def entities_descriptor(eds, valid_for, name, ident, sign, secc, sign_alg=None,
digest_alg=None):
entities = md.EntitiesDescriptor(entity_descriptor=eds)
if valid_for:
entities.valid_until = in_a_while(hours=valid_for)
if name:
entities.name = name
if ident:
entities.id = ident
if sign:
if not ident:
ident = sid()
if not secc.key_file:
raise SAMLError("If you want to do signing you should define " +
"a key to sign with")
if not secc.my_cert:
raise SAMLError("If you want to do signing you should define " +
"where your public key are")
entities.signature = pre_signature_part(ident, secc.my_cert, 1,
sign_alg=sign_alg,
digest_alg=digest_alg)
entities.id = ident
xmldoc = secc.sign_statement("%s" % entities, class_name(entities))
entities = md.entities_descriptor_from_string(xmldoc)
else:
xmldoc = None
return entities, xmldoc
def add_derek_info(sp):
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Derek"], "umuselin": ["deje0001"]}
session_info["issuer"] = "urn:mace:example.com:saml:idp"
session_info["name_id"] = nid
session_info["not_on_or_after"] = not_on_or_after
# subject_id, entity_id, info, timestamp
sp.users.add_information_about_person(session_info)
def test_valid():
assert valid("2000-01-12T00:00:00Z") == False
current_year = datetime.datetime.today().year
assert valid("%d-01-12T00:00:00Z" % (current_year + 1)) == True
this_instance = instant()
time.sleep(1)
assert valid(this_instance) is False # unless on a very fast machine :-)
soon = in_a_while(seconds=10)
assert valid(soon) == True
def add_derek_info(sp):
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Derek"], "umuselin": ["deje0001"]}
session_info["issuer"] = "urn:mace:example.com:saml:idp"
session_info["name_id"] = nid
session_info["not_on_or_after"] = not_on_or_after
# subject_id, entity_id, info, timestamp
sp.users.add_information_about_person(session_info)
def not_on_or_after(self, sp_entity_id):
""" When the assertion stops being valid, should not be
used after this time.
:param sp_entity_id: The SP entity ID
:return: String representation of the time
"""
return in_a_while(**self.get_lifetime(sp_entity_id))
def test_valid():
assert valid("2000-01-12T00:00:00Z") == False
current_year = datetime.datetime.today().year
assert valid("%d-01-12T00:00:00Z" % (current_year + 1)) == True
this_instance = instant()
time.sleep(1)
assert valid(this_instance) is False # unless on a very fast machine :-)
soon = in_a_while(seconds=10)
assert valid(soon) == True
def not_on_or_after(self, sp_entity_id):
""" When the assertion stops being valid, should not be
used after this time.
:param sp_entity_id: The SP entity ID
:return: String representation of the time
"""
return in_a_while(**self.get_lifetime(sp_entity_id))
def test_set(self):
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Derek"]}
self.cache.set(nid[0], "abcd", session_info, not_on_or_after)
(ava, inactive) = self.cache.get_identity(nid[0])
assert inactive == []
assert list(ava.keys()) == ["givenName"]
assert ava["givenName"] == ["Derek"]
def test_identity(self):
if self.cache is not None:
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName":["Derek"]}
self.cache.set("1234", "abcd", session_info, not_on_or_after)
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"mail":["*****@*****.**"]}
self.cache.set("1234", "xyzv", session_info, not_on_or_after)
(ident, _) = self.cache.get_identity("1234")
print(ident)
assert len(ident.keys()) == 2
assert "givenName" in ident.keys()
assert "mail" in ident.keys()
assert ident["mail"] == ["*****@*****.**"]
assert ident["givenName"] == ["Derek"]
def test_identity(self):
if self.cache is not None:
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Derek"]}
self.cache.set("1234", "abcd", session_info, not_on_or_after)
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"mail": ["*****@*****.**"]}
self.cache.set("1234", "xyzv", session_info, not_on_or_after)
(ident, _) = self.cache.get_identity("1234")
print(ident)
assert len(ident.keys()) == 2
assert "givenName" in ident.keys()
assert "mail" in ident.keys()
assert ident["mail"] == ["*****@*****.**"]
