Renamed files to have consistent views.

doc/howto.rst

@@ -67,7 +67,7 @@ To change file names, the references in the Tool Configuration need be be change
 (4) Test Tool Metadata
 ::::::::::::::::::::::
 The test tool’s metadata is generated from the contents of the Tool Configuration, e.g. if testing an IDP:
-make_metadata.py idp_test_config.py > idp_test_sp_metadata.xml
+make_metadata.py config.py > testdrv_metadata.xml
 
 The resulting SAML2 metadata needs to be imported to the test target.
 

src/sp_test/tests.py

@@ -155,6 +155,20 @@ class AuthnResponse_SubjectConfirmationData_no_inresponse(AuthnResponse):
         return message
 
 
+class AuthnResponse_wrong_Recipient(AuthnResponse):
+    def pre_processing(self, message, **kwargs):
+        _confirmation = message.assertion.subject.subject_confirmation
+        _confirmation.subject_confirmation_data.recipient = rndstr(16)
+        return message
+
+
+class AuthnResponse_missing_Recipient(AuthnResponse):
+    def pre_processing(self, message, **kwargs):
+        _confirmation = message.assertion.subject.subject_confirmation
+        _confirmation.subject_confirmation_data.recipient = None
+        return message
+
+
 class AuthnResponse_broken_destination(AuthnResponse):
     def pre_processing(self, message, **kwargs):
         message.destination = "NotAUrl"
@@ -250,6 +264,20 @@ StatusCode is not success""",
                       check.ErrorResponse)],
         "tests": {"pre": [], "post": []}
     },
+    'FL14a': {
+        "name": "SP should not accept wrong Recipient attribute",
+        "sequence": [(Login, AuthnRequest,
+                      AuthnResponse_broken_destination,
+                      check.ErrorResponse)],
+        "tests": {"pre": [], "post": []}
+    },
+    'FL14b': {
+        "name": "SP should not accept missing Recipient attribute",
+        "sequence": [(Login, AuthnRequest,
+                      AuthnResponse_broken_destination,
+                      check.ErrorResponse)],
+        "tests": {"pre": [], "post": []}
+    },
 }
 
 #

tests/idp_test/target_idp.py

@@ -0,0 +1,77 @@
+#!/usr/bin/env python
+from saml2.saml import NAME_FORMAT_URI
+
+__author__ = 'rolandh'
+
+import json
+
+BASE = "http://localhost:8088"
+
+metadata = open("./idp/idp.xml").read()
+
+info = {
+    "entity_id": "%s/idp.xml" % BASE,
+    "interaction": [
+        {
+            "matches": {
+                "url": "%s/sso/redirect" % BASE,
+                "title": 'IDP test login'
+            },
+            "page-type": "login",
+            "control": {
+                "type": "form",
+                "set": {"login": "roland", "password": "dianakra"}
+            }
+        },
+        {
+            "matches": {
+                "url": "%s/sso/post" % BASE,
+                "title": 'IDP test login'
+            },
+            "page-type": "login",
+            "control": {
+                "type": "form",
+                "set": {"login": "roland", "password": "dianakra"}
+            }
+        },
+        {
+            "matches": {
+                "url": "%s/sso/redirect" % BASE,
+                "title": "SAML 2.0 POST"
+            },
+            "page-type": "other",
+            "control": {
+                "index": 0,
+                "type": "form",
+            }
+        },
+        {
+            "matches": {
+                "url": "%s/sso/post" % BASE,
+                "title": "SAML 2.0 POST"
+            },
+            "page-type": "other",
+            "control": {
+                "index": 0,
+                "type": "form",
+                "set": {}
+            }
+        },
+        {
+            "matches": {
+                "url": "%s/slo/post" % BASE,
+                "title": "SAML 2.0 POST"
+            },
+            "page-type": "other",
+            "control": {
+                "index": 0,
+                "type": "form",
+                "set": {}
+            }
+        }
+    ],
+    "metadata": metadata,
+    "name_format": NAME_FORMAT_URI
+}
+
+print json.dumps(info)

tests/sp_test/config.py

@@ -56,8 +56,8 @@ CONFIG = {
         },
     },
     "debug": 1,
-    "key_file": "pki/server.key",
-    "cert_file": "pki/server.crt",
+    "key_file": "../keys/mykey.pem",
+    "cert_file": "../keys/mycert.pem",
     "metadata": {},
     "organization": {
         "display_name": "Rolands Identiteter",

tests/sp_test/pki/mycert.pem

@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
-BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx
-EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz
-MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l
-YTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAw
-DgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7
-bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MC
-FiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiR
-mo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQW
-BBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9
-o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAW
-BgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UE
-AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO
-zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN
-+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=
------END CERTIFICATE-----

