def test_filter_values_req_opt_2():
r = [
to_dict(
Attribute(
friendly_name="surName",
name="urn:oid:2.5.4.4",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
ONTS),
to_dict(
Attribute(
friendly_name="givenName",
name="urn:oid:2.5.4.42",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
ONTS),
to_dict(
Attribute(
friendly_name="mail",
name="urn:oid:0.9.2342.19200300.100.1.3",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
ONTS)]
o = [
to_dict(
Attribute(
friendly_name="title",
name="urn:oid:2.5.4.12",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
ONTS)]
ava = {"surname": ["Hedberg"], "givenName": ["Roland"],
"eduPersonAffiliation": ["staff"], "uid": ["rohe0002"]}
raises(MissingValue, "filter_on_attributes(ava, r, o, acs=ac_factory())")
def test_filter_values_req_opt_4():
r = [
Attribute(
friendly_name="surName",
name="urn:oid:2.5.4.4",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
Attribute(
friendly_name="givenName",
name="urn:oid:2.5.4.42",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri")]
o = [
Attribute(
friendly_name="title",
name="urn:oid:2.5.4.12",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri")]
acs = attribute_converter.ac_factory(full_path("attributemaps"))
rava = attribute_converter.list_to_local(acs, r)
oava = attribute_converter.list_to_local(acs, o)
ava = {"sn": ["Hedberg"], "givenName": ["Roland"],
"eduPersonAffiliation": ["staff"], "uid": ["rohe0002"]}
ava = assertion.filter_on_demands(ava, rava, oava)
print(ava)
assert _eq(sorted(list(ava.keys())), ['givenName', 'sn'])
assert ava == {'givenName': ['Roland'], 'sn': ['Hedberg']}
def test_filter_values_req_2():
a1 = to_dict(Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber"), ONTS)
a2 = to_dict(Attribute(name="urn:oid:2.5.4.4", name_format=NAME_FORMAT_URI,
friendly_name="surName"), ONTS)
required = [a1, a2]
ava = {"serialNumber": ["12345"], "givenName": ["Lars"]}
raises(MissingValue, filter_on_attributes, ava, required, acs=ac_factory())
def test_filter_values_req_opt_0():
r = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
o = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="12345")]), ONTS)
ava = {"serialNumber": ["12345", "54321"]}
ava = filter_on_attributes(ava, [r], [o], acs=ac_factory())
assert list(ava.keys()) == ["serialNumber"]
assert _eq(ava["serialNumber"], ["12345", "54321"])
def test_filter_on_attributes_with_missing_optional_attribute():
ava = {"extra": "foo"}
eptid = to_dict(Attribute(
friendly_name="eduPersonTargetedID",
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10",
name_format=NAME_FORMAT_URI), ONTS)
assert filter_on_attributes(ava, optional=[eptid], acs=ac_factory()) == {}
def test_identity_attribute_1():
(forward,
backward) = utils.parse_attribute_map([full_path("attribute.map")])
a = Attribute(name="urn:oid:2.5.4.4", name_format=NAME_FORMAT_URI)
assert utils.identity_attribute("name", a, forward) == "urn:oid:2.5.4.4"
assert utils.identity_attribute("friendly", a, forward) == "surName"
def test_filter_on_attributes_without_friendly_name():
ava = {"eduPersonTargetedID": "*****@*****.**",
"eduPersonAffiliation": "test",
"extra": "foo"}
eptid = to_dict(
Attribute(name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10",
name_format=NAME_FORMAT_URI), ONTS)
ep_affiliation = to_dict(
Attribute(name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1",
name_format=NAME_FORMAT_URI), ONTS)
restricted_ava = filter_on_attributes(ava, required=[eptid],
optional=[ep_affiliation],
acs=ac_factory())
assert restricted_ava == {"eduPersonTargetedID": "*****@*****.**",
"eduPersonAffiliation": "test"}
def do_aa_descriptor(conf, cert=None, enc_cert=None):
aad = md.AttributeAuthorityDescriptor()
aad.protocol_support_enumeration = samlp.NAMESPACE
endps = conf.getattr("endpoints", "aa")
if endps:
for (endpoint, instlist) in do_endpoints(endps,
ENDPOINTS["aa"]).items():
setattr(aad, endpoint, instlist)
_do_nameid_format(aad, conf, "aa")
if cert or enc_cert:
aad.key_descriptor = do_key_descriptor(cert,
enc_cert,
use=conf.metadata_key_usage)
attributes = conf.getattr("attribute", "aa")
if attributes:
for attribute in attributes:
aad.attribute.append(Attribute(text=attribute))
attribute_profiles = conf.getattr("attribute_profile", "aa")
if attribute_profiles:
for attribute_profile in attribute_profiles:
aad.attribute.append(AttributeProfile(text=attribute_profile))
return aad
def test_identity_attribute_4():
a = Attribute(name="urn:oid:2.5.4.5",
name_format=NAME_FORMAT_URI,
friendly_name="serialNumber")
assert utils.identity_attribute("name", a) == "urn:oid:2.5.4.5"
# if there would be a map it would be serialNumber
assert utils.identity_attribute("friendly", a) == "serialNumber"
def test_filter_on_attributes_with_missing_required_attribute():
ava = {"extra": "foo"}
eptid = to_dict(Attribute(
friendly_name="eduPersonTargetedID",
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10",
name_format=NAME_FORMAT_URI), ONTS)
with pytest.raises(MissingValue):
filter_on_attributes(ava, required=[eptid], acs=ac_factory())
def test_identity_attribute_2():
(forward,
