Exemple #1
0
    def get_subject(self, keys=None):
        """ The assertion must contain a Subject
        """

        if not self.assertion:
            raise ValueError("Missing assertion")

        if not self.assertion.subject:
            raise ValueError(
                "Invalid assertion subject: {subject}".format(
                    subject=self.assertion.subject
                )
            )
        subject = self.assertion.subject
        subjconf = []

        if not self.verify_attesting_entity(subject.subject_confirmation):
            raise VerificationError("No valid attesting address")

        for subject_confirmation in subject.subject_confirmation:
            _data = subject_confirmation.subject_confirmation_data

            if subject_confirmation.method == SCM_BEARER:
                if not self._bearer_confirmed(_data):
                    continue
            elif subject_confirmation.method == SCM_HOLDER_OF_KEY:
                if not self._holder_of_key_confirmed(_data):
                    continue
            elif subject_confirmation.method == SCM_SENDER_VOUCHES:
                pass
            else:
                raise ValueError("Unknown subject confirmation method: %s" % (
                    subject_confirmation.method,))

            _recip = _data.recipient
            if not _recip or not self.verify_recipient(_recip):
                raise VerificationError("No valid recipient")

            subjconf.append(subject_confirmation)

        if not subjconf:
            raise VerificationError("No valid subject confirmation")

        subject.subject_confirmation = subjconf

        # The subject may contain a name_id

        if subject.name_id:
            self.name_id = subject.name_id
        elif subject.encrypted_id:
            # decrypt encrypted ID
            _name_id_str = self.sec.decrypt_keys(
                subject.encrypted_id.encrypted_data.to_string(), keys=keys
            )
            _name_id = saml.name_id_from_string(_name_id_str)
            self.name_id = _name_id

        logger.info("Subject NameID: %s", self.name_id)
        return self.name_id
Exemple #2
0
 def testExtensionAttributes(self):
     """Test extension attributes"""
     self.name_id.extension_attributes["hoge"] = "fuga"
     self.name_id.extension_attributes["moge"] = "muga"
     assert self.name_id.extension_attributes["hoge"] == "fuga"
     assert self.name_id.extension_attributes["moge"] == "muga"
     new_name_id = saml.name_id_from_string(self.name_id.to_string())
     assert new_name_id.extension_attributes["hoge"] == "fuga"
     assert new_name_id.extension_attributes["moge"] == "muga"
Exemple #3
0
 def testAccessors(self):
     """Test for Subject accessors"""
     self.subject.name_id = saml.name_id_from_string(saml2_data.TEST_NAME_ID)
     self.subject.subject_confirmation.append(
         saml.subject_confirmation_from_string(saml2_data.TEST_SUBJECT_CONFIRMATION)
     )
     new_subject = saml.subject_from_string(self.subject.to_string())
     assert new_subject.name_id.sp_provided_id == "sp provided id"
     assert new_subject.name_id.text.strip() == "*****@*****.**"
     assert new_subject.name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
     assert isinstance(new_subject.subject_confirmation[0], saml.SubjectConfirmation)
Exemple #4
0
    def testFormatAttribute(self):
        """Test for Format attribute accessors"""
        self.name_id.format = saml.NAMEID_FORMAT_EMAILADDRESS
        assert self.name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
        assert len(self.name_id.extension_elements) == 0
        new_name_id = saml.name_id_from_string(self.name_id.to_string())
        assert len(new_name_id.extension_elements) == 0

        self.name_id.extension_elements.append(saml2.ExtensionElement("foo", text="bar"))
        assert len(self.name_id.extension_elements) == 1
        assert self.name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
Exemple #5
0
 def testNameIDToAndFromStringMatch(self):
     """Test name_id_from_string() with data"""
     self.name_id.format = saml.NAMEID_FORMAT_EMAILADDRESS
     self.name_id.text = "*****@*****.**"
     self.name_id.name_qualifier = "name_qualifier"
     self.name_id.sp_name_qualifier = "sp_name_qualifier"
     string_from_name_id = self.name_id.to_string()
     new_name_id = saml.name_id_from_string(string_from_name_id)
     assert new_name_id.name_qualifier == "name_qualifier"
     assert new_name_id.sp_name_qualifier == "sp_name_qualifier"
     string_from_new_name_id = new_name_id.to_string()
     assert string_from_name_id == string_from_new_name_id
Exemple #6
0
def create_name_id():
    """
    :rtype: str

    :return: Returns a SAML nameid as XML string.
    """
    test_name_id = """<?xml version="1.0" encoding="utf-8"?>
<NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
  SPProvidedID="sp provided id">
  [email protected]
</NameID>
"""
    return name_id_from_string(test_name_id)
Exemple #7
0
def create_name_id():
    """
    :rtype: str

    :return: Returns a SAML nameid as XML string.
    """
    test_name_id = """<?xml version="1.0" encoding="utf-8"?>
<NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
  SPProvidedID="sp provided id">
  [email protected]
</NameID>
"""
    return name_id_from_string(test_name_id)
Exemple #8
0
    def get_subject(self):
        """ The assertion must contain a Subject
        """
        assert self.assertion.subject
        subject = self.assertion.subject
        subjconf = []

        if not self.verify_attesting_entity(subject.subject_confirmation):
            raise VerificationError("No valid attesting address")

        for subject_confirmation in subject.subject_confirmation:
            _data = subject_confirmation.subject_confirmation_data

            if subject_confirmation.method == SCM_BEARER:
                if not self._bearer_confirmed(_data):
                    continue
            elif subject_confirmation.method == SCM_HOLDER_OF_KEY:
                if not self._holder_of_key_confirmed(_data):
                    continue
            elif subject_confirmation.method == SCM_SENDER_VOUCHES:
                pass
            else:
                raise ValueError("Unknown subject confirmation method: %s" % (
                    subject_confirmation.method,))

