def test_create_class_from_xml_string_nameid(): kl = create_class_from_xml_string(NameID, ITEMS[NameID][0]) assert kl != None assert kl.format == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" assert kl.sp_provided_id == "sp provided id" assert kl.text.strip() == "*****@*****.**" assert _eq(kl.keyswv(), ['sp_provided_id', 'format', 'text']) assert class_name(kl) == "urn:oasis:names:tc:SAML:2.0:assertion:NameID" assert _eq(kl.keys(), ['sp_provided_id', 'sp_name_qualifier', 'name_qualifier', 'format', 'text']) kl = create_class_from_xml_string(NameID, ITEMS[NameID][1]) assert kl != None assert kl.format == "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" assert kl.sp_name_qualifier == "https://foo.example.com/sp" assert kl.text.strip() == "_1632879f09d08ea5ede2dc667cbed7e429ebc4335c" assert _eq(kl.keyswv(), ['sp_name_qualifier', 'format', 'text']) assert class_name(kl) == "urn:oasis:names:tc:SAML:2.0:assertion:NameID" kl = create_class_from_xml_string(NameID, ITEMS[NameID][2]) assert kl != None assert kl.format == "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" assert kl.name_qualifier == "http://authentic.example.com/saml/metadata" assert kl.sp_name_qualifier == "http://auth.example.com/saml/metadata" assert kl.text.strip() == "test" assert _eq(kl.keyswv(), ['sp_name_qualifier', 'format', 'name_qualifier', 'text']) assert class_name(kl) == "urn:oasis:names:tc:SAML:2.0:assertion:NameID"
def test_create_class_from_xml_string_xxe(): xml = """<?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ELEMENT lolz (#PCDATA)> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> ]> <lolz>&lol1;</lolz> """ with raises(EntitiesForbidden) as err: create_class_from_xml_string(NameID, xml)
def test_subject_confirmation_with_extension(): kl = create_class_from_xml_string(SubjectConfirmation, SUBJECT_CONFIRMATION_WITH_MEMBER_EXTENSION) assert kl != None print(kl.__dict__) assert kl.extension_attributes == {} assert kl.method == "urn:oasis:names:tc:SAML:2.0:cm:bearer" name_id = kl.name_id assert _eq(name_id.keyswv(), ['format', 'name_qualifier', 'text']) assert name_id.format == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" assert name_id.name_qualifier == "http://authentic.example.com/saml/metadata" assert name_id.text.strip() == "*****@*****.**" subject_confirmation_data = kl.subject_confirmation_data assert _eq(subject_confirmation_data.keyswv(), ['not_on_or_after', 'recipient', 'in_response_to']) assert subject_confirmation_data.recipient == \ "http://auth.example.com/saml/proxySingleSignOnRedirect" assert subject_confirmation_data.not_on_or_after == "2010-02-17T17:02:38Z" assert subject_confirmation_data.in_response_to == \ "_59B3A01B03334032C31E434C63F89E3E" assert len(kl.extension_elements) == 1 ee = kl.extension_elements[0] assert ee.tag == "Trustlevel" assert ee.namespace == "urn:mace:example.com:saml:assertion" assert ee.text.strip() == "Excellent"
def test_to_fro_string_1(): kl = create_class_from_xml_string(SubjectConfirmation, SUBJECT_CONFIRMATION_WITH_MEMBER_EXTENSION) txt = kl.to_string() cpy = create_class_from_xml_string(SubjectConfirmation, txt) print(kl.__dict__) print(cpy.__dict__) assert kl.text.strip() == cpy.text.strip() assert _eq(kl.keyswv(), cpy.keyswv()) assert len(kl.extension_elements) == len(cpy.extension_elements) klee = kl.extension_elements[0] cpyee = cpy.extension_elements[0] assert klee.text.strip() == cpyee.text.strip() assert klee.tag == cpyee.tag assert klee.namespace == cpyee.namespace
def test_create_class_from_xml_string_subject_locality(): kl = create_class_from_xml_string(SubjectLocality, ITEMS[SubjectLocality]) assert kl != None assert _eq(kl.keyswv(), ['address', "dns_name"]) assert kl.address == "127.0.0.1" assert kl.dns_name == "localhost" assert class_name( kl) == "urn:oasis:names:tc:SAML:2.0:assertion:SubjectLocality"
def test_create_class_from_xml_string_subject_confirmation_data(): kl = create_class_from_xml_string(SubjectConfirmationData, ITEMS[SubjectConfirmationData]) assert kl != None assert _eq(kl.keyswv(), ['in_response_to', 'not_on_or_after', 'not_before', 'recipient']) assert kl.in_response_to == "_1683146e27983964fbe7bf8f08961108d166a652e5" assert kl.not_on_or_after == "2010-02-18T13:52:13.959Z" assert kl.not_before == "2010-01-16T12:00:00Z" assert kl.recipient == "http://192.168.0.10/saml/sp" assert class_name(kl) == \ "urn:oasis:names:tc:SAML:2.0:assertion:SubjectConfirmationData"
