diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2022-08-10 13:15:31 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2022-08-10 13:28:17 +0300 |
commit | 0b7d7c0adb1347f08e520ed11a38ea1c153b47a7 (patch) | |
tree | 12f71e921c2478cc913e151ff3a156f938aa70eb | |
parent | 63fca12502acc76bc5f01be6abb16a9de8430629 (diff) | |
download | pysaml2-0b7d7c0adb1347f08e520ed11a38ea1c153b47a7.tar.gz |
Update test cases with schema validation tests
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
-rw-r--r-- | tests/eidas_response.xml | 63 | ||||
-rw-r--r-- | tests/encrypted_attribute_statement.xml | 4 | ||||
-rw-r--r-- | tests/idp_example.xml | 3 | ||||
-rw-r--r-- | tests/invalid_metadata_file.xml | 2 | ||||
-rw-r--r-- | tests/metadata.xml | 18 | ||||
-rw-r--r-- | tests/metasp.xml | 4 | ||||
-rw-r--r-- | tests/saml_false_signed.xml | 6 | ||||
-rw-r--r-- | tests/saml_signed.xml | 10 | ||||
-rw-r--r-- | tests/saml_unsigned.xml | 10 | ||||
-rw-r--r-- | tests/test_30_mdstore.py | 12 | ||||
-rw-r--r-- | tests/test_schema_validator.py | 89 | ||||
-rw-r--r-- | tests/vo_metadata.xml | 4 |
12 files changed, 191 insertions, 34 deletions
diff --git a/tests/eidas_response.xml b/tests/eidas_response.xml new file mode 100644 index 00000000..d43b93b2 --- /dev/null +++ b/tests/eidas_response.xml @@ -0,0 +1,63 @@ +<?xml version="1.0" encoding="UTF-8"?> +<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" Destination="https://eidas-connector.at/post" ID="_5a15625de8618920748123042db52367" InResponseTo="_171ccc6b39b1e8f6e762c2e4ee4ded3a" IssueInstant="2015-04-30T19:27:20.159Z" Version="2.0"> + <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://eidas-service.eu</saml2:Issuer> + <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <ds:SignatureMethod Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"/> + <ds:Reference URI="#_5a15625de8618920748123042db52367"> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> + <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/> + </ds:Transform> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <ds:DigestValue>t5V4hqAh4Nxjd49H/rC+N9tN/dNHBNuCOco1v1GYfFc=</ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue>fQ==</ds:SignatureValue> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>fQ==</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </ds:Signature> + <saml2p:Status> + <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> + </saml2p:Status> + <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:eidas="http://eidas.europa.eu/attributes/naturalperson" ID="_47482789069732322d02d825c9a2fafa" IssueInstant="2015-04-30T19:27:20.159Z" Version="2.0"> + <saml2:Issuer Format="urn:oasis:names:tc:saml2:2.0:nameid-format:entity">https://eidas-service.eu</saml2:Issuer> + <saml2:Subject> + <saml2:NameID Format="urn:oasis:names:tc:saml2:2.0:nameid-format:persistent">ES/AT/02635542Y</saml2:NameID> + <saml2:SubjectConfirmation Method="urn:oasis:names:tc:saml2:2.0:cm:bearer"> + <saml2:SubjectConfirmationData InResponseTo="_171ccc6b39b1e8f6e762c2e4ee4ded3a" NotOnOrAfter="2015-04-30T19:32:20.157Z" Recipient="https://eidas-connector.eu/post"/> + </saml2:SubjectConfirmation> + </saml2:Subject> + <saml2:Conditions NotBefore="2015-04-30T19:27:20.159Z" NotOnOrAfter="2015-04-30T19:32:20.157Z"> + <saml2:AudienceRestriction> + <saml2:Audience>https://eidas-connector.eu/post</saml2:Audience> + </saml2:AudienceRestriction> + </saml2:Conditions> + <saml2:AuthnStatement AuthnInstant="2015-04-30T19:27:20.159Z" SessionIndex="_5eeb319253e2d7d125e3dcc72806209a"> + <saml2:AuthnContext> + <saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef> + </saml2:AuthnContext> + </saml2:AuthnStatement> + <saml2:AttributeStatement> + <saml2:Attribute FriendlyName="PersonIdentifier" Name="http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier" NameFormat="urn:oasis:names:tc:saml2:2.0:attrname-format:uri"> + <saml2:AttributeValue xsi:type="eidas:PersonIdentifierType">ES/AT/02635542Y</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="FamilyName" Name="http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xsi:type="eidas:CurrentFamilyNameType">Onasis</saml2:AttributeValue> + <saml2:AttributeValue