assert ident["givenName"] == ["Derek"]
def test_timeout(self):
not_on_or_after = str_to_time(in_a_while(seconds=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Alex"], "surName": ["Rodriguez"]}
self.cache.set(nid[2], "bcde", session_info, not_on_or_after)
time.sleep(2)
(ava, inactive) = self.cache.get_identity(nid[2])
assert inactive == ["bcde"]
assert ava == {}
def test_set(self):
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Derek"]}
self.cache.set(nid[0], "abcd", session_info, not_on_or_after)
(ava, inactive) = self.cache.get_identity(nid[0])
assert inactive == []
assert list(ava.keys()) == ["givenName"]
assert ava["givenName"] == ["Derek"]
def _expiration(timeout, tformat=None):
# Wed, 06-Jun-2012 01:34:34 GMT
if not tformat:
tformat = "%a, %d-%b-%Y %T GMT"
if timeout == "now":
return time_util.instant(tformat)
else:
# validity time should match lifetime of assertions
return time_util.in_a_while(minutes=timeout, format=tformat)
def _expiration(timeout, tformat=None):
# Wed, 06-Jun-2012 01:34:34 GMT
if not tformat:
tformat = "%a, %d-%b-%Y %T GMT"
if timeout == "now":
return time_util.instant(tformat)
else:
# validity time should match lifetime of assertions
return time_util.in_a_while(minutes=timeout, format=tformat)
def test_receivers(self):
assert _eq(self.cache.receivers(nid[1]), ["abcd"])
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Ichiro"], "surName": ["Suzuki"]}
self.cache.set(nid[1], "bcde", session_info, not_on_or_after)
assert _eq(self.cache.receivers(nid[1]), ["abcd", "bcde"])
assert nid_eq(self.cache.subjects(), nid[0:2])
def test_add_ava_info(self):
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"surName": ["Jeter"]}
self.cache.set(nid[0], "bcde", session_info, not_on_or_after)
(ava, inactive) = self.cache.get_identity(nid[0])
assert inactive == []
assert _eq(ava.keys(), ["givenName", "surName"])
assert ava["givenName"] == ["Derek"]
assert ava["surName"] == ["Jeter"]
def test_add_ava_info(self):
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"surName": ["Jeter"]}
self.cache.set(nid[0], "bcde", session_info, not_on_or_after)
(ava, inactive) = self.cache.get_identity(nid[0])
assert inactive == []
assert _eq(ava.keys(), ["givenName", "surName"])
assert ava["givenName"] == ["Derek"]
assert ava["surName"] == ["Jeter"]
def test_second_subject(self):
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Ichiro"], "surName": ["Suzuki"]}
self.cache.set(nid[1], "abcd", session_info, not_on_or_after)
(ava, inactive) = self.cache.get_identity(nid[1])
assert inactive == []
assert _eq(ava.keys(), ["givenName", "surName"])
assert ava["givenName"] == ["Ichiro"]
assert ava["surName"] == ["Suzuki"]
assert nid_eq(self.cache.subjects(), [nid[0], nid[1]])
def test_receivers(self):
assert _eq(self.cache.receivers(nid[1]), ["abcd"])
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Ichiro"],
"surName": ["Suzuki"]}
self.cache.set(nid[1], "bcde", session_info,
not_on_or_after)
assert _eq(self.cache.receivers(nid[1]), ["abcd", "bcde"])
assert nid_eq(self.cache.subjects(), nid[0:2])
def test_timeout(self):
not_on_or_after = str_to_time(in_a_while(seconds=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Alex"],
"surName": ["Rodriguez"]}
self.cache.set(nid[2], "bcde", session_info,
not_on_or_after)
time.sleep(2)
(ava, inactive) = self.cache.get_identity(nid[2])
assert inactive == ["bcde"]
assert ava == {}
def test_set_get_2(self):
if self.cache is not None:
not_on_or_after = str_to_time(in_a_while(seconds=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Mariano"]}
# subject_id, entity_id, info, timestamp
self.cache.set("1235", "abcd", session_info, not_on_or_after)
time.sleep(2)
raises(ToOld, 'self.cache.get("1235", "abcd")')
info = self.cache.get("1235", "abcd", False)
assert info != {}
def test_set_get_2(self):
if self.cache is not None:
not_on_or_after = str_to_time(in_a_while(seconds=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName":["Mariano"]}
# subject_id, entity_id, info, timestamp
self.cache.set("1235", "abcd", session_info,
not_on_or_after)
time.sleep(2)
raises(ToOld, 'self.cache.get("1235", "abcd")')