def test_nameid_with_extension(): kl = create_class_from_xml_string(NameID, NAMEID_WITH_ATTRIBUTE_EXTENSION) assert kl != None print(kl.__dict__) assert kl.format == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" assert kl.sp_provided_id == "sp provided id" assert kl.text.strip() == "*****@*****.**" assert _eq(kl.keyswv(), ['sp_provided_id', 'format', 'extension_attributes', 'text']) assert class_name(kl) == "urn:oasis:names:tc:SAML:2.0:assertion:NameID" assert _eq(kl.keys(), ['sp_provided_id', 'sp_name_qualifier', 'name_qualifier', 'format', 'text']) assert kl.extension_attributes == { '{urn:mace:example.com:saml:assertion}Foo': 'BAR'}
def test_attribute_element_to_extension_element(): attr = create_class_from_xml_string(Attribute, saml2_data.TEST_ATTRIBUTE) ee = saml2_tophat.element_to_extension_element(attr) print(ee.__dict__) assert ee.tag == "Attribute" assert ee.namespace == 'urn:oasis:names:tc:SAML:2.0:assertion' assert _eq(ee.attributes.keys(), ['FriendlyName', 'Name', 'NameFormat']) assert ee.attributes["FriendlyName"] == 'test attribute' assert ee.attributes["Name"] == "testAttribute" assert ee.attributes["NameFormat"] == \ 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified' assert len(ee.children) == 2 for child in ee.children: # children are also extension element instances assert child.namespace == 'urn:oasis:names:tc:SAML:2.0:assertion' assert child.tag == "AttributeValue"
def test_create_class_from_xml_string_subject_confirmation(): kl = create_class_from_xml_string(SubjectConfirmation, ITEMS[SubjectConfirmation]) assert kl != None assert _eq(kl.keyswv(), ['method', 'name_id', 'subject_confirmation_data']) assert kl.method == "urn:oasis:names:tc:SAML:2.0:cm:bearer" name_id = kl.name_id assert _eq(name_id.keyswv(), ['format', 'name_qualifier', 'text']) assert name_id.format == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" assert name_id.name_qualifier == "http://authentic.example.com/saml/metadata" assert name_id.text.strip() == "*****@*****.**" subject_confirmation_data = kl.subject_confirmation_data assert _eq(subject_confirmation_data.keyswv(), ['not_on_or_after', 'recipient', 'in_response_to']) assert subject_confirmation_data.recipient == \ "http://auth.example.com/saml/proxySingleSignOnRedirect" assert subject_confirmation_data.not_on_or_after == "2010-02-17T17:02:38Z" assert subject_confirmation_data.in_response_to == \ "_59B3A01B03334032C31E434C63F89E3E" assert class_name(kl) == \ "urn:oasis:names:tc:SAML:2.0:assertion:SubjectConfirmation"
def fault_to_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(FaultTo, xml_string)
def retry_after_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(RetryAfter, xml_string)
def problem_action_type__soap_action_from_string(xml_string): return saml2_tophat.create_class_from_xml_string( ProblemActionType_SoapAction, xml_string)
def action_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(Action, xml_string)
def security_token_reference_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(SecurityTokenReference, xml_string)
def faultcode_enum__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(FaultcodeEnum_, xml_string)
def publication_info_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(PublicationInfo, xml_string)
def publication_path_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(PublicationPath, xml_string)
def attributed_uri_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(AttributedURIType_, xml_string)
def registration_info_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(RegistrationInfo, xml_string)
def relationship_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(RelationshipType_, xml_string)
def endpoint_reference_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(EndpointReference, xml_string)
def problem_action_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(ProblemAction, xml_string)
def reference_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(Reference, xml_string)
def registration_policy_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(RegistrationPolicy, xml_string)
def key_identifier_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(KeyIdentifier, xml_string)
def usage_policy_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(UsagePolicy, xml_string)
def transformation_parameters_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(TransformationParameters, xml_string)
def reply_to_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(ReplyTo, xml_string)
def encoded_string__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(EncodedString_, xml_string)
