openstack/deb-python-pysaml2
Code Issues Proposed changes

Updated tests

Browse Source
This commit is contained in:
Roland Hedberg
2010-04-08 09:01:18 +02:00
parent dcd3eec552
commit 1e8c6d515e
6 changed files with 159 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/idp.config
View File

@@ -23,7 +23,7 @@
"debug" : 1, "debug" : 1,
"key_file" : "test.key", "key_file" : "test.key",
"cert_file" : "test.pem", "cert_file" : "test.pem",
"xmlsec_binary" : "/opt/local/bin/xmlsec1", "xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": { "metadata": {
"local": ["metadata.xml", "vo_metadata.xml"], "local": ["metadata.xml", "vo_metadata.xml"],
}, },

7
tests/test_01_saml.py
View File

@@ -474,17 +474,18 @@ class TestAttribute:
def test_basic_base64(self): def test_basic_base64(self):
attribute = saml.attribute_from_string(BASIC_BASE64_AV) attribute = saml.attribute_from_string(BASIC_BASE64_AV)
print attribute print attribute
assert attribute.attribute_value[0].text == "UNINETT" assert attribute.attribute_value[0].text == "VU5JTkVUVA=="
assert attribute.attribute_value[0].type == "xs:base64Binary"
def test_basic_boolean_true(self): def test_basic_boolean_true(self):
attribute = saml.attribute_from_string(BASIC_BOOLEAN_TRUE_AV) attribute = saml.attribute_from_string(BASIC_BOOLEAN_TRUE_AV)
print attribute print attribute
assert attribute.attribute_value[0].text == "True" assert attribute.attribute_value[0].text.lower() == "true"
def test_basic_boolean_false(self): def test_basic_boolean_false(self):
attribute = saml.attribute_from_string(BASIC_BOOLEAN_FALSE_AV) attribute = saml.attribute_from_string(BASIC_BOOLEAN_FALSE_AV)
print attribute print attribute
assert attribute.attribute_value[0].text == "False" assert attribute.attribute_value[0].text.lower() == "false"
class TestAttributeStatement: class TestAttributeStatement:

