45 |
45 |
srcdir = os.environ.get('TOP_SRCDIR', '.')
|
46 |
46 |
dataDir = '%s/tests/data' % srcdir
|
47 |
47 |
|
|
48 |
|
48 |
49 |
def server(local_name, remote_role, remote_name):
|
49 |
50 |
pwd = os.path.join(dataDir, local_name, 'password')
|
50 |
51 |
password = None
|
51 |
52 |
if os.path.exists(pwd):
|
52 |
53 |
password = open(pwd).read()
|
53 |
|
s = lasso.Server(os.path.join(dataDir, local_name, 'metadata.xml'),
|
54 |
|
os.path.join(dataDir, local_name, 'private-key.pem'),
|
55 |
|
password)
|
|
54 |
s = lasso.Server(
|
|
55 |
os.path.join(dataDir, local_name, 'metadata.xml'),
|
|
56 |
os.path.join(dataDir, local_name, 'private-key.pem'),
|
|
57 |
password)
|
56 |
58 |
s.addProvider(remote_role, os.path.join(dataDir, remote_name, 'metadata.xml'))
|
57 |
59 |
return s
|
58 |
60 |
|
|
61 |
|
59 |
62 |
class ServerTestCase(unittest.TestCase):
|
60 |
63 |
def test01(self):
|
61 |
64 |
"""Server construction, dump & newFromDump."""
|
... | ... | |
153 |
156 |
spLogin.request.requestAuthnContext = requestAuthnContext
|
154 |
157 |
spLogin.request.protocolProfile = lasso.LIB_PROTOCOL_PROFILE_BRWS_ART
|
155 |
158 |
spLogin.buildAuthnRequestMsg()
|
156 |
|
authnRequestUrl = spLogin.msgUrl
|
157 |
159 |
authnRequestQuery = spLogin.msgUrl[spLogin.msgUrl.index('?') + 1:]
|
158 |
160 |
idp = lasso.Server(
|
159 |
161 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
... | ... | |
170 |
172 |
self.assertTrue(idpLogin.request.requestAuthnContext)
|
171 |
173 |
authnContextClassRefsList = idpLogin.request.requestAuthnContext.authnContextClassRef
|
172 |
174 |
self.assertEqual(len(authnContextClassRefsList), 1)
|
173 |
|
self.assertEqual(authnContextClassRefsList[0],
|
174 |
|
lasso.LIB_AUTHN_CONTEXT_CLASS_REF_PASSWORD)
|
|
175 |
self.assertEqual(authnContextClassRefsList[0], lasso.LIB_AUTHN_CONTEXT_CLASS_REF_PASSWORD)
|
175 |
176 |
|
176 |
177 |
def test04(self):
|
177 |
178 |
"""Conversion of a lib:AuthnRequest with extensions into a query and back."""
|
... | ... | |
188 |
189 |
os.path.join(dataDir, 'idp1-la/certificate.pem'))
|
189 |
190 |
spLogin = lasso.Login(sp)
|
190 |
191 |
spLogin.initAuthnRequest()
|
191 |
|
requestAuthnContext = lasso.LibRequestAuthnContext()
|
192 |
192 |
extensionList = []
|
193 |
193 |
for extension in (
|
194 |
194 |
'<action>do</action>',
|
... | ... | |
199 |
199 |
spLogin.request.extension = tuple(extensionList)
|
200 |
200 |
spLogin.request.protocolProfile = lasso.LIB_PROTOCOL_PROFILE_BRWS_ART
|
201 |
201 |
spLogin.buildAuthnRequestMsg()
|
202 |
|
authnRequestUrl = spLogin.msgUrl
|
203 |
202 |
authnRequestQuery = spLogin.msgUrl[spLogin.msgUrl.index('?') + 1:]
|
204 |
203 |
idp = lasso.Server(
|
205 |
204 |
os.path.join(dataDir, 'idp1-la/metadata.xml'),
|
... | ... | |
251 |
250 |
assert sp_login2.msgBody
|
252 |
251 |
try:
|
253 |
252 |
idp_login.processResponseMsg(sp_login2.msgBody)
|
254 |
|
except:
|
|
253 |
except Exception:
|
255 |
254 |
raise
|
256 |
255 |
assert isinstance(idp_login.request, lasso.Samlp2AuthnRequest)
|
257 |
256 |
|
... | ... | |
262 |
261 |
|
263 |
262 |
sp_login = lasso.Login(sp_server)
|
264 |
263 |
sp_login.initAuthnRequest()
|
265 |
|
sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST;
|
|
264 |
sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST
|
266 |
265 |
sp_login.buildAuthnRequestMsg()
|
267 |
266 |
idp_login = lasso.Login(idp_server)
|
268 |
267 |
idp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
|
... | ... | |
300 |
299 |
os.path.join(dataDir, 'sp5-saml2/metadata.xml'))
|
301 |
300 |
idp_login = lasso.Login(idp)
|
302 |
301 |
idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
|
303 |
|
idp_login.protocolProfile = lasso.LOGIN_PROTOCOL_PROFILE_BRWS_POST;
|
|
302 |
idp_login.protocolProfile = lasso.LOGIN_PROTOCOL_PROFILE_BRWS_POST
|
304 |
303 |
idp_login.validateRequestMsg(True, True)
|
305 |
304 |
idp_login.buildAssertion("None", "None", "None", "None", "None")
|
306 |
305 |
idp_login.buildAuthnResponseMsg()
|
307 |
306 |
|
|
307 |
|
308 |
308 |
class LogoutTestCase(unittest.TestCase):
|
309 |
309 |
def test01(self):
|
310 |
310 |
"""SP logout without session and identity; testing initRequest."""