tests/sp_test/pki/mykey.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr
-6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43
-qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQAB
-AoGAbx9rKH91DCw/ZEPhHsVXJ6cYHxGcMoAWvnMMC9WUN+bNo4gNL205DLfsxXA1
-jqXFXZj3+38vSFumGPA6IvXrN+Wyp3+Lz3QGc4K5OdHeBtYlxa6EsrxPgvuxYDUB
-vx3xdWPMjy06G/ML+pR9XHnRaPNubXQX3UxGBuLjwNXVmyECQQD2/D84tYoCGWoq
-5FhUBxFUy2nnOLKYC/GGxBTX62iLfMQ3fbQcdg2pJsB5rrniyZf7UL+9FOsAO9k1
-8DO7G12DAkEA7Hkdg1KEw4ZfjnnjEa+KqpyLTLRQ91uTVW6kzR+4zY719iUJ/PXE
-PxJqm1ot7mJd1LW+bWtjLpxs7jYH19V+kQJBAIEpn2JnxdmdMuFlcy/WVmDy09pg
-0z0imdexeXkFmjHAONkQOv3bWv+HzYaVMo8AgCOksfEPHGqN4eUMTfFeuUMCQF+5
-E1JSd/2yCkJhYqKJHae8oMLXByNqRXTCyiFioutK4JPYIHfugJdLfC4QziD+Xp85
-RrGCU+7NUWcIJhqfiJECQAIgUAzfzhdj5AyICaFPaOQ+N8FVMLcTyqeTXP0sIlFk
-JStVibemTRCbxdXXM7OVipz1oW3PBVEO3t/VyjiaGGg=
------END RSA PRIVATE KEY-----

tests/sp_test/pki/server.crt

@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICNzCCAaACCQCsW28S35BoDDANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJT
-RTEMMAoGA1UEBxMDVW1lMRcwFQYDVQQKEw5VbWUgVW5pdmVyc2l0eTEMMAoGA1UE
-CxMDSVRTMRwwGgYDVQQDExNsaW5nb24ubGFkb2sudW11LnNlMB4XDTEzMDIyNzEy
-MjA0MVoXDTE0MDIyNzEyMjA0MVowYDELMAkGA1UEBhMCU0UxDDAKBgNVBAcTA1Vt
-ZTEXMBUGA1UEChMOVW1lIFVuaXZlcnNpdHkxDDAKBgNVBAsTA0lUUzEcMBoGA1UE
-AxMTbGluZ29uLmxhZG9rLnVtdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAyL9EFHRYqFpVYKiACo7v448Fr8GWD2rbsAJSfWYtAbZ0jEpzRc2+bljxp311
-vVy0XbTeSOK1fYHyj3PWj1cjCARQ6eAnfq5BlA8wKXY/mCirgQfPowroTSur4+qs
-BykHT/y1GaivFAWpAyxChEeJxa8Hq/aZHI6oZdThjE9vpz0CAwEAATANBgkqhkiG
-9w0BAQUFAAOBgQB0dZMCIhgQOB0D0Pc6cqE2iPD3OA0DhD62TtENnQeQ/+cRtkJ5
-Dx/WU6cQ3VtkxdwknxzUUmA8vyJCLFqNLGfAfEKA17w8spPwR30p0wOWJtqsjc1y
-LTu4GL8TsEDR0NWwDJQZCiIx4og/T68Mp0rVb7bQ+10tnTzkaYJhXWmQsg==
------END CERTIFICATE-----

tests/sp_test/pki/server.csr

@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBoDCCAQkCAQAwYDELMAkGA1UEBhMCU0UxDDAKBgNVBAcTA1VtZTEXMBUGA1UE
-ChMOVW1lIFVuaXZlcnNpdHkxDDAKBgNVBAsTA0lUUzEcMBoGA1UEAxMTbGluZ29u
-LmxhZG9rLnVtdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyL9EFHRY
-qFpVYKiACo7v448Fr8GWD2rbsAJSfWYtAbZ0jEpzRc2+bljxp311vVy0XbTeSOK1
-fYHyj3PWj1cjCARQ6eAnfq5BlA8wKXY/mCirgQfPowroTSur4+qsBykHT/y1Gaiv
-FAWpAyxChEeJxa8Hq/aZHI6oZdThjE9vpz0CAwEAAaAAMA0GCSqGSIb3DQEBBQUA
-A4GBAB1QcNrP/iJxJTLu8+nyKX+PCRkELYvOY6tDd4EjP56nJP4JRLzJ0qeR0Wic
-g7BVbaYu5khUTNML5CRteDVBp5ZoMxgiWkYCsKGROvP5r6xHFok67QgL9gQ8/bJr
-O4nNF7Zi8WXvkHN9HuHbzyiY22aRr9QZ2HrrswT5pbOrTXSf
------END CERTIFICATE REQUEST-----

