openstack/deb-python-pysaml2
Code Issues Proposed changes

Fixed bug due to the refactoring.

Browse Source
This commit is contained in:
rohe
2016-04-16 14:05:15 +02:00
parent 9e25cc7372
commit 9c04dc7ebb
3 changed files with 250 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
src/saml2/server.py
View File

@@ -18,6 +18,7 @@ from saml2 import saml
from saml2 import element_to_extension_element
from saml2 import class_name
from saml2 import BINDING_HTTP_REDIRECT
from saml2.argtree import add_path
from saml2.entity import Entity
from saml2.eptid import Eptid
@@ -290,7 +291,7 @@ class Server(Entity):
def setup_assertion(self, authn, sp_entity_id, in_response_to, consumer_url,
name_id, policy, _issuer, authn_statement, identity,
best_effort, sign_response, farg, **kwargs):
best_effort, sign_response, farg=None, **kwargs):
"""
Construct and return the Assertion
@@ -322,14 +323,17 @@ class Server(Entity):
return self.create_error_response(in_response_to, consumer_url,
exc, sign_response)
try:
subject_confirmation_specs = kwargs['subject_confirmation']
except KeyError:
subject_confirmation_data = {
'recipient': consumer_url,
'in_response_to': in_response_to,
'method': saml.SCM_BEARER
}
if not farg:
farg = add_path(
{},
['assertion', 'subject', 'subject_confirmation', 'method',
saml.SCM_BEARER])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', in_response_to])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', consumer_url])
if authn: # expected to be a dictionary
# Would like to use dict comprehension but ...
@@ -427,29 +431,23 @@ class Server(Entity):
if pefim:
encrypted_advice_attributes = True
encrypt_assertion_self_contained = True
assertion_attributes = self.setup_assertion(None, sp_entity_id,
None, None, None,
policy,
None, None, identity,
best_effort,
sign_response, False,
**assertion_args)
assertion = self.setup_assertion(authn, sp_entity_id,
ass_in_response_to, consumer_url,
name_id, policy, _issuer,
authn_statement, [], True,
sign_response, **assertion_args)
assertion_attributes = self.setup_assertion(
None, sp_entity_id, None, None, None, policy, None, None,
identity, best_effort, sign_response, farg=assertion_args)
assertion = self.setup_assertion(
authn, sp_entity_id, ass_in_response_to, consumer_url, name_id,
policy, _issuer, authn_statement, [], True, sign_response,
farg=assertion_args)
assertion.advice = saml.Advice()
# assertion.advice.assertion_id_ref.append(saml.AssertionIDRef())
# assertion.advice.assertion_uri_ref.append(saml.AssertionURIRef())
assertion.advice.assertion.append(assertion_attributes)
else:
assertion = self.setup_assertion(authn, sp_entity_id,
ass_in_response_to, consumer_url,
name_id, policy, _issuer,
authn_statement, identity, True,
sign_response, **assertion_args)
assertion = self.setup_assertion(
authn, sp_entity_id, ass_in_response_to, consumer_url, name_id,
policy, _issuer, authn_statement, identity, True,
sign_response, farg=assertion_args)
to_sign = []
if not encrypt_assertion:
@@ -484,7 +482,7 @@ class Server(Entity):
status=None, issuer=None,
sign_assertion=False, sign_response=False,
attributes=None, sign_alg=None,
digest_alg=None, **kwargs):
digest_alg=None, farg=None, **kwargs):
""" Create an attribute assertion response.
