start at test set for the client module

2009-09-30 14:10:05 +02:00
parent e9f535a7ae
commit 90f26501c6
3 changed files with 270 additions and 0 deletions
--- a/tests/saml2_response.xml
+++ b/tests/saml2_response.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    ID="_162f441d28cff78e3bb1d3c2bf3e48b5ed532605fd"
+    InResponseTo="_ae0216740b5baa4b13c79ffdb2baa82572788fd9a3" Version="2.0"
+    IssueInstant="2008-05-27T07:49:23Z"
+    Destination="https://foodle.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php">
+    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://openidp.feide.no</saml:Issuer>
+    <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+        <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+            Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </samlp:Status>
+    <saml:Assertion Version="2.0" ID="pfxb27555d8-8c06-a339-c7ae-f544b2fd1507"
+        IssueInstant="2008-05-27T07:49:23Z">
+        <saml:Issuer>https://openidp.feide.no</saml:Issuer>
+        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:SignedInfo>
+                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+                <ds:Reference URI="#pfxb27555d8-8c06-a339-c7ae-f544b2fd1507">
+                    <ds:Transforms>
+                        <ds:Transform
+                            Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+                    </ds:Transforms>
+                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+                    <ds:DigestValue>WUaqPW4nZ8uPyv+sf8qXsaKhHmk=</ds:DigestValue>
+                </ds:Reference>
+            </ds:SignedInfo>
+            <ds:SignatureValue>CRq1VvptjNHenZ5aWkyD6GqQX+XLgNiqElJnyLbMUgiwrFZ5J8IEGtC8h2YiwID15ScxVt6tjQc8R3gXkP967PIlemmhYQ4US7V3oPczu4MECamj+07wAg7BCp05UVU3RI3pvi/2dQGRRX4tlXgkzUMzx8+cBeyZaI/BXKjhKEY=</ds:SignatureValue>
+            <ds:KeyInfo>
+                <ds:X509Data>
+                    <ds:X509Certificate>MIICizCCAfQCCQCY8tKaMc0BMjANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCTk8xEjAQBgNVBAgTCVRyb25kaGVpbTEQMA4GA1UEChMHVU5JTkVUVDEOMAwGA1UECxMFRmVpZGUxGTAXBgNVBAMTEG9wZW5pZHAuZmVpZGUubm8xKTAnBgkqhkiG9w0BCQEWGmFuZHJlYXMuc29sYmVyZ0B1bmluZXR0Lm5vMB4XDTA4MDUwODA5MjI0OFoXDTM1MDkyMzA5MjI0OFowgYkxCzAJBgNVBAYTAk5PMRIwEAYDVQQIEwlUcm9uZGhlaW0xEDAOBgNVBAoTB1VOSU5FVFQxDjAMBgNVBAsTBUZlaWRlMRkwFwYDVQQDExBvcGVuaWRwLmZlaWRlLm5vMSkwJwYJKoZIhvcNAQkBFhphbmRyZWFzLnNvbGJlcmdAdW5pbmV0dC5ubzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt8jLoqI1VTlxAZ2axiDIThWcAOXdu8KkVUWaN/SooO9O0QQ7KRUjSGKN9JK65AFRDXQkWPAu4HlnO4noYlFSLnYyDxI66LCr71x4lgFJjqLeAvB/GqBqFfIZ3YK/NrhnUqFwZu63nLrZjcUZxNaPjOOSRSDaXpv1kb5k3jOiSGECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBQYj4cAafWaYfjBU2zi1ElwStIaJ5nyp/s/8B8SAPK2T79McMyccP3wSW13LHkmM1jwKe3ACFXBvqGQN0IbcH49hu0FKhYFM/GPDJcIHFBsiyMBXChpye9vBaTNEBCtU3KjjyG0hRT2mAQ9h+bkPmOvlEo/aH0xR68Z9hw4PF13w==</ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+        </ds:Signature>
+        <saml:Subject>
+            <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+                SPNameQualifier="urn:mace:feide.no:services:no.feide.foodle"
+                >_242f88493449e639aab95dd9b92b1d04234ab84fd8</saml:NameID>
+            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+                <saml:SubjectConfirmationData NotOnOrAfter="2008-05-27T07:54:23Z"
+                    InResponseTo="_ae0216740b5baa4b13c79ffdb2baa82572788fd9a3"
+                    Recipient="https://foodle.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php"
+                />
+            </saml:SubjectConfirmation>
+        </saml:Subject>
+        <saml:Conditions NotBefore="2008-05-27T07:48:53Z" NotOnOrAfter="2008-05-27T07:54:23Z">
+            <saml:AudienceRestriction>
+                <saml:Audience>urn:mace:feide.no:services:no.feide.foodle</saml:Audience>
+            </saml:AudienceRestriction>
+        </saml:Conditions>
+        <saml:AuthnStatement AuthnInstant="2008-05-27T07:49:23Z"
+            SessionIndex="_4f39c931b35a8dd4540b0a6929a361fa134ec8f7b5">
+            <saml:AuthnContext>
+                <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+            </saml:AuthnContext>
+        </saml:AuthnStatement>
+        <saml:AttributeStatement>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="cn">
+                <saml:AttributeValue xsi:type="xs:string">Andreas Solberg</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="sn">
