#!/usr/bin/env python
#
"""Tests for saml2.saml"""
__author__ = "roland.hedberg@adm.umu.se (Roland Hedberg)"
try:
pass
except ImportError:
pass
import ds_data
from pytest import raises
import saml2_data
import saml2
from saml2 import saml
from saml2 import xmldsig as ds
from saml2.saml import NAMEID_FORMAT_EMAILADDRESS
from saml2.saml import Attribute
from saml2.saml import AttributeValue
from saml2.saml import Issuer
class TestExtensionElement:
def test_loadd(self):
ava = {
"attributes": {"attr": "loa", "info": "source"},
"tag": "tag",
"namespace": "urn:mace:example.com",
"text": "free text",
}
ee = saml2.ExtensionElement(ava["tag"])
ee.loadd(ava)
del ava["tag"]
print(ava)
ee = saml2.ExtensionElement("")
with raises(KeyError):
ee.loadd(ava)
ava["tag"] = "foo"
del ava["namespace"]
ee = saml2.ExtensionElement("")
with raises(KeyError):
ee.loadd(ava)
def test_find_children(self):
ava = {
"attributes": {"attr": "loa", "info": "source"},
"tag": "tag",
"namespace": "urn:mace:example.com",
"text": "free text",
"children": [
{
"attributes": {"foo": "bar", "special": "app"},
"tag": "tag2",
"namespace": "urn:mace:example.com",
"text": "Just a line",
},
{
"attributes": {"static": "attribute", "dynamic": "orgname"},
"tag": "tag3",
"namespace": "urn:mace:example.com",
"text": "Another line of text",
"children": [{"tag": "subtag", "namespace": "urn:mace:example.org", "text": "grandchild"}],
},
{
"attributes": {"entitlement": "xyz"},
"tag": "tag4",
"namespace": "urn:mace:example.org",
"text": "A comment",
},
],
}
ee = saml2.ExtensionElement(ava["tag"])
ee.loadd(ava)
c = ee.find_children(tag="tag")
assert len(c) == 0
c = ee.find_children(tag="tag2")
assert len(c) == 1
c = ee.find_children(tag="tag3")
assert len(c) == 1
# Grandchild
gc = c[0].find_children(tag="subtag")
assert len(gc) == 1
# only do immediate children
gc = ee.find_children(tag="subtag")
assert len(gc) == 0
c = ee.find_children(tag="tag2", namespace="urn:mace:example.com")
assert len(c) == 1
c = ee.find_children(tag="tag2", namespace="urn:mace:example.org")
assert len(c) == 0
c = ee.find_children(tag="subtag", namespace="urn:mace:example.org")
assert len(c) == 0
c = ee.find_children(namespace="urn:mace:example.com")
assert len(c) == 2
c = ee.find_children(namespace="urn:mace:example.org")
assert len(c) == 1
c = ee.find_children()
assert len(c) == 3
class TestExtensionContainer:
def test_find_extensions(self):
avas = [
{
"attributes": {"foo": "bar", "special": "app"},
"tag": "tag2",
"namespace": "urn:mace:example.com",
"text": "Just a line",
},
{
"attributes": {"static": "attribute", "dynamic": "orgname"},
"tag": "tag3",
"namespace": "urn:mace:example.com",
"text": "Another line of text",
"children": [{"tag": "subtag", "namespace": "urn:mace:example.org", "text": "grandchild"}],
},
{
"attributes": {"entitlement": "xyz"},
"tag": "tag4",
"namespace": "urn:mace:example.org",
"text": "A comment",
},
]
ees = [saml2.ExtensionElement("").loadd(a) for a in avas]
print(ees)
ec = saml2.ExtensionContainer(extension_elements=ees)
esl = ec.find_extensions(tag="tag2")
assert len(esl) == 1
esl = ec.find_extensions(tag="tag3")
assert len(esl) == 1
esl = ec.find_extensions(tag="tag4")
assert len(esl) == 1
esl = ec.find_extensions(tag="tag2", namespace="urn:mace:example.com")
assert len(esl) == 1
esl = ec.find_extensions(tag="tag2", namespace="urn:mace:example.org")
assert len(esl) == 0
esl = ec.find_extensions(namespace="urn:mace:example.com")
assert len(esl) == 2
esl = ec.find_extensions(namespace="urn:mace:example.org")
assert len(esl) == 1
esl = ec.find_extensions()
assert len(esl) == 3
def test_add_extension_elements(self):
items = [
saml.NameID(sp_name_qualifier="sp0", text="foo"),
saml.NameID(sp_name_qualifier="sp1", text="bar"),
saml.Audience(text="http://example.org"),
]
ec = saml2.ExtensionContainer()
ec.add_extension_elements(items)
esl = ec.find_extensions(tag="NameID")
assert len(esl) == 2
esl = ec.find_extensions(tag="Audience")
assert len(esl) == 1
esl = ec.find_extensions(namespace=saml.NAMESPACE)
assert len(esl) == 3
esl = ec.find_extensions()
assert len(esl) == 3
def test_add_extension_attribute(self):
ec = saml2.ExtensionContainer()
ec.add_extension_attribute("foo", "bar")
assert len(ec.extension_attributes) == 1
assert list(ec.extension_attributes.keys())[0] == "foo"
class TestSAMLBase:
def test_make_vals_dict(self):
ava = {"sp_name_qualifier": "loa", "format": NAMEID_FORMAT_EMAILADDRESS, "text": "free text"}
foo = saml2.make_vals(ava, Issuer, part=True)
print(foo)
assert foo.format == NAMEID_FORMAT_EMAILADDRESS
assert foo.sp_name_qualifier == "loa"
assert foo.text == "free text"
def test_make_vals_str(self):
ava = "free text"
foo = saml2.make_vals(ava, Issuer, part=True)
print(foo)
assert foo.keyswv() == ["text"]
assert foo.text == "free text"
def test_make_vals_multi_dict(self):
ava = ["foo", "bar", "lions", "saints"]
with raises(Exception):
saml2.make_vals(ava, AttributeValue, Attribute(), part=True)
attr = Attribute()
saml2.make_vals(ava, AttributeValue, attr, prop="attribute_value")
assert sorted(attr.keyswv()) == sorted(["name_format", "attribute_value"])
assert len(attr.attribute_value) == 4
def test_to_string_nspair(self):
foo = saml2.make_vals("lions", AttributeValue, part=True)
