def test_filter_values_req_opt_2():
r = [
to_dict(
Attribute(
friendly_name="surName",
name="urn:oid:2.5.4.4",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
ONTS),
to_dict(
Attribute(
friendly_name="givenName",
name="urn:oid:2.5.4.42",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
ONTS),
to_dict(
Attribute(
friendly_name="mail",
name="urn:oid:0.9.2342.19200300.100.1.3",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
ONTS)]
o = [
to_dict(
Attribute(
friendly_name="title",
name="urn:oid:2.5.4.12",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
ONTS)]
ava = {"surname": ["Hedberg"], "givenName": ["Roland"],
"eduPersonAffiliation": ["staff"], "uid": ["rohe0002"]}
raises(MissingValue, "filter_on_attributes(ava, r, o, acs=ac_factory())")
def test_req_opt():
req = [
to_dict(
md.RequestedAttribute(
friendly_name="surname", name="urn:oid:2.5.4.4",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
is_required="true"), ONTS),
to_dict(
md.RequestedAttribute(
friendly_name="givenname",
name="urn:oid:2.5.4.42",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
is_required="true"), ONTS),
to_dict(
md.RequestedAttribute(
friendly_name="edupersonaffiliation",
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
is_required="true"), ONTS)]
opt = [
to_dict(
md.RequestedAttribute(
friendly_name="title",
name="urn:oid:2.5.4.12",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
is_required="false"), ONTS)]
policy = Policy()
ava = {'givenname': 'Roland', 'sn': 'Hedberg',
'uid': 'rohe0002', 'edupersonaffiliation': 'staff'}
sp_entity_id = "urn:mace:example.com:saml:curt:sp"
fava = policy.filter(ava, sp_entity_id, None, req, opt)
assert fava
def test_filter_values_req_2():
a1 = to_dict(Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber"), ONTS)
a2 = to_dict(Attribute(name="urn:oid:2.5.4.4", name_format=NAME_FORMAT_URI,
friendly_name="surName"), ONTS)
required = [a1, a2]
ava = {"serialNumber": ["12345"], "givenName": ["Lars"]}
raises(MissingValue, filter_on_attributes, ava, required, acs=ac_factory())
def test_filter_values_req_opt_0():
r = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
o = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="12345")]), ONTS)
ava = {"serialNumber": ["12345", "54321"]}
ava = filter_on_attributes(ava, [r], [o], acs=ac_factory())
assert list(ava.keys()) == ["serialNumber"]
assert _eq(ava["serialNumber"], ["12345", "54321"])
def test_filter_on_attributes_with_missing_optional_attribute():
ava = {"extra": "foo"}
eptid = to_dict(Attribute(
friendly_name="eduPersonTargetedID",
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10",
name_format=NAME_FORMAT_URI), ONTS)
assert filter_on_attributes(ava, optional=[eptid], acs=ac_factory()) == {}
def test_filter_on_attributes_without_friendly_name():
ava = {"eduPersonTargetedID": "*****@*****.**",
"eduPersonAffiliation": "test",
"extra": "foo"}
eptid = to_dict(
Attribute(name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10",
name_format=NAME_FORMAT_URI), ONTS)
ep_affiliation = to_dict(
Attribute(name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1",
name_format=NAME_FORMAT_URI), ONTS)
restricted_ava = filter_on_attributes(ava, required=[eptid],
optional=[ep_affiliation],
acs=ac_factory())
assert restricted_ava == {"eduPersonTargetedID": "*****@*****.**",
"eduPersonAffiliation": "test"}
def test_filter_on_attributes_with_missing_required_attribute():
ava = {"extra": "foo"}
eptid = to_dict(Attribute(
friendly_name="eduPersonTargetedID",
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10",
name_format=NAME_FORMAT_URI), ONTS)
with pytest.raises(MissingValue):
filter_on_attributes(ava, required=[eptid], acs=ac_factory())
def test_filter_on_attributes_with_missing_name_format():
ava = {"eduPersonTargetedID": "*****@*****.**",
"eduPersonAffiliation": "test",
"extra": "foo"}
eptid = to_dict(Attribute(friendly_name="eduPersonTargetedID",
name="urn:myown:eptid",
name_format=''), ONTS)
ava = filter_on_attributes(ava, optional=[eptid], acs=ac_factory())
assert ava['eduPersonTargetedID'] == "*****@*****.**"
def test_filter_on_attributes_1():
a = to_dict(Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber"), ONTS)
required = [a]
ava = {"serialNumber": ["12345"], "givenName": ["Lars"]}
ava = filter_on_attributes(ava, required, acs=ac_factory())
assert list(ava.keys()) == ["serialNumber"]
assert ava["serialNumber"] == ["12345"]
def test_filter_on_attributes_2():
a = to_dict(Attribute(friendly_name="surName",name="urn:oid:2.5.4.4",
name_format=NAME_FORMAT_URI), ONTS)
required = [a]
ava = {"sn":["kakavas"]}
ava = filter_on_attributes(ava,required,acs=ac_factory())
assert list(ava.keys()) == ['sn']
assert ava["sn"] == ["kakavas"]
def test_filter_values_req_4():
a = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
