Пример #1
0
 def dump_db(self, db_outdir, readonly):
     if readonly:
         db_name = 'userprefs'
     else:
         db_name = 'adminconfig'
     test_db = os.path.join(db_outdir, '%s.sqlite' % db_name)
     p = subprocess.Popen(['/usr/bin/sqlite3', test_db, '.dump'],
                          stdout=subprocess.PIPE,
                          stderr=self.stderr)
     output, _ = p.communicate()
     if p.returncode:
         TC.fail('Sqlite dump failed')
     return output
Пример #2
0
def run_test(testname, test, args):
    supported = test.platform_supported()
    if supported is not None:
        return (TEST_RESULT_SKIP, supported)
    if args['verbose'] <= VERBOSE_SHOWOUTPUT:
        devnull = open(os.devnull, 'w')
        test.stdout = devnull
        test.stderr = devnull

    if args['verbose'] >= VERBOSE_SHOWCASES:
        test.print_cases = True

    test.setup_base(args['path'], test)

    env = try_wrappers(test.testdir, args['wrappers'], test.allow_wrappers)
    env['PYTHONPATH'] = test.rootdir
    env['TESTDIR'] = test.testdir

    results = []
    post_setup = False
    TC.store_results(results)
    try:
        test.setup_servers(env)
        post_setup = True

        code, results = test.run(env)
        if code:
            return (TEST_RESULT_FAIL, code, results)
    except Exception as e:  # pylint: disable=broad-except
        if post_setup:
            return (TEST_RESULT_EXCEPTION, e, results)
        else:
            return (TEST_RESULT_SETUP_FAILED, test.current_setup_step)
    finally:
        test.wait()

    return (TEST_RESULT_SUCCESS, results)
Пример #3
0
        self.setup_step("Starting first SP's httpd server")
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    sp1name = 'sp1'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(sp1name, 'https://127.0.0.11:45081')

    with TC.case('Verify logged out state'):
        page = sess.fetch_page(idpname, 'https://127.0.0.10:45080/idp1/')
        page.expected_value('//div[@id="content"]/p/a/text()', 'Log In')

    with TC.case('Authenticating to IdP'):
        sess.auth_to_idp(idpname)

    with TC.case('Add SP Metadata to IdP'):
        sess.add_sp_metadata(idpname, sp1name)

    with TC.case('Access first SP Protected Area'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
        page.expected_value('text()', 'WORKS!')

    with TC.case('Verify logged in state'):
        page = sess.fetch_page(idpname, 'https://127.0.0.10:45080/idp1/')
Пример #4
0
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    sp1name = 'sp1'
    sp2name = 'sp2-test.example.com'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(sp1name, 'https://127.0.0.11:45081')
    sess.add_server(sp2name, 'https://127.0.0.11:45082')

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname)

    with TC.case('Add first SP Metadata to IdP'):
        sess.add_sp_metadata(idpname, sp1name)

    with TC.case('Access first SP Protected Area'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
        page.expected_value('text()', 'WORKS!')

    with TC.case('Access second SP Protected Area'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45082/sp/')
        page.expected_value('text()', 'WORKS!')

    with TC.case('Update Second SP'):
        # This is a test to see whether we can update SAML SPs where the name
Пример #5
0
if __name__ == '__main__':

    idpname = 'idp1'
    spname = 'sp1'
    sp2name = 'sp2-test.example.com'
    sp3name = 'sp3_invalid'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(spname, 'https://127.0.0.11:45081')
    sess.add_server(sp2name, 'https://127.0.0.10:45082')
    sess.add_server(sp3name, 'https://127.0.0.10:45083')

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname)

    with TC.case('List initial Service Providers via REST'):
        result = sess.get_rest_sp(idpname)
        if len(result['result']) != 0:
            raise ValueError(
                'Expected no SP and got %d' % len(result['result'])
            )

    with TC.case('Add SP Metadata to IdP via admin'):
        sess.add_sp_metadata(idpname, spname)

    with TC.case('List Service Providers via REST'):
        result = sess.get_rest_sp(idpname)
        if len(result['result']) != 1:
Пример #6
0
        self.start_http_server(conf, env)

        self.setup_step("Installing SP server")
        name = 'sp1'
        addr = '127.0.0.11'
        port = '45081'
        sp = self.generate_profile(sp_g, sp_a, name, addr, port)
        conf = self.setup_sp_server(sp, name, addr, port, env)
        fixup_sp_httpd(os.path.dirname(conf))

        self.setup_step("Starting SP's httpd server")
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    spname = 'sp1'
    user = '******'

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'tuser')
    sess.add_server(spname, 'https://127.0.0.11:45081')

    with TC.case('Authenticate to Idp with no LDAP backend'):
        sess.auth_to_idp(
            idpname,
            rule='//div[@class="alert alert-danger"]/p/text()',
            expected="Internal system error"
        )
Пример #7
0
        name = 'sp1'
        addr = '127.0.0.11'
        port = '45081'
        sp = self.generate_profile(sp_g, sp_a, name, addr, port)
        conf = self.setup_sp_server(sp, name, addr, port, env)
        fixup_sp_httpd(os.path.dirname(conf))

        self.setup_step("Starting SP's httpd server")
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    spname = 'sp1'
    user = pwd.getpwuid(os.getuid())[0]

    with TC.case('Add SP Metadata to IdP'):
        sess = HttpSessions()
        sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
        sess.add_server(spname, 'https://127.0.0.11:45081')
        sess.auth_to_idp(idpname)
        sess.add_sp_metadata(idpname, spname)

    with TC.case('Access SP Protected Area'):
        sess = HttpSessions()
        sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
        sess.add_server(spname, 'https://127.0.0.11:45081')
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
        page.expected_value('text()', 'WORKS!')
Пример #8
0
        addr = '127.0.0.11'
        port = '45081'
        sp = self.generate_profile(sp_g, sp_a, name, addr, port)
        conf = self.setup_sp_server(sp, name, addr, port, env)
        fixup_sp_httpd(os.path.dirname(conf))

        self.setup_step("Starting SP's httpd server")
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    spname = 'sp1'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(spname, 'https://127.0.0.11:45081')

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname)

    with TC.case('Add SP Metadata to IdP'):
        sess.add_sp_metadata(idpname, spname)

    with TC.case('Access SP Protected Area Variables'):
        page = sess.fetch_page(idpname,
                               'https://127.0.0.11:45081/sp/index.shtml')
        page.expected_value('text()', 'Test User %s' % user)
Пример #9
0
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    sp1name = 'sp1'
    sp2name = 'sp2-test.example.com'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(sp1name, 'https://127.0.0.11:45081')
    sess.add_server(sp2name, 'https://127.0.0.11:45082')

    with TC.case('Authenticate to IDP'):
        sess.auth_to_idp(idpname)

    with TC.case('Add first SP metadata to IDP'):
        sess.add_sp_metadata(idpname, sp1name)

    with TC.case('Make sure we send no RelayState if none was requested'):
        page = sess.fetch_page(idpname,
                               'https://127.0.0.11:45081/sp/',
                               follow_redirect=1)
        # Cut off the RelayState
        target = page.result.headers['Location']
        target = target[:target.find('&RelayState=')]
        page = sess.fetch_page(idpname, target, post_forms=False)
        data = sess.get_form_data(page, 'saml-response', ['name', 'value'])
        if data[0] != 'https://127.0.0.11:45081/saml2/postResponse':
Пример #10
0
if __name__ == '__main__':

    idpname = 'idp1'
    sp1name = 'sp1'
    sp2name = 'sp2'
    sp3name = 'sp3'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(sp1name, 'https://127.0.0.11:45081')
    sess.add_server(sp2name, 'https://127.0.0.12:45082')
    sess.add_server(sp3name, 'https://127.0.0.13:45083')

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname)

    with TC.case('Registering test client'):
        client_info = {
            'redirect_uris': ['https://invalid/'],
            'response_types': ['code'],
            'grant_types': ['authorization_code'],
            'application_type': 'web',
            'client_name': 'Test suite client',
            'client_uri': 'https://invalid/',
            'token_endpoint_auth_method': 'client_secret_post'
        }
        r = requests.post('https://127.0.0.10:45080/idp1/openidc/Registration',
                          json=client_info)
        r.raise_for_status()
Пример #11
0

if __name__ == '__main__':

    idpname = 'idp1'
    user = pwd.getpwuid(os.getuid())[0]
    sp = sp_list[0]
    spurl = 'https://%s:%s' % (sp['addr'], sp['port'])

    # Set global mapping and allowed attributes, then test fetch from
    # SP.
    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(sp['name'], spurl)

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname)

    with TC.case('Add SP Metadata to IdP'):
        sess.add_sp_metadata(idpname, sp['name'])

    with TC.case('Test default mapping and attrs'):
        expect = {
            'NAME_ID': user,
            'fullname': 'Test User %s' % user,
            'surname': user,
            'givenname': u'Test User 一',
            'email': '*****@*****.**' % user,
            'groups': user,
        }
        check_info_plugin(sess, idpname, spurl, expect)
Пример #12
0
        self.setup_step("Starting SP's httpd server")
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    spname = 'sp1'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(spname, 'https://127.0.0.11:45081')

    with TC.case('Authenticate to IdP'):
        # Stress-test database connections
        for i in xrange(50):
            sess.auth_to_idp(idpname)
            sess.logout_from_idp(idpname)
        sess.auth_to_idp(idpname)

    with TC.case('Add SP Metadata to IdP'):
        sess.add_sp_metadata(idpname, spname)

    with TC.case('Access SP Protected Area'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
        page.expected_value('text()', 'WORKS!')

    with TC.case('Logout from SP'):
        page = sess.fetch_page(
Пример #13
0
    }

    for kkey in kenv:
        os.environ[kkey] = kenv[kkey]

    sp_list = generate_sp_list()
    for sp in sp_list:
        krb = False
        spname = sp['nameid']
        spurl = 'https://%s:%s' % (sp['addr'], sp['port'])
        sess = HttpSessions()
        sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user,
                        'ipsilon')
        sess.add_server(spname, spurl)

        TC.info('Testing NameID format %s' % spname)

        if spname == 'kerberos':
            krb = True

        with TC.case('Authenticate to IdP'):
            sess.auth_to_idp(idpname, krb=krb)

        with TC.case('Add SP Metadata to IdP'):
            sess.add_sp_metadata(idpname, spname)

        with TC.case('Set supported Name ID formats'):
            sess.set_sp_default_nameids(idpname, spname, [spname])

        with TC.case('Access SP Protected Area',
                     should_fail=bool(expected[spname])):
Пример #14
0
    def test_upgrade_from(self, env, old_version, with_readonly):
        # Setup IDP Server
        TC.info("Installing IDP server to test upgrade from %i" % old_version)
        name = 'idp_v%i' % old_version
        if with_readonly:
            name = name + '_readonly'
        addr = '127.0.0.%i' % (10 + old_version)
        port = str(45080 + old_version)
        idp = self.generate_profile(idp_g, idp_a, name, addr, port)
        conf = self.setup_idp_server(idp, name, addr, port, env)

        # Move database of old_version into place
        cfgfile = os.path.join(self.testdir, 'etc', name, 'ipsilon.conf')
        db_indir = os.path.join(self.rootdir, 'tests', 'blobs', 'old_dbs',
                                'v%i' % old_version)
        db_outdir = os.path.join(self.testdir, 'lib', name)

        if with_readonly:
            self.use_readonly_adminconfig(name)

        if old_version > 0:
            for database in [
                    'adminconfig', 'openid', 'saml2.sessions.db',
                    'transactions', 'userprefs'
            ]:
                db_in = os.path.join(db_indir, '%s.sqlite.dump' % database)
                db_out = os.path.join(db_outdir, '%s.sqlite' % database)
                os.unlink(db_out)
                if database not in ['adminconfig', 'openid'
                                    ] or not with_readonly:
                    cmd = ['/usr/bin/sqlite3', db_out, '.read %s' % db_in]
                    subprocess.check_call(cmd,
                                          stdout=self.stdout,
                                          stderr=self.stderr)

            # Upgrade that database
            cmd = [
                os.path.join(self.rootdir,
                             'ipsilon/install/ipsilon-upgrade-database'),
                cfgfile
            ]
            subprocess.check_call(cmd,
                                  cwd=os.path.join(self.testdir, 'lib', name),
                                  env=env,
                                  stdout=self.stdout,
                                  stderr=self.stderr)

        # Check some version-specific changes, to see if the upgrade went OK
        if old_version == 0:
            # Check all features in a newly created database
            # Let's verify if at least one index was created
            output = self.dump_db(db_outdir, with_readonly)
            if 'CREATE INDEX' not in output:
                raise Exception('Database upgrade did not introduce index')
            if 'PRIMARY KEY' not in output:
                raise Exception('Database upgrade did not introduce primary ' +
                                'key')
        elif old_version == 1:
            # In 1 -> 2, we added indexes and primary keys
            # Let's verify if at least one index was created
            output = self.dump_db(db_outdir, with_readonly)
            if 'CREATE INDEX' not in output:
                raise Exception('Database upgrade did not introduce index')
            # SQLite did not support creating primary keys, so we can't test

        elif old_version == 2 and not with_readonly:
            # Version 3 added the authz_config table
            # Make sure it exists
            output = self.dump_db(db_outdir, with_readonly)
            if 'TABLE authz_config' not in output:
                raise Exception('Database upgrade did not introduce ' +
                                'authz_config table')

        # Start the httpd server
        http_server = self.start_http_server(conf, env)

        # Now attempt to use the upgraded database
        exe = self.execname
        if exe.endswith('c'):
            exe = exe[:-1]
        exe = [exe]
        exe.append(str(old_version))
        if with_readonly:
            exe.append('readonly')
        else:
            exe.append('no-readonly')
        exe.append(name)
        exe.append('%s:%s' % (addr, port))
        result = self.run_and_collect(exe, env=env)

        # Now kill the last http server
        os.killpg(http_server.pid, signal.SIGTERM)
        self.processes.remove(http_server)

        return result
Пример #15
0
        self.setup_step("Starting SP's httpd server")
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    sp1name = 'sp1'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(sp1name, 'https://127.0.0.11:45081')

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname)

    with TC.case('Run OpenID Protocol'):
        page = sess.fetch_page(idpname,
                               'https://127.0.0.11:45081/?extensions=NO',
                               require_consent=True)
        page.expected_value('text()', 'SUCCESS, WITHOUT EXTENSIONS')

    with TC.case('Run OpenID Protocol without consent'):
        page = sess.fetch_page(idpname,
                               'https://127.0.0.11:45081/?extensions=NO',
                               require_consent=False)
        page.expected_value('text()', 'SUCCESS, WITHOUT EXTENSIONS')

    with TC.case('Revoking SP consent'):
Пример #16
0
                         'ipsilon/install/ipsilon-upgrade-database'), cfgfile
        ]
        subprocess.check_call(cmd,
                              cwd=os.path.join(self.testdir, 'lib', idpname),
                              env=env,
                              stdout=self.stdout,
                              stderr=self.stderr)

        self.setup_step("Starting IDP's httpd server")
        self.start_http_server(idpconf, env)

        self.setup_step("Starting SP's httpd server")
        self.start_http_server(spconf, env)


if __name__ == '__main__':

    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(spname, 'https://127.0.0.11:45081')

    with TC.case('Access IdP homepage'):
        page = sess.fetch_page(idpname, 'https://127.0.0.10:45080/idp1/')
        page.expected_value('//title/text()', 'Ipsilon')

    with TC.case('Access SP protected area'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
        page.expected_value('text()', 'WORKS!')
Пример #17
0
    krb5conf = os.path.join(testdir, 'krb5.conf')
    kenv = {
        'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
        'KRB5_CONFIG': krb5conf,
        'KRB5CCNAME': 'FILE:' + os.path.join(testdir, 'ccaches/user')
    }

    for key in kenv:
        os.environ[key] = kenv[key]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user,
                    'ipsilon')
    sess.add_server(sp1name, 'https://127.0.0.11:45081')
    sess.add_server(sp2name, 'https://127.0.0.11:45082')

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname, krb=True)

    with TC.case('Add first SP Metadata to IdP'):
        sess.add_sp_metadata(idpname, sp1name)

    with TC.case('Access first SP Protected Area'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
        page.expected_value('text()', 'WORKS!')

    with TC.case('Access second SP Protected Area'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45082/sp/')
        page.expected_value('text()', 'WORKS!')
Пример #18
0
        self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    sp1name = 'sp1'
    sp2name = 'sp2'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    sess.add_server(sp1name, 'https://127.0.0.11:45081')
    sess.add_server(sp2name, 'https://127.0.0.12:45082')

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname)

    with TC.case('Add SP1 Metadata to IdP'):
        sess.add_sp_metadata(idpname, sp1name)

    with TC.case('Add SP2 Metadata to IdP'):
        sess.add_sp_metadata(idpname, sp2name)

    with TC.case('Access SP1 when authz stack set to allow'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
        page.expected_value('text()', 'WORKS!')

    with TC.case('Set IdP authz stack to deny'):
        sess.disable_plugin(idpname, 'authz', 'allow')
        sess.enable_plugin(idpname, 'authz', 'deny')
Пример #19
0
            self.start_http_server(conf, env)


if __name__ == '__main__':

    idpname = 'idp1'
    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
    for sp in splist:
        spname = sp['nameid']
        spurl = 'https://%s:%s' % (sp['addr'], sp['port'])
        sess.add_server(spname, spurl)

    with TC.case('Authenticate to IdP'):
        sess.auth_to_idp(idpname)

    for sp in splist:
        spname = sp['nameid']
        with TC.case('Add SP Metadata for %s to IdP' % spname):
            sess.add_sp_metadata(idpname, spname)

    with TC.case('Logout without logging into SP'):
        page = sess.fetch_page(idpname, '%s/%s?%s' % (
            'https://127.0.0.11:45081', 'saml2/logout',
            'ReturnTo=https://127.0.0.11:45081/open/logged_out.html'))
        page.expected_value('text()', 'Logged out')

    with TC.case('Access SP Protected Area'):
        page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
Пример #20
0
    def run(self, env):
        overall_exit_code = 0
        overall_results = []

        for version in range(ipsilon.util.data.CURRENT_SCHEMA_VERSION):
            for with_readonly in [True, False]:
                exit_code, results = self.test_upgrade_from(
                    env, version, with_readonly)

            if exit_code != 0:
                overall_exit_code = 1
            overall_results.extend(results)

        return overall_exit_code, overall_results


if __name__ == '__main__':
    from_version = sys.argv[1]
    with_ro = sys.argv[2]
    idpname = sys.argv[3]
    url = sys.argv[4]

    user = pwd.getpwuid(os.getuid())[0]

    sess = HttpSessions()
    sess.add_server(idpname, 'https://%s' % url, user, 'ipsilon')

    with TC.case('From v%s %s: Authenticate to IdP' % (from_version, with_ro)):
        sess.auth_to_idp(idpname)