info = self.cache.get("1235", "abcd", False)
assert info != {}
def test_set_get_1(self):
if self.cache is not None:
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName":["Derek"]}
# subject_id, entity_id, info, timestamp
self.cache.set("1234", "abcd", session_info, not_on_or_after)
info = self.cache.get("1234", "abcd")
#{u'issuer': u'', u'came from': u'', u'ava': {u'givenName': [u'Derek']}, u'session_id': -1, u'not_on_or_after': 0}
ava = info["ava"]
print(ava)
assert list(ava.keys()) == ["givenName"]
assert ava["givenName"] == ["Derek"]
def _expiration(timeout, tformat="%a, %d-%b-%Y %H:%M:%S GMT"):
"""
:param timeout:
:param tformat:
:return:
"""
if timeout == "now":
return time_util.instant(tformat)
elif timeout == "dawn":
return time.strftime(tformat, time.gmtime(0))
else:
# validity time should match lifetime of assertions
return time_util.in_a_while(minutes=timeout, format=tformat)
def _expiration(timeout, tformat="%a, %d-%b-%Y %H:%M:%S GMT"):
"""
:param timeout:
:param tformat:
:return:
"""
if timeout == "now":
return time_util.instant(tformat)
elif timeout == "dawn":
return time.strftime(tformat, time.gmtime(0))
else:
# validity time should match lifetime of assertions
return time_util.in_a_while(minutes=timeout, format=tformat)
def test_second_subject(self):
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Ichiro"],
"surName": ["Suzuki"]}
self.cache.set(nid[1], "abcd", session_info,
not_on_or_after)
(ava, inactive) = self.cache.get_identity(nid[1])
assert inactive == []
assert _eq(ava.keys(), ["givenName", "surName"])
assert ava["givenName"] == ["Ichiro"]
assert ava["surName"] == ["Suzuki"]
assert nid_eq(self.cache.subjects(), [nid[0], nid[1]])
def test_set_get_1(self):
if self.cache is not None:
not_on_or_after = str_to_time(in_a_while(days=1))
session_info = SESSION_INFO_PATTERN.copy()
session_info["ava"] = {"givenName": ["Derek"]}
# subject_id, entity_id, info, timestamp
self.cache.set("1234", "abcd", session_info, not_on_or_after)
info = self.cache.get("1234", "abcd")
#{u'issuer': u'', u'came from': u'', u'ava': {u'givenName': [u'Derek']}, u'session_id': -1, u'not_on_or_after': 0}
ava = info["ava"]
print(ava)
assert list(ava.keys()) == ["givenName"]
assert ava["givenName"] == ["Derek"]
def test_add_person(self):
session_info = {
"name_id": nid,
"issuer": IDP_ONE,
"not_on_or_after": in_a_while(minutes=15),
"ava": {
"givenName": "Anders",
"surName": "Andersson",
"mail": "*****@*****.**"
}
}
self.population.add_information_about_person(session_info)
issuers = self.population.issuers_of_info(nid)
assert list(issuers) == [IDP_ONE]
subjects = [code(c) for c in self.population.subjects()]
assert subjects == [cnid]
# Are any of the sources gone stale
stales = self.population.stale_sources_for_person(nid)
assert stales == []
# are any of the possible sources not used or gone stale
possible = [IDP_ONE, IDP_OTHER]
stales = self.population.stale_sources_for_person(nid, possible)
assert stales == [IDP_OTHER]
(identity, stale) = self.population.get_identity(nid)
assert stale == []
assert identity == {
'mail': '*****@*****.**',
'givenName': 'Anders',
'surName': 'Andersson'
}
info = self.population.get_info_from(nid, IDP_ONE)
assert sorted(list(info.keys())) == sorted(
["not_on_or_after", "name_id", "ava"])
assert info["name_id"] == nid
assert info["ava"] == {
'mail': '*****@*****.**',
'givenName': 'Anders',
'surName': 'Andersson'
}
def test_add_another_person(self):
session_info = {
"name_id": nida,
"issuer": IDP_ONE,
"not_on_or_after": in_a_while(minutes=15),
"ava": {
"givenName": "Bertil",
"surName": "Bertilsson",
"mail": "*****@*****.**"
}
}
self.population.add_information_about_person(session_info)
issuers = self.population.issuers_of_info(nida)
assert list(issuers) == [IDP_ONE]
subjects = [code(c) for c in self.population.subjects()]
assert _eq(subjects, [cnid, cnida])
stales = self.population.stale_sources_for_person(nida)
assert stales == []
# are any of the possible sources not used or gone stale
possible = [IDP_ONE, IDP_OTHER]
stales = self.population.stale_sources_for_person(nida, possible)
assert stales == [IDP_OTHER]
