openstack/deb-python-pysaml2
Code Issues Proposed changes

Make the tests xmlsec version dependent

Browse Source
This commit is contained in:
Roland Hedberg
2010-12-09 09:53:33 +01:00
parent 28f633b0a1
commit 87ec760733
3 changed files with 47 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
tests/test_40_sigver.py
View File

@@ -8,6 +8,8 @@ from saml2 import class_name
from saml2 import time_util from saml2 import time_util
from saml2 import saml, samlp from saml2 import saml, samlp
from saml2.s_utils import factory, do_attribute_statement from saml2.s_utils import factory, do_attribute_statement
from saml2.sigver import xmlsec_version, get_xmlsec_binary
import xmldsig as ds import xmldsig as ds
from py.test import raises from py.test import raises
@@ -22,19 +24,30 @@ PRIV_KEY = "test.key"
def _eq(l1,l2): def _eq(l1,l2):
return set(l1) == set(l2) return set(l1) == set(l2)
SIGNED_VALUE= """imvo3quPyMND8yCv8D3LNCbeiG98hKl+F5VekEY5N7EEBoq7S3A7mArz4yZUVJVw SIGNATURE_DIGEST = {
1migufgOZEiZX80vzR0lwfjAEjwRp+NjKRvOcWHfIgjz+dG8q9n4LcI5YmsjveLa "1.2.14": [(
+iNTujev1PYA+UWf57S5mqGFoi0KaS8Xnp0FG1olAZ0=""" "kMuyOK17nyp4CbA1v7KE32rX4+NQQ8EvdglTK61uIMEo3ax0PgFU7bgZGey+Aj8H\nhTPVyAzWmBDxHpSCFe050PTtNoKHx7nXprLfhuQXsPq8s0KBoZR+2qYfVCkWYVX7\nT3zG/Tn+fesBA1zLo4lYdAovol7C35KAsAWoknmZdOE=",
"SXw3kqTf+PtTiUnI8nQ6xmrM3qw="),
DIGEST_VALUE = "0+0Td5mWbs+CF7xZeYSlcQ/pjKw=" (
"upeKPE1pkzXLy9BvKFOSTnjn4du59lQQ74TN5CqDGae9D21uY/zLuOWql7LiSTSi\nC945F0WrOvG7s0eZnpuNPZobdfdeCOffCMMrq5RQ2+abPFBamkjmceuEKGdO5PWQ\nt7B1GkzXAMMgeMuU+YmvIJkHbbv5Yn6M0/ICE/COaKQ=",
def get_xmlsec(): "uX92C/YDroqITDfDY1IeekGtZac="),
for path in os.environ["PATH"].split(":"): (
fil = os.path.join(path, "xmlsec1") "xHECLk1jj4NBvk1jhGrb2mwnrLFKXk6JN3NogjMVMtnnarg9vtk7jYzy1M9RPWdj\nRSa2Jph7yVZJENm4bGuBkT91w+FYm2X4jREULPUsnupPHTQyhJEVZ07EhnluOWa3\n95KkqnZ5gbnTxn1ZvpsANzThLmYY3eSGzNXz+S7758M=",
if os.access(fil,os.X_OK): "l36wHa6Lyed9ZeAZ3jFL77wPVQ4="
return fil )
],
raise Exception("Can't find xmlsec1") "":[
(
"imvo3quPyMND8yCv8D3LNCbeiG98hKl+F5VekEY5N7EEBoq7S3A7mArz4yZUVJVw\n1migufgOZEiZX80vzR0lwfjAEjwRp+NjKRvOcWHfIgjz+dG8q9n4LcI5YmsjveLa\n+iNTujev1PYA+UWf57S5mqGFoi0KaS8Xnp0FG1olAZ0=",
"0+0Td5mWbs+CF7xZeYSlcQ/pjKw="),
(
"NEoJEpCLRi35e+cK8fwInrThausuD3xNlKZFhZda6qS8GU93s8J3sKLpd5BwB9my\nesHX38c9WhQkXeuQu6O75hMwLWb7496vG+QcodaWvLJ8u/Cgp2XdQopkNWLOqLJC\n7XyLa0fEDhPY/kvX88kx9xBnA/VhIYVjQtNrTD9M5Q8=",
"gqe292uV8r7LfSomiMh9VS9wYZw="),
(
"DS5V623NrKCXmBjzCgVDUkPXSg8kMezZIeEqg8RC6Q/0/vjoBgZDt1hMvOmOX4Vf\nA1ckqeEEHnsqegjBRUUiV41SALJmKSVvUG5V29ZonGK4EXtdC5dxRPa/2tqN1i8N\nwtTlD7DE/YLAPIM5nhL8qHKKovQvwypZmC2YVmKIuQ0=",
"h6o97FThq9XqEzw+njeKjH45QgM="),
]
}
CERT1 = """MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV CERT1 = """MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
@@ -92,9 +105,12 @@ def test_cert_from_instance_ssp():
class TestSecurity(): class TestSecurity():
def setup_class(self): def setup_class(self):
self.sec = sigver.SecurityContext(get_xmlsec(), PRIV_KEY, "pem", xmlexec = get_xmlsec_binary()
self.sec = sigver.SecurityContext(xmlexec, PRIV_KEY, "pem",
