Add test case for loading server completely from memory
* tests/login_test.c:
- add generateIdentityProviderContextDumpMemory that first load
metadata, private_key and certificate file using g_file_get_contents
then use the created buffers to initialize a LassoServer object.
- add test03_serviceProviderLogin that use the new function.
This commit is contained in:
parent
618639623c
commit
aec50b7a93
|
|
@ -27,6 +27,7 @@
|
|||
#include <check.h>
|
||||
|
||||
#include <lasso/lasso.h>
|
||||
#include <glib.h>
|
||||
|
||||
|
||||
static char*
|
||||
|
|
@ -67,6 +68,33 @@ generateServiceProviderContextDump()
|
|||
return lasso_server_dump(serverContext);
|
||||
}
|
||||
|
||||
static char*
|
||||
generateIdentityProviderContextDumpMemory()
|
||||
{
|
||||
LassoServer *serverContext;
|
||||
char *metadata;
|
||||
char *private_key;
|
||||
char *certificate;
|
||||
guint len;
|
||||
|
||||
g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &metadata, &len, NULL);
|
||||
g_file_get_contents(TESTSDATADIR "/idp1-la/private-key-raw.pem", &private_key, &len, NULL);
|
||||
g_file_get_contents(TESTSDATADIR "/idp1-la/certificate.pem", &certificate, &len, NULL);
|
||||
|
||||
serverContext = lasso_server_new_from_buffers(
|
||||
metadata,
|
||||
private_key,
|
||||
NULL, /* Secret key to unlock private key */
|
||||
certificate);
|
||||
lasso_server_add_provider(
|
||||
serverContext,
|
||||
LASSO_PROVIDER_ROLE_SP,
|
||||
TESTSDATADIR "/sp1-la/metadata.xml",
|
||||
TESTSDATADIR "/sp1-la/public-key.pem",
|
||||
TESTSDATADIR "/ca1-la/certificate.pem");
|
||||
return lasso_server_dump(serverContext);
|
||||
}
|
||||
|
||||
|
||||
START_TEST(test01_generateServersContextDumps)
|
||||
{
|
||||
|
|
@ -221,16 +249,155 @@ START_TEST(test02_serviceProviderLogin)
|
|||
}
|
||||
END_TEST
|
||||
|
||||
START_TEST(test03_serviceProviderLogin)
|
||||
{
|
||||
char *serviceProviderContextDump, *identityProviderContextDump;
|
||||
LassoServer *spContext, *idpContext;
|
||||
LassoLogin *spLoginContext, *idpLoginContext;
|
||||
LassoLibAuthnRequest *request;
|
||||
int rc;
|
||||
char *relayState;
|
||||
char *authnRequestUrl, *authnRequestQuery;
|
||||
char *responseUrl, *responseQuery;
|
||||
char *idpIdentityContextDump, *idpSessionContextDump;
|
||||
char *serviceProviderId, *soapRequestMsg, *soapResponseMsg;
|
||||
char *spIdentityContextDump;
|
||||
char *spSessionDump;
|
||||
int requestType;
|
||||
|
||||
serviceProviderContextDump = generateServiceProviderContextDump();
|
||||
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
|
||||
spLoginContext = lasso_login_new(spContext);
|
||||
fail_unless(spLoginContext != NULL,
|
||||
"lasso_login_new() shouldn't have returned NULL");
|
||||
rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
|
||||
LASSO_HTTP_METHOD_REDIRECT);
|
||||
fail_unless(rc == 0, "lasso_login_init_authn_request failed");
|
||||
request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
|
||||
fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
|
||||
request->IsPassive = 0;
|
||||
request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
|
||||
request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
|
||||
relayState = "fake";
|
||||
request->RelayState = g_strdup(relayState);
|
||||
rc = lasso_login_build_authn_request_msg(spLoginContext);
|
||||
fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
|
||||
authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
|
||||
fail_unless(authnRequestUrl != NULL,
|
||||
"authnRequestUrl shouldn't be NULL");
|
||||
authnRequestQuery = strchr(authnRequestUrl, '?')+1;
|
||||
fail_unless(strlen(authnRequestQuery) > 0,
|
||||
"authnRequestRequest shouldn't be an empty string");
|
||||
|
||||
/* Identity provider singleSignOn, for a user having no federation. */
|
||||
identityProviderContextDump = generateIdentityProviderContextDumpMemory();
|
||||
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
|
||||
idpLoginContext = lasso_login_new(idpContext);
|
||||
fail_unless(idpLoginContext != NULL,
|
||||
"lasso_login_new() shouldn't have returned NULL");
|
||||
rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
|
||||
fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
|
||||
fail_unless(lasso_login_must_authenticate(idpLoginContext),
|
||||
"lasso_login_must_authenticate() should be TRUE");
|
||||
fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART,
|
||||
"protocoleProfile should be ProfileBrwsArt");
|
||||
fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext),
|
||||
"lasso_login_must_ask_for_consent() should be FALSE");
|
||||
rc = lasso_login_validate_request_msg(idpLoginContext,
