Skip to content
Snippets Groups Projects
Commit 0c123e9a authored by Jaime Pérez's avatar Jaime Pérez
Browse files

Fix test for sspmod_saml_Auth_Source_SP. 

Reformat to comply with our coding guidelines. Migrate all the code to use the newest version of the SAML2 library, using namespaces. Fix some bugs. Move it where it belongs under modules/saml instead of modules/core.
parent b45bfa5e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
tests/modules/core/lib/Auth/Source/Auth_Source_SP_Test.php tests/modules/saml/lib/Auth/Source/Auth_Source_SP_Test.php
+ 261
0
View file @ 0c123e9a
<?php <?php
// Custom Exception to throw to terminate a TestCase
class ExitTestException extends Exception { /**
* Custom Exception to throw to terminate a TestCase.
*/
class ExitTestException extends Exception
{
private $testResult; private $testResult;
public function __construct($testResult) {
public function __construct($testResult)
{
parent::__construct("ExitTestException", 0, null); parent::__construct("ExitTestException", 0, null);
$this->testResult = $testResult; $this->testResult = $testResult;
} }
function getTestResult() {
public function getTestResult()
{
return $this->testResult; return $this->testResult;
} }
} }
/* Wrap the SSP sspmod_saml_Auth_Source_SP class /**
- Use introspection to make startSSO2Test available * Wrap the SSP sspmod_saml_Auth_Source_SP class
- Override sendSAML2AuthnRequest() to catch the AuthnRequest being sent * - Use introspection to make startSSO2Test available
*/ * - Override sendSAML2AuthnRequest() to catch the AuthnRequest being sent
*/
class sspmod_saml_Auth_Source_SP_Tester extends \sspmod_saml_Auth_Source_SP class sspmod_saml_Auth_Source_SP_Tester extends \sspmod_saml_Auth_Source_SP
{ {
public function __construct($info, $config) {
public function __construct($info, $config)
{
parent::__construct($info, $config); parent::__construct($info, $config);
} }
public function startSSO2Test(SimpleSAML_Configuration $idpMetadata, array $state) {
public function startSSO2Test(SimpleSAML_Configuration $idpMetadata, array $state)
{
$reflector = new ReflectionObject($this); $reflector = new ReflectionObject($this);
$method=$reflector->getMethod('startSSO2'); $method = $reflector->getMethod('startSSO2');
$method->setAccessible(true); $method->setAccessible(true);
$method->invoke($this, $idpMetadata, $state); $method->invoke($this, $idpMetadata, $state);
} }
// Override
public function sendSAML2AuthnRequest(array &$state, SAML2_Binding $binding, SAML2_AuthnRequest $ar) { // override the method that sends the request to avoid sending anything
public function sendSAML2AuthnRequest(array &$state, SAML2_Binding $binding, SAML2_AuthnRequest $ar)
{
// Exit test. Continuing would mean running into a assert(FALSE) // Exit test. Continuing would mean running into a assert(FALSE)
throw new ExitTestException( throw new ExitTestException(
array( array(
'state' => $state, 'state' => $state,
'binding' => $binding, 'binding' => $binding,
'ar' => $ar, 'ar' => $ar,
) )
); );
} }
} }
/**
* Set of test cases for sspmod_saml_Auth_Source_SP.
