[shibboleth-sp2] 79/82: SSPCPP-756 Checkpoint Dynamic metadata tests
Etienne Dysli Metref
edm-guest at moszumanska.debian.org
Thu Nov 16 08:16:28 UTC 2017
This is an automated email from the git hooks/post-receive script.
edm-guest pushed a commit to branch master
in repository shibboleth-sp2.
commit 91333518b9975b75801b5d8d8bc92ab5d38f4844
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Fri Oct 20 14:32:16 2017 +0100
SSPCPP-756 Checkpoint Dynamic metadata tests
https://issues.shibboleth.net/jira/browse/SSPCPP-756
8 tests, based on four configurations and two queries
Currently 3 of 8 fail
---
Projects/vc15/UnitTests/UnitTests.vcxproj | 10 +-
Projects/vc15/UnitTests/UnitTests.vcxproj.filters | 15 ++-
unittests/DynamicMetadataProviderTest.h | 131 ++++++++++++---------
unittests/SPTest.h | 8 +-
unittests/config/etc/shibboleth/console.logger | 6 +-
.../config/etc/shibboleth/security-policy.xml | 33 ++++++
unittests/data/fromMDQ.xml | 3 +
unittests/data/staticFromFile.xml | 1 +
unittests/data/templateFromFile.xml | 2 +-
unittests/data/templateFromRepo.xml | 2 +-
10 files changed, 136 insertions(+), 75 deletions(-)
diff --git a/Projects/vc15/UnitTests/UnitTests.vcxproj b/Projects/vc15/UnitTests/UnitTests.vcxproj
index bcad500..9158b44 100644
--- a/Projects/vc15/UnitTests/UnitTests.vcxproj
+++ b/Projects/vc15/UnitTests/UnitTests.vcxproj
@@ -178,13 +178,15 @@
<ClCompile Include="..\..\..\unittests\TestApplication.cpp" />
</ItemGroup>
<ItemGroup>
- <Xml Include="..\..\..\unittests\data\08ced64cddc9f1578598b2cf71ae747b11d11472.xml" />
+ <Xml Include="..\..\..\unittests\data\df5a20c921bc30c1b76c5a6cec08d074e280de8b.xml" />
<Xml Include="..\..\..\unittests\data\fromMDQ.xml" />
- <Xml Include="..\..\..\unittests\data\spp.xml" />
- <Xml Include="..\..\..\unittests\data\templateFromFile.xml" />
+ <Xml Include="..\..\..\unittests\data\idp.shibboleth.net.xml" />
+ <Xml Include="..\..\..\unittests\data\staticFromFile.xml" />
+ <Xml Include="..\..\..\unittests\data\templateFromFile.xml">
+ <SubType>Designer</SubType>
+ </Xml>
<Xml Include="..\..\..\unittests\data\regexFromFile.xml" />
<Xml Include="..\..\..\unittests\data\templateFromRepo.xml" />
- <Xml Include="..\..\..\unittests\data\www.example.org.xml" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
diff --git a/Projects/vc15/UnitTests/UnitTests.vcxproj.filters b/Projects/vc15/UnitTests/UnitTests.vcxproj.filters
index 1310a16..d8c09ee 100644
--- a/Projects/vc15/UnitTests/UnitTests.vcxproj.filters
+++ b/Projects/vc15/UnitTests/UnitTests.vcxproj.filters
@@ -17,6 +17,9 @@
<Filter Include="Source">
<UniqueIdentifier>{63179b9d-7e8f-4fc1-aeed-19174ecf134b}</UniqueIdentifier>
</Filter>
+ <Filter Include="Data\Metadata">
+ <UniqueIdentifier>{9f784e0b-e150-40c5-bc09-eb884c7b7a47}</UniqueIdentifier>
+ </Filter>
</ItemGroup>
<ItemGroup>
<CustomBuild Include="..\..\..\unittests\DynamicMetadataProviderTest.h">
@@ -47,17 +50,17 @@
<Xml Include="..\..\..\unittests\data\regexFromFile.xml">
<Filter>Data</Filter>
</Xml>
- <Xml Include="..\..\..\unittests\data\08ced64cddc9f1578598b2cf71ae747b11d11472.xml">
+ <Xml Include="..\..\..\unittests\data\fromMDQ.xml">
<Filter>Data</Filter>
</Xml>
- <Xml Include="..\..\..\unittests\data\www.example.org.xml">
+ <Xml Include="..\..\..\unittests\data\staticFromFile.xml">
<Filter>Data</Filter>
</Xml>
- <Xml Include="..\..\..\unittests\data\fromMDQ.xml">
- <Filter>Data</Filter>
+ <Xml Include="..\..\..\unittests\data\idp.shibboleth.net.xml">
+ <Filter>Data\Metadata</Filter>
</Xml>
- <Xml Include="..\..\..\unittests\data\spp.xml">
- <Filter>Data</Filter>
+ <Xml Include="..\..\..\unittests\data\df5a20c921bc30c1b76c5a6cec08d074e280de8b.xml">
+ <Filter>Data\Metadata</Filter>
</Xml>
</ItemGroup>
<ItemGroup>
diff --git a/unittests/DynamicMetadataProviderTest.h b/unittests/DynamicMetadataProviderTest.h
index 930213f..42bba8c 100644
--- a/unittests/DynamicMetadataProviderTest.h
+++ b/unittests/DynamicMetadataProviderTest.h
@@ -53,104 +53,125 @@ extern string data_path;
class DynamicMetadataTest : public CxxTest::TestSuite {