eidas:LatinScript="false" xsi:type="eidas:CurrentFamilyNameType">Ωνάσης</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="FirstName" Name="http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName" NameFormat="urn:oasis:names:tc:saml2:2.0:attrname-format:uri"> + <saml2:AttributeValue xsi:type="eidas:CurrentGivenNameType">Sarah</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute FriendlyName="DateOfBirth" Name="http://eidas.europa.eu/attributes/naturalperson/DateOfBirth" NameFormat="urn:oasis:names:tc:saml2:2.0:attrname-format:uri"> + <saml2:AttributeValue xsi:type="eidas:DateOfBirthType">1970-05-28</saml2:AttributeValue> + </saml2:Attribute> + </saml2:AttributeStatement> + </saml2:Assertion> +</saml2p:Response> diff --git a/tests/encrypted_attribute_statement.xml b/tests/encrypted_attribute_statement.xml index 45c49041..9727d3c9 100644 --- a/tests/encrypted_attribute_statement.xml +++ b/tests/encrypted_attribute_statement.xml @@ -3,7 +3,7 @@ xmlns:ns1="http://www.w3.org/2001/04/xmlenc#" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"> <ns0:EncryptedAttribute > - <ns1:EncryptedData ID="_dcf9eb6ed26d9332d940130e0cae1ba1" + <ns1:EncryptedData Id="_dcf9eb6ed26d9332d940130e0cae1ba1" Type="http://www.w3.org/2001/04/xmlenc#Element"> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> @@ -24,7 +24,7 @@ </ns1:CipherValue> </ns1:CipherData> </ns1:EncryptedData> - <ns1:EncryptedKey ID="_1234"> + <ns1:EncryptedKey Id="_1234"> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ns2:KeyInfo> diff --git a/tests/idp_example.xml b/tests/idp_example.xml index dd7bc86f..38bdd1f7 100644 --- a/tests/idp_example.xml +++ b/tests/idp_example.xml @@ -3,8 +3,7 @@ xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="http://localhost:8088/idp.xml" validUntil="2036-04-12T06:06:13Z"> - <ns0:IDPSSODescriptor WantAuthnRequestsOnlyWithValidCert="false" - WantAuthnRequestsSigned="false" + <ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <ns0:KeyDescriptor use="encryption"> <ns1:KeyInfo> diff --git a/tests/invalid_metadata_file.xml b/tests/invalid_metadata_file.xml index 249c87ce..5e65d5f5 100644 --- a/tests/invalid_metadata_file.xml +++ b/tests/invalid_metadata_file.xml @@ -1 +1 @@ -this content is invalid +<root>this content is invalid for a metadata file</root> diff --git a/tests/metadata.xml b/tests/metadata.xml index 90fb3d2d..0c7215ad 100644 --- a/tests/metadata.xml +++ b/tests/metadata.xml @@ -1,9 +1,9 @@ <?xml version='1.0' encoding='UTF-8'?> -<ns0:EntitiesDescriptor name="urn:mace:example.com:saml:test" +<ns0:EntitiesDescriptor Name="urn:mace:example.com:saml:test" validUntil="2036-12-04T17:31:07Z" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"> <ns0:EntityDescriptor entityID="urn:mace:example.com:saml:roland:sp"> - <ns0:SPSSODescriptor AuthnRequestsSigned="False" WantAssertionsSigned="True" + <ns0:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <ns0:KeyDescriptor> <ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"> @@ -34,11 +34,9 @@ Location="http://localhost:8087/" index="0"/> </ns0:SPSSODescriptor> <ns0:Organization> - <ns0:OrganizationURL xml:lang="en">http://www.example.com/ - </ns0:OrganizationURL> <ns0:OrganizationName xml:lang="en">Example Co</ns0:OrganizationName> - <ns0:OrganizationDisplayName xml:lang="en">Example Co - </ns0:OrganizationDisplayName> + <ns0:OrganizationDisplayName xml:lang="en">Example Co</ns0:OrganizationDisplayName> + <ns0:OrganizationURL xml:lang="en">http://www.example.com/</ns0:OrganizationURL> </ns0:Organization> <ns0:ContactPerson contactType="technical"> <ns0:GivenName>Roland</ns0:GivenName> @@ -47,7 +45,7 @@ </ns0:ContactPerson> </ns0:EntityDescriptor> <ns0:EntityDescriptor entityID="urn:mace:example.com:saml:roland:idp"> - <ns0:IDPSSODescriptor WantAuthnRequestsSigned="True" + <ns0:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <ns0:KeyDescriptor> <ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"> @@ -78,11 +76,9 @@ Location="http://localhost:8088/sso/"/> </ns0:IDPSSODescriptor> <ns0:Organization> - <ns0:OrganizationURL xml:lang="en">http://www.example.com/ - </ns0:OrganizationURL> <ns0:OrganizationName xml:lang="en">Example Co</ns0:OrganizationName> - <ns0:OrganizationDisplayName xml:lang="en">Example Co - </ns0:OrganizationDisplayName> + <ns0:OrganizationDisplayName xml:lang="en">Example Co</ns0:OrganizationDisplayName> + <ns0:OrganizationURL xml:lang="en">http://www.example.com/</ns0:OrganizationURL> </ns0:Organization> <ns0:ContactPerson contactType="technical"> <ns0:GivenName>Roland</ns0:GivenName> diff --git a/tests/metasp.xml b/tests/metasp.xml index b1756d59..00625ba7 100644 --- a/tests/metasp.xml +++ b/tests/metasp.