txt = foo.to_string().decode("utf-8")
nsstr = foo.to_string({"saml": saml.NAMESPACE}).decode("utf-8")
assert nsstr != txt
print(txt)
print(nsstr)
assert "saml:AttributeValue" in nsstr
assert "saml:AttributeValue" not in txt
def test_set_text_empty(self):
av = AttributeValue()
av.set_text(None)
assert av.get_type() == ""
assert av.text == ""
def test_set_text_value(self):
value = 123
av = AttributeValue(value)
assert av.get_type() == "xs:integer"
assert av.text == str(value)
def test_set_text_update_same_type(self):
av = AttributeValue()
av.set_text(True)
assert av.get_type() == "xs:boolean"
assert av.text == "true"
av.set_text(False)
assert av.get_type() == "xs:boolean"
assert av.text == "false"
def test_set_text_cannot_change_value_type(self):
av = AttributeValue()
av.set_text(True)
assert av.get_type() == "xs:boolean"
assert av.text == "true"
with raises(ValueError):
av.set_text(123)
assert av.get_type() == "xs:boolean"
assert av.text == "true"
def test_set_xs_type_anytype_unchanged_value(self):
av = AttributeValue()
av.set_type("xs:anyType")
for value in [
[1, 2, 3],
{"key": "value"},
True,
123,
]:
av.set_text(value)
# the value is unchanged
assert av.text == value
def test_set_xs_type_date(self):
_type_name = "xs:date"
_value = "2022-06-07"
av = AttributeValue()
av.set_type(_type_name)
av.set_text(_value)
assert av.get_type() == _type_name
assert av.text == _value
assert type(av.text) is str
def test_treat_invalid_types_as_string(self):
_type_name = "invalid-type"
_value = "foobar"
av = AttributeValue()
av.set_type(_type_name)
av.set_text(_value)
assert av.get_type() == _type_name
assert av.text == _value
assert type(av.text) is str
def test_make_vals_div(self):
foo = saml2.make_vals(666, AttributeValue, part=True)
assert foo.text == "666"
foo = saml2.make_vals(True, AttributeValue, part=True)
assert foo.text == "true"
foo = saml2.make_vals(False, AttributeValue, part=True)
assert foo.text == "false"
class TestNameID:
def setup_class(self):
self.name_id = saml.NameID()
def testEmptyExtensionsList(self):
"""Test if NameID has empty extensions list"""
assert isinstance(self.name_id.extension_elements, list)
assert len(self.name_id.extension_elements) == 0
def testFormatAttribute(self):
"""Test for Format attribute accessors"""
self.name_id.format = saml.NAMEID_FORMAT_EMAILADDRESS
assert self.name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
assert len(self.name_id.extension_elements) == 0
new_name_id = saml.name_id_from_string(self.name_id.to_string())
assert len(new_name_id.extension_elements) == 0
self.name_id.extension_elements.append(saml2.ExtensionElement("foo", text="bar"))
assert len(self.name_id.extension_elements) == 1
assert self.name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
def testNameIDText(self):
"""Test text value of NameID element"""
self.name_id.text = "tmatsuo@example.com"
assert self.name_id.text == "tmatsuo@example.com"
def testSPProvidedID(self):
"""Test for SPProvidedID attribute accessors"""
self.name_id.sp_provided_id = "provided id"
assert self.name_id.sp_provided_id == "provided id"
def testEmptyNameIDToAndFromStringMatch(self):
"""Test name_id_from_string() with empty NameID"""
string_from_name_id = self.name_id.to_string()
new_name_id = saml.name_id_from_string(string_from_name_id)
string_from_new_name_id = new_name_id.to_string()
assert string_from_name_id == string_from_new_name_id
def testNameIDToAndFromStringMatch(self):
"""Test name_id_from_string() with data"""
self.name_id.format = saml.NAMEID_FORMAT_EMAILADDRESS
self.name_id.text = "tmatsuo@example.com"
self.name_id.name_qualifier = "name_qualifier"
self.name_id.sp_name_qualifier = "sp_name_qualifier"
string_from_name_id = self.name_id.to_string()
new_name_id = saml.name_id_from_string(string_from_name_id)
assert new_name_id.name_qualifier == "name_qualifier"
assert new_name_id.sp_name_qualifier == "sp_name_qualifier"
string_from_new_name_id = new_name_id.to_string()
assert string_from_name_id == string_from_new_name_id
def testExtensionAttributes(self):
"""Test extension attributes"""
self.name_id.extension_attributes["hoge"] = "fuga"
self.name_id.extension_attributes["moge"] = "muga"
assert self.name_id.extension_attributes["hoge"] == "fuga"
assert self.name_id.extension_attributes["moge"] == "muga"
new_name_id = saml.name_id_from_string(self.name_id.to_string())
assert new_name_id.extension_attributes["hoge"] == "fuga"
assert new_name_id.extension_attributes["moge"] == "muga"
def testname_id_from_string(self):
"""Test name_id_from_string() using test data"""
name_id = saml.name_id_from_string(saml2_data.TEST_NAME_ID)
assert name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
assert name_id.text.strip() == "tmatsuo@example.com"
assert name_id.sp_provided_id == "sp provided id"
class TestIssuer:
def setup_class(self):
self.issuer = saml.Issuer()
def testIssuerToAndFromString(self):
"""Test issuer_from_string()"""
self.issuer.text = "http://www.example.com/test"
self.issuer.name_qualifier = "name_qualifier"
self.issuer.sp_name_qualifier = "sp_name_qualifier"
new_issuer = saml.issuer_from_string(self.issuer.to_string())
assert self.issuer.text == new_issuer.text
assert self.issuer.name_qualifier == new_issuer.name_qualifier
