|
Packit Service |
88ab54 |
# -*- coding: UTF-8 -*-
|
|
Packit Service |
88ab54 |
#
|
|
Packit Service |
88ab54 |
# $Id: profiles_tests.py 3254 2007-06-05 21:23:57Z fpeters $
|
|
Packit Service |
88ab54 |
#
|
|
Packit Service |
88ab54 |
# Python unit tests for Lasso library
|
|
Packit Service |
88ab54 |
#
|
|
Packit Service |
88ab54 |
# Copyright (C) 2004-2007 Entr'ouvert
|
|
Packit Service |
88ab54 |
# http://lasso.entrouvert.org
|
|
Packit Service |
88ab54 |
#
|
|
Packit Service |
88ab54 |
# Authors: See AUTHORS file in top-level directory.
|
|
Packit Service |
88ab54 |
#
|
|
Packit Service |
88ab54 |
# This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
88ab54 |
# it under the terms of the GNU General Public License as published by
|
|
Packit Service |
88ab54 |
# the Free Software Foundation; either version 2 of the License, or
|
|
Packit Service |
88ab54 |
# (at your option) any later version.
|
|
Packit Service |
88ab54 |
#
|
|
Packit Service |
88ab54 |
# This program is distributed in the hope that it will be useful,
|
|
Packit Service |
88ab54 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
88ab54 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
88ab54 |
# GNU General Public License for more details.
|
|
Packit Service |
88ab54 |
#
|
|
Packit Service |
88ab54 |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
88ab54 |
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
import os
|
|
Packit Service |
88ab54 |
import unittest
|
|
Packit Service |
88ab54 |
import sys
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
if not '..' in sys.path:
|
|
Packit Service |
88ab54 |
sys.path.insert(0, '..')
|
|
Packit Service |
88ab54 |
if not '../.libs' in sys.path:
|
|
Packit Service |
88ab54 |
sys.path.insert(0, '../.libs')
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
import lasso
|
|
Packit Service |
88ab54 |
import logging
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
logging.basicConfig()
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
try:
|
|
Packit Service |
88ab54 |
dataDir
|
|
Packit Service |
88ab54 |
except NameError:
|
|
Packit Service |
88ab54 |
srcdir = os.environ.get('TOP_SRCDIR', '.')
|
|
Packit Service |
88ab54 |
dataDir = '%s/tests/data' % srcdir
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def server(local_name, remote_role, remote_name):
|
|
Packit Service |
88ab54 |
pwd = os.path.join(dataDir, local_name, 'password')
|
|
Packit Service |
88ab54 |
password = None
|
|
Packit Service |
88ab54 |
if os.path.exists(pwd):
|
|
Packit Service |
88ab54 |
password = open(pwd).read()
|
|
Packit Service |
88ab54 |
s = lasso.Server(os.path.join(dataDir, local_name, 'metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, local_name, 'private-key.pem'),
|
|
Packit Service |
88ab54 |
password)
|
|
Packit Service |
88ab54 |
s.addProvider(remote_role, os.path.join(dataDir, remote_name, 'metadata.xml'))
|
|
Packit Service |
88ab54 |
return s
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
class ServerTestCase(unittest.TestCase):
|
|
Packit Service |
88ab54 |
def test01(self):
|
|
Packit Service |
88ab54 |
"""Server construction, dump & newFromDump."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
dump = lassoServer.dump()
|
|
Packit Service |
88ab54 |
lassoServer2 = lassoServer.newFromDump(dump)
|
|
Packit Service |
88ab54 |
dump2 = lassoServer2.dump()
|
|
Packit Service |
88ab54 |
self.failUnlessEqual(dump, dump2)
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test02(self):
|
|
Packit Service |
88ab54 |
"""Server construction without argument, dump & newFromDump."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/public-key.pem'))
|
|
Packit Service |
88ab54 |
dump = lassoServer.dump()
|
|
Packit Service |
88ab54 |
lassoServer2 = lassoServer.newFromDump(dump)
|
|
Packit Service |
