From b009d82992548515260f6cb3a4dda3319e7fdec7 Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@gmail.com>
Date: Mon, 7 Dec 2015 15:15:42 +1100
Subject: [PATCH] Extract SAML fixtures into templates

I want to do some more complicated testing with SAML assertions, however
I can't read the XML snippets as they are or have any chance of
modifying them.

Extract the SAML fixtures into template files that I can reuse again
later.

Change-Id: I0af6bc538e53eeff62feb1767f9913f8ba6b9239
---
 .../tests/unit/extras/saml2/fixtures.py       | 171 ------------------
 .../unit/extras/saml2/fixtures/__init__.py    | 113 ++++++++++++
 .../fixtures/templates/saml_assertion.xml     |  69 +++++++
 .../fixtures/templates/soap_response.xml      |  45 +++++
 4 files changed, 227 insertions(+), 171 deletions(-)
 delete mode 100644 keystoneauth1/tests/unit/extras/saml2/fixtures.py
 create mode 100644 keystoneauth1/tests/unit/extras/saml2/fixtures/__init__.py
 create mode 100644 keystoneauth1/tests/unit/extras/saml2/fixtures/templates/saml_assertion.xml
 create mode 100644 keystoneauth1/tests/unit/extras/saml2/fixtures/templates/soap_response.xml

diff --git a/keystoneauth1/tests/unit/extras/saml2/fixtures.py b/keystoneauth1/tests/unit/extras/saml2/fixtures.py
deleted file mode 100644
index 2ecae6ad..00000000
--- a/keystoneauth1/tests/unit/extras/saml2/fixtures.py
+++ /dev/null
@@ -1,171 +0,0 @@
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-import six
-
-SP_SOAP_RESPONSE = six.b("""<S:Envelope
-xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
-<S:Header>
-<paos:Request xmlns:paos="urn:liberty:paos:2003-08"
-S:actor="http://schemas.xmlsoap.org/soap/actor/next"
-S:mustUnderstand="1"
-responseConsumerURL="https://openstack4.local/Shibboleth.sso/SAML2/ECP"
-service="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
-<ecp:Request xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
-IsPassive="0" S:actor="http://schemas.xmlsoap.org/soap/actor/next"
-S:mustUnderstand="1">
-<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
-https://openstack4.local/shibboleth
-</saml:Issuer>
-<samlp:IDPList xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
-<samlp:IDPEntry ProviderID="https://idp.testshib.org/idp/shibboleth"/>
-</samlp:IDPList></ecp:Request>
-<ecp:RelayState xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
-S:actor="http://schemas.xmlsoap.org/soap/actor/next" S:mustUnderstand="1">
-ss:mem:6f1f20fafbb38433467e9d477df67615</ecp:RelayState>
-</S:Header><S:Body><samlp:AuthnRequest
-xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-AssertionConsumerServiceURL="https://openstack4.local/Shibboleth.sso/SAML2/ECP"
- ID="_a07186e3992e70e92c17b9d249495643" IssueInstant="2014-06-09T09:48:57Z"
- ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Version="2.0">
- <saml:Issuer
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
- https://openstack4.local/shibboleth
- </saml:Issuer><samlp:NameIDPolicy AllowCreate="1"/><samlp:Scoping>
- <samlp:IDPList>
- <samlp:IDPEntry ProviderID="https://idp.testshib.org/idp/shibboleth"/>
- </samlp:IDPList></samlp:Scoping></samlp:AuthnRequest></S:Body></S:Envelope>
-""")
-
-
-SAML2_ASSERTION = six.b("""<?xml version="1.0" encoding="UTF-8"?>
-<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
-<soap11:Header>
-<ecp:Response xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
-AssertionConsumerServiceURL="https://openstack4.local/Shibboleth.sso/SAML2/ECP"
- soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
- soap11:mustUnderstand="1"/>
- <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec"
- soap11:actor="http://schemas.xmlsoap.org/soap/actor/next">
- x=
- </samlec:GeneratedKey>
- </soap11:Header>
- <soap11:Body>
- <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
-Destination="https://openstack4.local/Shibboleth.sso/SAML2/ECP"
-ID="_bbbe6298d7ee586c915d952013875440"
-InResponseTo="_a07186e3992e70e92c17b9d249495643"
-IssueInstant="2014-06-09T09:48:58.945Z" Version="2.0">
-<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
-Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
-https://idp.testshib.org/idp/shibboleth
