deb-python-pysaml2/tests/test_04_samlp.py
Roland Hedberg 1d7b2964d1 Initial add
2012-05-23 18:56:51 +02:00

539 lines
22 KiB
Python

#!/usr/bin/env pythony
# -*- coding: utf-8 -*-
#
# Copyright (C) 2009 Umeå University.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Tests for saml2.samlp"""
__author__ = 'roland.hedberg@adm.umu.se (Roland Hedberg)'
import unittest
try:
from xml.etree import ElementTree
except ImportError:
from elementtree import ElementTree
import saml2
import saml2_data, ds_data, samlp_data
from saml2 import saml
from saml2 import samlp
import xmldsig as ds
# class TestRequestAbstractType:
#
# def setup_class(self):
# self.ar = samlp.RequestAbstractType_()
#
# def testAccessors(self):
# """Test for RequestAbstractType accessors"""
# self.ar.id = "request id"
# self.ar.version = saml2.VERSION
# self.ar.issue_instant = "2007-09-14T01:05:02Z"
# self.ar.destination = "http://www.example.com/Destination"
# self.ar.consent = saml.CONSENT_UNSPECIFIED
# self.ar.issuer = saml.Issuer()
# self.ar.signature = ds.Signature()
# self.ar.extensions = samlp.Extensions()
#
# new_ar = samlp.request_abstract_type__from_string(self.ar.to_string())
# assert new_ar.id == "request id"
# assert new_ar.version == saml2.VERSION
# assert new_ar.issue_instant == "2007-09-14T01:05:02Z"
# assert new_ar.destination == "http://www.example.com/Destination"
# assert new_ar.consent == saml.CONSENT_UNSPECIFIED
# assert isinstance(new_ar.issuer, saml.Issuer)
# assert isinstance(new_ar.signature, ds.Signature)
# assert isinstance(new_ar.extensions, samlp.Extensions)
#
# def testUsingTestData(self):
# """Test for request_abstract_type_from_string() using test data"""
# # TODO:
# pass
class TestStatusDetail:
def setup_class(self):
self.status_detail = samlp.StatusDetail()
def testAccessors(self):
"""Test for StatusDetail accessors"""
# TODO:
pass
class TestStatusMessage:
def setup_class(self):
self.status_message = samlp.StatusMessage()
def testAccessors(self):
"""Test for StatusMessage accessors"""
# TODO:
pass
class TestStatusCode:
def setup_class(self):
self.status_code = samlp.StatusCode()
def testAccessors(self):
"""Test for StatusCode accessors"""
self.status_code.value = samlp.STATUS_RESPONDER
self.status_code.status_code = samlp.StatusCode(
value=samlp.STATUS_REQUEST_DENIED)
print self.status_code.__dict__
new_status_code = samlp.status_code_from_string(self.status_code.to_string())
assert new_status_code.value == samlp.STATUS_RESPONDER
assert new_status_code.status_code.value == \
samlp.STATUS_REQUEST_DENIED
def testUsingTestData(self):
"""Test for status_code_from_string() using test data"""
new_status_code = samlp.status_code_from_string(
samlp_data.TEST_STATUS_CODE)
assert new_status_code.value == samlp.STATUS_RESPONDER
assert new_status_code.status_code.value == \
samlp.STATUS_REQUEST_DENIED
class TestStatus:
def setup_class(self):
self.status = samlp.Status()
def testAccessors(self):
"""Test for Status accessors"""
self.status.status_code = samlp.StatusCode()
self.status.status_message = samlp.StatusMessage()
self.status.status_detail = samlp.StatusDetail()
new_status = samlp.status_from_string(self.status.to_string())
assert isinstance(new_status.status_code, samlp.StatusCode)
assert isinstance(new_status.status_message, samlp.StatusMessage)
assert isinstance(new_status.status_detail, samlp.StatusDetail)
def testUsingTestData(self):
"""Test for status_from_string using test data"""
new_status = samlp.status_from_string(samlp_data.TEST_STATUS)
assert isinstance(new_status.status_code, samlp.StatusCode)
assert isinstance(new_status.status_code.status_code,
samlp.StatusCode)
assert isinstance(new_status.status_message, samlp.StatusMessage)
