← Back to branch summary

~ubuntu-branches/ubuntu/trusty/lasso/trusty

« back to all changes in this revision

Viewing changes to tests/login_tests.c

  • Committer: Package Import Robot
  • Author(s): Frederic Peters
  • Date: 2014-01-07 13:22:21 UTC
  • mfrom: (1.1.11) (7.1.14 sid)
  • Revision ID: package-import@ubuntu.com-20140107132221-htp0go0s9z5lqvj8
Tags: 2.4.0-1
* New upstream version.
* debian/control, debian/rules: use autoreconf
* debian/source/version: switch to 3.0 (quilt)

Show diffs side-by-side

added added

removed removed

Lines of Context:
tests/login_tests.c
17
17
 * GNU General Public License for more details.
18
18
 *
19
19
 * You should have received a copy of the GNU General Public License
20
 
 * along with this program; if not, write to the Free Software
21
 
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
20
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22
21
 */
23
22
 
24
23
#include <stdlib.h>
26
25
 
27
26
#include <check.h>
28
27
 
29
 
#include <../lasso/lasso.h>
 
28
#include "../lasso/lasso.h"
30
29
#include <glib.h>
31
30
#include "../lasso/utils.h"
32
31
#include "../lasso/backward_comp.h"
33
 
#include "./tests.h"
 
32
#include "tests.h"
34
33
#include "../bindings/ghashtable.h"
35
34
 
36
 
 
37
35
static char*
38
36
generateIdentityProviderContextDump()
39
37
{
91
89
        char *metadata;
92
90
        char *private_key;
93
91
        char *certificate;
94
 
        guint len;
 
92
        size_t len;
95
93
        char *ret;
96
94
 
97
95
        g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &metadata, &len, NULL);
151
149
        char *spLoginDump;
152
150
        int requestType;
153
151
        char *found;
 
152
        char *artifact_message;
 
153
        char *artifact;
154
154
 
155
155
        serviceProviderContextDump = generateServiceProviderContextDump();
156
156
        spContext = lasso_server_new_from_dump(serviceProviderContextDump);
157
157
        spLoginContext = lasso_login_new(spContext);
158
158
        fail_unless(spLoginContext != NULL,
159
159
                        "lasso_login_new() shouldn't have returned NULL");
160
 
        rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
161
 
                        LASSO_HTTP_METHOD_REDIRECT);
162
 
        fail_unless(rc == 0, "lasso_login_init_authn_request failed");
 
160
        check_good_rc(lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
 
161
                        LASSO_HTTP_METHOD_REDIRECT));
163
162
        request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
164
163
        fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
165
164
        request->IsPassive = 0;
167
166
        request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
168
167
        relayState = "fake[]";
169
168
        request->RelayState = g_strdup(relayState);
170
 
        rc = lasso_login_build_authn_request_msg(spLoginContext);
171
 
        fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
 
169
        check_good_rc(lasso_login_build_authn_request_msg(spLoginContext));
172
170
        authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
173
171
        fail_unless(authnRequestUrl != NULL,
174
172
                        "authnRequestUrl shouldn't be NULL");
187
185
        idpLoginContext = lasso_login_new(idpContext);
188
186
        fail_unless(idpLoginContext != NULL,
189
187
                        "lasso_login_new() shouldn't have returned NULL");
190
 
        rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
 
188
        check_good_rc(lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery));
191
189
        fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
192
190
        fail_unless(lasso_login_must_authenticate(idpLoginContext),
193
191
                        "lasso_login_must_authenticate() should be TRUE");
199
197
                        "lasso_login_process_authn_request_msg should restore the RelayState parameter");
200
198
        fail_unless(lasso_strisequal(idpLoginContext->parent.msg_relayState,relayState),
201
199
                        "lasso_login_process_authn_request_msg should restore the same RelayState thant sent in the request");
202
 
        rc = lasso_login_validate_request_msg(idpLoginContext,
 
200
        check_good_rc(lasso_login_validate_request_msg(idpLoginContext,
203
201
                        1, /* authentication_result */
204
202
                        0 /* is_consent_obtained */
205
 
                        );
 
