예제 #1
0
    def setup_class(cls):
        request_id = '_ABC123_some_assertion_id'
        request_xml = etree.fromstring(
            '<samlp:AuthnRequest '
            'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" '
            'AssertionConsumerServiceURL="https://login.salesforce.com" '
            'Destination="http://127.0.0.1:8000/+saml" '
            'ID="' + request_id + '" '
            'IssueInstant="2011-10-05T18:49:49.068Z" '
            'ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" '
            'Version="2.0">'
            '<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">'
            'https://saml.salesforce.com'
            '</saml:Issuer>'
            '</samlp:AuthnRequest>')

        digester = Sha1Digester()
        signer = RsaSha1Signer(SALESFORCE_PRIVATE_KEY)

        request_xml.insert(
            1,
            get_signature_xml(SALESFORCE_CERTIFICATE, digester, signer,
                              base.c14n(request_xml).decode('utf-8'),
                              request_id))

        cls.REQUEST_DATA = {
            'SAMLRequest':
            base64.b64encode(base.c14n(request_xml)).decode('utf-8'),
            'RelayState': RELAY_STATE,
        }
예제 #2
0
    def test1(self):
        digester = Sha1Digester()
        signer = RsaSha1Signer(PRIVATE_KEY)

        signature = SignatureTemplate.sign("this is a test", CERTIFICATE,
                                           digester, signer, 'abcd' * 10)
        signature_xml = signature.xml
        expected_xml = SIGNATURE_TEMPLATE_STR
        self._test(signature_xml, expected_xml)
예제 #3
0
    def test1(self):
        digester = Sha1Digester()
        signer = RsaSha1Signer(PRIVATE_KEY)

        signature_xml = signing.get_signature_xml(CERTIFICATE, digester,
                                                  signer, "this is a test",
                                                  'abcd' * 10)
        expected_xml = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#abcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>+ia+Gd5r/5P3C8IwhDTkpEC7rQI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>t1IywxEzobY8ZyHL+iuB+E3zzVAWByUjRqFTdyNerGbGSRwo0oYWx6hcYX+ST1DTDaQ50gV2PJeibbykFsA3vQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICKzCCAdWgAwIBAgIJAM8DxRNtPj90MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTEwODEyMjA1MTIzWhcNMTIwODExMjA1MTIzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANcNmgm4YlSUAr2xdWei5aRU/DbWtsQ47gjkv28Ekje3ob+6q0M+D5phwYDcv9ygYmuJ5wOi1cPprsWdFWmvSusCAwEAAaOBpzCBpDAdBgNVHQ4EFgQUzyBR9+vE8bygqvD6CZ/w6aQPikMwdQYDVR0jBG4wbIAUzyBR9+vE8bygqvD6CZ/w6aQPikOhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDPA8UTbT4/dDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA0EAIQuPLA/mlMJAMF680kL7reX5WgyRwAtRzJK6FgNjE7kRaLZQ79UKYVYa0VAyrRdoNEyVhG4tJFEiQJzaLWsl/A==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>'
        self._test(signature_xml, expected_xml)
예제 #4
0
    def test_signed_response_with_signed_assertion(self):
        # This test verifies that the response got signed properly.
        params = {
            **IDP_PARAMS,
            **RESPONSE_PARAMS,
        }

        digester = Sha1Digester()
        signer = RsaSha1Signer(PRIVATE_KEY)

        got = ResponseTemplate(params, SIGNED_ASSERTION_SALESFORCE)
        got.sign(certificate=CERTIFICATE, signer=signer, digester=digester)
        self._test(got.xml,
                   SIGNED_RESPONSE_WITH_SIGNED_ASSERTION_SALESFORCE_XML)
예제 #5
0
    def test_signed_assertion(self):
        # This test verifies that the assertion got signed properly.
        params = {
            **IDP_PARAMS,
            **RESPONSE_PARAMS,
            **ASSERTION_SALESFORCE_PARAMS,
        }

        digester = Sha1Digester()
        signer = RsaSha1Signer(PRIVATE_KEY)

        got = AssertionTemplate(params)
        got.sign(certificate=CERTIFICATE, signer=signer, digester=digester)
        self._test(got.xml, SIGNED_ASSERTION_SALESFORCE.get_xml_string())
예제 #6
0
 def get_sp_digester(self) -> Digester:
     """Get the digest algorithm used by this SP."""
     return Sha1Digester()
예제 #7
0
 def get_idp_digester(self) -> Digester:
     """Get the method used to compute digests for the IdP."""
     return Sha1Digester()