示例#1
0
def test_str_to_time():
    t = calendar.timegm(str_to_time("2000-01-12T00:00:00Z"))
    # TODO: Find all instances of time.mktime(.....)
    # t = time.mktime(str_to_time("2000-01-12T00:00:00Z"))
    # assert t == 947631600.0
    # TODO: add something to show how this time was arrived at
    # do this as an external method in the
    assert t == 947635200
    # some IdPs omit the trailing Z, and SAML spec is unclear if it is actually required
    t = calendar.timegm(str_to_time("2000-01-12T00:00:00"))
    assert t == 947635200
示例#2
0
def test_str_to_time():
    t = calendar.timegm(str_to_time("2000-01-12T00:00:00Z"))
    #TODO: Find all instances of time.mktime(.....)
    #t = time.mktime(str_to_time("2000-01-12T00:00:00Z"))
    #assert t == 947631600.0
    #TODO: add something to show how this time was arrived at
    # do this as an external method in the
    assert t == 947635200
    # some IdPs omit the trailing Z, and SAML spec is unclear if it is actually required
    t = calendar.timegm(str_to_time("2000-01-12T00:00:00"))
    assert t == 947635200
示例#3
0
    def test_SAML_sign_with_pkcs11(self):
        """
        Test signing a SAML assertion using PKCS#11 and then verifying it.
        """
        os.environ['SOFTHSM_CONF'] = self.softhsm_conf

        ass = self._assertion
        print ass
        sign_ass = self.sec.sign_assertion("%s" % ass, node_id=ass.id)
        #print sign_ass
        sass = saml.assertion_from_string(sign_ass)
        #print sass
        assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant',
                                   'version', 'signature', 'id'])
        assert sass.version == "2.0"
        assert sass.id == "11111"
        assert time_util.str_to_time(sass.issue_instant)

        print "Crypto version : %s" % (self.sec.crypto.version())

        item = self.sec.check_signature(sass, class_name(sass), sign_ass)

        assert isinstance(item, saml.Assertion)

        print "Test PASSED"
示例#4
0
    def test_SAML_sign_with_pkcs11(self):
        """
        Test signing a SAML assertion using PKCS#11 and then verifying it.
        """
        os.environ['SOFTHSM_CONF'] = self.softhsm_conf

        ass = self._assertion
        print(ass)
        sign_ass = self.sec.sign_assertion("%s" % ass, node_id=ass.id)
        #print(sign_ass)
        sass = saml.assertion_from_string(sign_ass)
        #print(sass)
        assert _eq(sass.keyswv(), [
            'attribute_statement', 'issue_instant', 'version', 'signature',
            'id'
        ])
        assert sass.version == "2.0"
        assert sass.id == "11111"
        assert time_util.str_to_time(sass.issue_instant)

        print("Crypto version : %s" % (self.sec.crypto.version()))

        item = self.sec.check_signature(sass, class_name(sass), sign_ass)

        assert isinstance(item, saml.Assertion)

        print("Test PASSED")
示例#5
0
def test_construct_AttributeAuthorityDescriptor():
    aad = make_instance(
        md.AttributeAuthorityDescriptor,
        {
            "valid_until": time_util.in_a_while(30),  # 30 days from now
            "id": "aad.example.com",
            "protocol_support_enumeration": SAML2_NAMESPACE,
            "attribute_service": {"binding": BINDING_SOAP, "location": "http://example.com:6543/saml2/aad"},
            "name_id_format": [NAMEID_FORMAT_TRANSIENT],
            "key_descriptor": {"use": "signing", "key_info": {"key_name": "example.com"}},
        },
    )

    print aad
    assert _eq(
        aad.keyswv(),
        ["valid_until", "id", "attribute_service", "name_id_format", "key_descriptor", "protocol_support_enumeration"],
    )
    assert time_util.str_to_time(aad.valid_until)
    assert aad.id == "aad.example.com"
    assert aad.protocol_support_enumeration == SAML2_NAMESPACE
    assert len(aad.attribute_service) == 1
    atsr = aad.attribute_service[0]
    assert _eq(atsr.keyswv(), ["binding", "location"])
    assert atsr.binding == BINDING_SOAP
    assert atsr.location == "http://example.com:6543/saml2/aad"
    assert len(aad.name_id_format) == 1
    nif = aad.name_id_format[0]
    assert nif.text.strip() == NAMEID_FORMAT_TRANSIENT
    assert len(aad.key_descriptor) == 1
    kdesc = aad.key_descriptor[0]
    assert kdesc.use == "signing"
    assert kdesc.key_info.key_name[0].text.strip() == "example.com"
示例#6
0
文件: validate.py 项目: Amli/pysaml2
def validate_before(not_before, slack):
    if not_before:
        now = time_util.utc_now()
        nbefore = calendar.timegm(time_util.str_to_time(not_before))
        if nbefore > now + slack:
            raise ToEarly("Can't use it yet %d <= %d" % (now + slack, nbefore))