assert self.issuer.sp_name_qualifier == new_issuer.sp_name_qualifier
assert self.issuer.extension_elements == new_issuer.extension_elements
def testUsingTestData(self):
"""Test issuer_from_string() using test data"""
issuer = saml.issuer_from_string(saml2_data.TEST_ISSUER)
assert issuer.text.strip() == "http://www.example.com/test"
new_issuer = saml.issuer_from_string(issuer.to_string())
assert issuer.text == new_issuer.text
assert issuer.extension_elements == new_issuer.extension_elements
class TestSubjectLocality:
def setup_class(self):
self.subject_locality = saml.SubjectLocality()
def testAccessors(self):
"""Test for SubjectLocality accessors"""
self.subject_locality.address = "127.0.0.1"
self.subject_locality.dns_name = "localhost"
assert self.subject_locality.address == "127.0.0.1"
assert self.subject_locality.dns_name == "localhost"
new_subject_locality = saml.subject_locality_from_string(self.subject_locality.to_string())
assert new_subject_locality.address == "127.0.0.1"
assert new_subject_locality.dns_name == "localhost"
def testUsingTestData(self):
"""Test SubjectLocalityFromString() using test data"""
subject_locality = saml.subject_locality_from_string(saml2_data.TEST_SUBJECT_LOCALITY)
assert subject_locality.address == "127.0.0.1"
assert subject_locality.dns_name == "localhost"
new_subject_locality = saml.subject_locality_from_string(subject_locality.to_string())
assert new_subject_locality.address == "127.0.0.1"
assert new_subject_locality.dns_name == "localhost"
assert subject_locality.to_string() == new_subject_locality.to_string()
class TestAuthnContextClassRef:
def setup_class(self):
self.authn_context_class_ref = saml.AuthnContextClassRef()
self.text = "http://www.example.com/authnContextClassRef"
def testAccessors(self):
"""Test for AuthnContextClassRef accessors"""
self.authn_context_class_ref.text = self.text
assert self.authn_context_class_ref.text == self.text
new_authn_context_class_ref = saml.authn_context_class_ref_from_string(self.authn_context_class_ref.to_string())
assert new_authn_context_class_ref.text == self.text
assert self.authn_context_class_ref.to_string() == new_authn_context_class_ref.to_string()
def testUsingTestData(self):
"""Test authn_context_class_ref_from_string() using test data"""
authn_context_class_ref = saml.authn_context_class_ref_from_string(saml2_data.TEST_AUTHN_CONTEXT_CLASS_REF)
assert authn_context_class_ref.text.strip() == self.text
class TestAuthnContextDeclRef:
def setup_class(self):
self.authn_context_decl_ref = saml.AuthnContextDeclRef()
self.ref = "http://www.example.com/authnContextDeclRef"
def testAccessors(self):
"""Test for AuthnContextDeclRef accessors"""
self.authn_context_decl_ref.text = self.ref
assert self.authn_context_decl_ref.text == self.ref
new_authn_context_decl_ref = saml.authn_context_decl_ref_from_string(self.authn_context_decl_ref.to_string())
assert new_authn_context_decl_ref.text == self.ref
assert self.authn_context_decl_ref.to_string() == new_authn_context_decl_ref.to_string()
def testUsingTestData(self):
"""Test authn_context_decl_ref_from_string() using test data"""
authn_context_decl_ref = saml.authn_context_decl_ref_from_string(saml2_data.TEST_AUTHN_CONTEXT_DECL_REF)
assert authn_context_decl_ref.text.strip() == self.ref
class TestAuthnContextDecl:
def setup_class(self):
self.authn_context_decl = saml.AuthnContextDecl()
self.text = "http://www.example.com/authnContextDecl"
def testAccessors(self):
"""Test for AuthnContextDecl accessors"""
self.authn_context_decl.text = self.text
assert self.authn_context_decl.text == self.text
new_authn_context_decl = saml.authn_context_decl_from_string(self.authn_context_decl.to_string())
assert new_authn_context_decl.text == self.text
assert self.authn_context_decl.to_string() == new_authn_context_decl.to_string()
def testUsingTestData(self):
"""Test authn_context_decl_from_string() using test data"""
authn_context_decl = saml.authn_context_decl_from_string(saml2_data.TEST_AUTHN_CONTEXT_DECL)
assert authn_context_decl.text.strip() == self.text
class TestAuthenticatingAuthority:
def setup_class(self):
self.authenticating_authority = saml.AuthenticatingAuthority()
self.text = "http://www.example.com/authenticatingAuthority"
def testAccessors(self):
"""Test for AuthenticatingAuthority accessors"""
self.authenticating_authority.text = self.text
assert self.authenticating_authority.text == self.text
new_authenticating_authority = saml.authenticating_authority_from_string(
self.authenticating_authority.to_string()
)
assert new_authenticating_authority.text == self.text
assert self.authenticating_authority.to_string() == new_authenticating_authority.to_string()
def testUsingTestData(self):
"""Test authenticating_authority_from_string() using test data"""
authenticating_authority = saml.authenticating_authority_from_string(saml2_data.TEST_AUTHENTICATING_AUTHORITY)
assert authenticating_authority.text.strip() == self.text
class TestAuthnContext:
def setup_class(self):
self.authn_context = saml.AuthnContext()
def testAccessors(self):
"""Test for AuthnContext accessors"""
self.authn_context.authn_context_class_ref = saml.authn_context_class_ref_from_string(
saml2_data.TEST_AUTHN_CONTEXT_CLASS_REF
)
self.authn_context.authn_context_decl_ref = saml.authn_context_decl_ref_from_string(
