1 /*
2 * Lasso library C unit tests
3 *
4 * Copyright (C) 2004-2007 Entr'ouvert
5 * http://lasso.entrouvert.org
6 *
7 * Authors: See AUTHORS file in top-level directory.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include <stdlib.h>
24 #include <string.h>
25
26 #include <check.h>
27
28 #include "../lasso/lasso.h"
29 #include <glib.h>
30 #include "../lasso/utils.h"
31 #include "../lasso/backward_comp.h"
32 #include "tests.h"
33 #include "../bindings/ghashtable.h"
34
35 static char*
generateIdentityProviderContextDump()36 generateIdentityProviderContextDump()
37 {
38 LassoServer *serverContext;
39 char *ret;
40
41 serverContext = lasso_server_new(
42 TESTSDATADIR "/idp1-la/metadata.xml",
43 TESTSDATADIR "/idp1-la/private-key-raw.pem",
44 NULL, /* Secret key to unlock private key */
45 TESTSDATADIR "/idp1-la/certificate.pem");
46 check_not_null(serverContext);
47 check_good_rc(lasso_server_add_provider(
48 serverContext,
49 LASSO_PROVIDER_ROLE_SP,
50 TESTSDATADIR "/sp1-la/metadata.xml",
51 TESTSDATADIR "/sp1-la/public-key.pem",
52 TESTSDATADIR "/ca1-la/certificate.pem"));
53 ret = lasso_server_dump(serverContext);
54 check_not_null(ret);
55 g_object_unref(serverContext);
56
57 return ret;
58 }
59
60 static char*
generateServiceProviderContextDump()61 generateServiceProviderContextDump()
62 {
63 LassoServer *serverContext;
64 char *ret;
65
66 serverContext = lasso_server_new(
67 TESTSDATADIR "/sp1-la/metadata.xml",
68 TESTSDATADIR "/sp1-la/private-key-raw.pem",
69 NULL, /* Secret key to unlock private key */
70 TESTSDATADIR "/sp1-la/certificate.pem");
71 check_not_null(serverContext);
72 check_good_rc(lasso_server_add_provider(
73 serverContext,
74 LASSO_PROVIDER_ROLE_IDP,
75 TESTSDATADIR "/idp1-la/metadata.xml",
76 TESTSDATADIR "/idp1-la/public-key.pem",
77 TESTSDATADIR "/ca1-la/certificate.pem"));
78
79 ret = lasso_server_dump(serverContext);
80 check_not_null(ret);
81 g_object_unref(serverContext);
82 return ret;
83 }
84
85 static char*
generateIdentityProviderContextDumpMemory()86 generateIdentityProviderContextDumpMemory()
87 {
88 LassoServer *serverContext;
89 char *metadata;
90 char *private_key;
91 char *certificate;
92 size_t len;
93 char *ret;
94
95 g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &metadata, &len, NULL);
96 g_file_get_contents(TESTSDATADIR "/idp1-la/private-key-raw.pem", &private_key, &len, NULL);
97 g_file_get_contents(TESTSDATADIR "/idp1-la/certificate.pem", &certificate, &len, NULL);
98
99 serverContext = lasso_server_new_from_buffers(
100 metadata,
101 private_key,
102 NULL, /* Secret key to unlock private key */
103 certificate);
104 lasso_server_add_provider(
105 serverContext,
106 LASSO_PROVIDER_ROLE_SP,
107 TESTSDATADIR "/sp1-la/metadata.xml",
108 TESTSDATADIR "/sp1-la/public-key.pem",
109 TESTSDATADIR "/ca1-la/certificate.pem");
110 g_free(metadata);
111 g_free(private_key);
112 g_free(certificate);
113 ret = lasso_server_dump(serverContext);
114 g_object_unref(serverContext);
115 return ret;
116 }
117
118
START_TEST(test01_generateServersContextDumps)119 START_TEST(test01_generateServersContextDumps)
120 {
121 char *identityProviderContextDump;
122 char *serviceProviderContextDump;
123
124 identityProviderContextDump = generateIdentityProviderContextDump();
125 fail_unless(identityProviderContextDump != NULL,
126 "generateIdentityProviderContextDump should not return NULL");
127 g_free(identityProviderContextDump);
128 serviceProviderContextDump = generateServiceProviderContextDump();
129 fail_unless(serviceProviderContextDump != NULL,
130 "generateServiceProviderContextDump should not return NULL");
131 g_free(serviceProviderContextDump);
132 }
133 END_TEST
134
START_TEST(test02_serviceProviderLogin)135 START_TEST(test02_serviceProviderLogin)
136 {
137 char *serviceProviderContextDump, *identityProviderContextDump;
138 LassoServer *spContext, *idpContext;
139 LassoLogin *spLoginContext, *idpLoginContext;
140 LassoLibAuthnRequest *request;
141 int rc = 0;
142 char *relayState;
