def test_keydescriptor_no_signing(self, mocked): FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') validator = SpidMetadataValidator() metadata = create_sp_metadata( entity_id='http://test.sp', authn_request_signed='true', assertion_consumer_services=[Acs(location='http://test.sp/acs')], attribute_consuming_services=[ Atcs( service_name='test_1', attributes=['spidCode'] ) ], single_logout_services=[ Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo') ], keys=[Key('encryption', 'somevalue123')] ).to_xml() with pytest.raises(SPIDValidationError) as excinfo: validator.validate(metadata) exc = excinfo.value self.assertEqual( 'EntityDescriptor/SPSSODescriptor/KeyDescriptor', exc.details[0].path ) self.assertEqual('Deve essere presente almeno una chiave con attributo use uguale a "signing"', exc.details[0].message)
def test_bad_attributes(self, mocked): FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') validator = SpidMetadataValidator() metadata = create_sp_metadata( entity_id='http://test.sp', authn_request_signed='true', assertion_consumer_services=[Acs(location='http://test.sp/acs')], attribute_consuming_services=[ Atcs( service_name='test_1', attributes=['badAttr'] ) ], single_logout_services=[ Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo') ], keys=[Key('signing', 'somevalue123')], check_attributes=False ).to_xml() with pytest.raises(SPIDValidationError) as excinfo: validator.validate(metadata) exc = excinfo.value self.assertEqual( 'EntityDescriptor/SPSSODescriptor/AttributeConsumingService/0/RequestedAttribute/0 - attribute: Name', exc.details[0].path ) self.assertEqual('Il valore dell\'elemento non corrisponde a nessuno dei valori attesi ({}):'.format( ', '.join(settings.SPID_ATTRIBUTES_NAMES)), exc.details[0].message)
def metadata(self): cert_file = self._config.idp_certificate_file_path with open(cert_file, 'r') as fp: cert = fp.readlines()[1:-1] cert = ''.join(cert) sso_list = [] slo_list = [] sso_list.append( Sso(binding=BINDING_HTTP_POST, location=self._config.absolute_sso_url)) sso_list.append( Sso(binding=BINDING_HTTP_REDIRECT, location=self._config.absolute_sso_url)) slo_list.append( Slo(binding=BINDING_HTTP_POST, location=self._config.absolute_slo_url)) slo_list.append( Slo(binding=BINDING_HTTP_REDIRECT, location=self._config.absolute_slo_url)) metadata = create_idp_metadata( entity_id=self._config.entity_id, want_authn_requests_signed='true', keys=[Key(use='signing', value=cert)], single_sign_on_services=sso_list, single_logout_services=slo_list).to_xml() return Response(metadata, mimetype='text/xml')
def test_valid_metadata(self, mocked): FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') validator = SpidMetadataValidator() metadata = create_sp_metadata( entity_id='http://test.sp', authn_request_signed='true', assertion_consumer_services=[Acs(location='http://test.sp/acs')], attribute_consuming_services=[ Atcs(service_name='test_1', attributes=['spidCode']) ], single_logout_services=[ Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo') ], keys=[Key('signing', 'somevalue123')]).to_xml() validator.validate(metadata)
def metadata(self): cert_file = self.server.config.cert_file with open(cert_file, 'r') as fp: cert = fp.readlines()[1:-1] cert = ''.join(cert) endpoints = getattr(self.server.config, '_idp_endpoints') sso = endpoints.get('single_sign_on_service') slo = endpoints.get('single_logout_service') sso = [Sso(*_sso) for _sso in sso] slo = [Slo(*_slo) for _slo in slo] metadata = create_idp_metadata( entity_id=self.server.config.entityid, want_authn_requests_signed='true', keys=[Key(use='signing', value=cert)], single_sign_on_services=sso, single_logout_services=slo ).to_xml() return Response(metadata, mimetype='text/xml')
def test_missing_slo(self, mocked): FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/') validator = SpidMetadataValidator() metadata = create_sp_metadata( entity_id='http://test.sp', authn_request_signed='true', assertion_consumer_services=[Acs(location='http://test.sp/acs')], attribute_consuming_services=[ Atcs(service_name='test_1', attributes=['spidCode']) ], single_logout_services=[], keys=[Key('signing', 'somevalue123')]).to_xml() with pytest.raises(SPIDValidationError) as excinfo: validator.validate(metadata) exc = excinfo.value self.assertEqual( 'EntityDescriptor/SPSSODescriptor/SingleLogoutService', exc.details[0].path) self.assertEqual('required key not provided', exc.details[0].message)
def test_idp_metadata(self): ssos = [Sso(binding=BINDING_HTTP_POST, location='http://sso.sso')] slos = [Slo(binding=BINDING_HTTP_REDIRECT, location='http://slo.slo')] metadata = create_idp_metadata( entity_id='test_id123', want_authn_requests_signed='true', keys=[Key(use='signing', value='CERTCERTCERT')], single_sign_on_services=ssos, single_logout_services=slos) x509_cert = metadata._element.findall('.//{%s}X509Certificate' % DS) self.assertEqual(len(x509_cert), 1) self.assertEqual(x509_cert[0].text, 'CERTCERTCERT') ssos = metadata._element.findall('.//{%s}SingleSignOnService' % MD) self.assertEqual(ssos[0].attrib['Binding'], BINDING_HTTP_POST) self.assertEqual(ssos[0].attrib['Location'], 'http://sso.sso') self.assertEqual(len(ssos), 1) slos = metadata._element.findall('.//{%s}SingleLogoutService' % MD) self.assertEqual(len(slos), 1) self.assertEqual(slos[0].attrib['Binding'], BINDING_HTTP_REDIRECT) self.assertEqual(slos[0].attrib['Location'], 'http://slo.slo')