88ab54 |
dump2 = lassoServer2.dump()
|
|
Packit Service |
88ab54 |
self.failUnlessEqual(dump, dump2)
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
class LoginTestCase(unittest.TestCase):
|
|
Packit Service |
88ab54 |
def test01(self):
|
|
Packit Service |
88ab54 |
"""SP login; testing access to authentication request."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
login = lasso.Login(lassoServer)
|
|
Packit Service |
88ab54 |
login.initAuthnRequest()
|
|
Packit Service |
88ab54 |
login.request
|
|
Packit Service |
88ab54 |
login.request.protocolProfile = lasso.LIB_PROTOCOL_PROFILE_BRWS_ART
|
|
Packit Service |
88ab54 |
self.failUnlessEqual(login.request.protocolProfile, lasso.LIB_PROTOCOL_PROFILE_BRWS_ART)
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test02(self):
|
|
Packit Service |
88ab54 |
"""SP login; testing processing of an empty Response."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
login = lasso.Login(lassoServer)
|
|
Packit Service |
88ab54 |
try:
|
|
Packit Service |
88ab54 |
login.processResponseMsg('')
|
|
Packit Service |
88ab54 |
except lasso.Error as error:
|
|
Packit Service |
88ab54 |
if error[0] != lasso.PROFILE_ERROR_INVALID_MSG:
|
|
Packit Service |
88ab54 |
raise
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test03(self):
|
|
Packit Service |
88ab54 |
"""Conversion of a lib:AuthnRequest with an AuthnContext into a query and back."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
sp = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
sp.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
spLogin = lasso.Login(sp)
|
|
Packit Service |
88ab54 |
spLogin.initAuthnRequest()
|
|
Packit Service |
88ab54 |
requestAuthnContext = lasso.LibRequestAuthnContext()
|
|
Packit Service |
88ab54 |
authnContextClassRefsList = []
|
|
Packit Service |
88ab54 |
authnContextClassRefsList.append(
|
|
Packit Service |
88ab54 |
lasso.LIB_AUTHN_CONTEXT_CLASS_REF_PASSWORD)
|
|
Packit Service |
88ab54 |
requestAuthnContext.authnContextClassRef = tuple(authnContextClassRefsList)
|
|
Packit Service |
88ab54 |
spLogin.request.requestAuthnContext = requestAuthnContext
|
|
Packit Service |
88ab54 |
spLogin.request.protocolProfile = lasso.LIB_PROTOCOL_PROFILE_BRWS_ART
|
|
Packit Service |
88ab54 |
spLogin.buildAuthnRequestMsg()
|
|
Packit Service |
88ab54 |
authnRequestUrl = spLogin.msgUrl
|
|
Packit Service |
88ab54 |
authnRequestQuery = spLogin.msgUrl[spLogin.msgUrl.index('?') + 1:]
|
|
Packit Service |
88ab54 |
idp = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
idp.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
idpLogin = lasso.Login(idp)
|
|
Packit Service |
88ab54 |
idpLogin.processAuthnRequestMsg(authnRequestQuery)
|
|
Packit Service |
88ab54 |
self.failUnless(idpLogin.request.requestAuthnContext)
|
|
Packit Service |
88ab54 |
authnContextClassRefsList = idpLogin.request.requestAuthnContext.authnContextClassRef
|
|
Packit Service |
88ab54 |
self.failUnlessEqual(len(authnContextClassRefsList), 1)
|
|
Packit Service |
88ab54 |
self.failUnlessEqual(authnContextClassRefsList[0],
|
|
Packit Service |
88ab54 |
lasso.LIB_AUTHN_CONTEXT_CLASS_REF_PASSWORD)
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test04(self):
|
|
Packit Service |
88ab54 |
"""Conversion of a lib:AuthnRequest with extensions into a query and back."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
sp = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
sp.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
spLogin = lasso.Login(sp)
|
|
Packit Service |
88ab54 |
spLogin.initAuthnRequest()
|
|
Packit Service |
88ab54 |
requestAuthnContext = lasso.LibRequestAuthnContext()
|
|
Packit Service |
88ab54 |
extensionList = []
|
|
Packit Service |
88ab54 |
for extension in (
|
|
Packit Service |
88ab54 |
'<action>do</action>',
