openstack/deb-python-pysaml2
Code Issues Proposed changes

Updated tests to follow changes in system

Browse Source
This commit is contained in:
Roland Hedberg
2009-11-06 19:42:01 +01:00
parent e8a2abf8cf
commit c8ce62f2e3
4 changed files with 182 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tests/metadata.xml
View File

@@ -1,5 +1,5 @@
<?xml version='1.0' encoding='UTF-8'?>
<ns0:EntitiesDescriptor name="urn:mace:umu.se:saml:test" validUntil="2009-12-01T20:20:32Z" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"><ns0:EntityDescriptor entityID="urn:mace:umu.se:saml:rolandsp"><ns0:SPSSODescriptor AuthnRequestsSigned="False" WantAssertionsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
<ns0:EntitiesDescriptor name="urn:mace:umu.se:saml:test" validUntil="2009-12-04T17:31:07Z" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"><ns0:EntityDescriptor entityID="urn:mace:umu.se:saml:roland:sp"><ns0:SPSSODescriptor AuthnRequestsSigned="False" WantAssertionsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx
EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz
MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l
@@ -15,4 +15,20 @@ AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO
zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN
+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=
</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lingon.catalogix.se:8087/" index="0" /></ns0:SPSSODescriptor><ns0:Organization><ns0:OrganizationURL>http://www.umu.se/</ns0:OrganizationURL><ns0:OrganizationName>Umea University</ns0:OrganizationName></ns0:Organization><ns0:ContactPerson><ns0:GivenName>Roland</ns0:GivenName><ns0:SurName>Hedberg</ns0:SurName><ns0:EmailAddress>roland.hedberg@adm.umu.se</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor></ns0:EntitiesDescriptor>
</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8087/" index="0" /></ns0:SPSSODescriptor><ns0:Organization><ns0:OrganizationURL>http://www.umu.se/</ns0:OrganizationURL><ns0:OrganizationName>Umea University</ns0:OrganizationName></ns0:Organization><ns0:ContactPerson><ns0:GivenName>Roland</ns0:GivenName><ns0:SurName>Hedberg</ns0:SurName><ns0:EmailAddress>roland.hedberg@adm.umu.se</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="urn:mace:umu.se:saml:roland:idp"><ns0:IDPSSODescriptor WantAuthnRequestsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx
EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz
MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l
YTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAw
DgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7
bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MC
FiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiR
mo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQW
BBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9
o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAW
BgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UE
AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO
zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN
+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=
</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8088/sso/" /></ns0:IDPSSODescriptor><ns0:Organization><ns0:OrganizationURL>http://www.umu.se/</ns0:OrganizationURL><ns0:OrganizationName>Umea University</ns0:OrganizationName></ns0:Organization><ns0:ContactPerson><ns0:GivenName>Roland</ns0:GivenName><ns0:SurName>Hedberg</ns0:SurName><ns0:EmailAddress>roland.hedberg@adm.umu.se</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor></ns0:EntitiesDescriptor>

5
tests/server.config
View File

@@ -1,10 +1,11 @@
{
"entityid" : "urn:mace:umu.se:saml:rolandsp",
"my_name" : "urn:mace:umu.se:saml:rolandsp",
"entityid" : "urn:mace:umu.se:saml:roland:sp",
"my_name" : "urn:mace:umu.se:saml:roland:sp",
"service_url" : "http://lingon.catalogix.se:8087/",
"debug" : 1,
"my_key" : "./mykey.pem",
"my_cert" : "./mycert.pem",
"xmlsec_binary" : "/opt/local/bin/xmlsec1",
"metadata": ["/Users/rolandh/code/pysaml2/tests/metadata.xml"],
"idp_entity_id": "urn:mace:umu.se:saml:roland:idp",
}

2
tests/test_client.py
View File

@@ -54,7 +54,7 @@ REQ1 = """<?xml version='1.0' encoding='UTF-8'?>
class TestClient:
def setup_class(self):
conf = client.verify_idp_conf("tests/server.config")
conf = client.verify_sp_conf("tests/server.config")
self.client = Saml2Client({},conf)
def test_verify_1(self):

