1
from saml2.authn_context import INTERNETPROTOCOLPASSWORD
2
from saml2.server import Server
3
from saml2.sigver import pre_encryption_part, ASSERT_XPATH, EncryptError
4
from saml2.sigver import CryptoBackendXmlSec1
5
from saml2.sigver import pre_encrypt_assertion
6
from pathutils import xmlsec_path
10
TMPL = """<?xml version='1.0' encoding='UTF-8'?>
11
<ns0:EncryptedData xmlns:ns0="http://www.w3.org/2001/04/xmlenc#" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns1:KeyInfo><ns0:EncryptedKey Id="EK"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><ns1:KeyInfo><ns1:KeyName>my-rsa-key</ns1:KeyName></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue /></ns0:CipherData></ns0:EncryptedKey></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue /></ns0:CipherData></ns0:EncryptedData>"""
13
IDENTITY = {"eduPersonAffiliation": ["staff", "member"],
14
"surName": ["Jeter"], "givenName": ["Derek"],
15
"mail": ["foo@gmail.com"],
16
"title": ["shortstop"]}
20
"class_ref": INTERNETPROTOCOLPASSWORD,
21
"authn_auth": "http://www.example.com/login"
26
tmpl = pre_encryption_part()
28
assert "%s" % tmpl == TMPL
31
def test_reshuffle_response():
32
server = Server("idp_conf")
33
name_id = server.ident.transient_nameid(
34
"urn:mace:example.com:saml:roland:sp", "id12")
36
resp_ = server.create_authn_response(
37
IDENTITY, "id12", "http://lingon.catalogix.se:8087/",
38
"urn:mace:example.com:saml:roland:sp", name_id=name_id)
40
resp2 = pre_encrypt_assertion(resp_)
43
assert resp2.encrypted_assertion.extension_elements
47
server = Server("idp_conf")
48
name_id = server.ident.transient_nameid(
49
"urn:mace:example.com:saml:roland:sp", "id12")
51
resp_ = server.create_authn_response(
52
IDENTITY, "id12", "http://lingon.catalogix.se:8087/",
53
"urn:mace:example.com:saml:roland:sp", name_id=name_id)
55
statement = pre_encrypt_assertion(resp_)
58
# tmpl_file = open(tmpl, "w")
59
# tmpl_file.write("%s" % pre_encryption_part())
63
# data_file = open(data, "w")
64
# data_file.write("%s" % statement)
68
com_list = [xmlsec_path, "encrypt", "--pubkey-cert-pem", "pubkey.pem",
69
"--session-key", key_type, "--xml-data", data,
70
"--node-xpath", ASSERT_XPATH]
72
crypto = CryptoBackendXmlSec1(xmlsec_path)
73
(_stdout, _stderr, output) = crypto._run_xmlsec(
74
com_list, [tmpl], exception=EncryptError, validate_output=False)
82
crypto = CryptoBackendXmlSec1(xmlsec_path)
84
server = Server("idp_conf")
85
name_id = server.ident.transient_nameid(
86
"urn:mace:example.com:saml:roland:sp", "id12")
88
resp_ = server.create_authn_response(
89
IDENTITY, "id12", "http://lingon.catalogix.se:8087/",
90
"urn:mace:example.com:saml:roland:sp", name_id=name_id)
92
enc_resp = crypto.encrypt_assertion(resp_, "pubkey.pem",
93
pre_encryption_part())
98
if __name__ == "__main__":
b'\\ No newline at end of file'