saml2_data.TEST_AUTHN_CONTEXT_DECL_REF
)
self.authn_context.authn_context_decl = saml.authn_context_decl_from_string(saml2_data.TEST_AUTHN_CONTEXT_DECL)
self.authn_context.authenticating_authority.append(
saml.authenticating_authority_from_string(saml2_data.TEST_AUTHENTICATING_AUTHORITY)
)
assert self.authn_context.authn_context_class_ref.text.strip() == "http://www.example.com/authnContextClassRef"
assert self.authn_context.authn_context_decl_ref.text.strip() == "http://www.example.com/authnContextDeclRef"
assert self.authn_context.authn_context_decl.text.strip() == "http://www.example.com/authnContextDecl"
assert (
self.authn_context.authenticating_authority[0].text.strip()
== "http://www.example.com/authenticatingAuthority"
)
new_authn_context = saml.authn_context_from_string(self.authn_context.to_string())
assert self.authn_context.to_string() == new_authn_context.to_string()
def testUsingTestData(self):
"""Test authn_context_from_string() using test data"""
authn_context = saml.authn_context_from_string(saml2_data.TEST_AUTHN_CONTEXT)
assert authn_context.authn_context_class_ref.text.strip() == saml.AUTHN_PASSWORD
class TestAuthnStatement:
def setup_class(self):
self.authn_statem = saml.AuthnStatement()
def testAccessors(self):
"""Test for AuthnStatement accessors"""
self.authn_statem.authn_instant = "2007-08-31T01:05:02Z"
self.authn_statem.session_not_on_or_after = "2007-09-14T01:05:02Z"
self.authn_statem.session_index = "sessionindex"
self.authn_statem.authn_context = saml.AuthnContext()
self.authn_statem.authn_context.authn_context_class_ref = saml.authn_context_class_ref_from_string(
saml2_data.TEST_AUTHN_CONTEXT_CLASS_REF
)
self.authn_statem.authn_context.authn_context_decl_ref = saml.authn_context_decl_ref_from_string(
saml2_data.TEST_AUTHN_CONTEXT_DECL_REF
)
self.authn_statem.authn_context.authn_context_decl = saml.authn_context_decl_from_string(
saml2_data.TEST_AUTHN_CONTEXT_DECL
)
self.authn_statem.authn_context.authenticating_authority.append(
saml.authenticating_authority_from_string(saml2_data.TEST_AUTHENTICATING_AUTHORITY)
)
new_as = saml.authn_statement_from_string(self.authn_statem.to_string())
assert new_as.authn_instant == "2007-08-31T01:05:02Z"
assert new_as.session_index == "sessionindex"
assert new_as.session_not_on_or_after == "2007-09-14T01:05:02Z"
assert (
new_as.authn_context.authn_context_class_ref.text.strip() == "http://www.example.com/authnContextClassRef"
)
assert new_as.authn_context.authn_context_decl_ref.text.strip() == "http://www.example.com/authnContextDeclRef"
assert new_as.authn_context.authn_context_decl.text.strip() == "http://www.example.com/authnContextDecl"
assert (
new_as.authn_context.authenticating_authority[0].text.strip()
== "http://www.example.com/authenticatingAuthority"
)
assert self.authn_statem.to_string() == new_as.to_string()
def testUsingTestData(self):
"""Test authn_statement_from_string() using test data"""
authn_statem = saml.authn_statement_from_string(saml2_data.TEST_AUTHN_STATEMENT)
assert authn_statem.authn_instant == "2007-08-31T01:05:02Z"
assert authn_statem.session_not_on_or_after == "2007-09-14T01:05:02Z"
assert authn_statem.authn_context.authn_context_class_ref.text.strip() == saml.AUTHN_PASSWORD
class TestAttributeValue:
def setup_class(self):
self.attribute_value = saml.AttributeValue()
self.text = "value for test attribute"
def testAccessors(self):
"""Test for AttributeValue accessors"""
self.attribute_value.text = self.text
new_attribute_value = saml.attribute_value_from_string(self.attribute_value.to_string())
assert new_attribute_value.text.strip() == self.text
def testUsingTestData(self):
"""Test attribute_value_from_string() using test data"""
attribute_value = saml.attribute_value_from_string(saml2_data.TEST_ATTRIBUTE_VALUE)
assert attribute_value.text.strip() == self.text
BASIC_STR_AV = """
By-Tor
"""
BASIC_INT_AV = """
23
"""
BASIC_NOT_INT_AV = """
foo
"""
BASIC_BOOLEAN_TRUE_AV = """
true
"""
BASIC_BOOLEAN_FALSE_AV = """
false
"""
BASIC_BASE64_AV = """
VU5JTkVUVA==
"""
X500_AV = """
Steven
"""
UUID_AV = """
1
"""
class TestAttribute:
def setup_class(self):
self.attribute = saml.Attribute()
self.text = ["value of test attribute", "value1 of test attribute", "value2 of test attribute"]
def testAccessors(self):
"""Test for Attribute accessors"""
self.attribute.name = "testAttribute"
self.attribute.name_format = saml.NAME_FORMAT_URI
self.attribute.friendly_name = "test attribute"
self.attribute.attribute_value.append(saml.AttributeValue())
self.attribute.attribute_value[0].text = self.text[0]
new_attribute = saml.attribute_from_string(self.attribute.to_string())
assert new_attribute.name == "testAttribute"
assert new_attribute.name_format == saml.NAME_FORMAT_URI
assert new_attribute.friendly_name == "test attribute"
assert new_attribute.attribute_value[0].text.strip() == self.text[0]
def testUsingTestData(self):
"""Test attribute_from_string() using test data"""
attribute = saml.attribute_from_string(saml2_data.TEST_ATTRIBUTE)
assert attribute.name == "testAttribute"
assert attribute.name_format == saml.NAME_FORMAT_UNSPECIFIED
assert attribute.friendly_name == "test attribute"
assert attribute.attribute_value[0].text.strip() == self.text[1]