:param identity: A dictionary with attributes and values that are
@@ -516,6 +514,19 @@ class Server(Entity):
to_sign = []
if identity:
if not farg:
farg = add_path(
{},
['assertion', 'subject', 'subject_confirmation', 'method',
saml.SCM_BEARER])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to',
in_response_to])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', destination])
_issuer = self._issuer(issuer)
ast = Assertion(identity)
if policy:
@@ -527,19 +538,10 @@ class Server(Entity):
restr = restriction_from_attribute_spec(attributes)
ast = filter_attribute_value_assertions(ast)
try:
subject_confirmation_specs = kwargs['subject_confirmation_specs']
except KeyError:
subject_confirmation_specs = {
'recipient': destination,
'in_response_to': in_response_to,
'subject_confirmation_method': saml.SCM_BEARER
}
assertion = ast.construct(
sp_entity_id, self.config.attribute_converters, policy,
issuer=_issuer, name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
if sign_assertion:
assertion.signature = pre_signature_part(assertion.id,
@@ -712,8 +714,7 @@ class Server(Entity):
encrypt_cert_advice=encrypt_cert_advice,
encrypt_cert_assertion=encrypt_cert_assertion,
encrypt_assertion=encrypt_assertion,
encrypt_assertion_self_contained
=encrypt_assertion_self_contained,
encrypt_assertion_self_contained=encrypt_assertion_self_contained,
encrypted_advice_attributes=encrypted_advice_attributes,
pefim=pefim, **kwargs)
except IOError as exc:

55
tests/test_20_assertion.py
View File

@@ -1,6 +1,7 @@
# coding=utf-8
import pytest
from saml2.argtree import add_path
from saml2.authn_context import pword
from saml2.mdie import to_dict
from saml2 import md, assertion
@@ -810,16 +811,21 @@ def test_assertion_with_noop_attribute_conv():
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
subject_confirmation_specs = {
'recipient': 'consumer_url',
'in_response_to': 'in_response_to',
'subject_confirmation_method': saml.SCM_BEARER
}
farg = add_path(
{},
['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct(
"sp_entity_id", [AttributeConverterNOOP(NAME_FORMAT_URI)], policy,
issuer=issuer, authn_decl=ACD, name_id=name_id,
authn_auth="authn_authn",
subject_confirmation_specs=subject_confirmation_specs)
issuer=issuer, farg=farg, authn_decl=ACD, name_id=name_id,
authn_auth="authn_authn")
print(msg)
for attr in msg.attribute_statement[0].attribute:
@@ -864,16 +870,20 @@ def test_assertion_with_zero_attributes():
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
subject_confirmation_specs = {
'recipient': 'consumer_url',
'in_response_to': 'in_response_to',
'subject_confirmation_method': saml.SCM_BEARER
}
farg = add_path(
{},
['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct(
"sp_entity_id", [AttributeConverterNOOP(NAME_FORMAT_URI)], policy,
issuer=issuer, authn_decl=ACD, authn_auth="authn_authn",
name_id=name_id, subject_confirmation_specs=subject_confirmation_specs)
name_id=name_id, farg=farg)
print(msg)
assert msg.attribute_statement == []
@@ -892,17 +902,20 @@ def test_assertion_with_authn_instant():
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
subject_confirmation_specs = {
'recipient': 'consumer_url',
'in_response_to': 'in_response_to',
'subject_confirmation_method': saml.SCM_BEARER
}
farg = add_path(
{},
['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct(
"sp_entity_id", [AttributeConverterNOOP(NAME_FORMAT_URI)], policy,
issuer=issuer, authn_decl=ACD, authn_auth="authn_authn",
authn_instant=1234567890, name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
authn_instant=1234567890, name_id=name_id, farg=farg)
print(msg)
assert msg.authn_statement[0].authn_instant == "2009-02-13T23:31:30Z"

216
tests/test_51_client.py
View File