assert isinstance(new_status.status_detail, samlp.StatusDetail)
# class TestStatusResponseType:
#
# def setup_class(self):
# self.sr = samlp.StatusResponseType()
#
# def testAccessors(self):
# """Test for StatusResponseType accessors"""
# self.sr.id = "response id"
# self.sr.in_response_to = "request id"
# self.sr.version = saml2.VERSION
# self.sr.issue_instant = "2007-09-14T01:05:02Z"
# self.sr.destination = "http://www.example.com/Destination"
# self.sr.consent = saml.CONSENT_UNSPECIFIED
# self.sr.issuer = saml.Issuer()
# self.sr.signature = ds.Signature()
# self.sr.extensions = samlp.Extensions()
# self.sr.status = samlp.Status()
#
# new_sr = samlp.status_response_type_from_string(self.sr.to_string())
# assert new_sr.id == "response id"
# assert new_sr.in_response_to == "request id"
# assert new_sr.version == saml2.VERSION
# assert new_sr.issue_instant == "2007-09-14T01:05:02Z"
# assert new_sr.destination == "http://www.example.com/Destination"
# assert new_sr.consent == saml.CONSENT_UNSPECIFIED
# assert isinstance(new_sr.issuer, saml.Issuer)
# assert isinstance(new_sr.signature, ds.Signature)
# assert isinstance(new_sr.extensions, samlp.Extensions)
# assert isinstance(new_sr.status, samlp.Status)
#
# def testUsingTestData(self):
# """Test for status_response_from_string() using test data"""
# # TODO:
# pass
class TestResponse:
def setup_class(self):
self.response = samlp.Response()
def testAccessors(self):
"""Test for Response accessors"""
self.response.id = "response id"
self.response.in_response_to = "request id"
self.response.version = saml2.VERSION
self.response.issue_instant = "2007-09-14T01:05:02Z"
self.response.destination = "http://www.example.com/Destination"
self.response.consent = saml.CONSENT_UNSPECIFIED
self.response.issuer = saml.Issuer()
self.response.signature = ds.Signature()
self.response.extensions = samlp.Extensions()
self.response.status = samlp.Status()
self.response.assertion.append(saml.Assertion())
self.response.encrypted_assertion.append(saml.EncryptedAssertion())
new_response = samlp.response_from_string(self.response.to_string())
assert new_response.id == "response id"
assert new_response.in_response_to == "request id"
assert new_response.version == saml2.VERSION
assert new_response.issue_instant == "2007-09-14T01:05:02Z"
assert new_response.destination == "http://www.example.com/Destination"
assert new_response.consent == saml.CONSENT_UNSPECIFIED
assert isinstance(new_response.issuer, saml.Issuer)
assert isinstance(new_response.signature, ds.Signature)
assert isinstance(new_response.extensions, samlp.Extensions)
assert isinstance(new_response.status, samlp.Status)
assert isinstance(new_response.assertion[0], saml.Assertion)
assert isinstance(new_response.encrypted_assertion[0],
saml.EncryptedAssertion)
def testUsingTestData(self):
"""Test for response_from_string() using test data"""
# TODO:
pass
class TestNameIDPolicy:
def setup_class(self):
self.name_id_policy = samlp.NameIDPolicy()
def testAccessors(self):
"""Test for NameIDPolicy accessors"""
self.name_id_policy.format = saml.NAMEID_FORMAT_EMAILADDRESS
self.name_id_policy.sp_name_qualifier = saml.NAMEID_FORMAT_PERSISTENT
self.name_id_policy.allow_create = 'false'
new_name_id_policy = samlp.name_id_policy_from_string(
self.name_id_policy.to_string())
assert new_name_id_policy.format == saml.NAMEID_FORMAT_EMAILADDRESS
assert new_name_id_policy.sp_name_qualifier == \
saml.NAMEID_FORMAT_PERSISTENT
assert new_name_id_policy.allow_create == 'false'
def testUsingTestData(self):
"""Test for name_id_policy_from_string() using test data"""
new_name_id_policy = samlp.name_id_policy_from_string(
samlp_data.TEST_NAME_ID_POLICY)
assert new_name_id_policy.format == saml.NAMEID_FORMAT_EMAILADDRESS