    return True
示例#7
0
def validate_before(not_before, slack):
    if not_before:
        now = time_util.utc_now()
        nbefore = calendar.timegm(time_util.str_to_time(not_before))
        if nbefore > now + slack:
            raise Exception("Can't use it yet %d <= %d" % (nbefore, now))

    return True
示例#8
0
 def issue_instant_ok(self):
     """ Check that the response was issued at a reasonable time """
     upper = time_util.shift_time(time_util.time_in_a_while(days=1), self.timeslack).timetuple()
     lower = time_util.shift_time(time_util.time_a_while_ago(days=1), -self.timeslack).timetuple()
     # print("issue_instant: %s" % self.response.issue_instant)
     # print("%s < x < %s" % (lower, upper))
     issued_at = str_to_time(self.response.issue_instant)
     return lower < issued_at < upper
示例#9
0
def test_str_to_time():
    t = calendar.timegm(str_to_time("2000-01-12T00:00:00Z"))
    #TODO: Find all instances of time.mktime(.....)
    #t = time.mktime(str_to_time("2000-01-12T00:00:00Z"))
    #assert t == 947631600.0
    #TODO: add something to show how this time was arrived at
    # do this as an external method in the 
    assert t == 947635200
def test_str_to_time():
    t = calendar.timegm(str_to_time("2000-01-12T00:00:00Z"))
    #TODO: Find all instances of time.mktime(.....)
    #t = time.mktime(str_to_time("2000-01-12T00:00:00Z"))
    #assert t == 947631600.0
    #TODO: add something to show how this time was arrived at
    # do this as an external method in the
    assert t == 947635200
示例#11
0
文件: validate.py 项目: SUNET/pysaml2
def validate_before(not_before, slack):
    if not_before:
        now = time_util.utc_now()
        nbefore = calendar.timegm(time_util.str_to_time(not_before))
        if nbefore > now + slack:
            now_str = time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(now))
            raise ToEarly("Can't use response yet: (now=%s + slack=%d) "
                          "<= notbefore=%s" % (now_str, slack, not_before))
    return True
示例#12
0
def add_derek_info(sp):
    not_on_or_after = str_to_time(in_a_while(days=1))
    session_info = SESSION_INFO_PATTERN.copy()
    session_info["ava"] = {"givenName": ["Derek"], "umuselin": ["deje0001"]}
    session_info["issuer"] = "urn:mace:example.com:saml:idp"
    session_info["name_id"] = "abcdefgh"
    session_info["not_on_or_after"] = not_on_or_after
    # subject_id, entity_id, info, timestamp
    sp.users.add_information_about_person(session_info)
示例#13
0
def validate_on_or_after(not_on_or_after, slack):
    if not_on_or_after:
        now = time_util.utc_now()
        nooa = calendar.timegm(time_util.str_to_time(not_on_or_after))
        if now > nooa + slack:
            raise ResponseLifetimeExceed("Can't use it, it's too old %d > %d".format(now - slack, nooa))
        return nooa
    else:
        return False
示例#14
0
文件: validate.py 项目: ranade1/hue
def validate_before(not_before, slack):
    if not_before:
        now = time_util.utc_now()
        nbefore = calendar.timegm(time_util.str_to_time(not_before))
        if nbefore > now + slack:
            now_str = time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(now))
            raise ToEarly("Can't use response yet: (now=%s + slack=%d) "
                          "<= notbefore=%s" % (now_str, slack, not_before))
    return True
示例#15
0
def add_derek_info(sp):
    not_on_or_after = str_to_time(in_a_while(days=1))
    session_info = SESSION_INFO_PATTERN.copy()
    session_info["ava"] = {"givenName":["Derek"], "umuselin":["deje0001"]}
    session_info["issuer"] = "https://toylan3.umdc.umu.se/shibboleth"
    session_info["name_id"] = "abcdefgh"
    session_info["not_on_or_after"] = not_on_or_after
    # subject_id, entity_id, info, timestamp
    sp.users.add_information_about_person(session_info)
def test_add_duration_2():
    #2000-01-12 PT33H   2000-01-13
    t = add_duration(str_to_time("2000-01-12T00:00:00Z"), "PT33H")