|
|
Packit Service |
88ab54 |
'<action2>do action 2</action2><action3>do action 3</action3>'):
|
|
Packit Service |
88ab54 |
extensionList.append(
|
|
Packit Service |
88ab54 |
'<lib:Extension xmlns:lib="urn:liberty:iff:2003-08">%s</lib:Extension>'
|
|
Packit Service |
88ab54 |
% extension)
|
|
Packit Service |
88ab54 |
spLogin.request.extension = tuple(extensionList)
|
|
Packit Service |
88ab54 |
spLogin.request.protocolProfile = lasso.LIB_PROTOCOL_PROFILE_BRWS_ART
|
|
Packit Service |
88ab54 |
spLogin.buildAuthnRequestMsg()
|
|
Packit Service |
88ab54 |
authnRequestUrl = spLogin.msgUrl
|
|
Packit Service |
88ab54 |
authnRequestQuery = spLogin.msgUrl[spLogin.msgUrl.index('?') + 1:]
|
|
Packit Service |
88ab54 |
idp = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
idp.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
idpLogin = lasso.Login(idp)
|
|
Packit Service |
88ab54 |
idpLogin.processAuthnRequestMsg(authnRequestQuery)
|
|
Packit Service |
88ab54 |
self.failUnless(idpLogin.request.extension)
|
|
Packit Service |
88ab54 |
extensionsList = idpLogin.request.extension
|
|
Packit Service |
88ab54 |
self.failUnlessEqual(len(extensionsList), 1)
|
|
Packit Service |
88ab54 |
self.failUnless('<action>do</action>' in extensionsList[0])
|
|
Packit Service |
88ab54 |
self.failUnless('<action2>do action 2</action2>' in extensionsList[0])
|
|
Packit Service |
88ab54 |
self.failUnless('<action3>do action 3</action3>' in extensionsList[0])
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test05(self):
|
|
Packit Service |
88ab54 |
'''SAMLv2 Authn request emitted and received using Artifact binding'''
|
|
Packit Service |
88ab54 |
sp = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/private-key.pem'))
|
|
Packit Service |
88ab54 |
assert sp
|
|
Packit Service |
88ab54 |
sp.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp5-saml2/metadata.xml'))
|
|
Packit Service |
88ab54 |
sp_login = lasso.Login(sp)
|
|
Packit Service |
88ab54 |
assert sp_login
|
|
Packit Service |
88ab54 |
sp_login.initAuthnRequest(None, lasso.HTTP_METHOD_ARTIFACT_GET)
|
|
Packit Service |
88ab54 |
sp_login.buildAuthnRequestMsg()
|
|
Packit Service |
88ab54 |
sp_login_dump = sp_login.dump()
|
|
Packit Service |
88ab54 |
idp = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp5-saml2/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp5-saml2/private-key.pem'))
|
|
Packit Service |
88ab54 |
idp.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/metadata.xml'))
|
|
Packit Service |
88ab54 |
idp_login = lasso.Login(idp)
|
|
Packit Service |
88ab54 |
idp_login.initRequest(sp_login.msgUrl.split('?')[1], lasso.HTTP_METHOD_ARTIFACT_GET)
|
|
Packit Service |
88ab54 |
idp_login.buildRequestMsg()
|
|
Packit Service |
88ab54 |
sp_login2 = lasso.Login.newFromDump(sp, sp_login_dump)
|
|
Packit Service |
88ab54 |
assert isinstance(sp_login2, lasso.Login)
|
|
Packit Service |
88ab54 |
assert idp_login.msgBody
|
|
Packit Service |
88ab54 |
sp_login2.processRequestMsg(idp_login.msgBody)
|
|
Packit Service |
88ab54 |
sp_login2.buildResponseMsg()
|
|
Packit Service |
88ab54 |
assert sp_login2.msgBody
|
|
Packit Service |
88ab54 |
try:
|
|
Packit Service |
88ab54 |
idp_login.processResponseMsg(sp_login2.msgBody)
|
|
Packit Service |
88ab54 |
except:
|
|
Packit Service |
88ab54 |
raise
|
|
Packit Service |
88ab54 |
assert isinstance(idp_login.request, lasso.Samlp2AuthnRequest)
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test_06(self):
|
|
Packit Service |
88ab54 |
'''Login test between SP and IdP with encrypted private keys'''
|
|
Packit Service |
88ab54 |
sp_server = server('sp7-saml2', lasso.PROVIDER_ROLE_IDP, 'idp7-saml2')
|
|
Packit Service |
88ab54 |
idp_server = server('idp7-saml2', lasso.PROVIDER_ROLE_SP, 'sp7-saml2')
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