PUB_KEY, "pem", debug=1) PUB_KEY, "pem", debug=1)
self.sign_digest = SIGNATURE_DIGEST[xmlsec_version(xmlexec)]
self._assertion = factory( saml.Assertion, self._assertion = factory( saml.Assertion,
version="2.0", version="2.0",
id="11111", id="11111",
@@ -135,10 +151,10 @@ class TestSecurity():
assert sass.id == "11111" assert sass.id == "11111"
assert time_util.str_to_time(sass.issue_instant) assert time_util.str_to_time(sass.issue_instant)
sig = sass.signature sig = sass.signature
assert sig.signature_value.text == SIGNED_VALUE assert sig.signature_value.text == self.sign_digest[0][0]
assert len(sig.signed_info.reference) == 1 assert len(sig.signed_info.reference) == 1
assert sig.signed_info.reference[0].digest_value assert sig.signed_info.reference[0].digest_value
assert sig.signed_info.reference[0].digest_value.text == DIGEST_VALUE assert sig.signed_info.reference[0].digest_value.text == self.sign_digest[0][1]
def test_sign_response(self): def test_sign_response(self):
response = factory(samlp.Response, response = factory(samlp.Response,
@@ -162,12 +178,12 @@ class TestSecurity():
assert sass.id == "11111" assert sass.id == "11111"
assert time_util.str_to_time(sass.issue_instant) assert time_util.str_to_time(sass.issue_instant)
sig = sass.signature sig = sass.signature
assert sig.signature_value.text == """NEoJEpCLRi35e+cK8fwInrThausuD3xNlKZFhZda6qS8GU93s8J3sKLpd5BwB9my\nesHX38c9WhQkXeuQu6O75hMwLWb7496vG+QcodaWvLJ8u/Cgp2XdQopkNWLOqLJC\n7XyLa0fEDhPY/kvX88kx9xBnA/VhIYVjQtNrTD9M5Q8=""" assert sig.signature_value.text == self.sign_digest[1][0]
assert len(sig.signed_info.reference) == 1 assert len(sig.signed_info.reference) == 1
assert sig.signed_info.reference[0].digest_value assert sig.signed_info.reference[0].digest_value
digest = sig.signed_info.reference[0].digest_value.text digest = sig.signed_info.reference[0].digest_value.text
assert digest == "gqe292uV8r7LfSomiMh9VS9wYZw=" assert digest == self.sign_digest[1][1]
def test_sign_response_2(self): def test_sign_response_2(self):
assertion2 = factory( saml.Assertion, assertion2 = factory( saml.Assertion,
@@ -202,12 +218,12 @@ class TestSecurity():
assert sass.id == "11122" assert sass.id == "11122"
assert time_util.str_to_time(sass.issue_instant) assert time_util.str_to_time(sass.issue_instant)
sig = sass.signature sig = sass.signature
assert sig.signature_value.text == "DS5V623NrKCXmBjzCgVDUkPXSg8kMezZIeEqg8RC6Q/0/vjoBgZDt1hMvOmOX4Vf\nA1ckqeEEHnsqegjBRUUiV41SALJmKSVvUG5V29ZonGK4EXtdC5dxRPa/2tqN1i8N\nwtTlD7DE/YLAPIM5nhL8qHKKovQvwypZmC2YVmKIuQ0=" assert sig.signature_value.text == self.sign_digest[2][0]
assert len(sig.signed_info.reference) == 1 assert len(sig.signed_info.reference) == 1
assert sig.signed_info.reference[0].digest_value assert sig.signed_info.reference[0].digest_value
digest = sig.signed_info.reference[0].digest_value.text digest = sig.signed_info.reference[0].digest_value.text
assert digest == "h6o97FThq9XqEzw+njeKjH45QgM=" assert digest == self.sign_digest[2][1]
def test_sign_verify(self): def test_sign_verify(self):
response = factory(samlp.Response, response = factory(samlp.Response,

