github.com/vmware/govmomi@v0.51.0/sts/signer_test.go (about) 1 // © Broadcom. All Rights Reserved. 2 // The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. 3 // SPDX-License-Identifier: Apache-2.0 4 5 package sts 6 7 import ( 8 "crypto/tls" 9 "net/http" 10 "strings" 11 "testing" 12 13 "github.com/vmware/govmomi/session" 14 "github.com/vmware/govmomi/vim25/methods" 15 "github.com/vmware/govmomi/vim25/soap" 16 "github.com/vmware/govmomi/vim25/types" 17 "github.com/vmware/govmomi/vim25/xml" 18 ) 19 20 var _ soap.Signer = new(Signer) 21 22 // LocalhostCert copied from simulator/internal/testcert.go 23 var LocalhostCert = []byte(`-----BEGIN CERTIFICATE----- 24 MIIDOjCCAiKgAwIBAgIRAK6d/JpGL75P2wOSYc6WalEwDQYJKoZIhvcNAQELBQAw 25 EjEQMA4GA1UEChMHQWNtZSBDbzAgFw03MDAxMDEwMDAwMDBaGA8yMDg0MDEyOTE2 26 MDAwMFowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEP 27 ADCCAQoCggEBAK9lInM4OAKI4z+wDNkvcZC6S6exFSOysp7NPJyaEAhW93kPY7gO 28 f6H5aP3V3YU0vYpCSnz/UhyDD+/knBof1J3Do7FVwYtC293vrtXffNtAvygfJodW 29 1dPllp17ZJbq76ei9oWq1Y5Hox/sVYmNVNztvBfK1mtpS8z8Qrk1LWCyLiDHkvDA 30 hCy2OjuaopxC6qQejdWT1PxwbqptuLVakQmecpiFrupy8DTG0x0rxxdMdAATywhY 31 Gm49A/FroagZ6HMz3bm39we/w6VIx3pX1lbUUyrfjvBgfUlRwxyZABBj2STGsOQJ 32 a451eEcESXcSEWzjGjUQ1Wf+zzxr2GAHmI8CAwEAAaOBiDCBhTAOBgNVHQ8BAf8E 33 BAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNV 34 HQ4EFgQUjtR2VSuxchTxe0UNDVqWDNMR37AwLgYDVR0RBCcwJYILZXhhbXBsZS5j 35 b22HBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQADggEBACK7 36 1L15IeYPiQHFDml3EgDoRnd/tAaZP9nUZIIPLRgUnQITNAtjFgBvqneQZwlQtco2 37 s8YXSivBQiATlBEtGBzVxv36R4tTXldIgJxaCUxxZtqALLwyGqSaI/cwE0pWa6Z0 38 Op2wkzUmoQ5rRrJfRM+C6HR/+lWkNtHRzaUFOSlxNJbPo53K53OoDriwEc1PvEYP 39 wFeUXwTzCZ68pAlWUmDKCyp+lPhjIt2Gznig+BSPCNJqmwKM76oFyywi3HIP56rD 40 /cwUtoplF68uVuD8HXb1ggGsqtGiAT4GLT8tU5w+BtK8ZIs/LK7mdi7W8aIOhUUH 41 l1lgeV3oEQue3A7SogA= 42 -----END CERTIFICATE-----`) 43 44 // LocalhostKey copied from simulator/internal/testcert.go 45 var LocalhostKey = []byte(`-----BEGIN PRIVATE KEY----- 46 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvZSJzODgCiOM/ 47 sAzZL3GQukunsRUjsrKezTycmhAIVvd5D2O4Dn+h+Wj91d2FNL2KQkp8/1Icgw/v 48 5JwaH9Sdw6OxVcGLQtvd767V33zbQL8oHyaHVtXT5Zade2SW6u+novaFqtWOR6Mf 49 7FWJjVTc7bwXytZraUvM/EK5NS1gsi4gx5LwwIQstjo7mqKcQuqkHo3Vk9T8cG6q 50 bbi1WpEJnnKYha7qcvA0xtMdK8cXTHQAE8sIWBpuPQPxa6GoGehzM925t/cHv8Ol 51 SMd6V9ZW1FMq347wYH1JUcMcmQAQY9kkxrDkCWuOdXhHBEl3EhFs4xo1ENVn/s88 52 a9hgB5iPAgMBAAECggEAEpeS3knQThx6kk60HfWUgTXuPRldV0pi+shgq2z9VBT7 53 6J5EAMewqdfJVFbuQ2eCy/wY70UVTCZscw51qaNEI3EQkgS4Hm345n64tr0Y/BjR 54 6ovaxq/ivLJyk8D3ubOvscJphWPFfW6EkSa5LnqHy197972tmvcvbMw0unMzmzM7 55 DenXdoIJQu1SqLiLUiDXEfkvCReekqhe1jATCwTzIBTCnTWxgI4Ox2qsBaxuwrnl 56 D1GpWy4sh8NpDB0EBwdrjAOmLDOyvsy2X65DIlHS/k7901tvzyNjRrsr2Ig0sAz4 57 w0ke6CUKQ2B+Pqn3p6bvxRYMP08+ZjlQpPuU4RrxGQKBgQDd3HCrZCgUJAGcfzYX 58 ZzSmSoxB9+sEuVUZGU+ICMPlG0Dd8aEkXIyDjGMWsLFMIvzNBf4wB1FwdLaCJu6y 