diff --git a/test/api_request.c b/test/api_request.c index 9177a67..78f517f 100644 --- a/test/api_request.c +++ b/test/api_request.c @@ -144,6 +144,36 @@ START_TEST(test_iddawc_api_request_invalid_parameters) } END_TEST +START_TEST(test_iddawc_api_request_invalid_response_size_header) +{ + struct _i_session i_session; + struct _u_request req; + struct _u_response resp; + struct _u_instance instance; + + ck_assert_int_eq(ulfius_init_instance(&instance, 8080, NULL, NULL), U_OK); + ck_assert_int_eq(ulfius_add_endpoint_by_val(&instance, DPOP_HTM, NULL, "/object", 0, &callback_resource_service_object_at_header, NULL), U_OK); + ck_assert_int_eq(ulfius_start_framework(&instance), U_OK); + ck_assert_int_eq(i_init_session(&i_session), I_OK); + ck_assert_int_eq(ulfius_init_request(&req), I_OK); + ck_assert_int_eq(ulfius_init_response(&resp), I_OK); + ck_assert_int_eq(i_set_parameter_list(&i_session, I_OPT_ACCESS_TOKEN, ACCESS_TOKEN, + I_OPT_RESPONSE_MAX_BODY_SIZE, 8, + I_OPT_RESPONSE_MAX_HEADER_COUNT, 2, + I_OPT_NONE), I_OK); + ck_assert_int_eq(ulfius_set_request_properties(&req, U_OPT_HTTP_VERB, DPOP_HTM, U_OPT_HTTP_URL, DPOP_HTU, U_OPT_NONE), U_OK); + ck_assert_int_eq(i_perform_resource_service_request(&i_session, &req, &resp, 0, I_BEARER_TYPE_HEADER, 0, 0), I_ERROR); + ck_assert_int_eq(2, u_map_count(resp.map_header)); + ck_assert_int_eq(8, resp.binary_body_length); + + i_clean_session(&i_session); + ulfius_clean_request(&req); + ulfius_clean_response(&resp); + ulfius_stop_framework(&instance); + ulfius_clean_instance(&instance); +} +END_TEST + START_TEST(test_iddawc_api_request_no_refresh_no_dpop) { struct _i_session i_session; @@ -316,6 +346,8 @@ START_TEST(test_iddawc_api_request_refresh_not_required_dpop_required) ck_assert_ptr_ne(NULL, j_control = json_loads(resource_object, JSON_DECODE_ANY, NULL)); ck_assert_ptr_ne(NULL, j_resp = ulfius_get_json_body_response(&resp, NULL)); ck_assert_int_eq(1, json_equal(j_control, j_resp)); + ulfius_clean_response(&resp); + ck_assert_int_eq(ulfius_init_response(&resp), I_OK); ck_assert_int_eq(i_perform_resource_service_request(&i_session, &req, &resp, 0, I_BEARER_TYPE_HEADER, 0, 0), I_OK); ck_assert_int_eq(401, resp.status); @@ -438,6 +470,8 @@ START_TEST(test_iddawc_api_request_refresh_not_required_dpop_required_nonce) ck_assert_int_eq(i_perform_resource_service_request(&i_session, &req, &resp, 0, I_BEARER_TYPE_HEADER, 1, 0), I_OK); ck_assert_ptr_ne(NULL, i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_RS)); ck_assert_int_eq(401, resp.status); + ulfius_clean_response(&resp); + ck_assert_int_eq(ulfius_init_response(&resp), I_OK); ck_assert_int_eq(i_perform_resource_service_request(&i_session, &req, &resp, 0, I_BEARER_TYPE_HEADER, 1, 0), I_OK); ck_assert_int_eq(200, resp.status); ck_assert_ptr_ne(NULL, j_control = json_loads(resource_object, JSON_DECODE_ANY, NULL)); @@ -527,6 +561,7 @@ static Suite *iddawc_suite(void) s = suite_create("Iddawc API request tests"); tc_core = tcase_create("test_iddawc_api_request"); tcase_add_test(tc_core, test_iddawc_api_request_invalid_parameters); + tcase_add_test(tc_core, test_iddawc_api_request_invalid_response_size_header); tcase_add_test(tc_core, test_iddawc_api_request_no_refresh_no_dpop); tcase_add_test(tc_core, test_iddawc_api_request_refresh_not_required_no_dpop); tcase_add_test(tc_core, test_iddawc_api_request_refresh_required_not_available_no_dpop); diff --git a/test/core.c b/test/core.c index 0ff1224..35d8f93 100644 --- a/test/core.c +++ b/test/core.c @@ -163,6 +163,8 @@ #define ID_TOKEN_SID "sidXyz1234" #define SERVER_JWKS_CACHE_EXPIRATION 20 #define SAVE_HTTP_REQUEST_RESPONSE 78 +#define RESPONSE_MAX_BODY_SIZE 421 +#define RESPONSE_MAX_HEADER_COUNT 746 const char jwks_pubkey_ecdsa_str[] = "{\"keys\":[{\"kty\":\"EC\",\"crv\":\"P-256\",\"x\":\"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4\","\ "\"y\":\"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM\",\"use\":\"enc\",\"kid\":\"1\"}]}"; @@ -658,6 +660,8 @@ START_TEST(test_iddawc_set_int_parameter) ck_assert_int_eq(i_set_int_parameter(&i_session, I_OPT_SERVER_JWKS_CACHE_EXPIRATION, SERVER_JWKS_CACHE_EXPIRATION), I_OK); ck_assert_int_eq(i_set_int_parameter(&i_session, I_OPT_SAVE_HTTP_REQUEST_RESPONSE, SAVE_HTTP_REQUEST_RESPONSE), I_OK); ck_assert_int_eq(i_set_int_parameter(&i_session, I_OPT_CIBA_REQUESTED_EXPIRY, CIBA_REQUESTED_EXPIRY), I_OK); + ck_assert_int_eq(i_set_int_parameter(&i_session, I_OPT_RESPONSE_MAX_BODY_SIZE, RESPONSE_MAX_BODY_SIZE), I_OK); + ck_assert_int_eq(i_set_int_parameter(&i_session, I_OPT_RESPONSE_MAX_HEADER_COUNT, RESPONSE_MAX_HEADER_COUNT), I_OK); i_clean_session(&i_session); } @@ -1016,6 +1020,10 @@ START_TEST(test_iddawc_get_int_parameter) ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_SAVE_HTTP_REQUEST_RESPONSE), SAVE_HTTP_REQUEST_RESPONSE); ck_assert_int_eq(i_set_int_parameter(&i_session, I_OPT_CIBA_REQUESTED_EXPIRY, CIBA_REQUESTED_EXPIRY), I_OK); ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_CIBA_REQUESTED_EXPIRY), CIBA_REQUESTED_EXPIRY); + ck_assert_int_eq(i_set_int_parameter(&i_session, I_OPT_RESPONSE_MAX_BODY_SIZE, RESPONSE_MAX_BODY_SIZE), I_OK); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_BODY_SIZE), RESPONSE_MAX_BODY_SIZE); + ck_assert_int_eq(i_set_int_parameter(&i_session, I_OPT_RESPONSE_MAX_HEADER_COUNT, RESPONSE_MAX_HEADER_COUNT), I_OK); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_HEADER_COUNT), RESPONSE_MAX_HEADER_COUNT); i_clean_session(&i_session); } @@ -1293,6 +1301,8 @@ START_TEST(test_iddawc_parameter_list) I_OPT_SAVE_HTTP_REQUEST_RESPONSE, SAVE_HTTP_REQUEST_RESPONSE, I_OPT_DPOP_NONCE_AS, DPOP_NONCE_AS, I_OPT_DPOP_NONCE_RS, DPOP_NONCE_RS, + I_OPT_RESPONSE_MAX_BODY_SIZE, RESPONSE_MAX_BODY_SIZE, + I_OPT_RESPONSE_MAX_HEADER_COUNT, RESPONSE_MAX_HEADER_COUNT, I_OPT_NONE), I_OK); ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_STATE), STATE); @@ -1392,6 +1402,8 @@ START_TEST(test_iddawc_parameter_list) ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_SAVE_HTTP_REQUEST_RESPONSE), SAVE_HTTP_REQUEST_RESPONSE); ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_AS), DPOP_NONCE_AS); ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_RS), DPOP_NONCE_RS); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_BODY_SIZE), RESPONSE_MAX_BODY_SIZE); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_HEADER_COUNT), RESPONSE_MAX_HEADER_COUNT); i_clean_session(&i_session); } @@ -1602,6 +1614,8 @@ START_TEST(test_iddawc_export_json_t) ck_assert_int_eq(json_integer_value(json_object_get(j_export, "save_http_request_response")), 0); ck_assert_ptr_eq(json_object_get(j_export, "dpop_nonce_as"), NULL); ck_assert_ptr_eq(json_object_get(j_export, "dpop_nonce_rs"), NULL); + ck_assert_int_eq(json_integer_value(json_object_get(j_export, "response_body_limit")), I_DEFAULT_RESPONSE_MAX_BODY_SIZE); + ck_assert_int_eq(json_integer_value(json_object_get(j_export, "max_header")), I_DEFAULT_RESPONSE_MAX_HEADER_COUNT); json_decref(j_export); ck_assert_int_eq(i_set_parameter_list(&i_session, I_OPT_RESPONSE_TYPE, I_RESPONSE_TYPE_CODE|I_RESPONSE_TYPE_TOKEN|I_RESPONSE_TYPE_ID_TOKEN, @@ -1721,6 +1735,8 @@ START_TEST(test_iddawc_export_json_t) I_OPT_SAVE_HTTP_REQUEST_RESPONSE, SAVE_HTTP_REQUEST_RESPONSE, I_OPT_DPOP_NONCE_AS, DPOP_NONCE_AS, I_OPT_DPOP_NONCE_RS, DPOP_NONCE_RS, + I_OPT_RESPONSE_MAX_BODY_SIZE, RESPONSE_MAX_BODY_SIZE, + I_OPT_RESPONSE_MAX_HEADER_COUNT, RESPONSE_MAX_HEADER_COUNT, I_OPT_NONE), I_OK); i_session.id_token_payload = json_pack("{ss}", "aud", "payload"); ck_assert_int_eq(i_set_rich_authorization_request_str(&i_session, AUTH_REQUEST_TYPE_1, AUTH_REQUEST_1), I_OK); @@ -1848,6 +1864,8 @@ START_TEST(test_iddawc_export_json_t) ck_assert_int_eq(json_integer_value(json_object_get(j_export, "save_http_request_response")), SAVE_HTTP_REQUEST_RESPONSE); ck_assert_str_eq(json_string_value(json_object_get(j_export, "dpop_nonce_as")), DPOP_NONCE_AS); ck_assert_str_eq(json_string_value(json_object_get(j_export, "dpop_nonce_rs")), DPOP_NONCE_RS); + ck_assert_int_eq(json_integer_value(json_object_get(j_export, "response_body_limit")), RESPONSE_MAX_BODY_SIZE); + ck_assert_int_eq(json_integer_value(json_object_get(j_export, "max_header")), RESPONSE_MAX_HEADER_COUNT); json_decref(j_export); json_decref(j_additional); @@ -1987,6 +2005,8 @@ START_TEST(test_iddawc_import_json_t) I_OPT_SAVE_HTTP_REQUEST_RESPONSE, SAVE_HTTP_REQUEST_RESPONSE, I_OPT_DPOP_NONCE_AS, DPOP_NONCE_AS, I_OPT_DPOP_NONCE_RS, DPOP_NONCE_RS, + I_OPT_RESPONSE_MAX_BODY_SIZE, RESPONSE_MAX_BODY_SIZE, + I_OPT_RESPONSE_MAX_HEADER_COUNT, RESPONSE_MAX_HEADER_COUNT, I_OPT_NONE), I_OK); i_session.id_token_payload = json_pack("{ss}", "aud", "payload"); ck_assert_int_eq(i_set_rich_authorization_request_str(&i_session, AUTH_REQUEST_TYPE_1, AUTH_REQUEST_1), I_OK); @@ -2120,6 +2140,8 @@ START_TEST(test_iddawc_import_json_t) ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_SAVE_HTTP_REQUEST_RESPONSE), SAVE_HTTP_REQUEST_RESPONSE); ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_AS), DPOP_NONCE_AS); ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_RS), DPOP_NONCE_RS); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_BODY_SIZE), RESPONSE_MAX_BODY_SIZE); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_HEADER_COUNT), RESPONSE_MAX_HEADER_COUNT); json_decref(j_export); json_decref(j_config); @@ -2141,7 +2163,7 @@ START_TEST(test_iddawc_export_str) ck_assert_int_eq(i_init_session(&i_session), I_OK); str_export = i_export_session_str(&i_session); - ck_assert_str_eq(str_export, "{\"response_type\":0,\"additional_parameters\":{},\"additional_response\":{},\"result\":0,\"expires_in\":0,\"expires_at\":0,\"auth_method\":1,\"token_method\":0,\"server_jwks\":{\"keys\":[]},\"x5u_flags\":0,\"openid_config_strict\":false,\"token_exp\":600,\"authorization_details\":[],\"device_auth_expires_in\":0,\"device_auth_interval\":0,\"require_pushed_authorization_requests\":false,\"pushed_authorization_request_expires_in\":0,\"use_dpop\":false,\"decrypt_code\":false,\"decrypt_refresh_token\":false,\"decrypt_access_token\":false,\"client_jwks\":{\"keys\":[]},\"remote_cert_flag\":4369,\"pkce_method\":0,\"claims\":{\"userinfo\":{},\"id_token\":{}},\"ciba_mode\":0,\"ciba_login_hint_format\":0,\"ciba_auth_req_expires_in\":0,\"ciba_auth_req_interval\":0,\"frontchannel_logout_session_required\":0,\"backchannel_logout_session_required\":0,\"server_jwks_cache_expiration\":0,\"save_http_request_response\":0,\"ciba_requested_expiry\":0,\"openid_config_strict_flags\":4368}"); + ck_assert_str_eq(str_export, "{\"response_type\":0,\"additional_parameters\":{},\"additional_response\":{},\"result\":0,\"expires_in\":0,\"expires_at\":0,\"auth_method\":1,\"token_method\":0,\"server_jwks\":{\"keys\":[]},\"x5u_flags\":0,\"openid_config_strict\":false,\"token_exp\":600,\"authorization_details\":[],\"device_auth_expires_in\":0,\"device_auth_interval\":0,\"require_pushed_authorization_requests\":false,\"pushed_authorization_request_expires_in\":0,\"use_dpop\":false,\"decrypt_code\":false,\"decrypt_refresh_token\":false,\"decrypt_access_token\":false,\"client_jwks\":{\"keys\":[]},\"remote_cert_flag\":4369,\"pkce_method\":0,\"claims\":{\"userinfo\":{},\"id_token\":{}},\"ciba_mode\":0,\"ciba_login_hint_format\":0,\"ciba_auth_req_expires_in\":0,\"ciba_auth_req_interval\":0,\"frontchannel_logout_session_required\":0,\"backchannel_logout_session_required\":0,\"server_jwks_cache_expiration\":0,\"save_http_request_response\":0,\"ciba_requested_expiry\":0,\"openid_config_strict_flags\":4368,\"response_body_limit\":4194304,\"max_header\":64}"); o_free(str_export); ck_assert_int_eq(i_set_parameter_list(&i_session, I_OPT_RESPONSE_TYPE, I_RESPONSE_TYPE_CODE|I_RESPONSE_TYPE_TOKEN|I_RESPONSE_TYPE_ID_TOKEN, @@ -2263,6 +2285,8 @@ START_TEST(test_iddawc_export_str) I_OPT_SAVE_HTTP_REQUEST_RESPONSE, SAVE_HTTP_REQUEST_RESPONSE, I_OPT_DPOP_NONCE_AS, DPOP_NONCE_AS, I_OPT_DPOP_NONCE_RS, DPOP_NONCE_RS, + I_OPT_RESPONSE_MAX_BODY_SIZE, RESPONSE_MAX_BODY_SIZE, + I_OPT_RESPONSE_MAX_HEADER_COUNT, RESPONSE_MAX_HEADER_COUNT, I_OPT_NONE), I_OK); ck_assert_int_eq(r_jwks_import_from_json_str(i_session.server_jwks, jwks_pubkey_ecdsa_str), RHN_OK); ck_assert_int_eq(r_jwks_import_from_json_str(i_session.client_jwks, jwks_pubkey_ecdsa_str), RHN_OK); @@ -2411,6 +2435,8 @@ START_TEST(test_iddawc_import_str) I_OPT_SAVE_HTTP_REQUEST_RESPONSE, SAVE_HTTP_REQUEST_RESPONSE, I_OPT_DPOP_NONCE_AS, DPOP_NONCE_AS, I_OPT_DPOP_NONCE_RS, DPOP_NONCE_RS, + I_OPT_RESPONSE_MAX_BODY_SIZE, RESPONSE_MAX_BODY_SIZE, + I_OPT_RESPONSE_MAX_HEADER_COUNT, RESPONSE_MAX_HEADER_COUNT, I_OPT_NONE), I_OK); ck_assert_int_eq(r_jwks_import_from_json_str(i_session.server_jwks, jwks_pubkey_ecdsa_str), RHN_OK); ck_assert_int_eq(r_jwks_import_from_json_str(i_session.client_jwks, jwks_pubkey_ecdsa_str), RHN_OK); @@ -2547,6 +2573,8 @@ START_TEST(test_iddawc_import_str) ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_SAVE_HTTP_REQUEST_RESPONSE), SAVE_HTTP_REQUEST_RESPONSE); ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_AS), DPOP_NONCE_AS); ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_RS), DPOP_NONCE_RS); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_BODY_SIZE), RESPONSE_MAX_BODY_SIZE); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_HEADER_COUNT), RESPONSE_MAX_HEADER_COUNT); o_free(str_import); o_free(str_rar); @@ -2689,6 +2717,8 @@ START_TEST(test_iddawc_import_multiple) I_OPT_SAVE_HTTP_REQUEST_RESPONSE, SAVE_HTTP_REQUEST_RESPONSE, I_OPT_DPOP_NONCE_AS, DPOP_NONCE_AS, I_OPT_DPOP_NONCE_RS, DPOP_NONCE_RS, + I_OPT_RESPONSE_MAX_BODY_SIZE, RESPONSE_MAX_BODY_SIZE, + I_OPT_RESPONSE_MAX_HEADER_COUNT, RESPONSE_MAX_HEADER_COUNT, I_OPT_NONE), I_OK); i_session.id_token_payload = json_pack("{ss}", "aud", "payload"); ck_assert_int_eq(i_set_rich_authorization_request_str(&i_session, AUTH_REQUEST_TYPE_1, AUTH_REQUEST_1), I_OK); @@ -2824,6 +2854,8 @@ START_TEST(test_iddawc_import_multiple) ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_ID_TOKEN_SID), ID_TOKEN_SID); ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_SERVER_JWKS_CACHE_EXPIRATION), SERVER_JWKS_CACHE_EXPIRATION); ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_SAVE_HTTP_REQUEST_RESPONSE), SAVE_HTTP_REQUEST_RESPONSE); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_BODY_SIZE), RESPONSE_MAX_BODY_SIZE); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_RESPONSE_MAX_HEADER_COUNT), RESPONSE_MAX_HEADER_COUNT); ck_assert_int_eq(i_import_session_json_t(&i_session_import, j_export), I_OK); ck_assert_int_eq(i_get_response_type(&i_session_import), I_RESPONSE_TYPE_CODE|I_RESPONSE_TYPE_TOKEN|I_RESPONSE_TYPE_ID_TOKEN); @@ -2937,7 +2969,7 @@ START_TEST(test_iddawc_import_multiple) ck_assert_str_eq(i_get_str_parameter(&i_session_import, I_OPT_CIBA_BINDING_MESSAGE), CIBA_BINDING_MESSAGE); ck_assert_int_eq(i_get_int_parameter(&i_session_import, I_OPT_CIBA_REQUESTED_EXPIRY), CIBA_REQUESTED_EXPIRY); ck_assert_str_eq(i_get_str_parameter(&i_session_import, I_OPT_CIBA_CLIENT_NOTIFICATION_TOKEN), CIBA_CLIENT_NOTIFICATION_TOKEN); - ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_CIBA_ACR_VALUES), CIBA_ACR_VALUES " " CIBA_ACR_VALUES_APPEND); + ck_assert_str_eq(i_get_str_parameter(&i_session_import, I_OPT_CIBA_ACR_VALUES), CIBA_ACR_VALUES " " CIBA_ACR_VALUES_APPEND); ck_assert_str_eq(i_get_str_parameter(&i_session_import, I_OPT_CIBA_AUTH_REQ_ID), CIBA_AUTH_REQ_ID); ck_assert_str_eq(i_get_str_parameter(&i_session_import, I_OPT_CIBA_CLIENT_NOTIFICATION_ENDPOINT), CIBA_CLIENT_NOTIFICATION_ENDPOINT); ck_assert_int_eq(i_get_int_parameter(&i_session_import, I_OPT_CIBA_AUTH_REQ_EXPIRES_IN), CIBA_AUTH_REQ_EXPIRES_IN); @@ -2950,8 +2982,10 @@ START_TEST(test_iddawc_import_multiple) ck_assert_str_eq(i_get_str_parameter(&i_session_import, I_OPT_ID_TOKEN_SID), ID_TOKEN_SID); ck_assert_int_eq(i_get_int_parameter(&i_session_import, I_OPT_SERVER_JWKS_CACHE_EXPIRATION), SERVER_JWKS_CACHE_EXPIRATION); ck_assert_int_eq(i_get_int_parameter(&i_session_import, I_OPT_SAVE_HTTP_REQUEST_RESPONSE), SAVE_HTTP_REQUEST_RESPONSE); - ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_AS), DPOP_NONCE_AS); - ck_assert_str_eq(i_get_str_parameter(&i_session, I_OPT_DPOP_NONCE_RS), DPOP_NONCE_RS); + ck_assert_str_eq(i_get_str_parameter(&i_session_import, I_OPT_DPOP_NONCE_AS), DPOP_NONCE_AS); + ck_assert_str_eq(i_get_str_parameter(&i_session_import, I_OPT_DPOP_NONCE_RS), DPOP_NONCE_RS); + ck_assert_int_eq(i_get_int_parameter(&i_session_import, I_OPT_RESPONSE_MAX_BODY_SIZE), RESPONSE_MAX_BODY_SIZE); + ck_assert_int_eq(i_get_int_parameter(&i_session_import, I_OPT_RESPONSE_MAX_HEADER_COUNT), RESPONSE_MAX_HEADER_COUNT); json_decref(j_export); diff --git a/test/introspection.c b/test/introspection.c index 9f00d9c..3d40b90 100644 --- a/test/introspection.c +++ b/test/introspection.c @@ -163,6 +163,32 @@ START_TEST(test_iddawc_introspection_invalid) } END_TEST +START_TEST(test_iddawc_introspection_invalid_response_size_header) +{ + struct _i_session i_session; + struct _u_instance instance; + json_t * j_result = NULL; + ck_assert_int_eq(ulfius_init_instance(&instance, 8080, NULL, NULL), U_OK); + ck_assert_int_eq(ulfius_add_endpoint_by_val(&instance, "POST", NULL, "/introspect", 0, &callback_introspect, NULL), U_OK); + ck_assert_int_eq(ulfius_start_framework(&instance), U_OK); + + ck_assert_int_eq(i_init_session(&i_session), I_OK); + ck_assert_int_eq(i_set_parameter_list(&i_session, I_OPT_INTROSPECTION_ENDPOINT, "http://localhost:8080/introspect", + I_OPT_ACCESS_TOKEN, TOKEN, + I_OPT_TOKEN_TARGET, TOKEN, + I_OPT_RESPONSE_MAX_BODY_SIZE, 32, + I_OPT_RESPONSE_MAX_HEADER_COUNT, 4, + I_OPT_NONE), I_OK); + ck_assert_int_eq(i_get_token_introspection(&i_session, &j_result, I_INTROSPECT_REVOKE_AUTH_ACCESS_TOKEN, 0), I_ERROR); + ck_assert_ptr_eq(NULL, j_result); + i_clean_session(&i_session); + json_decref(j_result); + + ulfius_stop_framework(&instance); + ulfius_clean_instance(&instance); +} +END_TEST + START_TEST(test_iddawc_introspection_valid) { struct _i_session i_session; @@ -403,6 +429,7 @@ static Suite *iddawc_suite(void) s = suite_create("Iddawc token introspection tests"); tc_core = tcase_create("test_iddawc_introspection"); tcase_add_test(tc_core, test_iddawc_introspection_invalid); + tcase_add_test(tc_core, test_iddawc_introspection_invalid_response_size_header); tcase_add_test(tc_core, test_iddawc_introspection_valid); tcase_add_test(tc_core, test_iddawc_introspection_dpop); tcase_add_test(tc_core, test_iddawc_introspection_dpop_nonce); diff --git a/test/load_config.c b/test/load_config.c index 4b9be2f..88ae4ea 100644 --- a/test/load_config.c +++ b/test/load_config.c @@ -427,6 +427,30 @@ START_TEST(test_iddawc_configuration_valid) } END_TEST +START_TEST(test_iddawc_configuration_invalid_response_size_header) +{ + struct _i_session i_session; + struct _u_instance instance; + + ck_assert_int_eq(ulfius_init_instance(&instance, 8080, NULL, NULL), U_OK); + ck_assert_int_eq(ulfius_add_endpoint_by_val(&instance, "GET", NULL, "/.well-known/openid-configuration", 0, &callback_openid_configuration_valid, NULL), U_OK); + ck_assert_int_eq(ulfius_add_endpoint_by_val(&instance, "GET", NULL, "/jwks", 0, &callback_openid_jwks_valid, NULL), U_OK); + ck_assert_int_eq(ulfius_start_framework(&instance), U_OK); + + ck_assert_int_eq(i_init_session(&i_session), I_OK); + ck_assert_int_eq(i_set_parameter_list(&i_session, I_OPT_RESPONSE_TYPE, I_RESPONSE_TYPE_CODE, + I_OPT_OPENID_CONFIG_ENDPOINT, "http://localhost:8080/.well-known/openid-configuration", + I_OPT_RESPONSE_MAX_BODY_SIZE, 32, + I_OPT_RESPONSE_MAX_HEADER_COUNT, 4, + I_OPT_NONE), I_OK); + ck_assert_int_eq(i_get_openid_config(&i_session), I_ERROR); + i_clean_session(&i_session); + + ulfius_stop_framework(&instance); + ulfius_clean_instance(&instance); +} +END_TEST + START_TEST(test_iddawc_set_offline_configuration) { struct _i_session i_session; @@ -460,6 +484,7 @@ static Suite *iddawc_suite(void) tc_core = tcase_create("test_iddawc_oauth2"); tcase_add_test(tc_core, test_iddawc_configuration_invalid); tcase_add_test(tc_core, test_iddawc_configuration_valid); + tcase_add_test(tc_core, test_iddawc_configuration_invalid_response_size_header); tcase_add_test(tc_core, test_iddawc_set_offline_configuration); tcase_set_timeout(tc_core, 30); suite_add_tcase(s, tc_core); diff --git a/test/load_userinfo.c b/test/load_userinfo.c index 81f1222..15f3e77 100644 --- a/test/load_userinfo.c +++ b/test/load_userinfo.c @@ -300,6 +300,28 @@ START_TEST(test_iddawc_userinfo_response_empty) } END_TEST +START_TEST(test_iddawc_userinfo_invalid_response_size_header) +{ + struct _i_session i_session; + struct _u_instance instance; + ck_assert_int_eq(ulfius_init_instance(&instance, 8080, NULL, NULL), U_OK); + ck_assert_int_eq(ulfius_add_endpoint_by_val(&instance, "GET", NULL, "/userinfo", 0, &callback_openid_userinfo_valid_json, NULL), U_OK); + ck_assert_int_eq(ulfius_start_framework(&instance), U_OK); + + ck_assert_int_eq(i_init_session(&i_session), I_OK); + ck_assert_int_eq(i_set_parameter_list(&i_session, I_OPT_USERINFO_ENDPOINT, "http://localhost:8080/userinfo", + I_OPT_ACCESS_TOKEN, ACCESS_TOKEN, + I_OPT_RESPONSE_MAX_BODY_SIZE, 