|
||||
1, /* authentication_result */
|
||||
0 /* is_consent_obtained */
|
||||
);
|
||||
|
||||
rc = lasso_login_build_assertion(idpLoginContext,
|
||||
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
|
||||
"FIXME: authenticationInstant",
|
||||
"FIXME: reauthenticateOnOrAfter",
|
||||
"FIXME: notBefore",
|
||||
"FIXME: notOnOrAfter");
|
||||
rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
|
||||
fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");
|
||||
|
||||
idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
|
||||
fail_unless(idpIdentityContextDump != NULL,
|
||||
"lasso_identity_dump shouldn't return NULL");
|
||||
idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session);
|
||||
fail_unless(idpSessionContextDump != NULL,
|
||||
"lasso_session_dump shouldn't return NULL");
|
||||
responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url;
|
||||
fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL");
|
||||
responseQuery = strchr(responseUrl, '?')+1;
|
||||
fail_unless(strlen(responseQuery) > 0,
|
||||
"responseQuery shouldn't be an empty string");
|
||||
serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
|
||||
fail_unless(serviceProviderId != NULL,
|
||||
"lasso_profile_get_remote_providerID shouldn't return NULL");
|
||||
|
||||
/* Service provider assertion consumer */
|
||||
lasso_server_destroy(spContext);
|
||||
lasso_login_destroy(spLoginContext);
|
||||
|
||||
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
|
||||
spLoginContext = lasso_login_new(spContext);
|
||||
rc = lasso_login_init_request(spLoginContext,
|
||||
responseQuery,
|
||||
LASSO_HTTP_METHOD_REDIRECT);
|
||||
fail_unless(rc == 0, "lasso_login_init_request failed");
|
||||
rc = lasso_login_build_request_msg(spLoginContext);
|
||||
fail_unless(rc == 0, "lasso_login_build_request_msg failed");
|
||||
soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
|
||||
fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");
|
||||
|
||||
/* Identity provider SOAP endpoint */
|
||||
lasso_server_destroy(idpContext);
|
||||
lasso_login_destroy(idpLoginContext);
|
||||
requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg);
|
||||
fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN,
|
||||
"requestType should be LASSO_REQUEST_TYPE_LOGIN");
|
||||
|
||||
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
|
||||
idpLoginContext = lasso_login_new(idpContext);
|
||||
rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
|
||||
fail_unless(rc == 0, "lasso_login_process_request_msg failed");
|
||||
|
||||
rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
|
||||
idpSessionContextDump);
|
||||
fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
|
||||
rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId);
|
||||
fail_unless(rc == 0, "lasso_login_build_response_msg failed");
|
||||
soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body;
|
||||
fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");
|
||||
|
||||
/* Service provider assertion consumer (step 2: process SOAP response) */
|
||||
rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
|
||||
fail_unless(rc == 0, "lasso_login_process_response_msg failed");
|
||||
rc = lasso_login_accept_sso(spLoginContext);
|
||||
fail_unless(rc == 0, "lasso_login_accept_sso failed");
|
||||
fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
|
||||
"spLoginContext has no identity");
|
||||
spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
|
||||
fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed");
|
||||
spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);
|
||||
|
||||
g_free(serviceProviderId);
|
||||
g_free(serviceProviderContextDump);
|
||||
g_free(identityProviderContextDump);
|
||||
lasso_server_destroy(spContext);
|
||||
lasso_server_destroy(idpContext);
|
||||
}
|
||||
END_TEST
|
||||
Suite*
|
||||
login_suite()
|
||||
{
|
||||
Suite *s = suite_create("Login");
|
||||
TCase *tc_generate = tcase_create("Generate Server Contexts");
|
||||
TCase *tc_spLogin = tcase_create("Login initiated by service provider");
|
||||
TCase *tc_spLoginMemory = tcase_create("Login initiated by service provider without key loading");
|
||||
suite_add_tcase(s, tc_generate);
|
||||
suite_add_tcase(s, tc_spLogin);
|
||||
suite_add_tcase(s, tc_spLoginMemory);
|
||||
tcase_add_test(tc_generate, test01_generateServersContextDumps);
|
||||
tcase_add_test(tc_spLogin, test02_serviceProviderLogin);
|
||||
tcase_add_test(tc_spLoginMemory, test03_serviceProviderLogin);
|
||||
return s;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue