def test_loading_private_key():
pk_from_file = private_key_from_file(PRIVATE_KEY_FILE)
pk_from_string = private_key_from_string(X509_PRIVATE_KEY_DATA)
signer_from_file = RsaSha1Signer(pk_from_file)
signer_from_string = RsaSha1Signer(pk_from_string)
# It does not seem possible to compare PKey instances for equality, but the
# same key should sign the same data to the same value, and different keys
# will sign the same data to different values
data = b'Hello, world!'
assert signer_from_file(data) == signer_from_string(data)
def setup_class(cls):
request_id = '_ABC123_some_assertion_id'
request_xml = etree.fromstring(
'<samlp:AuthnRequest '
'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" '
'AssertionConsumerServiceURL="https://login.salesforce.com" '
'Destination="http://127.0.0.1:8000/+saml" '
'ID="' + request_id + '" '
'IssueInstant="2011-10-05T18:49:49.068Z" '
'ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" '
'Version="2.0">'
'<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">'
'https://saml.salesforce.com'
'</saml:Issuer>'
'</samlp:AuthnRequest>')
digester = Sha1Digester()
signer = RsaSha1Signer(SALESFORCE_PRIVATE_KEY)
request_xml.insert(
1,
get_signature_xml(SALESFORCE_CERTIFICATE, digester, signer,
base.c14n(request_xml).decode('utf-8'),
request_id))
cls.REQUEST_DATA = {
'SAMLRequest':
base64.b64encode(base.c14n(request_xml)).decode('utf-8'),
'RelayState': RELAY_STATE,
}
def test1(self):
digester = Sha1Digester()
signer = RsaSha1Signer(PRIVATE_KEY)
signature = SignatureTemplate.sign("this is a test", CERTIFICATE,
digester, signer, 'abcd' * 10)
signature_xml = signature.xml
expected_xml = SIGNATURE_TEMPLATE_STR
self._test(signature_xml, expected_xml)
def test1(self):
digester = Sha1Digester()
signer = RsaSha1Signer(PRIVATE_KEY)
signature_xml = signing.get_signature_xml(CERTIFICATE, digester,
signer, "this is a test",
'abcd' * 10)
expected_xml = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#abcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>+ia+Gd5r/5P3C8IwhDTkpEC7rQI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>t1IywxEzobY8ZyHL+iuB+E3zzVAWByUjRqFTdyNerGbGSRwo0oYWx6hcYX+ST1DTDaQ50gV2PJeibbykFsA3vQ==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICKzCCAdWgAwIBAgIJAM8DxRNtPj90MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTEwODEyMjA1MTIzWhcNMTIwODExMjA1MTIzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANcNmgm4YlSUAr2xdWei5aRU/DbWtsQ47gjkv28Ekje3ob+6q0M+D5phwYDcv9ygYmuJ5wOi1cPprsWdFWmvSusCAwEAAaOBpzCBpDAdBgNVHQ4EFgQUzyBR9+vE8bygqvD6CZ/w6aQPikMwdQYDVR0jBG4wbIAUzyBR9+vE8bygqvD6CZ/w6aQPikOhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDPA8UTbT4/dDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA0EAIQuPLA/mlMJAMF680kL7reX5WgyRwAtRzJK6FgNjE7kRaLZQ79UKYVYa0VAyrRdoNEyVhG4tJFEiQJzaLWsl/A==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>'
self._test(signature_xml, expected_xml)
def test_signing_data_with_private_key():
private_key = private_key_from_string(X509_PRIVATE_KEY_DATA)
signer = RsaSha1Signer(private_key)
data = b'Some interesting data.'
# Precalculated and verified to be correct. Check using openssl:
#
# echo -n "Some interesting data." \
# | openssl dgst -sha1 -sign tests/keys/sample/sample-private-key.pem \
# | base64 --wrap=0
expected = 'JYT2mxcW81Iht1HPoTbrQhX/kcOmssFwnuC+6WSbbRTalq1ZqRvrNmOiiny+FOsmrQi0VzVYT/jlJnho2dz4Xw=='
assert signer(data) == expected
def test_signed_response_with_signed_assertion(self):
# This test verifies that the response got signed properly.
params = {
**IDP_PARAMS,
**RESPONSE_PARAMS,
}
digester = Sha1Digester()
signer = RsaSha1Signer(PRIVATE_KEY)
got = ResponseTemplate(params, SIGNED_ASSERTION_SALESFORCE)
got.sign(certificate=CERTIFICATE, signer=signer, digester=digester)
self._test(got.xml,
SIGNED_RESPONSE_WITH_SIGNED_ASSERTION_SALESFORCE_XML)
def test_signed_assertion(self):
# This test verifies that the assertion got signed properly.
params = {
**IDP_PARAMS,
**RESPONSE_PARAMS,
**ASSERTION_SALESFORCE_PARAMS,
}
digester = Sha1Digester()
signer = RsaSha1Signer(PRIVATE_KEY)
got = AssertionTemplate(params)
got.sign(certificate=CERTIFICATE, signer=signer, digester=digester)
self._test(got.xml, SIGNED_ASSERTION_SALESFORCE.get_xml_string())
def get_sp_signer(self) -> Optional[Signer]:
"""Get the signing algorithm used by this SP."""
private_key = self.get_sp_private_key()
if private_key is not None:
return RsaSha1Signer(private_key)