From 950565e5a29ea6d0fb9052fd06a00042a53f4370 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 16 Jul 2010 19:34:18 +0000 Subject: [PATCH] [Tests/python] add test case for WebSSO with providers using encrypted keys --- bindings/python/tests/profiles_tests.py | 32 ++++++- tests/data/idp7-saml2/Makefile.am | 2 + tests/data/idp7-saml2/metadata.xml | 108 ++++++++++++++++++++++++ tests/data/idp7-saml2/password | 1 + tests/data/idp7-saml2/private-key.pem | 30 +++++++ tests/data/sp7-saml2/password | 2 +- 6 files changed, 171 insertions(+), 4 deletions(-) create mode 100644 tests/data/idp7-saml2/Makefile.am create mode 100644 tests/data/idp7-saml2/metadata.xml create mode 100644 tests/data/idp7-saml2/password create mode 100644 tests/data/idp7-saml2/private-key.pem diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py index c923f87f..45478f02 100755 --- a/bindings/python/tests/profiles_tests.py +++ b/bindings/python/tests/profiles_tests.py @@ -43,6 +43,16 @@ except NameError: srcdir = os.environ.get('TOP_SRCDIR', '.') dataDir = '%s/tests/data' % srcdir +def server(local_name, remote_role, remote_name): + pwd = os.path.join(dataDir, local_name, 'password') + password = None + if os.path.exists(pwd): + password = file(pwd).read() + s = lasso.Server(os.path.join(dataDir, local_name, 'metadata.xml'), + os.path.join(dataDir, local_name, 'private-key.pem'), + password) + s.addProvider(remote_role, os.path.join(dataDir, remote_name, 'metadata.xml')) + return s class ServerTestCase(unittest.TestCase): def test01(self): @@ -210,7 +220,6 @@ class LoginTestCase(unittest.TestCase): def test05(self): '''SAMLv2 Authn request emitted and received using Artifact binding''' - sp = lasso.Server( os.path.join(dataDir, 'sp5-saml2/metadata.xml'), os.path.join(dataDir, 'sp5-saml2/private-key.pem')) @@ -241,10 +250,28 @@ class LoginTestCase(unittest.TestCase): try: idp_login.processResponseMsg(sp_login2.msgBody) except: - print idp_login.response raise assert isinstance(idp_login.request, lasso.Samlp2AuthnRequest) + def test_06(self): + '''Login test between SP and IdP with encrypted private keys''' + sp_server = server('sp7-saml2', lasso.PROVIDER_ROLE_IDP, 'idp7-saml2') + idp_server = server('idp7-saml2', lasso.PROVIDER_ROLE_SP, 'sp7-saml2') + + sp_login = lasso.Login(sp_server) + sp_login.initAuthnRequest() + sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST; + sp_login.buildAuthnRequestMsg() + idp_login = lasso.Login(idp_server) + idp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE) + idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1]) + idp_login.validateRequestMsg(True, True) + idp_login.buildAssertion("None", "None", "None", "None", "None") + idp_login.buildAuthnResponseMsg() + sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE) + sp_login.processAuthnResponseMsg(idp_login.msgBody) + sp_login.acceptSso() + class LogoutTestCase(unittest.TestCase): def test01(self): """SP logout without session and identity; testing initRequest.""" @@ -434,7 +461,6 @@ class LogoutTestCase(unittest.TestCase): node = lasso.Samlp2LogoutRequest.newFromXmlNode(content) assert isinstance(node, lasso.Samlp2LogoutRequest) - print node.sessionIndex assert node.sessionIndex == 'id3' assert node.sessionIndexes == ('id1', 'id2', 'id3') diff --git a/tests/data/idp7-saml2/Makefile.am b/tests/data/idp7-saml2/Makefile.am new file mode 100644 index 00000000..adcdf09d --- /dev/null +++ b/tests/data/idp7-saml2/Makefile.am @@ -0,0 +1,2 @@ +MAINTAINERCLEANFILES = Makefile.in +EXTRA_DIST = metadata.xml private-key.pem diff --git a/tests/data/idp7-saml2/metadata.xml b/tests/data/idp7-saml2/metadata.xml new file mode 100644 index 00000000..9c8963ff --- /dev/null +++ b/tests/data/idp7-saml2/metadata.xml @@ -0,0 +1,108 @@ + + + + + + +MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP +MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 +dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 +MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF +UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq +h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m +6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u +uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH +ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi ++3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA +AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 +ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G +A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB +AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ +BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa +pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew +fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP +NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR +LlTxKnCrWAXftSm1rNtewTsF + + + + + + +MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP +MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 +dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 +MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF +UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq +h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m +6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u +uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH +ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi ++3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA +AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 +ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G +A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB +AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ +BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa +pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew +fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP +NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR +LlTxKnCrWAXftSm1rNtewTsF + + + + + + + + + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:kerberos + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + + Entr'ouvert + + + diff --git a/tests/data/idp7-saml2/password b/tests/data/idp7-saml2/password new file mode 100644 index 00000000..fcde4cdb --- /dev/null +++ b/tests/data/idp7-saml2/password @@ -0,0 +1 @@ +geronimo \ No newline at end of file diff --git a/tests/data/idp7-saml2/private-key.pem b/tests/data/idp7-saml2/private-key.pem new file mode 100644 index 00000000..45578541 --- /dev/null +++ b/tests/data/idp7-saml2/private-key.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,41BE9422FBDF1769BFEF03F9116F7A86 + +qKrThgVCsCb5Lx/7RIpwuvDZi6gvxEFb33QEjIEWdZ+ad0dkGRvxrIqqj+XvHEeW +V57oPO1sFAlgb+zBrGZpqItCAJEqC4NU55SwKZpKUtT0XdlHFRyfORlBwzb0qW/3 +dZbyhsEm+164MdXsCZiUYS/VAm8b1pYmBIkoPSZMMnPljNYVigRpYttF9dwMYgTQ +u/FwRS696qGSyo7ko00P8UbtTLgM+ufkCFNld6uxYphSNXAQyRQz4vQs97emNE58 +4JB5//0agCOa9qUz14ZQSpM2JyoevMHUOHyjbGJOLsCMPnQEboKvgj0gsZcgP2Ys +K4Nf/EQKadBbXpK4olxz50e6ybR0i7nylYsu7YVFyFR9GWbra29OAYEPvQxvBll7 +RIoZ4hI0ZgBY0qFFcyZbKH94Pqk5w0QSjfkHPcH/WL0UjLb+n59KsIUnmZ3dtiF9 +9mdE71wq94jOcqibjVmUy3Gyw4COZKTTjq9ptuLBC6fEPxGh6dfpSSV431Wpvpxy +OE15vfeT1i/ymH0ckWsQXgUqZ6QTuaTvlu5JpD94Blu7p6Rzj5fxEnLhOtwjXWpq +k6MAlS9bKhGbPbnzAqm5HkRypgDaNBPRXZhb9LClB5ysfjZRNdxCWrWusEGEtioQ +TdkPsUZ78d8m3u+FvOM2mTVkQBa6sAEl1l8fuOITuaNCYLBIIhyAvJfXRHhOC+zs +nvS6DX+3bZupxFJFcMi9fqlmz0QSXj4tKlbHY/xo3dGqQj5BWyibo8tDVhVIYy99 +zo/t8J0LTfSSCIvoV2gFHSoC7RIJ9Q25L0AV6TQiB2F/7FTeznfd7Tk9ZHokmiED +5VAKGRjDmPCZIJr2pbeEmwzs3r/p53JfLyNProv+ljTJLgdFtG1en5A3MsmymR0c +LTIxHWZjAwl7ai1yGghzqVYllm+OFjo6LsSusbuQwKs+Bo9qZPCBb10gQGur+ZR8 +r9Vfd3WV/WMJfi8Ciogd+uXhPzVxf5PyBvZh9vwqXHSB9YLxe+NpAxLxF5OuZmJx +VBdTA5y19XUvyucOOxjcJZaZTP6BYADsaUxhQIQHfyUtk6Y7Iwk2Abf4TQIuC5x6 +XEeRSmbKPCkuKh9L0H4KcK6hmFSyh7AICpUEW7tcMtK9HaZT/K5jsHPkG5q/3GXh +ed7e0QaA2Qc0uAvoFgGTPkgE6Nym30R6NUlnHl2T3gK9Ei6fQKdTYPYgRXAKmbNO +Wp0cjQ7w1zUNjoxkACX2Br2xm3DhnLVFPj6AWpnCsTtQA3ecgIzvSZugxpr0muP0 +SIPpBuyko+t0YQjP3DOZxeiLQ5o+3VxI749KfDuaNZsDN7ZPso7Pt1oG34uGgsFl +UypVEv+CgzTkepPPqJTWgK5VfNrSK3ev7Is90bpiyjwqywlwYaZUOXBm+wBwUmtH +T+lLtw00R5JGolA4I2MCd4PTauzbj30jLYJWLLW8sZcfMgpwnKUNtVwRaDMnOXIA +eX0cesfIbMiYF1sgR2Lqar/uqSJf1Kx8xIFdvqYZWsudF0ij4fva4xtCc0bgrnSy +lz91YgfF95hTd/qcCiO5GQxScG7umtUZLYmZKqtYKDjCkvtvnGFhqB5Ie21DK6OX +-----END RSA PRIVATE KEY----- diff --git a/tests/data/sp7-saml2/password b/tests/data/sp7-saml2/password index 26647829..fcde4cdb 100644 --- a/tests/data/sp7-saml2/password +++ b/tests/data/sp7-saml2/password @@ -1 +1 @@ -geronimo +geronimo \ No newline at end of file