func (s *ServiceProviderSettings) Init() (err error) {
if s.hasInit {
return nil
}
s.hasInit = true
s.publicCert, err = util.LoadCertificate(s.PublicCertPath)
if err != nil {
return err
}
s.privateKey, err = util.LoadCertificate(s.PrivateKeyPath)
if err != nil {
return err
}
s.iDPPublicCert, err = util.LoadCertificate(s.IDPPublicCertPath)
if err != nil {
return err
}
return nil
}
func TestValidateSamlResponse(t *testing.T) {
assert := assert.New(t)
publicCertificatePath := "./default.crt"
privateKeyPath := "./default.key"
idpPublicCertificatePath := "./default.crt"
b, err := ioutil.ReadFile(publicCertificatePath)
assert.NoError(err)
publicCertificate := string(b)
publicCert, err := util.LoadCertificate(publicCertificatePath)
assert.NoError(err)
b, err = ioutil.ReadFile(privateKeyPath)
assert.NoError(err)
privateKey := string(b)
b, err = ioutil.ReadFile(idpPublicCertificatePath)
assert.NoError(err)
idpPublicCertificate := string(b)
idpSsoUrl := "http://www.onelogin.net"
idpSsoDescriptorUrl := "http://www.onelogin.net"
assertionConsumerServiceUrl := "http://*****:*****@domain")
authnResponse.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.InResponseTo = "foo"
authnResponse.InResponseTo = "bar"
authnResponse.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.Recipient = issuer
authnResponse.Destination = assertionConsumerServiceUrl
// signed XML string
signed, err := authnResponse.EncodedSignedString(privateKeyPath)
assert.NoError(err)
assert.NotEmpty(signed)
response, err := ParseEncodedResponse(signed)
assert.NoError(err)
assert.NotEmpty(response)
err = ValidateSamlResponse(response, publicCertificate, privateKey, idpSsoUrl, idpSsoDescriptorUrl, idpPublicCertificate, assertionConsumerServiceUrl)
assert.NoError(err)
}
func TestResponse(t *testing.T) {
assert := assert.New(t)
cert, err := util.LoadCertificate("./default.crt")
assert.NoError(err)
// Construct an AuthnRequest
response := NewSignedResponse()
response.Signature.KeyInfo.X509Data.X509Certificate.Cert = cert
b, err := xml.MarshalIndent(response, "", " ")
assert.NoError(err)
xmlResponse := string(b)
signedXml, err := SignResponse(xmlResponse, "./default.key")
assert.NoError(err)
assert.NotEmpty(signedXml)
err = VerifyRequestSignature(signedXml, "./default.crt")
assert.NoError(err)
}