[tests] add test for rollover on the SP side, i.e. rollover of encryption keys

This test case is the first to abstract the workflow between two
LassoLogin object (for the idp and sp side). This part of the code could
be used to simplify the code of other tests in the future.
This commit is contained in:
Benjamin Dauvergne 2011-11-22 17:42:41 +01:00
parent fd7af65e91
commit 95137b1ad1
8 changed files with 380 additions and 0 deletions

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
LlTxKnCrWAXftSm1rNtewTsF
-----END CERTIFICATE-----

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
LlTxKnCrWAXftSm1rNtewTsF
-----END CERTIFICATE-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICHjCCAYegAwIBAgIJAKCn8J6jYs6kMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
BAoTCkVudHJvdXZlcnQwHhcNMTEwMTE5MjAxNDE2WhcNMTEwMjE4MjAxNDE2WjAV
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDGI2g/WLmdODxhiraxFklG09r6C/yjX06zTt1MapA5+eIcEg2Hp+elCwcCogL1
ZK9/vYlU2yzIGgxV5mVVUybgdQuIvmEi8BlWM4HM5np97J/g6r41vG5auA4ve1Xp
F11rVO9Ru1LIQwMaHXJVf0yojNLH6VOmJU3GDELjKB+VLwIDAQABo3YwdDAdBgNV
HQ4EFgQUssAKE1M50yrgLpqoFzRbSOeZ41swRQYDVR0jBD4wPIAUssAKE1M50yrg
LpqoFzRbSOeZ41uhGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQCgp/Ceo2LO
pDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABPxbVQuuVzkfZFmeUJH
S6WSvTKoEfJKXm7xLB9ChtPixZkPN6XXYaV0zx6cIwiUBi97ijcMU4W/+s5Xn4rB
/HJ2UWPlObpjZOxdl1eGsrTw8l7LWPls1B0b0wYms32q6bDVwPWVlDqc5Z13b9M3
8bNF5SUdZmcRJzk3LKXZ9nkA
-----END CERTIFICATE-----

View File

@ -0,0 +1,88 @@
<?xml version="1.0"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="http://sp11/metadata">
<SPSSODescriptor
AuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIICHjCCAYegAwIBAgIJAKCn8J6jYs6kMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
BAoTCkVudHJvdXZlcnQwHhcNMTEwMTE5MjAxNDE2WhcNMTEwMjE4MjAxNDE2WjAV
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDGI2g/WLmdODxhiraxFklG09r6C/yjX06zTt1MapA5+eIcEg2Hp+elCwcCogL1
ZK9/vYlU2yzIGgxV5mVVUybgdQuIvmEi8BlWM4HM5np97J/g6r41vG5auA4ve1Xp
F11rVO9Ru1LIQwMaHXJVf0yojNLH6VOmJU3GDELjKB+VLwIDAQABo3YwdDAdBgNV
HQ4EFgQUssAKE1M50yrgLpqoFzRbSOeZ41swRQYDVR0jBD4wPIAUssAKE1M50yrg
LpqoFzRbSOeZ41uhGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQCgp/Ceo2LO
pDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABPxbVQuuVzkfZFmeUJH
S6WSvTKoEfJKXm7xLB9ChtPixZkPN6XXYaV0zx6cIwiUBi97ijcMU4W/+s5Xn4rB
/HJ2UWPlObpjZOxdl1eGsrTw8l7LWPls1B0b0wYms32q6bDVwPWVlDqc5Z13b9M3
8bNF5SUdZmcRJzk3LKXZ9nkA
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
LlTxKnCrWAXftSm1rNtewTsF</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://sp11/artifact" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://sp11/singleLogoutSOAP" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://sp11/singleLogout"
ResponseLocation="http://sp11/singleLogoutReturn" />
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://sp11/manageNameIdSOAP" />
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://sp11/manageNameId"
ResponseLocation="http://sp11/manageNameIdReturn" />
<AssertionConsumerService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://sp11/singleSignOnArtifact" />
<AssertionConsumerService index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://sp11/singleSignOnPost" />
<AssertionConsumerService index="2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
Location="http://sp11/singleSignOnSOAP" />
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="en">Example SAML 2.0 metadatas</OrganizationName>
</Organization>
</EntityDescriptor>

