diff --git a/bindings/java/Makefile.am b/bindings/java/Makefile.am
index 8de0178..05e5f9e 100644
--- a/bindings/java/Makefile.am
+++ b/bindings/java/Makefile.am
@@ -26,7 +26,7 @@ if WSF_ENABLED
EXTRA_ARGS = --enable-id-wsf
endif
-java_lasso_source_files := $(shell $(PYTHON) $(top_srcdir)/bindings/bindings.py -l java-list --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) )
+java_lasso_source_files := $(shell python $(top_srcdir)/bindings/bindings.py -l java-list --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) )
lasso_jardir=$(prefix)/share/java
lasso_jar_DATA=lasso.jar
diff --git a/bindings/python/examples/get_attributes_from_assertion.py b/bindings/python/examples/get_attributes_from_assertion.py
index 8f37a33..44ceb9e 100644
--- a/bindings/python/examples/get_attributes_from_assertion.py
+++ b/bindings/python/examples/get_attributes_from_assertion.py
@@ -1,10 +1,8 @@
# Example SP Python code to get attributes from an assertion
-from six import print_
-
for attribute in assertion.attributeStatement[0].attribute:
if attribute.name == lasso.SAML2_ATTRIBUTE_NAME_EPR:
continue
- print_('attribute : ' + attribute.name)
+ print 'attribute : ' + attribute.name
for value in attribute.attributeValue:
- print_(' value : ' + value.any[0].content)
+ print ' value : ' + value.any[0].content
diff --git a/bindings/python/tests/Makefile.am b/bindings/python/tests/Makefile.am
index 1305f26..205e761 100644
--- a/bindings/python/tests/Makefile.am
+++ b/bindings/python/tests/Makefile.am
@@ -11,8 +11,5 @@ if WSF_ENABLED
TESTS += idwsf1_tests.py idwsf2_tests.py
endif
-TEST_EXTENSIONS = .py
-PY_LOG_COMPILER = $(PYTHON)
-
EXTRA_DIST = profiles_tests.py binding_tests.py idwsf1_tests.py idwsf2_tests.py \
tests.py XmlTestRunner.py
diff --git a/bindings/python/tests/binding_tests.py b/bindings/python/tests/binding_tests.py
index 54c3635..6d8e0df 100755
--- a/bindings/python/tests/binding_tests.py
+++ b/bindings/python/tests/binding_tests.py
@@ -311,8 +311,8 @@ class BindingTestCase(unittest.TestCase):
'''
node = lasso.Node.newFromXmlNode(content)
assert 'next_url' in node.any[1]
- assert '{https://www.entrouvert.com/}huhu' in node.attributes.keys()
- assert 'xxx' in node.attributes.values()
+ assert 'huhu' in node.attributes.keys()[0]
+ assert node.attributes.values()[0] == 'xxx'
node.any = ('coin',)
node.attributes = {'michou': 'zozo'}
assert 'coin' in node.dump()
diff --git a/bindings/python/tests/idwsf2_tests.py b/bindings/python/tests/idwsf2_tests.py
index 4e47a4a..6f80c53 100755
--- a/bindings/python/tests/idwsf2_tests.py
+++ b/bindings/python/tests/idwsf2_tests.py
@@ -27,7 +27,7 @@
import os
import unittest
import sys
-from six import StringIO
+from StringIO import StringIO
import logging
logging.basicConfig()
@@ -310,11 +310,11 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(idp_disco.request.svcMD[0].svcMDID is None)
try:
idp_disco.checkSecurityMechanism()
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
try:
idp_disco.validateRequest()
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
self.failUnless(idp_disco.response is not None)
self.failUnlessEqual(len(idp_disco.metadatas), 1)
@@ -391,16 +391,16 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(idp_disco is not None)
try:
idp_disco.processRequestMsg(wsp_disco.msgBody)
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
self.failUnless(idp_disco.request is not None)
try:
idp_disco.checkSecurityMechanism()
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
try:
idp_disco.failRequest(lasso.IDWSF2_DISCOVERY_STATUS_CODE_FAILED, lasso.IDWSF2_DISCOVERY_STATUS_CODE_FORBIDDEN)
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
self.failUnless(idp_disco.response is not None)
self.failUnless(idp_disco.response.status is not None)
@@ -415,7 +415,7 @@ class MetadataTestCase(IdWsf2TestCase):
wsp_disco.processResponseMsg(idp_disco.msgBody)
except lasso.Idwsf2DiscoveryForbiddenError:
pass
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
def test03(self):
@@ -475,7 +475,7 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(soap_envelope.getMessageId() is not None)
try:
idp_disco.checkSecurityMechanism()
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
# redirect
interactionUrl = spInteractionUrl
@@ -488,7 +488,7 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(response.detail.any[0].redirectURL.startswith(interactionUrl + '?transactionID='))
try:
idp_disco.buildResponseMsg()
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
self.failUnless(idp_disco.msgBody is not None)
@@ -500,7 +500,7 @@ class MetadataTestCase(IdWsf2TestCase):
wsp_disco.processResponseMsg(idp_disco.msgBody)
except lasso.WsfprofileRedirectRequestError:
pass
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
response_envelope = wsp_disco.getSoapEnvelopeResponse()
self.failUnless(response_envelope.sb2GetRedirectRequestUrl().startswith(interactionUrl + '?transactionID='))
@@ -527,11 +527,11 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(idp_disco.request.svcMD[0].svcMDID is None)
try:
idp_disco.checkSecurityMechanism()
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
try:
idp_disco.validateRequest()
- except lasso.Error as e:
+ except lasso.Error, e:
self.fail(e)
self.failUnless(idp_disco.response is not None)
self.failUnlessEqual(len(idp_disco.metadatas), 1)
diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py
index 0ba1e56..547c9e2 100755
--- a/bindings/python/tests/profiles_tests.py
+++ b/bindings/python/tests/profiles_tests.py
@@ -386,21 +386,6 @@ class LogoutTestCase(unittest.TestCase):
else:
self.fail('Logout processResponseMsg should have failed.')
- def test05(self):
- '''Test parsing of a logout request with more than one session index'''
- content = '''
- me
- coin
- id1
- id2
- id3
- '''
-
- node = lasso.Samlp2LogoutRequest.newFromXmlNode(content)
- assert isinstance(node, lasso.Samlp2LogoutRequest)
- assert node.sessionIndex == 'id1'
- assert node.sessionIndexes == ('id1', 'id2', 'id3')
-
class DefederationTestCase(unittest.TestCase):
def test01(self):
"""IDP initiated defederation; testing processNotificationMsg with non Liberty query."""
@@ -493,15 +478,32 @@ class AttributeAuthorityTestCase(unittest.TestCase):
assert aq.response.assertion[0].attributeStatement[0].attribute[0]
assert aq.response.assertion[0].attributeStatement[0].attribute[0].attributeValue[0]
+class LogoutTestCase(unittest.TestCase):
+ def test01(self):
+ '''Test parsing of a logout request with more than one session index'''
+ content = '''
+ me
+ coin
+ id1
+ id2
+ id3
+ '''
+
+ node = lasso.Samlp2LogoutRequest.newFromXmlNode(content)
+ assert isinstance(node, lasso.Samlp2LogoutRequest)
+ assert node.sessionIndex == 'id1'
+ assert node.sessionIndexes == ('id1', 'id2', 'id3')
+
serverSuite = unittest.makeSuite(ServerTestCase, 'test')
loginSuite = unittest.makeSuite(LoginTestCase, 'test')
logoutSuite = unittest.makeSuite(LogoutTestCase, 'test')
defederationSuite = unittest.makeSuite(DefederationTestCase, 'test')
identitySuite = unittest.makeSuite(IdentityTestCase, 'test')
attributeSuite = unittest.makeSuite(AttributeAuthorityTestCase, 'test')
+logoutSuite = unittest.makeSuite(LogoutTestCase, 'test')
allTests = unittest.TestSuite((serverSuite, loginSuite, logoutSuite, defederationSuite,
- identitySuite, attributeSuite))
+ identitySuite, attributeSuite, logoutSuite))
if __name__ == '__main__':
sys.exit(not unittest.TextTestRunner(verbosity = 2).run(allTests).wasSuccessful())
diff --git a/configure.ac b/configure.ac
index 7476697..898468e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -131,7 +131,7 @@ dnl AC_CHECK_PROGS(JAR, fastjar jar)
AC_CHECK_PROGS(PERL, perl)
AC_CHECK_PROGS(PHP5, php5 php)
AC_CHECK_PROGS(PHP5_CONFIG, php-config5 php-config)
-AC_CHECK_PROGS(PYTHON, python3 python python2)
+AC_CHECK_PROGS(PYTHON, python)
AC_CHECK_PROGS(SWIG, swig)
dnl Make sure we have an ANSI compiler
diff --git a/lasso/Makefile.am b/lasso/Makefile.am
index 49ae88a..751f941 100644
--- a/lasso/Makefile.am
+++ b/lasso/Makefile.am
@@ -91,7 +91,7 @@ liblasso_la_LDFLAGS = -no-undefined -version-info @LASSO_VERSION_INFO@ \
endif
$(srcdir)/errors.c: $(srcdir)/errors.h $(srcdir)/build_strerror.py
- $(PYTHON) $(srcdir)/build_strerror.py $(srcdir) >.errors.c.new
+ python $(srcdir)/build_strerror.py $(srcdir) >.errors.c.new
if ! cmp -s $(srcdir)/errors.c .errors.c.new; then \
mv -f .errors.c.new $@; else \
rm .errors.c.new; fi
diff --git a/lasso/build_strerror.py b/lasso/build_strerror.py
index 908638d..fca5962 100644
--- a/lasso/build_strerror.py
+++ b/lasso/build_strerror.py
@@ -1,42 +1,42 @@
#! /usr/bin/env python
+from cStringIO import StringIO
import glob
import re
import sys
import os
-from six import print_, StringIO
srcdir = sys.argv[1]
+hlines = file('%s/errors.h' % srcdir,'r').readlines()
messages = dict()
description = ''
-with open('%s/errors.h' % srcdir,'r') as f:
- for line in f:
- m = re.match(r'^ \* LASSO.*ERROR', line)
+for line in hlines:
+ m = re.match(r'^ \* LASSO.*ERROR', line)
+ if m:
+ description = ''
+ continue
+ m = re.match(r'^ \* (.*[^:])$', line)
+ if m:
+ description += m.group(1)
+ m = re.match(r'#define (LASSO_\w*ERROR\w+)', line)
+ if m and description:
+ description = re.sub(r'[ \n]+', ' ', description).strip()
+ messages[m.group(1)] = description
+ description = ''
+ else:
+ m = re.match(r'#define (LASSO_\w*ERROR\w+)',line)
if m:
- description = ''
- continue
- m = re.match(r'^ \* (.*[^:])$', line)
- if m:
- description += m.group(1)
- m = re.match(r'#define (LASSO_\w*ERROR\w+)', line)
- if m and description:
- description = re.sub(r'[ \n]+', ' ', description).strip()
- messages[m.group(1)] = description
- description = ''
- else:
- m = re.match(r'#define (LASSO_\w*ERROR\w+)',line)
- if m:
- messages[m.group(1)] = m.group(1)
+ messages[m.group(1)] = m.group(1)
-with open('%s/errors.c.in' % srcdir,'r') as f:
- for line in f:
- if '@ERROR_CASES@' in line:
- keys = sorted(messages.keys())
- for k in keys:
- print_(' case %s:\n'
- ' return "%s";' %
- (k,messages[k].rstrip('\n')))
- else:
- print_(line, end="")
+clines = file('%s/errors.c.in' % srcdir,'r').readlines()
+for line in clines:
+ if '@ERROR_CASES@' in line:
+ keys = messages.keys()
+ keys.sort()
+ for k in keys:
+ print """ case %s:
+ return "%s";""" % (k,messages[k].rstrip('\n'))
+ else:
+ print line,
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index aedd0df..028ffb3 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -222,7 +222,7 @@ _lasso_login_must_verify_signature(LassoProfile *profile) {
gint
lasso_saml20_login_build_authn_request_msg(LassoLogin *login)
{
- char *assertionConsumerServiceURL = NULL;
+ char *url = NULL;
gboolean must_sign = TRUE;
LassoProfile *profile;
LassoSamlp2AuthnRequest *authn_request;
@@ -247,29 +247,29 @@ lasso_saml20_login_build_authn_request_msg(LassoLogin *login)
}
if (login->http_method == LASSO_HTTP_METHOD_PAOS) {
+
/*
* PAOS is special, the url passed to build_request is the
* AssertionConsumerServiceURL of this SP, not the
- * destination IdP URL. This is done to fill paos:responseConsumerURL
- * appropriately down the line in build_request_msg.
- * See https://dev.entrouvert.org/issues/34409 for more information.
+ * destination.
*/
if (authn_request->AssertionConsumerServiceURL) {
- assertionConsumerServiceURL = authn_request->AssertionConsumerServiceURL;
+ url = authn_request->AssertionConsumerServiceURL;
if (!lasso_saml20_provider_check_assertion_consumer_service_url(
- LASSO_PROVIDER(profile->server), assertionConsumerServiceURL, LASSO_SAML2_METADATA_BINDING_PAOS)) {
+ LASSO_PROVIDER(profile->server), url, LASSO_SAML2_METADATA_BINDING_PAOS)) {
rc = LASSO_PROFILE_ERROR_INVALID_REQUEST;
goto cleanup;
}
} else {
- assertionConsumerServiceURL = lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(
+ url = lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(
LASSO_PROVIDER(profile->server), LASSO_SAML2_METADATA_BINDING_PAOS);
- lasso_assign_new_string(authn_request->AssertionConsumerServiceURL, assertionConsumerServiceURL);
+ lasso_assign_new_string(authn_request->AssertionConsumerServiceURL, url);
}
}
+
lasso_check_good_rc(lasso_saml20_profile_build_request_msg(profile, "SingleSignOnService",
- login->http_method, assertionConsumerServiceURL));
+ login->http_method, url));
cleanup:
return rc;
@@ -1107,31 +1107,18 @@ lasso_saml20_login_process_paos_response_msg(LassoLogin *login, gchar *msg)
{
LassoSoapHeader *header = NULL;
LassoProfile *profile;
- int rc;
+ int rc1, rc2;
lasso_null_param(msg);
profile = LASSO_PROFILE(login);
- /*
- * lasso_saml20_profile_process_soap_response_with_headers()
- * performs a signature check on the SAML message. A signature
- * can also appear on the assertion which is checked by
- * lasso_saml20_login_process_response_status_and_assertion()
- * (below). Therefore if the error is SIGNATURE_NOT_FOUND we
- * proceed because
- * lasso_saml20_login_process_response_status_and_assertion()
- * will test the signature on the assertion.
- */
- rc = lasso_saml20_profile_process_soap_response_with_headers(profile, msg, &header);
- if (rc != 0 && rc != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
- return rc;
- }
+ rc1 = lasso_saml20_profile_process_soap_response_with_headers(profile, msg, &header);
/*
* If the SOAP message contained a header check for the optional
- * paos:Response and ecp:RelayState elements, if they exist extract their
- * values into the profile.