    assert t.tm_year == 2000
    assert t.tm_mon == 1
    assert t.tm_mday == 14
    assert t.tm_hour == 9
    assert t.tm_min == 0
    assert t.tm_sec == 0
示例#17
0
def test_add_duration_2():
    #2000-01-12 PT33H   2000-01-13
    t = add_duration(str_to_time("2000-01-12T00:00:00Z"), "PT33H")
    assert t.tm_year == 2000
    assert t.tm_mon == 1
    assert t.tm_mday == 14
    assert t.tm_hour == 9
    assert t.tm_min == 0
    assert t.tm_sec == 0
示例#18
0
def add_derek_info(sp):
    not_on_or_after = str_to_time(in_a_while(days=1))
    session_info = SESSION_INFO_PATTERN.copy()
    session_info["ava"] = {"givenName": ["Derek"], "umuselin": ["deje0001"]}
    session_info["issuer"] = "urn:mace:example.com:saml:idp"
    session_info["name_id"] = nid
    session_info["not_on_or_after"] = not_on_or_after
    # subject_id, entity_id, info, timestamp
    sp.users.add_information_about_person(session_info)
示例#19
0
def test_add_duration_1():
    #2000-01-12T12:13:14Z	P1Y3M5DT7H10M3S	2001-04-17T19:23:17Z    
    t = add_duration(str_to_time("2000-01-12T12:13:14Z"), "P1Y3M5DT7H10M3S")
    assert t.tm_year == 2001
    assert t.tm_mon == 4
    assert t.tm_mday == 17
    assert t.tm_hour == 19
    assert t.tm_min == 23
    assert t.tm_sec == 17
def test_add_duration_1():
    #2000-01-12T12:13:14Z	P1Y3M5DT7H10M3S	2001-04-17T19:23:17Z
    t = add_duration(str_to_time("2000-01-12T12:13:14Z"), "P1Y3M5DT7H10M3S")
    assert t.tm_year == 2001
    assert t.tm_mon == 4
    assert t.tm_mday == 17
    assert t.tm_hour == 19
    assert t.tm_min == 23
    assert t.tm_sec == 17
示例#21
0
def add_derek_info(sp):
    not_on_or_after = str_to_time(in_a_while(days=1))
    session_info = SESSION_INFO_PATTERN.copy()
    session_info["ava"] = {"givenName": ["Derek"], "umuselin": ["deje0001"]}
    session_info["issuer"] = "https://toylan3.umdc.umu.se/shibboleth"
    session_info["name_id"] = "abcdefgh"
    session_info["not_on_or_after"] = not_on_or_after
    # subject_id, entity_id, info, timestamp
    sp.users.add_information_about_person(session_info)
示例#22
0
def validate_on_or_after(not_on_or_after, slack):
    if not_on_or_after:
        now = time_util.utc_now()
        nooa = calendar.timegm(time_util.str_to_time(not_on_or_after))
        if now > nooa + slack:
            raise Exception("Can't use it, it's too old %d > %d" % (nooa, now))
        return nooa
    else:
        return False
示例#23
0
def validate_on_or_after(not_on_or_after, slack):
    if not_on_or_after:
        now = time_util.utc_now()
        nooa = calendar.timegm(time_util.str_to_time(not_on_or_after))
        if now > nooa + slack:
            raise Exception("Can't use it, it's too old %d > %d" %
                            (nooa, now))
        return nooa
    else:
        return False
示例#24
0
def validate_on_or_after(not_on_or_after, slack):
    if not_on_or_after:
        now = time_util.utc_now()
        nooa = calendar.timegm(time_util.str_to_time(not_on_or_after))
        if now > nooa + slack:
            raise ResponseLifetimeExceed(
                "Can't use it, it's too old %d > %d".format(now - slack, nooa))
        return nooa
    else:
        return False
示例#25
0
文件: request.py 项目: vkadam/pysaml2
 def issue_instant_ok(self):
     """ Check that the request was issued at a reasonable time """
     upper = time_util.shift_time(time_util.time_in_a_while(days=1),
                                  self.timeslack).timetuple()
     lower = time_util.shift_time(time_util.time_a_while_ago(days=1),
                                  -self.timeslack).timetuple()
     # print("issue_instant: %s" % self.message.issue_instant)
     # print("%s < x < %s" % (lower, upper))
     issued_at = time_util.str_to_time(self.message.issue_instant)
     return issued_at > lower and issued_at < upper
示例#26
0
    def test_receivers(self):
        assert _eq(self.cache.receivers("9876"), ["abcd"])