143 char *authnRequestUrl, *authnRequestQuery;
144 char *responseUrl, *responseQuery;
145 char *idpIdentityContextDump, *idpSessionContextDump;
146 char *serviceProviderId, *soapRequestMsg, *soapResponseMsg;
147 char *spIdentityContextDump;
148 char *spSessionDump;
149 char *spLoginDump;
150 int requestType;
151 char *found;
152 char *artifact_message;
153 char *artifact;
154
155 serviceProviderContextDump = generateServiceProviderContextDump();
156 spContext = lasso_server_new_from_dump(serviceProviderContextDump);
157 spLoginContext = lasso_login_new(spContext);
158 fail_unless(spLoginContext != NULL,
159 "lasso_login_new() shouldn't have returned NULL");
160 check_good_rc(lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
161 LASSO_HTTP_METHOD_REDIRECT));
162 request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
163 fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
164 request->IsPassive = 0;
165 request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
166 request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
167 relayState = "fake[]";
168 request->RelayState = g_strdup(relayState);
169 check_good_rc(lasso_login_build_authn_request_msg(spLoginContext));
170 authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
171 fail_unless(authnRequestUrl != NULL,
172 "authnRequestUrl shouldn't be NULL");
173 authnRequestQuery = strchr(authnRequestUrl, '?')+1;
174 fail_unless(strlen(authnRequestQuery) > 0,
175 "authnRequestQuery shouldn't be an empty string");
176 spLoginDump = lasso_node_dump(LASSO_NODE(spLoginContext));
177 fail_unless(strstr(authnRequestQuery, "RelayState") != NULL,
178 "authnRequestQuery should contain a RelayState parameter");
179 fail_unless(strstr(authnRequestQuery, "fake%5B%5D") != NULL,
180 "authnRequestQuery RelayState parameter should be encoded");
181
182 /* Identity provider singleSignOn, for a user having no federation. */
183 identityProviderContextDump = generateIdentityProviderContextDump();
184 idpContext = lasso_server_new_from_dump(identityProviderContextDump);
185 idpLoginContext = lasso_login_new(idpContext);
186 fail_unless(idpLoginContext != NULL,
187 "lasso_login_new() shouldn't have returned NULL");
188 check_good_rc(lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery));
189 fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
190 fail_unless(lasso_login_must_authenticate(idpLoginContext),
191 "lasso_login_must_authenticate() should be TRUE");
192 fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART,
193 "protocoleProfile should be ProfileBrwsArt");
194 fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext),
195 "lasso_login_must_ask_for_consent() should be FALSE");
196 fail_unless(idpLoginContext->parent.msg_relayState != NULL,
197 "lasso_login_process_authn_request_msg should restore the RelayState parameter");
198 fail_unless(lasso_strisequal(idpLoginContext->parent.msg_relayState,relayState),
199 "lasso_login_process_authn_request_msg should restore the same RelayState thant sent in the request");
200 check_good_rc(lasso_login_validate_request_msg(idpLoginContext,
201 1, /* authentication_result */
202 0 /* is_consent_obtained */
203 ));
204
205 check_good_rc(lasso_login_build_assertion(idpLoginContext,
206 LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
207 "FIXME: authenticationInstant",
208 "FIXME: reauthenticateOnOrAfter",
209 "FIXME: notBefore",
210 "FIXME: notOnOrAfter"));
211 check_good_rc(lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT));
212
213 idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
214 fail_unless(idpIdentityContextDump != NULL,
215 "lasso_identity_dump shouldn't return NULL");
216 idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session);
217 fail_unless(idpSessionContextDump != NULL,
218 "lasso_session_dump shouldn't return NULL");
219 responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url;
220 fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL");