+ * paos:Response and ecp:RelayState elements, if they exist extract their
+ * values into the profile.
*/
if (header) {
GList *i = NULL;
@@ -1155,8 +1142,12 @@ lasso_saml20_login_process_paos_response_msg(LassoLogin *login, gchar *msg)
lasso_release_gobject(header);
}
- rc = lasso_saml20_login_process_response_status_and_assertion(login);
- return rc;
+ rc2 = lasso_saml20_login_process_response_status_and_assertion(login);
+ if (rc1) {
+ return rc1;
+ }
+ return rc2;
+
}
/**
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 85f535a..8171e79 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -398,7 +398,6 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
switch (lasso_profile_get_signature_verify_hint(profile)) {
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
- case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
rc = profile->signature_status;
break;
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
@@ -968,15 +967,7 @@ lasso_saml20_profile_build_request_msg(LassoProfile *profile, const char *servic
made_url = url = get_url(provider, service, http_method_to_binding(method));
}
-
- // Usage of the Destination attribute on a request is mandated only
- // in "3.4.5.2" and "3.5.5.2" in saml-bindings-2.0-os for signed requests
- // and is marked as optional in the XSD schema otherwise.
- // PAOS is a special case because an SP does not select an IdP - ECP does
- // it instead. Therefore, this attribute needs to be left unpopulated.
- if (method == LASSO_HTTP_METHOD_PAOS) {
- lasso_release_string(((LassoSamlp2RequestAbstract*)profile->request)->Destination);
- } else if (url) {
+ if (url) {
lasso_assign_string(((LassoSamlp2RequestAbstract*)profile->request)->Destination,
url);
} else {
@@ -1568,7 +1559,6 @@ lasso_saml20_profile_process_soap_response_with_headers(LassoProfile *profile,
remote_provider, response_msg, "ID", LASSO_MESSAGE_FORMAT_SOAP);
switch (lasso_profile_get_signature_verify_hint(profile)) {
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
- case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
rc = profile->signature_status;
break;
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
diff --git a/tests/basic_tests.c b/tests/basic_tests.c
index 4f008d6..398d789 100644
--- a/tests/basic_tests.c
+++ b/tests/basic_tests.c
@@ -1983,13 +1983,24 @@ START_TEST(test13_test_lasso_server_load_metadata)
block_lasso_logs;
check_good_rc(lasso_server_load_metadata(server, LASSO_PROVIDER_ROLE_IDP,
TESTSDATADIR "/metadata/renater-metadata.xml",
- TESTSDATADIR "/rootCA.crt",
+ TESTSDATADIR "/metadata/metadata-federation-renater.crt",
&blacklisted_1, &loaded_entity_ids,
LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT));
unblock_lasso_logs;
check_equals(g_hash_table_size(server->providers), 110);
check_equals(g_list_length(loaded_entity_ids), 110);
+#if 0
+ /* UK federation file are too big to distribute (and I don't even known if it's right to do
+ * it, disable this test for now ) */
+ check_good_rc(lasso_server_load_metadata(server, LASSO_PROVIDER_ROLE_IDP,
+ TESTSDATADIR "/ukfederation-metadata.xml",
+ TESTSDATADIR "/ukfederation.pem",
+ &blacklisted_1, &loaded_entity_ids,
+ LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT));
+ check_equals(g_list_length(loaded_entity_ids), 283);
+ check_equals(g_hash_table_size(server->providers), 393);
+#endif
lasso_release_list_of_strings(loaded_entity_ids);
lasso_release_gobject(server);
diff --git a/tests/data/lasso.crt b/tests/data/lasso.crt
deleted file mode 100644
index 568a0b9..0000000
--- a/tests/data/lasso.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID6zCCAdMCFALT+lN2uLJWF7p2xOo65/5KwxixMA0GCSqGSIb3DQEBCwUAMEUx
-CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
-cm5ldCBXaWRnaXRzIFB0eSBMdGQwIBcNMTkwNjExMDc0NTU2WhgPMjI5MzAzMjUw
-NzQ1NTZaMB0xCzAJBgNVBAYTAkZSMQ4wDAYDVQQDDAVMYXNzbzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAOIS/WATGMJsv7OvgrjpYmAW3RmojVp4cHi0
-17HelWVZ5adX3zSljecmpb1UQcBNzEDb15tOnNO708O94fFLWiWRfjYWa1QYOLkZ
-6kHAR2yJTkhBNQl326K6BnJkWoCsErkXa1608+6+rXR+9KchB/lLSY3Dqh8L6N7s
-qE+xyD1Z8HM3mHs9CM4crIpCPaZ80/yNfBPqPA2Zv4uIBrwSF32rPnh1ciJuIKQg
-jnCQOaKC2j+VsytgthriI0PVRzC7WPAJReQa65N/i721jG6rPecwVcCS9G6cmG+s
-pq6GERUe7nFVdNZ5sRzNsGuDpEdmeCS1pCPtW2hufm8vqvtw9ZkCAwEAATANBgkq
-hkiG9w0BAQsFAAOCAgEAfbHk+QNvLYDNlqwwlu5+88/3CcEx+s1voXOBTxgyIAR2
-NVKkO7dAW5me51jPPZhy+xC4i+AAeLW5JGwirM5LDgU+9P02JBsZ4OoZI3pBAZ5m
