[Tests] update perfs to test each phase of WebSSO separately and use SAMLv2

I removed signature at the message level for the response, it should simulate apporiately the artifact binding with SSL transport.
2010-09-29 16:37:28 +02:00 · 2010-09-29 16:37:28 +02:00 · b20552c417
parent 5f7a08acb3
commit b20552c417
1 changed files with 109 additions and 91 deletions
--- a/tests/perfs.c
+++ b/tests/perfs.c
@ -25,131 +25,149 @@
 #include <time.h>

 #include <../lasso/lasso.h>
+#include <../lasso/xml/saml-2.0/samlp2_response.h>
+#include <../lasso/xml/saml-2.0/samlp2_authn_request.h>
+
+#define INDEX "5"
+#define PROTO "saml2"
+#define IDP_METADATA TESTSDATADIR "/idp" INDEX "-" PROTO "/metadata.xml"
+#define IDP_PKEY TESTSDATADIR "/idp" INDEX "-" PROTO "/private-key.pem"
+#define SP_METADATA TESTSDATADIR "/sp" INDEX "-" PROTO "/metadata.xml"
+#define SP_PKEY TESTSDATADIR "/sp" INDEX "-" PROTO "/private-key.pem"

 char* create_authn_response_msg(char *query);

-char*
-create_authn_response_msg(char *query)
+#define check_good_rc(what) \
+	{ \
+		int _rc = (what); \
+		if (_rc != 0) { \
+			printf("Error: %s: %s", #what, lasso_strerror(_rc)); \
+			exit(-1); \
+		} \
+	}
+
+void create_authn_request(LassoLogin *sp_login, LassoLogin *idp_login)
 {
-	LassoServer *server;
-	LassoLogin *login;
-	char *t;
-	int rc = 0;

-	server = lasso_server_new(
-			TESTSDATADIR "/idp1-la/metadata.xml",
-			TESTSDATADIR "/idp1-la/private-key-raw.pem",
-			NULL, /* Secret key to unlock private key */
-			TESTSDATADIR "/idp1-la/certificate.pem");
-	lasso_server_add_provider(
-			server,
-			LASSO_PROVIDER_ROLE_SP,
-			TESTSDATADIR "/sp1-la/metadata.xml",
-			TESTSDATADIR "/sp1-la/public-key.pem",
-			TESTSDATADIR "/ca1-la/certificate.pem");
+	check_good_rc(lasso_login_init_authn_request(sp_login, NULL, LASSO_HTTP_METHOD_REDIRECT));
+	LASSO_SAMLP2_AUTHN_REQUEST(sp_login->parent.request)->ProtocolBinding = g_strdup(LASSO_SAML2_METADATA_BINDING_POST);
+	check_good_rc(lasso_login_build_authn_request_msg(sp_login));
+}

-	login = lasso_login_new(server);
-	rc = lasso_login_process_authn_request_msg(login, strchr(query, '?')+1);
+void
+process_authn_request(LassoLogin *sp_login, LassoLogin *idp_login)
+{
+	check_good_rc(lasso_login_process_authn_request_msg(idp_login, strchr(sp_login->parent.msg_url, '?')+1));

-	rc = lasso_login_validate_request_msg(login, 1, 0);
-	rc = lasso_login_build_assertion(login,
+}
+
+void
+create_authn_response(LassoLogin *sp_login, LassoLogin *idp_login)
+{
+	if (LASSO_SAMLP2_RESPONSE(idp_login->parent.response)->Assertion) {
+		g_object_unref(LASSO_SAMLP2_RESPONSE(idp_login->parent.response)->Assertion->data);
+		g_list_free(LASSO_SAMLP2_RESPONSE(idp_login->parent.response)->Assertion);
+		LASSO_SAMLP2_RESPONSE(idp_login->parent.response)->Assertion = NULL;
+	}
+	check_good_rc(lasso_login_validate_request_msg(idp_login, 1, 0));
+	lasso_login_build_assertion(idp_login,
 			LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
 			"FIXME: authenticationInstant",
 			"FIXME: reauthenticateOnOrAfter",
 			"FIXME: notBefore",
 			"FIXME: notOnOrAfter");
-	rc = lasso_login_build_authn_response_msg(login);
+#if 0 /* activate for simulating simple signature at the assertion level, request/response
+	 production should be at the same speed */
+	lasso_profile_set_signature_hint(&idp_login->parent, LASSO_PROFILE_SIGNATURE_HINT_FORBID);
+#endif
+	check_good_rc(lasso_login_build_authn_response_msg(idp_login));
+}

-	t = g_strdup(LASSO_PROFILE(login)->msg_body);
-	lasso_login_destroy(login);
-	lasso_server_destroy(server);
+void
+process_authn_response(LassoLogin *sp_login, LassoLogin *idp_login)
+{
+#if 0
+		lasso_profile_set_signature_verify_hint(&sp_login->parent, LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE);
+#endif
+		check_good_rc(lasso_login_process_authn_response_msg(sp_login, idp_login->parent.msg_body));
+		if (sp_login->parent.session) {
+			g_object_unref(sp_login->parent.session);
+			sp_login->parent.session = NULL;
+		}
+		check_good_rc(lasso_login_accept_sso(sp_login));
+}

