diff --git a/tests/idp.config b/tests/idp.config index 7438969..45cf253 100644 --- a/tests/idp.config +++ b/tests/idp.config @@ -23,7 +23,7 @@ "debug" : 1, "key_file" : "test.key", "cert_file" : "test.pem", - "xmlsec_binary" : "/opt/local/bin/xmlsec1", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", "metadata": { "local": ["metadata.xml", "vo_metadata.xml"], }, diff --git a/tests/test_01_saml.py b/tests/test_01_saml.py index 8b1cffa..05b9552 100644 --- a/tests/test_01_saml.py +++ b/tests/test_01_saml.py @@ -474,17 +474,18 @@ class TestAttribute: def test_basic_base64(self): attribute = saml.attribute_from_string(BASIC_BASE64_AV) print attribute - assert attribute.attribute_value[0].text == "UNINETT" + assert attribute.attribute_value[0].text == "VU5JTkVUVA==" + assert attribute.attribute_value[0].type == "xs:base64Binary" def test_basic_boolean_true(self): attribute = saml.attribute_from_string(BASIC_BOOLEAN_TRUE_AV) print attribute - assert attribute.attribute_value[0].text == "True" + assert attribute.attribute_value[0].text.lower() == "true" def test_basic_boolean_false(self): attribute = saml.attribute_from_string(BASIC_BOOLEAN_FALSE_AV) print attribute - assert attribute.attribute_value[0].text == "False" + assert attribute.attribute_value[0].text.lower() == "false" class TestAttributeStatement: diff --git a/tests/test_40_sigver.py b/tests/test_40_sigver.py index 33245d1..74cff64 100644 --- a/tests/test_40_sigver.py +++ b/tests/test_40_sigver.py @@ -35,9 +35,36 @@ def get_xmlsec(): raise Exception("Can't find xmlsec1") -CERT1 = """MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=""" +CERT1 = """MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy +3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaN +efiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0G +A1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJs +iojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt +U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSw +mDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6 +h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5 +U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6 +mrPzGzk3ECbupFnqyREH3+ZPSdk=""" -CERT_SSP = """MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w==""" +CERT_SSP = """MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMC +Tk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UE +CxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0B +CQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoX +DTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhl +aW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBv +cGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdA +dW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlx +AZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4Hln +O4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZ +jcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQ +Yj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1j +wKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3K +jjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w==""" from pyasn1.codec.der import decoder @@ -47,6 +74,7 @@ def test_cert_from_instance_1(): assertion = response.assertion[0] certs = sigver.cert_from_instance(assertion) assert len(certs) == 1 + print certs[0] assert certs[0] == CERT1 def test_cert_from_instance_ssp(): @@ -55,11 +83,10 @@ def test_cert_from_instance_ssp(): assertion = response.assertion[0] certs = sigver.cert_from_instance(assertion) assert len(certs) == 1 - print certs[0] + assert certs[0] == CERT_SSP der = base64.b64decode(certs[0]) print str(decoder.decode(der)).replace('.',"\n.") assert decoder.decode(der) - assert certs[0] == CERT_SSP class TestSecurity(): @@ -67,6 +94,25 @@ class TestSecurity(): self.sec = sigver.SecurityContext(get_xmlsec(), PRIV_KEY, "pem", PUB_KEY, "pem", debug=1) + self._assertion = { + "version": "2.0", + "id": "11111", + "issue_instant": "2009-10-30T13:20:28Z", + "signature": sigver.pre_signature_part("11111", self.sec.my_cert, + 1), + "attribute_statement": { + "attribute": [{ + "friendly_name": "surName", + "attribute_value": "Foo", + }, + { + "friendly_name": "givenName", + "attribute_value": "Bar", + } + ] + } + } + def test_verify_1(self): xml_response = open(SIGNED).read() response = self.sec.correctly_signed_response(xml_response) @@ -84,25 +130,9 @@ class TestSecurity(): xml_response) def test_sign_assertion(self): - ass = make_instance(saml.Assertion, { - "version": "2.0", - "id": "11111", - "issue_instant": "2009-10-30T13:20:28Z", - "signature": sigver.pre_signature_part("11111"), - "attribute_statement": { - "attribute": [{ - "friendly_name": "surName", - "attribute_value": "Foo", - }, - { - "friendly_name": "givenName", - "attribute_value": "Bar", - } - ] - } - }) + ass = make_instance(saml.Assertion, self._assertion) - sign_ass = self.sec.sign_assertion_using_xmlsec("%s" % ass) + sign_ass = self.sec.sign_assertion_using_xmlsec("%s" % ass, nodeid=ass.id) sass = saml.assertion_from_string(sign_ass) print sass @@ -118,26 +148,8 @@ class TestSecurity(): assert sig.signed_info.reference[0].digest_value[0].text == DIGEST_VALUE def test_sign_response(self): - assertion = { - "version": "2.0", - "id": "11111", - "issue_instant": "2009-10-30T13:20:28Z", - "signature": sigver.pre_signature_part("11111"), - "attribute_statement": { - "attribute": [{ - "friendly_name": "surName", - "attribute_value": "Foo", - }, - { - "friendly_name": "givenName", - "attribute_value": "Bar", - } - ] - } - } - s_response = sigver.signed_instance_factory(samlp.Response, { - "assertion" : assertion, + "assertion" : self._assertion, "id": "22222", "signature": sigver.pre_signature_part("22222"), }, self.sec) @@ -154,36 +166,19 @@ class TestSecurity(): assert sass.id == "11111" assert time_util.str_to_time(sass.issue_instant) sig = sass.signature - assert sig.signature_value.text == """AS1kHHtA4eTOU2XLTWhLMSJQ6V+TSDymRoTF78CqjrYURNLk9wjdPjAReNn9eykv\nryFiHNk0p9wMBknha5pH8aeCI/LmcVhLa5xteGZrtE/Udh5vv8z4kRQX51Uz/5x8\nToiobGw83MEW6A0dRUn0O20NBMMTaFZZPXye7RvVlHY=""" + assert sig.signature_value.text == """xObs8g6Kr11NopsCxv9IXPQZ4Qfxag3zZrxcza+NBZwQ2JIXEw6vQDmu/OG+EgUP\n2miVoAY4nbklsiwXZfjXYU3OOUDJr7UDhAHUuki/kcKCV6SMEUFlOcEzDFVg+Fr+\nFsPJhsmit5uRRP5rYA92y1fKf42vViw8LFj+LqlTv2Y=""" assert len(sig.signed_info.reference) == 1 assert len(sig.signed_info.reference[0].digest_value) == 1 digest = sig.signed_info.reference[0].digest_value[0].text - assert digest == """WFRXmImfoO3M6JOLE6BGGpU9Ud0=""" + assert digest == """z6O3mlLmX1a6Wk1F4cgMsAXdA6Q=""" def test_sign_response_2(self): - assertion1 = { - "version": "2.0", - "id": "11111", - "issue_instant": "2009-10-30T13:20:28Z", - "signature": sigver.pre_signature_part("11111").copy(), - "attribute_statement": { - "attribute": [{ - "friendly_name": "surName", - "attribute_value": "Foo", - }, - { - "friendly_name": "givenName", - "attribute_value": "Bar", - } - ] - } - } assertion2 = { "version": "2.0", "id": "11122", "issue_instant": "2009-10-30T13:20:28Z", - "signature": sigver.pre_signature_part("11122").copy(), + "signature": sigver.pre_signature_part("11122"), "attribute_statement": { "attribute": [{ "friendly_name": "surName", @@ -198,7 +193,7 @@ class TestSecurity(): } s_response = sigver.signed_instance_factory(samlp.Response, { - "assertion" : [assertion1,assertion2], + "assertion" : [self._assertion,assertion2], "id": "22233", "signature": sigver.pre_signature_part("22233"), }, self.sec) @@ -215,38 +210,22 @@ class TestSecurity(): assert sass.id == "11111" assert