203
                        ));
206
204
 
207
 
        rc = lasso_login_build_assertion(idpLoginContext,
 
205
        check_good_rc(lasso_login_build_assertion(idpLoginContext,
208
206
                        LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
209
207
                        "FIXME: authenticationInstant",
210
208
                        "FIXME: reauthenticateOnOrAfter",
211
209
                        "FIXME: notBefore",
212
 
                        "FIXME: notOnOrAfter");
213
 
        rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
214
 
        fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");
 
210
                        "FIXME: notOnOrAfter"));
 
211
        check_good_rc(lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT));
215
212
 
216
213
        idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
217
214
        fail_unless(idpIdentityContextDump != NULL,
231
228
        serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
232
229
        fail_unless(serviceProviderId != NULL,
233
230
                    "lasso_profile_get_remote_providerID shouldn't return NULL");
 
231
        if (lasso_flag_thin_sessions) {
 
232
                /* when using thin sessions, the way artifact message is constructed changes as the
 
233
                 * session no more contains full assertions. */
 
234
                artifact = g_strdup(lasso_profile_get_artifact(&idpLoginContext->parent));
 
235
                artifact_message = g_strdup(lasso_profile_get_artifact_message(&idpLoginContext->parent));
 
236
        }
234
237
 
235
238
        /* Service provider assertion consumer */
236
239
        lasso_server_destroy(spContext);
237
240
        lasso_login_destroy(spLoginContext);
238
241
 
239
242
        spContext = lasso_server_new_from_dump(serviceProviderContextDump);
 
243
        check_true(LASSO_IS_SERVER(spContext));
240
244
        spLoginContext = lasso_login_new_from_dump(spContext, spLoginDump);
241
 
        rc = lasso_login_init_request(spLoginContext,
 
245
        check_true(LASSO_IS_LOGIN(spLoginContext));
 
246
        check_good_rc(lasso_login_init_request(spLoginContext,
242
247
                        responseQuery,
243
 
                        LASSO_HTTP_METHOD_REDIRECT);
 
248
                        LASSO_HTTP_METHOD_REDIRECT));
244
249
        fail_unless(spLoginContext->parent.msg_relayState != NULL,
245
250
                        "lasso_login_init_request should restore the RelayState parameter");
246
251
        fail_unless(lasso_strisequal(spLoginContext->parent.msg_relayState,relayState),
247
252
                        "lasso_login_init_request should restore the same RelayState thant sent in the request");
248
253
        fail_unless(rc == 0, "lasso_login_init_request failed");
249
 
        rc = lasso_login_build_request_msg(spLoginContext);
 
254
        check_good_rc(lasso_login_build_request_msg(spLoginContext));
250
255
        fail_unless(rc == 0, "lasso_login_build_request_msg failed");
251
256
        soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
252
257
        fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");
259
264
                        "requestType should be LASSO_REQUEST_TYPE_LOGIN");
260
265
 
261
266
        idpContext = lasso_server_new_from_dump(identityProviderContextDump);
 
267
        check_true(LASSO_IS_SERVER(idpContext));
262
268
        idpLoginContext = lasso_login_new(idpContext);
263
 
        rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
264
 
        fail_unless(rc == 0, "lasso_login_process_request_msg failed");
265
 
 
266
 
        rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
267
 
                                                 idpSessionContextDump);
268
 
        fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
269
 
        rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId);
270
 
        fail_unless(rc == 0, "lasso_login_build_response_msg failed");
 
269
        check_true(LASSO_IS_LOGIN(idpLoginContext));
 
270
        check_good_rc(lasso_login_process_request_msg(idpLoginContext, soapRequestMsg));
 
271
        if (lasso_flag_thin_sessions) {
 
272
                check_str_equals(idpLoginContext->assertionArtifact, artifact);
 
273
                lasso_profile_set_artifact_message(&idpLoginContext->parent, artifact_message);
 
274
        }
 
275
        check_good_rc(lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
 
276
                                                 idpSessionContextDump));
 
277
        check_good_rc(lasso_login_build_response_msg(idpLoginContext, serviceProviderId));
271
278
        soapResponseMsg =  LASSO_PROFILE(idpLoginContext)->msg_body;
272
279
        fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");
273
280
 
274
281
        /* Service provider assertion consumer (step 2: process SOAP response) */
275
 
        rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
276
 
        fail_unless(rc == 0, "lasso_login_process_response_msg failed");
277
 
        rc = lasso_login_accept_sso(spLoginContext);
278
 
        fail_unless(rc == 0, "lasso_login_accept_sso failed");
 