backward) = utils.parse_attribute_map([full_path("attribute.map")])
a = Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI)
assert utils.identity_attribute("name", a, forward) == "urn:oid:2.5.4.5"
# if there would be a map it would be serialNumber
assert utils.identity_attribute("friendly", a,
forward) == "urn:oid:2.5.4.5"
def test_filter_on_attributes_with_missing_name_format():
ava = {"eduPersonTargetedID": "*****@*****.**",
"eduPersonAffiliation": "test",
"extra": "foo"}
eptid = to_dict(Attribute(friendly_name="eduPersonTargetedID",
name="urn:myown:eptid",
name_format=''), ONTS)
ava = filter_on_attributes(ava, optional=[eptid], acs=ac_factory())
assert ava['eduPersonTargetedID'] == "*****@*****.**"
def test_filter_values_req_4():
a = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
required = [a]
ava = {"serialNumber": ["12345"]}
raises(MissingValue, filter_on_attributes, ava, required, acs=ac_factory())
def test_filter_on_attributes_2():
a = to_dict(Attribute(friendly_name="surName",name="urn:oid:2.5.4.4",
name_format=NAME_FORMAT_URI), ONTS)
required = [a]
ava = {"sn":["kakavas"]}
ava = filter_on_attributes(ava,required,acs=ac_factory())
assert list(ava.keys()) == ['sn']
assert ava["sn"] == ["kakavas"]
def test_filter_on_attributes_1():
a = to_dict(Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber"), ONTS)
required = [a]
ava = {"serialNumber": ["12345"], "givenName": ["Lars"]}
ava = filter_on_attributes(ava, required, acs=ac_factory())
assert list(ava.keys()) == ["serialNumber"]
assert ava["serialNumber"] == ["12345"]
def test_filter_values_req_6():
a = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
required = [a]
ava = {"serialNumber": ["12345", "54321"]}
ava = filter_on_attributes(ava, required, acs=ac_factory())
assert list(ava.keys()) == ["serialNumber"]
assert ava["serialNumber"] == ["54321"]
def test_filter_on_wire_representation_2():
r = [
Attribute(
friendly_name="surName",
name="urn:oid:2.5.4.4",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
Attribute(
friendly_name="givenName",
name="urn:oid:2.5.4.42",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri")]
o = [
Attribute(
friendly_name="title",
name="urn:oid:2.5.4.12",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri")]
acs = attribute_converter.ac_factory(full_path("attributemaps"))
ava = {"sn": ["Hedberg"], "givenname": ["Roland"],
"title": ["Master"], "uid": ["rohe0002"]}
ava = assertion.filter_on_wire_representation(ava, acs, r, o)
assert _eq(sorted(list(ava.keys())), ["givenname", "sn", "title"])
def entity_descriptor(confd):
mycert = None
enc_cert = None
if confd.cert_file is not None:
mycert = []
mycert.append("".join(read_cert(confd.cert_file)))
if confd.additional_cert_files is not None:
for _cert_file in confd.additional_cert_files:
mycert.append("".join(read_cert(_cert_file)))
if confd.encryption_keypairs is not None:
enc_cert = []
for _encryption in confd.encryption_keypairs:
enc_cert.append("".join(read_cert(_encryption["cert_file"])))
entd = md.EntityDescriptor()
entd.entity_id = confd.entityid
if confd.valid_for:
entd.valid_until = in_a_while(hours=int(confd.valid_for))
if confd.organization is not None:
entd.organization = do_organization_info(confd.organization)
if confd.contact_person is not None:
entd.contact_person = do_contact_persons_info(confd.contact_person)
if confd.assurance_certification:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.assurance_certification]
attr = Attribute(
attribute_value=ava,
name="urn:oasis:names:tc:SAML:attribute:assurance-certification",
)
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category]
attr = Attribute(attribute_value=ava,
name="http://macedir.org/entity-category")
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category_support:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category_support]
attr = Attribute(attribute_value=ava,
name="http://macedir.org/entity-category-support")
_add_attr_to_entity_attributes(entd.extensions, attr)
for item in algorithm_support_in_metadata(confd.xmlsec_binary):
if not entd.extensions:
entd.extensions = md.Extensions()
entd.extensions.add_extension_element(item)
conf_sp_type = confd.getattr('sp_type', 'sp')
conf_sp_type_in_md = confd.getattr('sp_type_in_metadata', 'sp')
if conf_sp_type and conf_sp_type_in_md is True:
if not entd.extensions:
entd.extensions = md.Extensions()
item = sp_type.SPType(text=conf_sp_type)
entd.extensions.add_extension_element(item)
serves = confd.serves
if not serves:
raise SAMLError(
'No service type ("sp","idp","aa") provided in the configuration')
if "sp" in serves:
confd.context = "sp"
entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert)
if "idp" in serves:
confd.context = "idp"
entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert)
if "aa" in serves:
confd.context = "aa"
entd.attribute_authority_descriptor = do_aa_descriptor(
confd, mycert, enc_cert)
if "pdp" in serves:
confd.context = "pdp"
entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert)
if "aq" in serves:
confd.context = "aq"
entd.authn_authority_descriptor = do_aq_descriptor(
confd, mycert, enc_cert)
return entd