assert attribute.attribute_value[1].text.strip() == self.text[2]
# test again
attribute = saml.attribute_from_string(attribute.to_string())
assert attribute.name == "testAttribute"
assert attribute.name_format == saml.NAME_FORMAT_UNSPECIFIED
assert attribute.friendly_name == "test attribute"
assert attribute.attribute_value[0].text.strip() == self.text[1]
assert attribute.attribute_value[1].text.strip() == self.text[2]
def test_basic_str(self):
attribute = saml.attribute_from_string(BASIC_STR_AV)
print(attribute)
assert attribute.attribute_value[0].text.strip() == "By-Tor"
def test_basic_int(self):
attribute = saml.attribute_from_string(BASIC_INT_AV)
print(attribute)
assert attribute.attribute_value[0].text == "23"
def test_basic_base64(self):
attribute = saml.attribute_from_string(BASIC_BASE64_AV)
print(attribute)
assert attribute.attribute_value[0].text == "VU5JTkVUVA=="
assert attribute.attribute_value[0].get_type() == "xs:base64Binary"
def test_basic_boolean_true(self):
attribute = saml.attribute_from_string(BASIC_BOOLEAN_TRUE_AV)
print(attribute)
assert attribute.attribute_value[0].text.lower() == "true"
def test_basic_boolean_false(self):
attribute = saml.attribute_from_string(BASIC_BOOLEAN_FALSE_AV)
print(attribute)
assert attribute.attribute_value[0].text.lower() == "false"
class TestAttributeStatement:
def setup_class(self):
self.attr_statem = saml.AttributeStatement()
self.text = [
"value of test attribute",
"value1 of test attribute",
"value2 of test attribute",
"value1 of test attribute2",
"value2 of test attribute2",
]
def testAccessors(self):
"""Test for Attribute accessors"""
self.attr_statem.attribute.append(saml.Attribute())
self.attr_statem.attribute.append(saml.Attribute())
self.attr_statem.attribute[0].name = "testAttribute"
self.attr_statem.attribute[0].name_format = saml.NAME_FORMAT_URI
self.attr_statem.attribute[0].friendly_name = "test attribute"
self.attr_statem.attribute[0].attribute_value.append(saml.AttributeValue())
self.attr_statem.attribute[0].attribute_value[0].text = self.text[0]
self.attr_statem.attribute[1].name = "testAttribute2"
self.attr_statem.attribute[1].name_format = saml.NAME_FORMAT_UNSPECIFIED
self.attr_statem.attribute[1].friendly_name = self.text[2]
self.attr_statem.attribute[1].attribute_value.append(saml.AttributeValue())
self.attr_statem.attribute[1].attribute_value[0].text = self.text[2]
new_as = saml.attribute_statement_from_string(self.attr_statem.to_string())
assert new_as.attribute[0].name == "testAttribute"
assert new_as.attribute[0].name_format == saml.NAME_FORMAT_URI
assert new_as.attribute[0].friendly_name == "test attribute"
assert new_as.attribute[0].attribute_value[0].text.strip() == self.text[0]
assert new_as.attribute[1].name == "testAttribute2"
assert new_as.attribute[1].name_format == saml.NAME_FORMAT_UNSPECIFIED
assert new_as.attribute[1].friendly_name == "value2 of test attribute"
assert new_as.attribute[1].attribute_value[0].text.strip() == self.text[2]
def testUsingTestData(self):
"""Test attribute_statement_from_string() using test data"""
attr_statem = saml.attribute_statement_from_string(saml2_data.TEST_ATTRIBUTE_STATEMENT)
assert attr_statem.attribute[0].name == "testAttribute"
assert attr_statem.attribute[0].name_format == saml.NAME_FORMAT_UNSPECIFIED
assert attr_statem.attribute[0].friendly_name == "test attribute"
assert attr_statem.attribute[0].attribute_value[0].text.strip() == self.text[1]
assert attr_statem.attribute[0].attribute_value[1].text.strip() == self.text[2]
assert attr_statem.attribute[1].name == "http://www.example.com/testAttribute2"
assert attr_statem.attribute[1].name_format == saml.NAME_FORMAT_URI
assert attr_statem.attribute[1].friendly_name == "test attribute2"
assert attr_statem.attribute[1].attribute_value[0].text.strip() == self.text[3]
assert attr_statem.attribute[1].attribute_value[1].text.strip() == self.text[4]
# test again
attr_statem2 = saml.attribute_statement_from_string(attr_statem.to_string())
assert attr_statem2.attribute[0].name == "testAttribute"
assert attr_statem2.attribute[0].name_format == saml.NAME_FORMAT_UNSPECIFIED
assert attr_statem2.attribute[0].friendly_name == "test attribute"
assert attr_statem2.attribute[0].attribute_value[0].text.strip() == self.text[1]
assert attr_statem2.attribute[0].attribute_value[1].text.strip() == self.text[2]
assert attr_statem2.attribute[1].name == "http://www.example.com/testAttribute2"
assert attr_statem2.attribute[1].name_format == saml.NAME_FORMAT_URI
assert attr_statem2.attribute[1].friendly_name == "test attribute2"
assert attr_statem2.attribute[1].attribute_value[0].text.strip() == self.text[3]
assert attr_statem2.attribute[1].attribute_value[1].text.strip() == self.text[4]
class TestSubjectConfirmationData:
def setup_class(self):
self.scd = saml.SubjectConfirmationData()
def testAccessors(self):
"""Test for SubjectConfirmationData accessors"""
self.scd.not_before = "2007-08-31T01:05:02Z"
self.scd.not_on_or_after = "2007-09-14T01:05:02Z"
self.scd.recipient = "recipient"
self.scd.in_response_to = "responseID"
self.scd.address = "127.0.0.1"
new_scd = saml.subject_confirmation_data_from_string(self.scd.to_string())
assert new_scd.not_before == "2007-08-31T01:05:02Z"
assert new_scd.not_on_or_after == "2007-09-14T01:05:02Z"
