summaryrefslogtreecommitdiffstats
path: root/tests/login_tests_saml2.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/login_tests_saml2.c')
-rw-r--r--tests/login_tests_saml2.c114
1 files changed, 46 insertions, 68 deletions
diff --git a/tests/login_tests_saml2.c b/tests/login_tests_saml2.c
index b61959c..2f6d59a 100644
--- a/tests/login_tests_saml2.c
+++ b/tests/login_tests_saml2.c
@@ -190,54 +190,42 @@ START_TEST(test02_saml2_serviceProviderLogin)
idpLoginContext = lasso_login_new(idpContext);
fail_unless(idpLoginContext != NULL,
"lasso_login_new() shouldn't have returned NULL");
- rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
- fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
- fail_unless(lasso_login_must_authenticate(idpLoginContext),
- "lasso_login_must_authenticate() should be TRUE");
- fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART,
- "protocoleProfile should be ProfileBrwsArt");
- fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext),
- "lasso_login_must_ask_for_consent() should be FALSE");
- fail_unless(idpLoginContext->parent.msg_relayState != NULL,
- "lasso_login_process_authn_request_msg should restore the RelayState parameter");
- fail_unless(g_strcmp0(idpLoginContext->parent.msg_relayState, relayState) == 0,
- "lasso_login_process_authn_request_msg should restore the same RelayState thant sent in the request");
- rc = lasso_login_validate_request_msg(idpLoginContext,
+ check_good_rc(lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery));
+ check_true(lasso_login_must_authenticate(idpLoginContext));
+ check_equals(idpLoginContext->protocolProfile, LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART);
+ check_false(lasso_login_must_ask_for_consent(idpLoginContext));
+ check_not_null(idpLoginContext->parent.msg_relayState);
+ check_equals(g_strcmp0(idpLoginContext->parent.msg_relayState, relayState), 0);
+ check_good_rc(lasso_login_validate_request_msg(idpLoginContext,
1, /* authentication_result */
0 /* is_consent_obtained */
- );
+ ));
- rc = lasso_login_build_assertion(idpLoginContext,
+ check_good_rc(lasso_login_build_assertion(idpLoginContext,
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
"FIXME: authenticationInstant",
"FIXME: reauthenticateOnOrAfter",
"FIXME: notBefore",
- "FIXME: notOnOrAfter");
+ "FIXME: notOnOrAfter"));
assertion = (LassoSaml2Assertion*)lasso_login_get_assertion(idpLoginContext);
- fail_unless(LASSO_IS_SAML2_ASSERTION(assertion));
+ check_true(LASSO_IS_SAML2_ASSERTION(assertion));
lasso_saml2_assertion_set_basic_conditions(LASSO_SAML2_ASSERTION(assertion), 60, 120, FALSE);
lasso_release_gobject(assertion);
- rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_ARTIFACT_GET);
- fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");
+ check_good_rc(lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_ARTIFACT_GET));
idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
- fail_unless(idpIdentityContextDump != NULL,
- "lasso_identity_dump shouldn't return NULL");
+ check_not_null(idpIdentityContextDump);
idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session);
- fail_unless(idpSessionContextDump != NULL,
- "lasso_session_dump shouldn't return NULL");
+ check_not_null(idpSessionContextDump);
responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url;
- fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL");
+ check_not_null(responseUrl);
responseQuery = strchr(responseUrl, '?')+1;
fail_unless(strlen(responseQuery) > 0,
"responseQuery shouldn't be an empty string");
- fail_unless(strstr(responseQuery, "RelayState") != NULL,
- "responseQuery should contain a RelayState parameter");
- fail_unless(strstr(responseQuery, "fake%5B%5D") != NULL,
- "responseQuery RelayState parameter should be encoded");
+ check_not_null(strstr(responseQuery, "RelayState"));
+ check_not_null(strstr(responseQuery, "fake%5B%5D"));
lasso_assign_string(serviceProviderId, LASSO_PROFILE(idpLoginContext)->remote_providerID);
- fail_unless(serviceProviderId != NULL,
- "lasso_profile_get_remote_providerID shouldn't return NULL");
+ check_not_null(serviceProviderId);
/* Service provider assertion consumer */
lasso_server_destroy(spContext);
@@ -245,18 +233,14 @@ START_TEST(test02_saml2_serviceProviderLogin)
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
spLoginContext = lasso_login_new_from_dump(spContext, spLoginDump);
- rc = lasso_login_init_request(spLoginContext,
+ check_good_rc(lasso_login_init_request(spLoginContext,
responseQuery,
- LASSO_HTTP_METHOD_ARTIFACT_GET);
- fail_unless(spLoginContext->parent.msg_relayState != NULL,
- "lasso_login_init_request should restore the RelayState parameter");
- fail_unless(g_strcmp0(spLoginContext->parent.msg_relayState, relayState) == 0,
- "lasso_login_init_request should restore the same RelayState thant sent in the request");
- fail_unless(rc == 0, "lasso_login_init_request failed");
- rc = lasso_login_build_request_msg(spLoginContext);