        not_on_or_after = str_to_time(in_a_while(days=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"givenName": ["Ichiro"], "surName": ["Suzuki"]}
        self.cache.set("9876", "bcde", session_info, not_on_or_after)

        assert _eq(self.cache.receivers("9876"), ["abcd", "bcde"])
        assert _eq(self.cache.subjects(), ["1234", "9876"])
示例#27
0
 def issue_instant_ok(self):
     """ Check that the response was issued at a reasonable time """
     upper = time_util.shift_time(time_util.time_in_a_while(days=1),
                                  self.timeslack).timetuple()
     lower = time_util.shift_time(time_util.time_a_while_ago(days=1),
                                  -self.timeslack).timetuple()
     # print "issue_instant: %s" % self.response.issue_instant
     # print "%s < x < %s" % (lower, upper)
     issued_at = str_to_time(self.response.issue_instant)
     return lower < issued_at < upper
示例#28
0
    def test_identity(self):
        if self.cache is not None:
            not_on_or_after = str_to_time(in_a_while(days=1))
            session_info = SESSION_INFO_PATTERN.copy()
            session_info["ava"] = {"givenName":["Derek"]}
            self.cache.set("1234", "abcd", session_info, not_on_or_after)

            not_on_or_after = str_to_time(in_a_while(days=1))
            session_info = SESSION_INFO_PATTERN.copy()
            session_info["ava"] = {"mail":["*****@*****.**"]}
            self.cache.set("1234", "xyzv", session_info, not_on_or_after)

            (ident, _) = self.cache.get_identity("1234")
            print ident
            assert len(ident.keys()) == 2
            assert "givenName" in ident.keys()
            assert "mail" in ident.keys()
            assert ident["mail"] == ["*****@*****.**"]
            assert ident["givenName"] == ["Derek"]
示例#29
0
    def test_identity(self):
        if self.cache is not None:
            not_on_or_after = str_to_time(in_a_while(days=1))
            session_info = SESSION_INFO_PATTERN.copy()
            session_info["ava"] = {"givenName": ["Derek"]}
            self.cache.set("1234", "abcd", session_info, not_on_or_after)

            not_on_or_after = str_to_time(in_a_while(days=1))
            session_info = SESSION_INFO_PATTERN.copy()
            session_info["ava"] = {"mail": ["*****@*****.**"]}
            self.cache.set("1234", "xyzv", session_info, not_on_or_after)

            (ident, _) = self.cache.get_identity("1234")
            print(ident)
            assert len(list(ident.keys())) == 2
            assert "givenName" in list(ident.keys())
            assert "mail" in list(ident.keys())
            assert ident["mail"] == ["*****@*****.**"]
            assert ident["givenName"] == ["Derek"]
示例#30
0
    def test_set(self):
        not_on_or_after = str_to_time(in_a_while(days=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"givenName": ["Derek"]}
        self.cache.set(nid[0], "abcd", session_info, not_on_or_after)

        (ava, inactive) = self.cache.get_identity(nid[0])
        assert inactive == []
        assert list(ava.keys()) == ["givenName"]
        assert ava["givenName"] == ["Derek"]
示例#31
0
文件: request.py 项目: GSA/pysaml2
 def issue_instant_ok(self):
     """ Check that the request was issued at a reasonable time """
     upper = time_util.shift_time(time_util.time_in_a_while(days=1),
                                 self.timeslack).timetuple()
     lower = time_util.shift_time(time_util.time_a_while_ago(days=1),
                                 -self.timeslack).timetuple()
     # print "issue_instant: %s" % self.message.issue_instant
     # print "%s < x < %s" % (lower, upper)
     issued_at = time_util.str_to_time(self.message.issue_instant)
     return issued_at > lower and issued_at < upper
示例#32
0
    def test_timeout(self):
        not_on_or_after = str_to_time(in_a_while(seconds=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"givenName": ["Alex"], "surName": ["Rodriguez"]}
        self.cache.set("1000", "bcde", session_info, not_on_or_after)