def attributed_uri_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(AttributedURIType_, xml_string)
def relates_to_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(RelatesTo, xml_string)
def request_initiator_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(RequestInitiator, xml_string)
def metadata_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(MetadataType_, xml_string)
def t_usage__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(TUsage_, xml_string)
def problem_header_q_name_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(ProblemHeaderQName, xml_string)
def username_token_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(UsernameToken, xml_string)
def publication_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(PublicationType_, xml_string)
def from_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(From, xml_string)
def relationship_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(RelationshipType_, xml_string)
def test_complete_flow(): client = ecp_client.Client("user", "password", metadata_file=full_path("idp_all.xml")) sp = Saml2Client(config_file=dotname("servera_conf")) with closing(Server(config_file=dotname("idp_all_conf"))) as idp: IDP_ENTITY_ID = idp.config.entityid #SP_ENTITY_ID = sp.config.entityid # ------------ @Client ----------------------------- headers = client.add_paos_headers([]) assert len(headers) == 2 # ------------ @SP ----------------------------- response = DummyResponse(set_list2dict(headers)) assert sp.can_handle_ecp_response(response) sid, message = sp.create_ecp_authn_request(IDP_ENTITY_ID, relay_state="XYZ") # ------------ @Client ----------------------------- respdict = client.parse_soap_message(message) cargs = client.parse_sp_ecp_response(respdict) assert isinstance(respdict["body"], AuthnRequest) assert len(respdict["header"]) == 2 item0 = respdict["header"][0] assert isinstance(item0, Request) or isinstance(item0, RelayState) destination = respdict["body"].destination ht_args = client.apply_binding(BINDING_SOAP, respdict["body"], destination) # Time to send to the IDP # ----------- @IDP ------------------------------- req = idp.parse_authn_request(ht_args["data"], BINDING_SOAP) assert isinstance(req.message, AuthnRequest) # create Response and return in the SOAP response sp_entity_id = req.sender() name_id = idp.ident.transient_nameid("id12", sp.config.entityid) binding, destination = idp.pick_binding("assertion_consumer_service", [BINDING_PAOS], entity_id=sp_entity_id) resp = idp.create_ecp_authn_request_response(destination, { "eduPersonEntitlement": "Short stop", "surName": "Jeter", "givenName": "Derek", "mail": "*****@*****.**", "title": "The man" }, req.message.id, destination, sp_entity_id, name_id=name_id, authn=AUTHN) # ------------ @Client ----------------------------- # The client got the response from the IDP repackage and send it to the SP respdict = client.parse_soap_message(resp) idp_response = respdict["body"] assert isinstance(idp_response, Response) assert len(respdict["header"]) == 1 _ecp_response = None for item in respdict["header"]: if item.c_tag == "Response" and item.c_namespace == ecp_prof.NAMESPACE: _ecp_response = item #_acs_url = _ecp_response.assertion_consumer_service_url # done phase2 at the client ht_args = client.use_soap(idp_response, cargs["rc_url"], [cargs["relay_state"]]) print(ht_args) # ------------ @SP ----------------------------- respdict = sp.unpack_soap_message(ht_args["data"]) # verify the relay_state for header in respdict["header"]: inst = create_class_from_xml_string(RelayState, header) if isinstance(inst, RelayState): assert inst.text == "XYZ" # parse the response # Explicitly allow unsigned responses for this test sp.want_response_signed = False resp = sp.parse_authn_request_response(respdict["body"], None, {sid: "/"}) print(resp.response) assert resp.response.destination == "http://lingon.catalogix.se:8087/paos" assert resp.response.status.status_code.value == STATUS_SUCCESS
def fault_codes_open_enum_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(FaultCodesOpenEnumType_, xml_string)
def originator_key_info_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(OriginatorKeyInfo, xml_string)
def username_token_type__username_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(UsernameTokenType_Username, xml_string)
def recipient_key_info_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(RecipientKeyInfo, xml_string)