212
tests/test_server.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from saml2.server import Server, OtherError
from saml2.server import Server, OtherError, UnknownPricipal
from saml2 import samlp, saml, client, utils
from saml2.utils import make_instance
from py.test import raises
@@ -19,21 +19,64 @@ class TestServer():
def setup_class(self):
self.server = Server("tests/server.config")
def test_success_status(self):
stat = self.server.status(samlp.STATUS_SUCCESS)
status = make_instance( samlp.Status, stat )
def test_status_success(self):
stat = self.server.status(
status_code=self.server.status_code(
value=samlp.STATUS_SUCCESS))
status = make_instance( samlp.Status, stat)
status_text = "%s" % status
assert status_text == SUCCESS_STATUS
assert status.status_code.value == samlp.STATUS_SUCCESS
def test_success_status(self):
stat = self.server.success_status()
status = make_instance(samlp.Status, stat)
status_text = "%s" % status
assert status_text == SUCCESS_STATUS
assert status.status_code.value == samlp.STATUS_SUCCESS
def test_error_status(self):
stat = self.server.status(samlp.STATUS_RESPONDER,
message="Error resolving principal",
status_code=self.server.status(samlp.STATUS_UNKNOWN_PRINCIPAL))
stat = self.server.status(
status_message=self.server.status_message(
"Error resolving principal"),
status_code=self.server.status_code(
value=samlp.STATUS_RESPONDER,
status_code=self.server.status_code(
value=samlp.STATUS_UNKNOWN_PRINCIPAL)))
status_text = "%s" % make_instance( samlp.Status, stat )
print status_text
assert status_text == ERROR_STATUS
def test_status_from_exception(self):
e = UnknownPricipal("Error resolving principal")
stat = self.server.status_from_exception(e)
status_text = "%s" % make_instance( samlp.Status, stat )
assert status_text == ERROR_STATUS
def test_attribute_statement(self):
astat = self.server.do_attribute_statement({"surName":"Jeter",
"givenName":"Derek"})
statement = make_instance(saml.AttributeStatement,astat)
assert statement.keyswv() == ["attribute"]
assert len(statement.attribute) == 2
attr0 = statement.attribute[0]
assert _eq(attr0.keyswv(), ["name","attribute_value"])
assert len(attr0.attribute_value) == 1
attr1 = statement.attribute[1]
assert _eq(attr1.keyswv(), ["name","attribute_value"])
assert len(attr1.attribute_value) == 1
if attr0.name == "givenName":
assert attr0.attribute_value[0].text == "Derek"
assert attr1.name == "surName"
assert attr1.attribute_value[0].text == "Jeter"
else:
assert attr0.name == "surName"
assert attr0.attribute_value[0].text == "Jeter"
assert attr1.name == "givenName"
assert attr1.attribute_value[0].text == "Derek"
def test_issuer(self):
issuer = make_instance( saml.Issuer, self.server.issuer())
assert isinstance(issuer, saml.Issuer)
@@ -43,15 +86,18 @@ class TestServer():
def test_audience(self):
aud_restr = make_instance( saml.AudienceRestriction,
self.server.audience_restriction("urn:foo:bar"))
self.server.audience_restriction(
audience=self.server.audience("urn:foo:bar")))
assert aud_restr.keyswv() == ["audience"]
assert aud_restr.audience.text == "urn:foo:bar"
def test_conditions(self):
conds_dict = self.server.conditions("2009-10-30T07:58:10.852Z",
"2009-10-30T08:03:10.852Z",
self.server.audience_restriction("urn:foo:bar"))
conds_dict = self.server.conditions(
not_before="2009-10-30T07:58:10.852Z",
not_on_or_after="2009-10-30T08:03:10.852Z",
audience_restriction=self.server.audience_restriction(
audience=self.server.audience("urn:foo:bar")))
conditions = make_instance(saml.Conditions, conds_dict)
assert _eq(conditions.keyswv(), ["not_before", "not_on_or_after",
@@ -81,7 +127,8 @@ class TestServer():
assert attribute.friendly_name == "givenName"
def test_value_3(self):
adict = self.server.attribute("Derek",name="urn:oid:2.5.4.42",
adict = self.server.attribute(attribute_value="Derek",
name="urn:oid:2.5.4.42",
name_format=saml.NAME_FORMAT_URI,
friendly_name="givenName")
attribute = make_instance(saml.Attribute, adict)