        time.sleep(2)
        (ava, inactive) = self.cache.get_identity("1000")
        assert inactive == ["bcde"]
        assert ava == {}
示例#33
0
    def test_set(self):
        not_on_or_after = str_to_time(in_a_while(days=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"givenName": ["Derek"]}
        self.cache.set("1234", "abcd", session_info, not_on_or_after)

        (ava, inactive) = self.cache.get_identity("1234")
        assert inactive == []
        assert ava.keys() == ["givenName"]
        assert ava["givenName"] == ["Derek"]
示例#34
0
    def test_add_ava_info(self):
        not_on_or_after = str_to_time(in_a_while(days=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"surName": ["Jeter"]}
        self.cache.set(nid[0], "bcde", session_info, not_on_or_after)

        (ava, inactive) = self.cache.get_identity(nid[0])
        assert inactive == []
        assert _eq(ava.keys(), ["givenName", "surName"])
        assert ava["givenName"] == ["Derek"]
        assert ava["surName"] == ["Jeter"]
示例#35
0
    def test_add_ava_info(self):
        not_on_or_after = str_to_time(in_a_while(days=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"surName": ["Jeter"]}
        self.cache.set(nid[0], "bcde", session_info, not_on_or_after)

        (ava, inactive) = self.cache.get_identity(nid[0])
        assert inactive == []
        assert _eq(ava.keys(), ["givenName", "surName"])
        assert ava["givenName"] == ["Derek"]
        assert ava["surName"] == ["Jeter"]
示例#36
0
文件: validate.py 项目: ranade1/hue
def validate_on_or_after(not_on_or_after, slack):
    if not_on_or_after:
        now = time_util.utc_now()
        nooa = calendar.timegm(time_util.str_to_time(not_on_or_after))
        if now > nooa + slack:
            now_str=time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(now))
            raise ResponseLifetimeExceed(
                "Can't use response, too old (now=%s + slack=%d > " \
                "not_on_or_after=%s" % (now_str, slack, not_on_or_after))
        return nooa
    else:
        return False
示例#37
0
    def test_timeout(self):
        not_on_or_after = str_to_time(in_a_while(seconds=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"givenName": ["Alex"],
                               "surName": ["Rodriguez"]}
        self.cache.set(nid[2], "bcde", session_info,
                       not_on_or_after)

        time.sleep(2)
        (ava, inactive) = self.cache.get_identity(nid[2])
        assert inactive == ["bcde"]
        assert ava == {}
示例#38
0
    def test_receivers(self):
        assert _eq(self.cache.receivers(nid[1]), ["abcd"])

        not_on_or_after = str_to_time(in_a_while(days=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"givenName": ["Ichiro"],
                               "surName": ["Suzuki"]}
        self.cache.set(nid[1], "bcde", session_info,
                       not_on_or_after)

        assert _eq(self.cache.receivers(nid[1]), ["abcd", "bcde"])
        assert nid_eq(self.cache.subjects(), nid[0:2])
示例#39
0
    def test_set_get_2(self):
        if self.cache is not None:
            not_on_or_after = str_to_time(in_a_while(seconds=1))
            session_info = SESSION_INFO_PATTERN.copy()
            session_info["ava"] = {"givenName": ["Mariano"]}
            # subject_id, entity_id, info, timestamp
            self.cache.set("1235", "abcd", session_info, not_on_or_after)
            time.sleep(2)

            raises(ToOld, 'self.cache.get("1235", "abcd")')
            info = self.cache.get("1235", "abcd", False)
            assert info != {}
示例#40
0
    def test_set_get_2(self):
        if self.cache is not None:
            not_on_or_after = str_to_time(in_a_while(seconds=1))
            session_info = SESSION_INFO_PATTERN.copy()
            session_info["ava"] = {"givenName": ["Mariano"]}
            # subject_id, entity_id, info, timestamp
            self.cache.set("1235", "abcd", session_info, not_on_or_after)
            time.sleep(2)

            raises(ToOld, 'self.cache.get("1235", "abcd")')
            info = self.cache.get("1235", "abcd", False)
            assert info != {}
示例#41
0
    def test_second_subject(self):
        not_on_or_after = str_to_time(in_a_while(days=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"givenName": ["Ichiro"], "surName": ["Suzuki"]}
        self.cache.set("9876", "abcd", session_info, not_on_or_after)