View File

@ -0,0 +1,88 @@
<?xml version="1.0"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="http://sp11/metadata">
<SPSSODescriptor
AuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIICHjCCAYegAwIBAgIJAKCn8J6jYs6kMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
BAoTCkVudHJvdXZlcnQwHhcNMTEwMTE5MjAxNDE2WhcNMTEwMjE4MjAxNDE2WjAV
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDGI2g/WLmdODxhiraxFklG09r6C/yjX06zTt1MapA5+eIcEg2Hp+elCwcCogL1
ZK9/vYlU2yzIGgxV5mVVUybgdQuIvmEi8BlWM4HM5np97J/g6r41vG5auA4ve1Xp
F11rVO9Ru1LIQwMaHXJVf0yojNLH6VOmJU3GDELjKB+VLwIDAQABo3YwdDAdBgNV
HQ4EFgQUssAKE1M50yrgLpqoFzRbSOeZ41swRQYDVR0jBD4wPIAUssAKE1M50yrg
LpqoFzRbSOeZ41uhGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQCgp/Ceo2LO
pDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABPxbVQuuVzkfZFmeUJH
S6WSvTKoEfJKXm7xLB9ChtPixZkPN6XXYaV0zx6cIwiUBi97ijcMU4W/+s5Xn4rB
/HJ2UWPlObpjZOxdl1eGsrTw8l7LWPls1B0b0wYms32q6bDVwPWVlDqc5Z13b9M3
8bNF5SUdZmcRJzk3LKXZ9nkA
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
LlTxKnCrWAXftSm1rNtewTsF</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://sp11/artifact" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://sp11/singleLogoutSOAP" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://sp11/singleLogout"
ResponseLocation="http://sp11/singleLogoutReturn" />
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://sp11/manageNameIdSOAP" />
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://sp11/manageNameId"
ResponseLocation="http://sp11/manageNameIdReturn" />
<AssertionConsumerService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://sp11/singleSignOnArtifact" />
<AssertionConsumerService index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://sp11/singleSignOnPost" />
<AssertionConsumerService index="2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
Location="http://sp11/singleSignOnSOAP" />
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="en">Example SAML 2.0 metadatas</OrganizationName>
</Organization>
</EntityDescriptor>

View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDGI2g/WLmdODxhiraxFklG09r6C/yjX06zTt1MapA5+eIcEg2H
p+elCwcCogL1ZK9/vYlU2yzIGgxV5mVVUybgdQuIvmEi8BlWM4HM5np97J/g6r41
vG5auA4ve1XpF11rVO9Ru1LIQwMaHXJVf0yojNLH6VOmJU3GDELjKB+VLwIDAQAB
AoGAKqJ3zhmzZwcwxvRoN1bKUblIh0GJDUZ20tKHf+f2PONuKgggbS5OBA+JZKGj
7VXLBbutD1tSGYSxXtKCv4dy97xDWlsWmc9AhWss0i7bYMQ+bps0buCtLclrBbOA
5N9/NU1j2E+V7CStQ8C7P3DbEjYuwm9lB+A85HFaONXhT5ECQQDzAKw8j/+6M5Ib
asuO+Vj7WIelVaXJ2pjLrf78pQInYt1elO/bqqi4AMJu953OIY7dlDKlu1BPd+9J
5/lrw6q7AkEA0LxtXRfiJrcZdQf8X6Uq51hceQSbnkWB+d4CREMtAK2tpbsb/kJc
INvG2ncVb0MUbv/6jrlHZf7/oua6PpbaHQJBANpHT2+zVd33dxXjr2gFeTWFh4sv
TRXtovTKndJpkm64surD1FU4jgeCvySYjorbwA4vkfMnN/O6Yxq7ImP3xgMCQQDP
TYOTxAd/CbNHrnGvj7qnXfMg4TmoG0H1pM49ezWzicl+YfBwOPmETKEWENSB1m3x
u1nc6xeErZa280yeonTlAkAHzm/BUqAY8I1IMQMcNn4db9CJK3pRHRHjPxYMClWK
TPsLK5iak13+EZ6r9Lej/i1J4cujVh7ijA7J9zH+01Ve
-----END RSA PRIVATE KEY-----