209
tests/test_40_sigver.py
View File

@@ -35,9 +35,36 @@ def get_xmlsec():
raise Exception("Can't find xmlsec1") raise Exception("Can't find xmlsec1")
CERT1 = """MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=""" CERT1 = """MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy
3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaN
efiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0G
A1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJs
iojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSw
mDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6
h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5
U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6
mrPzGzk3ECbupFnqyREH3+ZPSdk="""
CERT_SSP = """MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w==""" CERT_SSP = """MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMC
Tk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UE
CxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0B
CQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoX
DTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhl
aW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBv
cGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdA
dW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlx
AZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4Hln
O4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZ
jcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQ
Yj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1j
wKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3K
jjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w=="""
from pyasn1.codec.der import decoder from pyasn1.codec.der import decoder
@@ -47,6 +74,7 @@ def test_cert_from_instance_1():
assertion = response.assertion[0] assertion = response.assertion[0]
certs = sigver.cert_from_instance(assertion) certs = sigver.cert_from_instance(assertion)
assert len(certs) == 1 assert len(certs) == 1
print certs[0]
assert certs[0] == CERT1 assert certs[0] == CERT1
def test_cert_from_instance_ssp(): def test_cert_from_instance_ssp():
@@ -55,11 +83,10 @@ def test_cert_from_instance_ssp():
assertion = response.assertion[0] assertion = response.assertion[0]
certs = sigver.cert_from_instance(assertion) certs = sigver.cert_from_instance(assertion)
assert len(certs) == 1 assert len(certs) == 1
print certs[0] assert certs[0] == CERT_SSP
der = base64.b64decode(certs[0]) der = base64.b64decode(certs[0])
print str(decoder.decode(der)).replace('.',"\n.") print str(decoder.decode(der)).replace('.',"\n.")
assert decoder.decode(der) assert decoder.decode(der)
assert certs[0] == CERT_SSP
class TestSecurity(): class TestSecurity():
@@ -67,6 +94,25 @@ class TestSecurity():
self.sec = sigver.SecurityContext(get_xmlsec(), PRIV_KEY, "pem", self.sec = sigver.SecurityContext(get_xmlsec(), PRIV_KEY, "pem",
PUB_KEY, "pem", debug=1) PUB_KEY, "pem", debug=1)
self._assertion = {
"version": "2.0",
"id": "11111",
"issue_instant": "2009-10-30T13:20:28Z",
"signature": sigver.pre_signature_part("11111", self.sec.my_cert,
1),
"attribute_statement": {
"attribute": [{
"friendly_name": "surName",
"attribute_value": "Foo",
},
{
"friendly_name": "givenName",
"attribute_value": "Bar",
}
]
}
}
def test_verify_1(self): def test_verify_1(self):
xml_response = open(SIGNED).read() xml_response = open(SIGNED).read()
response = self.sec.correctly_signed_response(xml_response) response = self.sec.correctly_signed_response(xml_response)
@@ -84,25 +130,9 @@ class TestSecurity():
xml_response) xml_response)
def test_sign_assertion(self): def test_sign_assertion(self):
ass = make_instance(saml.Assertion, { ass = make_instance(saml.Assertion, self._assertion)
"version": "2.0",
"id": "11111",
"issue_instant": "2009-10-30T13:20:28Z",
"signature": sigver.pre_signature_part("11111"),
"attribute_statement": {
"attribute": [{
"friendly_name": "surName",
"attribute_value": "Foo",
},
{
"friendly_name": "givenName",
"attribute_value": "Bar",
}
]
}
})
sign_ass = self.sec.sign_assertion_using_xmlsec("%s" % ass) sign_ass = self.sec.sign_assertion_using_xmlsec("%s" % ass, nodeid=ass.id)
sass = saml.assertion_from_string(sign_ass) sass = saml.assertion_from_string(sign_ass)
print sass print sass
@@ -118,26 +148,8 @@ class TestSecurity():
