view release on metacpan or  search on metacpan

t/39-icms-req.t  view on Meta::CPAN

#!perl
#
# Generate an iCMS request document that contains an 'opaque token' and has a
# multi-reference signature.  Check it's structure and signature.
#

use strict;
use warnings;

use Test::More;

require XML::LibXML;
require XML::LibXML::XPathContext;

use FindBin;
use File::Spec;
use lib File::Spec->catdir($FindBin::Bin, 'test-lib');

use AuthenNZRealMeTestHelper;
use Authen::NZRealMe;
use Authen::NZRealMe::CommonURIs qw(URI NS_PAIR);

Authen::NZRealMe->register_class(service_provider   => 'MockSP');

my $dispatcher    = 'Authen::NZRealMe';
my $sig_class     = $dispatcher->class_for('xml_signer');
my $sp_key_file   = test_conf_file('sp-sign-key.pem');
my $sp_cert_file  = test_conf_file('sp-sign-crt.pem');

my @all_ns = (
    [ soap12 => 'http://www.w3.org/2003/05/soap-envelope' ],
    [ wsse   => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' ],
    [ wsu    => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' ],
    [ wst    => 'http://docs.oasis-open.org/ws-sx/ws-trust/200512' ],
    [ wsa    => 'http://www.w3.org/2005/08/addressing' ],
    [ icms   => 'urn:nzl:govt:ict:stds:authn:deployment:igovt:gls:iCMS:1_0' ],
    [ ds     => 'http://www.w3.org/2000/09/xmldsig#' ],
);


my $conf_dir = test_conf_dir();
my $sp = Authen::NZRealMe->service_provider(
    conf_dir  => $conf_dir,
    type      => 'assertion',
);
ok(1, 'loaded required modules');

my $opaque_token = '[[OPAQUE-TOKEN-GOES-HERE]]';
my $req_builder = Authen::NZRealMe->class_for('icms_resolution_request');
my $req = $req_builder->new($sp, $opaque_token);

my $icms_req = $req->request_data;
ok($icms_req, 'generated an icms request document');

my $verifier = $sig_class->new(pub_cert_file => $sp_cert_file);
my $selector = '//ds:Signature[not(ancestor::soap12:Body)]';
ok(
    $verifier->verify($icms_req, $selector, NS_PAIR('soap12')),
    "verified request signature using SP's public key"
);

my $parser = XML::LibXML->new();
my $doc    = $parser->parse_string($icms_req);
my $xc     = XML::LibXML::XPathContext->new($doc->documentElement);
$xc->registerNs( @$_ ) foreach @all_ns;

my($node) = eval {
    $verifier->find_verified_element($xc, '//soap12:Header');
};
ok(!$node, "failed to find SOAP Header element");
like($@, qr{not in a signed fragment}, '  because it is outside signed areas');

($node) = eval {
    $verifier->find_verified_element($xc, '//soap12:Header/wsa:Action');
};
is($@, '', 'wsa:Action inside SOAP Header is verified');
is(
    $node->to_literal,
    'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate',
    '  and has expected content'
);

($node) = eval {
    $verifier->find_verified_element($xc, '//soap12:Header/wsa:To');
};
is($@, '', 'wsa:To inside SOAP Header is verified');
is(
    $node->to_literal,
    'https://ws.test.logon.fakeme.govt.nz/icms/Validate_v1_1',
    '  and has expected content'
);

($node) = eval {
    $verifier->find_verified_element($xc, '//soap12:Header/wsa:ReplyTo/wsa:Address');
};
is($@, '', 'wsa:ReplyTo/wsa:Address inside SOAP Header is verified');
is(