282
        check_good_rc(lasso_login_process_response_msg(spLoginContext, soapResponseMsg));
 
283
        check_good_rc(lasso_login_accept_sso(spLoginContext));
279
284
        fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
280
285
                        "spLoginContext has no identity");
281
286
        spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
282
 
        fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed");
 
287
        check_not_null(spIdentityContextDump);
283
288
        spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);
 
289
        check_not_null(spSessionDump);
284
290
 
285
291
        /* Test InResponseTo checking */
286
292
        found = strstr(soapResponseMsg, "Assertion");
289
295
        fail_unless(found != NULL, "We must find an InResponseTo attribute");
290
296
        found[sizeof("InResponseTo=\"")] = '?';
291
297
        lasso_set_flag("no-verify-signature");
292
 
        rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
 
298
        begin_check_do_log(G_LOG_LEVEL_DEBUG, " If inResponseTo attribute is present, a matching "
 
299
                        "request must be present too in the LassoLogin object", TRUE);
 
300
        check_not_equals(lasso_login_process_response_msg(spLoginContext, soapResponseMsg), 0);
 
301
        end_check_do_log();
293
302
        lasso_set_flag("verify-signature");
294
 
        fail_unless(rc != 0, "lasso_login_process_response_msg must fail");
295
 
        rc = lasso_login_accept_sso(spLoginContext);
 
303
        check_good_rc(lasso_login_accept_sso(spLoginContext));
296
304
        fail_unless(rc == 0, "lasso_login_accept_sso must fail");
297
305
 
298
306
        g_free(spLoginDump);
325
333
        char *spIdentityContextDump;
326
334
        char *spSessionDump;
327
335
        int requestType;
 
336
        char *artifact_message;
 
337
        char *artifact;
328
338
 
329
339
        serviceProviderContextDump = generateServiceProviderContextDump();
330
340
        spContext = lasso_server_new_from_dump(serviceProviderContextDump);
368
378
                        1, /* authentication_result */
369
379
                        0 /* is_consent_obtained */
370
380
                        );
371
 
 
372
381
        rc = lasso_login_build_assertion(idpLoginContext,
373
382
                        LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
374
383
                        "FIXME: authenticationInstant",
377
386
                        "FIXME: notOnOrAfter");
378
387
        rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
379
388
        fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");
380
 
 
381
389
        idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
382
390
        fail_unless(idpIdentityContextDump != NULL,
383
391
                    "lasso_identity_dump shouldn't return NULL");
392
400
        serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
393
401
        fail_unless(serviceProviderId != NULL,
394
402
                    "lasso_profile_get_remote_providerID shouldn't return NULL");
 
403
        if (lasso_flag_thin_sessions) {
 
404
                /* when using thin sessions, the way artifact message is constructed changes as the
 
405
                 * session no more contains full assertions. */
 
406
                artifact = g_strdup(lasso_profile_get_artifact(&idpLoginContext->parent));
 
407
                artifact_message = g_strdup(lasso_profile_get_artifact_message(&idpLoginContext->parent));
 
408
        }
395
409
 
396
410
        /* Service provider assertion consumer */
397
411
        lasso_server_destroy(spContext);
419
433
        idpLoginContext = lasso_login_new(idpContext);
420
434
        rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
421
435
        fail_unless(rc == 0, "lasso_login_process_request_msg failed");
422
 
 
 
436
        if (lasso_flag_thin_sessions) {
 
437
                check_str_equals(idpLoginContext->assertionArtifact, artifact);
 
438
                lasso_profile_set_artifact_message(&idpLoginContext->parent, artifact_message);
 
439
        }
423
440
        rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
424
441
                                                 idpSessionContextDump);
425
442
        fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
452
469
        g_object_unref(idpLoginContext);
453
470
}
454
471
END_TEST
 
472
 
 
473
START_TEST(test04_multiple_dump_cycle)
 
474
{
 
475
        char *serviceProviderContextDump, *identityProviderContextDump;
 
476
        LassoServer *spContext, *idpContext;
 
477
        LassoLogin *spLoginContext, *idpLoginContext;
 
478
        LassoLibAuthnRequest *request;
 
479
        int rc = 0;
 
480
        char *relayState;
 