assert new_name_id_policy.sp_name_qualifier == \
saml.NAMEID_FORMAT_PERSISTENT
assert new_name_id_policy.allow_create == 'false'
class TestIDPEntry:
def setup_class(self):
self.idp_entry = samlp.IDPEntry()
def testAccessors(self):
"""Test for IDPEntry accessors"""
self.idp_entry.provider_id = "http://www.example.com/provider"
self.idp_entry.name = "the provider"
self.idp_entry.loc = "http://www.example.com/Loc"
new_idp_entry = samlp.idp_entry_from_string(self.idp_entry.to_string())
assert new_idp_entry.provider_id == "http://www.example.com/provider"
assert new_idp_entry.name == "the provider"
assert new_idp_entry.loc == "http://www.example.com/Loc"
def testUsingTestData(self):
"""Test for idp_entry_from_string() using test data"""
new_idp_entry = samlp.idp_entry_from_string(samlp_data.TEST_IDP_ENTRY)
assert new_idp_entry.provider_id == "http://www.example.com/provider"
assert new_idp_entry.name == "the provider"
assert new_idp_entry.loc == "http://www.example.com/Loc"
class TestIDPList:
def setup_class(self):
self.idp_list = samlp.IDPList()
def testAccessors(self):
"""Test for IDPList accessors"""
self.idp_list.idp_entry.append(samlp.idp_entry_from_string(
samlp_data.TEST_IDP_ENTRY))
self.idp_list.get_complete = samlp.GetComplete(
text="http://www.example.com/GetComplete")
new_idp_list = samlp.idp_list_from_string(self.idp_list.to_string())
assert isinstance(new_idp_list.idp_entry[0], samlp.IDPEntry)
assert new_idp_list.get_complete.text.strip() == \
"http://www.example.com/GetComplete"
def testUsingTestData(self):
"""Test for idp_list_from_string() using test data"""
new_idp_list = samlp.idp_list_from_string(samlp_data.TEST_IDP_LIST)
assert isinstance(new_idp_list.idp_entry[0], samlp.IDPEntry)
assert new_idp_list.get_complete.text.strip() == \
"http://www.example.com/GetComplete"
class TestScoping:
def setup_class(self):
self.scoping = samlp.Scoping()
def testAccessors(self):
"""Test for Scoping accessors"""
self.scoping.proxy_count = "1"
self.scoping.idp_list = samlp.IDPList()
self.scoping.requester_id.append(samlp.RequesterID())
new_scoping = samlp.scoping_from_string(self.scoping.to_string())
assert new_scoping.proxy_count == "1"
assert isinstance(new_scoping.idp_list, samlp.IDPList)
assert isinstance(new_scoping.requester_id[0], samlp.RequesterID)
def testUsingTestData(self):
"""Test for scoping_from_string() using test data"""
new_scoping = samlp.scoping_from_string(samlp_data.TEST_SCOPING)
assert new_scoping.proxy_count == "1"
assert isinstance(new_scoping.idp_list, samlp.IDPList)
assert isinstance(new_scoping.requester_id[0], samlp.RequesterID)
class TestRequestedAuthnContext:
def setup_class(self):
self.context = samlp.RequestedAuthnContext()
def testAccessors(self):
"""Test for RequestedAuthnContext accessors"""
self.context.authn_context_class_ref.append(saml.AuthnContextClassRef())
self.context.authn_context_decl_ref.append(saml.AuthnContextDeclRef())
self.context.comparison = "exact"
new_context = samlp.requested_authn_context_from_string(
self.context.to_string())
assert isinstance(new_context.authn_context_class_ref[0],
saml.AuthnContextClassRef)
assert isinstance(new_context.authn_context_decl_ref[0],
saml.AuthnContextDeclRef)
assert new_context.comparison == "exact"
def testUsingTestData(self):
"""Test for requested_authn_context_from_string() using test data"""
new_context = samlp.requested_authn_context_from_string(
samlp_data.TEST_REQUESTED_AUTHN_CONTEXT)
assert isinstance(new_context.authn_context_class_ref[0],
saml.AuthnContextClassRef)
assert isinstance(new_context.authn_context_decl_ref[0],
saml.AuthnContextDeclRef)
assert new_context.comparison == "exact"
class TestAuthnRequest:
def setup_class(self):
