def test07ClockSkewCorrectedAssertionIssueInstantInvalid(self):
utcNow = datetime.utcnow()
respDict = {
'issueInstant': SAMLDateTime.toString(utcNow),
'assertionIssueInstant': SAMLDateTime.toString(utcNow + timedelta(
seconds=1)),
'notBefore': SAMLDateTime.toString(utcNow),
'notOnOrAfter': SAMLDateTime.toString(utcNow + timedelta(
seconds=60*60*8))
}
responseStr = self.__class__.RESPONSE % respDict
response = self._parseResponse(responseStr)
binding = SubjectQuerySOAPBinding()
# Set a skew to correct the error
binding.clockSkewTolerance = 1
try:
binding._verifyTimeConditions(response)
except AssertionIssueInstantInvalid, e:
self.fail("issue instant timestamp error should be corrected for")
def test08ClockSkewCorrectedAssertionConditionExpired(self):
# Issued 9 hours ago
issueInstant = datetime.utcnow() - timedelta(seconds=60*60*9)
respDict = {
'issueInstant': SAMLDateTime.toString(issueInstant),
'assertionIssueInstant': SAMLDateTime.toString(issueInstant),
'notBefore': SAMLDateTime.toString(issueInstant),
# Assertion lasts 8 hours so it has expired by one hour
'notOnOrAfter': SAMLDateTime.toString(issueInstant + timedelta(
seconds=60*60*8))
}
responseStr = self.__class__.RESPONSE % respDict
response = self._parseResponse(responseStr)
binding = SubjectQuerySOAPBinding()
# Set a skew of over one hour to correct for the assertion expiry
binding.clockSkewTolerance = 60*60 + 3
try:
binding._verifyTimeConditions(response)
except AssertionConditionNotOnOrAfterInvalid:
self.fail("Not on or after timestamp error should be corrected for")
