diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-10-04 22:13:08 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-10-05 13:23:22 +0300 |
commit | f3084777d8ded203026577e1f08b9a30d80bd3a8 (patch) | |
tree | a1582c740f3510534a3ca36094c97cdff74f3361 | |
parent | ec2ccd72beb12ab1f81c63c46953aaa764142209 (diff) | |
download | pysaml2-f3084777d8ded203026577e1f08b9a30d80bd3a8.tar.gz |
The xsd:id attribute value must not start with a number
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
-rw-r--r-- | src/saml2/sigver.py | 17 | ||||
-rw-r--r-- | tests/test_42_enc.py | 41 |
2 files changed, 42 insertions, 16 deletions
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index 0d960d21..02daadc8 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -8,8 +8,8 @@ import hashlib import itertools import logging import os -import uuid import six +from uuid import uuid4 as gen_random_key from time import mktime import pytz @@ -1840,17 +1840,16 @@ def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_1_5, key_name='my-rs :param key_name: :return: """ - ek_id = encrypted_key_id or str(uuid.uuid4()) - ed_id = encrypted_data_id or str(uuid.uuid4()) + ek_id = encrypted_key_id or "EK_{id}".format(id=gen_random_key()) + ed_id = encrypted_data_id or "ED_{id}".format(id=gen_random_key()) msg_encryption_method = EncryptionMethod(algorithm=msg_enc) key_encryption_method = EncryptionMethod(algorithm=key_enc) encrypted_key = EncryptedKey( - id=ek_id, - encryption_method=key_encryption_method, - key_info=ds.KeyInfo( - key_name=ds.KeyName(text=key_name)), - cipher_data=CipherData( - cipher_value=CipherValue(text=''))) + id=ek_id, + encryption_method=key_encryption_method, + key_info=ds.KeyInfo(key_name=ds.KeyName(text=key_name)), + cipher_data=CipherData(cipher_value=CipherValue(text='')), + ) key_info = ds.KeyInfo(encrypted_key=encrypted_key) encrypted_data = EncryptedData( id=ed_id, diff --git a/tests/test_42_enc.py b/tests/test_42_enc.py index 1041a19f..97bdf8ea 100644 --- a/tests/test_42_enc.py +++ b/tests/test_42_enc.py @@ -1,4 +1,7 @@ +import re + from contextlib import closing + from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.server import Server from saml2.sigver import pre_encryption_part, ASSERT_XPATH, EncryptError @@ -9,7 +12,7 @@ from pathutils import full_path __author__ = 'roland' -TMPL_NO_HEADER = """<ns0:EncryptedData xmlns:ns0="http://www.w3.org/2001/04/xmlenc#" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns1:KeyInfo><ns0:EncryptedKey Id="EK"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><ns1:KeyInfo><ns1:KeyName>my-rsa-key</ns1:KeyName></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue /></ns0:CipherData></ns0:EncryptedKey></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue /></ns0:CipherData></ns0:EncryptedData>""" +TMPL_NO_HEADER = """<ns0:EncryptedData xmlns:ns0="http://www.w3.org/2001/04/xmlenc#" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" Id="{ed_id}" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns1:KeyInfo><ns0:EncryptedKey Id="{ek_id}"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><ns1:KeyInfo><ns1:KeyName>my-rsa-key</ns1:KeyName></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue /></ns0:CipherData></ns0:EncryptedKey></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue /></ns0:CipherData></ns0:EncryptedData>""" TMPL = "<?xml version='1.0' encoding='UTF-8'?>\n%s" % TMPL_NO_HEADER IDENTITY = {"eduPersonAffiliation": ["staff", "member"], @@ -24,10 +27,37 @@ AUTHN = { } -def test_pre_enc(): +def test_pre_enc_key_format(): + def the_xsd_ID_value_must_start_with_either_a_letter_or_underscore(id): + result = re.match(r"^[a-zA-Z_]", id[0]) + return result + + def the_xsd_ID_value_may_contain_only_letters_digits_underscores_hyphens_periods(id): + result = re.match(r"^[a-zA-Z0-9._-]*$", id[1:]) + return result + + tmpl = pre_encryption_part() + for id in (tmpl.id, tmpl.key_info.encrypted_key.id): + assert the_xsd_ID_value_must_start_with_either_a_letter_or_underscore(id) + assert the_xsd_ID_value_may_contain_only_letters_digits_underscores_hyphens_periods(id) + + +def test_pre_enc_with_pregenerated_key(): tmpl = pre_encryption_part(encrypted_key_id="EK", encrypted_data_id="ED") - print(tmpl) - assert "%s" % tmpl in (TMPL_NO_HEADER, TMPL) + expected = TMPL_NO_HEADER.format( + ed_id=tmpl.id, + ek_id=tmpl.key_info.encrypted_key.id, + ) + assert str(tmpl) == expected + + +def test_pre_enc_with_generated_key(): + tmpl = pre_encryption_part() + expected = TMPL_NO_HEADER.format( + ed_id=tmpl.id, + ek_id=tmpl.key_info.encrypted_key.id, + ) + assert str(tmpl) == expected def test_reshuffle_response(): @@ -41,7 +71,6 @@ def test_reshuffle_response(): resp2 = pre_encrypt_assertion(resp_) - print(resp2) assert resp2.encrypted_assertion.extension_elements @@ -74,7 +103,6 @@ def test_enc1(): crypto = CryptoBackendXmlSec1(xmlsec_path) (_stdout, _stderr, output) = crypto._run_xmlsec(com_list, [tmpl]) - print(output) assert _stderr == "" assert _stdout == "" @@ -93,7 +121,6 @@ def test_enc2(): enc_resp = crypto.encrypt_assertion(resp_, full_path("pubkey.pem"), pre_encryption_part()) - print(enc_resp) assert enc_resp if __name__ == "__main__": |