*/
class Auth_Source_SP_Test extends PHPUnit_Framework_TestCase class Auth_Source_SP_Test extends PHPUnit_Framework_TestCase
{ {
private $idpMetadata = NULL;
private $idpConfigArray = array(
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'https://engine.surfconext.nl/authentication/idp/metadata',
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://engine.surfconext.nl/authentication/idp/single-sign-on',
),
),
'keys' =>
array (
0 =>
array (
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => 'MIID3zCCAsegAwIBAgIJAMVC9xn1ZfsuMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VSRm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSYwJAYDVQQDDB1lbmdpbmUuc3VyZmNvbmV4dC5ubCAyMDE0MDUwNTAeFw0xNDA1MDUxNDIyMzVaFw0xOTA1MDUxNDIyMzVaMIGFMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VSRm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSYwJAYDVQQDDB1lbmdpbmUuc3VyZmNvbmV4dC5ubCAyMDE0MDUwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKthMDbB0jKHefPzmRu9t2h7iLP4wAXr42bHpjzTEk6gttHFb4l/hFiz1YBI88TjiH6hVjnozo/YHA2c51us+Y7g0XoS7653lbUN/EHzvDMuyis4Xi2Ijf1A/OUQfH1iFUWttIgtWK9+fatXoGUS6tirQvrzVh6ZstEp1xbpo1SF6UoVl+fh7tM81qz+Crr/Kroan0UjpZOFTwxPoK6fdLgMAieKSCRmBGpbJHbQ2xxbdykBBrBbdfzIX4CDepfjE9h/40ldw5jRn3e392jrS6htk23N9BWWrpBT5QCk0kH3h/6F1Dm6TkyG9CDtt73/anuRkvXbeygI4wml9bL3rE8CAwEAAaNQME4wHQYDVR0OBBYEFD+Ac7akFxaMhBQAjVfvgGfY8hNKMB8GA1UdIwQYMBaAFD+Ac7akFxaMhBQAjVfvgGfY8hNKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC8L9D67CxIhGo5aGVu63WqRHBNOdo/FAGI7LURDFeRmG5nRw/VXzJLGJksh4FSkx7aPrxNWF1uFiDZ80EuYQuIv7bDLblK31ZEbdg1R9LgiZCdYSr464I7yXQY9o6FiNtSKZkQO8EsscJPPy/Zp4uHAnADWACkOUHiCbcKiUUFu66dX0Wr/v53Gekz487GgVRs8HEeT9MU1reBKRgdENR8PNg4rbQfLc3YQKLWK7yWnn/RenjDpuCiePj8N8/80tGgrNgK/6fzM3zI18sSywnXLswxqDb/J+jgVxnQ6MrsTf1urM8MnfcxG/82oHIwfMh/sXPCZpo+DTLkhQxctJ3M=',
),
),
);
private function getIdpMetadata() { private $idpMetadata = null;
private $idpConfigArray;
private function getIdpMetadata()
{
if (!$this->idpMetadata) { if (!$this->idpMetadata) {
$this->idpMetadata = new SimpleSAML_Configuration($this->idpConfigArray, 'Auth_Source_SP_Test::getIdpMetadata()'); $this->idpMetadata = new SimpleSAML_Configuration(
$this->idpConfigArray,
'Auth_Source_SP_Test::getIdpMetadata()'
);
} }
return $this->idpMetadata; return $this->idpMetadata;
} }
protected function setUp()
{
$this->idpConfigArray = array(
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'https://engine.surfconext.nl/authentication/idp/metadata',
'SingleSignOnService' => array(
array(
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://engine.surfconext.nl/authentication/idp/single-sign-on',
),
),
'keys' => array(
array(
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' =>
'MIID3zCCAsegAwIBAgIJAMVC9xn1ZfsuMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZ'.
'WNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VSRm5ldCBCLlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSYwJA'.
'YDVQQDDB1lbmdpbmUuc3VyZmNvbmV4dC5ubCAyMDE0MDUwNTAeFw0xNDA1MDUxNDIyMzVaFw0xOTA1MDUxNDIyMzVaMIG'.
'FMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEVMBMGA1UECgwMU1VSRm5ldCBC'.
'LlYuMRMwEQYDVQQLDApTVVJGY29uZXh0MSYwJAYDVQQDDB1lbmdpbmUuc3VyZmNvbmV4dC5ubCAyMDE0MDUwNTCCASIwD'.
'QYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKthMDbB0jKHefPzmRu9t2h7iLP4wAXr42bHpjzTEk6gttHFb4l/hFiz1Y'.
'BI88TjiH6hVjnozo/YHA2c51us+Y7g0XoS7653lbUN/EHzvDMuyis4Xi2Ijf1A/OUQfH1iFUWttIgtWK9+fatXoGUS6ti'.
'rQvrzVh6ZstEp1xbpo1SF6UoVl+fh7tM81qz+Crr/Kroan0UjpZOFTwxPoK6fdLgMAieKSCRmBGpbJHbQ2xxbdykBBrBb'.
'dfzIX4CDepfjE9h/40ldw5jRn3e392jrS6htk23N9BWWrpBT5QCk0kH3h/6F1Dm6TkyG9CDtt73/anuRkvXbeygI4wml9'.
'bL3rE8CAwEAAaNQME4wHQYDVR0OBBYEFD+Ac7akFxaMhBQAjVfvgGfY8hNKMB8GA1UdIwQYMBaAFD+Ac7akFxaMhBQAjV'.