assert new_scd.recipient == "recipient"
assert new_scd.in_response_to == "responseID"
assert new_scd.address == "127.0.0.1"
def testUsingTestData(self):
"""Test subject_confirmation_data_from_string() using test data"""
scd = saml.subject_confirmation_data_from_string(saml2_data.TEST_SUBJECT_CONFIRMATION_DATA)
assert scd.not_before == "2007-08-31T01:05:02Z"
assert scd.not_on_or_after == "2007-09-14T01:05:02Z"
assert scd.recipient == "recipient"
assert scd.in_response_to == "responseID"
assert scd.address == "127.0.0.1"
class TestSubjectConfirmation:
def setup_class(self):
self.sc = saml.SubjectConfirmation()
def testAccessors(self):
"""Test for SubjectConfirmation accessors"""
self.sc.name_id = saml.name_id_from_string(saml2_data.TEST_NAME_ID)
self.sc.method = saml.SCM_BEARER
self.sc.subject_confirmation_data = saml.subject_confirmation_data_from_string(
saml2_data.TEST_SUBJECT_CONFIRMATION_DATA
)
new_sc = saml.subject_confirmation_from_string(self.sc.to_string())
self._assertBearer(new_sc)
def testBearerUsingTestData(self):
"""Test subject_confirmation_from_string() using test data for 'bearer' SubjectConfirmation"""
sc = saml.subject_confirmation_from_string(saml2_data.TEST_SUBJECT_CONFIRMATION)
assert sc.verify()
self._assertBearer(sc)
def _assertBearer(self, sc):
"""Asserts SubjectConfirmation that has method 'bearer'"""
assert sc.name_id.sp_provided_id == "sp provided id"
assert sc.method == saml.SCM_BEARER
assert sc.subject_confirmation_data is not None
assert sc.subject_confirmation_data.not_before == "2007-08-31T01:05:02Z"
assert sc.subject_confirmation_data.not_on_or_after == "2007-09-14T01:05:02Z"
assert sc.subject_confirmation_data.recipient == "recipient"
assert sc.subject_confirmation_data.in_response_to == "responseID"
assert sc.subject_confirmation_data.address == "127.0.0.1"
key_info = sc.subject_confirmation_data.extensions_as_elements(ds.KeyInfo.c_tag, ds)
assert len(key_info) == 0
def testHolderOfKeyUsingTestData(self):
"""Test subject_confirmation_from_string() using test data for 'holder-of-key' SubjectConfirmation"""
sc = saml.subject_confirmation_from_string(saml2_data.TEST_HOLDER_OF_KEY_SUBJECT_CONFIRMATION)
assert sc.verify()
assert sc.method == saml.SCM_HOLDER_OF_KEY
assert sc.subject_confirmation_data is not None
assert sc.subject_confirmation_data.not_on_or_after == "2007-09-14T01:05:02Z"
assert sc.subject_confirmation_data.recipient == "recipient"
assert sc.subject_confirmation_data.in_response_to == "responseID"
key_info = sc.subject_confirmation_data.extensions_as_elements(ds.KeyInfo.c_tag, ds)
assert len(key_info) == 1
assert len(key_info[0].x509_data) == 1
expected_cert = (
"MIICITCCAYoCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV"
"BAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF"
"Wnp6enoxDTALBgNVBAMMBHRlc3QwIBcNMTkwNDEyMTk1MDM0WhgPMzAxODA4MTMx"
"OTUwMzRaMFgxCzAJBgNVBAYTAnp6MQswCQYDVQQIDAJ6ejENMAsGA1UEBwwEenp6"
"ejEOMAwGA1UECgwFWnp6enoxDjAMBgNVBAsMBVp6enp6MQ0wCwYDVQQDDAR0ZXN0"
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHcj80WU/XBsd9FlyQmfjPUdfm"
"edhCFDd6TEQmZNNqP/UG+VkGa+BXjRIHMfic/WxPTbGhCjv68ci0UDNomUXagFex"
"LGNpkwa7+CRVtoc/1xgq+ySE6M4nhcCutScoxNvWNn5eSQ66i3U0sTv91MgsXxqE"
"dTaiZg0BIufEc3dueQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAGUV5B+USHvaRa8k"
"gCNJSuNpo6ARlv0ekrk8bbdNRBiEUdCMyoGJFfuM9K0zybX6Vr25wai3nvaog294"
"Vx/jWjX2g5SDbjItH6VGy6C9GCGf1A07VxFRCfJn5tA9HuJjPKiE+g/BmrV5N4Ce"
"alzFxPHWYkNOzoRU8qI7OqUai1kL"
)
xcert = key_info[0].x509_data[0].x509_certificate
assert xcert.text.strip().replace("\n", "") == expected_cert
class TestSubject:
def setup_class(self):
self.subject = saml.Subject()
def testAccessors(self):
"""Test for Subject accessors"""
self.subject.name_id = saml.name_id_from_string(saml2_data.TEST_NAME_ID)
self.subject.subject_confirmation.append(
saml.subject_confirmation_from_string(saml2_data.TEST_SUBJECT_CONFIRMATION)
)
new_subject = saml.subject_from_string(self.subject.to_string())
assert new_subject.name_id.sp_provided_id == "sp provided id"
assert new_subject.name_id.text.strip() == "tmatsuo@example.com"
assert new_subject.name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
assert isinstance(new_subject.subject_confirmation[0], saml.SubjectConfirmation)
def testUsingTestData(self):
"""Test for subject_from_string() using test data."""
subject = saml.subject_from_string(saml2_data.TEST_SUBJECT)
assert subject.name_id.sp_provided_id == "sp provided id"
assert subject.name_id.text.strip() == "tmatsuo@example.com"
assert subject.name_id.format == saml.NAMEID_FORMAT_EMAILADDRESS
assert isinstance(subject.subject_confirmation[0], saml.SubjectConfirmation)
class TestCondition:
def setup_class(self):
self.condition = saml.Condition()
self.name = "{%s}type" % saml.XSI_NAMESPACE
def testAccessors(self):
"""Test for Condition accessors."""
self.condition.extension_attributes[self.name] = "test"
self.condition.extension_attributes["ExtendedAttribute"] = "value"
new_condition = saml.condition_from_string(self.condition.to_string())
assert new_condition.extension_attributes[self.name] == "test"
assert new_condition.extension_attributes["ExtendedAttribute"] == "value"
def testUsingTestData(self):
"""Test for condition_from_string() using test data."""