            _recip = _data.recipient
            if not _recip or not self.verify_recipient(_recip):
                raise VerificationError("No valid recipient")

            subjconf.append(subject_confirmation)

        if not subjconf:
            raise VerificationError("No valid subject confirmation")

        subject.subject_confirmation = subjconf

        # The subject may contain a name_id

        if subject.name_id:
            self.name_id = subject.name_id
        elif subject.encrypted_id:
            # decrypt encrypted ID
            _name_id_str = self.sec.decrypt(
                subject.encrypted_id.encrypted_data.to_string())
            _name_id = saml.name_id_from_string(_name_id_str)
            self.name_id = _name_id

        logger.info("Subject NameID: %s", self.name_id)
        return self.name_id
Exemple #9
0
 def testAccessors(self):
     """Test for SubjectConfirmation accessors"""
     self.sc.name_id = saml.name_id_from_string(saml2_data.TEST_NAME_ID)
     self.sc.method = saml.SCM_BEARER
     self.sc.subject_confirmation_data = saml.subject_confirmation_data_from_string(
         saml2_data.TEST_SUBJECT_CONFIRMATION_DATA
     )
     new_sc = saml.subject_confirmation_from_string(self.sc.to_string())
     assert new_sc.name_id.sp_provided_id == "sp provided id"
     assert new_sc.method == saml.SCM_BEARER
     assert new_sc.subject_confirmation_data.not_before == "2007-08-31T01:05:02Z"
     assert new_sc.subject_confirmation_data.not_on_or_after == "2007-09-14T01:05:02Z"
     assert new_sc.subject_confirmation_data.recipient == "recipient"
     assert new_sc.subject_confirmation_data.in_response_to == "responseID"
     assert new_sc.subject_confirmation_data.address == "127.0.0.1"
Exemple #10
0
    def get_subject(self):
        """ The assertion must contain a Subject
        """
        assert self.assertion.subject
        subject = self.assertion.subject
        subjconf = []
        for subject_confirmation in subject.subject_confirmation:
            _data = subject_confirmation.subject_confirmation_data

            if subject_confirmation.method == SCM_BEARER:
                if not self._bearer_confirmed(_data):
                    continue
            elif subject_confirmation.method == SCM_HOLDER_OF_KEY:
                if not self._holder_of_key_confirmed(_data):
                    continue
            elif subject_confirmation.method == SCM_SENDER_VOUCHES:
                pass
            else:
                raise ValueError("Unknown subject confirmation method: %s" % (
                    subject_confirmation.method,))

            subjconf.append(subject_confirmation)

        if not subjconf:
            raise VerificationError("No valid subject confirmation")

        subject.subject_confirmation = subjconf

        # The subject must contain a name_id
        try:
            assert subject.name_id
            self.name_id = subject.name_id
        except AssertionError:
            if subject.encrypted_id:
                # decrypt encrypted ID
                _name_id_str = self.sec.decrypt(
                    subject.encrypted_id.encrypted_data.to_string())
                _name_id = saml.name_id_from_string(_name_id_str)
                self.name_id = _name_id
            else:
                raise VerificationError("Missing NameID")

        logger.info("Subject NameID: %s" % self.name_id)
        return self.name_id
Exemple #11
0
    def get_subject(self):
        """ The assertion must contain a Subject
        """
        assert self.assertion.subject
        subject = self.assertion.subject
        subjconf = []
        for subject_confirmation in subject.subject_confirmation:
            _data = subject_confirmation.subject_confirmation_data

            if subject_confirmation.method == SCM_BEARER:
                if not self._bearer_confirmed(_data):
                    continue
            elif subject_confirmation.method == SCM_HOLDER_OF_KEY:
                if not self._holder_of_key_confirmed(_data):
                    continue
            elif subject_confirmation.method == SCM_SENDER_VOUCHES:
                pass
            else:
                raise ValueError("Unknown subject confirmation method: %s" % (
                    subject_confirmation.method,))

            subjconf.append(subject_confirmation)

        if not subjconf:
            raise VerificationError("No valid subject confirmation")

        subject.subject_confirmation = subjconf

        # The subject must contain a name_id
        try:
            assert subject.name_id
            self.name_id = subject.name_id
        except AssertionError:
            if subject.encrypted_id:
                # decrypt encrypted ID
                _name_id_str = self.sec.decrypt(
                    subject.encrypted_id.encrypted_data.to_string())
                _name_id = saml.name_id_from_string(_name_id_str)
                self.name_id = _name_id
            else:
                raise VerificationError("Missing NameID")

        logger.info("Subject NameID: %s" % self.name_id)
        return self.name_id
Exemple #12
0
 def testname_id_from_string(self):
     """Test name_id_from_string() using test data"""
     name_id = saml.name_id_from_string(saml2_data.TEST_NAME_ID)
     assert name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
     assert name_id.text.strip() == "*****@*****.**"
     assert name_id.sp_provided_id == "sp provided id"
Exemple #13
0
 def testEmptyNameIDToAndFromStringMatch(self):
     """Test name_id_from_string() with empty NameID"""
     string_from_name_id = self.name_id.to_string()
     new_name_id = saml.name_id_from_string(string_from_name_id)
     string_from_new_name_id = new_name_id.to_string()
     assert string_from_name_id == string_from_new_name_id