        (ava, inactive) = self.cache.get_identity("9876")
        assert inactive == []
        assert _eq(ava.keys(), ["givenName", "surName"])
        assert ava["givenName"] == ["Ichiro"]
        assert ava["surName"] == ["Suzuki"]
        assert _eq(self.cache.subjects(), ["1234", "9876"])
示例#42
0
文件: validate.py 项目: SUNET/pysaml2
def validate_on_or_after(not_on_or_after, slack):
    if not_on_or_after:
        now = time_util.utc_now()
        nooa = calendar.timegm(time_util.str_to_time(not_on_or_after))
        if now > nooa + slack:
            now_str=time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime(now))
            raise ResponseLifetimeExceed(
                "Can't use response, too old (now=%s + slack=%d > " \
                "not_on_or_after=%s" % (now_str, slack, not_on_or_after))
        return nooa
    else:
        return False
示例#43
0
    def test_second_subject(self):
        not_on_or_after = str_to_time(in_a_while(days=1))
        session_info = SESSION_INFO_PATTERN.copy()
        session_info["ava"] = {"givenName": ["Ichiro"],
                               "surName": ["Suzuki"]}
        self.cache.set(nid[1], "abcd", session_info,
                       not_on_or_after)

        (ava, inactive) = self.cache.get_identity(nid[1])
        assert inactive == []
        assert _eq(ava.keys(), ["givenName", "surName"])
        assert ava["givenName"] == ["Ichiro"]
        assert ava["surName"] == ["Suzuki"]
        assert nid_eq(self.cache.subjects(), [nid[0], nid[1]])
示例#44
0
    def test_set_get_1(self):
        if self.cache is not None:
            not_on_or_after = str_to_time(in_a_while(days=1))
            session_info = SESSION_INFO_PATTERN.copy()
            session_info["ava"] = {"givenName": ["Derek"]}
            # subject_id, entity_id, info, timestamp
            self.cache.set("1234", "abcd", session_info, not_on_or_after)

            info = self.cache.get("1234", "abcd")
            #{u'issuer': u'', u'came from': u'', u'ava': {u'givenName': [u'Derek']}, u'session_id': -1, u'not_on_or_after': 0}
            ava = info["ava"]
            print(ava)
            assert list(ava.keys()) == ["givenName"]
            assert ava["givenName"] == ["Derek"]
示例#45
0
    def test_set_get_1(self):
        if self.cache is not None:
            not_on_or_after = str_to_time(in_a_while(days=1))
            session_info = SESSION_INFO_PATTERN.copy()
            session_info["ava"] = {"givenName":["Derek"]}
            # subject_id, entity_id, info, timestamp
            self.cache.set("1234", "abcd", session_info, not_on_or_after)

            info = self.cache.get("1234", "abcd")
            #{u'issuer': u'', u'came from': u'', u'ava': {u'givenName': [u'Derek']}, u'session_id': -1, u'not_on_or_after': 0}
            ava = info["ava"]
            print ava
            assert ava.keys() == ["givenName"]
            assert ava["givenName"] == ["Derek"]
示例#46
0
    def test_multiple_signatures_assertion(self):
        ass = self._assertion
        # basic test with two of the same
        to_sign = [(ass, ass.id, ""), (ass, ass.id, "")]
        sign_ass = self.sec.multiple_signatures("%s" % ass, to_sign)
        sass = saml.assertion_from_string(sign_ass)
        assert _eq(sass.keyswv(), ["attribute_statement", "issue_instant", "version", "signature", "id"])
        assert sass.version == "2.0"
        assert sass.id == "11111"
        assert time_util.str_to_time(sass.issue_instant)

        print("Crypto version : %s" % (self.sec.crypto.version()))

        item = self.sec.check_signature(sass, class_name(sass), sign_ass, must=True)

