175 lines
7.1 KiB
Perl
175 lines
7.1 KiB
Perl
use Test::More;
|
|
use strict;
|
|
use IO::String;
|
|
use MIME::Base64;
|
|
|
|
BEGIN {
|
|
require 't/test-lib.pm';
|
|
}
|
|
|
|
my $debug = 'error';
|
|
my ( $issuer, $sp, $res );
|
|
my %handlerOR = ( issuer => [], sp => [] );
|
|
|
|
# Initialization
|
|
ok( $issuer = issuer(), 'OP portal' );
|
|
|
|
ok( $res = $issuer->_get('/oauth2/jwks'), 'Get JWKS' );
|
|
my $jwks = $res->[2]->[0];
|
|
|
|
ok( $res = $issuer->_get('/.well-known/openid-configuration'), 'Get metadata' );
|
|
my $metadata = $res->[2]->[0];
|
|
count(3);
|
|
|
|
switch ('sp');
|
|
ok( $sp = sp( $jwks, $metadata ), 'RP portal' );
|
|
count(1);
|
|
|
|
#print STDERR Dumper( $jwks, $metadata );
|
|
|
|
clean_sessions();
|
|
done_testing( count() );
|
|
|
|
sub switch {
|
|
my $type = shift;
|
|
@Lemonldap::NG::Handler::Main::Reload::_onReload = @{
|
|
$handlerOR{$type};
|
|
};
|
|
}
|
|
|
|
sub issuer {
|
|
return LLNG::Manager::Test->new(
|
|
{
|
|
ini => {
|
|
logLevel => $debug,
|
|
domain => 'idp.com',
|
|
portal => 'http://auth.op.com',
|
|
authentication => 'Demo',
|
|
userDB => 'Demo',
|
|
issuerDBOpenIDConnectActivation => "1",
|
|
oidcRPMetaDataExportedVars => {
|
|
rp => {
|
|
email => "mail",
|
|
family_name => "cn",
|
|
name => "cn"
|
|
}
|
|
},
|
|
oidcServiceMetaDataIssuer => "http://auth.op.com",
|
|
oidcServiceMetaDataAuthorizeURI => "authorize",
|
|
oidcServiceMetaDataCheckSessionURI => "checksession",
|
|
oidcServiceMetaDataJWKSURI => "jwks",
|
|
oidcServiceMetaDataEndSessionURI => "logout",
|
|
oidcServiceMetaDataRegistrationURI => "register",
|
|
oidcServiceMetaDataTokenURI => "token",
|
|
oidcServiceMetaDataUserInfoURI => "userinfo",
|
|
oidcServiceAllowHybridFlow => 1,
|
|
oidcServiceAllowImplicitFlow => 1,
|
|
oidcServiceAllowDynamicRegistration => 1,
|
|
oidcServiceAllowAuthorizationCodeFlow => 1,
|
|
oidcRPMetaDataOptions => {
|
|
rp => {
|
|
oidcRPMetaDataOptionsDisplayName => "RP",
|
|
oidcRPMetaDataOptionsIDTokenExpiration => 3600,
|
|
oidcRPMetaDataOptionsClientID => "rpid",
|
|
oidcRPMetaDataOptionsIDTokenSignAlg => "HS512",
|
|
oidcRPMetaDataOptionsBypassConsent => 0,
|
|
oidcRPMetaDataOptionsClientSecret => "rpsecret",
|
|
oidcRPMetaDataOptionsUserIDAttr => "",
|
|
oidcRPMetaDataOptionsAccessTokenExpiration => 3600
|
|
}
|
|
},
|
|
oidcOPMetaDataOptions => {},
|
|
oidcOPMetaDataJSON => {},
|
|
oidcOPMetaDataJWKS => {},
|
|
oidcStorageOptions => {},
|
|
oidcServiceMetaDataAuthnContext => {
|
|
'loa-4' => 4,
|
|
'loa-1' => 1,
|
|
'loa-5' => 5,
|
|
'loa-2' => 2,
|
|
'loa-3' => 3
|
|
},
|
|
oidcServicePrivateKeySig => "-----BEGIN RSA PRIVATE KEY-----
|
|
MIIEowIBAAKCAQEAs2jsmIoFuWzMkilJaA8//5/T30cnuzX9GImXUrFR2k9EKTMt
|
|
GMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8TrH1PHFmHpy8/qE/S5OhinIpIi7eb
|
|
ABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH1caJ8lmiERFj7IvNKqEhzAk0pyDr
|
|
8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdykX5rx0h5SslG3jVWYhZ/SOb2aIzO
|
|