- fail_unless(rc == 0, "lasso_login_build_request_msg failed");
+ LASSO_HTTP_METHOD_ARTIFACT_GET));
+ check_not_null(spLoginContext->parent.msg_relayState);
+ check_equals(g_strcmp0(spLoginContext->parent.msg_relayState, relayState), 0);
+ check_good_rc(lasso_login_build_request_msg(spLoginContext));
soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
- fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");
+ check_not_null(soapRequestMsg);
/* Identity provider SOAP endpoint */
lasso_server_destroy(idpContext);
@@ -265,46 +249,40 @@ START_TEST(test02_saml2_serviceProviderLogin)
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
idpLoginContext = lasso_login_new_from_dump(idpContext, idpLoginDump);
- rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
- fail_unless(rc == 0, "lasso_login_process_request_msg failed");
+ check_good_rc(lasso_login_process_request_msg(idpLoginContext, soapRequestMsg));
- rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
- idpSessionContextDump);
- fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
- rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId);
- fail_unless(rc == 0, "lasso_login_build_response_msg failed");
+ check_good_rc(lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
+ idpSessionContextDump));
+ check_good_rc(lasso_login_build_response_msg(idpLoginContext, serviceProviderId));
soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body;
- fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");
+ check_not_null(soapResponseMsg);
/* Service provider assertion consumer (step 2: process SOAP response) */
- rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
- fail_unless(rc == 0, "lasso_login_process_response_msg failed");
- rc = lasso_login_accept_sso(spLoginContext);
+ check_good_rc(lasso_login_process_response_msg(spLoginContext, soapResponseMsg));
+ check_good_rc(lasso_login_accept_sso(spLoginContext));
assertion = (LassoSaml2Assertion*)lasso_login_get_assertion(spLoginContext);
- fail_unless(LASSO_IS_SAML2_ASSERTION(assertion));
- fail_unless(lasso_saml2_assertion_validate_conditions(assertion, spLoginContext->parent.server->parent.ProviderID) == LASSO_SAML2_ASSERTION_VALID, "assertion conditions check failed");
- fail_unless(lasso_saml2_assertion_validate_conditions(assertion, "coin") == LASSO_SAML2_ASSERTION_INVALID, "assertion conditions did not fail");
+ check_true(LASSO_IS_SAML2_ASSERTION(assertion));
+ check_equals(lasso_saml2_assertion_validate_conditions(assertion,
+ spLoginContext->parent.server->parent.ProviderID),
+ LASSO_SAML2_ASSERTION_VALID);
+ check_equals(lasso_saml2_assertion_validate_conditions(assertion, "coin"), LASSO_SAML2_ASSERTION_INVALID);
lasso_release_gobject(assertion);
- fail_unless(rc == 0, "lasso_login_accept_sso failed");
- fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
- "spLoginContext has no identity");
+ check_not_null(LASSO_PROFILE(spLoginContext)->identity);
spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
- fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed");
+ check_not_null(spIdentityContextDump);
spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);
/* Test InResponseTo checking */
if (! strstr(soapResponseMsg, "EncryptedAssertion")) {
found = strstr(soapResponseMsg, "Assertion");
- fail_unless(found != NULL, "We must find an Assertion");
+ check_not_null(found);
found = strstr(found, "InResponseTo=\"");
- fail_unless(found != NULL, "We must find an InResponseTo attribute");
+ check_not_null(found);
found[sizeof("InResponseTo=\"")] = '?';
lasso_set_flag("no-verify-signature");
- rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
+ check_not_equals(lasso_login_process_response_msg(spLoginContext, soapResponseMsg), 0);
lasso_set_flag("verify-signature");
- fail_unless(rc != 0, "lasso_login_process_response_msg must fail");
- rc = lasso_login_accept_sso(spLoginContext);
- fail_unless(rc != 0, "lasso_login_accept_sso must fail");
+ check_not_equals(lasso_login_accept_sso(spLoginContext), 0);
}
/* logout test */
@@ -324,10 +302,10 @@ START_TEST(test02_saml2_serviceProviderLogin)
/* process the logout request */
check_not_null(spLogoutContext = lasso_logout_new(spContext));
- check_good_rc(rc = lasso_profile_set_session_from_dump(&spLogoutContext->parent, spSessionDump));
- check_good_rc(rc = lasso_logout_process_request_msg(spLogoutContext, logoutRequestQuery));
- check_good_rc(rc = lasso_logout_validate_request(spLogoutContext));
- check_good_rc(rc = lasso_logout_build_response_msg(spLogoutContext));
+ check_good_rc(lasso_profile_set_session_from_dump(&spLogoutContext->parent, spSessionDump));
+ check_good_rc(lasso_logout_process_request_msg(spLogoutContext, logoutRequestQuery));
+ check_good_rc(lasso_logout_validate_request(spLogoutContext));
+ check_good_rc(lasso_logout_build_response_msg(spLogoutContext));
check_not_null(spLogoutContext->parent.msg_url);
check_null(spLogoutContext->parent.msg_body);
check_null(spLogoutContext->parent.msg_relayState);