sp_login = lasso.Login(sp_server)
|
|
Packit Service |
88ab54 |
sp_login.initAuthnRequest()
|
|
Packit Service |
88ab54 |
sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST;
|
|
Packit Service |
88ab54 |
sp_login.buildAuthnRequestMsg()
|
|
Packit Service |
88ab54 |
idp_login = lasso.Login(idp_server)
|
|
Packit Service |
88ab54 |
idp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
|
|
Packit Service |
88ab54 |
idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
|
|
Packit Service |
88ab54 |
idp_login.validateRequestMsg(True, True)
|
|
Packit Service |
88ab54 |
idp_login.buildAssertion("None", "None", "None", "None", "None")
|
|
Packit Service |
88ab54 |
idp_login.buildAuthnResponseMsg()
|
|
Packit Service |
88ab54 |
sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
|
|
Packit Service |
88ab54 |
sp_login.processAuthnResponseMsg(idp_login.msgBody)
|
|
Packit Service |
88ab54 |
sp_login.acceptSso()
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test07(self):
|
|
Packit Service |
88ab54 |
'''SAMLv2 SSO with DSA key for the IdP'''
|
|
Packit Service |
88ab54 |
sp = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/private-key.pem'))
|
|
Packit Service |
88ab54 |
assert sp
|
|
Packit Service |
88ab54 |
sp.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp12-dsa-saml2/metadata.xml'))
|
|
Packit Service |
88ab54 |
sp_login = lasso.Login(sp)
|
|
Packit Service |
88ab54 |
assert sp_login
|
|
Packit Service |
88ab54 |
sp_login.initAuthnRequest(None, lasso.HTTP_METHOD_REDIRECT)
|
|
Packit Service |
88ab54 |
sp_login.buildAuthnRequestMsg()
|
|
Packit Service |
88ab54 |
idp = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp12-dsa-saml2/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp12-dsa-saml2/private-key.pem'))
|
|
Packit Service |
88ab54 |
idp.signatureMethod = lasso.SIGNATURE_METHOD_DSA_SHA1
|
|
Packit Service |
88ab54 |
idp.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/metadata.xml'))
|
|
Packit Service |
88ab54 |
idp_login = lasso.Login(idp)
|
|
Packit Service |
88ab54 |
idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
|
|
Packit Service |
88ab54 |
idp_login.protocolProfile = lasso.LOGIN_PROTOCOL_PROFILE_BRWS_POST;
|
|
Packit Service |
88ab54 |
idp_login.validateRequestMsg(True, True)
|
|
Packit Service |
88ab54 |
idp_login.buildAssertion("None", "None", "None", "None", "None")
|
|
Packit Service |
88ab54 |
idp_login.buildAuthnResponseMsg()
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
class LogoutTestCase(unittest.TestCase):
|
|
Packit Service |
88ab54 |
def test01(self):
|
|
Packit Service |
88ab54 |
"""SP logout without session and identity; testing initRequest."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_IDP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
logout = lasso.Logout(lassoServer)
|
|
Packit Service |
88ab54 |
try:
|
|
Packit Service |
88ab54 |
logout.initRequest()
|
|
Packit Service |
88ab54 |
except lasso.Error as error:
|
|
Packit Service |
88ab54 |
if error[0] != lasso.PROFILE_ERROR_SESSION_NOT_FOUND:
|
|
Packit Service |
88ab54 |
raise
|
|
Packit Service |
88ab54 |
else:
|
|
Packit Service |
88ab54 |
self.fail('logout.initRequest without having set identity before should fail')
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test02(self):
|
|
Packit Service |
88ab54 |
"""IDP logout without session and identity; testing logout.getNextProviderId."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
logout = lasso.Logout(lassoServer)
|
|
Packit Service |
88ab54 |
self.failIf(logout.getNextProviderId())
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test03(self):
|
|
Packit Service |
88ab54 |
"""IDP logout; testing processRequestMsg with non Liberty query."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
logout = lasso.Logout(lassoServer)
