Authen-NZRealMe
view release on metacpan or search on metacpan
t/10-metadata.t view on Meta::CPAN
# Load our SP metadata for talking to the login service
my $conf_dir = test_conf_dir();
my $sp = Authen::NZRealMe->service_provider( conf_dir => $conf_dir );
isa_ok($sp, 'Authen::NZRealMe::ServiceProvider');
is($sp->conf_dir, $conf_dir, "SP's conf_dir looks good");
is($sp->entity_id, 'https://www.example.govt.nz/app/sample-login',
"SP EntityID loaded from metadata looks good");
is($sp->organization_name, 'Department of Examples (login)',
"SP OrganizationName loaded from metadata looks good");
is($sp->organization_url, 'https://www.example.govt.nz/',
"SP OrganizationURL loaded from metadata looks good");
is($sp->contact_company, 'Department of Examples Login Services',
"SP contact company name loaded from metadata looks good");
my @acs_list = $sp->acs_list;
is(scalar(@acs_list), 2, 'two Assertion Consumer service are defined');
my($acs0, $acs1) = @acs_list;
ok($acs0, 'ACS 0');
is($acs0->{location}, 'https://www.example.govt.nz/app/sample/login-acs',
" URL from metadata looks good");
is($acs0->{index}, '0', " index");
is($acs0->{is_default}, undef, " not default");
is($acs0->{binding}, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', " binding");
ok($acs1, 'ACS 1');
is($acs1->{location}, 'https://www.example.govt.nz/app/sample/login-acs',
" URL from metadata looks good");
is($acs1->{index}, '1', " index");
is($acs1->{is_default}, 1, " is default");
is($acs1->{binding}, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', " binding");
# Load IdP metadata for login service
my $idp = $sp->idp;
isa_ok($idp, 'Authen::NZRealMe::IdentityProvider');
is($idp->entity_id, 'https://test.fakeme.govt.nz/saml2',
"IdP EntityID loaded from metadata looks good");
# Load our SP metadata for talking to the assertion service
$sp = Authen::NZRealMe->service_provider(
conf_dir => $conf_dir,
type => 'assertion',
);
isa_ok($sp, 'Authen::NZRealMe::ServiceProvider');
is($sp->conf_dir, $conf_dir, "SP's conf_dir looks good");
is($sp->entity_id, 'https://www.example.govt.nz/app/sample-identity',
"SP EntityID loaded from metadata looks good");
is($sp->organization_name, 'Department of Examples (identity)',
"SP OrganizationName loaded from metadata looks good");
is($sp->organization_url, 'https://www.example.govt.nz/',
"SP OrganizationURL loaded from metadata looks good");
is($sp->contact_company, 'Department of Examples Identity Services',
"SP contact company name loaded from metadata looks good");
@acs_list = $sp->acs_list;
is(scalar(@acs_list), 2, 'two Assertion Consumer service are defined');
($acs0, $acs1) = @acs_list;
ok($acs0, 'ACS 0');
is($acs0->{location}, 'https://www.example.govt.nz/app/sample/identity-acs',
" URL from metadata looks good");
is($acs0->{index}, '0', " index");
is($acs0->{is_default}, undef, " not default");
is($acs0->{binding}, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', " binding");
ok($acs1, 'ACS 1');
is($acs1->{location}, 'https://www.example.govt.nz/app/sample/identity-acs',
" URL from metadata looks good");
is($acs1->{index}, '1', " index");
is($acs1->{is_default}, 1, " is default");
is($acs1->{binding}, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', " binding");
# Load IdP metadata for login service
$idp = $sp->idp;
isa_ok($idp, 'Authen::NZRealMe::IdentityProvider');
is($idp->entity_id, 'https://test.fakeme.govt.nz/fakemetest/fakemeidp',
"IdP EntityID loaded from metadata looks good");
# Extract a bit of iCMS metadata
my $method = eval { $sp->_icms_method_data('Validate'); } || {};
is($@, '', "parsed iCMS config without error");
is($method->{url}, 'https://ws.test.logon.fakeme.govt.nz/icms/Validate_v1_1',
'got iCMS endpoint for FLT resolution');
t/20-request.t view on Meta::CPAN
isa_ok($req, 'Authen::NZRealMe::AuthenRequest');
my $req_id = $req->request_id;
like($req_id, qr{^\w{16,}$}, "request id comprises at least 16 'word' chars");
like($req_id, qr{^\D}, "request id does not start with a digit");
is($req->entity_id, $sp->entity_id, 'request entity_id matches SP');
my($year, $month, $day, $hour, $min, $sec) =
$req->request_time =~ qr{^(\d\d\d\d)-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z$};
ok(defined($sec), 'format of request time looks good');
my $req_time = timegm($sec, $min, $hour, $day, $month - 1, $year - 1900);
ok((time() - $req_time) < 10,
'request time seems to be a UTC version of current time');
is($req->destination_url, $sp->idp->single_signon_location,
'request destination URL matches IdP metadata setting');
is($req->relay_state, undef, 'request has no default relay state');
is($req->allow_create, 'false', 'request does not enable account creation by default');
t/20-request.t view on Meta::CPAN
is($@, '', "default auth strength is low");
my $url = $req->as_url;
my($idp_url, $payload, $sig_alg, $sig) = $url =~ m{
^(https://.*?)[?]