-</saml2:Issuer><saml2p:Status>
-<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
-</saml2p:Status>
-<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
-<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
-Id="_e5215ac77a6028a8da8caa8be89bad44"
-Type="http://www.w3.org/2001/04/xmlenc#Element">
-<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
-xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
-<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-<xenc:EncryptedKey Id="_204349856f6e73c9480afc949d1b4643"
-xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
-<xenc:EncryptionMethod
-Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
-xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
-xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
-</xenc:EncryptionMethod><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
-</ds:X509Certificate>
-</ds:X509Data></ds:KeyInfo>
-<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
-<xenc:CipherValue>VALUE==</xenc:CipherValue></xenc:CipherData>
-</xenc:EncryptedKey></ds:KeyInfo>
-<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
-<xenc:CipherValue>VALUE=</xenc:CipherValue></xenc:CipherData>
-</xenc:EncryptedData></saml2:EncryptedAssertion></saml2p:Response>
-</soap11:Body></soap11:Envelope>
-""")
-
-UNSCOPED_TOKEN_HEADER = 'UNSCOPED_TOKEN'
-
-UNSCOPED_TOKEN = {
-    "token": {
-        "issued_at": "2014-06-09T09:48:59.643406Z",
-        "extras": {},
-        "methods": ["saml2"],
-        "expires_at": "2014-06-09T10:48:59.643375Z",
-        "user": {
-            "OS-FEDERATION": {
-                "identity_provider": {
-                    "id": "testshib"
-                },
-                "protocol": {
-                    "id": "saml2"
-                },
-                "groups": [
-                    {"id": "1764fa5cf69a49a4918131de5ce4af9a"}
-                ]
-            },
-            "id": "testhib%20user",
-            "name": "testhib user"
-        }
-    }
-}
-
-PROJECTS = {
-    "projects": [
-        {
-            "domain_id": "37ef61",
-            "enabled": 'true',
-            "id": "12d706",
-            "links": {
-                "self": "http://identity:35357/v3/projects/12d706"
-            },
-            "name": "a project name"
-        },
-        {
-            "domain_id": "37ef61",
-            "enabled": 'true',
-            "id": "9ca0eb",
-            "links": {
-                "self": "http://identity:35357/v3/projects/9ca0eb"
-            },
-            "name": "another project"
-        }
-    ],
-    "links": {
-        "self": "http://identity:35357/v3/OS-FEDERATION/projects",
-        "previous": 'null',
-        "next": 'null'
-    }
-}
-
-DOMAINS = {
-    "domains": [
-        {
-            "description": "desc of domain",
-            "enabled": 'true',
-            "id": "37ef61",
-            "links": {
-                "self": "http://identity:35357/v3/domains/37ef61"
-            },
-            "name": "my domain"
-        }
-    ],
-    "links": {
-        "self": "http://identity:35357/v3/OS-FEDERATION/domains",
-        "previous": 'null',
-        "next": 'null'
-    }
-}
diff --git a/keystoneauth1/tests/unit/extras/saml2/fixtures/__init__.py b/keystoneauth1/tests/unit/extras/saml2/fixtures/__init__.py
new file mode 100644
index 00000000..b41e2c15
--- /dev/null
+++ b/keystoneauth1/tests/unit/extras/saml2/fixtures/__init__.py
@@ -0,0 +1,113 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import os
+import string
+
+DIR = os.path.dirname(os.path.abspath(__file__))
+
+
+def template(f, **kwargs):
+    with open(os.path.join(DIR, 'templates', f)) as f:
+        return string.Template(f.read()).substitute(**kwargs)
+
+
+def soap_response(**kwargs):
+    kwargs.setdefault('provider', 'https://idp.testshib.org/idp/shibboleth')
+    kwargs.setdefault('consumer',
+                      'https://openstack4.local/Shibboleth.sso/SAML2/ECP')
+    kwargs.setdefault('issuer', 'https://openstack4.local/shibboleth')
+    return template('soap_response.xml', **kwargs).encode('utf-8')
+
+
+def saml_assertion(**kwargs):
+    kwargs.setdefault('issuer', 'https://idp.testshib.org/idp/shibboleth')
