129 lines
3.6 KiB
Python
129 lines
3.6 KiB
Python
|
|
__author__ = 'rolandh'
|
|
|
|
ex1 = """<AuthenticationContextDeclaration
|
|
xmlns="urn:oasis:names:tc:SAML:2.0:ac:classes:Password">
|
|
<AuthnMethod>
|
|
<Authenticator>
|
|
<RestrictedPassword>
|
|
<Length min="4"/>
|
|
</RestrictedPassword>
|
|
</Authenticator>
|
|
</AuthnMethod>
|
|
</AuthenticationContextDeclaration>"""
|
|
|
|
from saml2.saml import AuthnContext
|
|
from saml2.saml import authn_context_from_string
|
|
from saml2.saml import AuthnContextClassRef
|
|
from saml2.authn_context import pword
|
|
from saml2.authn_context import PASSWORDPROTECTEDTRANSPORT
|
|
from saml2.authn_context import AL1
|
|
from saml2.authn_context import AL2
|
|
from saml2.authn_context import AL3
|
|
from saml2.authn_context import AL4
|
|
from saml2.authn_context import AuthnBroker
|
|
from saml2.authn_context import authn_context_decl_from_extension_elements
|
|
from saml2.authn_context import authn_context_factory
|
|
|
|
length = pword.Length(min="4")
|
|
restricted_password = pword.RestrictedPassword(length=length)
|
|
authenticator = pword.Authenticator(restricted_password=restricted_password)
|
|
authn_method = pword.AuthnMethod(authenticator=authenticator)
|
|
ACD = pword.AuthenticationContextDeclaration(authn_method=authn_method)
|
|
|
|
AUTHNCTXT = AuthnContext(authn_context_decl=ACD)
|
|
|
|
|
|
def test_passwd():
|
|
inst = ACD
|
|
inst2 = pword.authentication_context_declaration_from_string(ex1)
|
|
|
|
assert inst == inst2
|
|
|
|
|
|
def test_factory():
|
|
inst_pw = pword.authentication_context_declaration_from_string(ex1)
|
|
inst = authn_context_factory(ex1)
|
|
|
|
assert inst_pw == inst
|
|
|
|
|
|
def test_authn_decl_in_authn_context():
|
|
authnctxt = AuthnContext(authn_context_decl=ACD)
|
|
|
|
acs = authn_context_from_string("%s" % authnctxt)
|
|
if acs.extension_elements:
|
|
cacd = authn_context_decl_from_extension_elements(
|
|
acs.extension_elements)
|
|
if cacd:
|
|
acs.authn_context_decl = cacd
|
|
|
|
assert acs.authn_context_decl == ACD
|
|
|
|
|
|
def test_authn_1():
|
|
accr = AuthnContextClassRef(text=PASSWORDPROTECTEDTRANSPORT)
|
|
ac = AuthnContext(authn_context_class_ref=accr)
|
|
authn = AuthnBroker()
|
|
target = "https://example.org/login"
|
|
authn.add(ac, target,)
|
|
|
|
methods = authn.pick(ac)
|
|
assert len(methods) == 1
|
|
assert target == methods[0]
|
|
|
|
|
|
def test_authn_2():
|
|
authn = AuthnBroker()
|
|
target = "https://example.org/login"
|
|
authn.add(AUTHNCTXT, target)
|
|
|
|
method = authn.pick(AUTHNCTXT)
|
|
assert len(method) == 1
|
|
assert target == method[0]
|
|
|
|
|
|
REF2METHOD = {
|
|
AL1: "https://example.com/authn/pin",
|
|
AL2: "https://example.com/authn/passwd",
|
|
AL3: "https://example.com/authn/multifact",
|
|
AL4: "https://example.com/authn/cert"
|
|
}
|
|
|
|
|
|
def test_authn_3():
|
|
authn = AuthnBroker()
|
|
level = 0
|
|
for ref in [AL1, AL2, AL3, AL4]:
|
|
level += 4
|
|
ac = AuthnContext(
|
|
authn_context_class_ref=AuthnContextClassRef(text=ref))
|
|
|
|
authn.add(ac, REF2METHOD[ref], level)
|
|
|
|
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL1))
|
|
|
|
method = authn.pick(ac)
|
|
assert len(method) == 4
|
|
assert REF2METHOD[AL1] == method[0]
|
|
|
|
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL2))
|
|
|
|
method = authn.pick(ac)
|
|
assert len(method) == 3
|
|
assert REF2METHOD[AL2] == method[0]
|
|
|
|
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL3))
|
|
|
|
method = authn.pick(ac)
|
|
assert len(method) == 2
|
|
assert REF2METHOD[AL3] == method[0]
|
|
|
|
ac = AuthnContext(authn_context_class_ref=AuthnContextClassRef(text=AL4))
|
|
|
|
method = authn.pick(ac)
|
|
assert len(method) == 1
|
|
assert REF2METHOD[AL4] == method[0]
|
|
|
|
if __name__ == "__main__":
|
|
test_authn_3() |