assert sig.signed_info.reference[0].digest_value[0].text == DIGEST_VALUE assert sig.signed_info.reference[0].digest_value[0].text == DIGEST_VALUE
def test_sign_response(self): def test_sign_response(self):
assertion = {
"version": "2.0",
"id": "11111",
"issue_instant": "2009-10-30T13:20:28Z",
"signature": sigver.pre_signature_part("11111"),
"attribute_statement": {
"attribute": [{
"friendly_name": "surName",
"attribute_value": "Foo",
},
{
"friendly_name": "givenName",
"attribute_value": "Bar",
}
]
}
}
s_response = sigver.signed_instance_factory(samlp.Response, { s_response = sigver.signed_instance_factory(samlp.Response, {
"assertion" : assertion, "assertion" : self._assertion,
"id": "22222", "id": "22222",
"signature": sigver.pre_signature_part("22222"), "signature": sigver.pre_signature_part("22222"),
}, self.sec) }, self.sec)
@@ -154,36 +166,19 @@ class TestSecurity():
assert sass.id == "11111" assert sass.id == "11111"
assert time_util.str_to_time(sass.issue_instant) assert time_util.str_to_time(sass.issue_instant)
sig = sass.signature sig = sass.signature
assert sig.signature_value.text == """AS1kHHtA4eTOU2XLTWhLMSJQ6V+TSDymRoTF78CqjrYURNLk9wjdPjAReNn9eykv\nryFiHNk0p9wMBknha5pH8aeCI/LmcVhLa5xteGZrtE/Udh5vv8z4kRQX51Uz/5x8\nToiobGw83MEW6A0dRUn0O20NBMMTaFZZPXye7RvVlHY=""" assert sig.signature_value.text == """xObs8g6Kr11NopsCxv9IXPQZ4Qfxag3zZrxcza+NBZwQ2JIXEw6vQDmu/OG+EgUP\n2miVoAY4nbklsiwXZfjXYU3OOUDJr7UDhAHUuki/kcKCV6SMEUFlOcEzDFVg+Fr+\nFsPJhsmit5uRRP5rYA92y1fKf42vViw8LFj+LqlTv2Y="""
assert len(sig.signed_info.reference) == 1 assert len(sig.signed_info.reference) == 1
assert len(sig.signed_info.reference[0].digest_value) == 1 assert len(sig.signed_info.reference[0].digest_value) == 1
digest = sig.signed_info.reference[0].digest_value[0].text digest = sig.signed_info.reference[0].digest_value[0].text
assert digest == """WFRXmImfoO3M6JOLE6BGGpU9Ud0=""" assert digest == """z6O3mlLmX1a6Wk1F4cgMsAXdA6Q="""
def test_sign_response_2(self): def test_sign_response_2(self):
assertion1 = {
"version": "2.0",
"id": "11111",
"issue_instant": "2009-10-30T13:20:28Z",
"signature": sigver.pre_signature_part("11111").copy(),
"attribute_statement": {
"attribute": [{
"friendly_name": "surName",
"attribute_value": "Foo",
},
{
"friendly_name": "givenName",
"attribute_value": "Bar",
}
]
}
}
assertion2 = { assertion2 = {
"version": "2.0", "version": "2.0",
"id": "11122", "id": "11122",
"issue_instant": "2009-10-30T13:20:28Z", "issue_instant": "2009-10-30T13:20:28Z",
"signature": sigver.pre_signature_part("11122").copy(), "signature": sigver.pre_signature_part("11122"),
"attribute_statement": { "attribute_statement": {
"attribute": [{ "attribute": [{
"friendly_name": "surName", "friendly_name": "surName",
@@ -198,7 +193,7 @@ class TestSecurity():
} }
s_response = sigver.signed_instance_factory(samlp.Response, { s_response = sigver.signed_instance_factory(samlp.Response, {
"assertion" : [assertion1,assertion2], "assertion" : [self._assertion,assertion2],
"id": "22233", "id": "22233",
"signature": sigver.pre_signature_part("22233"), "signature": sigver.pre_signature_part("22233"),
}, self.sec) }, self.sec)
@@ -215,38 +210,22 @@ class TestSecurity():
assert sass.id == "11111" assert sass.id == "11111"
assert time_util.str_to_time(sass.issue_instant) assert time_util.str_to_time(sass.issue_instant)
sig = sass.signature sig = sass.signature
assert sig.signature_value.text == """AS1kHHtA4eTOU2XLTWhLMSJQ6V+TSDymRoTF78CqjrYURNLk9wjdPjAReNn9eykv\nryFiHNk0p9wMBknha5pH8aeCI/LmcVhLa5xteGZrtE/Udh5vv8z4kRQX51Uz/5x8\nToiobGw83MEW6A0dRUn0O20NBMMTaFZZPXye7RvVlHY=""" assert sig.signature_value.text == """xObs8g6Kr11NopsCxv9IXPQZ4Qfxag3zZrxcza+NBZwQ2JIXEw6vQDmu/OG+EgUP\n2miVoAY4nbklsiwXZfjXYU3OOUDJr7UDhAHUuki/kcKCV6SMEUFlOcEzDFVg+Fr+\nFsPJhsmit5uRRP5rYA92y1fKf42vViw8LFj+LqlTv2Y="""
assert len(sig.signed_info.reference) == 1 assert len(sig.signed_info.reference) == 1
assert len(sig.signed_info.reference[0].digest_value) == 1 assert len(sig.signed_info.reference[0].digest_value) == 1
digest = sig.signed_info.reference[0].digest_value[0].text digest = sig.signed_info.reference[0].digest_value[0].text
assert digest == """WFRXmImfoO3M6JOLE6BGGpU9Ud0=""" assert digest == """z6O3mlLmX1a6Wk1F4cgMsAXdA6Q="""
def test_sign_verify(self): def test_sign_verify(self):
assertion = {
"version": "2.0",
"id": "11111",