time_util.str_to_time(sass.issue_instant) sig = sass.signature - assert sig.signature_value.text == """AS1kHHtA4eTOU2XLTWhLMSJQ6V+TSDymRoTF78CqjrYURNLk9wjdPjAReNn9eykv\nryFiHNk0p9wMBknha5pH8aeCI/LmcVhLa5xteGZrtE/Udh5vv8z4kRQX51Uz/5x8\nToiobGw83MEW6A0dRUn0O20NBMMTaFZZPXye7RvVlHY=""" + assert sig.signature_value.text == """xObs8g6Kr11NopsCxv9IXPQZ4Qfxag3zZrxcza+NBZwQ2JIXEw6vQDmu/OG+EgUP\n2miVoAY4nbklsiwXZfjXYU3OOUDJr7UDhAHUuki/kcKCV6SMEUFlOcEzDFVg+Fr+\nFsPJhsmit5uRRP5rYA92y1fKf42vViw8LFj+LqlTv2Y=""" assert len(sig.signed_info.reference) == 1 assert len(sig.signed_info.reference[0].digest_value) == 1 digest = sig.signed_info.reference[0].digest_value[0].text - assert digest == """WFRXmImfoO3M6JOLE6BGGpU9Ud0=""" - - def test_sign_verify(self): - assertion = { - "version": "2.0", - "id": "11111", - "issue_instant": "2009-10-30T13:20:28Z", - "signature": sigver.pre_signature_part("11111"), - "attribute_statement": { - "attribute": [{ - "friendly_name": "surName", - "attribute_value": "Foo", - }, - { - "friendly_name": "givenName", - "attribute_value": "Bar", - } - ] - } - } + assert digest == """z6O3mlLmX1a6Wk1F4cgMsAXdA6Q=""" + def test_sign_verify(self): s_response = sigver.signed_instance_factory(samlp.Response, { - "assertion" : assertion, + "assertion" : self._assertion, "id": "22222", - "signature": sigver.pre_signature_part("22222"), + "signature": sigver.pre_signature_part("22222", + self.sec.my_cert), }, self.sec) + print s_response res = self.sec.verify_signature("%s" % s_response, node_name=class_name(samlp.Response())) @@ -254,11 +233,32 @@ class TestSecurity(): assert res def test_sign_verify_with_cert_from_instance(self): + s_response = sigver.signed_instance_factory(samlp.Response, { + "assertion" : self._assertion, + "id": "22222", + "signature": sigver.pre_signature_part("22222", + self.sec.my_cert), + }, self.sec) + + print s_response + + ci = "".join(sigver.cert_from_instance(s_response)[0].split()) + assert ci == self.sec.my_cert + + res = self.sec.verify_signature("%s" % s_response, + node_name=class_name(samlp.Response())) + assert res + res = self.sec._check_signature("%s" % s_response, s_response, + class_name(s_response)) + + assert res == s_response + + def test_sign_verify_assertion_with_cert_from_instance(self): assertion = { "version": "2.0", "id": "11111", "issue_instant": "2009-10-30T13:20:28Z", - "signature": sigver.pre_signature_part("11111"), + "signature": sigver.pre_signature_part("11111", self.sec.my_cert), "attribute_statement": { "attribute": [{ "friendly_name": "surName", @@ -272,28 +272,28 @@ class TestSecurity(): } } - s_response = sigver.signed_instance_factory(samlp.Response, { - "assertion" : assertion, - "id": "22222", - "signature": sigver.pre_signature_part("22222", - "".join(open(self.sec.cert_file).read().split("\n")[1:-2])), - }, self.sec) - - ci = sigver.cert_from_instance(s_response) + s_assertion = sigver.signed_instance_factory(saml.Assertion, + assertion, self.sec) + print s_assertion - print ci + ci = "".join(sigver.cert_from_instance(s_assertion)[0].split()) + assert ci == self.sec.my_cert - res = self.sec._check_signature("%s" % s_response, s_response, - class_name(s_response)) + res = self.sec.verify_signature("%s" % s_assertion, + node_name=class_name(s_assertion)) + assert res - assert res == s_response + res = self.sec._check_signature("%s" % s_assertion, s_assertion, + class_name(s_assertion)) + + assert res def test_exception_sign_verify_with_cert_from_instance(self): assertion = { "version": "2.0", "id": "11111", "issue_instant": "2009-10-30T13:20:28Z", - "signature": sigver.pre_signature_part("11111"), + #"signature": sigver.pre_signature_part("11111"), "attribute_statement": { "attribute": [{ "friendly_name": "surName", @@ -311,7 +311,7 @@ class