+                <saml:AttributeValue xsi:type="xs:string">Solberg</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+                Name="uid">
+                <saml:AttributeValue xsi:type="xs:string">andreas</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+                Name="edupersonaffiliation">
+                <saml:AttributeValue xsi:type="xs:string">employee</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+                Name="edupersonentitlement">
+                <saml:AttributeValue xsi:type="xs:string"
+                >urn:mace:feide.no:entitlement:test</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+                Name="edupersonnickname">
+                <saml:AttributeValue xsi:type="xs:string">erlang</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+                Name="eduPersonPrincipalName">
+                <saml:AttributeValue xsi:type="xs:string">andreas@rnd.feide.no</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+                Name="mail">
+                <saml:AttributeValue xsi:type="xs:string">andreas@uninett.no</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+                Name="mobile">
+                <saml:AttributeValue xsi:type="xs:string">+4741107700</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="o">
+                <saml:AttributeValue xsi:type="xs:string">Feide RnD</saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="ou">
+                <saml:AttributeValue xsi:type="xs:string">Guests</saml:AttributeValue>
+            </saml:Attribute>
+        </saml:AttributeStatement>
+    </saml:Assertion>
+</samlp:Response>
--- a/tests/saml_response.xml
+++ b/tests/saml_response.xml
@@ -0,0 +1,93 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<ns0:Response 
+      Destination="http://xenosmilus.umdc.umu.se:8087/login" 
+      ID="_5271694c3be6883137377fb076355c4bc97f28b3c1" 
+      InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" 
+      IssueInstant="2009-09-25T18:12:39Z" 
+      Version="2.0" 
+      xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol">
+  <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php</ns1:Issuer>
+  <ns0:Status>
+    <ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
+  </ns0:Status>
+  <ns1:Assertion ID="pfx9e022535-4b38-cc7f-41ec-9a01bcd2936d" 
+      IssueInstant="2009-09-25T18:12:39Z" 
+      Version="2.0" 
+      xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">
+    <ns1:Issuer>http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php</ns1:Issuer>
+    <ns2:Signature xmlns:ns2="http://www.w3.org/2000/09/xmldsig#">
+      <ns2:SignedInfo>
+        <ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+        <ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+        <ns2:Reference URI="#pfx9e022535-4b38-cc7f-41ec-9a01bcd2936d">
+          <ns2:Transforms>
+            <ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+            <ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+          </ns2:Transforms>
+          <ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+          <ns2:DigestValue>YvszukkIXQKLz+1Tj7ggGR/C8DY=</ns2:DigestValue>
+        </ns2:Reference>
+      </ns2:SignedInfo>
+      <ns2:SignatureValue>
+        TcZMidcV0FL+47zQSNO67k1vJyuYSyqalcFb596G6k4kYvU/5RN4plYjkUTeraKtAWoD+ZKGay/hTorg4MGFtIr6fuq5/dtAJ+kk6dUH7nuRHfj7CxXsM9w4e75HSJAHfT8XHb5CrUSo+rr9syGLprXt6GoSTQBZHjDweeqjOHc=
+      </ns2:SignatureValue>
+      <ns2:KeyInfo>
+        <ns2:X509Data>
+          <ns2:X509Certificate>
+            MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDE
+LMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlk
+ZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswC
+QYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLm
+VybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3Bq
+KxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtK
+TytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2W
+ykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd
+7R+POBXhophSMv1ZOo
+          </ns2:X509Certificate>
+        </ns2:X509Data>
+      </ns2:KeyInfo>
+    </ns2:Signature>
+    <ns1:Subject>               
+      <ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" SPNameQualifier="xenosmilus.umdc.umu.se">
+        _cddc88563d433f556d4cc70c3162deabddea3b5019
+      </ns1:NameID>
+      <ns1:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <ns1:SubjectConfirmationData 
+          InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" 