"issue_instant": "2009-10-30T13:20:28Z",
"signature": sigver.pre_signature_part("11111"),
"attribute_statement": {
"attribute": [{
"friendly_name": "surName",
"attribute_value": "Foo",
},
{
"friendly_name": "givenName",
"attribute_value": "Bar",
}
]
}
}
s_response = sigver.signed_instance_factory(samlp.Response, { s_response = sigver.signed_instance_factory(samlp.Response, {
"assertion" : assertion, "assertion" : self._assertion,
"id": "22222", "id": "22222",
"signature": sigver.pre_signature_part("22222"), "signature": sigver.pre_signature_part("22222",
self.sec.my_cert),
}, self.sec) }, self.sec)
print s_response
res = self.sec.verify_signature("%s" % s_response, res = self.sec.verify_signature("%s" % s_response,
node_name=class_name(samlp.Response())) node_name=class_name(samlp.Response()))
@@ -254,11 +233,32 @@ class TestSecurity():
assert res assert res
def test_sign_verify_with_cert_from_instance(self): def test_sign_verify_with_cert_from_instance(self):
s_response = sigver.signed_instance_factory(samlp.Response, {
"assertion" : self._assertion,
"id": "22222",
"signature": sigver.pre_signature_part("22222",
self.sec.my_cert),
}, self.sec)
print s_response
ci = "".join(sigver.cert_from_instance(s_response)[0].split())
assert ci == self.sec.my_cert
res = self.sec.verify_signature("%s" % s_response,
node_name=class_name(samlp.Response()))
assert res
res = self.sec._check_signature("%s" % s_response, s_response,
class_name(s_response))
assert res == s_response
def test_sign_verify_assertion_with_cert_from_instance(self):
assertion = { assertion = {
"version": "2.0", "version": "2.0",
"id": "11111", "id": "11111",
"issue_instant": "2009-10-30T13:20:28Z", "issue_instant": "2009-10-30T13:20:28Z",
"signature": sigver.pre_signature_part("11111"), "signature": sigver.pre_signature_part("11111", self.sec.my_cert),
"attribute_statement": { "attribute_statement": {
"attribute": [{ "attribute": [{
"friendly_name": "surName", "friendly_name": "surName",
@@ -272,28 +272,28 @@ class TestSecurity():
} }
} }
s_response = sigver.signed_instance_factory(samlp.Response, { s_assertion = sigver.signed_instance_factory(saml.Assertion,
"assertion" : assertion, assertion, self.sec)
"id": "22222", print s_assertion
"signature": sigver.pre_signature_part("22222",
"".join(open(self.sec.cert_file).read().split("\n")[1:-2])),
}, self.sec)
ci = sigver.cert_from_instance(s_response) ci = "".join(sigver.cert_from_instance(s_assertion)[0].split())
assert ci == self.sec.my_cert
print ci res = self.sec.verify_signature("%s" % s_assertion,
node_name=class_name(s_assertion))
assert res
res = self.sec._check_signature("%s" % s_response, s_response, res = self.sec._check_signature("%s" % s_assertion, s_assertion,
class_name(s_response)) class_name(s_assertion))
assert res == s_response assert res
def test_exception_sign_verify_with_cert_from_instance(self): def test_exception_sign_verify_with_cert_from_instance(self):
assertion = { assertion = {
"version": "2.0", "version": "2.0",
"id": "11111", "id": "11111",
"issue_instant": "2009-10-30T13:20:28Z", "issue_instant": "2009-10-30T13:20:28Z",
"signature": sigver.pre_signature_part("11111"), #"signature": sigver.pre_signature_part("11111"),
"attribute_statement": { "attribute_statement": {
"attribute": [{ "attribute": [{
"friendly_name": "surName", "friendly_name": "surName",
@@ -311,7 +311,7 @@ class TestSecurity():
"assertion" : assertion, "assertion" : assertion,
"id": "22222", "id": "22222",
"signature": sigver.pre_signature_part("22222", "signature": sigver.pre_signature_part("22222",
"".join(open(self.sec.cert_file).read().split("\n")[1:-2])), self.sec.my_cert),
}, self.sec) }, self.sec)
@@ -320,3 +320,16 @@ class TestSecurity():
raises(sigver.SignatureError, self.sec._check_signature, raises(sigver.SignatureError, self.sec._check_signature,
"%s" % s_response, s_response, class_name(s_response)) "%s" % s_response, s_response, class_name(s_response))
# def test_sign_verify_assertion_in_response(self):
# s_response = sigver.signed_instance_factory(samlp.Response, {
# "assertion" : self._assertion,
# "id": "22222",
# "signature": sigver.pre_signature_part("22222",
# self.sec.my_cert, 2),
# }, self.sec)
#
# print s_response
# res = self.sec.correctly_signed_response("%s" % s_response)
#
# print res
# assert res

