48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * The contents of this file are subject to the terms of the Common Development and
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * Distribution License (the License). You may not use this file except in compliance with the
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * specific language governing permission and limitations under the License.
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * When distributing Covered Software, include this CDDL Header Notice in each file and include
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * Header, with the fields enclosed by brackets [] replaced by your own identifying
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * information: "Portions copyright [year] [name of copyright owner]".
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * Copyright 2014 - 2015 ForgeRock AS.
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordtypedef am_return_t (* am_state_func_t)(am_request_t *);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordvoid am_test_get_state_funcs(am_state_func_t const ** func_array_p, int * func_array_len_p);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford#define TEST_TOKEN_VALUE "AQIC5wM2LY4Sfcyro187TdQ7LJIs373_tJP4Lb2VXBv-Qoc.*AAJTSQACMDEAAlNLABM5MjExNjg2Nzk3Mjg3MjI4MDA2*"
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * Compare only the prefix against the string.
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford * Return the result of strncmp, so 0 means no differences, etc.
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordint compare_prefix(char* prefix, char* string) {
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford return strncmp(prefix, string, strlen(prefix));
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordstatic am_status_t am_get_url_encoded_token_url(struct am_request* request)
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs am_asprintf(&url, "http://a.b.c:80/%s?g=h&%s=%s&i=j", path, TOKEN_NAME, token);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordstatic am_status_t get_valid_path_url(struct am_request* request)
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James /* an unnormalised path */
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James am_asprintf(&url, "http://a.b.c:80/%s?g=h&%s=%s&i=j", path, TOKEN_NAME, token);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordstatic am_status_t get_invalid_path_url(struct am_request* request)
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James /* the original intention was to check that the normalisation threw out this path */
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James am_asprintf(&url, "http://a.b.c:80/%s?g=h&%s=%s&i=j", path, TOKEN_NAME, token);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordstatic am_status_t am_get_SAML_post_url(struct am_request* request)
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs /* note that the parser does not accept namespaces and it does not normalize character content.*/
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford "<x xmlns:saml=\"http:/w3c.org/nonsense#id\">"
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford "<saml:NameIdentifier>"TEST_TOKEN_VALUE"</saml:NameIdentifier>"
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs am_asprintf(&url, "http://a.b.c:80/d/e/f?g=h&LARES=%s&i=j", base64XML);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford/*****************************************************************************************************/
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordvoid test_setup_with_simple_token(void **state) {
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford .am_get_request_url_f = am_get_url_encoded_token_url,
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs am_test_get_state_funcs(&func_array, &array_len);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_int_equal(compare_prefix("https://www.override.com:80/d/e/f", request.overridden_url), 0);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal(TEST_TOKEN_VALUE, request.token);
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs am_test_get_state_funcs(&func_array, &array_len);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_int_equal(compare_prefix("https://www.override.com:80/d/e/f", request.overridden_url), 0);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal("/d/e/f", request.url.path);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal("?g=h&i=j", request.url.query);
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James assert_string_equal(TEST_TOKEN_VALUE, request.token);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordvoid test_setup_with_invalid_path(void **state) {
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs am_test_get_state_funcs(&func_array, &array_len);
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs /* this should fail because the invalid path tried to refer outside of the root */
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James assert_int_equal(setup(&request), AM_SUCCESS);
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James /* however, we have accepted the URL and the resulting path is this: */
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James assert_string_equal(request.url.path, "/d/e/f");
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs am_test_get_state_funcs(&func_array, &array_len);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_int_equal(compare_prefix("https://a.b.c:90/d/e/f", request.overridden_url), 0);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal(TEST_TOKEN_VALUE, request.token);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal("209.173.53.167", request.client_ip);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal("d.e.f", request.client_host);
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs * note: this test requires an Internet connection since it contacts a DNS server to verify the client host
48e27400d23e2586530cf943524e50c74d79a915Tony Bamfordvoid test_setup_with_resolve_host(void **state) {
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford .client_ip = "2001:4860:4860::8888,2001:5c0:9168:0:0:0:0:1",
4c6011bfcf29cd75d6af86f192d709221f4d5d3aMareks Malnacs am_test_get_state_funcs(&func_array, &array_len);
b0e02a0dd364decf4697db706d59eb72b6aeba62Nicholas James assert_int_equal(compare_prefix("https://www.override.com:80/d/e/f", request.overridden_url), 0);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal("/d/e/f", request.url.path);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal("?g=h&i=j", request.url.query);
48e27400d23e2586530cf943524e50c74d79a915Tony Bamford assert_string_equal("google-public-dns-a.google.com", request.client_host);