+          NotOnOrAfter="2009-09-25T18:17:39Z" 
+          Recipient="http://xenosmilus.umdc.umu.se:8087/login" />
+      </ns1:SubjectConfirmation>
+    </ns1:Subject>
+    <ns1:Conditions 
+        NotBefore="2009-09-25T18:12:09Z" 
+        NotOnOrAfter="2009-09-26T02:12:39Z">
+      <ns1:AudienceRestriction>
+        <ns1:Audience>xenosmilus.umdc.umu.se</ns1:Audience>
+      </ns1:AudienceRestriction>
+    </ns1:Conditions>
+    <ns1:AuthnStatement 
+        AuthnInstant="2009-09-25T18:12:39Z" 
+        SessionIndex="_788db107b9bb1b6ab94f00deebbfe3d92c999b3041">
+      <ns1:AuthnContext>                      
+        <ns1:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns1:AuthnContextClassRef>
+      </ns1:AuthnContext>
+    </ns1:AuthnStatement>
+    <ns1:AttributeStatement>
+      <ns1:Attribute 
+          Name="uid" 
+          NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <ns1:AttributeValue ns2:type="xs:string" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance">
+          student
+        </ns1:AttributeValue>
+      </ns1:Attribute>
+      <ns1:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+        <ns1:AttributeValue ns2:type="xs:string" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance">
+          member
+        </ns1:AttributeValue>
+        <ns1:AttributeValue ns2:type="xs:string" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance">
+          student
+        </ns1:AttributeValue>
+      </ns1:Attribute>
+    </ns1:AttributeStatement>
+  </ns1:Assertion>
+</ns0:Response>
--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -0,0 +1,73 @@
+#!/usr/bin/env python
+
+from saml2.client import Saml2Client
+from saml2 import samlp
+
+XML_RESPONSE_FILE = "saml_response.xml"
+XML_RESPONSE_FILE2 = "saml2_response.xml"
+#XML_RESPONSE_FILE3 = "sun_saml2_response.xml"
+
+def for_me(condition, me ):
+    for restriction in condition.audience_restriction:
+        audience = restriction.audience
+        if audience.text.strip() == me:
+            return True
+
+def ava(attribute_statement):
+    result = {}
+    for attribute in attribute_statement.attribute:
+        # Check name_format ??
+        name = attribute.name.strip()
+        result[name] = []
+        for value in attribute.attribute_value:
+            result[name].append(value.text.strip())
+    return result
+
+def test_verify_1():
+    xml_response = open(XML_RESPONSE_FILE).read()
+    client = Saml2Client({})
+    (ava, came_from) = \
+            client.verify(xml_response, "xenosmilus.umdc.umu.se",decode=False)
+    assert ava == {'__userid': '_cddc88563d433f556d4cc70c3162deabddea3b5019', 
+                    'eduPersonAffiliation': ['member', 'student'], 
+                    'uid': ['student']}
+    
+def test_parse_1():
+    xml_response = open(XML_RESPONSE_FILE).read()
+    response = samlp.response_from_string(xml_response)
+    client = Saml2Client({})
+    (ava, name_id, real_uri) = \
+            client.do_response(response, "xenosmilus.umdc.umu.se")
+    assert ava == {'eduPersonAffiliation': ['member', 'student'], 'uid': ['student']}
+    assert name_id == "_cddc88563d433f556d4cc70c3162deabddea3b5019"
+
+def test_parse_2():
+    xml_response = open(XML_RESPONSE_FILE2).read()
+    response = samlp.response_from_string(xml_response)
+    client = Saml2Client({})
+    (ava, name_id, real_uri) = \
+            client.do_response(response, "xenosmilus.umdc.umu.se")
+    assert ava == {'uid': ['andreas'], 
+                    'mobile': ['+4741107700'], 
+                    'edupersonnickname': ['erlang'], 
+                    'o': ['Feide RnD'], 
+                    'edupersonentitlement': ['urn:mace:feide.no:entitlement:test'], 
+                    'edupersonaffiliation': ['employee'], 
+                    'eduPersonPrincipalName': ['andreas@rnd.feide.no'], 
+                    'sn': ['Solberg'], 
+                    'mail': ['andreas@uninett.no'], 
+                    'ou': ['Guests'], 
+                    'cn': ['Andreas Solberg']}
+    assert name_id == "_242f88493449e639aab95dd9b92b1d04234ab84fd8"
+        
+# def test_parse_3():
+#     xml_response = open(XML_RESPONSE_FILE3).read()
+#     response = samlp.response_from_string(xml_response)
+#     client = Saml2Client({})
+#     (ava, name_id, real_uri) = \
+#             client.do_response(response, "xenosmilus.umdc.umu.se")
+#     print 40*"="
+#     print ava
+#     print 40*","
+#     print name_id
+#     assert False