tests/sp_test/pki/server.key

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDIv0QUdFioWlVgqIAKju/jjwWvwZYPatuwAlJ9Zi0BtnSMSnNF
-zb5uWPGnfXW9XLRdtN5I4rV9gfKPc9aPVyMIBFDp4Cd+rkGUDzApdj+YKKuBB8+j
-CuhNK6vj6qwHKQdP/LUZqK8UBakDLEKER4nFrwer9pkcjqhl1OGMT2+nPQIDAQAB
-AoGAGHlpHW1J2cyZmB0y7xaaHI41TUY2u0511jGSSQOJ/Sl3cBsrjpkU3HMvkxHy
-ptGEk+AXMZ+iLNkI74BZ6kPfW0V7C3yia6QE8EjU9dbiwDCb8v5zt+/Q5/w658Yr
-cscfIL//vqNNIwlaSuDPrAVIRT38AuklvMAkZh2/EMCOOYECQQDwvgCb1sqQ0tqf
-sfYA3ZB1lZ4fBFR11CYEUZiR5tslrJQpu4C2MHu+ReRHYu0GlqQu9tY2zkzYGQX0
-d15J90ExAkEA1XhZ3alyGS9Ge7FAV/OFgmFSRIi3HKUsLf0OwbG5rQqjPs5SrpOq
-lw9st0t5nj20CxRUp5z/VBigNVjct0LjzQJAXAhm9yyP1/mjtnU0FHSfazQ9dKIV
-H85wkioXZ3+Xu7lUEvgpZnz2cXEKqfe5oVEphwK6Nc18Nwip7CFOHHy3oQJAKuhe
-/9wQUBmdjD1LlqIfQt62/4mPbNWSdMf50Fsd3DdYKsaj/e02i9iQ3KLyFimG5/c1
-MN+wvsGYakCrVLbAPQJAAnDZmdYXJ5W3y6zn0GgVaiRPKNWXQfFeLXYj0wpM4WFo
-VYNqfyq2PQLWKspVsUrbJYaDl6U9WmtD7Uwabbq3+Q==
------END RSA PRIVATE KEY-----

tests/sp_test/pki/server.key.org

@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,7E7264C57D049F36
-
-Xe0/i5Z/aWU8nxfb0RNyzJ+zSnycFO2Jdk0rVnu1PIaEpjDaZiFUuaTueoNl/bqY
-ZLtB/2bitGyRDaw+1kzqGmDG5cxyH0mGFWuv0uk/amaNgzuqox0Bvi/iQeAKP+Ao
-iDoSZTsm4+pee9XkdcO54MG9P748mxintnM9e/IyB1D+JSx0V3iLfx15yBdQOa2z
-FEb+E1FRZaivnI96lu4QG204QQKfpK1ANrCZo+zjcXkO1ArfsRBuKMmlcSGDXVWl
-FJYhPgoF2Vbdn+YeNxcoaHF2vlC3T0gu0MVTFjQStVHCygQo4AdxBn6Mws76q/U+
-5xorj5pEplDQ0emebF442Xcr5s2W5u6U+HbxUSW9LcqZavD8CrI9SYPyC9xC+RbM
-7uZ4b+dIX7CZlXkbkwsI+sl93vfD4Q+Vtcz/ugsfHUAESrWfwd0Ki9DZ0EIX3UPH
-MeYYCOcfFSKXCT7tG8O799sHkPZiD6jqzC1vLt+WBsTbCFlf63mtxE5q0AyQmYFC
-89hLJLHBGQ47GvCvcNTJQJdfbdxvdwxFVmB7jM/IErguilvZmdgxDyKtT8dzXnPg
-+ZWVgS6qM98PnCTPYz3msS1tFCn4RmcN2yzcicjw16s9Oj69gP2ijJFYTJgu/83q
-c8NgFp5sVm17RiHut6NDPXWx5xTs2XVFSQCIcGheuJNQjZakDydiSCU4pRvWLgjr
-h87d+eYfde/gTRX5sML26Fx6N44vxIzv8zt7yaEjjwixQlx41ErjH7VehJMRk2k5
-Zeynhek7EVfT1U3Wu3+3FMmUDwtDa0BE2d28Xyn15xg=
------END RSA PRIVATE KEY-----