def test_valid_signature(self):
saml_request = self.saml_request.format(
break_digest='',
signature_value=self.signature_value,
signed_info=self.signed_info.format(sig_alg=self.sig_alg,
break_signature=''),
certificate=self.cert,
)
relay_state = 'relay_state'
request = HTTPPostRequest(saml_request=saml_request,
relay_state=relay_state)
verifier = HTTPPostSignatureVerifier(self.cert, request)
self.assertIsNone(verifier.verify())
def test_signature_mismatch(self):
saml_request = self.saml_request.format(
break_digest='',
signature_value=self.signature_value,
signed_info=self.signed_info.format(sig_alg=self.sig_alg,
break_signature='broken'),
certificate=self.cert,
)
relay_state = 'relay_state'
request = HTTPPostRequest(saml_request=saml_request,
relay_state=relay_state)
verifier = HTTPPostSignatureVerifier(self.cert, request)
with pytest.raises(SignatureVerificationError) as excinfo:
verifier.verify()
exc = excinfo.value
self.assertEqual('Verifica della firma fallita.', exc.args[0])
def test_certificate_mismatch(self):
saml_request = self.saml_request.format(
break_digest='',
signature_value=self.signature_value,
signed_info=self.signed_info.format(sig_alg=self.sig_alg,
break_signature=''),
certificate='fake cert',
)
relay_state = 'relay_state'
request = HTTPPostRequest(saml_request=saml_request,
relay_state=relay_state)
verifier = HTTPPostSignatureVerifier(self.cert, request)
with pytest.raises(SignatureVerificationError) as excinfo:
verifier.verify()
exc = excinfo.value
self.assertEqual(
'Il certificato X509 contenuto nella request è differente '
'rispetto a quello contenuto nei metadata del Service Provider.',
exc.args[0])
def test_unknown_algorithm(self):
sig_alg = 'unknown_sig_alg'
saml_request = self.saml_request.format(
break_digest='',
signature_value=self.signature_value,
signed_info=self.signed_info.format(sig_alg=sig_alg,
break_signature=''),
certificate=self.cert,
)
relay_state = 'relay_state'
request = HTTPPostRequest(saml_request=saml_request,
relay_state=relay_state)
verifier = HTTPPostSignatureVerifier(self.cert, request)
with pytest.raises(SignatureVerificationError) as excinfo:
verifier.verify()
exc = excinfo.value
self.assertEqual(
"L'algoritmo 'unknown_sig_alg' è sconosciuto o non supportato. Si prega di "
"utilizzare uno dei seguenti: {}".format(self.supported_sig_alg),
exc.args[0])
def test_deprecated_algorithm(self):
sig_alg = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
saml_request = self.saml_request.format(
break_digest='',
signature_value=self.signature_value,
signed_info=self.signed_info.format(sig_alg=sig_alg,
break_signature=''),
certificate=self.cert,
)
relay_state = 'relay_state'
request = HTTPPostRequest(saml_request=saml_request,
relay_state=relay_state)
verifier = HTTPPostSignatureVerifier(self.cert, request)
with pytest.raises(SignatureVerificationError) as excinfo:
verifier.verify()
exc = excinfo.value
self.assertEqual(
"L'algoritmo 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' è considerato deprecato. "
"Si prega di utilizzare uno dei seguenti: {}".format(
self.supported_sig_alg), exc.args[0])
