def test_valid_signature(self): saml_request = self.saml_request.format( break_digest='', signature_value=self.signature_value, signed_info=self.signed_info.format(sig_alg=self.sig_alg, break_signature=''), certificate=self.cert, ) relay_state = 'relay_state' request = HTTPPostRequest(saml_request=saml_request, relay_state=relay_state) verifier = HTTPPostSignatureVerifier(self.cert, request) self.assertIsNone(verifier.verify())
def test_signature_mismatch(self): saml_request = self.saml_request.format( break_digest='', signature_value=self.signature_value, signed_info=self.signed_info.format(sig_alg=self.sig_alg, break_signature='broken'), certificate=self.cert, ) relay_state = 'relay_state' request = HTTPPostRequest(saml_request=saml_request, relay_state=relay_state) verifier = HTTPPostSignatureVerifier(self.cert, request) with pytest.raises(SignatureVerificationError) as excinfo: verifier.verify() exc = excinfo.value self.assertEqual('Verifica della firma fallita.', exc.args[0])
def test_certificate_mismatch(self): saml_request = self.saml_request.format( break_digest='', signature_value=self.signature_value, signed_info=self.signed_info.format(sig_alg=self.sig_alg, break_signature=''), certificate='fake cert', ) relay_state = 'relay_state' request = HTTPPostRequest(saml_request=saml_request, relay_state=relay_state) verifier = HTTPPostSignatureVerifier(self.cert, request) with pytest.raises(SignatureVerificationError) as excinfo: verifier.verify() exc = excinfo.value self.assertEqual( 'Il certificato X509 contenuto nella request è differente ' 'rispetto a quello contenuto nei metadata del Service Provider.', exc.args[0])
def test_unknown_algorithm(self): sig_alg = 'unknown_sig_alg' saml_request = self.saml_request.format( break_digest='', signature_value=self.signature_value, signed_info=self.signed_info.format(sig_alg=sig_alg, break_signature=''), certificate=self.cert, ) relay_state = 'relay_state' request = HTTPPostRequest(saml_request=saml_request, relay_state=relay_state) verifier = HTTPPostSignatureVerifier(self.cert, request) with pytest.raises(SignatureVerificationError) as excinfo: verifier.verify() exc = excinfo.value self.assertEqual( "L'algoritmo 'unknown_sig_alg' è sconosciuto o non supportato. Si prega di " "utilizzare uno dei seguenti: {}".format(self.supported_sig_alg), exc.args[0])
def test_deprecated_algorithm(self): sig_alg = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' saml_request = self.saml_request.format( break_digest='', signature_value=self.signature_value, signed_info=self.signed_info.format(sig_alg=sig_alg, break_signature=''), certificate=self.cert, ) relay_state = 'relay_state' request = HTTPPostRequest(saml_request=saml_request, relay_state=relay_state) verifier = HTTPPostSignatureVerifier(self.cert, request) with pytest.raises(SignatureVerificationError) as excinfo: verifier.verify() exc = excinfo.value self.assertEqual( "L'algoritmo 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' è considerato deprecato. " "Si prega di utilizzare uno dei seguenti: {}".format( self.supported_sig_alg), exc.args[0])