Python dump_metadata_pem Exemples

Exemple #1

Fichier : metadata_strict.py Projet : walter-arrighetti/spid-saml-check

    def test_KeyDescriptor(self):
        '''Test the compliance of KeyDescriptor element(s)'''

        kds = self.doc.xpath('//EntityDescriptor/SPSSODescriptor'
                             '/KeyDescriptor[@use="signing"]')
        self._assertGreaterEqual(len(kds), 1,
                                 'At least one signing KeyDescriptor '
                                 'must be present')

        for kd in kds:
            certs = kd.xpath('./KeyInfo/X509Data/X509Certificate')
            self._assertGreaterEqual(len(certs), 1,
                                     'At least one signing x509 '
                                     'must be present')

            # save the grubbed certificate for future alanysis
            for cert in certs:
                dump_pem.dump_metadata_pem(cert, 'sp', 'signing', DATA_DIR)

        kds = self.doc.xpath('//EntityDescriptor/SPSSODescriptor'
                             '/KeyDescriptor[@use="encryption"]')

        for kd in kds:
            certs = kd.xpath('./KeyInfo/X509Data/X509Certificate')
            self._assertGreaterEqual(len(certs), 1,
                                     'At least one encryption x509 '
                                     'must be present')

            # save the grubbed certificate for future alanysis
            for cert in certs:
                dump_pem.dump_metadata_pem(cert, 'sp', 'encryption', DATA_DIR)

Exemple #2

    def test_Signature(self):
        '''Test the compliance of Signature element'''

        sign = self.doc.xpath('//EntityDescriptor/Signature')
        self._assertTrue((len(sign) == 1),
                         'The Signature element must be present - TR pag. 19')

        method = sign[0].xpath('./SignedInfo/SignatureMethod')
        self._assertTrue(
            (len(method) == 1),
            'The SignatureMethod element must be present - TR pag. 19')

        self._assertTrue(('Algorithm' in method[0].attrib),
                         'The Algorithm attribute must be present '
                         'in SignatureMethod element - TR pag. 19')

        alg = method[0].get('Algorithm')
        self._assertIn(
            alg, constants.ALLOWED_XMLDSIG_ALGS,
            (('The signature algorithm must be one of [%s] - TR pag. 19') %
             (', '.join(constants.ALLOWED_XMLDSIG_ALGS))))

        method = sign[0].xpath('./SignedInfo/Reference/DigestMethod')
        self._assertTrue(
            (len(method) == 1),
            'The DigestMethod element must be present - TR pag. 19')

        self._assertTrue(('Algorithm' in method[0].attrib),
                         'The Algorithm attribute must be present '
                         'in DigestMethod element - TR pag. 19')

        alg = method[0].get('Algorithm')
        self._assertIn(
            alg, constants.ALLOWED_DGST_ALGS,
            (('The digest algorithm must be one of [%s] - TR pag. 19') %
             (', '.join(constants.ALLOWED_DGST_ALGS))))

        # save the grubbed certificate for future alanysis
        cert = sign[0].xpath('./KeyInfo/X509Data/X509Certificate')[0]
        dump_pem.dump_metadata_pem(cert, 'sp', 'signature', DATA_DIR)