From c8ce62f2e377fda44159b733a9b88ce492ac9bac Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Fri, 6 Nov 2009 19:42:01 +0100 Subject: [PATCH] Updated tests to follow changes in system --- tests/metadata.xml | 20 +++- tests/server.config | 5 +- tests/test_client.py | 2 +- tests/test_server.py | 212 ++++++++++++++++++++++++++++++++----------- 4 files changed, 182 insertions(+), 57 deletions(-) diff --git a/tests/metadata.xml b/tests/metadata.xml index 890209d..1766c0a 100644 --- a/tests/metadata.xml +++ b/tests/metadata.xml @@ -1,5 +1,5 @@ -MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV +MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l @@ -15,4 +15,20 @@ AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN +vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI= -http://www.umu.se/Umea UniversityRolandHedbergroland.hedberg@adm.umu.se +http://www.umu.se/Umea UniversityRolandHedbergroland.hedberg@adm.umu.seMIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV +BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx +EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz +MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l +YTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAw +DgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7 +bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MC +FiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiR +mo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQW +BBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9 +o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAW +BgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UE +AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO +zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN ++vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI= +http://www.umu.se/Umea UniversityRolandHedbergroland.hedberg@adm.umu.se diff --git a/tests/server.config b/tests/server.config index 9a0853a..922d150 100644 --- a/tests/server.config +++ b/tests/server.config @@ -1,10 +1,11 @@ { - "entityid" : "urn:mace:umu.se:saml:rolandsp", - "my_name" : "urn:mace:umu.se:saml:rolandsp", + "entityid" : "urn:mace:umu.se:saml:roland:sp", + "my_name" : "urn:mace:umu.se:saml:roland:sp", "service_url" : "http://lingon.catalogix.se:8087/", "debug" : 1, "my_key" : "./mykey.pem", "my_cert" : "./mycert.pem", "xmlsec_binary" : "/opt/local/bin/xmlsec1", "metadata": ["/Users/rolandh/code/pysaml2/tests/metadata.xml"], + "idp_entity_id": "urn:mace:umu.se:saml:roland:idp", } \ No newline at end of file diff --git a/tests/test_client.py b/tests/test_client.py index 7b6cb7f..aae3666 100644 --- a/tests/test_client.py +++ b/tests/test_client.py @@ -54,7 +54,7 @@ REQ1 = """ class TestClient: def setup_class(self): - conf = client.verify_idp_conf("tests/server.config") + conf = client.verify_sp_conf("tests/server.config") self.client = Saml2Client({},conf) def test_verify_1(self): diff --git a/tests/test_server.py b/tests/test_server.py index 2d6ee95..b2d5c0d 100644 --- a/tests/test_server.py +++ b/tests/test_server.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from saml2.server import Server, OtherError +from saml2.server import Server, OtherError, UnknownPricipal from saml2 import samlp, saml, client, utils from saml2.utils import make_instance from py.test import raises @@ -19,21 +19,64 @@ class TestServer(): def setup_class(self): self.server = Server("tests/server.config") - def test_success_status(self): - stat = self.server.status(samlp.STATUS_SUCCESS) - status = make_instance( samlp.Status, stat ) + def test_status_success(self): + stat = self.server.status( + status_code=self.server.status_code( + value=samlp.STATUS_SUCCESS)) + status = make_instance( samlp.Status, stat) status_text = "%s" % status assert status_text == SUCCESS_STATUS assert status.status_code.value == samlp.STATUS_SUCCESS + def test_success_status(self): + stat = self.server.success_status() + status = make_instance(samlp.Status, stat) + status_text = "%s" % status + assert status_text == SUCCESS_STATUS + assert status.status_code.value == samlp.STATUS_SUCCESS + def test_error_status(self): - stat = self.server.status(samlp.STATUS_RESPONDER, - message="Error resolving principal", - status_code=self.server.status(samlp.STATUS_UNKNOWN_PRINCIPAL)) + stat = self.server.status( + status_message=self.server.status_message( + "Error resolving principal"), + status_code=self.server.status_code( + value=samlp.STATUS_RESPONDER, + status_code=self.server.status_code( + value=samlp.STATUS_UNKNOWN_PRINCIPAL))) status_text = "%s" % make_instance( samlp.Status, stat ) + print status_text assert status_text == ERROR_STATUS + def test_status_from_exception(self): + e = UnknownPricipal("Error resolving principal") + stat = self.server.status_from_exception(e) + status_text = "%s" % make_instance( samlp.Status, stat ) + + assert status_text == ERROR_STATUS + + def test_attribute_statement(self): + astat = self.server.do_attribute_statement({"surName":"Jeter", + "givenName":"Derek"}) + statement = make_instance(saml.AttributeStatement,astat) + assert statement.keyswv() == ["attribute"] + assert len(statement.attribute) == 2 + attr0 = statement.attribute[0] + assert _eq(attr0.keyswv(), ["name","attribute_value"]) + assert len(attr0.attribute_value) == 1 + attr1 = statement.attribute[1] + assert _eq(attr1.keyswv(), ["name","attribute_value"]) + assert len(attr1.attribute_value) == 1 + if attr0.name == "givenName": + assert attr0.attribute_value[0].text == "Derek" + assert attr1.name == "surName" + assert attr1.attribute_value[0].text == "Jeter" + else: + assert attr0.name == "surName" + assert attr0.attribute_value[0].text == "Jeter" + assert attr1.name == "givenName" + assert attr1.attribute_value[0].text == "Derek" + def test_issuer(self): issuer = make_instance( saml.Issuer, self.server.issuer()) assert isinstance(issuer, saml.Issuer) @@ -43,15 +86,18 @@ class TestServer(): def test_audience(self): aud_restr = make_instance( saml.AudienceRestriction, - self.server.audience_restriction("urn:foo:bar")) + self.server.audience_restriction( + audience=self.server.audience("urn:foo:bar"))) assert aud_restr.keyswv() == ["audience"] assert aud_restr.audience.text == "urn:foo:bar" def test_conditions(self): - conds_dict = self.server.conditions("2009-10-30T07:58:10.852Z", - "2009-10-30T08:03:10.852Z", - self.server.audience_restriction("urn:foo:bar")) + conds_dict = self.server.conditions( + not_before="2009-10-30T07:58:10.852Z", + not_on_or_after="2009-10-30T08:03:10.852Z", + audience_restriction=self.server.audience_restriction( + audience=self.server.audience("urn:foo:bar"))) conditions = make_instance(saml.Conditions, conds_dict) assert _eq(conditions.keyswv(), ["not_before", "not_on_or_after", @@ -81,7 +127,8 @@ class TestServer(): assert attribute.friendly_name == "givenName" def test_value_3(self): - adict = self.server.attribute("Derek",name="urn:oid:2.5.4.42", + adict = self.server.attribute(attribute_value="Derek", + name="urn:oid:2.5.4.42", name_format=saml.NAME_FORMAT_URI, friendly_name="givenName") attribute = make_instance(saml.Attribute, adict) @@ -94,7 +141,7 @@ class TestServer(): assert attribute.attribute_value[0].text == "Derek" def test_value_4(self): - adict = self.server.attribute("Derek", + adict = self.server.attribute(attribute_value="Derek", friendly_name="givenName") attribute = make_instance(saml.Attribute, adict) assert _eq(attribute.keyswv(),["friendly_name", "attribute_value"]) @@ -102,27 +149,48 @@ class TestServer(): assert len(attribute.attribute_value) == 1 assert attribute.attribute_value[0].text == "Derek" - def test_attribute_statement(self): - asdict = self.server.attribute_statement([ - self.server.attribute("Derek", - friendly_name="givenName"), - self.server.attribute("Jeter", - friendly_name="surName"), - ]) - attribute_statement = make_instance(saml.AttributeStatement,asdict) - assert len(attribute_statement.attribute) == 2 - attr0 = attribute_statement.attribute[0] - attr1 = attribute_statement.attribute[1] - if attr0.attribute_value[0].text == "Derek": - assert attr0.friendly_name == "givenName" - assert attr1.friendly_name == "surName" + def test_do_attribute_statement(self): + astat = self.server.do_attribute_statement({"surName":"Jeter", + "givenName":["Derek","Sanderson"]}) + statement = make_instance(saml.AttributeStatement,astat) + assert statement.keyswv() == ["attribute"] + assert len(statement.attribute) == 2 + attr0 = statement.attribute[0] + assert _eq(attr0.keyswv(), ["name","attribute_value"]) + attr1 = statement.attribute[1] + assert _eq(attr1.keyswv(), ["name","attribute_value"]) + if attr0.name == "givenName": + assert len(attr0.attribute_value) == 2 + assert _eq([av.text for av in attr0.attribute_value], + ["Derek","Sanderson"]) + assert attr1.name == "surName" assert attr1.attribute_value[0].text == "Jeter" + assert len(attr1.attribute_value) == 1 else: - assert attr1.friendly_name == "givenName" - assert attr1.attribute_value[0].text == "Derek" - assert attr0.friendly_name == "surName" + assert attr0.name == "surName" assert attr0.attribute_value[0].text == "Jeter" - + assert len(attr0.attribute_value) == 1 + assert attr1.name == "givenName" + assert len(attr1.attribute_value) == 2 + assert _eq([av.text for av in attr1.attribute_value], + ["Derek","Sanderson"]) + + def test_do_attribute_statement_multi(self): + astat = self.server.do_attribute_statement( + {("urn:oid:1.3.6.1.4.1.5923.1.1.1.7", + "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "eduPersonEntitlement"):"Jeter"}) + statement = make_instance(saml.AttributeStatement,astat) + assert statement.keyswv() == ["attribute"] + assert len(statement.attribute) + assert _eq(statement.attribute[0].keyswv(), + ["name","name_format","friendly_name","attribute_value"]) + attribute = statement.attribute[0] + assert attribute.name == "urn:oid:1.3.6.1.4.1.5923.1.1.1.7" + assert attribute.name_format == ( + "urn:oasis:names:tc:SAML:2.0:attrname-format:uri") + assert attribute.friendly_name == "eduPersonEntitlement" + def test_subject(self): adict = self.server.subject("_aaa", name_id=saml.NAMEID_FORMAT_TRANSIENT) @@ -134,18 +202,22 @@ class TestServer(): def test_assertion(self): tmp = self.server.assertion( subject= self.server.subject("_aaa", - name_id=saml.NAMEID_FORMAT_TRANSIENT), - attribute_statement = self.server.attribute_statement([ - self.server.attribute("Derek", friendly_name="givenName"), - self.server.attribute("Jeter", friendly_name="surName"), - ]) + name_id=saml.NAMEID_FORMAT_TRANSIENT), + attribute_statement = self.server.attribute_statement( + attribute=[ + self.server.attribute(attribute_value="Derek", + friendly_name="givenName"), + self.server.attribute(attribute_value="Jeter", + friendly_name="surName"), + ]), + issuer=self.server.issuer(), ) assertion = make_instance(saml.Assertion, tmp) assert _eq(assertion.keyswv(),['attribute_statement', 'issuer', 'id', 'subject', 'issue_instant', 'version']) assert assertion.version == "2.0" - assert assertion.issuer.text == "urn:mace:umu.se:saml:rolandsp" + assert assertion.issuer.text == "urn:mace:umu.se:saml:roland:sp" # assert len(assertion.attribute_statement) == 1 attribute_statement = assertion.attribute_statement[0] @@ -170,18 +242,20 @@ class TestServer(): def test_response(self): tmp = self.server.response( in_response_to="_012345", - destination="https://www.example.com", - status=self.server.status(samlp.STATUS_SUCCESS), + destination="https:#www.example.com", + status=self.server.success_status(), assertion=self.server.assertion( subject = self.server.subject("_aaa", name_id=saml.NAMEID_FORMAT_TRANSIENT), attribute_statement = self.server.attribute_statement([ - self.server.attribute("Derek", + self.server.attribute(attribute_value="Derek", friendly_name="givenName"), - self.server.attribute("Jeter", + self.server.attribute(attribute_value="Jeter", friendly_name="surName"), - ]) - ) + ]), + issuer=self.server.issuer(), + ), + issuer=self.server.issuer(), ) response = make_instance(samlp.Response, tmp) @@ -190,8 +264,8 @@ class TestServer(): 'in_response_to', 'issue_instant', 'version', 'issuer', 'id']) assert response.version == "2.0" - assert response.issuer.text == "urn:mace:umu.se:saml:rolandsp" - assert response.destination == "https://www.example.com" + assert response.issuer.text == "urn:mace:umu.se:saml:roland:sp" + assert response.destination == "https:#www.example.com" assert response.in_response_to == "_012345" # status = response.status @@ -203,12 +277,12 @@ class TestServer(): query_id = "1", destination = "http://www.example.com", service_url = "http://www.example.org", - spentityid = "urn:mace:umu.se:saml:rolandsp", + spentityid = "urn:mace:umu.se:saml:roland:sp", my_name = "My real name", ) intermed = utils.deflate_and_base64_encode("%s" % authn_request) - # should raise an error + # should raise an error because faulty spentityid raises(OtherError,self.server.parse_request,intermed) def test_parse_faulty_request_to_err_status(self): @@ -216,7 +290,7 @@ class TestServer(): query_id = "1", destination = "http://www.example.com", service_url = "http://www.example.org", - spentityid = "urn:mace:umu.se:saml:rolandsp", + spentityid = "urn:mace:umu.se:saml:roland:sp", my_name = "My real name", ) @@ -243,15 +317,49 @@ class TestServer(): authn_request = client.d_authn_request( query_id = "1", destination = "http://www.example.com", - service_url = "http://lingon.catalogix.se:8087/", - spentityid = "urn:mace:umu.se:saml:rolandsp", + service_url = "http://localhost:8087/", + spentityid = "urn:mace:umu.se:saml:roland:sp", my_name = "My real name", ) intermed = utils.deflate_and_base64_encode("%s" % authn_request) - (consumer_url, id, name_id_policies) = self.server.parse_request( + (consumer_url, id, name_id_policies, sp) = self.server.parse_request( intermed) - assert consumer_url == "http://lingon.catalogix.se:8087/" + assert consumer_url == "http://localhost:8087/" assert id == "1" assert name_id_policies == saml.NAMEID_FORMAT_TRANSIENT + assert sp == "urn:mace:umu.se:saml:roland:sp" + + def test_sso_response(self): + resp = self.server.do_sso_response( + "http://localhost:8087/", # consumer_url + "12", # in_response_to + "urn:mace:umu.se:saml:roland:sp", # sp_entity_id + {("urn:oid:1.3.6.1.4.1.5923.1.1.1.7", + "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "eduPersonEntitlement"):"Jeter"} + ) + + print resp.keyswv() + assert _eq(resp.keyswv(),['status', 'destination', 'assertion', + 'in_response_to', 'issue_instant', + 'version', 'id']) + assert resp.destination == "http://localhost:8087/" + assert resp.in_response_to == "12" + assert resp.status + assert resp.status.status_code.value == samlp.STATUS_SUCCESS + assert resp.assertion + assert len(resp.assertion) == 1 + assertion = resp.assertion[0] + assert len(assertion.authn_statement) == 1 + assert assertion.conditions + assert len(assertion.attribute_statement) == 1 + assert assertion.subject + assert assertion.subject.name_id + assert len(assertion.subject.subject_confirmation) == 1 + confirmation = assertion.subject.subject_confirmation[0] + print confirmation.keyswv() + print confirmation.subject_confirmation_data + assert confirmation.subject_confirmation_data.in_response_to == "12" +