481
        char *authnRequestUrl, *authnRequestQuery;
 
482
        char *idpLoginContextDump;
 
483
 
 
484
        serviceProviderContextDump = generateServiceProviderContextDump();
 
485
        spContext = lasso_server_new_from_dump(serviceProviderContextDump);
 
486
        spLoginContext = lasso_login_new(spContext);
 
487
        fail_unless(spLoginContext != NULL,
 
488
                        "lasso_login_new() shouldn't have returned NULL");
 
489
        rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
 
490
                        LASSO_HTTP_METHOD_REDIRECT);
 
491
        fail_unless(rc == 0, "lasso_login_init_authn_request failed");
 
492
        request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
 
493
        fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
 
494
        request->IsPassive = 0;
 
495
        request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
 
496
        request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
 
497
        relayState = "fake";
 
498
        request->RelayState = g_strdup(relayState);
 
499
        rc = lasso_login_build_authn_request_msg(spLoginContext);
 
500
        fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
 
501
        authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
 
502
        fail_unless(authnRequestUrl != NULL,
 
503
                        "authnRequestUrl shouldn't be NULL");
 
504
        authnRequestQuery = strchr(authnRequestUrl, '?')+1;
 
505
        fail_unless(strlen(authnRequestQuery) > 0,
 
506
                        "authnRequestRequest shouldn't be an empty string");
 
507
 
 
508
        /* Identity provider singleSignOn, for a user having no federation. */
 
509
        identityProviderContextDump = generateIdentityProviderContextDumpMemory();
 
510
        idpContext = lasso_server_new_from_dump(identityProviderContextDump);
 
511
        idpLoginContext = lasso_login_new(idpContext);
 
512
        fail_unless(idpLoginContext != NULL,
 
513
                        "lasso_login_new() shouldn't have returned NULL");
 
514
        rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
 
515
        fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
 
516
        idpLoginContextDump = lasso_login_dump(idpLoginContext);
 
517
        check_not_null(idpLoginContextDump);
 
518
        g_object_unref(idpLoginContext);
 
519
        idpLoginContext = lasso_login_new_from_dump(idpContext, idpLoginContextDump);
 
520
        check_not_null(idpLoginContext);
 
521
        g_free(idpLoginContextDump);
 
522
        idpLoginContextDump = lasso_login_dump(idpLoginContext);
 
523
        check_not_null(idpLoginContextDump);
 
524
        g_object_unref(idpLoginContext);
 
525
        idpLoginContext = lasso_login_new_from_dump(idpContext, idpLoginContextDump);
 
526
        check_not_null(idpLoginContext);
 
527
        g_free(idpLoginContextDump);
 
528
        g_free(serviceProviderContextDump);
 
529
        g_free(identityProviderContextDump);
 
530
        g_object_unref(spContext);
 
531
        g_object_unref(idpContext);
 
532
        g_object_unref(spLoginContext);
 
533
        g_object_unref(idpLoginContext);
 
534
}
 
535
END_TEST
 
536
 
 
537
 
 
538
 
455
539
Suite*
456
540
login_suite()
457
541
{
458
 
        Suite *s = suite_create("Login");
 
542
        Suite *s = suite_create("Login using ID-FF 1.2");
459
543
        TCase *tc_generate = tcase_create("Generate Server Contexts");
460
544
        TCase *tc_spLogin = tcase_create("Login initiated by service provider");
461
545
        TCase *tc_spLoginMemory = tcase_create("Login initiated by service provider without key loading");
 
546
        TCase *tc_spMultipleDumpCycle = tcase_create("Dump and load Login object multiple times");
462
547
        suite_add_tcase(s, tc_generate);
463
548
        suite_add_tcase(s, tc_spLogin);
464
549
        suite_add_tcase(s, tc_spLoginMemory);
 
550
        suite_add_tcase(s, tc_spMultipleDumpCycle);
465
551
        tcase_add_test(tc_generate, test01_generateServersContextDumps);
466
552
        tcase_add_test(tc_spLogin, test02_serviceProviderLogin);
467
553
        tcase_add_test(tc_spLoginMemory, test03_serviceProviderLogin);
 
554
        tcase_add_test(tc_spMultipleDumpCycle, test04_multiple_dump_cycle);
468
555
        return s;
469
556
}
470
557