self.ar = samlp.AuthnRequest()
def testAccessors(self):
"""Test for AuthnRequest accessors"""
self.ar.id = "request id"
self.ar.version = saml2.VERSION
self.ar.issue_instant = "2007-09-14T01:05:02Z"
self.ar.destination = "http://www.example.com/Destination"
self.ar.consent = saml.CONSENT_UNSPECIFIED
self.ar.issuer = saml.Issuer()
self.ar.signature = ds.Signature()
self.ar.extensions = samlp.Extensions()
self.ar.subject = saml.Subject()
self.ar.name_id_policy = samlp.NameIDPolicy()
self.ar.conditions = saml.Conditions()
self.ar.requested_authn_context = samlp.RequestedAuthnContext()
self.ar.scoping = samlp.Scoping()
self.ar.force_authn = 'true'
self.ar.is_passive = 'true'
self.ar.assertion_consumer_service_index = "1"
self.ar.assertion_consumer_service_url = "http://www.example.com/acs"
self.ar.protocol_binding = saml2.BINDING_HTTP_POST
self.ar.attribute_consuming_service_index = "2"
self.ar.provider_name = "provider name"
new_ar = samlp.authn_request_from_string(self.ar.to_string())
assert new_ar.id == "request id"
assert new_ar.version == saml2.VERSION
assert new_ar.issue_instant == "2007-09-14T01:05:02Z"
assert new_ar.destination == "http://www.example.com/Destination"
assert new_ar.consent == saml.CONSENT_UNSPECIFIED
assert isinstance(new_ar.issuer, saml.Issuer)
assert isinstance(new_ar.signature, ds.Signature)
assert isinstance(new_ar.extensions, samlp.Extensions)
assert isinstance(new_ar.subject, saml.Subject)
assert isinstance(new_ar.name_id_policy, samlp.NameIDPolicy)
assert isinstance(new_ar.conditions, saml.Conditions)
assert isinstance(new_ar.requested_authn_context,
samlp.RequestedAuthnContext)
assert isinstance(new_ar.scoping, samlp.Scoping)
assert new_ar.force_authn == 'true'
assert new_ar.is_passive == 'true'
assert new_ar.assertion_consumer_service_index == '1'
assert new_ar.assertion_consumer_service_url == \
'http://www.example.com/acs'
assert new_ar.protocol_binding == saml2.BINDING_HTTP_POST
assert new_ar.attribute_consuming_service_index == '2'
assert new_ar.provider_name == "provider name"
def testUsingTestData(self):
"""Test for authn_request_from_string() using test data"""
new_ar = samlp.authn_request_from_string(samlp_data.TEST_AUTHN_REQUEST)
assert new_ar.id == "request id"
assert new_ar.version == saml2.VERSION
assert new_ar.issue_instant == "2007-09-14T01:05:02Z"
assert new_ar.destination == "http://www.example.com/Destination"
assert new_ar.consent == saml.CONSENT_UNSPECIFIED
assert isinstance(new_ar.issuer, saml.Issuer)
assert isinstance(new_ar.signature, ds.Signature)
assert isinstance(new_ar.extensions, samlp.Extensions)
assert isinstance(new_ar.subject, saml.Subject)
assert isinstance(new_ar.name_id_policy, samlp.NameIDPolicy)
assert isinstance(new_ar.conditions, saml.Conditions)
assert isinstance(new_ar.requested_authn_context,
samlp.RequestedAuthnContext)
assert isinstance(new_ar.scoping, samlp.Scoping)
assert new_ar.force_authn == 'true'
assert new_ar.is_passive == 'true'
assert new_ar.assertion_consumer_service_index == '1'
assert new_ar.assertion_consumer_service_url == \
'http://www.example.com/acs'
assert new_ar.protocol_binding == saml2.BINDING_HTTP_POST
assert new_ar.attribute_consuming_service_index == '2'
assert new_ar.provider_name == "provider name"
class TestLogoutRequest:
def setup_class(self):
self.lr = samlp.LogoutRequest()
def testAccessors(self):
"""Test for LogoutRequest accessors"""
self.lr.id = "request id"
self.lr.version = saml2.VERSION
self.lr.issue_instant = "2007-09-14T01:05:02Z"
self.lr.destination = "http://www.example.com/Destination"
self.lr.consent = saml.CONSENT_UNSPECIFIED
self.lr.issuer = saml.Issuer()
self.lr.signature = ds.Signature()
self.lr.extensions = samlp.Extensions()
