def test_filter_attribute_value_assertions_2(AVA): p = Policy( {"default": { "attribute_restrictions": { "givenName": ["^R.*"], } }}) ava = filter_attribute_value_assertions(AVA[0].copy(), p.get_attribute_restrictions("")) print(ava) assert _eq(ava.keys(), []) ava = filter_attribute_value_assertions(AVA[1].copy(), p.get_attribute_restrictions("")) print(ava) assert _eq(list(ava.keys()), ["givenName"]) assert ava["givenName"] == ["Ryan"] ava = filter_attribute_value_assertions(AVA[3].copy(), p.get_attribute_restrictions("")) print(ava) assert _eq(list(ava.keys()), ["givenName"]) assert ava["givenName"] == ["Roland"]
def test_filter_attribute_value_assertions_2(AVA): p = Policy({ "default": { "attribute_restrictions": { "givenName": ["^R.*"], } } }) ava = filter_attribute_value_assertions(AVA[0].copy(), p.get_attribute_restriction("")) print ava assert _eq(ava.keys(), []) ava = filter_attribute_value_assertions(AVA[1].copy(), p.get_attribute_restriction("")) print ava assert _eq(ava.keys(), ["givenName"]) assert ava["givenName"] == ["Ryan"] ava = filter_attribute_value_assertions(AVA[3].copy(), p.get_attribute_restriction("")) print ava assert _eq(ava.keys(), ["givenName"]) assert ava["givenName"] == ["Roland"]
def test_filter_attribute_value_assertions_1(AVA): p = Policy({"default": {"attribute_restrictions": {"surName": None, "givenName": [".*er.*"]}}}) ava = filter_attribute_value_assertions(AVA[0].copy(), p.get_attribute_restrictions("")) print ava assert _eq(ava.keys(), ["givenName", "surName"]) assert ava["surName"] == ["Jeter"] assert ava["givenName"] == ["Derek"] ava = filter_attribute_value_assertions(AVA[1].copy(), p.get_attribute_restrictions("")) print ava assert _eq(ava.keys(), ["surName"]) assert ava["surName"] == ["Howard"]
def create_attribute_response(self, identity, in_response_to, destination, sp_entity_id, userid="", name_id=None, status=None, issuer=None, sign_assertion=False, sign_response=False, attributes=None): """ Create an attribute assertion response. :param identity: A dictionary with attributes and values that are expected to be the bases for the assertion in the response. :param in_response_to: The session identifier of the request :param destination: The URL which should receive the response :param sp_entity_id: The entity identifier of the SP :param userid: A identifier of the user :param name_id: The identifier of the subject :param status: The status of the response :param issuer: The issuer of the response :param sign_assertion: Whether the assertion should be signed or not :param sign_response: Whether the whole response should be signed :param attributes: :return: A response instance """ if not name_id and userid: try: name_id = self.ident.construct_nameid(userid, self.config.policy, sp_entity_id) logger.warning("Unspecified NameID format") except Exception: pass to_sign = [] args = {} if identity: _issuer = self._issuer(issuer) ast = Assertion(identity) policy = self.config.getattr("policy", "aa") if policy: ast.apply_policy(sp_entity_id, policy) else: policy = Policy() if attributes: restr = restriction_from_attribute_spec(attributes) ast = filter_attribute_value_assertions(ast) assertion = ast.construct(sp_entity_id, in_response_to, destination, name_id, self.config.attribute_converters, policy, issuer=_issuer) if sign_assertion: assertion.signature = pre_signature_part(assertion.id, self.sec.my_cert, 1) # Just the assertion or the response and the assertion ? to_sign = [(class_name(assertion), assertion.id)] args["assertion"] = assertion return self._response(in_response_to, destination, status, issuer, sign_response, to_sign, **args)
def test_filter_attribute_value_assertions_0(AVA): p = Policy({"default": {"attribute_restrictions": {"surName": [".*berg"]}}}) ava = filter_attribute_value_assertions(AVA[3].copy(), p.get_attribute_restrictions("")) print ava assert ava.keys() == ["surName"] assert ava["surName"] == ["Hedberg"]