221 responseQuery = strchr(responseUrl, '?')+1;
222 fail_unless(strlen(responseQuery) > 0,
223 "responseQuery shouldn't be an empty string");
224 fail_unless(strstr(responseQuery, "RelayState") != NULL,
225 "responseQuery should contain a RelayState parameter");
226 fail_unless(strstr(responseQuery, "fake%5B%5D") != NULL,
227 "responseQuery RelayState parameter should be encoded");
228 serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
229 fail_unless(serviceProviderId != NULL,
230 "lasso_profile_get_remote_providerID shouldn't return NULL");
231 if (lasso_flag_thin_sessions) {
232 /* when using thin sessions, the way artifact message is constructed changes as the
233 * session no more contains full assertions. */
234 artifact = g_strdup(lasso_profile_get_artifact(&idpLoginContext->parent));
235 artifact_message = g_strdup(lasso_profile_get_artifact_message(&idpLoginContext->parent));
236 }
237
238 /* Service provider assertion consumer */
239 lasso_server_destroy(spContext);
240 lasso_login_destroy(spLoginContext);
241
242 spContext = lasso_server_new_from_dump(serviceProviderContextDump);
243 check_true(LASSO_IS_SERVER(spContext));
244 spLoginContext = lasso_login_new_from_dump(spContext, spLoginDump);
245 check_true(LASSO_IS_LOGIN(spLoginContext));
246 check_good_rc(lasso_login_init_request(spLoginContext,
247 responseQuery,
248 LASSO_HTTP_METHOD_REDIRECT));
249 fail_unless(spLoginContext->parent.msg_relayState != NULL,
250 "lasso_login_init_request should restore the RelayState parameter");
251 fail_unless(lasso_strisequal(spLoginContext->parent.msg_relayState,relayState),
252 "lasso_login_init_request should restore the same RelayState thant sent in the request");
253 fail_unless(rc == 0, "lasso_login_init_request failed");
254 check_good_rc(lasso_login_build_request_msg(spLoginContext));
255 fail_unless(rc == 0, "lasso_login_build_request_msg failed");
256 soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
257 fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");
258
259 /* Identity provider SOAP endpoint */
260 lasso_server_destroy(idpContext);
261 lasso_login_destroy(idpLoginContext);
262 requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg);
263 fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN,
264 "requestType should be LASSO_REQUEST_TYPE_LOGIN");
265
266 idpContext = lasso_server_new_from_dump(identityProviderContextDump);
267 check_true(LASSO_IS_SERVER(idpContext));
268 idpLoginContext = lasso_login_new(idpContext);
269 check_true(LASSO_IS_LOGIN(idpLoginContext));
270 check_good_rc(lasso_login_process_request_msg(idpLoginContext, soapRequestMsg));
271 if (lasso_flag_thin_sessions) {
272 check_str_equals(idpLoginContext->assertionArtifact, artifact);
273 lasso_profile_set_artifact_message(&idpLoginContext->parent, artifact_message);
274 }
275 check_good_rc(lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
276 idpSessionContextDump));
277 check_good_rc(lasso_login_build_response_msg(idpLoginContext, serviceProviderId));
278 soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body;
279 fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");
280
281 /* Service provider assertion consumer (step 2: process SOAP response) */
282 check_good_rc(lasso_login_process_response_msg(spLoginContext, soapResponseMsg));
283 check_good_rc(lasso_login_accept_sso(spLoginContext));
284 fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
285 "spLoginContext has no identity");
286 spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
287 check_not_null(spIdentityContextDump);
288 spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);
289 check_not_null(spSessionDump);
290
291 /* Test InResponseTo checking */
292 found = strstr(soapResponseMsg, "Assertion");
293 fail_unless(found != NULL, "We must find an Assertion");
294 found = strstr(found, "InResponseTo=\"");
295 fail_unless(found != NULL, "We must find an InResponseTo attribute");
296 found[sizeof("InResponseTo=\"")] = '?';
