1278 |
1278 |
check_str_equals((char*)g_list_nth(ecp->known_idp_entity_ids_supporting_ecp, 0)->data, "http://idp5/metadata");
|
1279 |
1279 |
}
|
1280 |
1280 |
|
1281 |
|
void test_ecp(EcpIdpListVariant ecpIDPListVariant)
|
|
1281 |
void test_ecp(EcpIdpListVariant ecpIDPListVariant,
|
|
1282 |
LassoProfileSignatureHint signature_hint,
|
|
1283 |
LassoProfileSignatureVerifyHint signature_verify_hint)
|
1282 |
1284 |
{
|
1283 |
1285 |
char *serviceProviderContextDump = NULL, *identityProviderContextDump = NULL;
|
1284 |
1286 |
LassoServer *spContext = NULL, *ecpContext=NULL, *idpContext = NULL;
|
... | ... | |
1286 |
1288 |
LassoEcp *ecp = NULL;
|
1287 |
1289 |
LassoSamlp2AuthnRequest *request = NULL;
|
1288 |
1290 |
gboolean is_passive = FALSE;
|
1289 |
|
char *provider_name = NULL;
|
|
1291 |
char *provider_name = NULL;
|
1290 |
1292 |
char *relayState = NULL;
|
1291 |
1293 |
char *messageID = NULL;
|
1292 |
1294 |
char *extracted_messageID = NULL;
|
... | ... | |
1296 |
1298 |
char *ecpPaosResponseMsg = NULL;
|
1297 |
1299 |
char *spLoginDump = NULL;
|
1298 |
1300 |
LassoSaml2Assertion *assertion;
|
1299 |
|
LassoSamlp2IDPList *idp_list = NULL;
|
|
1301 |
LassoSamlp2IDPList *idp_list = NULL;
|
1300 |
1302 |
|
1301 |
1303 |
/*
|
1302 |
1304 |
* SAML2 Profile for ECP (Section 4.2) defines these steps for an ECP
|
... | ... | |
1322 |
1324 |
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
|
1323 |
1325 |
spLoginContext = lasso_login_new(spContext);
|
1324 |
1326 |
check_not_null(spLoginContext);
|
|
1327 |
lasso_profile_set_signature_hint(LASSO_PROFILE(spLoginContext), signature_hint);
|
|
1328 |
lasso_profile_set_signature_verify_hint(LASSO_PROFILE(spLoginContext), signature_verify_hint);
|
1325 |
1329 |
|
1326 |
1330 |
check_good_rc(lasso_login_init_authn_request(spLoginContext, "http://idp5/metadata",
|
1327 |
1331 |
LASSO_HTTP_METHOD_PAOS));
|
... | ... | |
1419 |
1423 |
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
|
1420 |
1424 |
idpLoginContext = lasso_login_new(idpContext);
|
1421 |
1425 |
check_not_null(idpLoginContext);
|
|
1426 |
lasso_profile_set_signature_hint(LASSO_PROFILE(idpLoginContext), signature_hint);
|
|
1427 |
lasso_profile_set_signature_verify_hint(LASSO_PROFILE(idpLoginContext), signature_verify_hint);
|
1422 |
1428 |
|
1423 |
1429 |
/* Parse the ecpSoapRequestMsg */
|
1424 |
1430 |
check_good_rc(lasso_login_process_authn_request_msg(idpLoginContext, ecpSoapRequestMsg));
|
... | ... | |
1465 |
1471 |
check_str_equals(ecp->relaystate, relayState);
|
1466 |
1472 |
check_str_equals(ecp->issuer->content, "http://sp5/metadata");
|
1467 |
1473 |
check_str_equals(ecp->provider_name, provider_name);
|
1468 |
|
check_equals(ecp->is_passive, is_passive);
|
|
1474 |
check_equals(ecp->is_passive, is_passive);
|
1469 |
1475 |
|
1470 |
1476 |
/* Validate ECP IdP list info */
|
1471 |
1477 |
validate_idp_list(ecp, ecpIDPListVariant, idp_list);
|
... | ... | |
1480 |
1486 |
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
|
1481 |
1487 |
spLoginContext = lasso_login_new(spContext);
|
1482 |
1488 |
check_not_null(spLoginContext);
|
|
1489 |
lasso_profile_set_signature_hint(LASSO_PROFILE(spLoginContext), signature_hint);
|
|
1490 |
lasso_profile_set_signature_verify_hint(LASSO_PROFILE(spLoginContext), signature_verify_hint);
|
1483 |