def create_aa_response(self, in_response_to, consumer_url, sp_entity_id, identity=None, userid="", name_id=None, status=None, issuer=None, sign_assertion=False, sign_response=False, attributes=None): """ Create an attribute assertion response. :param in_response_to: The session identifier of the request :param consumer_url: The URL which should receive the response :param sp_entity_id: The entity identifier of the SP :param identity: A dictionary with attributes and values that are expected to be the bases for the assertion in the response. :param userid: A identifier of the user :param name_id: The identifier of the subject :param status: The status of the response :param issuer: The issuer of the response :param sign_assertion: Whether the assertion should be signed or not :param sign_response: Whether the whole response should be signed :return: A response instance """ if not name_id and userid: try: name_id = self.ident.construct_nameid(self.conf.policy, userid, sp_entity_id, identity) logger.warning("Unspecified NameID format") except Exception: pass to_sign = [] args = {} if identity: _issuer = self.issuer(issuer) ast = Assertion(identity) policy = self.conf.getattr("policy", "aa") if policy: ast.apply_policy(sp_entity_id, policy) else: policy = Policy() if attributes: restr = restriction_from_attribute_spec(attributes) ast = filter_attribute_value_assertions(ast) assertion = ast.construct(sp_entity_id, in_response_to, consumer_url, name_id, self.conf.attribute_converters, policy, issuer=_issuer) if sign_assertion: assertion.signature = pre_signature_part(assertion.id, self.sec.my_cert, 1) # Just the assertion or the response and the assertion ? to_sign = [(class_name(assertion), assertion.id)] args["assertion"] = assertion return self._response(in_response_to, consumer_url, status, issuer, sign_response, to_sign, **args)
def test_filter_attribute_value_assertions_0(AVA): p = Policy( {"default": { "attribute_restrictions": { "surName": [".*berg"], } }}) ava = filter_attribute_value_assertions(AVA[3].copy(), p.get_attribute_restrictions("")) print(ava) assert list(ava.keys()) == ["surName"] assert ava["surName"] == ["Hedberg"]
def test_filter_attribute_value_assertions_1(AVA): p = Policy({ "default": { "attribute_restrictions": { "surName": None, "givenName": [".*er.*"], } } }) ava = filter_attribute_value_assertions(AVA[0].copy(), p.get_attribute_restrictions("")) print(ava) assert _eq(ava.keys(), ["givenName", "surName"]) assert ava["surName"] == ["Jeter"] assert ava["givenName"] == ["Derek"] ava = filter_attribute_value_assertions(AVA[1].copy(), p.get_attribute_restrictions("")) print(ava) assert _eq(list(ava.keys()), ["surName"]) assert ava["surName"] == ["Howard"]
def create_attribute_response(self, identity, in_response_to, destination, sp_entity_id, userid="", name_id=None, status=None, issuer=None, sign_assertion=False, sign_response=False, attributes=None, sign_alg=None, digest_alg=None, farg=None, **kwargs): """ Create an attribute assertion response. :param identity: A dictionary with attributes and values that are expected to be the bases for the assertion in the response. :param in_response_to: The session identifier of the request :param destination: The URL which should receive the response :param sp_entity_id: The entity identifier of the SP :param userid: A identifier of the user :param name_id: The identifier of the subject :param status: The status of the response :param issuer: The issuer of the response :param sign_assertion: Whether the assertion should be signed or not :param sign_response: Whether the whole response should be signed :param attributes: :param kwargs: To catch extra keyword arguments :return: A response instance """ policy = self.config.getattr("policy", "aa") if not name_id and userid: try: name_id = self.ident.construct_nameid(userid, policy, sp_entity_id) logger.warning("Unspecified NameID format") except Exception: pass to_sign = [] if identity: farg = self.update_farg(in_response_to, sp_entity_id, farg=farg) _issuer = self._issuer(issuer) ast = Assertion(identity) if policy: ast.apply_policy(sp_entity_id, policy, self.metadata) else: policy = Policy() if attributes: restr = restriction_from_attribute_spec(attributes) ast = filter_attribute_value_assertions(ast) assertion = ast.construct( sp_entity_id, self.config.attribute_converters, policy, issuer=_issuer, name_id=name_id, farg=farg['assertion']) if sign_assertion: assertion.signature = pre_signature_part(assertion.id, self.sec.my_cert, 1, sign_alg=sign_alg, digest_alg=digest_alg) # Just the assertion or the response and the assertion ? to_sign = [(class_name(assertion), assertion.id)] kwargs['sign_assertion'] = True kwargs["assertion"] = assertion if sp_entity_id: kwargs['sp_entity_id'] = sp_entity_id return self._response(in_response_to, destination, status, issuer, sign_response, to_sign, sign_alg=sign_alg, digest_alg=digest_alg, **kwargs)