def test07ClockSkewCorrectedAssertionIssueInstantInvalid(self): utcNow = datetime.utcnow() respDict = { 'issueInstant': SAMLDateTime.toString(utcNow), 'assertionIssueInstant': SAMLDateTime.toString(utcNow + timedelta( seconds=1)), 'notBefore': SAMLDateTime.toString(utcNow), 'notOnOrAfter': SAMLDateTime.toString(utcNow + timedelta( seconds=60*60*8)) } responseStr = self.__class__.RESPONSE % respDict response = self._parseResponse(responseStr) binding = SubjectQuerySOAPBinding() # Set a skew to correct the error binding.clockSkewTolerance = 1 try: binding._verifyTimeConditions(response) except AssertionIssueInstantInvalid, e: self.fail("issue instant timestamp error should be corrected for")
def test08ClockSkewCorrectedAssertionConditionExpired(self): # Issued 9 hours ago issueInstant = datetime.utcnow() - timedelta(seconds=60*60*9) respDict = { 'issueInstant': SAMLDateTime.toString(issueInstant), 'assertionIssueInstant': SAMLDateTime.toString(issueInstant), 'notBefore': SAMLDateTime.toString(issueInstant), # Assertion lasts 8 hours so it has expired by one hour 'notOnOrAfter': SAMLDateTime.toString(issueInstant + timedelta( seconds=60*60*8)) } responseStr = self.__class__.RESPONSE % respDict response = self._parseResponse(responseStr) binding = SubjectQuerySOAPBinding() # Set a skew of over one hour to correct for the assertion expiry binding.clockSkewTolerance = 60*60 + 3 try: binding._verifyTimeConditions(response) except AssertionConditionNotOnOrAfterInvalid: self.fail("Not on or after timestamp error should be corrected for")