+    kwargs.setdefault('destination',
+                      'https://openstack4.local/Shibboleth.sso/SAML2/ECP')
+    return template('saml_assertion.xml', **kwargs).encode('utf-8')
+
+
+SP_SOAP_RESPONSE = soap_response()
+SAML2_ASSERTION = saml_assertion()
+
+UNSCOPED_TOKEN_HEADER = 'UNSCOPED_TOKEN'
+
+UNSCOPED_TOKEN = {
+    "token": {
+        "issued_at": "2014-06-09T09:48:59.643406Z",
+        "extras": {},
+        "methods": ["saml2"],
+        "expires_at": "2014-06-09T10:48:59.643375Z",
+        "user": {
+            "OS-FEDERATION": {
+                "identity_provider": {
+                    "id": "testshib"
+                },
+                "protocol": {
+                    "id": "saml2"
+                },
+                "groups": [
+                    {"id": "1764fa5cf69a49a4918131de5ce4af9a"}
+                ]
+            },
+            "id": "testhib%20user",
+            "name": "testhib user"
+        }
+    }
+}
+
+PROJECTS = {
+    "projects": [
+        {
+            "domain_id": "37ef61",
+            "enabled": 'true',
+            "id": "12d706",
+            "links": {
+                "self": "http://identity:35357/v3/projects/12d706"
+            },
+            "name": "a project name"
+        },
+        {
+            "domain_id": "37ef61",
+            "enabled": 'true',
+            "id": "9ca0eb",
+            "links": {
+                "self": "http://identity:35357/v3/projects/9ca0eb"
+            },
+            "name": "another project"
+        }
+    ],
+    "links": {
+        "self": "http://identity:35357/v3/OS-FEDERATION/projects",
+        "previous": 'null',
+        "next": 'null'
+    }
+}
+
+DOMAINS = {
+    "domains": [
+        {
+            "description": "desc of domain",
+            "enabled": 'true',
+            "id": "37ef61",
+            "links": {
+                "self": "http://identity:35357/v3/domains/37ef61"
+            },
+            "name": "my domain"
+        }
+    ],
+    "links": {
+        "self": "http://identity:35357/v3/OS-FEDERATION/domains",
+        "previous": 'null',
+        "next": 'null'
+    }
+}
diff --git a/keystoneauth1/tests/unit/extras/saml2/fixtures/templates/saml_assertion.xml b/keystoneauth1/tests/unit/extras/saml2/fixtures/templates/saml_assertion.xml
new file mode 100644
index 00000000..13069370
--- /dev/null
+++ b/keystoneauth1/tests/unit/extras/saml2/fixtures/templates/saml_assertion.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
+    <soap11:Header>
+        <ecp:Response xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
+                AssertionConsumerServiceURL="$destination"
+                soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
+                soap11:mustUnderstand="1"/>
+        <samlec:GeneratedKey
+                xmlns:samlec="urn:ietf:params:xml:ns:samlec"
+                soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"> x=
+        </samlec:GeneratedKey>
+    </soap11:Header>
+    <soap11:Body>
+        <saml2p:Response
+                xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
+                Destination="$destination"
+                ID="_bbbe6298d7ee586c915d952013875440"
+                InResponseTo="_a07186e3992e70e92c17b9d249495643"
+                IssueInstant="2014-06-09T09:48:58.945Z" Version="2.0">
+            <saml2:Issuer
+                    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+                    Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
+                $issuer
+            </saml2:Issuer>
+            <saml2p:Status>
+                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+            </saml2p:Status>
+            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
+                <xenc:EncryptedData
+                        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+                        Id="_e5215ac77a6028a8da8caa8be89bad44"
+                        Type="http://www.w3.org/2001/04/xmlenc#Element">
+                    <xenc:EncryptionMethod
+                            Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
