From 5eed220908c4075235dfb5811645b7bf48768cf3 Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Tue, 13 May 2014 10:15:01 +0200 Subject: [PATCH] Updated tests to working with separate signature verifications of response and assertions. --- tests/saml_false_signed.xml | 16 ++++++++-------- tests/test_40_sigver.py | 13 +++---------- tests/test_41_response.py | 25 +++++++++++++++++++++---- tests/test_44_authnresp.py | 4 ++++ 4 files changed, 36 insertions(+), 22 deletions(-) diff --git a/tests/saml_false_signed.xml b/tests/saml_false_signed.xml index a5ad7b0..24b88ac 100644 --- a/tests/saml_false_signed.xml +++ b/tests/saml_false_signed.xml @@ -1,11 +1,11 @@ - - http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php + + urn:mace:example.com:saml:roland:idp - - http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php + + urn:mace:example.com:saml:roland:idp @@ -49,15 +49,15 @@ OmuMZY0K6ERY4fNVnGEAoUZeieehC6/ljmfk14xCAlE= _cddc88563d433f556d4cc70c3162deabddea3b5019 - + - + - xenosmilus.umdc.umu.se + urn:mace:example.com:saml:roland:sp - + urn:oasis:names:tc:SAML:2.0:ac:classes:Password diff --git a/tests/test_40_sigver.py b/tests/test_40_sigver.py index 3ce200e..987f5f4 100644 --- a/tests/test_40_sigver.py +++ b/tests/test_40_sigver.py @@ -19,7 +19,6 @@ from pathutils import full_path SIGNED = full_path("saml_signed.xml") UNSIGNED = full_path("saml_unsigned.xml") -FALSE_SIGNED = full_path("saml_false_signed.xml") SIMPLE_SAML_PHP_RESPONSE = full_path("simplesamlphp_authnresponse.xml") PUB_KEY = full_path("test.pem") @@ -143,11 +142,6 @@ class TestSecurity(): response = self.sec.correctly_signed_response(xml_response) assert response - def test_non_verify_2(self): - xml_response = open(FALSE_SIGNED).read() - raises(sigver.SignatureError, self.sec.correctly_signed_response, - xml_response) - def test_sign_assertion(self): ass = self._assertion print ass @@ -478,7 +472,6 @@ def test_xbox(): if __name__ == "__main__": - #t = TestSecurity() - #t.setup_class() - #t.test_sign_then_encrypt_assertion() - test_xbox() \ No newline at end of file + t = TestSecurity() + t.setup_class() + t.test_non_verify_2() diff --git a/tests/test_41_response.py b/tests/test_41_response.py index 75bb6de..69d61ca 100644 --- a/tests/test_41_response.py +++ b/tests/test_41_response.py @@ -8,13 +8,12 @@ from saml2.server import Server from saml2.response import response_factory from saml2.response import StatusResponse from saml2.response import AuthnResponse -from saml2.sigver import security_context +from saml2.sigver import security_context, SignatureError from saml2.sigver import MissingKey from pytest import raises -XML_RESPONSE_FILE = "saml_signed.xml" -XML_RESPONSE_FILE2 = "saml2_response.xml" +FALSE_ASSERT_SIGNED = "saml_false_signed.xml" def _eq(l1, l2): @@ -91,8 +90,26 @@ class TestResponse: assert isinstance(resp, StatusResponse) assert isinstance(resp, AuthnResponse) + def test_false_sign(self): + xml_response = open(FALSE_ASSERT_SIGNED).read() + resp = response_factory( + xml_response, self.conf, + return_addrs=["http://lingon.catalogix.se:8087/"], + outstanding_queries={ + "bahigehogffohiphlfmplepdpcohkhhmheppcdie": + "http://localhost:8088/sso"}, + timeslack=10000, decode=False) + + assert isinstance(resp, StatusResponse) + assert isinstance(resp, AuthnResponse) + try: + resp.verify() + except SignatureError: + pass + else: + assert False if __name__ == "__main__": t = TestResponse() t.setup_class() - t.test_1() + t.test_false_sign() diff --git a/tests/test_44_authnresp.py b/tests/test_44_authnresp.py index d4edb27..5093303 100644 --- a/tests/test_44_authnresp.py +++ b/tests/test_44_authnresp.py @@ -125,3 +125,7 @@ class TestAuthnResponse: session_info = self.ar.session_info() assert session_info["authn_info"] == authn_info +if __name__ == "__main__": + t = TestAuthnResponse() + t.setup_class() + t.test_verify_1() \ No newline at end of file