condition = saml.condition_from_string(saml2_data.TEST_CONDITION)
assert condition.extension_attributes[self.name] == "test"
assert condition.extension_attributes["ExtendedAttribute"] == "value"
class TestAudience:
def setup_class(self):
self.audience = saml.Audience()
def testAccessors(self):
"""Test for Audience accessors"""
self.audience.text = "http://www.example.com/Audience"
new_audience = saml.audience_from_string(self.audience.to_string())
assert new_audience.text.strip() == "http://www.example.com/Audience"
def testUsingTestData(self):
"""Test audience_from_string using test data"""
audience = saml.audience_from_string(saml2_data.TEST_AUDIENCE)
assert audience.text.strip() == "http://www.example.com/Audience"
class TestAudienceRestriction:
def setup_class(self):
self.audience_restriction = saml.AudienceRestriction()
def testAccessors(self):
"""Test for AudienceRestriction accessors"""
self.audience_restriction.audience = saml.audience_from_string(saml2_data.TEST_AUDIENCE)
new_audience = saml.audience_restriction_from_string(self.audience_restriction.to_string())
assert self.audience_restriction.audience.text.strip() == "http://www.example.com/Audience"
def testUsingTestData(self):
"""Test audience_restriction_from_string using test data"""
audience_restriction = saml.audience_restriction_from_string(saml2_data.TEST_AUDIENCE_RESTRICTION)
assert audience_restriction.audience[0].text.strip() == "http://www.example.com/Audience"
class TestOneTimeUse:
def setup_class(self):
self.one_time_use = saml.OneTimeUse()
def testAccessors(self):
"""Test for OneTimeUse accessors"""
assert isinstance(self.one_time_use, saml.OneTimeUse)
assert isinstance(self.one_time_use, saml.ConditionAbstractType_)
def testUsingTestData(self):
"""Test one_time_use_from_string() using test data"""
one_time_use = saml.one_time_use_from_string(saml2_data.TEST_ONE_TIME_USE)
assert isinstance(one_time_use, saml.OneTimeUse)
assert isinstance(one_time_use, saml.ConditionAbstractType_)
class TestProxyRestriction:
def setup_class(self):
self.proxy_restriction = saml.ProxyRestriction()
def testAccessors(self):
"""Test for ProxyRestriction accessors"""
assert isinstance(self.proxy_restriction, saml.ConditionAbstractType_)
self.proxy_restriction.count = "2"
self.proxy_restriction.audience.append(saml.audience_from_string(saml2_data.TEST_AUDIENCE))
new_proxy_restriction = saml.proxy_restriction_from_string(self.proxy_restriction.to_string())
assert new_proxy_restriction.count == "2"
assert new_proxy_restriction.audience[0].text.strip() == "http://www.example.com/Audience"
def testUsingTestData(self):
"""Test proxy_restriction_from_string() using test data"""
proxy_restriction = saml.proxy_restriction_from_string(saml2_data.TEST_PROXY_RESTRICTION)
assert proxy_restriction.count == "2"
assert proxy_restriction.audience[0].text.strip() == "http://www.example.com/Audience"
class TestConditions:
def setup_class(self):
self.conditions = saml.Conditions()
def testAccessors(self):
"""Test for Conditions accessors"""
self.conditions.not_before = "2007-08-31T01:05:02Z"
self.conditions.not_on_or_after = "2007-09-14T01:05:02Z"
self.conditions.condition.append(saml.Condition())
self.conditions.audience_restriction.append(saml.AudienceRestriction())
self.conditions.one_time_use.append(saml.OneTimeUse())
self.conditions.proxy_restriction.append(saml.ProxyRestriction())
new_conditions = saml.conditions_from_string(self.conditions.to_string())
assert new_conditions.not_before == "2007-08-31T01:05:02Z"
assert new_conditions.not_on_or_after == "2007-09-14T01:05:02Z"
assert isinstance(new_conditions.condition[0], saml.Condition)
assert isinstance(new_conditions.audience_restriction[0], saml.AudienceRestriction)
assert isinstance(new_conditions.one_time_use[0], saml.OneTimeUse)
assert isinstance(new_conditions.proxy_restriction[0], saml.ProxyRestriction)
def testUsingTestData(self):
"""Test conditions_from_string() using test data"""
new_conditions = saml.conditions_from_string(saml2_data.TEST_CONDITIONS)
assert new_conditions.not_before == "2007-08-31T01:05:02Z"
assert new_conditions.not_on_or_after == "2007-09-14T01:05:02Z"
assert isinstance(new_conditions.condition[0], saml.Condition)
assert isinstance(new_conditions.audience_restriction[0], saml.AudienceRestriction)
assert isinstance(new_conditions.one_time_use[0], saml.OneTimeUse)
assert isinstance(new_conditions.proxy_restriction[0], saml.ProxyRestriction)
class TestAssertionIDRef:
def setup_class(self):
self.assertion_id_ref = saml.AssertionIDRef()
def testAccessors(self):
"""Test for AssertionIDRef accessors"""
self.assertion_id_ref.text = "zzlieajngjbkjggjldmgindkckkolcblndbghlhm"
new_assertion_id_ref = saml.assertion_id_ref_from_string(self.assertion_id_ref.to_string())
assert new_assertion_id_ref.text == "zzlieajngjbkjggjldmgindkckkolcblndbghlhm"
def testUsingTestData(self):
"""Test assertion_id_ref_from_string() using test data"""
new_assertion_id_ref = saml.assertion_id_ref_from_string(saml2_data.TEST_ASSERTION_ID_REF)
assert new_assertion_id_ref.text.strip() == "zzlieajngjbkjggjldmgindkckkolcblndbghlhm"
class TestAssertionURIRef:
def setup_class(self):
self.assertion_uri_ref = saml.AssertionURIRef()
def testAccessors(self):
"""Test for AssertionURIRef accessors"""
self.assertion_uri_ref.text = "http://www.example.com/AssertionURIRef"
new_assertion_uri_ref = saml.assertion_uri_ref_from_string(self.assertion_uri_ref.to_string())
assert new_assertion_uri_ref.text == "http://www.example.com/AssertionURIRef"
def testUsingTestData(self):