297 lasso_set_flag("no-verify-signature");
298 begin_check_do_log(NULL, G_LOG_LEVEL_CRITICAL, " If inResponseTo attribute is present, a matching "
299 "request must be present too in the LassoLogin object", TRUE);
300 check_not_equals(lasso_login_process_response_msg(spLoginContext, soapResponseMsg), 0);
301 end_check_do_log(NULL);
302 lasso_set_flag("verify-signature");
303 check_good_rc(lasso_login_accept_sso(spLoginContext));
304 fail_unless(rc == 0, "lasso_login_accept_sso must fail");
305
306 g_free(spLoginDump);
307 g_free(serviceProviderId);
308 g_free(serviceProviderContextDump);
309 g_free(identityProviderContextDump);
310 g_free(idpSessionContextDump);
311 g_free(idpIdentityContextDump);
312 g_free(spIdentityContextDump);
313 g_free(spSessionDump);
314 g_object_unref(spContext);
315 g_object_unref(idpContext);
316 g_object_unref(spLoginContext);
317 g_object_unref(idpLoginContext);
318 }
319 END_TEST
320
START_TEST(test03_serviceProviderLogin)321 START_TEST(test03_serviceProviderLogin)
322 {
323 char *serviceProviderContextDump, *identityProviderContextDump;
324 LassoServer *spContext, *idpContext;
325 LassoLogin *spLoginContext, *idpLoginContext;
326 LassoLibAuthnRequest *request;
327 int rc = 0;
328 char *relayState;
329 char *authnRequestUrl, *authnRequestQuery;
330 char *responseUrl, *responseQuery;
331 char *idpIdentityContextDump, *idpSessionContextDump;
332 char *serviceProviderId, *soapRequestMsg, *soapResponseMsg;
333 char *spIdentityContextDump;
334 char *spSessionDump;
335 int requestType;
336 char *artifact_message;
337 char *artifact;
338
339 serviceProviderContextDump = generateServiceProviderContextDump();
340 spContext = lasso_server_new_from_dump(serviceProviderContextDump);
341 spLoginContext = lasso_login_new(spContext);
342 fail_unless(spLoginContext != NULL,
343 "lasso_login_new() shouldn't have returned NULL");
344 rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
345 LASSO_HTTP_METHOD_REDIRECT);
346 fail_unless(rc == 0, "lasso_login_init_authn_request failed");
347 request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
348 fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
349 request->IsPassive = 0;
350 request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
351 request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
352 relayState = "fake";
353 request->RelayState = g_strdup(relayState);
354 rc = lasso_login_build_authn_request_msg(spLoginContext);
355 fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
356 authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
357 fail_unless(authnRequestUrl != NULL,
358 "authnRequestUrl shouldn't be NULL");
359 authnRequestQuery = strchr(authnRequestUrl, '?')+1;
360 fail_unless(strlen(authnRequestQuery) > 0,
361 "authnRequestRequest shouldn't be an empty string");
362
363 /* Identity provider singleSignOn, for a user having no federation. */
364 identityProviderContextDump = generateIdentityProviderContextDumpMemory();
365 idpContext = lasso_server_new_from_dump(identityProviderContextDump);
366 idpLoginContext = lasso_login_new(idpContext);
367 fail_unless(idpLoginContext != NULL,
368 "lasso_login_new() shouldn't have returned NULL");
369 rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
370 fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
371 fail_unless(lasso_login_must_authenticate(idpLoginContext),
372 "lasso_login_must_authenticate() should be TRUE");
373 fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART,
374 "protocoleProfile should be ProfileBrwsArt");
375 fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext),
376 "lasso_login_must_ask_for_consent() should be FALSE");
377 rc = lasso_login_validate_request_msg(idpLoginContext,
378 1, /* authentication_result */
379 0 /* is_consent_obtained */
380 );
381 rc = lasso_login_build_assertion(idpLoginContext,
382 LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
383 "FIXME: authenticationInstant",
384 "FIXME: reauthenticateOnOrAfter",
