def test_filter_values_req_opt_2(): r = [ to_dict( Attribute( friendly_name="surName", name="urn:oid:2.5.4.4", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), ONTS), to_dict( Attribute( friendly_name="givenName", name="urn:oid:2.5.4.42", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), ONTS), to_dict( Attribute( friendly_name="mail", name="urn:oid:0.9.2342.19200300.100.1.3", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), ONTS)] o = [ to_dict( Attribute( friendly_name="title", name="urn:oid:2.5.4.12", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), ONTS)] ava = {"surname": ["Hedberg"], "givenName": ["Roland"], "eduPersonAffiliation": ["staff"], "uid": ["rohe0002"]} raises(MissingValue, "filter_on_attributes(ava, r, o, acs=ac_factory())")
def test_req_opt(): req = [ to_dict( md.RequestedAttribute( friendly_name="surname", name="urn:oid:2.5.4.4", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", is_required="true"), ONTS), to_dict( md.RequestedAttribute( friendly_name="givenname", name="urn:oid:2.5.4.42", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", is_required="true"), ONTS), to_dict( md.RequestedAttribute( friendly_name="edupersonaffiliation", name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", is_required="true"), ONTS)] opt = [ to_dict( md.RequestedAttribute( friendly_name="title", name="urn:oid:2.5.4.12", name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", is_required="false"), ONTS)] policy = Policy() ava = {'givenname': 'Roland', 'sn': 'Hedberg', 'uid': 'rohe0002', 'edupersonaffiliation': 'staff'} sp_entity_id = "urn:mace:example.com:saml:curt:sp" fava = policy.filter(ava, sp_entity_id, None, req, opt) assert fava
def test_filter_values_req_2(): a1 = to_dict(Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI, friendly_name="serialNumber"), ONTS) a2 = to_dict(Attribute(name="urn:oid:2.5.4.4", name_format=NAME_FORMAT_URI, friendly_name="surName"), ONTS) required = [a1, a2] ava = {"serialNumber": ["12345"], "givenName": ["Lars"]} raises(MissingValue, filter_on_attributes, ava, required, acs=ac_factory())
def test_filter_values_req_opt_0(): r = to_dict( Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI, friendly_name="serialNumber", attribute_value=[AttributeValue(text="54321")]), ONTS) o = to_dict( Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI, friendly_name="serialNumber", attribute_value=[AttributeValue(text="12345")]), ONTS) ava = {"serialNumber": ["12345", "54321"]} ava = filter_on_attributes(ava, [r], [o], acs=ac_factory()) assert list(ava.keys()) == ["serialNumber"] assert _eq(ava["serialNumber"], ["12345", "54321"])
def test_filter_on_attributes_with_missing_optional_attribute(): ava = {"extra": "foo"} eptid = to_dict(Attribute( friendly_name="eduPersonTargetedID", name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10", name_format=NAME_FORMAT_URI), ONTS) assert filter_on_attributes(ava, optional=[eptid], acs=ac_factory()) == {}
def test_filter_on_attributes_without_friendly_name(): ava = {"eduPersonTargetedID": "*****@*****.**", "eduPersonAffiliation": "test", "extra": "foo"} eptid = to_dict( Attribute(name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10", name_format=NAME_FORMAT_URI), ONTS) ep_affiliation = to_dict( Attribute(name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1", name_format=NAME_FORMAT_URI), ONTS) restricted_ava = filter_on_attributes(ava, required=[eptid], optional=[ep_affiliation], acs=ac_factory()) assert restricted_ava == {"eduPersonTargetedID": "*****@*****.**", "eduPersonAffiliation": "test"}
def test_filter_on_attributes_with_missing_required_attribute(): ava = {"extra": "foo"} eptid = to_dict(Attribute( friendly_name="eduPersonTargetedID", name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10", name_format=NAME_FORMAT_URI), ONTS) with pytest.raises(MissingValue): filter_on_attributes(ava, required=[eptid], acs=ac_factory())
def test_filter_on_attributes_with_missing_name_format(): ava = {"eduPersonTargetedID": "*****@*****.**", "eduPersonAffiliation": "test", "extra": "foo"} eptid = to_dict(Attribute(friendly_name="eduPersonTargetedID", name="urn:myown:eptid", name_format=''), ONTS) ava = filter_on_attributes(ava, optional=[eptid], acs=ac_factory()) assert ava['eduPersonTargetedID'] == "*****@*****.**"
def test_filter_on_attributes_1(): a = to_dict(Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI, friendly_name="serialNumber"), ONTS) required = [a] ava = {"serialNumber": ["12345"], "givenName": ["Lars"]} ava = filter_on_attributes(ava, required, acs=ac_factory()) assert list(ava.keys()) == ["serialNumber"] assert ava["serialNumber"] == ["12345"]