59 0PbX3KVfg/Yc4lvYUuQ+1nD/3gm2hE46lZuSfbmExH5SQVLSbSQf9S/5BTHAWQO9 60 PNie71AZ8fO5YDBM18tq2V7dBQKBgQDKYk1+Zup5p0BeRyCNnVYnpngO+pAZZmld 61 gYiRn8095QJ/Y+yV0kYc2+0+5f6St462E+PVH3tX1l9OG3ujVQnWfu2iSsRJRMUf 62 0blxqTWvqdcGi8SLpVjkrHn30scFNWmojhJv3k42H3nUMC1+WU3rp2f7+W58afyd 63 NY9x4sqzgwKBgQCoeMq9+3JLyQPIOPl0UBS06gsT1RUMI0gxpPy1yiInich6QRAi 64 snypMCPWiRo5PKBHd/OLuSLoiFhHARVliDTJum2B2I09Zc5kuJ1F8kUgpxUtGc7l 65 wdG/LeWAok1iXORtkh9KfT+Ok5kx/OZP/zJnjkZ/TTHMZPSIhZ2cZ7AXmQKBgHMP 66 HjWNtyKApsSytVwtpgyWxMznQMNgCOkjOoxoCJx2tUvNeHTY/glsM14+DdRFzTnQ 67 5weEhXAzrS1PzKPYNeafdOR+k0eAdH2Zk09+PspmyZusHIqz72zabeEqEQHyEubE 68 FtFI1rhIfs/WsBaUGQuvuhtz/I95BiguiiXaJRmXAoGADwcO6YXoWXga07gGRwZP 69 LYKwt5wBh13LAGbSsUyCSK5FG6ZrTmzaFdAGV1U4wc/wgiIgv33m8BG4Ikxvpa0r 70 Wg3dbhBx9Oya8QWIMBPk72KKEzsSDfi+Cn52ZmxTkWbBDCnkRhG77Ooi8vJ3dhq4 71 fHeAu1F9OwF83SBi1oNySd8= 72 -----END PRIVATE KEY-----`) 73 74 func TestSigner(t *testing.T) { 75 cert, err := tls.X509KeyPair(LocalhostCert, LocalhostKey) 76 if err != nil { 77 t.Fatal(err) 78 } 79 80 s := &Signer{} 81 82 env := soap.Envelope{ 83 Header: new(soap.Header), 84 Body: &methods.LoginByTokenBody{ 85 Req: &types.LoginByToken{ 86 This: types.ManagedObjectReference{ 87 Type: "SessionManager", 88 Value: "SessionManager", 89 }, 90 Locale: session.Locale, 91 }, 92 }, 93 } 94 95 _, err = s.Sign(env) 96 if err != nil { 97 t.Error(err) 98 } 99 100 s.Certificate = &cert 101 102 _, err = s.Sign(env) 103 if err == nil { 104 t.Error("expected error") 105 } 106 107 // Sign() just needs to parse the Assertion.ID 108 s.Token = `<saml2:Assertion ID="tokenID"></saml2:Assertion>` 109 110 b, err := s.Sign(env) 111 if err != nil { 112 t.Error(err) 113 } 114 115 // TODO: new(internal.Security) would require more use of xml.Name instead of field tags 116 security := struct { 117 InnerXML string `xml:",innerxml"` 118 }{} 119 120 senv := soap.Envelope{ 121 Header: &soap.Header{ 122 Security: &security, 123 }, 124 } 125 err = xml.Unmarshal(b, &senv) 126 if err != nil { 127 t.Fatal(err) 128 } 129 130 if !strings.HasPrefix(security.InnerXML, "<wsu:Timestamp ") { 131 t.Error("missing timestamp") 132 } 133 134 if !strings.HasSuffix(security.InnerXML, "</ds:Signature>") { 135 t.Error("missing signature") 136 } 137 138 req, _ := http.NewRequest(http.MethodPost, "https://127.0.0.1", nil) 139 err = s.SignRequest(req) 140 if err != nil { 141 t.Fatal(err) 142 } 143 144 req, _ = http.NewRequest(http.MethodPost, "https://[0:0:0:0:0:0:0:1]", nil) 145 err = s.SignRequest(req) 146 if err != nil { 147 t.Fatal(err) 148 } 149 } 150 151 func TestIsIPv6(t *testing.T) { 152 tests := []struct { 153 ip string 154 v6 bool 155 }{ 156 {"0:0:0:0:0:0:0:1", true}, 157 {"10.0.0.42", false}, 158 } 159 160 for _, test := range tests { 161 v6 := isIPv6(test.ip) 162 if v6 != test.v6 { 163 t.Errorf("%s: expected %t, got %t", test.ip, test.v6, v6) 164 } 165 } 166 }