|
|
Packit Service |
88ab54 |
# The processRequestMsg should fail but not abort.
|
|
Packit Service |
88ab54 |
try:
|
|
Packit Service |
88ab54 |
logout.processRequestMsg('passport=0&lasso=1')
|
|
Packit Service |
88ab54 |
except lasso.Error as error:
|
|
Packit Service |
88ab54 |
if error[0] != lasso.PROFILE_ERROR_INVALID_MSG:
|
|
Packit Service |
88ab54 |
raise
|
|
Packit Service |
88ab54 |
else:
|
|
Packit Service |
88ab54 |
self.fail('Logout processRequestMsg should have failed.')
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
def test04(self):
|
|
Packit Service |
88ab54 |
"""IDP logout; testing processResponseMsg with non Liberty query."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
logout = lasso.Logout(lassoServer)
|
|
Packit Service |
88ab54 |
# The processResponseMsg should fail but not abort.
|
|
Packit Service |
88ab54 |
try:
|
|
Packit Service |
88ab54 |
logout.processResponseMsg('liberty=&alliance')
|
|
Packit Service |
88ab54 |
except lasso.Error as error:
|
|
Packit Service |
88ab54 |
if error[0] != lasso.PROFILE_ERROR_INVALID_MSG:
|
|
Packit Service |
88ab54 |
raise
|
|
Packit Service |
88ab54 |
else:
|
|
Packit Service |
88ab54 |
self.fail('Logout processResponseMsg should have failed.')
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
2769b2 |
def test05(self):
|
|
Packit Service |
2769b2 |
'''Test parsing of a logout request with more than one session index'''
|
|
Packit Service |
2769b2 |
content = '''<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxxx" Version="2.0" IssueInstant="2010-06-14T22:00:00">
|
|
Packit Service |
2769b2 |
<saml:Issuer>me</saml:Issuer>
|
|
Packit Service |
2769b2 |
<saml:NameID>coin</saml:NameID>
|
|
Packit Service |
2769b2 |
<samlp:SessionIndex>id1</samlp:SessionIndex>
|
|
Packit Service |
2769b2 |
<samlp:SessionIndex>id2</samlp:SessionIndex>
|
|
Packit Service |
2769b2 |
<samlp:SessionIndex>id3</samlp:SessionIndex>
|
|
Packit Service |
2769b2 |
</samlp:LogoutRequest>'''
|
|
Packit Service |
2769b2 |
|
|
Packit Service |
2769b2 |
node = lasso.Samlp2LogoutRequest.newFromXmlNode(content)
|
|
Packit Service |
2769b2 |
assert isinstance(node, lasso.Samlp2LogoutRequest)
|
|
Packit Service |
2769b2 |
assert node.sessionIndex == 'id1'
|
|
Packit Service |
2769b2 |
assert node.sessionIndexes == ('id1', 'id2', 'id3')
|
|
Packit Service |
2769b2 |
|
|
Packit Service |
88ab54 |
class DefederationTestCase(unittest.TestCase):
|
|
Packit Service |
88ab54 |
def test01(self):
|
|
Packit Service |
88ab54 |
"""IDP initiated defederation; testing processNotificationMsg with non Liberty query."""
