def test_str_to_time(): t = calendar.timegm(str_to_time("2000-01-12T00:00:00Z")) #TODO: Find all instances of time.mktime(.....) #t = time.mktime(str_to_time("2000-01-12T00:00:00Z")) #assert t == 947631600.0 #TODO: add something to show how this time was arrived at # do this as an external method in the assert t == 947635200 # some IdPs omit the trailing Z, and SAML spec is unclear if it is actually required t = calendar.timegm(str_to_time("2000-01-12T00:00:00")) assert t == 947635200
def test_SAML_sign_with_pkcs11(self): """ Test signing a SAML assertion using PKCS#11 and then verifying it. """ os.environ['SOFTHSM_CONF'] = self.softhsm_conf ass = self._assertion print(ass) sign_ass = self.sec.sign_assertion("%s" % ass, node_id=ass.id) #print(sign_ass) sass = saml.assertion_from_string(sign_ass) #print(sass) assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant', 'version', 'signature', 'id']) assert sass.version == "2.0" assert sass.id == "11111" assert time_util.str_to_time(sass.issue_instant) print("Crypto version : %s" % (self.sec.crypto.version())) item = self.sec.check_signature(sass, class_name(sass), sign_ass) assert isinstance(item, saml.Assertion) print("Test PASSED")
def test_SAML_sign_with_pkcs11(self): """ Test signing a SAML assertion using PKCS#11 and then verifying it. """ os.environ['SOFTHSM_CONF'] = self.softhsm_conf ass = self._assertion print(ass) sign_ass = self.sec.sign_assertion("%s" % ass, node_id=ass.id) #print(sign_ass) sass = saml.assertion_from_string(sign_ass) #print(sass) assert _eq(sass.keyswv(), [ 'attribute_statement', 'issue_instant', 'version', 'signature', 'id' ]) assert sass.version == "2.0" assert sass.id == "11111" assert time_util.str_to_time(sass.issue_instant) print("Crypto version : %s" % (self.sec.crypto.version())) item = self.sec.check_signature(sass, class_name(sass), sign_ass) assert isinstance(item, saml.Assertion) print("Test PASSED")
def test_add_duration_2(): #2000-01-12 PT33H 2000-01-13 t = add_duration(str_to_time("2000-01-12T00:00:00Z"), "PT33H") assert t.tm_year == 2000 assert t.tm_mon == 1 assert t.tm_mday == 14 assert t.tm_hour == 9 assert t.tm_min == 0 assert t.tm_sec == 0
def test_add_duration_1(): #2000-01-12T12:13:14Z P1Y3M5DT7H10M3S 2001-04-17T19:23:17Z t = add_duration(str_to_time("2000-01-12T12:13:14Z"), "P1Y3M5DT7H10M3S") assert t.tm_year == 2001 assert t.tm_mon == 4 assert t.tm_mday == 17 assert t.tm_hour == 19 assert t.tm_min == 23 assert t.tm_sec == 17
def validate_before(not_before, slack): if not_before: now = time_util.utc_now() nbefore = calendar.timegm(time_util.str_to_time(not_before)) if nbefore > now + slack: now_str = time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(now)) raise ToEarly("Can't use response yet: (now=%s + slack=%d) " "<= notbefore=%s" % (now_str, slack, not_before)) return True
def add_derek_info(sp): not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Derek"], "umuselin": ["deje0001"]} session_info["issuer"] = "urn:mace:example.com:saml:idp" session_info["name_id"] = nid session_info["not_on_or_after"] = not_on_or_after # subject_id, entity_id, info, timestamp sp.users.add_information_about_person(session_info)
def test_set(self): not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Derek"]} self.cache.set(nid[0], "abcd", session_info, not_on_or_after) (ava, inactive) = self.cache.get_identity(nid[0]) assert inactive == [] assert list(ava.keys()) == ["givenName"] assert ava["givenName"] == ["Derek"]
def test_identity(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName":["Derek"]} self.cache.set("1234", "abcd", session_info, not_on_or_after) not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"mail":["*****@*****.**"]} self.cache.set("1234", "xyzv", session_info, not_on_or_after) (ident, _) = self.cache.get_identity("1234") print(ident) assert len(ident.keys()) == 2 assert "givenName" in ident.keys() assert "mail" in ident.keys() assert ident["mail"] == ["*****@*****.**"] assert ident["givenName"] == ["Derek"]