        assert isinstance(item, saml.Assertion)
示例#47
0
    def test_sign_assertion(self):
        ass = self._assertion
        print(ass)
        sign_ass = self.sec.sign_assertion("%s" % ass, node_id=ass.id)
        # print(sign_ass)
        sass = saml.assertion_from_string(sign_ass)
        # print(sass)
        assert _eq(sass.keyswv(), ["attribute_statement", "issue_instant", "version", "signature", "id"])
        assert sass.version == "2.0"
        assert sass.id == "11111"
        assert time_util.str_to_time(sass.issue_instant)

        print("Crypto version : %s" % (self.sec.crypto.version()))

        item = self.sec.check_signature(sass, class_name(sass), sign_ass)

        assert isinstance(item, saml.Assertion)
示例#48
0
    def test_sign_assertion(self):
        ass = self._assertion
        print(ass)
        sign_ass = self.sec.sign_assertion("%s" % ass, node_id=ass.id)
        #print(sign_ass)
        sass = saml.assertion_from_string(sign_ass)
        #print(sass)
        assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant',
                                   'version', 'signature', 'id'])
        assert sass.version == "2.0"
        assert sass.id == "11111"
        assert time_util.str_to_time(sass.issue_instant)

        print("Crypto version : %s" % (self.sec.crypto.version()))

        item = self.sec.check_signature(sass, class_name(sass), sign_ass)

        assert isinstance(item, saml.Assertion)
示例#49
0
    def test_multiple_signatures_assertion(self):
        ass = self._assertion
        # basic test with two of the same
        to_sign = [(ass, ass.id), (ass, ass.id)]
        sign_ass = self.sec.multiple_signatures(str(ass), to_sign)
        sass = saml.assertion_from_string(sign_ass)
        assert _eq(sass.keyswv(), ['issuer', 'attribute_statement', 'issue_instant',
                                   'version', 'signature', 'id'])
        assert sass.version == "2.0"
        assert sass.id == "id-11111"
        assert time_util.str_to_time(sass.issue_instant)

        print("Crypto version : %s" % (self.sec.crypto.version()))

        item = self.sec.check_signature(sass, class_name(sass),
                                        sign_ass, must=True)

        assert isinstance(item, saml.Assertion)
示例#50
0
    def authn_statement_ok(self, optional=False):
        n_authn_statements = len(self.assertion.authn_statement)
        if n_authn_statements != 1:
            if optional:
                return True
            else:
                msg = "Invalid number of AuthnStatement found in Response: {n}".format(n=n_authn_statements)
                raise ValueError(msg)

        authn_statement = self.assertion.authn_statement[0]
        if authn_statement.session_not_on_or_after:
            if validate_on_or_after(authn_statement.session_not_on_or_after,
                                    self.timeslack):
                self.session_not_on_or_after = calendar.timegm(
                    time_util.str_to_time(
                        authn_statement.session_not_on_or_after))
            else:
                return False
        return True
示例#51
0
    def test_sign_assertion(self):
        ass = self._assertion
        print ass
        sign_ass = self.sec.sign_assertion_using_xmlsec("%s" % ass,
                                                        nodeid=ass.id)
        #print sign_ass
        sass = saml.assertion_from_string(sign_ass)
        #print sass
        assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant',
                                   'version', 'signature', 'id'])
        assert sass.version == "2.0"
        assert sass.id == "11111"
        assert time_util.str_to_time(sass.issue_instant)

        print xmlsec_version(get_xmlsec_binary())

        item = self.sec.check_signature(sass, class_name(sass), sign_ass)

        assert isinstance(item, saml.Assertion)
示例#52
0
 def authn_statement_ok(self, optional=False):
     try:
         # the assertion MUST contain one AuthNStatement
         assert len(self.assertion.authn_statement) == 1
     except AssertionError:
         if optional:
             return True
         else:
             raise
         
     authn_statement = self.assertion.authn_statement[0]
     if authn_statement.session_not_on_or_after:
         if validate_on_or_after(authn_statement.session_not_on_or_after,
                                 self.timeslack):
             self.session_not_on_or_after = calendar.timegm(
                 time_util.str_to_time(authn_statement.session_not_on_or_after))
         else:
             return False
     return True
示例#53
0
    def authn_statement_ok(self, optional=False):
        try:
            # the assertion MUST contain one AuthNStatement
            assert len(self.assertion.authn_statement) == 1
        except AssertionError:
            if optional:
                return True
            else:
                raise

