def testAccessors(self): """Test for LogoutRequest accessors""" self.lr.id = "request id" self.lr.version = saml2.VERSION self.lr.issue_instant = "2007-09-14T01:05:02Z" self.lr.destination = "http://www.example.com/Destination" self.lr.consent = saml.CONSENT_UNSPECIFIED self.lr.issuer = saml.Issuer() self.lr.signature = ds.Signature() self.lr.extensions = samlp.Extensions() self.lr.not_on_or_after = "2007-10-14T01:05:02Z" self.lr.reason = "http://www.example.com/Reason" self.lr.base_id = saml.BaseID() self.lr.name_id = saml.NameID() self.lr.encrypted_id = saml.EncryptedID() self.lr.session_index = samlp.SessionIndex() new_lr = samlp.logout_request_from_string(self.lr.to_string()) assert new_lr.id == "request id" assert new_lr.version == saml2.VERSION assert new_lr.issue_instant == "2007-09-14T01:05:02Z" assert new_lr.destination == "http://www.example.com/Destination" assert new_lr.consent == saml.CONSENT_UNSPECIFIED assert isinstance(new_lr.issuer, saml.Issuer) assert isinstance(new_lr.signature, ds.Signature) assert isinstance(new_lr.extensions, samlp.Extensions) assert new_lr.not_on_or_after == "2007-10-14T01:05:02Z" assert new_lr.reason == "http://www.example.com/Reason" assert isinstance(new_lr.base_id, saml.BaseID) assert isinstance(new_lr.name_id, saml.NameID) assert isinstance(new_lr.encrypted_id, saml.EncryptedID) assert isinstance(new_lr.session_index[0], samlp.SessionIndex)
def testAccessors(self): """Test for Response accessors""" self.response.id = "response id" self.response.in_response_to = "request id" self.response.version = saml2.VERSION self.response.issue_instant = "2007-09-14T01:05:02Z" self.response.destination = "http://www.example.com/Destination" self.response.consent = saml.CONSENT_UNSPECIFIED self.response.issuer = saml.Issuer() self.response.signature = ds.Signature() self.response.extensions = samlp.Extensions() self.response.status = samlp.Status() self.response.assertion.append(saml.Assertion()) self.response.encrypted_assertion.append(saml.EncryptedAssertion()) new_response = samlp.response_from_string(self.response.to_string()) assert new_response.id == "response id" assert new_response.in_response_to == "request id" assert new_response.version == saml2.VERSION assert new_response.issue_instant == "2007-09-14T01:05:02Z" assert new_response.destination == "http://www.example.com/Destination" assert new_response.consent == saml.CONSENT_UNSPECIFIED assert isinstance(new_response.issuer, saml.Issuer) assert isinstance(new_response.signature, ds.Signature) assert isinstance(new_response.extensions, samlp.Extensions) assert isinstance(new_response.status, samlp.Status) assert isinstance(new_response.assertion[0], saml.Assertion) assert isinstance(new_response.encrypted_assertion[0], saml.EncryptedAssertion)
def testAccessors(self): """Test for AuthnRequest accessors""" self.ar.id = "request id" self.ar.version = saml2.VERSION self.ar.issue_instant = "2007-09-14T01:05:02Z" self.ar.destination = "http://www.example.com/Destination" self.ar.consent = saml.CONSENT_UNSPECIFIED self.ar.issuer = saml.Issuer() self.ar.signature = ds.Signature() self.ar.extensions = samlp.Extensions() self.ar.subject = saml.Subject() self.ar.name_id_policy = samlp.NameIDPolicy() self.ar.conditions = saml.Conditions() self.ar.requested_authn_context = samlp.RequestedAuthnContext() self.ar.scoping = samlp.Scoping() self.ar.force_authn = 'true' self.ar.is_passive = 'true' self.ar.assertion_consumer_service_index = "1" self.ar.assertion_consumer_service_url = "http://www.example.com/acs" self.ar.protocol_binding = saml2.BINDING_HTTP_POST self.ar.attribute_consuming_service_index = "2" self.ar.provider_name = "provider name" new_ar = samlp.authn_request_from_string(self.ar.to_string()) assert new_ar.id == "request id" assert new_ar.version == saml2.VERSION assert new_ar.issue_instant == "2007-09-14T01:05:02Z" assert new_ar.destination == "http://www.example.com/Destination" assert new_ar.consent == saml.CONSENT_UNSPECIFIED assert isinstance(new_ar.issuer, saml.Issuer) assert isinstance(new_ar.signature, ds.Signature) assert isinstance(new_ar.extensions, samlp.Extensions) assert isinstance(new_ar.subject, saml.Subject) assert isinstance(new_ar.name_id_policy, samlp.NameIDPolicy) assert isinstance(new_ar.conditions, saml.Conditions) assert isinstance(new_ar.requested_authn_context, samlp.RequestedAuthnContext) assert isinstance(new_ar.scoping, samlp.Scoping) assert new_ar.force_authn == 'true' assert new_ar.is_passive == 'true' assert new_ar.assertion_consumer_service_index == '1' assert new_ar.assertion_consumer_service_url == \ 'http://www.example.com/acs' assert new_ar.protocol_binding == saml2.BINDING_HTTP_POST assert new_ar.attribute_consuming_service_index == '2' assert new_ar.provider_name == "provider name"
