def setup_class(cls):
request_id = '_ABC123_some_assertion_id'
request_xml = etree.fromstring(
'<samlp:AuthnRequest '
'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" '
'AssertionConsumerServiceURL="https://login.salesforce.com" '
'Destination="http://127.0.0.1:8000/+saml" '
'ID="' + request_id + '" '
'IssueInstant="2011-10-05T18:49:49.068Z" '
'ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" '
'Version="2.0">'
'<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">'
'https://saml.salesforce.com'
'</saml:Issuer>'
'</samlp:AuthnRequest>')
digester = Sha1Digester()
signer = RsaSha1Signer(SALESFORCE_PRIVATE_KEY)
request_xml.insert(
1,
get_signature_xml(SALESFORCE_CERTIFICATE, digester, signer,
base.c14n(request_xml).decode('utf-8'),
request_id))
cls.REQUEST_DATA = {
'SAMLRequest':
base64.b64encode(base.c14n(request_xml)).decode('utf-8'),
'RelayState': RELAY_STATE,
}
def test1(self):
digester = Sha1Digester()
signer = RsaSha1Signer(PRIVATE_KEY)
signature = SignatureTemplate.sign("this is a test", CERTIFICATE,
digester, signer, 'abcd' * 10)
signature_xml = signature.xml
expected_xml = SIGNATURE_TEMPLATE_STR
self._test(signature_xml, expected_xml)
def test1(self):
digester = Sha1Digester()
signer = RsaSha1Signer(PRIVATE_KEY)
signature_xml = signing.get_signature_xml(CERTIFICATE, digester,
signer, "this is a test",
'abcd' * 10)
expected_xml = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#abcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>+ia+Gd5r/5P3C8IwhDTkpEC7rQI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>t1IywxEzobY8ZyHL+iuB+E3zzVAWByUjRqFTdyNerGbGSRwo0oYWx6hcYX+ST1DTDaQ50gV2PJeibbykFsA3vQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICKzCCAdWgAwIBAgIJAM8DxRNtPj90MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTEwODEyMjA1MTIzWhcNMTIwODExMjA1MTIzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANcNmgm4YlSUAr2xdWei5aRU/DbWtsQ47gjkv28Ekje3ob+6q0M+D5phwYDcv9ygYmuJ5wOi1cPprsWdFWmvSusCAwEAAaOBpzCBpDAdBgNVHQ4EFgQUzyBR9+vE8bygqvD6CZ/w6aQPikMwdQYDVR0jBG4wbIAUzyBR9+vE8bygqvD6CZ/w6aQPikOhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDPA8UTbT4/dDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA0EAIQuPLA/mlMJAMF680kL7reX5WgyRwAtRzJK6FgNjE7kRaLZQ79UKYVYa0VAyrRdoNEyVhG4tJFEiQJzaLWsl/A==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>'
self._test(signature_xml, expected_xml)
def test_signed_response_with_signed_assertion(self):
# This test verifies that the response got signed properly.
params = {
**IDP_PARAMS,
**RESPONSE_PARAMS,
}
digester = Sha1Digester()
signer = RsaSha1Signer(PRIVATE_KEY)
got = ResponseTemplate(params, SIGNED_ASSERTION_SALESFORCE)
got.sign(certificate=CERTIFICATE, signer=signer, digester=digester)
self._test(got.xml,
SIGNED_RESPONSE_WITH_SIGNED_ASSERTION_SALESFORCE_XML)
def test_signed_assertion(self):
# This test verifies that the assertion got signed properly.
params = {
**IDP_PARAMS,
**RESPONSE_PARAMS,
**ASSERTION_SALESFORCE_PARAMS,
}
digester = Sha1Digester()
signer = RsaSha1Signer(PRIVATE_KEY)
got = AssertionTemplate(params)
got.sign(certificate=CERTIFICATE, signer=signer, digester=digester)
self._test(got.xml, SIGNED_ASSERTION_SALESFORCE.get_xml_string())
def get_sp_digester(self) -> Digester:
"""Get the digest algorithm used by this SP."""
return Sha1Digester()
def get_idp_digester(self) -> Digester:
"""Get the method used to compute digests for the IdP."""
return Sha1Digester()