Esempio n. 1
0
func (s *ServiceProviderSettings) Init() (err error) {
	if s.hasInit {
		return nil
	}
	s.hasInit = true

	s.publicCert, err = util.LoadCertificate(s.PublicCertPath)
	if err != nil {
		return err
	}

	s.privateKey, err = util.LoadCertificate(s.PrivateKeyPath)
	if err != nil {
		return err
	}

	s.iDPPublicCert, err = util.LoadCertificate(s.IDPPublicCertPath)
	if err != nil {
		return err
	}

	return nil
}
Esempio n. 2
0
func TestValidateSamlResponse(t *testing.T) {
	assert := assert.New(t)

	publicCertificatePath := "./default.crt"
	privateKeyPath := "./default.key"
	idpPublicCertificatePath := "./default.crt"

	b, err := ioutil.ReadFile(publicCertificatePath)
	assert.NoError(err)
	publicCertificate := string(b)
	publicCert, err := util.LoadCertificate(publicCertificatePath)
	assert.NoError(err)

	b, err = ioutil.ReadFile(privateKeyPath)
	assert.NoError(err)
	privateKey := string(b)

	b, err = ioutil.ReadFile(idpPublicCertificatePath)
	assert.NoError(err)
	idpPublicCertificate := string(b)

	idpSsoUrl := "http://www.onelogin.net"
	idpSsoDescriptorUrl := "http://www.onelogin.net"
	assertionConsumerServiceUrl := "http://*****:*****@domain")
	authnResponse.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.InResponseTo = "foo"
	authnResponse.InResponseTo = "bar"
	authnResponse.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.Recipient = issuer
	authnResponse.Destination = assertionConsumerServiceUrl

	// signed XML string
	signed, err := authnResponse.EncodedSignedString(privateKeyPath)
	assert.NoError(err)
	assert.NotEmpty(signed)

	response, err := ParseEncodedResponse(signed)
	assert.NoError(err)
	assert.NotEmpty(response)

	err = ValidateSamlResponse(response, publicCertificate, privateKey, idpSsoUrl, idpSsoDescriptorUrl, idpPublicCertificate, assertionConsumerServiceUrl)
	assert.NoError(err)
}
Esempio n. 3
0
func TestResponse(t *testing.T) {
	assert := assert.New(t)
	cert, err := util.LoadCertificate("./default.crt")
	assert.NoError(err)

	// Construct an AuthnRequest
	response := NewSignedResponse()
	response.Signature.KeyInfo.X509Data.X509Certificate.Cert = cert

	b, err := xml.MarshalIndent(response, "", "    ")
	assert.NoError(err)
	xmlResponse := string(b)

	signedXml, err := SignResponse(xmlResponse, "./default.key")
	assert.NoError(err)
	assert.NotEmpty(signedXml)

	err = VerifyRequestSignature(signedXml, "./default.crt")
	assert.NoError(err)
}