        authn_statement = self.assertion.authn_statement[0]
        if authn_statement.session_not_on_or_after:
            if validate_on_or_after(authn_statement.session_not_on_or_after, self.timeslack):
                self.session_not_on_or_after = calendar.timegm(
                    time_util.str_to_time(authn_statement.session_not_on_or_after)
                )
            else:
                return False
        return True
示例#54
0
def test_construct_AttributeAuthorityDescriptor():
    aad = make_instance(
        md.AttributeAuthorityDescriptor,
        {
            "valid_until": time_util.in_a_while(30),  # 30 days from now
            "id": "aad.example.com",
            "protocol_support_enumeration": SAML2_NAMESPACE,
            "attribute_service": {
                "binding": BINDING_SOAP,
                "location": "http://example.com:6543/saml2/aad",
            },
            "name_id_format": [
                NAMEID_FORMAT_TRANSIENT,
            ],
            "key_descriptor": {
                "use": "signing",
                "key_info": {
                    "key_name": "example.com",
                }
            }
        })

    print aad
    assert _eq(aad.keyswv(), [
        "valid_until", "id", "attribute_service", "name_id_format",
        "key_descriptor", "protocol_support_enumeration"
    ])
    assert time_util.str_to_time(aad.valid_until)
    assert aad.id == "aad.example.com"
    assert aad.protocol_support_enumeration == SAML2_NAMESPACE
    assert len(aad.attribute_service) == 1
    atsr = aad.attribute_service[0]
    assert _eq(atsr.keyswv(), ["binding", "location"])
    assert atsr.binding == BINDING_SOAP
    assert atsr.location == "http://example.com:6543/saml2/aad"
    assert len(aad.name_id_format) == 1
    nif = aad.name_id_format[0]
    assert nif.text.strip() == NAMEID_FORMAT_TRANSIENT
    assert len(aad.key_descriptor) == 1
    kdesc = aad.key_descriptor[0]
    assert kdesc.use == "signing"
    assert kdesc.key_info.key_name[0].text.strip() == "example.com"
示例#55
0
    def test_multiple_signatures_assertion(self):
        ass = self._assertion
        # basic test with two of the same
        to_sign = [(ass, ass.id, ''),
                   (ass, ass.id, '')
        ]
        sign_ass = self.sec.multiple_signatures("%s" % ass, to_sign)
        sass = saml.assertion_from_string(sign_ass)
        assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant',
                                   'version', 'signature', 'id'])
        assert sass.version == "2.0"
        assert sass.id == "11111"
        assert time_util.str_to_time(sass.issue_instant)

        print xmlsec_version(get_xmlsec_binary())

        item = self.sec.check_signature(sass, class_name(sass),
                                        sign_ass, must=True)

        assert isinstance(item, saml.Assertion)
示例#56
0
    def test_sign_assertion(self):
        ass = self._assertion
        print ass
        sign_ass = self.sec.sign_assertion_using_xmlsec("%s" % ass,
                                                        nodeid=ass.id)
        #print sign_ass
        sass = saml.assertion_from_string(sign_ass)
        #print sass
        assert _eq(sass.keyswv(), [
            'attribute_statement', 'issue_instant', 'version', 'signature',
            'id'
        ])
        assert sass.version == "2.0"
        assert sass.id == "11111"
        assert time_util.str_to_time(sass.issue_instant)

        print xmlsec_version(get_xmlsec_binary())

        item = self.sec.check_signature(sass, class_name(sass), sign_ass)

        assert isinstance(item, saml.Assertion)
示例#57
0
文件: validate.py 项目: SUNET/pysaml2
def valid_date_time(item):
    try:
        time_util.str_to_time(item)
    except Exception:
        raise NotValid("dateTime")
    return True
示例#58
0
文件: validate.py 项目: ranade1/hue
def valid_date_time(item):
    try:
        time_util.str_to_time(item)
    except Exception:
        raise NotValid("dateTime")
    return True
示例#59
0
文件: check.py 项目: Goggin/pysaml2
def to_time(_time):
    assert _time.endswith(" GMT")
    _time = _time[:-4]
    return mktime(str_to_time(_time, M2_TIME_FORMAT))
示例#60
0
def to_time(_time):
    assert _time.endswith(" GMT")
    _time = _time[:-4]
    return mktime(str_to_time(_time, M2_TIME_FORMAT))