Script to update the metadata that is used in some tests.

Added tests on new functionality.
2014-02-05 13:15:14 +01:00
parent bfc6b55e57
commit 4f2b814cc9
7 changed files with 6182 additions and 1857 deletions
--- a/tests/InCommon-metadata.xml
+++ b/tests/InCommon-metadata.xml
--- a/tests/get_metadata.sh
+++ b/tests/get_metadata.sh
@@ -0,0 +1,2 @@
+curl -G -O http://md.incommon.org/InCommon/InCommon-metadata.xml
+curl -G -O http://metadata.aai.switch.ch/metadata.aaitest.xml
--- a/tests/metadata.aaitest.xml
+++ b/tests/metadata.aaitest.xml
--- a/tests/test_20_assertion.py
+++ b/tests/test_20_assertion.py
@@ -774,5 +774,27 @@ def test_assertion_with_zero_attributes():
    assert msg.attribute_statement == []


+def test_assertion_with_authn_instant():
+    ava = {}
+    ast = Assertion(ava)
+    policy = Policy({
+        "default": {
+            "lifetime": {"minutes": 240},
+            "attribute_restrictions": None,  # means all I have
+            "name_form": NAME_FORMAT_URI
+        },
+    })
+    name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
+    issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
+    msg = ast.construct("sp_entity_id", "in_response_to", "consumer_url",
+                        name_id, [AttributeConverterNOOP(NAME_FORMAT_URI)],
+                        policy, issuer=issuer, authn_decl=ACD,
+                        authn_auth="authn_authn",
+                        authn_instant=1234567890)
+
+    print msg
+    assert msg.authn_statement[0].authn_instant == "2009-02-13T23:31:30Z"
+
+
 if __name__ == "__main__":
-    test_assertion_with_zero_attributes()
+    test_assertion_with_authn_instant()
--- a/tests/test_30_mdstore.py
+++ b/tests/test_30_mdstore.py
@@ -126,10 +126,10 @@ def test_incommon_1():
    mds.imp(METADATACONF["2"])

    print mds.entities()
-    assert mds.entities() == 1727
+    assert mds.entities() > 1700
    idps = mds.with_descriptor("idpsso")
    print idps.keys()
-    assert len(idps) == 318  # ~ 18%
+    assert len(idps) > 300  # ~ 18%
    try:
        _ = mds.single_sign_on_service('urn:mace:incommon:uiuc.edu')
    except UnknownPrincipal:
@@ -191,7 +191,7 @@ def test_switch_1():
                        disable_ssl_certificate_validation=True)

    mds.imp(METADATACONF["5"])
-    assert len(mds.keys()) == 167
+    assert len(mds.keys()) > 160
    idps = mds.with_descriptor("idpsso")
    print idps.keys()
    idpsso = mds.single_sign_on_service(
@@ -200,7 +200,7 @@ def test_switch_1():
    print idpsso
    assert destinations(idpsso) == [
        'https://aai-demo-idp.switch.ch/idp/profile/SAML2/Redirect/SSO']
-    assert len(idps) == 31
+    assert len(idps) > 30
    aas = mds.with_descriptor("attribute_authority")
    print aas.keys()
    aad = aas['https://aai-demo-idp.switch.ch/idp/shibboleth']
--- a/tests/test_41_response.py
+++ b/tests/test_41_response.py
@@ -100,3 +100,8 @@ class TestResponse:
        # should fail
        raises(MissingKey,
               'sc.correctly_signed_response("%s" % self._sign_resp_)')
+
+if __name__ == "__main__":
+    t = TestResponse()
+    t.setup_class()
+    t.test_1()
--- a/tests/test_50_server.py
+++ b/tests/test_50_server.py
@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 import base64
 from urlparse import parse_qs
+from saml2.assertion import Policy
 from saml2.authn_context import INTERNETPROTOCOLPASSWORD
 from saml2.saml import NameID, NAMEID_FORMAT_TRANSIENT
 from saml2.samlp import response_from_string
@@ -241,22 +242,46 @@ class TestServer1():
    def test_sso_response_without_identity(self):
        resp = self.server.create_authn_response(
            {},
-            "id12",                             # in_response_to
-            "http://localhost:8087/",           # consumer_url
+            "id12",                                 # in_response_to
+            "http://localhost:8087/",               # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            userid="USER1",
-            authn=AUTHN
+            authn=AUTHN,
+            release_policy=Policy(),
+            best_effort=True
        )

        print resp.keyswv()
        assert _eq(resp.keyswv(), ['status', 'destination', 'in_response_to',
-                                   'issue_instant', 'version', 'id', 'issuer'])
+                                   'issue_instant', 'version', 'id', 'issuer',
+                                   'assertion'])
        assert resp.destination == "http://localhost:8087/"
        assert resp.in_response_to == "id12"
        assert resp.status
        assert resp.status.status_code.value == samlp.STATUS_SUCCESS
        assert resp.issuer.text == "urn:mace:example.com:saml:roland:idp"
-        assert not resp.assertion 
+        assert not resp.assertion.attribute_statement
+
+    def test_sso_response_specific_instant(self):
+        _authn = AUTHN.copy()
+        _authn["authn_instant"] = 1234567890
+
+        resp = self.server.create_authn_response(
+            {},
+            "id12",                             # in_response_to
+            "http://localhost:8087/",           # consumer_url
+            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
+            userid="USER1",
+            authn=_authn,
+            best_effort=True
+        )
+
+        print resp.keyswv()
+        assert _eq(resp.keyswv(), ['status', 'destination', 'in_response_to',
+                                   'issue_instant', 'version', 'id', 'issuer',
+                                   'assertion'])
+        authn_statement = resp.assertion.authn_statement[0]
+        assert authn_statement.authn_instant == '2009-02-13T23:31:30Z'

    def test_sso_failure_response(self):
        exc = s_utils.MissingValue("eduPersonAffiliation missing")
@@ -477,4 +502,4 @@ class TestServerLogout():
 if __name__ == "__main__":
    ts = TestServer1()
    ts.setup_class()
-    ts.test_authn_response_0()
+    ts.test_sso_response_specific_instant()