@@ -4,7 +4,11 @@
import base64
import uuid
import six
from six.moves.urllib.parse import parse_qs, urlencode, urlparse
from future.backports.urllib.parse import parse_qs
from future.backports.urllib.parse import urlencode
from future.backports.urllib.parse import urlparse
from saml2.argtree import add_path
from saml2.cert import OpenSSLWrapper
from saml2.xmldsig import SIG_RSA_SHA256
from saml2 import BINDING_HTTP_POST
@@ -87,6 +91,7 @@ def add_subelement(xmldoc, node_name, subelem):
return xmldoc
def for_me(condition, me):
for restriction in condition.audience_restriction:
audience = restriction.audience
@@ -108,6 +113,7 @@ def ava(attribute_statement):
def _leq(l1, l2):
return set(l1) == set(l2)
# def test_parse_3():
# xml_response = open(XML_RESPONSE_FILE3).read()
# response = samlp.response_from_string(xml_response)
@@ -617,7 +623,8 @@ class TestClient:
authn_response = _client.parse_authn_request_response(
resp_str, BINDING_HTTP_POST,
{"id1": "http://foo.example.com/service"}, {"id1": [cert_assertion, cert_advice]})
{"id1": "http://foo.example.com/service"},
{"id1": [cert_assertion, cert_advice]})
self.verify_authn_response(idp, authn_response, _client, ava_verify)
@@ -701,12 +708,14 @@ class TestClient:
def setup_verify_authn_response(self):
idp = "urn:mace:example.com:saml:roland:idp"
ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]}
ava_verify = {'mail': ['derek@nyy.mlb.com'], 'givenName': ['Derek'], 'sn': ['Jeter'], 'title': ["The man"]}
nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
ava = {"givenName": ["Derek"], "surName": ["Jeter"],
"mail": ["derek@nyy.mlb.com"], "title": ["The man"]}
ava_verify = {'mail': ['derek@nyy.mlb.com'], 'givenName': ['Derek'],
'sn': ['Jeter'], 'title': ["The man"]}
nameid_policy = samlp.NameIDPolicy(allow_create="false",
format=saml.NAMEID_FORMAT_PERSISTENT)
return idp, ava, ava_verify, nameid_policy
def verify_authn_response(self, idp, authn_response, _client, ava_verify):
assert authn_response is not None
assert authn_response.issuer() == idp
@@ -725,7 +734,6 @@ class TestClient:
# The information I have about the subject comes from one source
assert _client.users.issuers_of_info(subject_id) == [idp]
def test_init_values(self):
entityid = self.client.config.entityid
print(entityid)
@@ -773,7 +781,9 @@ class TestClient:
assertion=_ass
)
enctext = _sec.crypto.encrypt_assertion(response, self.client.sec.encryption_keypairs[0]["cert_file"],
enctext = _sec.crypto.encrypt_assertion(response,
self.client.sec.encryption_keypairs[
0]["cert_file"],
pre_encryption_part())
seresp = samlp.response_from_string(enctext)
@@ -793,7 +803,8 @@ class TestClient:
if ass.signature:
if not _csec.verify_signature("%s" % ass,
sign_cert_file,
node_name=class_name(ass)):
node_name=class_name(
ass)):
continue
resp_ass.append(ass)
@@ -811,11 +822,18 @@ class TestClient:
format=saml.NAMEID_FORMAT_PERSISTENT)
asser = Assertion({"givenName": "Derek", "surName": "Jeter"})
subject_confirmation_specs = {
'recipient': "http://lingon.catalogix.se:8087/",
'in_response_to': "_012345",
'subject_confirmation_method': saml.SCM_BEARER
}
farg = add_path(
{},
['assertion', 'subject', 'subject_confirmation', 'method',
saml.SCM_BEARER])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to',
'_012345'])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient',
"http://lingon.catalogix.se:8087/"])
assertion = asser.construct(
self.client.config.entityid,
@@ -825,7 +843,7 @@ class TestClient:
issuer=self.server._issuer(),
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
subject_confirmation_specs=subject_confirmation_specs
farg=farg['assertion']
)
assertion.signature = sigver.pre_signature_part(
@@ -850,7 +868,9 @@ class TestClient:
# or as part of a bunch of tests.
xmldoc = add_subelement(xmldoc, "EncryptedAssertion", sigass)
enctext = _sec.crypto.encrypt_assertion(xmldoc, self.client.sec.encryption_keypairs[1]["cert_file"],
enctext = _sec.crypto.encrypt_assertion(xmldoc,
self.client.sec.encryption_keypairs[
1]["cert_file"],
pre_encryption_part())
# seresp = samlp.response_from_string(enctext)
@@ -881,6 +901,19 @@ class TestClient:
}
name_id = factory(saml.NameID, format=saml.NAMEID_FORMAT_TRANSIENT)
farg = add_path(
{},
['assertion', 'subject', 'subject_confirmation', 'method',
saml.SCM_BEARER])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to',
'_012345'])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient',
"http://lingon.catalogix.se:8087/"])
assertion = asser.construct(
self.client.config.entityid,
self.server.config.attribute_converters,
@@ -889,7 +922,7 @@ class TestClient:
name_id=name_id,
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"})
a_assertion = a_asser.construct(
@@ -900,7 +933,7 @@ class TestClient:
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
a_assertion.signature = sigver.pre_signature_part(
a_assertion.id, _sec.my_cert, 1)
@@ -910,7 +943,8 @@ class TestClient:
assertion.advice.encrypted_assertion = []
assertion.advice.encrypted_assertion.append(EncryptedAssertion())
assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion)
assertion.advice.encrypted_assertion[0].add_extension_element(
a_assertion)
response = sigver.response_factory(
in_response_to="_012345",
@@ -931,10 +965,14 @@ class TestClient:
# xmldoc = add_subelement(xmldoc, "EncryptedAssertion", sigass)
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
["Response", "Assertion", "Advice",
"EncryptedAssertion", "Assertion"]])
enctext = _sec.crypto.encrypt_assertion(response, self.client.sec.encryption_keypairs[0]["cert_file"],
pre_encryption_part(), node_xpath=node_xpath)
enctext = _sec.crypto.encrypt_assertion(response,
self.client.sec.encryption_keypairs[
0]["cert_file"],
pre_encryption_part(),
node_xpath=node_xpath)
# seresp = samlp.response_from_string(enctext)
@@ -949,7 +987,8 @@ class TestClient:
assert resp.assertion.advice
assert resp.assertion.advice.assertion
assert resp.ava == \
{'sn': ['Jeter'], 'givenName': ['Derek'], 'uid': ['test01'], 'email': ['test.testsson@test.se']}
{'sn': ['Jeter'], 'givenName': ['Derek'], 'uid': ['test01'],
'email': ['test.testsson@test.se']}
def test_sign_then_encrypt_assertion_advice_2(self):
# Begin with the IdPs side
@@ -960,11 +999,18 @@ class TestClient:
asser_1 = Assertion({"givenName": "Derek"})
subject_confirmation_specs = {
'recipient': "http://lingon.catalogix.se:8087/",
'in_response_to': "_012345",
'subject_confirmation_method': saml.SCM_BEARER
}
farg = add_path(
{},
['assertion', 'subject', 'subject_confirmation', 'method',
saml.SCM_BEARER])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to',
'_012345'])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient',
"http://lingon.catalogix.se:8087/"])
name_id = factory(saml.NameID, format=saml.NAMEID_FORMAT_TRANSIENT)
assertion_1 = asser_1.construct(
@@ -975,7 +1021,7 @@ class TestClient:
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
asser_2 = Assertion({"surName": "Jeter"})
@@ -987,7 +1033,7 @@ class TestClient:
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
a_asser_1 = Assertion({"uid": "test01"})
a_assertion_1 = a_asser_1.construct(
@@ -998,8 +1044,7 @@ class TestClient:
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
a_asser_2 = Assertion({"email": "test.testsson@test.se"})
a_assertion_2 = a_asser_2.construct(
@@ -1010,7 +1055,7 @@ class TestClient:
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
a_asser_3 = Assertion({"street": "street"})
a_assertion_3 = a_asser_3.construct(
@@ -1021,7 +1066,7 @@ class TestClient:
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
a_asser_4 = Assertion({"title": "title"})
a_assertion_4 = a_asser_4.construct(
@@ -1032,7 +1077,7 @@ class TestClient:
authn_class=INTERNETPROTOCOLPASSWORD,
authn_auth="http://www.example.com/login",