r0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO8093X5VVk9vaPRg0zxJQ0Do0YLyzkR
|
|
isSAIFb0tdKuDnjRGK6y/N2j6At2HjkxntbtGQIDAQABAoIBADYq6LxJd977LWy3
|
|
0HT9nboFPIf+SM2qSEc/S5Po+6ipJBA4ZlZCMf7dHa6znet1TDpqA9iQ4YcqIHMH
|
|
6xZNQ7hhgSAzG9TrXBHqP+djDlrrGWotvjuy0IfS9ixFnnLWjrtAH9afRWLuG+a/
|
|
NHNC1M6DiiTE0TzL/lpt/zzut3CNmWzH+t19X6UsxUg95AzooEeewEYkv25eumWD
|
|
mfQZfCtSlIw1sp/QwxeJa/6LJw7KcPZ1wXUm1BN0b9eiKt9Cmni1MS7elgpZlgGt
|
|
xtfGTZtNLQ7bgDiM8MHzUfPBhbceNSIx2BeCuOCs/7eaqgpyYHBbAbuBQex2H61l
|
|
Lcc3Tz0CgYEA4Kx/avpCPxnvsJ+nHVQm5d/WERuDxk4vH1DNuCYBvXTdVCGADf6a
|
|
F5No1JcTH3nPTyPWazOyGdT9LcsEJicLyD8vCM6hBFstG4XjqcAuqG/9DRsElpHQ
|
|
yi1zc5DNP7Vxmiz9wII0Mjy0abYKtxnXh9YK4a9g6wrcTpvShhIcIb8CgYEAzGzG
|
|
lorVCfX9jXULIznnR/uuP5aSnTEsn0xJeqTlbW0RFWLdj8aIL1peirh1X89HroB9
|
|
GeTNqEJXD+3CVL2cx+BRggMDUmEz4hR59meZCDGUyT5fex4LIsceb/ESUl2jo6Sw
|
|
HXwWbN67rQ55N4oiOcOppsGxzOHkl5HdExKidycCgYEAr5Qev2tz+fw65LzfzHvH
|
|
Kj4S/KuT/5V6He731cFd+sEpdmX3vPgLVAFPG1Q1DZQT/rTzDDQKK0XX1cGiLG63
|
|
NnaqOye/jbfzOF8Z277kt51NFMDYhRLPKDD82IOA4xjY/rPKWndmcxwdob8yAIWh
|
|
efY76sMz6ntCT+xWSZA9i+ECgYBWMZM2TIlxLsBfEbfFfZewOUWKWEGvd9l5vV/K
|
|
D5cRIYivfMUw5yPq2267jPUolayCvniBH4E7beVpuPVUZ7KgcEvNxtlytbt7muil
|
|
5Z6X3tf+VodJ0Swe2NhTmNEB26uwxzLe68BE3VFCsbSYn2y48HAq+MawPZr18bHG
|
|
ZfgMxwKBgHHRg6HYqF5Pegzk1746uH2G+OoCovk5ylGGYzcH2ghWTK4agCHfBcDt
|
|
EYqYAev/l82wi+OZ5O8U+qjFUpT1CVeUJdDs0o5u19v0UJjunU1cwh9jsxBZAWLy
|
|
PAGd6SWf4S3uQCTw6dLeMna25YIlPh5qPA6I/pAahe8e3nSu2ckl
|
|
-----END RSA PRIVATE KEY-----
|
|
",
|
|
oidcServicePublicKeySig => "-----BEGIN PUBLIC KEY-----
|
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2jsmIoFuWzMkilJaA8/
|
|
/5/T30cnuzX9GImXUrFR2k9EKTMtGMHCdKlWOl3BV+BTAU9TLz7Jzd/iJ5GJ6B8T
|
|
rH1PHFmHpy8/qE/S5OhinIpIi7ebABqnoVcwDdCa8ugzq8k8SWxhRNXfVIlwz4NH
|
|
1caJ8lmiERFj7IvNKqEhzAk0pyDr8hubveTC39xREujKlsqutpPAFPJ3f2ybVsdy
|
|
kX5rx0h5SslG3jVWYhZ/SOb2aIzOr0RMjhQmsYRwbpt3anjlBZ98aOzg7GAkbO80
|
|
93X5VVk9vaPRg0zxJQ0Do0YLyzkRisSAIFb0tdKuDnjRGK6y/N2j6At2Hjkxntbt
|
|
GQIDAQAB
|
|
-----END PUBLIC KEY-----
|
|
",
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
sub sp {
|
|
my ( $jwks, $metadata ) = @_;
|
|
return LLNG::Manager::Test->new(
|
|
{
|
|
ini => {
|
|
logLevel => $debug,
|
|
domain => 'rp.com',
|
|
portal => 'http://auth.rp.com',
|
|
authentication => 'OpenIDConnect',
|
|
userDB => 'OpenIDConnect',
|
|
oidcOPMetaDataExportedVars => {
|
|
op => {
|
|
cn => "name",
|
|
uid => "sub",
|
|
sn => "family_name",
|
|
mail => "email"
|
|
}
|
|
},
|
|
oidcOPMetaDataOptions => {
|
|
op => {
|
|
oidcOPMetaDataOptionsJWKSTimeout => 0,
|
|
oidcOPMetaDataOptionsClientSecret => "rpsecret",
|
|
oidcOPMetaDataOptionsScope => "openid profile",
|
|
oidcOPMetaDataOptionsStoreIDToken => 0,
|
|
oidcOPMetaDataOptionsDisplay => "",
|
|
oidcOPMetaDataOptionsClientID => "rpid",
|
|
oidcOPMetaDataOptionsConfigurationURI =>
|
|
"https://auth.op.com/.well-known/openid-configuration"
|
|
}
|
|
},
|
|
oidcOPMetaDataJWKS => {
|
|
op => $jwks,
|
|
},
|
|
oidcOPMetaDataJSON => {
|
|
op => $metadata,
|
|
}
|
|
}
|
|
}
|
|
);
|
|
}
|