@@ -94,7 +141,7 @@ class TestServer():
assert attribute.attribute_value[0].text == "Derek"
def test_value_4(self):
adict = self.server.attribute("Derek",
adict = self.server.attribute(attribute_value="Derek",
friendly_name="givenName")
attribute = make_instance(saml.Attribute, adict)
assert _eq(attribute.keyswv(),["friendly_name", "attribute_value"])
@@ -102,27 +149,48 @@ class TestServer():
assert len(attribute.attribute_value) == 1
assert attribute.attribute_value[0].text == "Derek"
def test_attribute_statement(self):
asdict = self.server.attribute_statement([
self.server.attribute("Derek",
friendly_name="givenName"),
self.server.attribute("Jeter",
friendly_name="surName"),
])
attribute_statement = make_instance(saml.AttributeStatement,asdict)
assert len(attribute_statement.attribute) == 2
attr0 = attribute_statement.attribute[0]
attr1 = attribute_statement.attribute[1]
if attr0.attribute_value[0].text == "Derek":
assert attr0.friendly_name == "givenName"
assert attr1.friendly_name == "surName"
def test_do_attribute_statement(self):
astat = self.server.do_attribute_statement({"surName":"Jeter",
"givenName":["Derek","Sanderson"]})
statement = make_instance(saml.AttributeStatement,astat)
assert statement.keyswv() == ["attribute"]
assert len(statement.attribute) == 2
attr0 = statement.attribute[0]
assert _eq(attr0.keyswv(), ["name","attribute_value"])
attr1 = statement.attribute[1]
assert _eq(attr1.keyswv(), ["name","attribute_value"])
if attr0.name == "givenName":
assert len(attr0.attribute_value) == 2
assert _eq([av.text for av in attr0.attribute_value],
["Derek","Sanderson"])
assert attr1.name == "surName"
assert attr1.attribute_value[0].text == "Jeter"
assert len(attr1.attribute_value) == 1
else:
assert attr1.friendly_name == "givenName"
assert attr1.attribute_value[0].text == "Derek"
assert attr0.friendly_name == "surName"
assert attr0.name == "surName"
assert attr0.attribute_value[0].text == "Jeter"
assert len(attr0.attribute_value) == 1
assert attr1.name == "givenName"
assert len(attr1.attribute_value) == 2
assert _eq([av.text for av in attr1.attribute_value],
["Derek","Sanderson"])
def test_do_attribute_statement_multi(self):
astat = self.server.do_attribute_statement(
{("urn:oid:1.3.6.1.4.1.5923.1.1.1.7",
"urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"eduPersonEntitlement"):"Jeter"})
statement = make_instance(saml.AttributeStatement,astat)
assert statement.keyswv() == ["attribute"]
assert len(statement.attribute)
assert _eq(statement.attribute[0].keyswv(),
["name","name_format","friendly_name","attribute_value"])
attribute = statement.attribute[0]
assert attribute.name == "urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
assert attribute.name_format == (
"urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
assert attribute.friendly_name == "eduPersonEntitlement"
def test_subject(self):
adict = self.server.subject("_aaa",
name_id=saml.NAMEID_FORMAT_TRANSIENT)
@@ -134,18 +202,22 @@ class TestServer():
def test_assertion(self):
tmp = self.server.assertion(
subject= self.server.subject("_aaa",
name_id=saml.NAMEID_FORMAT_TRANSIENT),
attribute_statement = self.server.attribute_statement([
self.server.attribute("Derek", friendly_name="givenName"),
self.server.attribute("Jeter", friendly_name="surName"),
])
name_id=saml.NAMEID_FORMAT_TRANSIENT),
attribute_statement = self.server.attribute_statement(
attribute=[
self.server.attribute(attribute_value="Derek",
friendly_name="givenName"),
self.server.attribute(attribute_value="Jeter",
friendly_name="surName"),
]),
issuer=self.server.issuer(),
)
assertion = make_instance(saml.Assertion, tmp)
assert _eq(assertion.keyswv(),['attribute_statement', 'issuer', 'id',
'subject', 'issue_instant', 'version'])
assert assertion.version == "2.0"
assert assertion.issuer.text == "urn:mace:umu.se:saml:rolandsp"
assert assertion.issuer.text == "urn:mace:umu.se:saml:roland:sp"
#
assert len(assertion.attribute_statement) == 1
attribute_statement = assertion.attribute_statement[0]
@@ -170,18 +242,20 @@ class TestServer():
def test_response(self):
tmp = self.server.response(
in_response_to="_012345",
destination="https://www.example.com",
status=self.server.status(samlp.STATUS_SUCCESS),
destination="https:#www.example.com",
status=self.server.success_status(),
assertion=self.server.assertion(
subject = self.server.subject("_aaa",
name_id=saml.NAMEID_FORMAT_TRANSIENT),
attribute_statement = self.server.attribute_statement([
self.server.attribute("Derek",
self.server.attribute(attribute_value="Derek",
friendly_name="givenName"),
self.server.attribute("Jeter",
self.server.attribute(attribute_value="Jeter",
friendly_name="surName"),
])
)
]),
issuer=self.server.issuer(),
),
issuer=self.server.issuer(),
)
response = make_instance(samlp.Response, tmp)
@@ -190,8 +264,8 @@ class TestServer():
'in_response_to', 'issue_instant',
'version', 'issuer', 'id'])
assert response.version == "2.0"
assert response.issuer.text == "urn:mace:umu.se:saml:rolandsp"
assert response.destination == "https://www.example.com"
assert response.issuer.text == "urn:mace:umu.se:saml:roland:sp"
assert response.destination == "https:#www.example.com"
assert response.in_response_to == "_012345"
#
status = response.status
@@ -203,12 +277,12 @@ class TestServer():
query_id = "1",
destination = "http://www.example.com",
service_url = "http://www.example.org",
spentityid = "urn:mace:umu.se:saml:rolandsp",
spentityid = "urn:mace:umu.se:saml:roland:sp",
my_name = "My real name",
)
intermed = utils.deflate_and_base64_encode("%s" % authn_request)
# should raise an error
# should raise an error because faulty spentityid
raises(OtherError,self.server.parse_request,intermed)
def test_parse_faulty_request_to_err_status(self):
@@ -216,7 +290,7 @@ class TestServer():
query_id = "1",
destination = "http://www.example.com",
service_url = "http://www.example.org",
spentityid = "urn:mace:umu.se:saml:rolandsp",
spentityid = "urn:mace:umu.se:saml:roland:sp",
my_name = "My real name",
)
@@ -243,15 +317,49 @@ class TestServer():
authn_request = client.d_authn_request(
query_id = "1",
destination = "http://www.example.com",
service_url = "http://lingon.catalogix.se:8087/",
spentityid = "urn:mace:umu.se:saml:rolandsp",
service_url = "http://localhost:8087/",
spentityid = "urn:mace:umu.se:saml:roland:sp",
my_name = "My real name",
)
intermed = utils.deflate_and_base64_encode("%s" % authn_request)
(consumer_url, id, name_id_policies) = self.server.parse_request(
(consumer_url, id, name_id_policies, sp) = self.server.parse_request(
intermed)
assert consumer_url == "http://lingon.catalogix.se:8087/"
assert consumer_url == "http://localhost:8087/"
assert id == "1"
assert name_id_policies == saml.NAMEID_FORMAT_TRANSIENT
assert sp == "urn:mace:umu.se:saml:roland:sp"
def test_sso_response(self):
resp = self.server.do_sso_response(
"http://localhost:8087/", # consumer_url
"12", # in_response_to
"urn:mace:umu.se:saml:roland:sp", # sp_entity_id
{("urn:oid:1.3.6.1.4.1.5923.1.1.1.7",
"urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"eduPersonEntitlement"):"Jeter"}
)
print resp.keyswv()
assert _eq(resp.keyswv(),['status', 'destination', 'assertion',
'in_response_to', 'issue_instant',
'version', 'id'])
assert resp.destination == "http://localhost:8087/"
assert resp.in_response_to == "12"
assert resp.status
assert resp.status.status_code.value == samlp.STATUS_SUCCESS
assert resp.assertion
assert len(resp.assertion) == 1
assertion = resp.assertion[0]
assert len(assertion.authn_statement) == 1
assert assertion.conditions
assert len(assertion.attribute_statement) == 1
assert assertion.subject
assert assertion.subject.name_id
assert len(assertion.subject.subject_confirmation) == 1
confirmation = assertion.subject.subject_confirmation[0]
print confirmation.keyswv()
print confirmation.subject_confirmation_data
assert confirmation.subject_confirmation_data.in_response_to == "12"