diff --git a/doc/howto.rst b/doc/howto.rst index 92cf5e3..81263e0 100644 --- a/doc/howto.rst +++ b/doc/howto.rst @@ -67,7 +67,7 @@ To change file names, the references in the Tool Configuration need be be change (4) Test Tool Metadata :::::::::::::::::::::: The test tool’s metadata is generated from the contents of the Tool Configuration, e.g. if testing an IDP: -make_metadata.py idp_test_config.py > idp_test_sp_metadata.xml +make_metadata.py config.py > testdrv_metadata.xml The resulting SAML2 metadata needs to be imported to the test target. diff --git a/src/sp_test/tests.py b/src/sp_test/tests.py index 480737e..75407f7 100644 --- a/src/sp_test/tests.py +++ b/src/sp_test/tests.py @@ -155,6 +155,20 @@ class AuthnResponse_SubjectConfirmationData_no_inresponse(AuthnResponse): return message +class AuthnResponse_wrong_Recipient(AuthnResponse): + def pre_processing(self, message, **kwargs): + _confirmation = message.assertion.subject.subject_confirmation + _confirmation.subject_confirmation_data.recipient = rndstr(16) + return message + + +class AuthnResponse_missing_Recipient(AuthnResponse): + def pre_processing(self, message, **kwargs): + _confirmation = message.assertion.subject.subject_confirmation + _confirmation.subject_confirmation_data.recipient = None + return message + + class AuthnResponse_broken_destination(AuthnResponse): def pre_processing(self, message, **kwargs): message.destination = "NotAUrl" @@ -250,6 +264,20 @@ StatusCode is not success""", check.ErrorResponse)], "tests": {"pre": [], "post": []} }, + 'FL14a': { + "name": "SP should not accept wrong Recipient attribute", + "sequence": [(Login, AuthnRequest, + AuthnResponse_broken_destination, + check.ErrorResponse)], + "tests": {"pre": [], "post": []} + }, + 'FL14b': { + "name": "SP should not accept missing Recipient attribute", + "sequence": [(Login, AuthnRequest, + AuthnResponse_broken_destination, + check.ErrorResponse)], + "tests": {"pre": [], "post": []} + }, } # diff --git a/tests/idp_test/target_idp.py b/tests/idp_test/target_idp.py new file mode 100755 index 0000000..ea60f7f --- /dev/null +++ b/tests/idp_test/target_idp.py @@ -0,0 +1,77 @@ +#!/usr/bin/env python +from saml2.saml import NAME_FORMAT_URI + +__author__ = 'rolandh' + +import json + +BASE = "http://localhost:8088" + +metadata = open("./idp/idp.xml").read() + +info = { + "entity_id": "%s/idp.xml" % BASE, + "interaction": [ + { + "matches": { + "url": "%s/sso/redirect" % BASE, + "title": 'IDP test login' + }, + "page-type": "login", + "control": { + "type": "form", + "set": {"login": "roland", "password": "dianakra"} + } + }, + { + "matches": { + "url": "%s/sso/post" % BASE, + "title": 'IDP test login' + }, + "page-type": "login", + "control": { + "type": "form", + "set": {"login": "roland", "password": "dianakra"} + } + }, + { + "matches": { + "url": "%s/sso/redirect" % BASE, + "title": "SAML 2.0 POST" + }, + "page-type": "other", + "control": { + "index": 0, + "type": "form", + } + }, + { + "matches": { + "url": "%s/sso/post" % BASE, + "title": "SAML 2.0 POST" + }, + "page-type": "other", + "control": { + "index": 0, + "type": "form", + "set": {} + } + }, + { + "matches": { + "url": "%s/slo/post" % BASE, + "title": "SAML 2.0 POST" + }, + "page-type": "other", + "control": { + "index": 0, + "type": "form", + "set": {} + } + } + ], + "metadata": metadata, + "name_format": NAME_FORMAT_URI +} + +print json.dumps(info) \ No newline at end of file diff --git a/tests/sp_test/config.py b/tests/sp_test/config.py index 0916241..c722960 100644 --- a/tests/sp_test/config.py +++ b/tests/sp_test/config.py @@ -56,8 +56,8 @@ CONFIG = { }, }, "debug": 1, - "key_file": "pki/server.key", - "cert_file": "pki/server.crt", + "key_file": "../keys/mykey.pem", + "cert_file": "../keys/mycert.pem", "metadata": {}, "organization": { "display_name": "Rolands Identiteter", diff --git a/tests/sp_test/pki/mycert.pem b/tests/sp_test/pki/mycert.pem deleted file mode 100644 index d4a0873..0000000 --- a/tests/sp_test/pki/mycert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV -BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx -EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz -MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l -YTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAw -DgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7 -bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MC -FiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiR -mo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQW -BBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9 -o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAW -BgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UE -AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO -zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN -+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI= ------END CERTIFICATE----- diff --git a/tests/sp_test/pki/mykey.pem b/tests/sp_test/pki/mykey.pem deleted file mode 100644 index d9ec5f8..0000000 --- a/tests/sp_test/pki/mykey.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr -6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43 -qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQAB -AoGAbx9rKH91DCw/ZEPhHsVXJ6cYHxGcMoAWvnMMC9WUN+bNo4gNL205DLfsxXA1 -jqXFXZj3+38vSFumGPA6IvXrN+Wyp3+Lz3QGc4K5OdHeBtYlxa6EsrxPgvuxYDUB -vx3xdWPMjy06G/ML+pR9XHnRaPNubXQX3UxGBuLjwNXVmyECQQD2/D84tYoCGWoq -5FhUBxFUy2nnOLKYC/GGxBTX62iLfMQ3fbQcdg2pJsB5rrniyZf7UL+9FOsAO9k1 -8DO7G12DAkEA7Hkdg1KEw4ZfjnnjEa+KqpyLTLRQ91uTVW6kzR+4zY719iUJ/PXE -PxJqm1ot7mJd1LW+bWtjLpxs7jYH19V+kQJBAIEpn2JnxdmdMuFlcy/WVmDy09pg -0z0imdexeXkFmjHAONkQOv3bWv+HzYaVMo8AgCOksfEPHGqN4eUMTfFeuUMCQF+5 -E1JSd/2yCkJhYqKJHae8oMLXByNqRXTCyiFioutK4JPYIHfugJdLfC4QziD+Xp85 -RrGCU+7NUWcIJhqfiJECQAIgUAzfzhdj5AyICaFPaOQ+N8FVMLcTyqeTXP0sIlFk -JStVibemTRCbxdXXM7OVipz1oW3PBVEO3t/VyjiaGGg= ------END RSA PRIVATE KEY----- diff --git a/tests/sp_test/pki/server.crt b/tests/sp_test/pki/server.crt deleted file mode 100644 index b26cb7e..0000000 --- a/tests/sp_test/pki/server.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICNzCCAaACCQCsW28S35BoDDANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJT -RTEMMAoGA1UEBxMDVW1lMRcwFQYDVQQKEw5VbWUgVW5pdmVyc2l0eTEMMAoGA1UE -CxMDSVRTMRwwGgYDVQQDExNsaW5nb24ubGFkb2sudW11LnNlMB4XDTEzMDIyNzEy -MjA0MVoXDTE0MDIyNzEyMjA0MVowYDELMAkGA1UEBhMCU0UxDDAKBgNVBAcTA1Vt -ZTEXMBUGA1UEChMOVW1lIFVuaXZlcnNpdHkxDDAKBgNVBAsTA0lUUzEcMBoGA1UE -AxMTbGluZ29uLmxhZG9rLnVtdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC -gYEAyL9EFHRYqFpVYKiACo7v448Fr8GWD2rbsAJSfWYtAbZ0jEpzRc2+bljxp311 -vVy0XbTeSOK1fYHyj3PWj1cjCARQ6eAnfq5BlA8wKXY/mCirgQfPowroTSur4+qs -BykHT/y1GaivFAWpAyxChEeJxa8Hq/aZHI6oZdThjE9vpz0CAwEAATANBgkqhkiG -9w0BAQUFAAOBgQB0dZMCIhgQOB0D0Pc6cqE2iPD3OA0DhD62TtENnQeQ/+cRtkJ5 -Dx/WU6cQ3VtkxdwknxzUUmA8vyJCLFqNLGfAfEKA17w8spPwR30p0wOWJtqsjc1y -LTu4GL8TsEDR0NWwDJQZCiIx4og/T68Mp0rVb7bQ+10tnTzkaYJhXWmQsg== ------END CERTIFICATE----- diff --git a/tests/sp_test/pki/server.csr b/tests/sp_test/pki/server.csr deleted file mode 100644 index ee304b8..0000000 --- a/tests/sp_test/pki/server.csr +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBoDCCAQkCAQAwYDELMAkGA1UEBhMCU0UxDDAKBgNVBAcTA1VtZTEXMBUGA1UE -ChMOVW1lIFVuaXZlcnNpdHkxDDAKBgNVBAsTA0lUUzEcMBoGA1UEAxMTbGluZ29u -LmxhZG9rLnVtdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyL9EFHRY -qFpVYKiACo7v448Fr8GWD2rbsAJSfWYtAbZ0jEpzRc2+bljxp311vVy0XbTeSOK1 -fYHyj3PWj1cjCARQ6eAnfq5BlA8wKXY/mCirgQfPowroTSur4+qsBykHT/y1Gaiv -FAWpAyxChEeJxa8Hq/aZHI6oZdThjE9vpz0CAwEAAaAAMA0GCSqGSIb3DQEBBQUA -A4GBAB1QcNrP/iJxJTLu8+nyKX+PCRkELYvOY6tDd4EjP56nJP4JRLzJ0qeR0Wic -g7BVbaYu5khUTNML5CRteDVBp5ZoMxgiWkYCsKGROvP5r6xHFok67QgL9gQ8/bJr -O4nNF7Zi8WXvkHN9HuHbzyiY22aRr9QZ2HrrswT5pbOrTXSf ------END CERTIFICATE REQUEST----- diff --git a/tests/sp_test/pki/server.key b/tests/sp_test/pki/server.key deleted file mode 100644 index 26d2db8..0000000 --- a/tests/sp_test/pki/server.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQDIv0QUdFioWlVgqIAKju/jjwWvwZYPatuwAlJ9Zi0BtnSMSnNF -zb5uWPGnfXW9XLRdtN5I4rV9gfKPc9aPVyMIBFDp4Cd+rkGUDzApdj+YKKuBB8+j -CuhNK6vj6qwHKQdP/LUZqK8UBakDLEKER4nFrwer9pkcjqhl1OGMT2+nPQIDAQAB -AoGAGHlpHW1J2cyZmB0y7xaaHI41TUY2u0511jGSSQOJ/Sl3cBsrjpkU3HMvkxHy -ptGEk+AXMZ+iLNkI74BZ6kPfW0V7C3yia6QE8EjU9dbiwDCb8v5zt+/Q5/w658Yr -cscfIL//vqNNIwlaSuDPrAVIRT38AuklvMAkZh2/EMCOOYECQQDwvgCb1sqQ0tqf -sfYA3ZB1lZ4fBFR11CYEUZiR5tslrJQpu4C2MHu+ReRHYu0GlqQu9tY2zkzYGQX0 -d15J90ExAkEA1XhZ3alyGS9Ge7FAV/OFgmFSRIi3HKUsLf0OwbG5rQqjPs5SrpOq -lw9st0t5nj20CxRUp5z/VBigNVjct0LjzQJAXAhm9yyP1/mjtnU0FHSfazQ9dKIV -H85wkioXZ3+Xu7lUEvgpZnz2cXEKqfe5oVEphwK6Nc18Nwip7CFOHHy3oQJAKuhe -/9wQUBmdjD1LlqIfQt62/4mPbNWSdMf50Fsd3DdYKsaj/e02i9iQ3KLyFimG5/c1 -MN+wvsGYakCrVLbAPQJAAnDZmdYXJ5W3y6zn0GgVaiRPKNWXQfFeLXYj0wpM4WFo -VYNqfyq2PQLWKspVsUrbJYaDl6U9WmtD7Uwabbq3+Q== ------END RSA PRIVATE KEY----- diff --git a/tests/sp_test/pki/server.key.org b/tests/sp_test/pki/server.key.org deleted file mode 100644 index 545078e..0000000 --- a/tests/sp_test/pki/server.key.org +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,7E7264C57D049F36 - -Xe0/i5Z/aWU8nxfb0RNyzJ+zSnycFO2Jdk0rVnu1PIaEpjDaZiFUuaTueoNl/bqY -ZLtB/2bitGyRDaw+1kzqGmDG5cxyH0mGFWuv0uk/amaNgzuqox0Bvi/iQeAKP+Ao -iDoSZTsm4+pee9XkdcO54MG9P748mxintnM9e/IyB1D+JSx0V3iLfx15yBdQOa2z -FEb+E1FRZaivnI96lu4QG204QQKfpK1ANrCZo+zjcXkO1ArfsRBuKMmlcSGDXVWl -FJYhPgoF2Vbdn+YeNxcoaHF2vlC3T0gu0MVTFjQStVHCygQo4AdxBn6Mws76q/U+ -5xorj5pEplDQ0emebF442Xcr5s2W5u6U+HbxUSW9LcqZavD8CrI9SYPyC9xC+RbM -7uZ4b+dIX7CZlXkbkwsI+sl93vfD4Q+Vtcz/ugsfHUAESrWfwd0Ki9DZ0EIX3UPH -MeYYCOcfFSKXCT7tG8O799sHkPZiD6jqzC1vLt+WBsTbCFlf63mtxE5q0AyQmYFC -89hLJLHBGQ47GvCvcNTJQJdfbdxvdwxFVmB7jM/IErguilvZmdgxDyKtT8dzXnPg -+ZWVgS6qM98PnCTPYz3msS1tFCn4RmcN2yzcicjw16s9Oj69gP2ijJFYTJgu/83q -c8NgFp5sVm17RiHut6NDPXWx5xTs2XVFSQCIcGheuJNQjZakDydiSCU4pRvWLgjr -h87d+eYfde/gTRX5sML26Fx6N44vxIzv8zt7yaEjjwixQlx41ErjH7VehJMRk2k5 -Zeynhek7EVfT1U3Wu3+3FMmUDwtDa0BE2d28Xyn15xg= ------END RSA PRIVATE KEY----- diff --git a/tests/sp_test/localsp.py b/tests/sp_test/targetsp.py similarity index 100% rename from tests/sp_test/localsp.py rename to tests/sp_test/targetsp.py