385 "FIXME: notBefore",
386 "FIXME: notOnOrAfter");
387 rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
388 fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");
389 idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
390 fail_unless(idpIdentityContextDump != NULL,
391 "lasso_identity_dump shouldn't return NULL");
392 idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session);
393 fail_unless(idpSessionContextDump != NULL,
394 "lasso_session_dump shouldn't return NULL");
395 responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url;
396 fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL");
397 responseQuery = strchr(responseUrl, '?')+1;
398 fail_unless(strlen(responseQuery) > 0,
399 "responseQuery shouldn't be an empty string");
400 serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
401 fail_unless(serviceProviderId != NULL,
402 "lasso_profile_get_remote_providerID shouldn't return NULL");
403 if (lasso_flag_thin_sessions) {
404 /* when using thin sessions, the way artifact message is constructed changes as the
405 * session no more contains full assertions. */
406 artifact = g_strdup(lasso_profile_get_artifact(&idpLoginContext->parent));
407 artifact_message = g_strdup(lasso_profile_get_artifact_message(&idpLoginContext->parent));
408 }
409
410 /* Service provider assertion consumer */
411 lasso_server_destroy(spContext);
412 lasso_login_destroy(spLoginContext);
413
414 spContext = lasso_server_new_from_dump(serviceProviderContextDump);
415 spLoginContext = lasso_login_new(spContext);
416 rc = lasso_login_init_request(spLoginContext,
417 responseQuery,
418 LASSO_HTTP_METHOD_REDIRECT);
419 fail_unless(rc == 0, "lasso_login_init_request failed");
420 rc = lasso_login_build_request_msg(spLoginContext);
421 fail_unless(rc == 0, "lasso_login_build_request_msg failed");
422 soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
423 fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");
424
425 /* Identity provider SOAP endpoint */
426 lasso_server_destroy(idpContext);
427 lasso_login_destroy(idpLoginContext);
428 requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg);
429 fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN,
430 "requestType should be LASSO_REQUEST_TYPE_LOGIN");
431
432 idpContext = lasso_server_new_from_dump(identityProviderContextDump);
433 idpLoginContext = lasso_login_new(idpContext);
434 rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
435 fail_unless(rc == 0, "lasso_login_process_request_msg failed");
436 if (lasso_flag_thin_sessions) {
437 check_str_equals(idpLoginContext->assertionArtifact, artifact);
438 lasso_profile_set_artifact_message(&idpLoginContext->parent, artifact_message);
439 }
440 rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
441 idpSessionContextDump);
442 fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
443 rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId);
444 fail_unless(rc == 0, "lasso_login_build_response_msg failed");
445 soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body;
446 fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");
447
448 /* Service provider assertion consumer (step 2: process SOAP response) */
449 rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
450 fail_unless(rc == 0, "lasso_login_process_response_msg failed");
451 rc = lasso_login_accept_sso(spLoginContext);
452 fail_unless(rc == 0, "lasso_login_accept_sso failed");
453 fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
454 "spLoginContext has no identity");
455 spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
456 fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed");
457 spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);
458
459 g_free(serviceProviderId);
460 g_free(serviceProviderContextDump);
461 g_free(identityProviderContextDump);
462 g_free(idpSessionContextDump);
463 g_free(idpIdentityContextDump);
464 g_free(spIdentityContextDump);
465 g_free(spSessionDump);
466 g_object_unref(spContext);