name_id=name_id,
subject_confirmation_specs=subject_confirmation_specs)
farg=farg['assertion'])
a_assertion_1.signature = sigver.pre_signature_part(
a_assertion_1.id, _sec.my_cert, 1)
@@ -1046,9 +1091,11 @@ class TestClient:
a_assertion_4.signature = sigver.pre_signature_part(
a_assertion_4.id, _sec.my_cert, 1)
assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1)
assertion_1.signature = sigver.pre_signature_part(assertion_1.id,
_sec.my_cert, 1)
assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1)
assertion_2.signature = sigver.pre_signature_part(assertion_2.id,
_sec.my_cert, 1)
response = sigver.response_factory(
in_response_to="_012345",
@@ -1062,9 +1109,11 @@ class TestClient:
response.assertion.advice = Advice()
response.assertion.advice.encrypted_assertion = []
response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
response.assertion.advice.encrypted_assertion.append(
EncryptedAssertion())
response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1)
response.assertion.advice.encrypted_assertion[0].add_extension_element(
a_assertion_1)
advice_tag = response.assertion.advice._to_element_tree().tag
assertion_tag = a_assertion_1._to_element_tree().tag
@@ -1072,22 +1121,29 @@ class TestClient:
response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
assertion_tag, advice_tag)
response = _sec.sign_statement("%s" % response, class_name(a_assertion_1),
response = _sec.sign_statement("%s" % response,
class_name(a_assertion_1),
key_file=self.server.sec.key_file,
node_id=a_assertion_1.id)
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
["Response", "Assertion", "Advice",
"EncryptedAssertion", "Assertion"]])
enctext = _sec.crypto.encrypt_assertion(response, self.client.sec.encryption_keypairs[1]["cert_file"],
pre_encryption_part(), node_xpath=node_xpath)
enctext = _sec.crypto.encrypt_assertion(response,
self.client.sec.encryption_keypairs[
1]["cert_file"],
pre_encryption_part(),
node_xpath=node_xpath)
response = samlp.response_from_string(enctext)
response.assertion = response.assertion[0]
response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
response.assertion.advice.encrypted_assertion[1].add_extension_element(a_assertion_2)
response.assertion.advice.encrypted_assertion.append(
EncryptedAssertion())
response.assertion.advice.encrypted_assertion[1].add_extension_element(
a_assertion_2)
advice_tag = response.assertion.advice._to_element_tree().tag
assertion_tag = a_assertion_2._to_element_tree().tag
@@ -1095,15 +1151,20 @@ class TestClient:
response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
assertion_tag, advice_tag)
response = _sec.sign_statement("%s" % response, class_name(a_assertion_2),
response = _sec.sign_statement("%s" % response,
class_name(a_assertion_2),
key_file=self.server.sec.key_file,
node_id=a_assertion_2.id)
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
["Response", "Assertion", "Advice",
"EncryptedAssertion", "Assertion"]])
enctext = _sec.crypto.encrypt_assertion(response, self.client.sec.encryption_keypairs[0]["cert_file"],
pre_encryption_part(), node_xpath=node_xpath)
enctext = _sec.crypto.encrypt_assertion(response,
self.client.sec.encryption_keypairs[
0]["cert_file"],
pre_encryption_part(),
node_xpath=node_xpath)
response = samlp.response_from_string(enctext)
@@ -1111,14 +1172,17 @@ class TestClient:
assertion_tag = response.assertion._to_element_tree().tag
response = pre_encrypt_assertion(response)
response = response.get_xml_string_with_self_contained_assertion_within_encrypted_assertion(
response = \
response.get_xml_string_with_self_contained_assertion_within_encrypted_assertion(
assertion_tag)
response = _sec.sign_statement("%s" % response, class_name(assertion_1),
key_file=self.server.sec.key_file,
node_id=assertion_1.id)
enctext = _sec.crypto.encrypt_assertion(response, self.client.sec.encryption_keypairs[1]["cert_file"],
enctext = _sec.crypto.encrypt_assertion(response,
self.client.sec.encryption_keypairs[
1]["cert_file"],
pre_encryption_part())
response = samlp.response_from_string(enctext)
