forked from mystiq/dex
a97cffcd52
Introduces SAML tests which execute full response processing and compare user attributes. tesdata now includes a full, self-signed CA and documents signed using xmlsec1. Adds deprication notices to existing tests, but don't remove them since they still provide coverage.
47 lines
1.3 KiB
Bash
Executable file
47 lines
1.3 KiB
Bash
Executable file
#!/bin/bash -ex
|
|
|
|
# Always run from the testdata directory
|
|
cd "$(dirname "$0")"
|
|
|
|
# Uncomment these commands to regenerate the CA files.
|
|
#
|
|
# openssl req \
|
|
# -nodes \
|
|
# -newkey rsa:2048 \
|
|
# -keyout ca.key \
|
|
# -new -x509 -days 7300 \
|
|
# -extensions v3_ca \
|
|
# -out ca.crt \
|
|
# -subj "/O=DEX/CN=coreos.com"
|
|
#
|
|
# openssl req \
|
|
# -nodes \
|
|
# -newkey rsa:2048 \
|
|
# -keyout bad-ca.key \
|
|
# -new -x509 -days 7300 \
|
|
# -extensions v3_ca \
|
|
# -out bad-ca.crt \
|
|
# -subj "/O=BAD/CN=coreos.com"
|
|
|
|
# Sign these files using xmlsec1.
|
|
#
|
|
# Templates MUST have a <Signature> element already embedded in them so
|
|
# xmlsec1 can know where to embed the signature.
|
|
#
|
|
# See: https://sgros.blogspot.com/2013/01/signing-xml-document-using-xmlsec1.html
|
|
|
|
xmlsec1 --sign --privkey-pem ca.key,ca.crt --output good-resp.xml good-resp.tmpl
|
|
xmlsec1 --sign --privkey-pem ca.key,ca.crt --output bad-status.xml bad-status.tmpl
|
|
|
|
# Sign a specific sub element, not just the root.
|
|
#
|
|
# Values match up to the <Response URI="#(ID)"> element in the documents.
|
|
xmlsec1 --sign --privkey-pem ca.key,ca.crt \
|
|
--id-attr:ID Assertion \
|
|
--output assertion-signed.xml assertion-signed.tmpl
|
|
|
|
xmlsec1 --sign --privkey-pem ca.key,ca.crt \
|
|
--id-attr:ID Assertion \
|
|
--output two-assertions-first-signed.xml \
|
|
two-assertions-first-signed.tmpl
|
|
|