def security_header_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(SecurityHeaderType_, xml_string)
def agreement_method_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(AgreementMethodType_, xml_string)
def binary_security_token_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(BinarySecurityToken, xml_string)
def encryption_property_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(EncryptionPropertyType_, xml_string)
def embedded_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(Embedded, xml_string)
def key_size_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(KeySize, xml_string)
def attributed_string__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(AttributedString_, xml_string)
def oae_pparams_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(OAEPparams, xml_string)
def security_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(Security, xml_string)
def transforms_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(Transforms, xml_string)
def nonce_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(Nonce, xml_string)
def cipher_reference_type__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(CipherReferenceType_, xml_string)
def password_string__from_string(xml_string): return saml2_tophat.create_class_from_xml_string(PasswordString_, xml_string)
def encryption_method_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(EncryptionMethod, xml_string)
def test_complete_flow(): client = ecp_client.Client("user", "password", metadata_file=full_path("idp_all.xml")) sp = Saml2Client(config_file=dotname("servera_conf")) with closing(Server(config_file=dotname("idp_all_conf"))) as idp: IDP_ENTITY_ID = idp.config.entityid #SP_ENTITY_ID = sp.config.entityid # ------------ @Client ----------------------------- headers = client.add_paos_headers([]) assert len(headers) == 2 # ------------ @SP ----------------------------- response = DummyResponse(set_list2dict(headers)) assert sp.can_handle_ecp_response(response) sid, message = sp.create_ecp_authn_request(IDP_ENTITY_ID, relay_state="XYZ") # ------------ @Client ----------------------------- respdict = client.parse_soap_message(message) cargs = client.parse_sp_ecp_response(respdict) assert isinstance(respdict["body"], AuthnRequest) assert len(respdict["header"]) == 2 item0 = respdict["header"][0] assert isinstance(item0, Request) or isinstance(item0, RelayState) destination = respdict["body"].destination ht_args = client.apply_binding(BINDING_SOAP, respdict["body"], destination) # Time to send to the IDP # ----------- @IDP ------------------------------- req = idp.parse_authn_request(ht_args["data"], BINDING_SOAP) assert isinstance(req.message, AuthnRequest) # create Response and return in the SOAP response sp_entity_id = req.sender() name_id = idp.ident.transient_nameid( "id12", sp.config.entityid) binding, destination = idp.pick_binding("assertion_consumer_service", [BINDING_PAOS], entity_id=sp_entity_id) resp = idp.create_ecp_authn_request_response( destination, {"eduPersonEntitlement": "Short stop", "surName": "Jeter", "givenName": "Derek", "mail": "*****@*****.**", "title": "The man" }, req.message.id, destination, sp_entity_id, name_id=name_id, authn=AUTHN) # ------------ @Client ----------------------------- # The client got the response from the IDP repackage and send it to the SP respdict = client.parse_soap_message(resp) idp_response = respdict["body"] assert isinstance(idp_response, Response) assert len(respdict["header"]) == 1 _ecp_response = None for item in respdict["header"]: if item.c_tag == "Response" and item.c_namespace == ecp_prof.NAMESPACE: _ecp_response = item #_acs_url = _ecp_response.assertion_consumer_service_url # done phase2 at the client ht_args = client.use_soap(idp_response, cargs["rc_url"], [cargs["relay_state"]]) print(ht_args) # ------------ @SP ----------------------------- respdict = sp.unpack_soap_message(ht_args["data"]) # verify the relay_state for header in respdict["header"]: inst = create_class_from_xml_string(RelayState, header) if isinstance(inst, RelayState): assert inst.text == "XYZ" # parse the response # Explicitly allow unsigned responses for this test sp.want_response_signed = False resp = sp.parse_authn_request_response(respdict["body"], None, {sid: "/"}) print(resp.response) assert resp.response.destination == "http://lingon.catalogix.se:8087/paos" assert resp.response.status.status_code.value == STATUS_SUCCESS
def to_from_string(xml_string): return saml2_tophat.create_class_from_xml_string(To, xml_string)