-GrmxrMm6q+9mJ+6bMHolfBNN6hoaWeJiknvc1Id7o0Dh4PbdV7r6ISuXisDb/1je
-tmzxoFuXhmDwwHMTG7eUORVFEgS8V5NNKMv16BeWNDohJVP6icxwoi5JswUl+vfO
-rvIwx2GAJ2EQAbSZv5ADFQ4/vxeopULgLnblc3BwVG4RTT7plNgT2iXP8YwmEGKb
-JDHRVFUo1tX6EKkBUI9AgETrdUnLq6XxP11JmrqNL9oOHw+hGb5vT1wyn6FFxZo2
-BVgfqdiGbjcs1bTKeQAZKuhaW90oV6+yYD6WtWn/LfHnftAJivALkmUk+XaSqqbO
-FxuyRsz9C/yq0azr6IkCWhGwBYoLvf2CrvovSYpPXefeQ+1yXNDW7bvfAQfOO9xk
-SqQi4cYJw9hNqTk2f61x6UX/o8wKVhXEHyaCr9lVLNpCK0Uy07f3zkubx1mW5PST
-ITSnD8sPD7iMyGOJa5tQJ8W5u2NJT6qo52Jubgc8PapkOoYyEhUaTQEb8RN6D3oD
-xc8cCKn4HUtpkJKgxYhQDtsomJp2RK7lzjVPXAlFUmld88WgqdJwp9GSvMEktA0=
------END CERTIFICATE-----
diff --git a/tests/data/lasso.csr b/tests/data/lasso.csr
deleted file mode 100644
index c450e1b..0000000
--- a/tests/data/lasso.csr
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICYjCCAUoCAQAwHTELMAkGA1UEBhMCRlIxDjAMBgNVBAMMBUxhc3NvMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hL9YBMYwmy/s6+CuOliYBbdGaiN
-WnhweLTXsd6VZVnlp1ffNKWN5yalvVRBwE3MQNvXm06c07vTw73h8UtaJZF+NhZr
-VBg4uRnqQcBHbIlOSEE1CXfboroGcmRagKwSuRdrXrTz7r6tdH70pyEH+UtJjcOq
-Hwvo3uyoT7HIPVnwczeYez0IzhysikI9pnzT/I18E+o8DZm/i4gGvBIXfas+eHVy
-Im4gpCCOcJA5ooLaP5WzK2C2GuIjQ9VHMLtY8AlF5Brrk3+LvbWMbqs95zBVwJL0
-bpyYb6ymroYRFR7ucVV01nmxHM2wa4OkR2Z4JLWkI+1baG5+by+q+3D1mQIDAQAB
-oAAwDQYJKoZIhvcNAQELBQADggEBAJcoM7bn2yEElJjpX8mYuawWwlNdLOCyIPCc
-tr6b61CmVDVntWw61fExrg+n1b5uOVuUAEaYNutw6nypzrfvr4wjGKxbl/jTSJCM
-WHLl0/+IGQgr41SbRaySA1Y1hdJEd1ummH07sd7FfQNN/T/zLGaM0CI2/yj89VRk
-BJwiSwbFp1zqntoITQPjo/vpWAqahqNpSKR+C5l1f870wVI2wPg89McRw35EACdx
-Pys8g15+3eKBRTD24eOSWDAL4iDz1jh8ejwtuPjZCQRgg7pkV7uK9Qq4XbStW8AR
-JftZ9BBmUOkpdTY0ml6uNojI5u3J/A8KL0UHeiOGLzEy6l64qjE=
------END CERTIFICATE REQUEST-----
diff --git a/tests/data/lasso.key b/tests/data/lasso.key
deleted file mode 100644
index d6ee414..0000000
--- a/tests/data/lasso.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA4hL9YBMYwmy/s6+CuOliYBbdGaiNWnhweLTXsd6VZVnlp1ff
-NKWN5yalvVRBwE3MQNvXm06c07vTw73h8UtaJZF+NhZrVBg4uRnqQcBHbIlOSEE1
-CXfboroGcmRagKwSuRdrXrTz7r6tdH70pyEH+UtJjcOqHwvo3uyoT7HIPVnwczeY
-ez0IzhysikI9pnzT/I18E+o8DZm/i4gGvBIXfas+eHVyIm4gpCCOcJA5ooLaP5Wz
-K2C2GuIjQ9VHMLtY8AlF5Brrk3+LvbWMbqs95zBVwJL0bpyYb6ymroYRFR7ucVV0
-1nmxHM2wa4OkR2Z4JLWkI+1baG5+by+q+3D1mQIDAQABAoIBAClNONcFhh93CKrG
-JMatdJiDdM9MOM7PdBTJTSKkvHxwqQEij5epqzwQlnT5YK3GSMuMnl40RXh1NyHq
-nc2ca5KzevBctiz949cFQgPTIflVOGUA7LSXHhwjiiv544LgbOc9vRLnUi1Kzpua
-2g1yfmdv9rcciQb1AQ1BBRrSKvfyD410KojJXwunYx32hrHdnhPwC3xyg6BEMpq9
-PtcnTvFY/iDeyzYLwAwJb2xdTCpg7okd1KthtohS740Y0uS+UVaEDK7xOIj+CNIq
-ii+j0fv5N5fjke8TdUszLWkDYQQ9BTJWFOjJ72FZs9J8pk7RlNhnt6tEoZ6866+w
-nprmJwUCgYEA9VWT0FswnSnm+lkRP7vc/SJYTg6zD2BrGOKEo58L8TObb242G+Fs
-JteMvdVm14GublmqXZv6Md5x5iVh3kRlu+8dbM5WnBNpwt6mGZPK7if5K/X1qiJg
-BeroAX/KuVjSHBYVDFfHqPQg146RFcj/q7aCsqc+aMwgdUZ8OlBjRf8CgYEA6+cP
-GG9VOlXWZ2RzSBoKrvxJgSQRpgVXeJAr1BWZ+pJVGIft3zSbeJ30nsUuob61UDVH
-g6HzjOUQWHyK4wq2gyK3kOw/Aii6z4REXDVMVq3OgqaE4Fw+MH31ci8JILU415ZY
-DQGo++E87tbSgp32gqou7Aj7Y4Sfvx+V/da4NGcCgYAv+tGSsRLb2cMLePnPnh0F
-AH+GnIdWXYP0dPB903ARdwdSDprUbwyouAUVZzPat8j2WeDgt82BjUB3Qx5Vysie
-rY/ypJP5qC5J5yNS4z2PwA+SEmM+J8Thw2QmTujFwOIujf8Fz/EDUONPZNlpCks+
-OM5sxBqHgkxiwysueGRB3wKBgQCWwXDaMrwKrbR5Gq65kzrknQH0b7J/oMZHnAsG
-XE+s3DtZk/SmQh5hNMCRfn3Qi+mfOo1bR/I3RmPtyJmRgtUkdNlO2kth+9l2qJZv
-PvhsJGLnB7e/EfQEVVq3/+sbZfTPgZr/pOHzJfwkvlCFfKF+23dlDFBrRuQ35d2a
-/M93XQKBgQCmAatw/7+z/CS6HinOW7W4k77eQ4wHb8XwzTl8T/5mf6KzejDUuEpZ
-hi4ZMAZqNywiJo7UOu6APVzRU7qF6Dbg4eIZWtIocMhp19kUArAPz7NcrghXsTIZ
-UdBWeG3kgUa5Q6d/D2OpWHK9S8LRdUL4/H0WZoqDOoDpJwKpljevyg==
------END RSA PRIVATE KEY-----
diff --git a/tests/data/metadata/metadata-federation-renater.crt b/tests/data/metadata/metadata-federation-renater.crt
new file mode 100644
index 0000000..b611744
--- /dev/null
+++ b/tests/data/metadata/metadata-federation-renater.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZTCCAc6gAwIBAgIEScn+qTANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJG
+UjEQMA4GA1UEChMHUkVOQVRFUjFWMFQGA1UEAxNNQ2VydGlmaWNhdCBkZSBzaWdu
+YXR1cmUgZGVzIG1ldGEgZG9ubmVlcyBkZSBsYSBmZWRlcmF0aW9uIEVkdWNhdGlv
+bi1SZWNoZXJjaGUwHhcNMDkwMzI1MDk1MTM3WhcNMTkwMzIzMDk1MTM3WjB3MQsw
+CQYDVQQGEwJGUjEQMA4GA1UEChMHUkVOQVRFUjFWMFQGA1UEAxNNQ2VydGlmaWNh
+dCBkZSBzaWduYXR1cmUgZGVzIG1ldGEgZG9ubmVlcyBkZSBsYSBmZWRlcmF0aW9u
+IEVkdWNhdGlvbi1SZWNoZXJjaGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJBXcLIguokGiytYSOrgmU6fN+1DXK4eaquvFGMaswuhcRPD4tXtSs8CGxPP8/VF
+Mpcry04lfPA3mpwDis47hsvmLqGJVmfSuvkDsPx+I325h4WqGzEV8kfttkJSi8D0
