Пример #1
0
 def test_keydescriptor_no_signing(self, mocked):
     FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/')
     validator = SpidMetadataValidator()
     metadata = create_sp_metadata(
         entity_id='http://test.sp',
         authn_request_signed='true',
         assertion_consumer_services=[Acs(location='http://test.sp/acs')],
         attribute_consuming_services=[
             Atcs(
                 service_name='test_1',
                 attributes=['spidCode']
             )
         ],
         single_logout_services=[
             Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo')
         ],
         keys=[Key('encryption', 'somevalue123')]
     ).to_xml()
     with pytest.raises(SPIDValidationError) as excinfo:
         validator.validate(metadata)
     exc = excinfo.value
     self.assertEqual(
         'EntityDescriptor/SPSSODescriptor/KeyDescriptor',
         exc.details[0].path
     )
     self.assertEqual('Deve essere presente almeno una chiave con attributo use uguale a "signing"',
                      exc.details[0].message)
Пример #2
0
 def test_bad_attributes(self, mocked):
     FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/')
     validator = SpidMetadataValidator()
     metadata = create_sp_metadata(
         entity_id='http://test.sp',
         authn_request_signed='true',
         assertion_consumer_services=[Acs(location='http://test.sp/acs')],
         attribute_consuming_services=[
             Atcs(
                 service_name='test_1',
                 attributes=['badAttr']
             )
         ],
         single_logout_services=[
             Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo')
         ],
         keys=[Key('signing', 'somevalue123')],
         check_attributes=False
     ).to_xml()
     with pytest.raises(SPIDValidationError) as excinfo:
         validator.validate(metadata)
     exc = excinfo.value
     self.assertEqual(
         'EntityDescriptor/SPSSODescriptor/AttributeConsumingService/0/RequestedAttribute/0 - attribute: Name',
         exc.details[0].path
     )
     self.assertEqual('Il valore dell\'elemento non corrisponde a nessuno dei valori attesi ({}):'.format(
         ', '.join(settings.SPID_ATTRIBUTES_NAMES)), exc.details[0].message)
Пример #3
0
 def metadata(self):
     cert_file = self._config.idp_certificate_file_path
     with open(cert_file, 'r') as fp:
         cert = fp.readlines()[1:-1]
         cert = ''.join(cert)
     sso_list = []
     slo_list = []
     sso_list.append(
         Sso(binding=BINDING_HTTP_POST,
             location=self._config.absolute_sso_url))
     sso_list.append(
         Sso(binding=BINDING_HTTP_REDIRECT,
             location=self._config.absolute_sso_url))
     slo_list.append(
         Slo(binding=BINDING_HTTP_POST,
             location=self._config.absolute_slo_url))
     slo_list.append(
         Slo(binding=BINDING_HTTP_REDIRECT,
             location=self._config.absolute_slo_url))
     metadata = create_idp_metadata(
         entity_id=self._config.entity_id,
         want_authn_requests_signed='true',
         keys=[Key(use='signing', value=cert)],
         single_sign_on_services=sso_list,
         single_logout_services=slo_list).to_xml()
     return Response(metadata, mimetype='text/xml')
Пример #4
0
 def test_valid_metadata(self, mocked):
     FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/')
     validator = SpidMetadataValidator()
     metadata = create_sp_metadata(
         entity_id='http://test.sp',
         authn_request_signed='true',
         assertion_consumer_services=[Acs(location='http://test.sp/acs')],
         attribute_consuming_services=[
             Atcs(service_name='test_1', attributes=['spidCode'])
         ],
         single_logout_services=[
             Slo(binding=BINDING_HTTP_POST, location='http://test.sp/slo')
         ],
         keys=[Key('signing', 'somevalue123')]).to_xml()
     validator.validate(metadata)
Пример #5
0
 def metadata(self):
     cert_file = self.server.config.cert_file
     with open(cert_file, 'r') as fp:
         cert = fp.readlines()[1:-1]
         cert = ''.join(cert)
     endpoints = getattr(self.server.config, '_idp_endpoints')
     sso = endpoints.get('single_sign_on_service')
     slo = endpoints.get('single_logout_service')
     sso = [Sso(*_sso) for _sso in sso]
     slo = [Slo(*_slo) for _slo in slo]
     metadata = create_idp_metadata(
         entity_id=self.server.config.entityid,
         want_authn_requests_signed='true',
         keys=[Key(use='signing', value=cert)],
         single_sign_on_services=sso,
         single_logout_services=slo
     ).to_xml()
     return Response(metadata, mimetype='text/xml')
Пример #6
0
 def test_missing_slo(self, mocked):
     FakeConfig('http://localhost:8088/sso', 'http://localhost:8088/')
     validator = SpidMetadataValidator()
     metadata = create_sp_metadata(
         entity_id='http://test.sp',
         authn_request_signed='true',
         assertion_consumer_services=[Acs(location='http://test.sp/acs')],
         attribute_consuming_services=[
             Atcs(service_name='test_1', attributes=['spidCode'])
         ],
         single_logout_services=[],
         keys=[Key('signing', 'somevalue123')]).to_xml()
     with pytest.raises(SPIDValidationError) as excinfo:
         validator.validate(metadata)
     exc = excinfo.value
     self.assertEqual(
         'EntityDescriptor/SPSSODescriptor/SingleLogoutService',
         exc.details[0].path)
     self.assertEqual('required key not provided', exc.details[0].message)
Пример #7
0
 def test_idp_metadata(self):
     ssos = [Sso(binding=BINDING_HTTP_POST, location='http://sso.sso')]
     slos = [Slo(binding=BINDING_HTTP_REDIRECT, location='http://slo.slo')]
     metadata = create_idp_metadata(
         entity_id='test_id123',
         want_authn_requests_signed='true',
         keys=[Key(use='signing', value='CERTCERTCERT')],
         single_sign_on_services=ssos,
         single_logout_services=slos)
     x509_cert = metadata._element.findall('.//{%s}X509Certificate' % DS)
     self.assertEqual(len(x509_cert), 1)
     self.assertEqual(x509_cert[0].text, 'CERTCERTCERT')
     ssos = metadata._element.findall('.//{%s}SingleSignOnService' % MD)
     self.assertEqual(ssos[0].attrib['Binding'], BINDING_HTTP_POST)
     self.assertEqual(ssos[0].attrib['Location'], 'http://sso.sso')
     self.assertEqual(len(ssos), 1)
     slos = metadata._element.findall('.//{%s}SingleLogoutService' % MD)
     self.assertEqual(len(slos), 1)
     self.assertEqual(slos[0].attrib['Binding'], BINDING_HTTP_REDIRECT)
     self.assertEqual(slos[0].attrib['Location'], 'http://slo.slo')