+                            xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <xenc:EncryptedKey
+                                Id="_204349856f6e73c9480afc949d1b4643"
+                                xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+                            <xenc:EncryptionMethod
+                                    Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
+                                    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+                                <ds:DigestMethod
+                                        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
+                                        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+                            </xenc:EncryptionMethod>
+                            <ds:KeyInfo>
+                                <ds:X509Data>
+                                    <ds:X509Certificate>
+                                    </ds:X509Certificate>
+                                </ds:X509Data>
+                            </ds:KeyInfo>
+                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+                                <xenc:CipherValue>
+                                    VALUE==
+                                </xenc:CipherValue>
+                            </xenc:CipherData>
+                        </xenc:EncryptedKey>
+                    </ds:KeyInfo>
+                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+                        <xenc:CipherValue>
+                            VALUE=
+                        </xenc:CipherValue>
+                    </xenc:CipherData>
+                </xenc:EncryptedData>
+            </saml2:EncryptedAssertion>
+        </saml2p:Response>
+    </soap11:Body>
+</soap11:Envelope>
diff --git a/keystoneauth1/tests/unit/extras/saml2/fixtures/templates/soap_response.xml b/keystoneauth1/tests/unit/extras/saml2/fixtures/templates/soap_response.xml
new file mode 100644
index 00000000..879e5f2e
--- /dev/null
+++ b/keystoneauth1/tests/unit/extras/saml2/fixtures/templates/soap_response.xml
@@ -0,0 +1,45 @@
+<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
+    <S:Header>
+        <paos:Request xmlns:paos="urn:liberty:paos:2003-08"
+                S:actor="http://schemas.xmlsoap.org/soap/actor/next"
+                S:mustUnderstand="1"
+                responseConsumerURL="$consumer"
+                service="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
+        <ecp:Request xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
+                IsPassive="0"
+                S:actor="http://schemas.xmlsoap.org/soap/actor/next"
+                S:mustUnderstand="1">
+            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+                $issuer
+            </saml:Issuer>
+            <samlp:IDPList xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+                <samlp:IDPEntry ProviderID="$provider"/>
+            </samlp:IDPList>
+        </ecp:Request>
+        <ecp:RelayState
+                xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
+                S:actor="http://schemas.xmlsoap.org/soap/actor/next"
+                S:mustUnderstand="1">
+            ss:mem:6f1f20fafbb38433467e9d477df67615
+        </ecp:RelayState>
+    </S:Header>
+    <S:Body>
+        <samlp:AuthnRequest
+                xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+                AssertionConsumerServiceURL="$consumer"
+                ID="_a07186e3992e70e92c17b9d249495643"
+                IssueInstant="2014-06-09T09:48:57Z"
+                ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+                Version="2.0">
+            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+                $issuer
+            </saml:Issuer>
+            <samlp:NameIDPolicy AllowCreate="1"/>
+            <samlp:Scoping>
+                <samlp:IDPList>
+                    <samlp:IDPEntry ProviderID="$provider"/>
+                </samlp:IDPList>
+            </samlp:Scoping>
+        </samlp:AuthnRequest>
+    </S:Body>
+</S:Envelope>