+QLKk9wseA+BHzoBpU6e5uWmGqfWJgbZlcUuYKCIE2nL/AgMBAAEwDQYJKoZIhvcN
+AQEFBQADgYEAT0rUS5GTtqW9a0pAv0PjieSS6bW3KG3Mtn0jC1dmav6X9fbhhmFL
+1XSC9WnCU2UD3986EWWYKhN2INHghHE/fQGveVwdcVSSt601OpAsUF18tx0vHqkf
+Shcj7mteq59Gv4hOE8U1Urd/pSRaIO3G42X6/L/AlXeDkicfGZHhq7Q=
+-----END CERTIFICATE-----
diff --git a/tests/data/metadata/renater-metadata.xml b/tests/data/metadata/renater-metadata.xml
index 7051710..868f925 100644
--- a/tests/data/metadata/renater-metadata.xml
+++ b/tests/data/metadata/renater-metadata.xml
@@ -1,5 +1,4 @@
-
-
+
@@ -12,50 +11,36 @@
AIDrFyG3G6IpXdapls2LeP2Awt8=
-a47ZynaE+fXQFr2QkjjNsPoWhG0Lbed36MZ2/1jNygD2Ck3zYNSBxFTNI0bhZSi+
-sYefYhnYDqpz785/90Ym3hVL+olMZ8z7NLlkeDKCScNCi1436j/W4voR0jez3BkA
-IrMW2p4eUtSwfTHRazMtRacQrwTk3JAbShXuWU7fVnRI4t8oa8t43rf2hz+rRG8F
-SizMOyyHMak13jaVCmX5qoaO4OWmqs2GhXsx8hRfzJ8o6w417InTLWcuIRNw1/zm
-6O6H1as6nmKv34SppCiwdGrTpT6i3/zB3j9Hw7iyuvTF5bbaF+7MMsW/pjw5VOF8
-lmNqhsCFdu+JsaTFBIB2Fg==
+
+Mb7C8CsvA6UNnLN+LHCoOG7+c1CYQtUMm+o3p31niDfRcDcCDtuZ521FGM6p6ki6fS8HlncK0Q+h
+7rpXNeD2dY12FU94vI5wfF6m89pRs6QYE4O13HPDDZvhRZY+BX4+fqg6tsRz8NRaFS/xvxSzzPzO
+dsOrE6R2/QhrcaF1PnA=
+
-4hL9YBMYwmy/s6+CuOliYBbdGaiNWnhweLTXsd6VZVnlp1ffNKWN5yalvVRBwE3M
-QNvXm06c07vTw73h8UtaJZF+NhZrVBg4uRnqQcBHbIlOSEE1CXfboroGcmRagKwS
-uRdrXrTz7r6tdH70pyEH+UtJjcOqHwvo3uyoT7HIPVnwczeYez0IzhysikI9pnzT
-/I18E+o8DZm/i4gGvBIXfas+eHVyIm4gpCCOcJA5ooLaP5WzK2C2GuIjQ9VHMLtY
-8AlF5Brrk3+LvbWMbqs95zBVwJL0bpyYb6ymroYRFR7ucVV01nmxHM2wa4OkR2Z4
-JLWkI+1baG5+by+q+3D1mQ==
+kFdwsiC6iQaLK1hI6uCZTp837UNcrh5qq68UYxqzC6FxE8Pi1e1KzwIbE8/z9UUylyvLTiV88Dea
+nAOKzjuGy+YuoYlWZ9K6+QOw/H4jfbmHhaobMRXyR+22QlKLwPRAsqT3Cx4D4EfOgGlTp7m5aYap
+9YmBtmVxS5goIgTacv8=
-
-AQAB
-
+AQAB
-MIID6zCCAdMCFALT+lN2uLJWF7p2xOo65/5KwxixMA0GCSqGSIb3DQEBCwUAMEUx
-CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
-cm5ldCBXaWRnaXRzIFB0eSBMdGQwIBcNMTkwNjExMDc0NTU2WhgPMjI5MzAzMjUw
-NzQ1NTZaMB0xCzAJBgNVBAYTAkZSMQ4wDAYDVQQDDAVMYXNzbzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAOIS/WATGMJsv7OvgrjpYmAW3RmojVp4cHi0
-17HelWVZ5adX3zSljecmpb1UQcBNzEDb15tOnNO708O94fFLWiWRfjYWa1QYOLkZ
-6kHAR2yJTkhBNQl326K6BnJkWoCsErkXa1608+6+rXR+9KchB/lLSY3Dqh8L6N7s
-qE+xyD1Z8HM3mHs9CM4crIpCPaZ80/yNfBPqPA2Zv4uIBrwSF32rPnh1ciJuIKQg
-jnCQOaKC2j+VsytgthriI0PVRzC7WPAJReQa65N/i721jG6rPecwVcCS9G6cmG+s
-pq6GERUe7nFVdNZ5sRzNsGuDpEdmeCS1pCPtW2hufm8vqvtw9ZkCAwEAATANBgkq
-hkiG9w0BAQsFAAOCAgEAfbHk+QNvLYDNlqwwlu5+88/3CcEx+s1voXOBTxgyIAR2
-NVKkO7dAW5me51jPPZhy+xC4i+AAeLW5JGwirM5LDgU+9P02JBsZ4OoZI3pBAZ5m
-GrmxrMm6q+9mJ+6bMHolfBNN6hoaWeJiknvc1Id7o0Dh4PbdV7r6ISuXisDb/1je
-tmzxoFuXhmDwwHMTG7eUORVFEgS8V5NNKMv16BeWNDohJVP6icxwoi5JswUl+vfO
-rvIwx2GAJ2EQAbSZv5ADFQ4/vxeopULgLnblc3BwVG4RTT7plNgT2iXP8YwmEGKb
-JDHRVFUo1tX6EKkBUI9AgETrdUnLq6XxP11JmrqNL9oOHw+hGb5vT1wyn6FFxZo2
-BVgfqdiGbjcs1bTKeQAZKuhaW90oV6+yYD6WtWn/LfHnftAJivALkmUk+XaSqqbO
-FxuyRsz9C/yq0azr6IkCWhGwBYoLvf2CrvovSYpPXefeQ+1yXNDW7bvfAQfOO9xk
-SqQi4cYJw9hNqTk2f61x6UX/o8wKVhXEHyaCr9lVLNpCK0Uy07f3zkubx1mW5PST
-ITSnD8sPD7iMyGOJa5tQJ8W5u2NJT6qo52Jubgc8PapkOoYyEhUaTQEb8RN6D3oD
-xc8cCKn4HUtpkJKgxYhQDtsomJp2RK7lzjVPXAlFUmld88WgqdJwp9GSvMEktA0=
+
+MIICZTCCAc6gAwIBAgIEScn+qTANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJGUjEQMA4GA1UE
+ChMHUkVOQVRFUjFWMFQGA1UEAxNNQ2VydGlmaWNhdCBkZSBzaWduYXR1cmUgZGVzIG1ldGEgZG9u
+bmVlcyBkZSBsYSBmZWRlcmF0aW9uIEVkdWNhdGlvbi1SZWNoZXJjaGUwHhcNMDkwMzI1MDk1MTM3
+WhcNMTkwMzIzMDk1MTM3WjB3MQswCQYDVQQGEwJGUjEQMA4GA1UEChMHUkVOQVRFUjFWMFQGA1UE
+AxNNQ2VydGlmaWNhdCBkZSBzaWduYXR1cmUgZGVzIG1ldGEgZG9ubmVlcyBkZSBsYSBmZWRlcmF0
+aW9uIEVkdWNhdGlvbi1SZWNoZXJjaGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJBXcLIg
+uokGiytYSOrgmU6fN+1DXK4eaquvFGMaswuhcRPD4tXtSs8CGxPP8/VFMpcry04lfPA3mpwDis47
+hsvmLqGJVmfSuvkDsPx+I325h4WqGzEV8kfttkJSi8D0QLKk9wseA+BHzoBpU6e5uWmGqfWJgbZl
+cUuYKCIE2nL/AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAT0rUS5GTtqW9a0pAv0PjieSS6bW3KG3M
+tn0jC1dmav6X9fbhhmFL1XSC9WnCU2UD3986EWWYKhN2INHghHE/fQGveVwdcVSSt601OpAsUF18
+tx0vHqkfShcj7mteq59Gv4hOE8U1Urd/pSRaIO3G42X6/L/AlXeDkicfGZHhq7Q=
+
@@ -1292,7 +1277,7 @@ Ugr24VE4pUTqq2xGSOazVN0EKSqULXvM9ZHupGDCJmRH4P3H/X4w8Cq5Y6c0pDtJ
-
+
@@ -8599,7 +8584,7 @@ f6ou5oRTltOZOUJfXI1XMhAUNnU7zQvrFeoGrRzGv3zq8AieXbRyWhXY1Eo1mPpS
$Id: renater.xml,v 1.4 2011/03/30 13:23:00 rdc Exp $
generated at Wed Mar 30 14:18:20 2011
by %Id: shib-config,v 1.6 2010/09/10 15:10:15 pmh Exp %
- -->
+ -->
@@ -15560,7 +15545,7 @@ oZQx
-
+
@@ -30080,4 +30065,4 @@ ihb/MX5UR6g83EMmqZsFt57ANEORMNQywxFa4Q==
-
+
\ No newline at end of file
diff --git a/tests/data/rootCA.crt b/tests/data/rootCA.crt