self.lr.not_on_or_after = "2007-10-14T01:05:02Z"
self.lr.reason = "http://www.example.com/Reason"
self.lr.base_id = saml.BaseID()
self.lr.name_id = saml.NameID()
self.lr.encrypted_id = saml.EncryptedID()
self.lr.session_index = samlp.SessionIndex()
new_lr = samlp.logout_request_from_string(self.lr.to_string())
assert new_lr.id == "request id"
assert new_lr.version == saml2.VERSION
assert new_lr.issue_instant == "2007-09-14T01:05:02Z"
assert new_lr.destination == "http://www.example.com/Destination"
assert new_lr.consent == saml.CONSENT_UNSPECIFIED
assert isinstance(new_lr.issuer, saml.Issuer)
assert isinstance(new_lr.signature, ds.Signature)
assert isinstance(new_lr.extensions, samlp.Extensions)
assert new_lr.not_on_or_after == "2007-10-14T01:05:02Z"
assert new_lr.reason == "http://www.example.com/Reason"
assert isinstance(new_lr.base_id, saml.BaseID)
assert isinstance(new_lr.name_id, saml.NameID)
assert isinstance(new_lr.encrypted_id, saml.EncryptedID)
assert isinstance(new_lr.session_index[0], samlp.SessionIndex)
def testUsingTestData(self):
"""Test for logout_request_from_string() using test data"""
new_lr = samlp.logout_request_from_string(samlp_data.TEST_LOGOUT_REQUEST)
assert new_lr.id == "request id"
assert new_lr.version == saml2.VERSION
assert new_lr.issue_instant == "2007-09-14T01:05:02Z"
assert new_lr.destination == "http://www.example.com/Destination"
assert new_lr.consent == saml.CONSENT_UNSPECIFIED
assert isinstance(new_lr.issuer, saml.Issuer)
assert isinstance(new_lr.signature, ds.Signature)
assert isinstance(new_lr.extensions, samlp.Extensions)
assert new_lr.not_on_or_after == "2007-10-14T01:05:02Z"
assert new_lr.reason == "http://www.example.com/Reason"
assert isinstance(new_lr.base_id, saml.BaseID)
assert isinstance(new_lr.name_id, saml.NameID)
assert isinstance(new_lr.encrypted_id, saml.EncryptedID)
assert isinstance(new_lr.session_index[0], samlp.SessionIndex)
assert new_lr.session_index[0].text.strip() == "session index"
class TestLogoutResponse:
def setup_class(self):
self.lr = samlp.LogoutResponse()
def testAccessors(self):
"""Test for LogoutResponse accessors"""
self.lr.id = "response id"
self.lr.in_response_to = "request id"
self.lr.version = saml2.VERSION
self.lr.issue_instant = "2007-09-14T01:05:02Z"
self.lr.destination = "http://www.example.com/Destination"
self.lr.consent = saml.CONSENT_UNSPECIFIED
self.lr.issuer = saml.Issuer()
self.lr.signature = ds.Signature()
self.lr.extensions = samlp.Extensions()
self.lr.status = samlp.Status()
new_lr = samlp.logout_response_from_string(self.lr.to_string())
assert new_lr.id == "response id"
assert new_lr.in_response_to == "request id"
assert new_lr.version == saml2.VERSION
assert new_lr.issue_instant == "2007-09-14T01:05:02Z"
assert new_lr.destination == "http://www.example.com/Destination"
assert new_lr.consent == saml.CONSENT_UNSPECIFIED
assert isinstance(new_lr.issuer, saml.Issuer)
assert isinstance(new_lr.signature, ds.Signature)
assert isinstance(new_lr.extensions, samlp.Extensions)
assert isinstance(new_lr.status, samlp.Status)
def testUsingTestData(self):
"""Test for logout_response_from_string() using test data"""
new_lr = samlp.logout_response_from_string(
samlp_data.TEST_LOGOUT_RESPONSE)
assert new_lr.id == "response id"
assert new_lr.in_response_to == "request id"
assert new_lr.version == saml2.VERSION
assert new_lr.issue_instant == "2007-09-14T01:05:02Z"
assert new_lr.destination == "http://www.example.com/Destination"
assert new_lr.consent == saml.CONSENT_UNSPECIFIED
assert isinstance(new_lr.issuer, saml.Issuer)
assert isinstance(new_lr.signature, ds.Signature)
assert isinstance(new_lr.extensions, samlp.Extensions)
assert isinstance(new_lr.status, samlp.Status)