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
lassoServer = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/private-key-raw.pem'),
|
|
Packit Service |
88ab54 |
None,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
lassoServer.addProvider(
|
|
Packit Service |
88ab54 |
lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/public-key.pem'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp1-la/certificate.pem'))
|
|
Packit Service |
88ab54 |
defederation = lasso.Defederation(lassoServer)
|
|
Packit Service |
88ab54 |
# The processNotificationMsg should fail but not abort.
|
|
Packit Service |
88ab54 |
try:
|
|
Packit Service |
88ab54 |
defederation.processNotificationMsg('nonLibertyQuery=1')
|
|
Packit Service |
88ab54 |
except lasso.Error as error:
|
|
Packit Service |
88ab54 |
if error[0] != lasso.PROFILE_ERROR_INVALID_MSG:
|
|
Packit Service |
88ab54 |
raise
|
|
Packit Service |
88ab54 |
else:
|
|
Packit Service |
88ab54 |
self.fail('Defederation processNotificationMsg should have failed.')
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
class IdentityTestCase(unittest.TestCase):
|
|
Packit Service |
88ab54 |
def test01(self):
|
|
Packit Service |
88ab54 |
"""Identity newFromDump & dump."""
|
|
Packit Service |
88ab54 |
return
|
|
Packit Service |
88ab54 |
# test disabled since dump format changed
|
|
Packit Service |
88ab54 |
identityDump = """<Identity xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="1"><Federations><Federation xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="1" RemoteProviderID="https://sp1.entrouvert.lan/metadata"><LocalNameIdentifier><saml:NameIdentifier xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="https://proxy2.entrouvert.lan/metadata" Format="urn:liberty:iff:nameid:federated">_CD739B41C602EAEA93626EBD1751CB46</saml:NameIdentifier></LocalNameIdentifier></Federation><Federation xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="1" RemoteProviderID="https://idp1.entrouvert.lan/metadata"><RemoteNameIdentifier><saml:NameIdentifier xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="https://idp1.entrouvert.lan/metadata" Format="urn:liberty:iff:nameid:federated">_11EA77A4FED32C41824AC5DE87298E65</saml:NameIdentifier></RemoteNameIdentifier></Federation></Federations></Identity>"""
|
|
Packit Service |
88ab54 |
identity = lasso.Identity.newFromDump(identityDump)
|
|
Packit Service |
88ab54 |
newIdentityDump = identity.dump()
|
|
Packit Service |
88ab54 |
self.failUnlessEqual(identityDump, newIdentityDump)
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
class AttributeAuthorityTestCase(unittest.TestCase):
|
|
Packit Service |
88ab54 |
def test01(self):
|
|
Packit Service |
88ab54 |
'''Attribute request and response test between sp5 and idp6'''
|
|
Packit Service |
88ab54 |
s = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/private-key.pem'))
|
|
Packit Service |
88ab54 |
s.addProvider(lasso.PROVIDER_ROLE_ATTRIBUTE_AUTHORITY,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp6-saml2/metadata.xml'))
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
s2 = lasso.Server(
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp6-saml2/metadata.xml'),
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'idp6-saml2/private-key.pem'))
|
|
Packit Service |
88ab54 |
s2.addProvider(lasso.PROVIDER_ROLE_SP,
|
|
Packit Service |
88ab54 |
os.path.join(dataDir, 'sp5-saml2/metadata.xml'))
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
aq = lasso.AssertionQuery(s)
|
|