-	return t;
+void timing(int n, char *text, void (*f)(LassoLogin *sp_login, LassoLogin *idp_login), LassoLogin
+		*sp_login, LassoLogin *idp_login)
+{
+	int i;
+	struct timeval start, end;
+	int usec;
+	fprintf(stdout, text, n);
+	gettimeofday(&start, NULL);
+
+	for (i = 0; i < n; i++) {
+		f(sp_login, idp_login);
+	}
+	gettimeofday(&end, NULL);
+	usec = (end.tv_sec*1000000+end.tv_usec)-(start.tv_sec*1000000+start.tv_usec);
+	fprintf(stdout, " total: %.4f seconds (%f request/second) (%.2f ms/request)\n",
+			(double)usec/1000000,
+			(double)n/usec*1000000,
+			(double)usec/1000/n);
 }

 int
 main(int argc, char *argv[])
 {
-	LassoServer *server;
-	LassoLogin *login;
-	LassoLibAuthnRequest *request;
+	LassoServer *sp_server, *idp_server;
+	LassoLogin *sp_login, *idp_login;
 	int i, n;
-	struct timeval start, end;
-	int usec;
 	char *authn_response_msg;

 	lasso_init();

-	server = lasso_server_new(
-			TESTSDATADIR "/sp1-la/metadata.xml",
-			TESTSDATADIR "/sp1-la/private-key-raw.pem",
+	sp_server = lasso_server_new(
+			SP_METADATA,
+			SP_PKEY,
 			NULL, /* Secret key to unlock private key */
-			TESTSDATADIR "/sp1-la/certificate.pem");
+			NULL);
 	lasso_server_add_provider(
-			server,
+			sp_server,
 			LASSO_PROVIDER_ROLE_IDP,
-			TESTSDATADIR "/idp1-la/metadata.xml",
-			TESTSDATADIR "/idp1-la/public-key.pem",
-			TESTSDATADIR "/ca1-la/certificate.pem");
+			IDP_METADATA,
+			IDP_PKEY,
+			NULL);
+	idp_server = lasso_server_new(
+			IDP_METADATA,
+			IDP_PKEY,
+			NULL, /* Secret key to unlock private key */
+			NULL);
+	lasso_server_add_provider(
+			idp_server,
+			LASSO_PROVIDER_ROLE_SP,
+			SP_METADATA,
+			SP_PKEY,
+			NULL);

 	n = 100;
 	if (argc == 2) {
 		n = atoi(argv[1]);
 	}

-	login = lasso_login_new(server);
-
-	fprintf(stdout, "Generating %d AuthnRequest...\n", n);
-	gettimeofday(&start, NULL);
-	for (i=0; i < n; i++) {
-		fprintf(stderr, ".");
-		lasso_login_init_authn_request(login, "https://idp1/metadata",
-				LASSO_HTTP_METHOD_REDIRECT);
-		request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request);
-		request->IsPassive = 0;
-		request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
-		request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
-		request->ProtocolProfile = g_strdup(LASSO_LIB_PROTOCOL_PROFILE_BRWS_POST);
-		lasso_login_build_authn_request_msg(login);
-		if ((i+1)%70 == 0) {
-			fprintf(stderr, " %d \n", i+1);
-		}
-	}
-	if ((i)%70 != 0) {
-		fprintf(stderr, " %d \n", i);
-	}
-	gettimeofday(&end, NULL);
-	usec = (end.tv_sec*1000000+end.tv_usec)-(start.tv_sec*1000000+start.tv_usec);
-	fprintf(stdout, " total: %.4f seconds (%f request/second) (%.2f ms/request)\n",
-			(double)usec/1000000,
-			(double)n/usec*1000000,
-			(double)usec/1000/n);
-
-	authn_response_msg = create_authn_response_msg(LASSO_PROFILE(login)->msg_url);
-
-	fprintf(stdout, "Processing %d AuthnResponse...\n", n);
-	gettimeofday(&start, NULL);
-	for (i=0; i < n; i++) {
-		fprintf(stderr, ".");
-		lasso_login_process_authn_response_msg(login, authn_response_msg);
-		lasso_login_accept_sso(login);
-		if ((i+1)%70 == 0) {
-			fprintf(stderr, " %d \n", i+1);
-		}
-	}
-	if ((i)%70 != 0) {
-		fprintf(stderr, " %d \n", i);
-	}
-	gettimeofday(&end, NULL);
-	usec = (end.tv_sec*1000000+end.tv_usec)-(start.tv_sec*1000000+start.tv_usec);
-	fprintf(stdout, " total: %.4f seconds (%f request/second) (%.2f ms/request)\n",
-			(double)usec/1000000,
-			(double)n/usec*1000000,
-			(double)usec/1000/n);
-
-	g_free(authn_response_msg);
-
+	sp_login = lasso_login_new(sp_server);
+	idp_login = lasso_login_new(idp_server);

+	timing(n, "Generating %d AuthnRequest...\n", create_authn_request, sp_login, idp_login);
+#if 0
+	printf("%s\n", lasso_node_export_to_xml(sp_login->parent.request));
+#endif
+	timing(n, "Processing %d AuthnRequest...\n", process_authn_request, sp_login, idp_login);
+	timing(n, "Generating %d AuthnResponse...\n", create_authn_response, sp_login, idp_login);
+#if 0
+	printf("%s\n", lasso_node_export_to_xml(idp_login->parent.response));
+#endif
+	timing(n, "Processing %d AuthnResponse...\n", process_authn_response, sp_login, idp_login);

 	return 0;
 }