467 g_object_unref(idpContext);
468 g_object_unref(spLoginContext);
469 g_object_unref(idpLoginContext);
470 }
471 END_TEST
472
START_TEST(test04_multiple_dump_cycle)473 START_TEST(test04_multiple_dump_cycle)
474 {
475 char *serviceProviderContextDump, *identityProviderContextDump;
476 LassoServer *spContext, *idpContext;
477 LassoLogin *spLoginContext, *idpLoginContext;
478 LassoLibAuthnRequest *request;
479 int rc = 0;
480 char *relayState;
481 char *authnRequestUrl, *authnRequestQuery;
482 char *idpLoginContextDump;
483
484 serviceProviderContextDump = generateServiceProviderContextDump();
485 spContext = lasso_server_new_from_dump(serviceProviderContextDump);
486 spLoginContext = lasso_login_new(spContext);
487 fail_unless(spLoginContext != NULL,
488 "lasso_login_new() shouldn't have returned NULL");
489 rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
490 LASSO_HTTP_METHOD_REDIRECT);
491 fail_unless(rc == 0, "lasso_login_init_authn_request failed");
492 request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
493 fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
494 request->IsPassive = 0;
495 request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
496 request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
497 relayState = "fake";
498 request->RelayState = g_strdup(relayState);
499 rc = lasso_login_build_authn_request_msg(spLoginContext);
500 fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
501 authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
502 fail_unless(authnRequestUrl != NULL,
503 "authnRequestUrl shouldn't be NULL");
504 authnRequestQuery = strchr(authnRequestUrl, '?')+1;
505 fail_unless(strlen(authnRequestQuery) > 0,
506 "authnRequestRequest shouldn't be an empty string");
507
508 /* Identity provider singleSignOn, for a user having no federation. */
509 identityProviderContextDump = generateIdentityProviderContextDumpMemory();
510 idpContext = lasso_server_new_from_dump(identityProviderContextDump);
511 idpLoginContext = lasso_login_new(idpContext);
512 fail_unless(idpLoginContext != NULL,
513 "lasso_login_new() shouldn't have returned NULL");
514 rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
515 fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
516 idpLoginContextDump = lasso_login_dump(idpLoginContext);
517 check_not_null(idpLoginContextDump);
518 g_object_unref(idpLoginContext);
519 idpLoginContext = lasso_login_new_from_dump(idpContext, idpLoginContextDump);
520 check_not_null(idpLoginContext);
521 g_free(idpLoginContextDump);
522 idpLoginContextDump = lasso_login_dump(idpLoginContext);
523 check_not_null(idpLoginContextDump);
524 g_object_unref(idpLoginContext);
525 idpLoginContext = lasso_login_new_from_dump(idpContext, idpLoginContextDump);
526 check_not_null(idpLoginContext);
527 g_free(idpLoginContextDump);
528 g_free(serviceProviderContextDump);
529 g_free(identityProviderContextDump);
530 g_object_unref(spContext);
531 g_object_unref(idpContext);
532 g_object_unref(spLoginContext);
533 g_object_unref(idpLoginContext);
534 }
535 END_TEST
536
537
538
539 Suite*
login_suite()540 login_suite()
541 {
542 Suite *s = suite_create("Login using ID-FF 1.2");
543 TCase *tc_generate = tcase_create("Generate Server Contexts");
544 TCase *tc_spLogin = tcase_create("Login initiated by service provider");
545 TCase *tc_spLoginMemory = tcase_create("Login initiated by service provider without key loading");
546 TCase *tc_spMultipleDumpCycle = tcase_create("Dump and load Login object multiple times");
547 suite_add_tcase(s, tc_generate);
548 suite_add_tcase(s, tc_spLogin);
549 suite_add_tcase(s, tc_spLoginMemory);
550 suite_add_tcase(s, tc_spMultipleDumpCycle);
551 tcase_add_test(tc_generate, test01_generateServersContextDumps);
552 tcase_add_test(tc_spLogin, test02_serviceProviderLogin);
553 tcase_add_test(tc_spLoginMemory, test03_serviceProviderLogin);
554 tcase_add_test(tc_spMultipleDumpCycle, test04_multiple_dump_cycle);
555 return s;
556 }
557
558