Packit Service |
88ab54 |
rpid = list(s.providers.keys())[0]
|
|
Packit Service |
88ab54 |
aq.initRequest(rpid,
|
|
Packit Service |
88ab54 |
lasso.HTTP_METHOD_SOAP,
|
|
Packit Service |
88ab54 |
lasso.ASSERTION_QUERY_REQUEST_TYPE_ATTRIBUTE)
|
|
Packit Service |
88ab54 |
assert aq.request
|
|
Packit Service |
88ab54 |
assert aq.remoteProviderId == rpid
|
|
Packit Service |
88ab54 |
nid = lasso.Saml2NameID.newWithPersistentFormat(
|
|
Packit Service |
88ab54 |
lasso.buildUniqueId(32),
|
|
Packit Service |
88ab54 |
s.providerId, s2.providerId)
|
|
Packit Service |
88ab54 |
aq.nameIdentifier = nid
|
|
Packit Service |
88ab54 |
aq.addAttributeRequest(
|
|
Packit Service |
88ab54 |
lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC,
|
|
Packit Service |
88ab54 |
'testAttribute')
|
|
Packit Service |
88ab54 |
aq.buildRequestMsg()
|
|
Packit Service |
88ab54 |
assert aq.msgUrl
|
|
Packit Service |
88ab54 |
assert aq.msgBody
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
aq2 = lasso.AssertionQuery(s2)
|
|
Packit Service |
88ab54 |
aq2.processRequestMsg(aq.msgBody)
|
|
Packit Service |
88ab54 |
assert aq.request
|
|
Packit Service |
88ab54 |
aq2.validateRequest()
|
|
Packit Service |
88ab54 |
assert aq2.response
|
|
Packit Service |
88ab54 |
assertion = lasso.Saml2Assertion()
|
|
Packit Service |
88ab54 |
aq2.response.assertion = (assertion, )
|
|
Packit Service |
88ab54 |
for attribute in aq2.request.attribute:
|
|
Packit Service |
88ab54 |
content = lasso.MiscTextNode.newWithString("xxx")
|
|
Packit Service |
88ab54 |
content.textChild = True
|
|
Packit Service |
88ab54 |
assertion.addAttributeWithNode(attribute.name, attribute.nameFormat,
|
|
Packit Service |
88ab54 |
content)
|
|
Packit Service |
88ab54 |
assertion.addAttributeWithNode(attribute.name, attribute.nameFormat,
|
|
Packit Service |
88ab54 |
content)
|
|
Packit Service |
88ab54 |
assertion.subject = aq.request.subject
|
|
Packit Service |
88ab54 |
s2.saml2AssertionSetupSignature(assertion)
|
|
Packit Service |
88ab54 |
aq2.buildResponseMsg()
|
|
Packit Service |
88ab54 |
aq.processResponseMsg(aq2.msgBody)
|
|
Packit Service |
88ab54 |
assert aq.response
|
|
Packit Service |
88ab54 |
assert aq.response.assertion[0]
|
|
Packit Service |
88ab54 |
assert aq.response.assertion[0].attributeStatement[0]
|
|
Packit Service |
88ab54 |
assert aq.response.assertion[0].attributeStatement[0].attribute[0]
|
|
Packit Service |
88ab54 |
assert aq.response.assertion[0].attributeStatement[0].attribute[0].attributeValue[0]
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
serverSuite = unittest.makeSuite(ServerTestCase, 'test')
|
|
Packit Service |
88ab54 |
loginSuite = unittest.makeSuite(LoginTestCase, 'test')
|
|
Packit Service |
88ab54 |
logoutSuite = unittest.makeSuite(LogoutTestCase, 'test')
|
|
Packit Service |
88ab54 |
defederationSuite = unittest.makeSuite(DefederationTestCase, 'test')
|
|
Packit Service |
88ab54 |
identitySuite = unittest.makeSuite(IdentityTestCase, 'test')
|
|
Packit Service |
88ab54 |
attributeSuite = unittest.makeSuite(AttributeAuthorityTestCase, 'test')
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
allTests = unittest.TestSuite((serverSuite, loginSuite, logoutSuite, defederationSuite,
|
|
Packit Service |
2769b2 |
identitySuite, attributeSuite))
|
|
Packit Service |
88ab54 |
|
|
Packit Service |
88ab54 |
if __name__ == '__main__':
|
|
Packit Service |
88ab54 |
sys.exit(not unittest.TextTestRunner(verbosity = 2).run(allTests).wasSuccessful())
|
|
Packit Service |
88ab54 |
|