def test_keydescriptor_no_signing(self, mocked):
FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/')
validator = SpidMetadataValidator()
metadata = create_sp_metadata(
entity_id='http://test.sp',
authn_request_signed='true',
assertion_consumer_services=[Acs(location='http://test.sp/acs')],
attribute_consuming_services=[
Atcs(
service_name='test_1',
attributes=['spidCode']
)
],
single_logout_services=[
Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo')
],
keys=[Key('encryption', 'somevalue123')]
).to_xml()
with pytest.raises(SPIDValidationError) as excinfo:
validator.validate(metadata)
exc = excinfo.value
self.assertEqual(
'EntityDescriptor/SPSSODescriptor/KeyDescriptor',
exc.details[0].path
)
self.assertEqual('Deve essere presente almeno una chiave con attributo use uguale a "signing"',
exc.details[0].message)
def test_bad_attributes(self, mocked):
FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/')
validator = SpidMetadataValidator()
metadata = create_sp_metadata(
entity_id='http://test.sp',
authn_request_signed='true',
assertion_consumer_services=[Acs(location='http://test.sp/acs')],
attribute_consuming_services=[
Atcs(
service_name='test_1',
attributes=['badAttr']
)
],
single_logout_services=[
Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo')
],
keys=[Key('signing', 'somevalue123')],
check_attributes=False
).to_xml()
with pytest.raises(SPIDValidationError) as excinfo:
validator.validate(metadata)
exc = excinfo.value
self.assertEqual(
'EntityDescriptor/SPSSODescriptor/AttributeConsumingService/0/RequestedAttribute/0 - attribute: Name',
exc.details[0].path
)
self.assertEqual('Il valore dell\'elemento non corrisponde a nessuno dei valori attesi ({}):'.format(
', '.join(settings.SPID_ATTRIBUTES_NAMES)), exc.details[0].message)
def metadata(self):
cert_file = self._config.idp_certificate_file_path
with open(cert_file, 'r') as fp:
cert = fp.readlines()[1:-1]
cert = ''.join(cert)
sso_list = []
slo_list = []
sso_list.append(
Sso(binding=BINDING_HTTP_POST,
location=self._config.absolute_sso_url))
sso_list.append(
Sso(binding=BINDING_HTTP_REDIRECT,
location=self._config.absolute_sso_url))
slo_list.append(
Slo(binding=BINDING_HTTP_POST,
location=self._config.absolute_slo_url))
slo_list.append(
Slo(binding=BINDING_HTTP_REDIRECT,
location=self._config.absolute_slo_url))
metadata = create_idp_metadata(
entity_id=self._config.entity_id,
want_authn_requests_signed='true',
keys=[Key(use='signing', value=cert)],
single_sign_on_services=sso_list,
single_logout_services=slo_list).to_xml()
return Response(metadata, mimetype='text/xml')
def test_valid_metadata(self, mocked):
FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/')
validator = SpidMetadataValidator()
metadata = create_sp_metadata(
entity_id='http://test.sp',
authn_request_signed='true',
assertion_consumer_services=[Acs(location='http://test.sp/acs')],
attribute_consuming_services=[
Atcs(service_name='test_1', attributes=['spidCode'])
],
single_logout_services=[
Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo')
],
keys=[Key('signing', 'somevalue123')]).to_xml()
validator.validate(metadata)
def metadata(self):
cert_file = self.server.config.cert_file
with open(cert_file, 'r') as fp:
cert = fp.readlines()[1:-1]
cert = ''.join(cert)
endpoints = getattr(self.server.config, '_idp_endpoints')
sso = endpoints.get('single_sign_on_service')
slo = endpoints.get('single_logout_service')
sso = [Sso(*_sso) for _sso in sso]
slo = [Slo(*_slo) for _slo in slo]
metadata = create_idp_metadata(
entity_id=self.server.config.entityid,
want_authn_requests_signed='true',
keys=[Key(use='signing', value=cert)],
single_sign_on_services=sso,
single_logout_services=slo
).to_xml()
return Response(metadata, mimetype='text/xml')
def test_missing_slo(self, mocked):
FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/')
validator = SpidMetadataValidator()
metadata = create_sp_metadata(
entity_id='http://test.sp',
authn_request_signed='true',
assertion_consumer_services=[Acs(location='http://test.sp/acs')],
attribute_consuming_services=[
Atcs(service_name='test_1', attributes=['spidCode'])
],
single_logout_services=[],
keys=[Key('signing', 'somevalue123')]).to_xml()
with pytest.raises(SPIDValidationError) as excinfo:
validator.validate(metadata)
exc = excinfo.value
self.assertEqual(
'EntityDescriptor/SPSSODescriptor/SingleLogoutService',
exc.details[0].path)
self.assertEqual('required key not provided', exc.details[0].message)
def test_idp_metadata(self):
ssos = [Sso(binding=BINDING_HTTP_POST, location='http://sso.sso')]
slos = [Slo(binding=BINDING_HTTP_REDIRECT, location='http://slo.slo')]
metadata = create_idp_metadata(
entity_id='test_id123',
want_authn_requests_signed='true',
keys=[Key(use='signing', value='CERTCERTCERT')],
single_sign_on_services=ssos,
single_logout_services=slos)
x509_cert = metadata._element.findall('.//{%s}X509Certificate' % DS)
self.assertEqual(len(x509_cert), 1)
self.assertEqual(x509_cert[0].text, 'CERTCERTCERT')
ssos = metadata._element.findall('.//{%s}SingleSignOnService' % MD)
self.assertEqual(ssos[0].attrib['Binding'], BINDING_HTTP_POST)
self.assertEqual(ssos[0].attrib['Location'], 'http://sso.sso')
self.assertEqual(len(ssos), 1)
slos = metadata._element.findall('.//{%s}SingleLogoutService' % MD)
self.assertEqual(len(slos), 1)
self.assertEqual(slos[0].attrib['Binding'], BINDING_HTTP_REDIRECT)
self.assertEqual(slos[0].attrib['Location'], 'http://slo.slo')