def test_filter_on_attributes_2(): a = to_dict(Attribute(friendly_name="surName",name="urn:oid:2.5.4.4", name_format=NAME_FORMAT_URI), ONTS) required = [a] ava = {"sn":["kakavas"]} ava = filter_on_attributes(ava,required,acs=ac_factory()) assert list(ava.keys()) == ['sn'] assert ava["sn"] == ["kakavas"]
def test_filter_values_req_4(): a = to_dict( Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI, friendly_name="serialNumber", attribute_value=[AttributeValue(text="54321")]), ONTS) required = [a] ava = {"serialNumber": ["12345"]} raises(MissingValue, filter_on_attributes, ava, required, acs=ac_factory())
def test_filter_values_req_6(): a = to_dict( Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI, friendly_name="serialNumber", attribute_value=[AttributeValue(text="54321")]), ONTS) required = [a] ava = {"serialNumber": ["12345", "54321"]} ava = filter_on_attributes(ava, required, acs=ac_factory()) assert list(ava.keys()) == ["serialNumber"] assert ava["serialNumber"] == ["54321"]
def store_assertion(self, assertion, to_sign): name_id = assertion.subject.name_id nkey = sha1(code_binary(name_id)).hexdigest() doc = { "name_id_key": nkey, "assertion_id": assertion.id, "assertion": to_dict(assertion, MMODS, True), "to_sign": to_sign } _ = self.assertion.insert(doc)
def do_entity_descriptor(self, entity_descr): if self.check_validity: try: if not valid(entity_descr.valid_until): logger.error("Entity descriptor (entity id:%s) to old", entity_descr.entity_id) self.to_old.append(entity_descr.entity_id) return except AttributeError: pass # have I seen this entity_id before ? If so if log: ignore it if entity_descr.entity_id in self.entity: print("Duplicated Entity descriptor (entity id: '%s')" % entity_descr.entity_id, file=sys.stderr) return _ent = to_dict(entity_descr, metadata_modules()) flag = 0 # verify support for SAML2 for descr in [ "spsso", "idpsso", "role", "authn_authority", "attribute_authority", "pdp", "affiliation" ]: _res = [] try: _items = _ent["%s_descriptor" % descr] except KeyError: continue if descr == "affiliation": # Not protocol specific flag += 1 continue for item in _items: for prot in item["protocol_support_enumeration"].split(" "): if prot == samlp.NAMESPACE: item["protocol_support_enumeration"] = prot _res.append(item) break if not _res: del _ent["%s_descriptor" % descr] else: flag += 1 if self.filter: _ent = self.filter(_ent) if not _ent: flag = 0 if flag: self.entity[entity_descr.entity_id] = _ent
def do_entity_descriptor(self, entity_descr): if self.check_validity: try: if not valid(entity_descr.valid_until): logger.error("Entity descriptor (entity id:%s) to old", entity_descr.entity_id) self.to_old.append(entity_descr.entity_id) return except AttributeError: pass # have I seen this entity_id before ? If so if log: ignore it if entity_descr.entity_id in self.entity: print("Duplicated Entity descriptor (entity id: '%s')" % entity_descr.entity_id, file=sys.stderr) return _ent = to_dict(entity_descr, metadata_modules()) flag = 0 # verify support for SAML2 for descr in ["spsso", "idpsso", "role", "authn_authority", "attribute_authority", "pdp", "affiliation"]: _res = [] try: _items = _ent["%s_descriptor" % descr] except KeyError: continue if descr == "affiliation": # Not protocol specific flag += 1 continue for item in _items: for prot in item["protocol_support_enumeration"].split(" "): if prot == samlp.NAMESPACE: item["protocol_support_enumeration"] = prot _res.append(item) break if not _res: del _ent["%s_descriptor" % descr] else: flag += 1 if self.filter: _ent = self.filter(_ent) if not _ent: flag = 0 if flag: self.entity[entity_descr.entity_id] = _ent
def remove_remote(self, name_id): cnid = to_dict(name_id, MMODS, True) self.mdb.remove(name_id=cnid)
def find_local_id(self, name_id): cnid = to_dict(name_id, MMODS, True) for item in self.mdb.get(name_id=cnid): return item[self.mdb.primary_key] return None
def store(self, ident, name_id): self.mdb.store(ident, name_id=to_dict(name_id, MMODS, True))
from saml2_tophat.extension import ui from saml2_tophat import saml from saml2_tophat import xmldsig from saml2_tophat import xmlenc from pathutils import full_path ONTS = [saml, mdui, mdattr, dri, ui, idpdisc, md, xmldsig, xmlenc] def _eq(l1, l2): return set(l1) == set(l2) gn = to_dict(md.RequestedAttribute(name="urn:oid:2.5.4.42", friendly_name="givenName", name_format=NAME_FORMAT_URI), ONTS) sn = to_dict(md.RequestedAttribute(name="urn:oid:2.5.4.4", friendly_name="surName", name_format=NAME_FORMAT_URI), ONTS) mail = to_dict(md.RequestedAttribute(name="urn:oid:0.9.2342.19200300.100.1.3", friendly_name="mail", name_format=NAME_FORMAT_URI), ONTS) # --------------------------------------------------------------------------- def test_filter_on_attributes_0():