private:
const string m_entityId;
- const MetadataProvider::Criteria m_entityIdCriteria;
auto_ptr<SAML2ArtifactType0004> m_artifact;
- MetadataProvider::Criteria m_artifactCriteria;
public:
- DynamicMetadataTest() : CxxTest::TestSuite(), m_entityId("https://www.example.org/sp"), m_entityIdCriteria(m_entityId.c_str()),
- m_artifact(nullptr)
- {
-
- }
+ DynamicMetadataTest() : CxxTest::TestSuite(), m_entityId("https://idp.shibboleth.net/idp/shibboleth"), m_artifact(nullptr)
+ {}
void setUp()
{
- m_artifact.reset(new SAML2ArtifactType0004(SecurityHelper::doHash("SHA1", m_entityId.data(), m_entityId.length(), false), 666));
- m_artifactCriteria = MetadataProvider::Criteria(m_artifact.get());
+ if (!m_artifact.get()) {
+ m_artifact.reset(new SAML2ArtifactType0004(SecurityHelper::doHash("SHA1", m_entityId.data(), m_entityId.length(), false), 666));
+ }
}
- void tearDown()
- {}
+private:
- void testTemplateFromRepo() {
- string config = data_path + "templateFromRepo.xml";
+ void performTest(string fileName, bool artifactOnly, const string type = DYNAMIC_METADATA_PROVIDER)
+ {
+ const string config(data_path + fileName);
ifstream in(config.c_str());
- XMLToolingConfig& xcf = XMLToolingConfig::getConfig();
+ const XMLToolingConfig& xcf = XMLToolingConfig::getConfig();
ParserPool& pool = xcf.getParser();
XercesJanitor<DOMDocument> janitor(pool.parse(in));
-
auto_ptr<MetadataProvider> metadataProvider(
- opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(DYNAMIC_METADATA_PROVIDER, janitor.get()->getDocumentElement())
+ opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(type, janitor.get()->getDocumentElement())
);
-
-
ta::TestApplication testApp(SPConfig::getConfig().getServiceProvider(), metadataProvider.get());
- MetadataProviderCriteria crit(testApp, m_entityId.c_str());
try {
metadataProvider->init();
- pair<const EntityDescriptor*, const RoleDescriptor*> thePair = metadataProvider->getEntityDescriptor(crit);
- TS_ASSERT(nullptr != thePair.first);
-
- const EntityDescriptor* foo = thePair.first;
- auto f = foo->getEntityID();
-
- }
- catch (XMLToolingException& ex) {
+ if (!artifactOnly) {
+ MetadataProviderCriteria crit(testApp, m_entityId.c_str());
+ pair<const EntityDescriptor*, const RoleDescriptor*> thePair = metadataProvider->getEntityDescriptor(crit);
+ TS_ASSERT(nullptr != thePair.first);
+ }
+
+ MetadataProviderCriteria artifactCrit(testApp, m_artifact.get());
+ pair<const EntityDescriptor*, const RoleDescriptor*> artifactPair = metadataProvider->getEntityDescriptor(artifactCrit);
+ TS_ASSERT(nullptr != artifactPair.first);
+ } catch (XMLToolingException& ex) {
TS_TRACE(ex.what());
throw;
}
+
}
+public:
+ void testTemplateFromRepo() {
+ performTest("templateFromRepo.xml", false);
+ }
+
+ void testTemplateFromRepoArtifactOnly ()
+ {
+
+ performTest("templateFromRepo.xml", true);
+ }
+
+
void testTemplateFromFile()
{
- string config = data_path + "templateFromFile.xml";
- ifstream in(config.c_str());
- XMLToolingConfig& xcf = XMLToolingConfig::getConfig();
- ParserPool& pool = xcf.getParser();
- DOMDocument* doc = pool.parse(in);
- XercesJanitor<DOMDocument> janitor(doc);
+ performTest("templateFromFile.xml", false);
+ }
- auto_ptr<MetadataProvider> metadataProvider(
- opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(DYNAMIC_METADATA_PROVIDER, doc->getDocumentElement())
- );
- try {
- metadataProvider->init();
- pair<const EntityDescriptor*, const RoleDescriptor*> thePair = metadataProvider->getEntityDescriptor(m_entityIdCriteria);
- TS_ASSERT(nullptr != thePair.first);
+ void testTemplateFromFileArtifactOnly()
+ {
+ // The template *IGNORES* the input and joint points at /idp.shibboleth.net.xml
+ performTest("templateFromFile.xml", true);
+ }
- pair<const EntityDescriptor*, const RoleDescriptor*> artefactPair = metadataProvider->getEntityDescriptor(m_artifactCriteria);
+ void testRegexFromFile()
+ {
+ performTest("regexFromFile.xml", false);
+ }
- } catch (XMLToolingException& ex) {
- TS_TRACE(ex.what());
- throw;
- }
+ void testRegexFromFileArtifactOnly()
+ {
