diff options
Diffstat (limited to 'tests/test_93_hok.py')
-rw-r--r-- | tests/test_93_hok.py | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/tests/test_93_hok.py b/tests/test_93_hok.py index df740722..dc6aac6e 100644 --- a/tests/test_93_hok.py +++ b/tests/test_93_hok.py @@ -1,23 +1,19 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from saml2.response import authn_response +from saml2.response import authn_response, VerificationError from saml2.config import config_factory from pathutils import dotname, full_path -HOLDER_OF_KEY_RESPONSE_FILE = full_path("saml_hok.xml") +HOLDER_OF_KEY_RESPONSE_FILE = full_path("saml_hok.xml") +INVALID_HOLDER_OF_KEY_RESPONSE_FILE = full_path("saml_hok_invalid.xml") class TestHolderOfKeyResponse: - def test_hok_response_is_parsed(self): + def test_valid_hok_response_is_parsed(self): """Verifies that response with 'holder-of-key' subject confirmations is parsed successfully.""" - conf = config_factory("idp", dotname("server_conf")) - resp = authn_response(conf, "https://sp:443/.auth/saml/login", asynchop=False, allow_unsolicited=True) - with open(HOLDER_OF_KEY_RESPONSE_FILE, 'r') as fp: - authn_response_xml = fp.read() - resp.loads(authn_response_xml, False) + resp = self._get_test_response(HOLDER_OF_KEY_RESPONSE_FILE) resp.do_not_verify = True - resp.parse_assertion() assert resp.get_subject() is not None @@ -56,6 +52,25 @@ class TestHolderOfKeyResponse: certs[index] = item return certs + def test_invalid_hok_response_fails_verification(self): + """Verifies that response with invalid 'holder-of-key' subject confirmations is parsed successfully.""" + resp = self._get_test_response(INVALID_HOLDER_OF_KEY_RESPONSE_FILE) + resp.do_not_verify = True + + try: + resp.parse_assertion() + assert False, "parse_assertion() did not fail as expected" + except VerificationError as e: + assert e is not None + + def _get_test_response(self, path): + conf = config_factory("idp", dotname("server_conf")) + resp = authn_response(conf, "https://sp:443/.auth/saml/login", asynchop=False, allow_unsolicited=True) + with open(path, 'r') as fp: + authn_response_xml = fp.read() + resp.loads(authn_response_xml, False) + return resp + if __name__ == "__main__": t = TestHolderOfKeyResponse() |