6
tests/test_41_xmldsig.py
View File

@@ -626,7 +626,7 @@ class TestSignature:
def testAccessors(self): def testAccessors(self):
"""Test for Signature accessors""" """Test for Signature accessors"""
self.signature.identifier = "id" self.signature.id = "id"
self.signature.signed_info = ds.signed_info_from_string( self.signature.signed_info = ds.signed_info_from_string(
ds_data.TEST_SIGNED_INFO) ds_data.TEST_SIGNED_INFO)
self.signature.signature_value = ds.signature_value_from_string( self.signature.signature_value = ds.signature_value_from_string(
@@ -635,7 +635,7 @@ class TestSignature:
self.signature.object.append(ds.object_from_string(ds_data.TEST_OBJECT)) self.signature.object.append(ds.object_from_string(ds_data.TEST_OBJECT))
new_signature = ds.signature_from_string(self.signature.to_string()) new_signature = ds.signature_from_string(self.signature.to_string())
assert new_signature.identifier == "id" assert new_signature.id == "id"
assert isinstance(new_signature.signed_info, ds.SignedInfo) assert isinstance(new_signature.signed_info, ds.SignedInfo)
assert isinstance(new_signature.signature_value, ds.SignatureValue) assert isinstance(new_signature.signature_value, ds.SignatureValue)
assert isinstance(new_signature.key_info, ds.KeyInfo) assert isinstance(new_signature.key_info, ds.KeyInfo)
@@ -644,7 +644,7 @@ class TestSignature:
def testUsingTestData(self): def testUsingTestData(self):
"""Test for signature_value_from_string() using test data""" """Test for signature_value_from_string() using test data"""
new_signature = ds.signature_from_string(ds_data.TEST_SIGNATURE) new_signature = ds.signature_from_string(ds_data.TEST_SIGNATURE)
assert new_signature.identifier == "id" assert new_signature.id == "id"
assert isinstance(new_signature.signed_info, ds.SignedInfo) assert isinstance(new_signature.signed_info, ds.SignedInfo)
assert isinstance(new_signature.signature_value, ds.SignatureValue) assert isinstance(new_signature.signature_value, ds.SignatureValue)
assert isinstance(new_signature.key_info, ds.KeyInfo) assert isinstance(new_signature.key_info, ds.KeyInfo)

64
tests/test_44_authnreq.py
View File

@@ -1,64 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from saml2 import samlp, BINDING_HTTP_POST
from saml2 import saml, utils, config, class_name, make_instance
from saml2.server import Server
from saml2.authnresponse import authn_response
XML_RESPONSE_FILE = "saml_signed.xml"
XML_RESPONSE_FILE2 = "saml2_response.xml"
import os
def _eq(l1,l2):
return set(l1) == set(l2)
class TestAuthnResponse:
def setup_class(self):
server = Server("idp.config")
name_id = server.id.temporary_nameid()
self._resp_ = server.do_response(
"http://lingon.catalogix.se:8087/", # consumer_url
"12", # in_response_to
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
{"eduPersonEntitlement":"Jeter"},
name_id = name_id
)
conf = config.Config()
try:
conf.load_file("tests/server.config")
except IOError:
conf.load_file("server.config")
self.ar = authn_response(conf,"")
def test_verify_1(self):
xml_response = ("%s" % (self._resp_,)).split("\n")[1]
self.ar.outstanding = {"12": "http://localhost:8088/sso"}
self.ar.requestor = "urn:mace:example.com:saml:roland:sp"
self.ar.timeslack = 10000
self.ar.loads(xml_response, decode=False)
self.ar.verify()
print self.ar.__dict__
assert self.ar.came_from == 'http://localhost:8088/sso'
assert self.ar.session_id() == "12"
assert self.ar.ava == {'eduPersonEntitlement': ['Jeter'] }
assert self.ar.issuer() == 'urn:mace:example.com:saml:roland:idp'
def test_parse_2(self):
xml_response = open(XML_RESPONSE_FILE).read()
ID = "bahigehogffohiphlfmplepdpcohkhhmheppcdie"
self.ar.outstanding = {ID: "http://localhost:8088/foo"}
self.ar.requestor = "xenosmilus.umdc.umu.se"
self.ar.timeslack = 20000000
print self.ar.__dict__
self.ar.loads(xml_response, decode=False)
self.ar.verify()
print self.ar
assert self.ar.came_from == 'http://localhost:8088/foo'
assert self.ar.session_id() == ID