+ performTest("regexFromFile.xml", true);
}
- void testRegexFromFile()
+
+ void testTestFromStaticFile()
+ {
+ performTest("staticFromFile.xml", false, XML_METADATA_PROVIDER);
+ }
+
+ void testTestFromStaticFileArtefactOnly()
{
- string config = data_path + "regexFromFile.xml";
+ performTest("staticFromFile.xml", true, XML_METADATA_PROVIDER);
+ }
+
+/* WIP
+
+ void MDQ() {
+ string config = data_path + "fromMDQ.xml";
ifstream in(config.c_str());
XMLToolingConfig& xcf = XMLToolingConfig::getConfig();
ParserPool& pool = xcf.getParser();
- DOMDocument* doc = pool.parse(in);
- XercesJanitor<DOMDocument> janitor(doc);
-
+ XercesJanitor<DOMDocument> janitor(pool.parse(in));
auto_ptr<MetadataProvider> metadataProvider(
- opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(DYNAMIC_METADATA_PROVIDER, doc->getDocumentElement())
+ opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(DYNAMIC_METADATA_PROVIDER, janitor.get()->getDocumentElement())
);
+
+ ta::TestApplication testApp(SPConfig::getConfig().getServiceProvider(), metadataProvider.get());
+ MetadataProviderCriteria crit(testApp, m_entityId.c_str());
try {
metadataProvider->init();
- pair<const EntityDescriptor*, const RoleDescriptor*> thePair = metadataProvider->getEntityDescriptor(m_entityIdCriteria);
+ pair<const EntityDescriptor*, const RoleDescriptor*> thePair = metadataProvider->getEntityDescriptor(crit);
TS_ASSERT(nullptr != thePair.first);
- } catch (XMLToolingException& ex) {
+ MetadataProviderCriteria artifactCrit(testApp, m_artifact.get());
+ pair<const EntityDescriptor*, const RoleDescriptor*> artefactPair = metadataProvider->getEntityDescriptor(artifactCrit);
+ TS_ASSERT(nullptr != artefactPair.first);
+ if (nullptr != artefactPair.first)
+ fprintf(stderr, "ei : %s\n", (artefactPair.first)->getEntityID());
+ }
+ catch (XMLToolingException& ex) {
TS_TRACE(ex.what());
throw;
}
}
-
-
+ */
};
diff --git a/unittests/SPTest.h b/unittests/SPTest.h
index 18b8e42..9cc67cf 100644
--- a/unittests/SPTest.h
+++ b/unittests/SPTest.h
@@ -25,13 +25,7 @@ public:
return false;
}
- if (!conf.instantiate("./configs/shibboleth2.xml")) /*
-
- (std::string("<SPConfig type='XML' xmlns='urn:mace:shibboleth:2.0:native:sp:config' xmlns:conf='urn:mace:shibboleth:2.0:native:sp:config'\n") +
- std::string("xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'\n") +
- std::string("xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' clockSkew='180'> \n") +
- std::string("<conf:SecurityPolicyProvider type='XML' validate='true' path='..\cpp-sp\configs\security-policy.xml' /> </SPConfig>\n")).c_str()))/*
- "<SecurityPolicyProvider xmlns='urn:mace:shibboleth:2.0:native:sp:config' type='XML' validate='true' path='../cpp-sp/configs/security-policy.xml' />"))*/ {
+ if (!conf.instantiate("./configs/shibboleth2.xml")) {
fprintf(stderr, "configuration is invalid, see console for specific problems\n");
return false;
}
diff --git a/unittests/config/etc/shibboleth/console.logger b/unittests/config/etc/shibboleth/console.logger
index 62b278e..981700f 100644
--- a/unittests/config/etc/shibboleth/console.logger
+++ b/unittests/config/etc/shibboleth/console.logger
@@ -1,4 +1,8 @@
-log4j.rootCategory=DEBUG, console
+log4j.rootCategory=WARN, console
+log4j.category.Shibboleth.MetadataProvider.Dynamic=DEBUG
+log4j.category.OpenSAML.MetadataProvider.Dynamic=DEBUG
+
+Shibboleth
log4j.appender.console=org.apache.log4j.ConsoleAppender
#log4j.appender.console.layout=org.apache.log4j.BasicLayout
log4j.appender.console.layout=org.apache.log4j.PatternLayout
diff --git a/unittests/config/etc/shibboleth/security-policy.xml b/unittests/config/etc/shibboleth/security-policy.xml
new file mode 100644
index 0000000..41b000b
--- /dev/null
+++ b/unittests/config/etc/shibboleth/security-policy.xml
@@ -0,0 +1,33 @@
+<SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config">
+
+ <!-- Each policy defines a set of rules to use to secure messages. -->
+
+ <!--
+ The predefined policy enforces replay/freshness, standard
+ condition processing, and permits signing and client TLS.