3
tests/test_43_soap.py
View File

@@ -56,6 +56,5 @@ def test_make_soap_envelope():
request.become_child_element_of(body) request.become_child_element_of(body)
string = ElementTree.tostring(envelope, encoding="UTF-8") string = ElementTree.tostring(envelope, encoding="UTF-8")
result = """<?xml version='1.0' encoding='UTF-8'?> result = """<?xml version=\'1.0\' encoding=\'UTF-8\'?>\n<ns0:Envelope xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/"><ns0:Body><ns1:AuthnRequest xmlns:ns1="urn:oasis:names:tc:SAML:2.0:protocol" /></ns0:Body></ns0:Envelope>"""
<ns0:Envelope xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:Body><ns1:AuthnRequest /></ns0:Body></ns0:Envelope>"""
assert string == result assert string == result

13
tests/test_51_client.py
View File

@@ -12,6 +12,7 @@ from saml2 import saml, s_utils, config, class_name
from saml2.server import Server from saml2.server import Server
from saml2.s_utils import decode_base64_and_inflate from saml2.s_utils import decode_base64_and_inflate
from saml2.time_util import in_a_while from saml2.time_util import in_a_while
from saml2.sigver import xmlsec_version
from py.test import raises from py.test import raises
@@ -48,8 +49,10 @@ def _leq(l1, l2):
# print name_id # print name_id
# assert False # assert False
REQ1 = """<?xml version='1.0' encoding='UTF-8'?> REQ1 = { "1.2.14": """<?xml version='1.0' encoding='UTF-8'?>
<ns0:AttributeQuery xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://idp.example.com/idp/" ID="id1" IssueInstant="%s" Version="2.0"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</ns1:Issuer><ns1:Subject><ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">E8042FB4-4D5B-48C3-8E14-8EDD852790DD</ns1:NameID></ns1:Subject></ns0:AttributeQuery>""" <ns0:AttributeQuery Destination="https://idp.example.com/idp/" ID="id1" IssueInstant="%s" Version="2.0" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">urn:mace:example.com:saml:roland:sp</ns1:Issuer><ns1:Subject xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"><ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">E8042FB4-4D5B-48C3-8E14-8EDD852790DD</ns1:NameID></ns1:Subject></ns0:AttributeQuery>""",
"":"""<?xml version='1.0' encoding='UTF-8'?>
<ns0:AttributeQuery xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://idp.example.com/idp/" ID="id1" IssueInstant="%s" Version="2.0"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</ns1:Issuer><ns1:Subject><ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">E8042FB4-4D5B-48C3-8E14-8EDD852790DD</ns1:NameID></ns1:Subject></ns0:AttributeQuery>"""}
class TestClient: class TestClient:
def setup_class(self): def setup_class(self):
@@ -69,9 +72,11 @@ class TestClient:
self.client.issuer(), self.client.issuer(),
nameid_format=saml.NAMEID_FORMAT_PERSISTENT) nameid_format=saml.NAMEID_FORMAT_PERSISTENT)
reqstr = "%s" % req.to_string() reqstr = "%s" % req.to_string()
xmlsec_vers = xmlsec_version(self.client.config["xmlsec_binary"])
print "XMLSEC version: %s" % xmlsec_vers
print reqstr print reqstr
print REQ1 % req.issue_instant print REQ1[xmlsec_vers] % req.issue_instant
assert reqstr == REQ1 % req.issue_instant assert reqstr == REQ1[xmlsec_vers] % req.issue_instant
assert req.destination == "https://idp.example.com/idp/" assert req.destination == "https://idp.example.com/idp/"
assert req.id == "id1" assert req.id == "id1"
assert req.version == "2.0" assert req.version == "2.0"