def pre_signature_part(ident, public_key=None, identifier=None): """ If an assertion is to be signed the signature part has to be preset with which algorithms to be used, this function returns such a preset part. :param ident: The identifier of the assertion, so you know which assertion was signed :param public_key: The base64 part of a PEM file :return: A preset signature part """ signature_method = ds.SignatureMethod(algorithm=ds.SIG_RSA_SHA1) canonicalization_method = ds.CanonicalizationMethod( algorithm=ds.ALG_EXC_C14N) trans0 = ds.Transform(algorithm=ds.TRANSFORM_ENVELOPED) trans1 = ds.Transform(algorithm=ds.ALG_EXC_C14N) transforms = ds.Transforms(transform=[trans0, trans1]) digest_method = ds.DigestMethod(algorithm=ds.DIGEST_SHA1) reference = ds.Reference(uri="#%s" % ident, digest_value=ds.DigestValue(), transforms=transforms, digest_method=digest_method) signed_info = ds.SignedInfo( signature_method=signature_method, canonicalization_method=canonicalization_method, reference=reference) signature = ds.Signature(signed_info=signed_info, signature_value=ds.SignatureValue()) if identifier: signature.id = "Signature%d" % identifier if public_key: x509_data = ds.X509Data(x509_certificate=[ ds.X509DataType_X509Certificate(text=public_key) ]) key_info = ds.KeyInfo(x509_data=x509_data) signature.key_info = key_info return signature
def testAccessors(self): """Test for LogoutResponse accessors""" self.lr.id = "response id" self.lr.in_response_to = "request id" self.lr.version = saml2.VERSION self.lr.issue_instant = "2007-09-14T01:05:02Z" self.lr.destination = "http://www.example.com/Destination" self.lr.consent = saml.CONSENT_UNSPECIFIED self.lr.issuer = saml.Issuer() self.lr.signature = ds.Signature() self.lr.extensions = samlp.Extensions() self.lr.status = samlp.Status() new_lr = samlp.logout_response_from_string(self.lr.to_string()) assert new_lr.id == "response id" assert new_lr.in_response_to == "request id" assert new_lr.version == saml2.VERSION assert new_lr.issue_instant == "2007-09-14T01:05:02Z" assert new_lr.destination == "http://www.example.com/Destination" assert new_lr.consent == saml.CONSENT_UNSPECIFIED assert isinstance(new_lr.issuer, saml.Issuer) assert isinstance(new_lr.signature, ds.Signature) assert isinstance(new_lr.extensions, samlp.Extensions) assert isinstance(new_lr.status, samlp.Status)
def setup_class(self): self.signature = ds.Signature()
def _create_signature(self): """Create an object that represents a SAML <Signature>. This must be filled with algorithms that the signing binary will apply in order to sign the whole message. Currently we enforce X509 signing. Example of the template:: <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#<Assertion ID>"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue /> </Reference> </SignedInfo> <SignatureValue /> <KeyInfo> <X509Data /> </KeyInfo> </Signature> :return: XML <Signature> object """ canonicalization_method = xmldsig.CanonicalizationMethod() canonicalization_method.algorithm = xmldsig.ALG_EXC_C14N signature_method = xmldsig.SignatureMethod( algorithm=xmldsig.SIG_RSA_SHA1) transforms = xmldsig.Transforms() envelope_transform = xmldsig.Transform( algorithm=xmldsig.TRANSFORM_ENVELOPED) c14_transform = xmldsig.Transform(algorithm=xmldsig.ALG_EXC_C14N) transforms.transform = [envelope_transform, c14_transform] digest_method = xmldsig.DigestMethod(algorithm=xmldsig.DIGEST_SHA1) digest_value = xmldsig.DigestValue() reference = xmldsig.Reference() reference.uri = '#' + self.assertion_id reference.digest_method = digest_method reference.digest_value = digest_value reference.transforms = transforms signed_info = xmldsig.SignedInfo() signed_info.canonicalization_method = canonicalization_method signed_info.signature_method = signature_method signed_info.reference = reference key_info = xmldsig.KeyInfo() key_info.x509_data = xmldsig.X509Data() signature = xmldsig.Signature() signature.signed_info = signed_info signature.signature_value = xmldsig.SignatureValue() signature.key_info = key_info return signature