deleted file mode 100644
index a31c99a..0000000
--- a/tests/data/rootCA.crt
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFbTCCA1WgAwIBAgIUJD9pAmQfrAv6NLPnweO4XUdIbzkwDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0xOTA2MTEwNzQzNTVaGA8yMjkz
-MDMyNTA3NDM1NVowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAJuPnHwxmpRquFkFok4VkO39j5NT2a8+Wfp8zYnh
-qLt3CG3oDyFftWyF97NJYoxDPbio2fVYJiBKutDOMYPsJfrd4SoqcDOGOAdfkNl9
-SEhCnzrzlOj6ZcDoNTG0IvKh+NzLgfpU1wggyLW2ZXwvwf8hNGW9YR1i8XY5TSmt
-0z9Dawsg2QAyYjoemUeDOVWEFWISmXySC2osXGANcOaaFMEv1Ryj5HWHzcCVZZ0g
-UBG9iDZqewDvPg+SRvC2k16coeRjsSstHzVqBxOWpp5Oium39K8jXV6jG+JkFn49
-C2RBldpajbPhvHKOdtJeID20njgmfCRZB/KfQGPPf8xXk4wBTxPU9L8wKy370unZ
-P4WD1vq35KfPsiUdlavzqYkOkI20iWIZO6853oSPlJ4zmBVNXP8VhQm0h2VovNH+
-Zde4vaPtQXPwwNbCvBItu5m1uaigPgRycBJV8M0gdliAICfCMeSwQDrhkX6ck17n
-uBpxBTCn9GEFN/+7miNH/roH03NHU3vciqTAi1MrDA3jfOZkYBC/Cd5AmsMc6NTO
-Xc57mFwuZ+BmQI6w1ddL5e+5Y/DA57VexfTdG+/TpS+D9oBJUmaczkAG+27YKs8f
-mJKoTSPULjXK8pwwcBMk8HuS5bt6fBBmqbJb8bwXceEHCBg7WCYNmXy5lXwUUwAh
-NDwDAgMBAAGjUzBRMB0GA1UdDgQWBBRWppx3mP/hCh9ZLKZfwGBeg1wiPjAfBgNV
-HSMEGDAWgBRWppx3mP/hCh9ZLKZfwGBeg1wiPjAPBgNVHRMBAf8EBTADAQH/MA0G
-CSqGSIb3DQEBCwUAA4ICAQAWfNrX65UUI55f0A8svSIUVy8c7YjX8P70xMWq7Cpe
-tRPo8C98JCr8MtUaAx6VFx4sjHyCPmEIIf+u7aDxRhrxpqAQAQl5me8OxqwmOxKu
-I7WeRrjAvOux52xfjqtm36fx9SUDu94ox5LdG+NNtG29AbLZeAs4pe4qVqH1GQb9
-fw3lvxwKV+AovpVZ7eXyscfSvKWi4rgzVJl27me/rgLZsVYJ2gAjTI77vGN1G0ro
-q2iaTvEALHlzhKepVg1IAJAGJLSZegcK3zwWOqZzkL77De6Z3+zbxwNopcy/CGEs
-9v9gDyL1LeAJ3o/dehvPiqMWogTVO6X77sNIiiu41sdaWSTiFllmyO+hQqS69R68
-NOe+uAP1+taLhD16kp7XHS0MIXEPaQbEgrXtqb163oMJSAaok3xXNyRJ7ZNMS4CT
-0QJE15PpnbRYoQOf4QrrsDmpl2ybU7MR9uOj64qVSvUtBcq1w7ljPStbkN7F7OOU
-pepVvNaWe820kgQ/l9tu1WY9D7PFGP6iWY4AwdxcpWwlJnIr104X3PQ0Y5/msYVs
-zEnqaNiEOnbmTZUvn5jJOwh8DWUo+LffRQx/PoZlhZ/L/L3RtpGUV2E+E5Gzqs7W
-gey9iG11CVcvK/wdCj0zhW/XpesQuwinIMawGS6G92igHo+AFjJoGaGiw3jYdep8
-CA==
------END CERTIFICATE-----
diff --git a/tests/data/rootCA.key b/tests/data/rootCA.key
deleted file mode 100644
index 6b39fb4..0000000
--- a/tests/data/rootCA.key
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEAm4+cfDGalGq4WQWiThWQ7f2Pk1PZrz5Z+nzNieGou3cIbegP
-IV+1bIX3s0lijEM9uKjZ9VgmIEq60M4xg+wl+t3hKipwM4Y4B1+Q2X1ISEKfOvOU
-6PplwOg1MbQi8qH43MuB+lTXCCDItbZlfC/B/yE0Zb1hHWLxdjlNKa3TP0NrCyDZ
-ADJiOh6ZR4M5VYQVYhKZfJILaixcYA1w5poUwS/VHKPkdYfNwJVlnSBQEb2INmp7
-AO8+D5JG8LaTXpyh5GOxKy0fNWoHE5amnk6K6bf0ryNdXqMb4mQWfj0LZEGV2lqN
-s+G8co520l4gPbSeOCZ8JFkH8p9AY89/zFeTjAFPE9T0vzArLfvS6dk/hYPW+rfk
-p8+yJR2Vq/OpiQ6QjbSJYhk7rznehI+UnjOYFU1c/xWFCbSHZWi80f5l17i9o+1B
-c/DA1sK8Ei27mbW5qKA+BHJwElXwzSB2WIAgJ8Ix5LBAOuGRfpyTXue4GnEFMKf0
-YQU3/7uaI0f+ugfTc0dTe9yKpMCLUysMDeN85mRgEL8J3kCawxzo1M5dznuYXC5n
-4GZAjrDV10vl77lj8MDntV7F9N0b79OlL4P2gElSZpzOQAb7btgqzx+YkqhNI9Qu
-NcrynDBwEyTwe5Llu3p8EGapslvxvBdx4QcIGDtYJg2ZfLmVfBRTACE0PAMCAwEA
-AQKCAgBPPweu1O40cXFcGFyofqAIPUWo/exFM/ROgMmMViLI7UikBLXAgKtBj7Wx
-5c6IObD1oz71l2REyw0EViYvWFu4wtNz0Y67EML2Lp7xzLrH5PiM5Y2UagrwDNsc
-aPHsvMq0YA/k4NdyUpEs0LA+ZW3kdJvmwGT6vW7YlTRT6TNWZRfg4WjqisAzb2cS
-YS0R/WmPPn5mUVfzTIn6fJ5pO1EbYSylnHBD11zfoLvVIaLohq8fWXsz7Kym7hOp
-iLjmV9C5MngM0L23Tj4womxa9RQbIBVMKy3jiiAoYmh7AsoM1sRqKftKCdMgYKbz
-X/P4u0xmumQ/eANue+YncoteI7cLrjps1RUeodmRgxLt0KHbTW4X35Fd6yI+Nxts
-13aA6J/WusELQYigBXG3cHOfxfOMkqjdVozReF+QzsAJFXQwV4lQhsdlkVjnMWB9
-iotUVj9X8SWHktBnCHmuyuQoyJIxwM6cBLv1bJCpdiGcJJrtPgTwI3ybjVDlsVpE
-A2EaWiH2UDnzmI2OXy2BaOmLoYzV3kYLhd1zG2q2rLDd70kzOHJJmTOp8xFzZVOA
-74IbdWb6J3C6o7F8IFK+1strw6ADDINEyg+zoIbNUGVyvGI90Xak+7k8KgGWSplw
-318k0xyh6hu9HU/wWHE2WObjIWKnzDHnt917dJkyMazyC2x3wQKCAQEAy4gAWJNM
-/mVa4sr2NLUNPQpVfxhSF/jhxdD3b5Z5A/PD+spUcF1WZSpBj8BmNOWilJ2pBMkv
-Yp7o2s4MbLIFx1HMgVI/cTo1/kk8hvCBdX9n1Dum3dRNTaxBUaZNDdBZ61b4an/V
-lrK20Tx3RY23qInoOUsBFENF+UJUAkujXH3tBv5d//yfX9z75sesQl/HKVr1UAI6
-I7a76sO+0bCnDAxooIQH0sLzmWa9JliiFd8gWeY7Yd+/jCw4toptkgtXUUm1dFLL
-8s7Eah+P0ORZ17+eBWub/4gOzbgfOh4EKNU/lLI9r2L6RH0F9C3Symm6mu7EBpEC
-SzDyHnYqzpAh8wKCAQEAw6nSmp+HBz7AhW+tEiXt1KjvCRgslVMGQ/UTFbU8TqLd
-rECn5wKO45EHV4at6jazJUhwIBVty39duiOmmEWOtpCxX3OgdM11s8/LACXv4/B4
-pWHqzhJgrwISOLLoxEoM+A3odXoEw95phOy7seBkVxJ6Idq3obpZli0ilDHfFT2R
-B+kANrCI5D9d43XdoEBaS6EWvd0TrIbkrfwWrQtbmGuXsmj/ZpOntPixUaZO+go1
-P0eDrUZlRcfVWBGNRiEHiGr0InOWrK93OtjoGB3SjtnQkRP5JJSN/2QOCw7LvmZj
-GA/KdQxef0Rh5cKLd3LBzwTzGwl+4MMME+WL0M3xsQKCAQAg8bKco7sismUzsIaJ
-oYSzDKkqGVWwa6ifzGNAvKp56UsfnQBt7628UkqqagohJcpbI+nnzGjPHcmzIQcB
-0Q7+ZE8l35pFSZbTwib58JQD4Mt9nuozndmlaOxpuvFd+wuS/FDZbDe2XNcapx7n