|
... | ... | |
392 |
392 |
|
393 |
393 |
def test05(self):
|
394 |
394 |
'''Test parsing of a logout request with more than one session index'''
|
395 |
|
content = '''<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxxx" Version="2.0" IssueInstant="2010-06-14T22:00:00">
|
|
395 |
content = '''<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" \
|
|
396 |
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxxx" Version="2.0" IssueInstant="2010-06-14T22:00:00">
|
396 |
397 |
<saml:Issuer>me</saml:Issuer>
|
397 |
398 |
<saml:NameID>coin</saml:NameID>
|
398 |
399 |
<samlp:SessionIndex>id1</samlp:SessionIndex>
|
... | ... | |
405 |
406 |
assert node.sessionIndex == 'id1'
|
406 |
407 |
assert node.sessionIndexes == ('id1', 'id2', 'id3')
|
407 |
408 |
|
|
409 |
|
408 |
410 |
class DefederationTestCase(unittest.TestCase):
|
409 |
411 |
def test01(self):
|
410 |
412 |
"""IDP initiated defederation; testing processNotificationMsg with non Liberty query."""
|
... | ... | |
444 |
446 |
def test01(self):
|
445 |
447 |
'''Attribute request and response test between sp5 and idp6'''
|
446 |
448 |
s = lasso.Server(
|
447 |
|
os.path.join(dataDir, 'sp5-saml2/metadata.xml'),
|
448 |
|
os.path.join(dataDir, 'sp5-saml2/private-key.pem'))
|
449 |
|
s.addProvider(lasso.PROVIDER_ROLE_ATTRIBUTE_AUTHORITY,
|
450 |
|
os.path.join(dataDir, 'idp6-saml2/metadata.xml'))
|
|
449 |
os.path.join(dataDir, 'sp5-saml2/metadata.xml'),
|
|
450 |
os.path.join(dataDir, 'sp5-saml2/private-key.pem'))
|
|
451 |
s.addProvider(lasso.PROVIDER_ROLE_ATTRIBUTE_AUTHORITY, os.path.join(dataDir, 'idp6-saml2/metadata.xml'))
|
451 |
452 |
|
452 |
453 |
s2 = lasso.Server(
|
453 |
|
os.path.join(dataDir, 'idp6-saml2/metadata.xml'),
|
454 |
|
os.path.join(dataDir, 'idp6-saml2/private-key.pem'))
|
455 |
|
s2.addProvider(lasso.PROVIDER_ROLE_SP,
|
456 |
|
os.path.join(dataDir, 'sp5-saml2/metadata.xml'))
|
|
454 |
os.path.join(dataDir, 'idp6-saml2/metadata.xml'),
|
|
455 |
os.path.join(dataDir, 'idp6-saml2/private-key.pem'))
|
|
456 |
s2.addProvider(lasso.PROVIDER_ROLE_SP, os.path.join(dataDir, 'sp5-saml2/metadata.xml'))
|
457 |
457 |
|
458 |
458 |
aq = lasso.AssertionQuery(s)
|
459 |
459 |
rpid = list(s.providers.keys())[0]
|
460 |
|
aq.initRequest(rpid,
|
461 |
|
lasso.HTTP_METHOD_SOAP,
|
462 |
|
lasso.ASSERTION_QUERY_REQUEST_TYPE_ATTRIBUTE)
|
|
460 |
aq.initRequest(rpid, lasso.HTTP_METHOD_SOAP, lasso.ASSERTION_QUERY_REQUEST_TYPE_ATTRIBUTE)
|
463 |
461 |
assert aq.request
|
464 |
462 |
assert aq.remoteProviderId == rpid
|
465 |
463 |
nid = lasso.Saml2NameID.newWithPersistentFormat(
|
466 |
|
lasso.buildUniqueId(32),
|
467 |
|
s.providerId, s2.providerId)
|
|
464 |
lasso.buildUniqueId(32),
|
|
465 |
s.providerId, s2.providerId)
|
468 |
466 |
aq.nameIdentifier = nid
|
469 |
|
aq.addAttributeRequest(
|
470 |
|
lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC,
|
471 |
|
'testAttribute')
|
|
467 |
aq.addAttributeRequest(lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC, 'testAttribute')
|
472 |
468 |
aq.buildRequestMsg()
|
473 |
469 |
assert aq.msgUrl
|
474 |
470 |
assert aq.msgBody
|
... | ... | |
483 |
479 |
for attribute in aq2.request.attribute:
|
484 |
480 |
content = lasso.MiscTextNode.newWithString("xxx")
|
485 |
481 |
content.textChild = True
|
486 |
|
assertion.addAttributeWithNode(attribute.name, attribute.nameFormat,
|
487 |
|
content)
|
488 |
|
assertion.addAttributeWithNode(attribute.name, attribute.nameFormat,
|
489 |
|
content)
|
|
482 |
assertion.addAttributeWithNode(attribute.name, attribute.nameFormat, content)
|
|
483 |
assertion.addAttributeWithNode(attribute.name, attribute.nameFormat, content)
|
490 |
484 |
assertion.subject = aq.request.subject
|
491 |
485 |
s2.saml2AssertionSetupSignature(assertion)
|
492 |
486 |
aq2.buildResponseMsg()
|
... | ... | |
508 |
502 |
identitySuite, attributeSuite))
|
509 |
503 |
|
510 |
504 |
if __name__ == '__main__':
|
511 |
|
sys.exit(not unittest.TextTestRunner(verbosity = 2).run(allTests).wasSuccessful())
|
|
505 |
sys.exit(not unittest.TextTestRunner(verbosity=2).run(allTests).wasSuccessful())
|
512 |
506 |
|
513 |
|
-
|