dsig results from the CPAN

Lemonldap-NG-Portal
use warnings;
use Test::More;
use strict;
no strict "subs";
use IO::String;
use LWP::UserAgent;
use LWP::Protocol::PSGI;
use MIME::Base64;

BEGIN {
    require 't/test-lib.pm';
    require 't/saml-lib.pm';
}

my $debug = 'error';
my ( $issuer, $res );

# Redefine LWP methods for tests
LWP::Protocol::PSGI->register( denyLwpRequests() );

sub runTest {
    my ( $sp, $expected_cert, $expected_alg ) = @_;

    my $id = $issuer->login("french");

    # Initialization
    my $request = getAuthnRequest($sp);

    # Push SAML request to IdP
    ok(
        $res = $issuer->_post(
            '/saml/singleSignOn',
            { SAMLRequest => $request },
            accept => 'text/html',
            cookie => "lemonldap=$id",
        ),
        'Post SAML request to IdP'
    );
    expectOK($res);

    my ( $host, $url, $s ) =
      expectAutoPost( $res, "auth.$sp.com", '/saml/proxySingleSignOnPost',
        'SAMLResponse' );

    my $sr       = expectSamlResponse($s);
    my $sig_cert = getXPath( $sr, '//sig:X509Certificate/text()' )->pop->data;
    is(
        normalizeX509Data($sig_cert),
        normalizeX509Data($expected_cert),
        "Expected key was used"
    );

    expectXPath(
        $sr,
        '//sig:SignatureMethod/@Algorithm',
        "http://www.w3.org/2001/04/xmldsig-more#$expected_alg",
        "Expected alg $expected_alg was used"
    );
}

SKIP: {
    eval "use Lasso";
    if ($@) {
        skip('Lasso not found');
    }

    $issuer = register( 'issuer', sub { issuer() } );

    # Default metadata contains default keys
    my $md = $issuer->_get("/saml/metadata/idp");
    expectMetadataCerts(
        $md->[2]->[0],
        [ saml_key_idp_cert_sig() ],
        [ saml_key_idp_cert_sig() ]
    );

    # SP-targeted metadata contains sp-specific key
    $md = $issuer->_get(
        "/saml/metadata/idp",
        query => {
            sp => "http://auth.override-both.com/saml/metadata",
        }
    );
    expectMetadataCerts(
        $md->[2]->[0],
        [ saml_key_proxy_cert_sig() ],
        [ saml_key_proxy_cert_sig() ]
    );

    # Extra keys can be specified
    $md = $issuer->_get(
        "/saml/metadata/idp",
        query => {
            sp => "http://auth.override-key.com/saml/metadata",
        }
    );
    expectMetadataCerts(
        $md->[2]->[0],
        [ saml_key_proxy_cert_sig(), saml_key_sp_cert_sig() ],
        [ saml_key_proxy_cert_sig(), saml_key_sp_cert_sig() ]
    );

    # Run signature tests
    runTest( "default-sp",      saml_key_idp_cert_sig(),   "rsa-sha256" );
    runTest( "override-method", saml_key_idp_cert_sig(),   "rsa-sha384" );
    runTest( "override-key",    saml_key_proxy_cert_sig(), "rsa-sha256" );
    runTest( "override-both",   saml_key_proxy_cert_sig(), "rsa-sha384" );

}
clean_sessions();
done_testing();

sub getAuthnRequest {
    my ($sp) = @_;
    my $server =
      Lasso::Server::new_from_buffers( samlSPMetaDataXML( $sp, "HTTP-POST" ),
( run in 0.420 second using v1.01-cache-2.11-cpan-5511b514fd6 )