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> -<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" name="urn:mace:umu.se:saml:test" validUntil="2036-12-01T09:22:16Z"> +<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" Name="urn:mace:umu.se:saml:test" validUntil="2036-12-01T09:22:16Z"> <ns0:EntityDescriptor entityID="urn:mace:umu.se:saml:roland:sp"> - <ns0:SPSSODescriptor AuthnRequestsSigned="False" WantAssertionsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <ns0:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <ns0:KeyDescriptor> <ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"> <ns1:X509Data> diff --git a/tests/saml_false_signed.xml b/tests/saml_false_signed.xml index f8c4a741..0d77ffd6 100644 --- a/tests/saml_false_signed.xml +++ b/tests/saml_false_signed.xml @@ -64,15 +64,15 @@ OmuMZY0K6ERY4fNVnGEAoUZeieehC6/ljmfk14xCAlE=</ns2:SignatureValue> </ns1:AuthnStatement> <ns1:AttributeStatement> <ns1:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> student </ns1:AttributeValue> </ns1:Attribute> <ns1:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> member </ns1:AttributeValue> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> student </ns1:AttributeValue> </ns1:Attribute> diff --git a/tests/saml_signed.xml b/tests/saml_signed.xml index ca824c2f..d652d261 100644 --- a/tests/saml_signed.xml +++ b/tests/saml_signed.xml @@ -44,7 +44,7 @@ OmuMZY0K6ERY4fNVnGEAoUZeieehC6/ljmfk14xCAlE=</ns2:SignatureValue> </ns2:X509Data> </ns2:KeyInfo> </ns2:Signature> - <ns1:Subject> + <ns1:Subject> <ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" SPNameQualifier="xenosmilus.umdc.umu.se"> _cddc88563d433f556d4cc70c3162deabddea3b5019 </ns1:NameID> @@ -58,21 +58,21 @@ OmuMZY0K6ERY4fNVnGEAoUZeieehC6/ljmfk14xCAlE=</ns2:SignatureValue> </ns1:AudienceRestriction> </ns1:Conditions> <ns1:AuthnStatement AuthnInstant="2009-09-25T18:12:39Z" SessionIndex="_788db107b9bb1b6ab94f00deebbfe3d92c999b3041"> - <ns1:AuthnContext> + <ns1:AuthnContext> <ns1:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns1:AuthnContextClassRef> </ns1:AuthnContext> </ns1:AuthnStatement> <ns1:AttributeStatement> <ns1:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> student </ns1:AttributeValue> </ns1:Attribute> <ns1:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> member </ns1:AttributeValue> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> student </ns1:AttributeValue> </ns1:Attribute> diff --git a/tests/saml_unsigned.xml b/tests/saml_unsigned.xml index c0213bfa..e5a84991 100644 --- a/tests/saml_unsigned.xml +++ b/tests/saml_unsigned.xml @@ -6,7 +6,7 @@ </ns0:Status> <ns1:Assertion xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx9e022535-4b38-cc7f-41ec-9a01bcd2936d" IssueInstant="2009-10-25T18:12:39Z" Version="2.0"> <ns1:Issuer>http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php</ns1:Issuer> - <ns1:Subject> + <ns1:Subject> <ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" SPNameQualifier="xenosmilus.umdc.umu.se"> _cddc88563d433f556d4cc70c3162deabddea3b5019 </ns1:NameID> @@ -20,21 +20,21 @@ </ns1:AudienceRestriction> </ns1:Conditions> <ns1:AuthnStatement AuthnInstant="2009-10-25T18:12:39Z" SessionIndex="_788db107b9bb1b6ab94f00deebbfe3d92c999b3041"> - <ns1:AuthnContext> + <ns1:AuthnContext> <ns1:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns1:AuthnContextClassRef> </ns1:AuthnContext> </ns1:AuthnStatement> <ns1:AttributeStatement> <ns1:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> student </ns1:AttributeValue> </ns1:Attribute> <ns1:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> member </ns1:AttributeValue> - <ns1:AttributeValue xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> + <ns1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance" ns2:type="xs:string"> student </ns1:AttributeValue> </ns1:Attribute> diff --git a/tests/test_30_mdstore.py b/tests/test_30_mdstore.py index 1531f058..10d60a32 100644 --- a/tests/test_30_mdstore.py +++ b/tests/test_30_mdstore.py @@ -167,6 +167,10 @@ METADATACONF = { "class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("idp_uiinfo.xml"),)], }], + "16": [{ + "class": "saml2.mdstore.MetaDataFile", + "metadata": [(full_path("empty_metadata_file.xml"),)], + }], } @@ -183,8 +187,14 @@ def _fix_valid_until(xmlstring): def test_invalid_metadata(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) + mds.imp(METADATACONF["14"]) + assert mds.entities() == 0 + + +def test_empty_metadata(): + mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) with raises(SAMLError): - mds.imp(METADATACONF["14"]) + mds.imp(METADATACONF["16"]) def test_swami_1(): diff --git a/tests/test_schema_validator.py b/tests/test_schema_validator.py new file mode 100644 index 00000000..ebeb2412 --- /dev/null +++ b/tests/test_schema_validator.py @@ -0,0 +1,89 @@ +from pathutils import full_path as expand_full_path + +from pytest import raises +from pytest import mark + +from saml2.xml.schema import validate as validate_doc_with_schema +from saml2.xml.schema import XMLSchemaError + + +@mark.parametrize("doc", ["invalid_metadata_file.xml", "empty_metadata_file.xml"]) +def test_invalid_saml_metadata_doc(doc): + with raises(XMLSchemaError): + validate_doc_with_schema(expand_full_path(doc)) + + +@mark.parametrize( + "doc", + [ + "InCommon-metadata.xml", + "idp.xml", + "idp_2.xml", + "idp_aa.xml", + "idp_all.xml", + "idp_example.xml", + "idp_soap.xml", + "entity_cat_re.xml", + "entity_cat_re_nren.xml", + "entity_cat_rs.xml", + "entity_cat_sfs_hei.xml", + "entity_esi_and_coco_sp.xml", + "entity_no_friendly_name_sp.xml", + "extended.xml", + "idp_slo_redirect.xml", + "idp_uiinfo.xml", + "metadata.aaitest.xml", + "metadata.xml", + "metadata_cert.xml", + "metadata_example.xml", + "metadata_sp_1.xml", + "metadata_sp_1_no_encryption.xml", + "metadata_sp_2.xml", + "metasp.xml", + "pdp_meta.xml", + "servera.xml", + "sp.xml", + "sp_slo_redirect.xml", + # XXX "swamid-1.0.xml", + # XXX "swamid-2.0.xml", + # TODO include the fed namespace + # TODO see https://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html + "urn-mace-swami.se-swamid-test-1.0-metadata.xml", + "uu.xml", + "vo_metadata.xml", + ], +) +def test_valid_saml_metadata_doc(doc): + result = validate_doc_with_schema(expand_full_path(doc)) + assert result == None + + +@mark.parametrize( + "doc", + [ + "attribute_response.xml", + "okta_response.xml", + "simplesamlphp_authnresponse.xml", + "saml2_response.xml", + "saml_false_signed.xml", + "saml_hok.xml", + "saml_hok_invalid.xml", + "saml_signed.xml", + "saml_unsigned.xml", + ], +) +def test_valid_saml_response_doc(doc): + result = validate_doc_with_schema(expand_full_path(doc)) + assert result == None + + +@mark.parametrize("doc", ["encrypted_attribute_statement.xml"]) +def test_valid_saml_partial_doc(doc): + result = validate_doc_with_schema(expand_full_path(doc)) + assert result == None + + +@mark.parametrize("doc", ["eidas_response.xml"]) +def test_valid_eidas_saml_response_doc(doc): + result = validate_doc_with_schema(expand_full_path(doc)) + assert result == None diff --git a/tests/vo_metadata.xml b/tests/vo_metadata.xml index fafc4c04..99556204 100644 --- a/tests/vo_metadata.xml +++ b/tests/vo_metadata.xml @@ -1,11 +1,11 @@ <?xml version='1.0' encoding='UTF-8'?> <ns0:EntitiesDescriptor - name="urn:mace:example.com:votest" + Name="urn:mace:example.com:votest" validUntil="2036-11-28T09:10:09Z" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"> <ns0:EntityDescriptor entityID="urn:mace:example.com:it:tek"> - <ns0:AffiliationDescriptor + <ns0:AffiliationDescriptor affiliationOwnerID="http://vo.example.org/vo"> <ns0:AffiliateMember> urn:mace:example.com:saml:aa |