); - assertNotNull(serviceProviderContextDump); + public void test01_generateServersDumps() { + String identityProviderDump = generateIdentityProviderDump(); + assertNotNull(identityProviderDump); + String serviceProviderDump = generateServiceProviderDump(); + assertNotNull(serviceProviderDump); } public void test02_serviceProviderLogin() { - boolean userAuthenticated; + boolean userAuthenticated, userConsentObtained; int method, requestType; - LassoAuthnRequest authnRequest; - LassoIdentity idpIdentityContext, spIdentityContext; - LassoLogin idpLoginContext, spLoginContext; - LassoLogout idpLogoutContext, spLogoutContext; - LassoResponse response; - LassoServer idpContext, spContext; - LassoSession idpSessionContext, spSessionContext; - String artifact, authenticationMethod, authnRequestQuery, authnRequestUrl, idpContextDump, - idpIdentityContextDump, idpSessionContextDump, nameIdentifier, relayState, + LibAuthnRequest authnRequest; + Identity idpIdentity, spIdentity; + Login idpLogin, spLogin; + Logout idpLogout, spLogout; + Server idp, sp; + Session idpSession, spSession; + String artifact, authenticationMethod, authnRequestQuery, authnRequestUrl, idpDump, + idpIdentityDump, idpRemoteProviderId, idpSessionDump, nameIdentifier, relayState, responseQuery, responseUrl, soapEndpoint, soapResponseMsg, soapRequestMsg, - spContextDump, spIdentityContextDump, spSessionContextDump; + spDump, spIdentityDump, spSessionDump; // Service provider login using HTTP redirect. - spContextDump = generateServiceProviderContextDump(); - assertNotNull(spContextDump); - spContext = new LassoServer(spContextDump); - spLoginContext = new LassoLogin(spContext); - assertEquals(0, spLoginContext.initAuthnRequest( - "https://identity-provider:1998/liberty-alliance/metadata")); - assertEquals(Lasso.MESSAGE_TYPE_AUTHN_REQUEST, spLoginContext.getRequestType()); - authnRequest = (LassoAuthnRequest) spLoginContext.getRequest(); - authnRequest.setPassive(false); - authnRequest.setNameIdPolicy(Lasso.LIB_NAMEID_POLICY_TYPE_FEDERATED); - authnRequest.setConsent(Lasso.LIB_CONSENT_OBTAINED); + spDump = generateServiceProviderDump(); + assertNotNull(spDump); + sp = Server.newFromDump(spDump); + spLogin = new Login(sp); + spLogin.initAuthnRequest("https://idp1/metadata", lasso.HTTP_METHOD_REDIRECT); + authnRequest = (LibAuthnRequest) spLogin.getRequest(); + authnRequest.setIsPassive(false); + authnRequest.setNameIdPolicy(lasso.LIB_NAMEID_POLICY_TYPE_FEDERATED); + authnRequest.setConsent(lasso.LIB_CONSENT_OBTAINED); relayState = "fake"; authnRequest.setRelayState(relayState); - assertEquals(0, spLoginContext.buildAuthnRequestMsg()); - authnRequestUrl = spLoginContext.getMsgUrl(); + spLogin.buildAuthnRequestMsg(); + authnRequestUrl = spLogin.getMsgUrl(); authnRequestQuery = authnRequestUrl.substring(authnRequestUrl.indexOf("?") + 1); - method = Lasso.HTTP_METHOD_REDIRECT; // Identity provider singleSignOn, for a user having no federation. - idpContextDump = generateIdentityProviderContextDump(); - assertNotNull(idpContextDump); - idpContext = new LassoServer(idpContextDump); - idpLoginContext = new LassoLogin(idpContext); - assertEquals(0, idpLoginContext.initFromAuthnRequestMsg(authnRequestQuery, method)); - assertTrue(idpLoginContext.mustAuthenticate()); + idpDump = generateIdentityProviderDump(); + assertNotNull(idpDump); + idp = Server.newFromDump(idpDump); + idpLogin = new Login(idp); + idpLogin.processAuthnRequestMsg(authnRequestQuery); + assertTrue(idpLogin.mustAuthenticate()); + assertFalse(idpLogin.mustAskForConsent()); userAuthenticated = true; - authenticationMethod = Lasso.SAML_AUTHENTICATION_METHOD_PASSWORD; - assertEquals(Lasso.LOGIN_PROTOCOL_PROFILE_BRWS_ART, idpLoginContext.getProtocolProfile()); - assertEquals(0, idpLoginContext.buildArtifactMsg( - userAuthenticated, authenticationMethod, "FIXME: reauthenticateOnOrAfter", - Lasso.HTTP_METHOD_REDIRECT)); - idpIdentityContextDump = idpLoginContext.getIdentity().dump(); - assertNotNull(idpIdentityContextDump); - idpSessionContextDump = idpLoginContext.getSession().dump(); - assertNotNull(idpSessionContextDump); - responseUrl = idpLoginContext.getMsgUrl(); + userConsentObtained = false; + idpLogin.validateRequestMsg(userAuthenticated, userConsentObtained); + authenticationMethod = lasso.SAML_AUTHENTICATION_METHOD_PASSWORD; + idpLogin.buildAssertion( + authenticationMethod, + null, // authenticationInstant + null, // reauthenticateOnOrAfter + null, // notBefore + null);// notOnOrAfter + assertEquals(lasso.LOGIN_PROTOCOL_PROFILE_BRWS_ART, idpLogin.getProtocolProfile()); + idpLogin.buildArtifactMsg(lasso.HTTP_METHOD_REDIRECT); + idpIdentityDump = idpLogin.getIdentity().dump(); + assertNotNull(idpIdentityDump); + idpSessionDump = idpLogin.getSession().dump(); + assertNotNull(idpSessionDump); + responseUrl = idpLogin.getMsgUrl(); responseQuery = responseUrl.substring(responseUrl.indexOf("?") + 1); - soapResponseMsg = idpLoginContext.getResponseDump(); - artifact = idpLoginContext.getAssertionArtifact(); - nameIdentifier = idpLoginContext.getNameIdentifier(); - method = Lasso.HTTP_METHOD_REDIRECT; + idpRemoteProviderId = idpLogin.getRemoteProviderId(); + nameIdentifier = idpLogin.getNameIdentifier().getContent(); + artifact = idpLogin.getAssertionArtifact(); + assertNotNull(artifact); + method = lasso.HTTP_METHOD_REDIRECT; // Service provider assertion consumer. - spContextDump = generateServiceProviderContextDump(); - assertNotNull(spContextDump); - spContext = new LassoServer(spContextDump); - spLoginContext = new LassoLogin(spContext); - assertEquals(0, spLoginContext.initRequest(responseQuery, method)); - assertEquals(0, spLoginContext.buildRequestMsg()); - soapEndpoint = spLoginContext.getMsgUrl(); - soapRequestMsg = spLoginContext.getMsgBody(); + spDump = generateServiceProviderDump(); + assertNotNull(spDump); + sp = Server.newFromDump(spDump); + spLogin = new Login(sp); + spLogin.initRequest(responseQuery, method); + spLogin.buildRequestMsg(); + soapEndpoint = spLogin.getMsgUrl(); + soapRequestMsg = spLogin.getMsgBody(); // Identity provider SOAP endpoint. - requestType = Lasso.getRequestTypeFromSoapMsg(soapRequestMsg); - assertEquals(Lasso.REQUEST_TYPE_LOGIN, requestType); + requestType = lasso.getRequestTypeFromSoapMsg(soapRequestMsg); + assertEquals(lasso.REQUEST_TYPE_LOGIN, requestType); + idpDump = generateIdentityProviderDump(); + assertNotNull(idpDump); + idp = Server.newFromDump(idpDump); + idpLogin = new Login(idp); + idpLogin.processRequestMsg(soapRequestMsg); + assertEquals(artifact, idpLogin.getAssertionArtifact()); + assertNotNull(idpSessionDump); + idpLogin.setSessionFromDump(idpSessionDump); + idpLogin.buildResponseMsg(idpRemoteProviderId); + soapResponseMsg = idpLogin.getMsgBody(); + assertNotNull(soapResponseMsg); // Service provider assertion consumer (step 2: process SOAP response). - assertEquals(0, spLoginContext.processResponseMsg(soapResponseMsg)); - assertEquals(nameIdentifier, spLoginContext.getNameIdentifier()); + spLogin.processResponseMsg(soapResponseMsg); + assertEquals(nameIdentifier, spLogin.getNameIdentifier().getContent()); // The user doesn't have any federation yet. - assertEquals(0, spLoginContext.acceptSso()); - spIdentityContext = spLoginContext.getIdentity(); - assertNotNull(spIdentityContext); - spIdentityContextDump = spIdentityContext.dump(); - assertNotNull(spIdentityContextDump); - spSessionContext = spLoginContext.getSession(); - assertNotNull(spSessionContext); - spSessionContextDump = spSessionContext.dump(); - assertNotNull(spSessionContextDump); - authenticationMethod = spSessionContext.getAuthenticationMethod(null); - assertEquals(Lasso.SAML_AUTHENTICATION_METHOD_PASSWORD, authenticationMethod); + spLogin.acceptSso(); + spIdentity = spLogin.getIdentity(); + assertNotNull(spIdentity); + spIdentityDump = spIdentity.dump(); + assertNotNull(spIdentityDump); + spSession = spLogin.getSession(); + assertNotNull(spSession); + spSessionDump = spSession.dump(); + assertNotNull(spSessionDump); + // FIXME: To uncomment. + // authenticationMethod = spSession.getAuthenticationMethod("https://idp1/metadata"); + assertEquals(lasso.SAML_AUTHENTICATION_METHOD_PASSWORD, authenticationMethod); // Service provider logout. - spContextDump = generateServiceProviderContextDump(); - assertNotNull(spContextDump); - spContext = new LassoServer(spContextDump); - assertNotNull(spContext); - spLogoutContext = new LassoLogout(spContext, Lasso.providerTypeSp); - assertNotNull(spIdentityContextDump); - spLogoutContext.setIdentityFromDump(spIdentityContextDump); - assertNotNull(spSessionContextDump); - spLogoutContext.setSessionFromDump(spSessionContextDump); - assertEquals(0, spLogoutContext.initRequest(null)); - assertEquals(0, spLogoutContext.buildRequestMsg()); - soapEndpoint = spLogoutContext.getMsgUrl(); - soapRequestMsg = spLogoutContext.getMsgBody(); + spDump = generateServiceProviderDump(); + assertNotNull(spDump); + sp = Server.newFromDump(spDump); + assertNotNull(sp); + spLogout = new Logout(sp); + assertNotNull(spIdentityDump); + spLogout.setIdentityFromDump(spIdentityDump); + assertNotNull(spSessionDump); + spLogout.setSessionFromDump(spSessionDump); + spLogout.initRequest(null, lasso.HTTP_METHOD_ANY); + spLogout.buildRequestMsg(); + soapEndpoint = spLogout.getMsgUrl(); + soapRequestMsg = spLogout.getMsgBody(); // Identity provider SOAP endpoint. - requestType = Lasso.getRequestTypeFromSoapMsg(soapRequestMsg); - assertEquals(Lasso.REQUEST_TYPE_LOGOUT, requestType); - idpContextDump = generateIdentityProviderContextDump(); - assertNotNull(idpContextDump); - idpContext = new LassoServer(idpContextDump); - assertNotNull(idpContext); - idpLogoutContext = new LassoLogout(idpContext, Lasso.providerTypeIdp); - assertEquals(0, idpLogoutContext.loadRequestMsg(soapRequestMsg, Lasso.HTTP_METHOD_SOAP)); - assertEquals(nameIdentifier, idpLogoutContext.getNameIdentifier()); - assertNotNull(idpIdentityContextDump); - assertEquals(0, idpLogoutContext.setIdentityFromDump(idpIdentityContextDump)); - assertNotNull(idpSessionContextDump); - assertEquals(0, idpLogoutContext.setSessionFromDump(idpSessionContextDump)); - assertEquals(0, idpLogoutContext.processRequest()); - idpIdentityContext = idpLogoutContext.getIdentity(); - assertNotNull(idpIdentityContext); - idpIdentityContextDump = idpIdentityContext.dump(); - assertNotNull(idpIdentityContextDump); + requestType = lasso.getRequestTypeFromSoapMsg(soapRequestMsg); + assertEquals(lasso.REQUEST_TYPE_LOGOUT, requestType); + idpDump = generateIdentityProviderDump(); + assertNotNull(idpDump); + idp = Server.newFromDump(idpDump); + assertNotNull(idp); + idpLogout = new Logout(idp); + idpLogout.processRequestMsg(soapRequestMsg); + assertEquals(nameIdentifier, idpLogout.getNameIdentifier().getContent()); + assertNotNull(idpIdentityDump); + idpLogout.setIdentityFromDump(idpIdentityDump); + assertNotNull(idpSessionDump); + idpLogout.setSessionFromDump(idpSessionDump); + idpLogout.validateRequest(); + idpIdentity = idpLogout.getIdentity(); + assertNotNull(idpIdentity); + idpIdentityDump = idpIdentity.dump(); + assertNotNull(idpIdentityDump); // There is no other service provider from which the user must be logged out. - assertEquals(null, idpLogoutContext.getNextProviderId()); - assertEquals(0, idpLogoutContext.buildResponseMsg()); - soapResponseMsg = idpLogoutContext.getMsgBody(); + assertEquals(null, idpLogout.getNextProviderId()); + idpLogout.buildResponseMsg(); + soapResponseMsg = idpLogout.getMsgBody(); // Service provider logout (step 2: process SOAP response). - assertEquals(0, spLogoutContext.processResponseMsg(soapResponseMsg, Lasso.HTTP_METHOD_SOAP)); - spIdentityContextDump = spLogoutContext.getIdentity().dump(); - assertNotNull(spIdentityContextDump); + spLogout.processResponseMsg(soapResponseMsg); + spIdentityDump = spLogout.getIdentity().dump(); + assertNotNull(spIdentityDump); } public static Test suite() { @@ -218,8 +234,8 @@ public class LoginTest extends TestCase { public static void main(String args[]) { System.out.println(System.mapLibraryName("jlasso")); - Lasso.init(); + lasso.init(); junit.textui.TestRunner.run(suite()); - Lasso.shutdown(); + lasso.shutdown(); } } diff --git a/tests/data/idp1-la/metadata.xml b/tests/data/idp1-la/metadata.xml index e90eff17..cace78c5 100644 --- a/tests/data/idp1-la/metadata.xml +++ b/tests/data/idp1-la/metadata.xml @@ -9,11 +9,28 @@ http://projectliberty.org/profiles/brws-post https://idp1:1998/singleLogout + https://idp1:1998/singleLogoutReturn http://projectliberty.org/profiles/slo-idp-soap + http://projectliberty.org/profiles/slo-idp-http + http://projectliberty.org/profiles/slo-sp-soap + http://projectliberty.org/profiles/slo-sp-http + + https://idp1:1998/federationTermination + https://idp1:1998/federationTerminationReturn + http://projectliberty.org/profiles/fedterm-idp-soap + http://projectliberty.org/profiles/fedterm-idp-http + http://projectliberty.org/profiles/fedterm-sp-soap + http://projectliberty.org/profiles/fedterm-sp-http https://idp1:1998/registerNameIdentifier + https://idp1:1998/registerNameIdentifierReturn + http://projectliberty.org/profiles/rni-idp-soap + http://projectliberty.org/profiles/rni-idp-http + http://projectliberty.org/profiles/rni-sp-soap http://projectliberty.org/profiles/rni-sp-http + http://projectliberty.org/profiles/nim-sp-http + https://idp1:1998/soapEndpoint diff --git a/tests/data/idp2-la/metadata.xml b/tests/data/idp2-la/metadata.xml index 24a744ca..6013ef8d 100644 --- a/tests/data/idp2-la/metadata.xml +++ b/tests/data/idp2-la/metadata.xml @@ -5,12 +5,28 @@ https://idp2:2000/singleSignOn - http://projectliberty.org/profiles/sso-get + http://projectliberty.org/profiles/brws-art + http://projectliberty.org/profiles/brws-post https://idp2:2000/singleLogout + https://idp2:2000/singleLogoutReturn http://projectliberty.org/profiles/slo-idp-soap + http://projectliberty.org/profiles/slo-idp-http + http://projectliberty.org/profiles/slo-sp-soap + http://projectliberty.org/profiles/slo-sp-http + + https://idp2:2000/federationTermination + https://idp2:2000/federationTerminationReturn + http://projectliberty.org/profiles/fedterm-idp-soap + http://projectliberty.org/profiles/fedterm-idp-http + http://projectliberty.org/profiles/fedterm-sp-soap + http://projectliberty.org/profiles/fedterm-sp-http https://idp2:2000/registerNameIdentifier + https://idp2:2000/registerNameIdentifierReturn + http://projectliberty.org/profiles/rni-idp-soap + http://projectliberty.org/profiles/rni-idp-http + http://projectliberty.org/profiles/rni-sp-soap http://projectliberty.org/profiles/rni-sp-http https://idp2:2000/soapEndpoint diff --git a/tests/data/sp1-la/metadata.xml b/tests/data/sp1-la/metadata.xml index ec28fa48..df9cdf7e 100644 --- a/tests/data/sp1-la/metadata.xml +++ b/tests/data/sp1-la/metadata.xml @@ -7,10 +7,27 @@ https://sp1:2006/assertionConsumer https://sp1:2006/singleLogout + https://sp1:2006/singleLogoutReturn http://projectliberty.org/profiles/slo-idp-soap + http://projectliberty.org/profiles/slo-idp-http + http://projectliberty.org/profiles/slo-sp-soap + http://projectliberty.org/profiles/slo-sp-http + + https://sp1:2006/federationTermination + https://sp1:2006/federationTerminationReturn + http://projectliberty.org/profiles/fedterm-idp-soap + http://projectliberty.org/profiles/fedterm-idp-http + http://projectliberty.org/profiles/fedterm-sp-soap + http://projectliberty.org/profiles/fedterm-sp-http https://sp1:2006/registerNameIdentifier + https://sp1:2006/registerNameIdentifierReturn + http://projectliberty.org/profiles/rni-idp-soap + http://projectliberty.org/profiles/rni-idp-http http://projectliberty.org/profiles/rni-sp-soap + http://projectliberty.org/profiles/rni-sp-http + + http://projectliberty.org/profiles/nim-sp-http https://sp1:2006/soapEndpoint diff --git a/tests/data/sp2-la/metadata.xml b/tests/data/sp2-la/metadata.xml index 414799cb..a1342a43 100644 --- a/tests/data/sp2-la/metadata.xml +++ b/tests/data/sp2-la/metadata.xml @@ -7,10 +7,25 @@ https://sp2:2008/assertionConsumer https://sp2:2008/singleLogout + https://sp2:2008/singleLogoutReturn http://projectliberty.org/profiles/slo-idp-soap + http://projectliberty.org/profiles/slo-idp-http + http://projectliberty.org/profiles/slo-sp-soap + http://projectliberty.org/profiles/slo-sp-http + + https://sp2:2008/federationTermination + https://sp2:2008/federationTerminationReturn + http://projectliberty.org/profiles/fedterm-idp-soap + http://projectliberty.org/profiles/fedterm-idp-http + http://projectliberty.org/profiles/fedterm-sp-soap + http://projectliberty.org/profiles/fedterm-sp-http https://sp2:2008/registerNameIdentifier + https://sp2:2008/registerNameIdentifierReturn + http://projectliberty.org/profiles/rni-idp-soap + http://projectliberty.org/profiles/rni-idp-http http://projectliberty.org/profiles/rni-sp-soap + http://projectliberty.org/profiles/rni-sp-http https://sp2:2008/soapEndpoint diff --git a/tests/data/sp3-la/metadata.xml b/tests/data/sp3-la/metadata.xml index 1dcedf46..ef36fa5b 100644 --- a/tests/data/sp3-la/metadata.xml +++ b/tests/data/sp3-la/metadata.xml @@ -7,10 +7,25 @@ https://sp3:2010/assertionConsumer https://sp3:2010/singleLogout + https://sp3:2010/singleLogoutReturn http://projectliberty.org/profiles/slo-idp-soap + http://projectliberty.org/profiles/slo-idp-http + http://projectliberty.org/profiles/slo-sp-soap + http://projectliberty.org/profiles/slo-sp-http + + https://sp3:2010/federationTermination + https://sp3:2010/federationTerminationReturn + http://projectliberty.org/profiles/fedterm-idp-soap + http://projectliberty.org/profiles/fedterm-idp-http + http://projectliberty.org/profiles/fedterm-sp-soap + http://projectliberty.org/profiles/fedterm-sp-http https://sp3:2010/registerNameIdentifier + https://sp3:2010/registerNameIdentifierReturn + http://projectliberty.org/profiles/rni-idp-soap + http://projectliberty.org/profiles/rni-idp-http http://projectliberty.org/profiles/rni-sp-soap + http://projectliberty.org/profiles/rni-sp-http https://sp3:2010/soapEndpoint