(identity, stale) = self.population.get_identity(nida)
assert stale == []
assert identity == {"givenName": "Bertil",
"surName": "Bertilsson",
"mail": "*****@*****.**"
}
info = self.population.get_info_from(nida, IDP_ONE)
assert sorted(list(info.keys())) == sorted(["not_on_or_after",
"name_id", "ava"])
assert info["name_id"] == nida
assert info["ava"] == {"givenName": "Bertil",
"surName": "Bertilsson",
"mail": "*****@*****.**"
}
def entities_descriptor(eds,
valid_for,
name,
ident,
sign,
secc,
sign_alg=None,
digest_alg=None):
entities = md.EntitiesDescriptor(entity_descriptor=eds)
if valid_for:
entities.valid_until = in_a_while(hours=valid_for)
if name:
entities.name = name
if ident:
entities.id = ident
if sign:
if not ident:
ident = sid()
if not secc.key_file:
raise SAMLError("If you want to do signing you should define " +
"a key to sign with")
if not secc.my_cert:
raise SAMLError("If you want to do signing you should define " +
"where your public key are")
entities.signature = pre_signature_part(ident,
secc.my_cert,
1,
sign_alg=sign_alg,
digest_alg=digest_alg)
entities.id = ident
xmldoc = secc.sign_statement("%s" % entities, class_name(entities))
entities = md.entities_descriptor_from_string(xmldoc)
else:
xmldoc = None
return entities, xmldoc
def test_modify_person(self):
session_info = {
"name_id": nid,
"issuer": IDP_ONE,
"not_on_or_after": in_a_while(minutes=15),
"ava": {
"givenName": "Arne",
"surName": "Andersson",
"mail": "*****@*****.**"
}
}
self.population.add_information_about_person(session_info)
issuers = self.population.issuers_of_info(nid)
assert _eq(issuers, [IDP_ONE, IDP_OTHER])
subjects = [code(c) for c in self.population.subjects()]
assert _eq(subjects, [cnid, cnida])
# Are any of the sources gone stale
stales = self.population.stale_sources_for_person(nid)
assert stales == []
# are any of the possible sources not used or gone stale
possible = [IDP_ONE, IDP_OTHER]
stales = self.population.stale_sources_for_person(nid, possible)
assert stales == []
(identity, stale) = self.population.get_identity(nid)
assert stale == []
assert identity == {'mail': '*****@*****.**',
'givenName': 'Arne',
'surName': 'Andersson',
"eduPersonEntitlement": "Anka"}
info = self.population.get_info_from(nid, IDP_OTHER)
assert sorted(list(info.keys())) == sorted(["not_on_or_after",
"name_id", "ava"])
assert info["name_id"] == nid
assert info["ava"] == {"eduPersonEntitlement": "Anka"}
def _expiration(timeout, time_format=None):
if timeout == "now":
return time_util.instant(time_format)
else:
# validity time should match lifetime of assertions
return time_util.in_a_while(minutes=timeout, format=time_format)
def _expiration(timeout, tformat=None):
if timeout == "now":
return time_util.instant(tformat)
else:
# validity time should match lifetime of assertions
return time_util.in_a_while(minutes=timeout, format=tformat)
def entity_descriptor(confd):
mycert = None
enc_cert = None
if confd.cert_file is not None:
mycert = []
mycert.append("".join(read_cert(confd.cert_file)))
if confd.additional_cert_files is not None:
for _cert_file in confd.additional_cert_files:
mycert.append("".join(read_cert(_cert_file)))
if confd.encryption_keypairs is not None:
enc_cert = []
for _encryption in confd.encryption_keypairs:
enc_cert.append("".join(read_cert(_encryption["cert_file"])))
entd = md.EntityDescriptor()
entd.entity_id = confd.entityid
if confd.valid_for:
entd.valid_until = in_a_while(hours=int(confd.valid_for))
if confd.organization is not None:
entd.organization = do_organization_info(confd.organization)
if confd.contact_person is not None:
entd.contact_person = do_contact_persons_info(confd.contact_person)
if confd.assurance_certification:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.assurance_certification]
attr = Attribute(
attribute_value=ava,
name="urn:oasis:names:tc:SAML:attribute:assurance-certification",
)
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category]
attr = Attribute(attribute_value=ava,
name="http://macedir.org/entity-category")
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category_support:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category_support]