1491 |
|
1484 |
1492 |
/* Parse the ecpPaosResponseMsg */
|
1485 |
1493 |
check_good_rc(lasso_login_process_paos_response_msg(spLoginContext, ecpPaosResponseMsg));
|
... | ... | |
1515 |
1523 |
|
1516 |
1524 |
START_TEST(test09_ecp)
|
1517 |
1525 |
{
|
1518 |
|
test_ecp(ECP_IDP_LIST_NONE);
|
|
1526 |
test_ecp(ECP_IDP_LIST_NONE,
|
|
1527 |
LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
|
|
1528 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
|
1519 |
1529 |
}
|
1520 |
1530 |
END_TEST
|
1521 |
1531 |
|
1522 |
1532 |
START_TEST(test10_ecp)
|
1523 |
1533 |
{
|
1524 |
|
test_ecp(ECP_IDP_LIST_ECP);
|
|
1534 |
test_ecp(ECP_IDP_LIST_ECP,
|
|
1535 |
LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
|
|
1536 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
|
1525 |
1537 |
}
|
1526 |
1538 |
END_TEST
|
1527 |
1539 |
|
1528 |
1540 |
START_TEST(test11_ecp)
|
1529 |
1541 |
{
|
1530 |
|
test_ecp(ECP_IDP_LIST_BOGUS);
|
|
1542 |
test_ecp(ECP_IDP_LIST_BOGUS,
|
|
1543 |
LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
|
|
1544 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
|
|
1545 |
}
|
|
1546 |
END_TEST
|
|
1547 |
|
|
1548 |
START_TEST(test12_ecp)
|
|
1549 |
{
|
|
1550 |
/* Maybe Sign */
|
|
1551 |
test_ecp(ECP_IDP_LIST_NONE,
|
|
1552 |
LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
|
|
1553 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
|
|
1554 |
|
|
1555 |
test_ecp(ECP_IDP_LIST_NONE,
|
|
1556 |
LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
|
|
1557 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE);
|
|
1558 |
|
|
1559 |
test_ecp(ECP_IDP_LIST_NONE,
|
|
1560 |
LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
|
|
1561 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
|
|
1562 |
|
|
1563 |
/* Force Sign */
|
|
1564 |
test_ecp(ECP_IDP_LIST_NONE,
|
|
1565 |
LASSO_PROFILE_SIGNATURE_HINT_FORCE,
|
|
1566 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
|
|
1567 |
|
|
1568 |
test_ecp(ECP_IDP_LIST_NONE,
|
|
1569 |
LASSO_PROFILE_SIGNATURE_HINT_FORCE,
|
|
1570 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE);
|
|
1571 |
|
|
1572 |
test_ecp(ECP_IDP_LIST_NONE,
|
|
1573 |
LASSO_PROFILE_SIGNATURE_HINT_FORCE,
|
|
1574 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
|
|
1575 |
|
|
1576 |
/* Forbid Sign */
|
|
1577 |
test_ecp(ECP_IDP_LIST_NONE,
|
|
1578 |
LASSO_PROFILE_SIGNATURE_HINT_FORBID,
|
|
1579 |
LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
|
|
1580 |
|
1531 |
1581 |
}
|
1532 |
1582 |
END_TEST
|
1533 |
1583 |
|
... | ... | |
1538 |
1588 |
lasso_release_string(dump)
|
1539 |
1589 |
}
|
1540 |
1590 |
|
1541 |
|
START_TEST(test12_sso_sp_with_rsa_sha256_signatures)
|
|
1591 |
START_TEST(test13_sso_sp_with_rsa_sha256_signatures)
|
1542 |
1592 |
{
|
1543 |
1593 |
LassoServer *idp_context = NULL;
|
1544 |
1594 |
LassoServer *sp_context = NULL;
|
... | ... | |
1595 |
1645 |
tcase_add_test(tc_ecp, test09_ecp);
|
1596 |
1646 |
tcase_add_test(tc_ecp, test10_ecp);
|
1597 |
1647 |
tcase_add_test(tc_ecp, test11_ecp);
|
1598 |
|
tcase_add_test(tc_spLogin, test12_sso_sp_with_rsa_sha256_signatures);
|
|
1648 |
tcase_add_test(tc_ecp, test12_ecp);
|
|
1649 |
tcase_add_test(tc_spLogin, test13_sso_sp_with_rsa_sha256_signatures);
|
1599 |
1650 |
return s;
|
1600 |
1651 |
}
|
1601 |
1652 |
|
1602 |
|
-
|