-Mzk3HptoKqvSC9GXtxTCClw27GshZqrwdIOXkL11bXyEgdxK5V4vxSyD+2APb//D
-EUT4vklxMe3SP5wOiIK1YkNaJvOlmY6jGQR4O/AyG9YAfbV0gunMGlrIwo8oXlN5
-DH0+XtXFKtXlVrCOu+7SCWnC8kGIYBF8AhlgXJxKGeC0wshhq6QvK+mjIhkOtTHY
-nZvhAoIBAHbQBKcIAAKSRG3CpqHCjmz4OE6Zc1kplUBm7TPdXcWSeHFEwbAxiXr+
-cirgCXOTy6z0E8InwQg1S0DgrSUB9+s8abjAicrjiHmr0GVCpC0RtPEYSHDiD/u1
-kkMDwPyQytdF+sZ7VbFquUCSUFdvHv8QpUExgxieBBCBT+IVdpV7UTowboTHJhkT
-sXuR8waAjVQneZvJR00YjHxp+4sQvooLq44W3B/5wXjPGz2tc3+5+yN11au+d3is
-JAzae6L+I4jfCWhyMCikVA5T8HvUgCtmcJPoQP3Jh4BxzWVBks8HdV0DGbmBzVAS
-wi+2tuHNuYpwQv9EANuTFR5v4TrmE8ECggEAMXp5rfHt2hKLtkIwqYE7C8IVGQ9q
-BcjKAJSuDYkyBpfSp9uxkiyvnND5tEj0uOcMCVZlntSIxWx+HXFu5rL0Ax5ZmSal
-uoWpwDXbKYgHF9zlGXqYulsODqZC0cjJpUogXFC0B4pRDUVzuZXO9ACuS5azXYqh
-G6Rw0O6rDTHVgkmazJtxreO8v4NpfIbBbFfQgU5xeHdS6ky9LqG+yUKJ5FWkGWcU
-SqpZX3yxXM4q/cA1KBN31K3V2xvjVPcEwzkZDGDbLg33DASVF7RV/WYymhDuxE+w
-vHDz9Q7dk4pTzCdNiQgomBSjOkLDKWuOvaInQwYWJgavpPGWr31hDyi5Kw==
------END RSA PRIVATE KEY-----
diff --git a/tests/data/rootCA.srl b/tests/data/rootCA.srl
deleted file mode 100644
index 8c619f2..0000000
--- a/tests/data/rootCA.srl
+++ /dev/null
@@ -1 +0,0 @@
-02D3FA5376B8B25617BA76C4EA3AE7FE4AC318B1
diff --git a/tests/login_tests_saml2.c b/tests/login_tests_saml2.c
index e331c07..54c7fb6 100644
--- a/tests/login_tests_saml2.c
+++ b/tests/login_tests_saml2.c
@@ -1090,42 +1090,42 @@ START_TEST(test08_test_authnrequest_flags)
make_context(sp_context, "sp5-saml2", "", LASSO_PROVIDER_ROLE_IDP, "idp5-saml2", "")
block_lasso_logs;
- sso_initiated_by_sp2(idp_context, sp_context,
- (SsoSettings) {
+ sso_initiated_by_sp2(idp_context, sp_context,
+ (SsoSettings) {
.use_assertion_consumer_service_idx = 1,
.assertion_consumer_service_idx = 0,
.stop_after_build_assertion = 1,
});
- sso_initiated_by_sp2(idp_context, sp_context,
- (SsoSettings) {
+ sso_initiated_by_sp2(idp_context, sp_context,
+ (SsoSettings) {
.assertion_consumer_service_url = "http://sp5/singleSignOnPost",
.stop_after_build_assertion = 1,
});
- sso_initiated_by_sp2(idp_context, sp_context,
- (SsoSettings) {
+ sso_initiated_by_sp2(idp_context, sp_context,
+ (SsoSettings) {
.protocol_binding = LASSO_SAML2_METADATA_BINDING_ARTIFACT,
.stop_after_build_assertion = 1,
});
- sso_initiated_by_sp2(idp_context, sp_context,
- (SsoSettings) {
+ sso_initiated_by_sp2(idp_context, sp_context,
+ (SsoSettings) {
.assertion_consumer_service_url = "http://sp5/singleSignOnPost",
.protocol_binding = LASSO_SAML2_METADATA_BINDING_POST,
.stop_after_build_assertion = 1,
});
- sso_initiated_by_sp2(idp_context, sp_context,
- (SsoSettings) {
+ sso_initiated_by_sp2(idp_context, sp_context,
+ (SsoSettings) {
.assertion_consumer_service_url = "http://sp5/singleSignOnArtifact",
.protocol_binding = LASSO_SAML2_METADATA_BINDING_ARTIFACT,
.stop_after_build_assertion = 1,
});
- sso_initiated_by_sp2(idp_context, sp_context,
- (SsoSettings) {
+ sso_initiated_by_sp2(idp_context, sp_context,
+ (SsoSettings) {
.assertion_consumer_service_url = "http://sp5/singleSignOnPostAndArtifact",
.protocol_binding = LASSO_SAML2_METADATA_BINDING_ARTIFACT,
.stop_after_build_assertion = 1,
});
- sso_initiated_by_sp2(idp_context, sp_context,
- (SsoSettings) {
+ sso_initiated_by_sp2(idp_context, sp_context,
+ (SsoSettings) {
.assertion_consumer_service_url = "http://sp5/singleSignOnPostAndArtifact",
.protocol_binding = LASSO_SAML2_METADATA_BINDING_POST,
.stop_after_build_assertion = 1,
@@ -1278,9 +1278,7 @@ static void validate_idp_list(LassoEcp *ecp, EcpIdpListVariant ecpIDPListVariant
check_str_equals((char*)g_list_nth(ecp->known_idp_entity_ids_supporting_ecp, 0)->data, "http://idp5/metadata");
}
-void test_ecp(EcpIdpListVariant ecpIDPListVariant,
- LassoProfileSignatureHint signature_hint,
- LassoProfileSignatureVerifyHint signature_verify_hint)
+void test_ecp(EcpIdpListVariant ecpIDPListVariant)
{
char *serviceProviderContextDump = NULL, *identityProviderContextDump = NULL;
LassoServer *spContext = NULL, *ecpContext=NULL, *idpContext = NULL;
@@ -1288,7 +1286,7 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant,
LassoEcp *ecp = NULL;
LassoSamlp2AuthnRequest *request = NULL;
gboolean is_passive = FALSE;
- char *provider_name = NULL;
+ char *provider_name = NULL;
char *relayState = NULL;
char *messageID = NULL;
char *extracted_messageID = NULL;
@@ -1298,7 +1296,7 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant,
char *ecpPaosResponseMsg = NULL;
char *spLoginDump = NULL;
LassoSaml2Assertion *assertion;