SAMLRequest=(.*?)&
SigAlg=(.*?)&
Signature=(.*?)(?:$|&)
}x;
ok(defined($sig), 'format of request as URL looks good');
is($idp_url, $sp->idp->single_signon_location, 'host and path are correct');
my $plaintext = "SAMLRequest=$payload&SigAlg=$sig_alg";
($payload, $sig_alg, $sig) = map {
s{%([0-9a-f]{2})}{chr(hex($1))}ieg;
$_;
} ($payload, $sig_alg, $sig);
my $b64chr = '[A-Za-z0-9+/]';
t/20-request.t view on Meta::CPAN
$url = $req2->as_url;
my($relay);
($idp_url, $payload, $relay, $sig_alg, $sig) = $url =~ m{
^(https://.*?)[?]
SAMLRequest=(.*?)&
RelayState=(.*?)&
SigAlg=(.*?)&
Signature=(.*?)(?:$|&)
}x;
ok(defined($sig), 'format of request as URL looks good');
is($relay, 'pending', 'RelayState parameter looks good');
$plaintext = "SAMLRequest=$payload&RelayState=$relay&SigAlg=$sig_alg";
$sig =~ s{%([0-9a-f]{2})}{chr(hex($1))}ieg;
ok($signer->verify_detached_signature($plaintext, $sig),
'signature verified successfully using public key from cert');
$xml = Authen::NZRealMe::AuthenRequest->_request_from_uri($url);
t/25-request-assertion.t view on Meta::CPAN
isa_ok($req, 'Authen::NZRealMe::AuthenRequest');
my $req_id = $req->request_id;
like($req_id, qr{^\w{16,}$}, "request id comprises at least 16 'word' chars");
like($req_id, qr{^\D}, "request id does not start with a digit");
is($req->entity_id, $sp->entity_id, 'request entity_id matches SP');
my($year, $month, $day, $hour, $min, $sec) =
$req->request_time =~ qr{^(\d\d\d\d)-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z$};
ok(defined($sec), 'format of request time looks good');
my $req_time = timegm($sec, $min, $hour, $day, $month - 1, $year - 1900);
ok((time() - $req_time) < 10,
'request time seems to be a UTC version of current time');
is($req->destination_url, $sp->idp->single_signon_location($sso_binding),
'request destination URL matches IdP metadata setting');
is($req->relay_state, undef, 'request has no default relay state');
is($req->allow_create, 'false', 'request does not enable account creation by default');
t/25-request-assertion.t view on Meta::CPAN
is($@, '', "default auth strength is low");
my $url = $req->as_url;
my($idp_url, $payload, $sig_alg, $sig) = $url =~ m{
^(https://.*?)[?]
SAMLRequest=(.*?)&
SigAlg=(.*?)&
Signature=(.*?)(?:$|&)
}x;
ok(defined($sig), 'format of request as URL looks good');
is($idp_url, $sp->idp->single_signon_location($sso_binding), 'host and path are correct');
my $plaintext = "SAMLRequest=$payload&SigAlg=$sig_alg";
($payload, $sig_alg, $sig) = map {
s{%([0-9a-f]{2})}{chr(hex($1))}ieg;
$_;
} ($payload, $sig_alg, $sig);
my $b64chr = '[A-Za-z0-9+/]';
t/25-request-assertion.t view on Meta::CPAN
$url = $req2->as_url;
my($relay);
($idp_url, $payload, $relay, $sig_alg, $sig) = $url =~ m{
^(https://.*?)[?]
SAMLRequest=(.*?)&
RelayState=(.*?)&
SigAlg=(.*?)&
Signature=(.*?)(?:$|&)
}x;
ok(defined($sig), 'format of request as URL looks good');
is($relay, 'pending', 'RelayState parameter looks good');
$plaintext = "SAMLRequest=$payload&RelayState=$relay&SigAlg=$sig_alg";
$sig =~ s{%([0-9a-f]{2})}{chr(hex($1))}ieg;
ok($signer->verify_detached_signature($plaintext, $sig),
'signature verified successfully using public key from cert');
$xml = Authen::NZRealMe::AuthenRequest->_request_from_uri($url);
( run in 0.867 second using v1.01-cache-2.11-cpan-607d282f910 )