@@ -1128,9 +1192,11 @@ class TestClient:
response.assertion.advice = Advice()
response.assertion.advice.encrypted_assertion = []
response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
response.assertion.advice.encrypted_assertion.append(
EncryptedAssertion())
response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_3)
response.assertion.advice.encrypted_assertion[0].add_extension_element(
a_assertion_3)
advice_tag = response.assertion.advice._to_element_tree().tag
assertion_tag = a_assertion_3._to_element_tree().tag
@@ -1138,23 +1204,30 @@ class TestClient:
response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
assertion_tag, advice_tag)
response = _sec.sign_statement("%s" % response, class_name(a_assertion_3),
response = _sec.sign_statement("%s" % response,
class_name(a_assertion_3),
key_file=self.server.sec.key_file,
node_id=a_assertion_3.id)
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
["Response", "Assertion", "Advice",
"EncryptedAssertion", "Assertion"]])
enctext = _sec.crypto.encrypt_assertion(response, self.client.sec.encryption_keypairs[0]["cert_file"],
pre_encryption_part(), node_xpath=node_xpath)
enctext = _sec.crypto.encrypt_assertion(response,
self.client.sec.encryption_keypairs[
0]["cert_file"],
pre_encryption_part(),
node_xpath=node_xpath)
response = samlp.response_from_string(enctext)
response.assertion = response.assertion[0]
response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
response.assertion.advice.encrypted_assertion.append(
EncryptedAssertion())
response.assertion.advice.encrypted_assertion[1].add_extension_element(a_assertion_4)
response.assertion.advice.encrypted_assertion[1].add_extension_element(
a_assertion_4)
advice_tag = response.assertion.advice._to_element_tree().tag
assertion_tag = a_assertion_4._to_element_tree().tag
@@ -1162,19 +1235,25 @@ class TestClient:
response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
assertion_tag, advice_tag)
response = _sec.sign_statement("%s" % response, class_name(a_assertion_4),
response = _sec.sign_statement("%s" % response,
class_name(a_assertion_4),
key_file=self.server.sec.key_file,
node_id=a_assertion_4.id)
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
["Response", "Assertion", "Advice",
"EncryptedAssertion", "Assertion"]])
enctext = _sec.crypto.encrypt_assertion(response, self.client.sec.encryption_keypairs[1]["cert_file"],
pre_encryption_part(), node_xpath=node_xpath)
enctext = _sec.crypto.encrypt_assertion(response,
self.client.sec.encryption_keypairs[
1]["cert_file"],
pre_encryption_part(),
node_xpath=node_xpath)
response = samlp.response_from_string(enctext)
response = _sec.sign_statement("%s" % response, class_name(response.assertion[0]),
response = _sec.sign_statement("%s" % response,
class_name(response.assertion[0]),
key_file=self.server.sec.key_file,
node_id=response.assertion[0].id)
@@ -1193,7 +1272,8 @@ class TestClient:
assert resp.assertion.advice
assert resp.assertion.advice.assertion
assert resp.ava == \
{'street': ['street'], 'uid': ['test01'], 'title': ['title'], 'givenName': ['Derek'], 'email':
{'street': ['street'], 'uid': ['test01'], 'title': ['title'],
'givenName': ['Derek'], 'email':
['test.testsson@test.se'], 'sn': ['Jeter']}
def test_signed_redirect(self):
@@ -1238,7 +1318,8 @@ class TestClient:
assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
resp = client.do_logout(nid, entity_ids, "Tired", in_a_while(minutes=5),
sign=True, expected_binding=BINDING_HTTP_REDIRECT)
sign=True,
expected_binding=BINDING_HTTP_REDIRECT)
assert list(resp.keys()) == entity_ids
binding, info = resp[entity_ids[0]]
@@ -1354,7 +1435,8 @@ class TestClientWithDummy():
def test_do_negotiated_authn(self):
binding = BINDING_HTTP_REDIRECT
response_binding = BINDING_HTTP_POST
sid, auth_binding, http_args = self.client.prepare_for_negotiated_authenticate(
sid, auth_binding, http_args = \
self.client.prepare_for_negotiated_authenticate(
IDP, "http://www.example.com/relay_state",
binding=binding, response_binding=response_binding)