View File

@ -799,6 +799,107 @@ START_TEST(test05_sso_idp_with_key_rollover)
}
END_TEST
#define make_context(ctx, server_prefix, server_suffix, provider_role, \
provider_prefix, provider_suffix) \
ctx = lasso_server_new( \
TESTSDATADIR server_prefix "/metadata" server_suffix ".xml", \
TESTSDATADIR server_prefix "/private-key" server_suffix ".pem", \
NULL, /* Secret key to unlock private key */ \
TESTSDATADIR server_prefix "/certificate" server_suffix ".pem"); \
check_not_null(ctx); \
check_good_rc(lasso_server_add_provider( \
ctx, \
provider_role, \
TESTSDATADIR provider_prefix "/metadata" provider_suffix ".xml", \
NULL, \
NULL)); \
providers = g_hash_table_get_values(ctx->providers); \
check_not_null(providers); \
lasso_provider_set_encryption_mode(LASSO_PROVIDER(providers->data), \
LASSO_ENCRYPTION_MODE_ASSERTION | LASSO_ENCRYPTION_MODE_NAMEID); \
g_list_free(providers);
void
sso_sp_with_key_rollover(LassoServer *idp_context, LassoServer *sp_context)
{
LassoLogin *idp_login_context;
LassoLogin *sp_login_context;
check_not_null(idp_login_context = lasso_login_new(idp_context));
check_not_null(sp_login_context = lasso_login_new(sp_context))
/* Create response */
check_good_rc(lasso_login_init_idp_initiated_authn_request(idp_login_context,
"http://sp11/metadata"));
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(idp_login_context->parent.request)->ProtocolBinding,
LASSO_SAML2_METADATA_BINDING_POST);
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(idp_login_context->parent.request)->NameIDPolicy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT);
LASSO_SAMLP2_AUTHN_REQUEST(idp_login_context->parent.request)->NameIDPolicy->AllowCreate = 1;
check_good_rc(lasso_login_process_authn_request_msg(idp_login_context, NULL));
check_good_rc(lasso_login_validate_request_msg(idp_login_context,
1, /* authentication_result */
0 /* is_consent_obtained */
));
check_good_rc(lasso_login_build_assertion(idp_login_context,
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
"FIXME: authenticationInstant",
"FIXME: reauthenticateOnOrAfter",
"FIXME: notBefore",
"FIXME: notOnOrAfter"));
check_good_rc(lasso_login_build_authn_response_msg(idp_login_context));
check_not_null(idp_login_context->parent.msg_body);
check_not_null(idp_login_context->parent.msg_url);
/* Process response */
check_good_rc(lasso_login_process_authn_response_msg(sp_login_context,
idp_login_context->parent.msg_body));
check_good_rc(lasso_login_accept_sso(sp_login_context));
/* Cleanup */
lasso_release_gobject(idp_login_context);
lasso_release_gobject(sp_login_context);
}
START_TEST(test06_sso_sp_with_key_rollover)
{
LassoServer *idp_context_before_rollover = NULL;
LassoServer *idp_context_after_rollover = NULL;
LassoServer *sp_context_before_rollover = NULL;
LassoServer *sp_context_after_rollover = NULL;
GList *providers;
/* Create an IdP context for IdP initiated SSO with provider metadata 1 */
make_context(idp_context_before_rollover, "idp6-saml2", "", LASSO_PROVIDER_ROLE_SP,
"sp11-multikey-saml2", "-before-rollover")
make_context(idp_context_after_rollover, "idp6-saml2", "", LASSO_PROVIDER_ROLE_SP,
"sp11-multikey-saml2", "-after-rollover")
make_context(sp_context_before_rollover, "sp11-multikey-saml2", "-before-rollover",
LASSO_PROVIDER_ROLE_IDP, "idp6-saml2", "")
lasso_server_set_encryption_private_key(sp_context_before_rollover,
TESTSDATADIR "sp11-multikey-saml2/private-key-after-rollover.pem");
make_context(sp_context_after_rollover, "sp11-multikey-saml2", "-after-rollover",
LASSO_PROVIDER_ROLE_IDP, "idp6-saml2", "")
lasso_server_set_encryption_private_key(sp_context_after_rollover,
TESTSDATADIR "sp11-multikey-saml2/private-key-before-rollover.pem");
/* Tests... */
sso_sp_with_key_rollover(idp_context_before_rollover, sp_context_before_rollover);
sso_sp_with_key_rollover(idp_context_after_rollover, sp_context_before_rollover);
sso_sp_with_key_rollover(idp_context_before_rollover, sp_context_after_rollover);
sso_sp_with_key_rollover(idp_context_after_rollover, sp_context_after_rollover);
/* Cleanup */
lasso_release_gobject(idp_context_before_rollover);
lasso_release_gobject(idp_context_after_rollover);
lasso_release_gobject(sp_context_before_rollover);
lasso_release_gobject(sp_context_after_rollover);
}
END_TEST
Suite*
login_saml2_suite()
{
@ -808,16 +909,19 @@ login_saml2_suite()
TCase *tc_spLoginMemory = tcase_create("Login initiated by service provider without key loading");
TCase *tc_spSloSoap = tcase_create("Login initiated by service provider without key loading and with SLO SOAP");
TCase *tc_idpKeyRollover = tcase_create("Login initiated by idp, idp use two differents signing keys (simulate key roll-over)");
TCase *tc_spKeyRollover = tcase_create("Login initiated by idp, sp use two differents encrypting keys (simulate key roll-over)");
suite_add_tcase(s, tc_generate);
suite_add_tcase(s, tc_spLogin);
suite_add_tcase(s, tc_spLoginMemory);
suite_add_tcase(s, tc_spSloSoap);
suite_add_tcase(s, tc_idpKeyRollover);
suite_add_tcase(s, tc_spKeyRollover);
tcase_add_test(tc_generate, test01_saml2_generateServersContextDumps);
tcase_add_test(tc_spLogin, test02_saml2_serviceProviderLogin);
tcase_add_test(tc_spLoginMemory, test03_saml2_serviceProviderLogin);
tcase_add_test(tc_spSloSoap, test04_sso_then_slo_soap);
tcase_add_test(tc_idpKeyRollover, test05_sso_idp_with_key_rollover);
tcase_add_test(tc_spKeyRollover, test06_sso_sp_with_key_rollover);
return s;
}