32, + I_OPT_RESPONSE_MAX_HEADER_COUNT, 4, + I_OPT_NONE), I_OK); + ck_assert_int_eq(i_get_userinfo(&i_session, 0), I_ERROR); + i_clean_session(&i_session); + + ulfius_stop_framework(&instance); + ulfius_clean_instance(&instance); +} +END_TEST + START_TEST(test_iddawc_userinfo_response_char) { struct _i_session i_session; @@ -508,6 +530,7 @@ static Suite *iddawc_suite(void) tcase_add_test(tc_core, test_iddawc_userinfo_invalid_response); tcase_add_test(tc_core, test_iddawc_userinfo_response_unauthorized); tcase_add_test(tc_core, test_iddawc_userinfo_response_empty); + tcase_add_test(tc_core, test_iddawc_userinfo_invalid_response_size_header); tcase_add_test(tc_core, test_iddawc_userinfo_response_char); tcase_add_test(tc_core, test_iddawc_userinfo_response_json); tcase_add_test(tc_core, test_iddawc_userinfo_response_json_dpop); diff --git a/test/token.c b/test/token.c index b46d869..0203ea5 100644 --- a/test/token.c +++ b/test/token.c @@ -507,6 +507,35 @@ START_TEST(test_iddawc_token_code_invalid_scope) } END_TEST +START_TEST(test_iddawc_token_code_invalid_response_header_length) +{ + struct _i_session i_session; + struct _u_instance instance; + ck_assert_int_eq(i_init_session(&i_session), I_OK); + ck_assert_int_eq(ulfius_init_instance(&instance, 8080, NULL, NULL), U_OK); + ck_assert_int_eq(ulfius_add_endpoint_by_val(&instance, "POST", NULL, "/token", 0, &callback_oauth2_token_code_ok, NULL), U_OK); + ck_assert_int_eq(ulfius_start_framework(&instance), U_OK); + ck_assert_int_eq(i_set_parameter_list(&i_session, I_OPT_RESPONSE_TYPE, I_RESPONSE_TYPE_CODE, + I_OPT_CLIENT_ID, CLIENT_ID, + I_OPT_CLIENT_SECRET, CLIENT_SECRET, + I_OPT_REDIRECT_URI, REDIRECT_URI, + I_OPT_SCOPE, SCOPE_LIST, + I_OPT_TOKEN_ENDPOINT, TOKEN_ENDPOINT, + I_OPT_CODE, CODE, + I_OPT_RESPONSE_MAX_BODY_SIZE, 32, + I_OPT_RESPONSE_MAX_HEADER_COUNT, 4, + I_OPT_NONE), I_OK); + ck_assert_int_eq(i_run_token_request(&i_session), I_ERROR); + ck_assert_ptr_eq(i_get_str_parameter(&i_session, I_OPT_ACCESS_TOKEN), NULL); + ck_assert_ptr_eq(i_get_str_parameter(&i_session, I_OPT_REFRESH_TOKEN), NULL); + ck_assert_int_eq(i_get_int_parameter(&i_session, I_OPT_EXPIRES_IN), 0); + + i_clean_session(&i_session); + ulfius_stop_framework(&instance); + ulfius_clean_instance(&instance); +} +END_TEST + START_TEST(test_iddawc_token_code_ok) { struct _i_session i_session; @@ -1445,6 +1474,7 @@ static Suite *iddawc_suite(void) tcase_add_test(tc_core, test_iddawc_token_code_unauthorized_client); tcase_add_test(tc_core, test_iddawc_token_code_unsupported_grant_type); tcase_add_test(tc_core, test_iddawc_token_code_invalid_scope); + tcase_add_test(tc_core, test_iddawc_token_code_invalid_response_header_length); tcase_add_test(tc_core, test_iddawc_token_code_ok); tcase_add_test(tc_core, test_iddawc_token_code_encrypted_invalid); tcase_add_test(tc_core, test_iddawc_token_code_encrypted_ok);