def _makeRequestForQuery(self, query):
"""Wraps an XACMLAuthzDecisionQuery in a SOAP request.
"""
elem = XACMLAuthzDecisionQueryElementTree.toXML(query)
soapRequest = SOAPEnvelope()
soapRequest.create()
soapRequest.body.elem.append(elem)
request = soapRequest.serialize()
return request
def _do_test(self, resourceContentsStr, expected_status, expected_decision):
"""Constructs, sends and evaluates the response from a SAML SOAP request
using the XACML-SAML profile, with specified resource contents.
"""
# Load the AuthorisationServiceMiddleware and
# SOAPQueryInterfaceMiddleware so that the authorisation service can be
# called.
self.__class__.INI_FILEPATH = os.path.join(self.__class__.THIS_DIR,
self.__class__.INI_FILE)
wsgiapp = loadapp('config:'+self.__class__.INI_FILEPATH)
self.app = paste.fixture.TestApp(wsgiapp)
# Construct a SOAP request.
(header, request) = self._makeRequest(resourceContentsStr,
issuer=self.ISSUER_DN)
# Send the SOAP request to the authorisation service.
httpResponse = self.app.post(self.AUTHZ_SERVICE_URI,
params=request,
headers=header,
status=200)
log.debug("Response status=%d", httpResponse.status)
# Parse the SOAP response.
envelope = SOAPEnvelope()
respFile = StringIO(httpResponse.body)
envelope.parse(respFile)
# Extract the SAML response.
samlAuthzResponse = ResponseElementTree.fromXML(envelope.body.elem[0])
# serialisedResponse = pickle.dumps(samlAuthzResponse)
# response2 = pickle.loads(serialisedResponse)
assertions = samlAuthzResponse.assertions
(assertion,
error_status,
error_message) = XacmlSamlPepFilter._evaluate_assertions(assertions,
self.SUBJECT_ID,
self.RESOURCE_URI,
self.AUTHZ_SERVICE_URI)
if expected_status is None:
self.assertTrue(error_status is None,
("Unexpected error %d: %s" %
(0 if error_status is None else error_status,
error_message)))
self.assertEqual(
assertion.statements[0].xacmlContextResponse.results[0
].decision.value,
expected_decision)
else:
self.assertEqual(error_status, expected_status)