required = [a]
ava = {"serialNumber": ["12345"]}
raises(MissingValue, filter_on_attributes, ava, required, acs=ac_factory())
def test_filter_values_req_6():
a = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
required = [a]
ava = {"serialNumber": ["12345", "54321"]}
ava = filter_on_attributes(ava, required, acs=ac_factory())
assert list(ava.keys()) == ["serialNumber"]
assert ava["serialNumber"] == ["54321"]
def store_assertion(self, assertion, to_sign):
name_id = assertion.subject.name_id
nkey = sha1(code_binary(name_id)).hexdigest()
doc = {
"name_id_key": nkey,
"assertion_id": assertion.id,
"assertion": to_dict(assertion, MMODS, True),
"to_sign": to_sign
}
_ = self.assertion.insert(doc)
def store_assertion(self, assertion, to_sign):
name_id = assertion.subject.name_id
nkey = sha1(code_binary(name_id)).hexdigest()
doc = {
"name_id_key": nkey,
"assertion_id": assertion.id,
"assertion": to_dict(assertion, MMODS, True),
"to_sign": to_sign
}
_ = self.assertion.insert(doc)
def do_entity_descriptor(self, entity_descr):
if self.check_validity:
try:
if not valid(entity_descr.valid_until):
logger.error("Entity descriptor (entity id:%s) to old",
entity_descr.entity_id)
self.to_old.append(entity_descr.entity_id)
return
except AttributeError:
pass
# have I seen this entity_id before ? If so if log: ignore it
if entity_descr.entity_id in self.entity:
print("Duplicated Entity descriptor (entity id: '%s')" %
entity_descr.entity_id,
file=sys.stderr)
return
_ent = to_dict(entity_descr, metadata_modules())
flag = 0
# verify support for SAML2
for descr in [
"spsso", "idpsso", "role", "authn_authority",
"attribute_authority", "pdp", "affiliation"
]:
_res = []
try:
_items = _ent["%s_descriptor" % descr]
except KeyError:
continue
if descr == "affiliation": # Not protocol specific
flag += 1
continue
for item in _items:
for prot in item["protocol_support_enumeration"].split(" "):
if prot == samlp.NAMESPACE:
item["protocol_support_enumeration"] = prot
_res.append(item)
break
if not _res:
del _ent["%s_descriptor" % descr]
else:
flag += 1
if self.filter:
_ent = self.filter(_ent)
if not _ent:
flag = 0
if flag:
self.entity[entity_descr.entity_id] = _ent
def do_entity_descriptor(self, entity_descr):
if self.check_validity:
try:
if not valid(entity_descr.valid_until):
logger.error("Entity descriptor (entity id:%s) to old",
entity_descr.entity_id)
self.to_old.append(entity_descr.entity_id)
return
except AttributeError:
pass
# have I seen this entity_id before ? If so if log: ignore it
if entity_descr.entity_id in self.entity:
print("Duplicated Entity descriptor (entity id: '%s')" %
entity_descr.entity_id, file=sys.stderr)
return
_ent = to_dict(entity_descr, metadata_modules())
flag = 0
# verify support for SAML2
for descr in ["spsso", "idpsso", "role", "authn_authority",
"attribute_authority", "pdp", "affiliation"]:
_res = []
try:
_items = _ent["%s_descriptor" % descr]
except KeyError:
continue
if descr == "affiliation": # Not protocol specific
flag += 1
continue
for item in _items:
for prot in item["protocol_support_enumeration"].split(" "):
if prot == samlp.NAMESPACE:
item["protocol_support_enumeration"] = prot
_res.append(item)
break
if not _res:
del _ent["%s_descriptor" % descr]
else:
flag += 1
if self.filter:
_ent = self.filter(_ent)
if not _ent:
flag = 0
if flag:
self.entity[entity_descr.entity_id] = _ent
def remove_remote(self, name_id):
cnid = to_dict(name_id, MMODS, True)
self.mdb.remove(name_id=cnid)
def find_local_id(self, name_id):
cnid = to_dict(name_id, MMODS, True)
for item in self.mdb.get(name_id=cnid):
return item[self.mdb.primary_key]
return None
def store(self, ident, name_id):
self.mdb.store(ident, name_id=to_dict(name_id, MMODS, True))
def find_local_id(self, name_id):
cnid = to_dict(name_id, MMODS, True)
for item in self.mdb.get(name_id=cnid):
return item[self.mdb.primary_key]
return None
def remove_remote(self, name_id):
cnid = to_dict(name_id, MMODS, True)
self.mdb.remove(name_id=cnid)
from saml2_tophat.extension import ui
from saml2_tophat import saml
from saml2_tophat import xmldsig
from saml2_tophat import xmlenc
from pathutils import full_path
ONTS = [saml, mdui, mdattr, dri, ui, idpdisc, md, xmldsig, xmlenc]
def _eq(l1, l2):
return set(l1) == set(l2)
gn = to_dict(md.RequestedAttribute(name="urn:oid:2.5.4.42",
friendly_name="givenName",
name_format=NAME_FORMAT_URI), ONTS)
sn = to_dict(md.RequestedAttribute(name="urn:oid:2.5.4.4",
friendly_name="surName",
name_format=NAME_FORMAT_URI), ONTS)
mail = to_dict(md.RequestedAttribute(name="urn:oid:0.9.2342.19200300.100.1.3",
friendly_name="mail",
name_format=NAME_FORMAT_URI), ONTS)
# ---------------------------------------------------------------------------
def test_filter_on_attributes_0():
def store(self, ident, name_id):
self.mdb.store(ident, name_id=to_dict(name_id, MMODS, True))
