From 303efd969c5d0b33c97d09c37e0c6be18588cd3c Mon Sep 17 00:00:00 2001
From: Ioannis Kakavas <ikakavas@noc.grnet.gr>
Date: Tue, 1 Aug 2017 15:24:35 +0300
Subject: Updated tests to work with new default signing requirements

Explicitly allow unsigned responses in tests where we do not
sign them.
---
 tests/test_51_client.py       | 10 +++++++++-
 tests/test_60_sp.py           |  2 ++
 tests/test_63_ecp.py          |  5 +++--
 tests/test_65_authn_query.py  |  2 ++
 tests/test_68_assertion_id.py |  3 ++-
 5 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/tests/test_51_client.py b/tests/test_51_client.py
index 937e0e20..688d73d7 100644
--- a/tests/test_51_client.py
+++ b/tests/test_51_client.py
@@ -389,6 +389,7 @@ class TestClient:
             destination="http://lingon.catalogix.se:8087/",
             sp_entity_id="urn:mace:example.com:saml:roland:sp",
             name_id_policy=nameid_policy,
+            sign_response=True,
             userid="foba0001@example.com",
             authn=AUTHN)
 
@@ -433,6 +434,7 @@ class TestClient:
             in_response_to="id2",
             destination="http://lingon.catalogix.se:8087/",
             sp_entity_id="urn:mace:example.com:saml:roland:sp",
+            sign_response=True,
             name_id_policy=nameid_policy,
             userid="also0001@example.com",
             authn=AUTHN)
@@ -889,7 +891,6 @@ class TestClient:
                                      node_id=assertion.id)
 
         sigass = rm_xmltag(sigass)
-
         response = sigver.response_factory(
             in_response_to="_012345",
             destination="http://lingon.catalogix.se:8087/",
@@ -912,6 +913,8 @@ class TestClient:
 
         resp_str = base64.encodestring(enctext.encode('utf-8'))
         # Now over to the client side
+        # Explicitely allow unsigned responses for this and the following 2 tests
+        self.client.want_response_signed = False
         resp = self.client.parse_authn_request_response(
             resp_str, BINDING_HTTP_POST,
             {"_012345": "http://foo.example.com/service"})
@@ -1313,6 +1316,9 @@ class TestClient:
 
     def test_signed_redirect(self):
 
+        # Revert configuration change to disallow unsinged responses
+        self.client.want_response_signed = True
+
         msg_str = "%s" % self.client.create_authn_request(
             "http://localhost:8088/sso", message_id="id1")[1]
 
@@ -1544,6 +1550,8 @@ class TestClientWithDummy():
         response = self.client.send(**http_args)
         print(response.text)
         _dic = unpack_form(response.text[3], "SAMLResponse")
+        # Explicitly allow unsigned responses for this test
+        self.client.want_response_signed = False
         resp = self.client.parse_authn_request_response(_dic["SAMLResponse"],
                                                         BINDING_HTTP_POST,
                                                         {sid: "/"})
diff --git a/tests/test_60_sp.py b/tests/test_60_sp.py
index 6448d6d8..dc72fa2d 100644
--- a/tests/test_60_sp.py
+++ b/tests/test_60_sp.py
@@ -46,6 +46,8 @@ AUTHN = {
 class TestSP():
     def setup_class(self):
         self.sp = make_plugin("rem", saml_conf="server_conf")
+        # Explicitly allow unsigned responses for this test
+        self.sp.saml_client.want_response_signed = False
         self.server = Server(config_file="idp_conf")
 
     def teardown_class(self):
diff --git a/tests/test_63_ecp.py b/tests/test_63_ecp.py
index 32a1aaed..61bd98c8 100644
--- a/tests/test_63_ecp.py
+++ b/tests/test_63_ecp.py
@@ -92,7 +92,7 @@ def test_complete_flow():
                                                 entity_id=sp_entity_id)
 
         resp = idp.create_ecp_authn_request_response(
-            destination, {"eduPersonEntitlement": "Short stop",
+            destination,{"eduPersonEntitlement": "Short stop",
                           "surName": "Jeter",
                           "givenName": "Derek",
                           "mail": "derek.jeter@nyy.mlb.com",
@@ -136,7 +136,8 @@ def test_complete_flow():
                 assert inst.text == "XYZ"
 
         # parse the response
-
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         resp = sp.parse_authn_request_response(respdict["body"], None, {sid: "/"})
 
         print(resp.response)
diff --git a/tests/test_65_authn_query.py b/tests/test_65_authn_query.py
index 54d529f8..bd258238 100644
--- a/tests/test_65_authn_query.py
+++ b/tests/test_65_authn_query.py
@@ -92,6 +92,8 @@ def test_flow():
         # ------- @SP ----------
 
         xmlstr = get_msg(hinfo, binding)
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         aresp = sp.parse_authn_request_response(xmlstr, binding,
                                                 {resp.in_response_to: "/"})
 
diff --git a/tests/test_68_assertion_id.py b/tests/test_68_assertion_id.py
index 52959f3a..60e85828 100644
--- a/tests/test_68_assertion_id.py
+++ b/tests/test_68_assertion_id.py
@@ -78,7 +78,8 @@ def test_basic_flow():
         # --------- @SP -------------
 
         xmlstr = get_msg(hinfo, binding)
-
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         aresp = sp.parse_authn_request_response(xmlstr, binding,
                                                 {resp.in_response_to: "/"})
 
-- 
cgit v1.2.1