'fvgGfY8hNKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAC8L9D67CxIhGo5aGVu63WqRHBNOdo/FAGI7LUR'.
'DFeRmG5nRw/VXzJLGJksh4FSkx7aPrxNWF1uFiDZ80EuYQuIv7bDLblK31ZEbdg1R9LgiZCdYSr464I7yXQY9o6FiNtSK'.
'ZkQO8EsscJPPy/Zp4uHAnADWACkOUHiCbcKiUUFu66dX0Wr/v53Gekz487GgVRs8HEeT9MU1reBKRgdENR8PNg4rbQfLc'.
'3YQKLWK7yWnn/RenjDpuCiePj8N8/80tGgrNgK/6fzM3zI18sSywnXLswxqDb/J+jgVxnQ6MrsTf1urM8MnfcxG/82oHI'.
'wfMh/sXPCZpo+DTLkhQxctJ3M=',
),
),
);
}
/** Create a SAML AuthnRequest using sspmod_saml_Auth_Source_SP /** Create a SAML AuthnRequest using sspmod_saml_Auth_Source_SP
* @param $state State Array to use in the test. This is an array of the Parameters described in section 2 of *
* https://simplesamlphp.org/docs/development/saml:sp * @param array $state The state array to use in the test. This is an array of the parameters described in section
* @return SAML2_AuthnRequest * 2 of https://simplesamlphp.org/docs/development/saml:sp
*
* @return SAML2_AuthnRequest The AuthnRequest generated.
*/ */
private function CreateAuthnRequest($state = array()) { private function createAuthnRequest($state = array())
$info=array( 'AuthId' => 'default-sp' ); {
$config=array(); $info = array('AuthId' => 'default-sp');
$config = array();
$as = new \sspmod_saml_Auth_Source_SP_Tester($info, $config); $as = new \sspmod_saml_Auth_Source_SP_Tester($info, $config);
/** @var SAML2_AuthnRequest $ar */ /** @var SAML2_AuthnRequest $ar */
$ar=NULL; $ar = null;
try { try {
$as->startSSO2Test($this->getIdpMetadata(), $state); $as->startSSO2Test($this->getIdpMetadata(), $state);
$this->assertTrue(FALSE, 'Expected ExitTestException'); $this->assertTrue(false, 'Expected ExitTestException');
} } catch (ExitTestException $e) {
catch (ExitTestException $e) {
$r = $e->getTestResult(); $r = $e->getTestResult();
$ar = $r['ar']; $ar = $r['ar'];
} }
return $ar; return $ar;
} }
/** Test generating a authnrequest
* @test **/ /**
public function TestAuthnRequest() { * Test generating an AuthnRequest
* @test
*/
public function testAuthnRequest()
{
/** @var SAML2_AuthnRequest $ar */ /** @var SAML2_AuthnRequest $ar */
$ar = $this->CreateAuthnRequest(); $ar = $this->createAuthnRequest();
// Assert values in the generated AuthnRequest // Assert values in the generated AuthnRequest
/** @var $xml DOMElement */ /** @var $xml DOMElement */
$xml=$ar->toSignedXML(); $xml = $ar->toSignedXML();
// echo $xml->ownerDocument->saveXML($xml); // Print XML $q = SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/@Destination');
$q=SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/@Destination');
$this->assertEquals( $this->assertEquals(
$this->idpConfigArray['SingleSignOnService'][0]['Location'], $this->idpConfigArray['SingleSignOnService'][0]['Location'],
$q[0]->value); $q[0]->value
$q=SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/saml:Issuer'); );
$q = SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/saml:Issuer');
$this->assertEquals( $this->assertEquals(
'http://localhost/simplesaml/module.php/saml/sp/metadata.php/default-sp', 'http://localhost/simplesaml/module.php/saml/sp/metadata.php/default-sp',
$q[0]->textContent); $q[0]->textContent
);
} }
/** Test setting a Subject /** Test setting a Subject
* @test **/ * @test *
public function TestNameID() { */
$state=array( public function testNameID()
{
$state = array(
'saml:NameID' => array('Value' => 'user@example.org', 'Format' => SAML2_Const::NAMEID_UNSPECIFIED) 'saml:NameID' => array('Value' => 'user@example.org', 'Format' => SAML2_Const::NAMEID_UNSPECIFIED)
); );
/** @var SAML2_AuthnRequest $ar */ /** @var SAML2_AuthnRequest $ar */