"""Test assertion_uri_ref_from_string() using test data"""
new_assertion_uri_ref = saml.assertion_uri_ref_from_string(saml2_data.TEST_ASSERTION_URI_REF)
assert new_assertion_uri_ref.text.strip() == "http://www.example.com/AssertionURIRef"
class TestAction:
def setup_class(self):
self.action = saml.Action()
def testAccessors(self):
"""Test for Action accessors"""
self.action.namespace = "http://www.example.com/Namespace"
new_action = saml.action_from_string(self.action.to_string())
assert new_action.namespace == "http://www.example.com/Namespace"
def testUsingTestData(self):
"""Test action_from_string() using test data"""
new_action = saml.action_from_string(saml2_data.TEST_ACTION)
assert new_action.namespace == "http://www.example.com/Namespace"
class TestEvidence:
def setup_class(self):
self.evidence = saml.Evidence()
def testAccessors(self):
"""Test for Evidence accessors"""
self.evidence.assertion_id_ref.append(saml.AssertionIDRef())
self.evidence.assertion_uri_ref.append(saml.AssertionURIRef())
self.evidence.assertion.append(saml.Assertion())
self.evidence.encrypted_assertion.append(saml.EncryptedAssertion())
new_evidence = saml.evidence_from_string(self.evidence.to_string())
print(new_evidence)
assert self.evidence.to_string() == new_evidence.to_string()
assert isinstance(new_evidence.assertion_id_ref[0], saml.AssertionIDRef)
assert isinstance(new_evidence.assertion_uri_ref[0], saml.AssertionURIRef)
assert len(new_evidence.assertion) == 1
assert isinstance(new_evidence.assertion[0], saml.Assertion)
assert len(new_evidence.encrypted_assertion) == 1
assert isinstance(new_evidence.encrypted_assertion[0], saml.EncryptedAssertion)
def testUsingTestData(self):
"""Test evidence_from_string() using test data"""
# TODO:
class TestAuthzDecisionStatement:
def setup_class(self):
self.authz_decision_statement = saml.AuthzDecisionStatement()
def testAccessors(self):
"""Test for AuthzDecisionStatement accessors"""
self.authz_decision_statement.resource = "http://www.example.com/Resource"
self.authz_decision_statement.decision = saml.DECISION_TYPE_PERMIT
self.authz_decision_statement.action.append(saml.Action())
self.authz_decision_statement.evidence = saml.Evidence()
new_authz_decision_statement = saml.authz_decision_statement_from_string(
self.authz_decision_statement.to_string()
)
assert self.authz_decision_statement.to_string() == new_authz_decision_statement.to_string()
assert new_authz_decision_statement.resource == "http://www.example.com/Resource"
assert new_authz_decision_statement.decision == saml.DECISION_TYPE_PERMIT
assert isinstance(new_authz_decision_statement.action[0], saml.Action)
assert isinstance(new_authz_decision_statement.evidence, saml.Evidence)
def testUsingTestData(self):
"""Test authz_decision_statement_from_string() using test data"""
# TODO:
class TestAdvice:
def setup_class(self):
self.advice = saml.Advice()
def testAccessors(self):
"""Test for Advice accessors"""
self.advice.assertion_id_ref.append(saml.AssertionIDRef())
self.advice.assertion_uri_ref.append(saml.AssertionURIRef())
self.advice.assertion.append(saml.Assertion())
self.advice.encrypted_assertion.append(saml.EncryptedAssertion())
new_advice = saml.advice_from_string(self.advice.to_string())
assert self.advice.to_string() == new_advice.to_string()
assert isinstance(new_advice.assertion_id_ref[0], saml.AssertionIDRef)
assert isinstance(new_advice.assertion_uri_ref[0], saml.AssertionURIRef)
assert isinstance(new_advice.assertion[0], saml.Assertion)
assert isinstance(new_advice.encrypted_assertion[0], saml.EncryptedAssertion)
def testUsingTestData(self):
"""Test advice_from_string() using test data"""
# TODO:
class TestAssertion:
def setup_class(self):
self.assertion = saml.Assertion()
def testAccessors(self):
"""Test for Assertion accessors"""
self.assertion.id = "assertion id"
self.assertion.version = saml2.VERSION
self.assertion.issue_instant = "2007-08-31T01:05:02Z"
self.assertion.issuer = saml.issuer_from_string(saml2_data.TEST_ISSUER)
self.assertion.signature = ds.signature_from_string(ds_data.TEST_SIGNATURE)
self.assertion.subject = saml.subject_from_string(saml2_data.TEST_SUBJECT)
self.assertion.conditions = saml.conditions_from_string(saml2_data.TEST_CONDITIONS)
self.assertion.advice = saml.Advice()
self.assertion.statement.append(saml.Statement())
self.assertion.authn_statement.append(saml.authn_statement_from_string(saml2_data.TEST_AUTHN_STATEMENT))
self.assertion.authz_decision_statement.append(saml.AuthzDecisionStatement())
self.assertion.attribute_statement.append(
saml.attribute_statement_from_string(saml2_data.TEST_ATTRIBUTE_STATEMENT)
)
new_assertion = saml.assertion_from_string(self.assertion.to_string())
assert new_assertion.id == "assertion id"
assert new_assertion.version == saml2.VERSION
assert new_assertion.issue_instant == "2007-08-31T01:05:02Z"
assert isinstance(new_assertion.issuer, saml.Issuer)
assert isinstance(new_assertion.signature, ds.Signature)
assert isinstance(new_assertion.subject, saml.Subject)
assert isinstance(new_assertion.conditions, saml.Conditions)
assert isinstance(new_assertion.advice, saml.Advice)
assert isinstance(new_assertion.statement[0], saml.Statement)
assert isinstance(new_assertion.authn_statement[0], saml.AuthnStatement)
assert isinstance(new_assertion.authz_decision_statement[0], saml.AuthzDecisionStatement)
assert isinstance(new_assertion.attribute_statement[0], saml.AttributeStatement)
def testUsingTestData(self):
"""Test assertion_from_string() using test data"""
# TODO
if __name__ == "__main__":
t = TestSAMLBase()
t.test_make_vals_multi_dict()