def test_identity(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Derek"]} self.cache.set("1234", "abcd", session_info, not_on_or_after) not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"mail": ["*****@*****.**"]} self.cache.set("1234", "xyzv", session_info, not_on_or_after) (ident, _) = self.cache.get_identity("1234") print(ident) assert len(ident.keys()) == 2 assert "givenName" in ident.keys() assert "mail" in ident.keys() assert ident["mail"] == ["*****@*****.**"] assert ident["givenName"] == ["Derek"]
def issue_instant_ok(self): """ Check that the request was issued at a reasonable time """ upper = time_util.shift_time(time_util.time_in_a_while(days=1), self.timeslack).timetuple() lower = time_util.shift_time(time_util.time_a_while_ago(days=1), -self.timeslack).timetuple() # print("issue_instant: %s" % self.message.issue_instant) # print("%s < x < %s" % (lower, upper)) issued_at = time_util.str_to_time(self.message.issue_instant) return issued_at > lower and issued_at < upper
def test_receivers(self): assert _eq(self.cache.receivers(nid[1]), ["abcd"]) not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Ichiro"], "surName": ["Suzuki"]} self.cache.set(nid[1], "bcde", session_info, not_on_or_after) assert _eq(self.cache.receivers(nid[1]), ["abcd", "bcde"]) assert nid_eq(self.cache.subjects(), nid[0:2])
def issue_instant_ok(self): """ Check that the response was issued at a reasonable time """ upper = time_util.shift_time(time_util.time_in_a_while(days=1), self.timeslack).timetuple() lower = time_util.shift_time(time_util.time_a_while_ago(days=1), -self.timeslack).timetuple() # print("issue_instant: %s" % self.response.issue_instant) # print("%s < x < %s" % (lower, upper)) issued_at = str_to_time(self.response.issue_instant) return lower < issued_at < upper
def test_timeout(self): not_on_or_after = str_to_time(in_a_while(seconds=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Alex"], "surName": ["Rodriguez"]} self.cache.set(nid[2], "bcde", session_info, not_on_or_after) time.sleep(2) (ava, inactive) = self.cache.get_identity(nid[2]) assert inactive == ["bcde"] assert ava == {}
def test_add_ava_info(self): not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"surName": ["Jeter"]} self.cache.set(nid[0], "bcde", session_info, not_on_or_after) (ava, inactive) = self.cache.get_identity(nid[0]) assert inactive == [] assert _eq(ava.keys(), ["givenName", "surName"]) assert ava["givenName"] == ["Derek"] assert ava["surName"] == ["Jeter"]
def test_second_subject(self): not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Ichiro"], "surName": ["Suzuki"]} self.cache.set(nid[1], "abcd", session_info, not_on_or_after) (ava, inactive) = self.cache.get_identity(nid[1]) assert inactive == [] assert _eq(ava.keys(), ["givenName", "surName"]) assert ava["givenName"] == ["Ichiro"] assert ava["surName"] == ["Suzuki"] assert nid_eq(self.cache.subjects(), [nid[0], nid[1]])
def validate_on_or_after(not_on_or_after, slack): if not_on_or_after: now = time_util.utc_now() nooa = calendar.timegm(time_util.str_to_time(not_on_or_after)) if now > nooa + slack: now_str=time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(now)) raise ResponseLifetimeExceed( "Can't use response, too old (now=%s + slack=%d > " \ "not_on_or_after=%s" % (now_str, slack, not_on_or_after)) return nooa else: return False
def test_set_get_2(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(seconds=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Mariano"]} # subject_id, entity_id, info, timestamp self.cache.set("1235", "abcd", session_info, not_on_or_after) time.sleep(2) raises(ToOld, 'self.cache.get("1235", "abcd")') info = self.cache.get("1235", "abcd", False) assert info != {}