$ar = $this->CreateAuthnRequest($state); $ar = $this->createAuthnRequest($state);
$nameID=$ar->getNameId(); $nameID = $ar->getNameId();
$this->assertEquals($state['saml:NameID']['Value'], $nameID['Value']); $this->assertEquals($state['saml:NameID']['Value'], $nameID['Value']);
$this->assertEquals($state['saml:NameID']['Format'], $nameID['Format']); $this->assertEquals($state['saml:NameID']['Format'], $nameID['Format']);
/** @var $xml DOMElement */ /** @var $xml DOMElement */
$xml=$ar->toSignedXML(); $xml = $ar->toSignedXML();
//echo $xml->ownerDocument->saveXML($xml); // Print XML $q = SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/saml:Subject/saml:NameID/@Format');
$q=SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/saml:Subject/saml:NameID/@Format');
$this->assertEquals( $this->assertEquals(
$state['saml:NameID']['Format'], $state['saml:NameID']['Format'],
$q[0]->value); $q[0]->value
$q=SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/saml:Subject/saml:NameID'); );
$q = SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/saml:Subject/saml:NameID');
$this->assertEquals( $this->assertEquals(
$state['saml:NameID']['Value'], $state['saml:NameID']['Value'],
$q[0]->textContent); $q[0]->textContent
);
} }
/** Test setting an AuthnConextClassRef /** Test setting an AuthnConextClassRef
* @test **/ * @test *
public function TestAuthnContextClassRef() { */
$state=array( public function testAuthnContextClassRef()
{
$state = array(
'saml:AuthnContextClassRef' => 'http://example.com/myAuthnContextClassRef' 'saml:AuthnContextClassRef' => 'http://example.com/myAuthnContextClassRef'
); );
/** @var SAML2_AuthnRequest $ar */ /** @var SAML2_AuthnRequest $ar */
$ar = $this->CreateAuthnRequest($state); $ar = $this->createAuthnRequest($state);
$a=$ar->getRequestedAuthnContext(); $a = $ar->getRequestedAuthnContext();
$this->assertEquals( $this->assertEquals(
$state['saml:AuthnContextClassRef'], $state['saml:AuthnContextClassRef'],
$a['AuthnContextClassRef'][0] ); $a['AuthnContextClassRef'][0]
);
/** @var $xml DOMElement */ /** @var $xml DOMElement */
$xml=$ar->toSignedXML(); $xml = $ar->toSignedXML();
//echo $xml->ownerDocument->saveXML($xml); // Print XML $q = SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/samlp:RequestedAuthnContext/saml:AuthnContextClassRef');
$q=SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/samlp:RequestedAuthnContext/saml:AuthnContextClassRef');
$this->assertEquals( $this->assertEquals(
$state['saml:AuthnContextClassRef'], $state['saml:AuthnContextClassRef'],
$q[0]->textContent); $q[0]->textContent
);
} }
/** Test setting ForcedAuthn /** Test setting ForcedAuthn
* @test **/ * @test *
public function TestForcedAuthn() { */
$state=array( public function testForcedAuthn()
{
$state = array(
'ForceAuthn' => true 'ForceAuthn' => true
); );
/** @var SAML2_AuthnRequest $ar */ /** @var SAML2_AuthnRequest $ar */
$ar = $this->CreateAuthnRequest($state); $ar = $this->createAuthnRequest($state);
$this->assertEquals( $this->assertEquals(
$state['ForceAuthn'], $state['ForceAuthn'],
$ar->getForceAuthn() ); $ar->getForceAuthn()
);
/** @var $xml DOMElement */ /** @var $xml DOMElement */
$xml=$ar->toSignedXML(); $xml = $ar->toSignedXML();
//echo $xml->ownerDocument->saveXML($xml); // Print XML $q = SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/@ForceAuthn');
$q=SAML2_Utils::xpQuery($xml, '/samlp:AuthnRequest/@ForceAuthn');
$this->assertEquals( $this->assertEquals(
$state['ForceAuthn'] ? 'true' : 'false', $state['ForceAuthn'] ? 'true' : 'false',
$q[0]->value); $q[0]->value
);
} }
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment