118 lines
4.4 KiB
Python
118 lines
4.4 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from saml2 import saml
|
|
from saml2 import config
|
|
|
|
from saml2.server import Server
|
|
from saml2.response import response_factory
|
|
from saml2.response import StatusResponse
|
|
from saml2.response import AuthnResponse
|
|
from saml2.sigver import SecurityContext
|
|
from saml2.sigver import security_context
|
|
from saml2.sigver import get_xmlsec_binary
|
|
from saml2.sigver import MissingKey
|
|
|
|
from pytest import raises
|
|
|
|
XML_RESPONSE_FILE = "saml_signed.xml"
|
|
XML_RESPONSE_FILE2 = "saml2_response.xml"
|
|
|
|
|
|
def _eq(l1,l2):
|
|
return set(l1) == set(l2)
|
|
|
|
class TestResponse:
|
|
def setup_class(self):
|
|
server = Server("idp_conf")
|
|
name_id = server.ident.transient_nameid(
|
|
"urn:mace:example.com:saml:roland:sp",
|
|
"id12")
|
|
|
|
self._resp_ = server.do_response(
|
|
"id12", # in_response_to
|
|
"http://lingon.catalogix.se:8087/", # consumer_url
|
|
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
|
|
{"eduPersonEntitlement":"Jeter"},
|
|
name_id = name_id
|
|
)
|
|
|
|
self._sign_resp_ = server.do_response(
|
|
"id12", # in_response_to
|
|
"http://lingon.catalogix.se:8087/", # consumer_url
|
|
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
|
|
{"eduPersonEntitlement":"Jeter"},
|
|
name_id = name_id,
|
|
sign=True
|
|
)
|
|
|
|
self._resp_authn = server.do_response(
|
|
"id12", # in_response_to
|
|
"http://lingon.catalogix.se:8087/", # consumer_url
|
|
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
|
|
{"eduPersonEntitlement":"Jeter"},
|
|
name_id = name_id,
|
|
authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login")
|
|
)
|
|
|
|
conf = config.SPConfig()
|
|
conf.load_file("server_conf")
|
|
self.conf = conf
|
|
|
|
def test_1(self):
|
|
xml_response = ("%s" % (self._resp_,)).split("\n")[1]
|
|
resp = response_factory(xml_response, self.conf,
|
|
return_addr="http://lingon.catalogix.se:8087/",
|
|
outstanding_queries={"id12": "http://localhost:8088/sso"},
|
|
timeslack=10000, decode=False)
|
|
|
|
assert isinstance(resp, StatusResponse)
|
|
assert isinstance(resp, AuthnResponse)
|
|
|
|
def test_2(self):
|
|
xml_response = ("%s" % (self._sign_resp_,)).split("\n",1)[1]
|
|
resp = response_factory(xml_response, self.conf,
|
|
return_addr="http://lingon.catalogix.se:8087/",
|
|
outstanding_queries={"id12": "http://localhost:8088/sso"},
|
|
timeslack=10000, decode=False)
|
|
|
|
assert isinstance(resp, StatusResponse)
|
|
assert isinstance(resp, AuthnResponse)
|
|
|
|
# def test_3(self):
|
|
# xml_response = ("%s" % (self._logout_resp,)).split("\n")[1]
|
|
# sec = security_context(self.conf)
|
|
# resp = response_factory(xml_response, self.conf,
|
|
# return_addr="http://lingon.catalogix.se:8087/",
|
|
# outstanding_queries={"id12": "http://localhost:8088/sso"},
|
|
# timeslack=10000, decode=False)
|
|
#
|
|
# assert isinstance(resp, StatusResponse)
|
|
# assert isinstance(resp, LogoutResponse)
|
|
|
|
def test_decrypt(self):
|
|
attr_stat = saml.attribute_statement_from_string(
|
|
open("encrypted_attribute_statement.xml").read())
|
|
|
|
assert len(attr_stat.attribute) == 0
|
|
assert len(attr_stat.encrypted_attribute) == 4
|
|
|
|
xmlsec = get_xmlsec_binary()
|
|
sec = SecurityContext(xmlsec, key_file="private_key.pem")
|
|
|
|
resp = AuthnResponse(sec, None, "entity_id")
|
|
resp.decrypt_attributes(attr_stat)
|
|
|
|
assert len(attr_stat.attribute) == 4
|
|
assert len(attr_stat.encrypted_attribute) == 4
|
|
|
|
|
|
def test_only_use_keys_in_metadata(self):
|
|
conf = config.SPConfig()
|
|
conf.load_file("sp_2_conf")
|
|
|
|
sc = security_context(conf)
|
|
# should fail
|
|
raises(MissingKey,
|
|
'sc.correctly_signed_response("%s" % self._sign_resp_)')
|