attr = Attribute(attribute_value=ava,
name="http://macedir.org/entity-category-support")
_add_attr_to_entity_attributes(entd.extensions, attr)
for item in algorithm_support_in_metadata(confd.xmlsec_binary):
if not entd.extensions:
entd.extensions = md.Extensions()
entd.extensions.add_extension_element(item)
conf_sp_type = confd.getattr('sp_type', 'sp')
conf_sp_type_in_md = confd.getattr('sp_type_in_metadata', 'sp')
if conf_sp_type and conf_sp_type_in_md is True:
if not entd.extensions:
entd.extensions = md.Extensions()
item = sp_type.SPType(text=conf_sp_type)
entd.extensions.add_extension_element(item)
serves = confd.serves
if not serves:
raise SAMLError(
'No service type ("sp","idp","aa") provided in the configuration')
if "sp" in serves:
confd.context = "sp"
entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert)
if "idp" in serves:
confd.context = "idp"
entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert)
if "aa" in serves:
confd.context = "aa"
entd.attribute_authority_descriptor = do_aa_descriptor(
confd, mycert, enc_cert)
if "pdp" in serves:
confd.context = "pdp"
entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert)
if "aq" in serves:
confd.context = "aq"
entd.authn_authority_descriptor = do_aq_descriptor(
confd, mycert, enc_cert)
return entd
def test_timeout():
soon = in_a_while(seconds=1)
time.sleep(2)
assert valid(soon) == False
def entity_descriptor(confd):
mycert = None
enc_cert = None
if confd.cert_file is not None:
mycert = []
mycert.append("".join(read_cert(confd.cert_file)))
if confd.additional_cert_files is not None:
for _cert_file in confd.additional_cert_files:
mycert.append("".join(read_cert(_cert_file)))
if confd.encryption_keypairs is not None:
enc_cert = []
for _encryption in confd.encryption_keypairs:
enc_cert.append("".join(read_cert(_encryption["cert_file"])))
entd = md.EntityDescriptor()
entd.entity_id = confd.entityid
if confd.valid_for:
entd.valid_until = in_a_while(hours=int(confd.valid_for))
if confd.organization is not None:
entd.organization = do_organization_info(confd.organization)
if confd.contact_person is not None:
entd.contact_person = do_contact_persons_info(confd.contact_person)
if confd.assurance_certification:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.assurance_certification]
attr = Attribute(
attribute_value=ava,
name="urn:oasis:names:tc:SAML:attribute:assurance-certification",
)
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category]
attr = Attribute(
attribute_value=ava, name="http://macedir.org/entity-category"
)
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category_support:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category_support]
attr = Attribute(
attribute_value=ava, name="http://macedir.org/entity-category-support"
)
_add_attr_to_entity_attributes(entd.extensions, attr)
for item in algorithm_support_in_metadata(confd.xmlsec_binary):
if not entd.extensions:
entd.extensions = md.Extensions()
entd.extensions.add_extension_element(item)
conf_sp_type = confd.getattr('sp_type', 'sp')
conf_sp_type_in_md = confd.getattr('sp_type_in_metadata', 'sp')
if conf_sp_type and conf_sp_type_in_md is True:
if not entd.extensions:
entd.extensions = md.Extensions()
item = sp_type.SPType(text=conf_sp_type)
entd.extensions.add_extension_element(item)
serves = confd.serves
if not serves:
raise SAMLError(
'No service type ("sp","idp","aa") provided in the configuration')
if "sp" in serves:
confd.context = "sp"
entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert)
if "idp" in serves:
confd.context = "idp"
entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert)
if "aa" in serves:
confd.context = "aa"
entd.attribute_authority_descriptor = do_aa_descriptor(confd, mycert,
enc_cert)
if "pdp" in serves:
confd.context = "pdp"
entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert)
if "aq" in serves:
confd.context = "aq"
entd.authn_authority_descriptor = do_aq_descriptor(confd, mycert,
enc_cert)
return entd
def test_timeout():
soon = in_a_while(seconds=1)
time.sleep(2)
assert valid(soon) == False