+ -->
+ <Policy id="default" validate="false">
+ <PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
+ <PolicyRule type="Conditions">
+ <PolicyRule type="Audience"/>
+ <!-- Enable Delegation rule to permit delegated access. -->
+ <!-- <PolicyRule type="Delegation"/> -->
+ </PolicyRule>
+ <PolicyRule type="ClientCertAuth" errorFatal="true"/>
+ <PolicyRule type="XMLSigning" errorFatal="true"/>
+ <PolicyRule type="SimpleSigning" errorFatal="true"/>
+ </Policy>
+
+ <!--
+ This policy is a place-holder for use of assertions in metadata
+ as a way of attaching signed information about particular IdPs.
+ -->
+ <Policy id="entity-attributes">
+ <PolicyRule type="Conditions"/>
+ <PolicyRule type="XMLSigning" errorFatal="true"/>
+ </Policy>
+
+ <!-- Disables known weak algorithms. -->
+ <AlgorithmBlacklist includeDefaultBlacklist="true"/>
+
+</SecurityPolicies>
diff --git a/unittests/data/fromMDQ.xml b/unittests/data/fromMDQ.xml
new file mode 100644
index 0000000..792b078
--- /dev/null
+++ b/unittests/data/fromMDQ.xml
@@ -0,0 +1,3 @@
+<MetadataProvider type="Dynamic" ignoreTransport="true" >
+<Subst>http://shibboleth.net:9000/entities/$entityID</Subst>
+</MetadataProvider>
diff --git a/unittests/data/staticFromFile.xml b/unittests/data/staticFromFile.xml
new file mode 100644
index 0000000..58a8483
--- /dev/null
+++ b/unittests/data/staticFromFile.xml
@@ -0,0 +1 @@
+<MetadataProvider type="XML" path="H:/Perforce/VS2017/cpp-sp/unittests/data/idp.shibboleth.net.xml"/>
\ No newline at end of file
diff --git a/unittests/data/templateFromFile.xml b/unittests/data/templateFromFile.xml
index bfedd58..84c3122 100644
--- a/unittests/data/templateFromFile.xml
+++ b/unittests/data/templateFromFile.xml
@@ -1,3 +1,3 @@
<MetadataProvider type="Dynamic" ignoreTransport="true" >
-<Subst hashed="SHA1">file:///H:/Perforce/VS2017/cpp-sp/unittests/data/$entityID.xml</Subst>
+<Subst hashed="SHA1">file:///H:/Perforce/VS2017/cpp-sp/unittests/data/idp.shibboleth.net.xml</Subst>
</MetadataProvider>
diff --git a/unittests/data/templateFromRepo.xml b/unittests/data/templateFromRepo.xml
index de2ca1b..515deb9 100644
--- a/unittests/data/templateFromRepo.xml
+++ b/unittests/data/templateFromRepo.xml
@@ -1,3 +1,3 @@
<MetadataProvider type="Dynamic" ignoreTransport="true" >
-<Subst hashed="SHA1">http://git.shibboleth.net/view/?p=java-opensaml.git&a=blob_plain&f=opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/$entityID.xml&hb=master</Subst>
+<Subst hashed="SHA1">http://git.shibboleth.net/view/?p=cpp-sp.git&a=blob_plain&f=unittests/data/$entityID.xml&hb=master</Subst>
</MetadataProvider>
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list