示例#1
0
 def test_signature_mismatch(self):
     self.request_data['signed_data'] += b'XXX'
     request = HTTPRedirectRequest(**self.request_data)
     verifier = HTTPRedirectSignatureVerifier(self.cert, request)
     with pytest.raises(SignatureVerificationError) as excinfo:
         verifier.verify()
     exc = excinfo.value
     self.assertEqual('Verifica della firma fallita.', exc.args[0])
示例#2
0
 def test_unknown_algorithm(self):
     self.request_data['sig_alg'] = 'unknown_sig_alg'
     request = HTTPRedirectRequest(**self.request_data)
     verifier = HTTPRedirectSignatureVerifier(self.cert, request)
     with pytest.raises(SignatureVerificationError) as excinfo:
         verifier.verify()
     exc = excinfo.value
     self.assertEqual(
         "L'algoritmo 'unknown_sig_alg' è sconosciuto o non supportato. Si prega di "
         "utilizzare uno dei seguenti: {}".format(self.supported_sig_alg),
         exc.args[0])
示例#3
0
 def test_deprecated_algorithm(self):
     self.request_data[
         'sig_alg'] = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
     request = HTTPRedirectRequest(**self.request_data)
     verifier = HTTPRedirectSignatureVerifier(self.cert, request)
     with pytest.raises(SignatureVerificationError) as excinfo:
         verifier.verify()
     exc = excinfo.value
     self.assertEqual(
         "L'algoritmo 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' è considerato deprecato. "
         "Si prega di utilizzare uno dei seguenti: {}".format(
             self.supported_sig_alg), exc.args[0])
示例#4
0
 def _handle_http_redirect(self, action):
     # FIXME: replace the following code with a call to a function
     # in the parser.py module after metadata refactoring.
     # The IdpServer class should not
     # be responsible of request parsing, or know anything
     # about request parsing *at all*.
     saml_msg = self.unpack_args(request.args)
     request_data = HTTPRedirectRequestParser(saml_msg).parse()
     deserializer = get_http_redirect_request_deserializer(
         request_data, action, self.server.metadata)
     saml_tree = deserializer.deserialize()
     certs = self._get_certificates_by_issuer(saml_tree.issuer.text)
     for cert in certs:
         HTTPRedirectSignatureVerifier(cert, request_data).verify()
     return SPIDRequest(request_data, saml_tree)
示例#5
0
 def test_valid_signature(self):
     request = HTTPRedirectRequest(**self.request_data)
     verifier = HTTPRedirectSignatureVerifier(self.cert, request)
     self.assertIsNone(verifier.verify())