TestSecurity(): "assertion" : assertion, "id": "22222", "signature": sigver.pre_signature_part("22222", - "".join(open(self.sec.cert_file).read().split("\n")[1:-2])), + self.sec.my_cert), }, self.sec) @@ -320,3 +320,16 @@ class TestSecurity(): raises(sigver.SignatureError, self.sec._check_signature, "%s" % s_response, s_response, class_name(s_response)) +# def test_sign_verify_assertion_in_response(self): +# s_response = sigver.signed_instance_factory(samlp.Response, { +# "assertion" : self._assertion, +# "id": "22222", +# "signature": sigver.pre_signature_part("22222", +# self.sec.my_cert, 2), +# }, self.sec) +# +# print s_response +# res = self.sec.correctly_signed_response("%s" % s_response) +# +# print res +# assert res diff --git a/tests/test_41_xmldsig.py b/tests/test_41_xmldsig.py index e3822bf..44c80e5 100644 --- a/tests/test_41_xmldsig.py +++ b/tests/test_41_xmldsig.py @@ -626,7 +626,7 @@ class TestSignature: def testAccessors(self): """Test for Signature accessors""" - self.signature.identifier = "id" + self.signature.id = "id" self.signature.signed_info = ds.signed_info_from_string( ds_data.TEST_SIGNED_INFO) self.signature.signature_value = ds.signature_value_from_string( @@ -635,7 +635,7 @@ class TestSignature: self.signature.object.append(ds.object_from_string(ds_data.TEST_OBJECT)) new_signature = ds.signature_from_string(self.signature.to_string()) - assert new_signature.identifier == "id" + assert new_signature.id == "id" assert isinstance(new_signature.signed_info, ds.SignedInfo) assert isinstance(new_signature.signature_value, ds.SignatureValue) assert isinstance(new_signature.key_info, ds.KeyInfo) @@ -644,7 +644,7 @@ class TestSignature: def testUsingTestData(self): """Test for signature_value_from_string() using test data""" new_signature = ds.signature_from_string(ds_data.TEST_SIGNATURE) - assert new_signature.identifier == "id" + assert new_signature.id == "id" assert isinstance(new_signature.signed_info, ds.SignedInfo) assert isinstance(new_signature.signature_value, ds.SignatureValue) assert isinstance(new_signature.key_info, ds.KeyInfo) diff --git a/tests/test_44_authnreq.py b/tests/test_44_authnreq.py deleted file mode 100644 index fa71a50..0000000 --- a/tests/test_44_authnreq.py +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -from saml2 import samlp, BINDING_HTTP_POST -from saml2 import saml, utils, config, class_name, make_instance -from saml2.server import Server -from saml2.authnresponse import authn_response - -XML_RESPONSE_FILE = "saml_signed.xml" -XML_RESPONSE_FILE2 = "saml2_response.xml" - -import os - -def _eq(l1,l2): - return set(l1) == set(l2) - -class TestAuthnResponse: - def setup_class(self): - server = Server("idp.config") - name_id = server.id.temporary_nameid() - - self._resp_ = server.do_response( - "http://lingon.catalogix.se:8087/", # consumer_url - "12", # in_response_to - "urn:mace:example.com:saml:roland:sp", # sp_entity_id - {"eduPersonEntitlement":"Jeter"}, - name_id = name_id - ) - - conf = config.Config() - try: - conf.load_file("tests/server.config") - except IOError: - conf.load_file("server.config") - self.ar = authn_response(conf,"") - - def test_verify_1(self): - xml_response = ("%s" % (self._resp_,)).split("\n")[1] - self.ar.outstanding = {"12": "http://localhost:8088/sso"} - self.ar.requestor = "urn:mace:example.com:saml:roland:sp" - self.ar.timeslack = 10000 - self.ar.loads(xml_response, decode=False) - self.ar.verify() - - print self.ar.__dict__ - assert self.ar.came_from == 'http://localhost:8088/sso' - assert self.ar.session_id() == "12" - assert self.ar.ava == {'eduPersonEntitlement': ['Jeter'] } - assert self.ar.issuer() == 'urn:mace:example.com:saml:roland:idp' - - - def test_parse_2(self): - xml_response = open(XML_RESPONSE_FILE).read() - ID = "bahigehogffohiphlfmplepdpcohkhhmheppcdie" - self.ar.outstanding = {ID: "http://localhost:8088/foo"} - self.ar.requestor = "xenosmilus.umdc.umu.se" - self.ar.timeslack = 20000000 - print self.ar.