def validate_on_or_after(not_on_or_after, slack): if not_on_or_after: now = time_util.utc_now() nooa = calendar.timegm(time_util.str_to_time(not_on_or_after)) if now > nooa + slack: now_str = time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(now)) raise ResponseLifetimeExceed( "Can't use response, too old (now=%s + slack=%d > " \ "not_on_or_after=%s" % (now_str, slack, not_on_or_after)) return nooa else: return False
def test_set_get_2(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(seconds=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName":["Mariano"]} # subject_id, entity_id, info, timestamp self.cache.set("1235", "abcd", session_info, not_on_or_after) time.sleep(2) raises(ToOld, 'self.cache.get("1235", "abcd")') info = self.cache.get("1235", "abcd", False) assert info != {}
def test_set_get_1(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Derek"]} # subject_id, entity_id, info, timestamp self.cache.set("1234", "abcd", session_info, not_on_or_after) info = self.cache.get("1234", "abcd") #{u'issuer': u'', u'came from': u'', u'ava': {u'givenName': [u'Derek']}, u'session_id': -1, u'not_on_or_after': 0} ava = info["ava"] print(ava) assert list(ava.keys()) == ["givenName"] assert ava["givenName"] == ["Derek"]
def test_set_get_1(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName":["Derek"]} # subject_id, entity_id, info, timestamp self.cache.set("1234", "abcd", session_info, not_on_or_after) info = self.cache.get("1234", "abcd") #{u'issuer': u'', u'came from': u'', u'ava': {u'givenName': [u'Derek']}, u'session_id': -1, u'not_on_or_after': 0} ava = info["ava"] print(ava) assert list(ava.keys()) == ["givenName"] assert ava["givenName"] == ["Derek"]
def test_sign_assertion(self): ass = self._assertion print(ass) sign_ass = self.sec.sign_assertion("%s" % ass, node_id=ass.id) #print(sign_ass) sass = saml.assertion_from_string(sign_ass) #print(sass) assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant', 'version', 'signature', 'id']) assert sass.version == "2.0" assert sass.id == "11111" assert time_util.str_to_time(sass.issue_instant) print("Crypto version : %s" % (self.sec.crypto.version())) item = self.sec.check_signature(sass, class_name(sass), sign_ass) assert isinstance(item, saml.Assertion)
def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id, ''), (ass, ass.id, '') ] sign_ass = self.sec.multiple_signatures("%s" % ass, to_sign) sass = saml.assertion_from_string(sign_ass) assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant', 'version', 'signature', 'id']) assert sass.version == "2.0" assert sass.id == "11111" assert time_util.str_to_time(sass.issue_instant) print("Crypto version : %s" % (self.sec.crypto.version())) item = self.sec.check_signature(sass, class_name(sass), sign_ass, must=True) assert isinstance(item, saml.Assertion)
def authn_statement_ok(self, optional=False): try: # the assertion MUST contain one AuthNStatement assert len(self.assertion.authn_statement) == 1 except AssertionError: if optional: return True else: logger.error("No AuthnStatement") raise authn_statement = self.assertion.authn_statement[0] if authn_statement.session_not_on_or_after: if validate_on_or_after(authn_statement.session_not_on_or_after, self.timeslack): self.session_not_on_or_after = calendar.timegm( time_util.str_to_time( authn_statement.session_not_on_or_after)) else: return False return True
def test_instant(): inst = str_to_time(instant()) now = time.gmtime() assert now >= inst
def valid_date_time(item): try: time_util.str_to_time(item) except Exception: raise NotValid("dateTime") return True