- LassoSamlp2IDPList *idp_list = NULL;
+ LassoSamlp2IDPList *idp_list = NULL;
/*
* SAML2 Profile for ECP (Section 4.2) defines these steps for an ECP
@@ -1324,8 +1322,6 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant,
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
spLoginContext = lasso_login_new(spContext);
check_not_null(spLoginContext);
- lasso_profile_set_signature_hint(LASSO_PROFILE(spLoginContext), signature_hint);
- lasso_profile_set_signature_verify_hint(LASSO_PROFILE(spLoginContext), signature_verify_hint);
check_good_rc(lasso_login_init_authn_request(spLoginContext, "http://idp5/metadata",
LASSO_HTTP_METHOD_PAOS));
@@ -1423,8 +1419,6 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant,
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
idpLoginContext = lasso_login_new(idpContext);
check_not_null(idpLoginContext);
- lasso_profile_set_signature_hint(LASSO_PROFILE(idpLoginContext), signature_hint);
- lasso_profile_set_signature_verify_hint(LASSO_PROFILE(idpLoginContext), signature_verify_hint);
/* Parse the ecpSoapRequestMsg */
check_good_rc(lasso_login_process_authn_request_msg(idpLoginContext, ecpSoapRequestMsg));
@@ -1471,7 +1465,7 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant,
check_str_equals(ecp->relaystate, relayState);
check_str_equals(ecp->issuer->content, "http://sp5/metadata");
check_str_equals(ecp->provider_name, provider_name);
- check_equals(ecp->is_passive, is_passive);
+ check_equals(ecp->is_passive, is_passive);
/* Validate ECP IdP list info */
validate_idp_list(ecp, ecpIDPListVariant, idp_list);
@@ -1486,8 +1480,6 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant,
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
spLoginContext = lasso_login_new(spContext);
check_not_null(spLoginContext);
- lasso_profile_set_signature_hint(LASSO_PROFILE(spLoginContext), signature_hint);
- lasso_profile_set_signature_verify_hint(LASSO_PROFILE(spLoginContext), signature_verify_hint);
/* Parse the ecpPaosResponseMsg */
check_good_rc(lasso_login_process_paos_response_msg(spLoginContext, ecpPaosResponseMsg));
@@ -1523,61 +1515,19 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant,
START_TEST(test09_ecp)
{
- test_ecp(ECP_IDP_LIST_NONE,
- LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
+ test_ecp(ECP_IDP_LIST_NONE);
}
END_TEST
START_TEST(test10_ecp)
{
- test_ecp(ECP_IDP_LIST_ECP,
- LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
+ test_ecp(ECP_IDP_LIST_ECP);
}
END_TEST
START_TEST(test11_ecp)
{
- test_ecp(ECP_IDP_LIST_BOGUS,
- LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
-}
-END_TEST
-
-START_TEST(test12_ecp)
-{
- /* Maybe Sign */
- test_ecp(ECP_IDP_LIST_NONE,
- LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
-
- test_ecp(ECP_IDP_LIST_NONE,
- LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE);
-
- test_ecp(ECP_IDP_LIST_NONE,
- LASSO_PROFILE_SIGNATURE_HINT_MAYBE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
-
- /* Force Sign */
- test_ecp(ECP_IDP_LIST_NONE,
- LASSO_PROFILE_SIGNATURE_HINT_FORCE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE);
-
- test_ecp(ECP_IDP_LIST_NONE,
- LASSO_PROFILE_SIGNATURE_HINT_FORCE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE);
-
- test_ecp(ECP_IDP_LIST_NONE,
- LASSO_PROFILE_SIGNATURE_HINT_FORCE,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
-
- /* Forbid Sign */
- test_ecp(ECP_IDP_LIST_NONE,
- LASSO_PROFILE_SIGNATURE_HINT_FORBID,
- LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
-
+ test_ecp(ECP_IDP_LIST_BOGUS);
}
END_TEST
@@ -1588,7 +1538,7 @@ void check_digest_method(G_GNUC_UNUSED LassoLogin *idp_login_context, LassoLogin
lasso_release_string(dump)
}
-START_TEST(test13_sso_sp_with_rsa_sha256_signatures)
+START_TEST(test12_sso_sp_with_rsa_sha256_signatures)
{
LassoServer *idp_context = NULL;
LassoServer *sp_context = NULL;
@@ -1645,8 +1595,7 @@ login_saml2_suite()
tcase_add_test(tc_ecp, test09_ecp);
tcase_add_test(tc_ecp, test10_ecp);
tcase_add_test(tc_ecp, test11_ecp);
- tcase_add_test(tc_ecp, test12_ecp);
- tcase_add_test(tc_spLogin, test13_sso_sp_with_rsa_sha256_signatures);
+ tcase_add_test(tc_spLogin, test12_sso_sp_with_rsa_sha256_signatures);
return s;
}
diff --git a/tools/check-lasso-sections.py b/tools/check-lasso-sections.py
index 3a6c988..cb4c39c 100755
--- a/tools/check-lasso-sections.py
+++ b/tools/check-lasso-sections.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python
import sys
import os.path