__dict__ - self.ar.loads(xml_response, decode=False) - self.ar.verify() - - print self.ar - assert self.ar.came_from == 'http://localhost:8088/foo' - assert self.ar.session_id() == ID diff --git a/tests/test_50_server.py b/tests/test_50_server.py index 8ebdbfe..79ecb69 100644 --- a/tests/test_50_server.py +++ b/tests/test_50_server.py @@ -3,7 +3,7 @@ from saml2.server import Server, Identifier from saml2 import server, make_instance -from saml2 import samlp, saml, client, utils +from saml2 import samlp, saml, client, utils, config from saml2.utils import OtherError from saml2.utils import do_attribute_statement from py.test import raises @@ -15,11 +15,15 @@ def _eq(l1,l2): class TestServer1(): def setup_class(self): -# try: - self.server = Server("idp.config") -# except IOError, e: -# self.server = Server("tests/idp.config") + self.server = Server("idp.config") + conf = config.Config() + try: + conf.load_file("tests/server.config") + except IOError: + conf.load_file("server.config") + self.client = client.Saml2Client({},conf) + def test_issuer(self): issuer = make_instance( saml.Issuer, self.server.issuer()) assert isinstance(issuer, saml.Issuer) @@ -102,8 +106,7 @@ class TestServer1(): assert status.status_code.value == samlp.STATUS_SUCCESS def test_parse_faulty_request(self): - sc = client.Saml2Client({},None) - authn_request = sc.authn_request( + authn_request = self.client.authn_request( query_id = "1", destination = "http://www.example.com", service_url = "http://www.example.org", @@ -116,8 +119,7 @@ class TestServer1(): raises(OtherError,self.server.parse_authn_request,intermed) def test_parse_faulty_request_to_err_status(self): - sc = client.Saml2Client({},None) - authn_request = sc.authn_request( + authn_request = self.client.authn_request( query_id = "1", destination = "http://www.example.com", service_url = "http://www.example.org", @@ -145,8 +147,7 @@ class TestServer1(): assert status_code.status_code.value == samlp.STATUS_UNKNOWN_PRINCIPAL def test_parse_ok_request(self): - sc = client.Saml2Client({},None) - authn_request = sc.authn_request( + authn_request = self.client.authn_request( query_id = "1", destination = "http://www.example.com", service_url = "http://localhost:8087/", @@ -266,14 +267,38 @@ class TestServer1(): print response.assertion[0].keyswv() assert len(response.assertion) == 1 assert _eq(response.assertion[0].keyswv(), ['authn_statement', - 'attribute_statement', 'subject', 'issue_instant', - 'version', 'conditions', 'id']) + 'attribute_statement', 'subject', 'issue_instant', + 'version', 'issuer', 'conditions', 'id']) assertion = response.assertion[0] assert len(assertion.attribute_statement) == 1 astate = assertion.attribute_statement[0] print astate assert len(astate.attribute) == 3 + def test_signed_response(self): + name_id = self.server.id.temporary_nameid() + + signed_resp = self.server.do_response( + "http://lingon.catalogix.se:8087/", # consumer_url + "12", # in_response_to + "urn:mace:example.com:saml:roland:sp", # sp_entity_id + {"eduPersonEntitlement":"Jeter"}, + name_id = name_id, + sign=True + ) + + print "%s" % signed_resp + assert signed_resp + + # It's the assertions that are signed not the response per se + assert len(signed_resp.assertion) == 1 + assertion = signed_resp.assertion[0] + + # Since the reponse is created dynamically I don't know the signature + # value. Just that there should be one + assert assertion.signature.signature_value.text != "" + +#------------------------------------------------------------------------ IDENTITY = {"eduPersonAffiliation": ["staff", "member"], "surName": ["Jeter"], "givenName": ["Derek"],