47
tests/test_50_server.py
View File

@@ -3,7 +3,7 @@
from saml2.server import Server, Identifier from saml2.server import Server, Identifier
from saml2 import server, make_instance from saml2 import server, make_instance
from saml2 import samlp, saml, client, utils from saml2 import samlp, saml, client, utils, config
from saml2.utils import OtherError from saml2.utils import OtherError
from saml2.utils import do_attribute_statement from saml2.utils import do_attribute_statement
from py.test import raises from py.test import raises
@@ -15,10 +15,14 @@ def _eq(l1,l2):
class TestServer1(): class TestServer1():
def setup_class(self): def setup_class(self):
# try:
self.server = Server("idp.config") self.server = Server("idp.config")
# except IOError, e:
# self.server = Server("tests/idp.config") conf = config.Config()
try:
conf.load_file("tests/server.config")
except IOError:
conf.load_file("server.config")
self.client = client.Saml2Client({},conf)
def test_issuer(self): def test_issuer(self):
issuer = make_instance( saml.Issuer, self.server.issuer()) issuer = make_instance( saml.Issuer, self.server.issuer())
@@ -102,8 +106,7 @@ class TestServer1():
assert status.status_code.value == samlp.STATUS_SUCCESS assert status.status_code.value == samlp.STATUS_SUCCESS
def test_parse_faulty_request(self): def test_parse_faulty_request(self):
sc = client.Saml2Client({},None) authn_request = self.client.authn_request(
authn_request = sc.authn_request(
query_id = "1", query_id = "1",
destination = "http://www.example.com", destination = "http://www.example.com",
service_url = "http://www.example.org", service_url = "http://www.example.org",
@@ -116,8 +119,7 @@ class TestServer1():
raises(OtherError,self.server.parse_authn_request,intermed) raises(OtherError,self.server.parse_authn_request,intermed)
def test_parse_faulty_request_to_err_status(self): def test_parse_faulty_request_to_err_status(self):
sc = client.Saml2Client({},None) authn_request = self.client.authn_request(
authn_request = sc.authn_request(
query_id = "1", query_id = "1",
destination = "http://www.example.com", destination = "http://www.example.com",
service_url = "http://www.example.org", service_url = "http://www.example.org",
@@ -145,8 +147,7 @@ class TestServer1():
assert status_code.status_code.value == samlp.STATUS_UNKNOWN_PRINCIPAL assert status_code.status_code.value == samlp.STATUS_UNKNOWN_PRINCIPAL
def test_parse_ok_request(self): def test_parse_ok_request(self):
sc = client.Saml2Client({},None) authn_request = self.client.authn_request(
authn_request = sc.authn_request(
query_id = "1", query_id = "1",
destination = "http://www.example.com", destination = "http://www.example.com",
service_url = "http://localhost:8087/", service_url = "http://localhost:8087/",
@@ -267,13 +268,37 @@ class TestServer1():
assert len(response.assertion) == 1 assert len(response.assertion) == 1
assert _eq(response.assertion[0].keyswv(), ['authn_statement', assert _eq(response.assertion[0].keyswv(), ['authn_statement',
'attribute_statement', 'subject', 'issue_instant', 'attribute_statement', 'subject', 'issue_instant',
'version', 'conditions', 'id']) 'version', 'issuer', 'conditions', 'id'])
assertion = response.assertion[0] assertion = response.assertion[0]
assert len(assertion.attribute_statement) == 1 assert len(assertion.attribute_statement) == 1
astate = assertion.attribute_statement[0] astate = assertion.attribute_statement[0]
print astate print astate
assert len(astate.attribute) == 3 assert len(astate.attribute) == 3
def test_signed_response(self):
name_id = self.server.id.temporary_nameid()
signed_resp = self.server.do_response(
"http://lingon.catalogix.se:8087/", # consumer_url
"12", # in_response_to
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
{"eduPersonEntitlement":"Jeter"},
name_id = name_id,
sign=True
)
print "%s" % signed_resp
assert signed_resp
# It's the assertions that are signed not the response per se
assert len(signed_resp.assertion) == 1
assertion = signed_resp.assertion[0]
# Since the reponse is created dynamically I don't know the signature
# value. Just that there should be one
assert assertion.signature.signature_value.text != ""
#------------------------------------------------------------------------
IDENTITY = {"eduPersonAffiliation": ["staff", "member"], IDENTITY = {"eduPersonAffiliation": ["staff", "member"],
"surName": ["Jeter"], "givenName": ["Derek"], "surName": ["Jeter"], "givenName": ["Derek"],