Add tests for eIDAS support

- Adds configs and test classes for eIDAS support

Author: ioparaskev

tests/eidas/idp_conf.py

@@ -0,0 +1,68 @@
+from saml2 import BINDING_SOAP
+from saml2 import BINDING_HTTP_REDIRECT
+from saml2 import BINDING_HTTP_POST
+from saml2.saml import NAMEID_FORMAT_PERSISTENT, NAME_FORMAT_BASIC
+from saml2.saml import NAME_FORMAT_URI
+
+from pathutils import full_path
+from pathutils import xmlsec_path
+
+BASE = "http://localhost:8088"
+
+CONFIG = {
+    "entityid": "urn:mace:example.com:saml:roland:idp",
+    "name": "Rolands IdP",
+    "service": {
+        "idp": {
+            "endpoints": {
+                "single_sign_on_service": [
+                    ("%s/sso" % BASE, BINDING_HTTP_REDIRECT)],
+                "single_logout_service": [
+                    ("%s/slo" % BASE, BINDING_SOAP),
+                    ("%s/slop" % BASE, BINDING_HTTP_POST)]
+            },
+            "policy": {
+                "default": {
+                    "lifetime": {"minutes": 15},
+                    "attribute_restrictions": None,  # means all I have
+                    "name_form": NAME_FORMAT_URI,
+                },
+                "urn:mace:example.com:saml:roland:sp": {
+                    "lifetime": {"minutes": 5},
+                    "nameid_format": NAMEID_FORMAT_PERSISTENT,
+                },
+                "https://example.com/sp": {
+                    "lifetime": {"minutes": 5},
+                    "nameid_format": NAMEID_FORMAT_PERSISTENT,
+                    "name_form": NAME_FORMAT_BASIC
+                }
+            },
+            "subject_data": full_path("subject_data.db"),
+            "node_country": "GR"
+        },
+    },
+    "debug": 1,
+    "key_file": full_path("test.key"),
+    "cert_file": full_path("test.pem"),
+    "xmlsec_binary": xmlsec_path,
+    "metadata": [{
+        "class": "saml2.mdstore.MetaDataFile",
+        "metadata": [(full_path("metadata_sp_1.xml"), ),
+                     (full_path("metadata_sp_2.xml"), ),
+                     (full_path("vo_metadata.xml"), )],
+    }],
+    "attribute_map_dir": full_path("attributemaps"),
+    "organization": {
+        "name": "Exempel AB",
+        "display_name": [("Exempel AB", "se"), ("Example Co.", "en")],
+        "url": "http://www.example.com/roland",
+    },
+    "contact_person": [
+        {
+            "given_name": "John",
+            "sur_name": "Smith",
+            "email_address": ["[email protected]"],
+            "contact_type": "technical",
+        },
+    ],
+}

tests/eidas/sp_conf.py

@@ -0,0 +1,79 @@
+from pathutils import full_path
+from pathutils import xmlsec_path
+
+CONFIG = {
+    "entityid": "urn:mace:example.com:saml:roland:sp",
+    "name": "urn:mace:example.com:saml:roland:sp",
+    "description": "My own SP",
+    "service": {
+        "sp": {
+            "endpoints": {
+                "assertion_consumer_service": [
+                    "http://lingon.catalogix.se:8087/"],
+            },
+            "required_attributes": ["surName", "givenName", "mail"],
+            "optional_attributes": ["title"],
+            "idp": ["urn:mace:example.com:saml:roland:idp"],
+            "requested_attributes": [
+                {
+                    "name": "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth",
+                    "required": False,
+                },
+                {
+                    "friendly_name": "PersonIdentifier",
+                    "required": True,
+                },
+                {
+                    "friendly_name": "PlaceOfBirth",
+                },
+            ],
+            "sp_type": "public",
+            "sp_type_in_metadata": False,
+            "force_authn": True,
+            "node_country": "GR"
+        }
+    },
+    "debug": 1,
+    "key_file": full_path("test.key"),
+    "cert_file": full_path("test.pem"),
+    "encryption_keypairs": [{"key_file": full_path("test_1.key"), "cert_file": full_path("test_1.crt")},
+                            {"key_file": full_path("test_2.key"), "cert_file": full_path("test_2.crt")}],
+    "ca_certs": full_path("cacerts.txt"),
+    "xmlsec_binary": xmlsec_path,
+    "metadata": [{
+        "class": "saml2.mdstore.MetaDataFile",
+        "metadata": [(full_path("idp.xml"), ), (full_path("vo_metadata.xml"), )],
+    }],
+    "virtual_organization": {
+        "urn:mace:example.com:it:tek": {
+            "nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
+            "common_identifier": "umuselin",
+        }
+    },
+    "subject_data": "subject_data.db",
+    "accepted_time_diff": 60,
+    "attribute_map_dir": full_path("attributemaps"),
+    "valid_for": 6,
+    "organization": {
+        "name": ("AB Exempel", "se"),
+        "display_name": ("AB Exempel", "se"),
+        "url": "http://www.example.org",
+    },
+    "contact_person": [{
+        "given_name": "Roland",
+        "sur_name": "Hedberg",
+        "telephone_number": "+46 70 100 0000",
+        "email_address": ["[email protected]",
+                          "[email protected]"],
+        "contact_type": "technical"
+    },
+    ],
+    "logger": {
+        "rotating": {
+            "filename": full_path("sp.log"),
+            "maxBytes": 100000,
+            "backupCount": 5,
+        },
+        "loglevel": "info",
+    }
+}

tests/eidas/test_idp.py

@@ -0,0 +1,13 @@
+from saml2 import metadata
+from saml2.config import IdPConfig
+
+
+class TestIdP:
+    def setup_class(self):
+        self.conf = IdPConfig()
+        self.conf.load_file("idp_conf")
+
+    def test_node_country_in_metadata(self):
+        entd = metadata.entity_descriptor(self.conf)
+        assert any(filter(lambda x: x.tag == "NodeCountry",
+                          entd.extensions.extension_elements))

tests/eidas/test_sp.py

@@ -0,0 +1,62 @@
+from saml2 import metadata
+from saml2 import samlp
+from saml2.client import Saml2Client
+from saml2.server import Server
+from saml2.config import SPConfig
+from eidas.sp_conf import CONFIG
+
+
+class TestSP:
+    def setup_class(self):
+        self.server = Server("idp_conf")
+
+        self.conf = SPConfig()
+        self.conf.load_file("sp_conf")
+
+        self.client = Saml2Client(self.conf)
+
+    def teardown_class(self):
+        self.server.close()
+
+    def test_authn_request_force_authn(self):
+        req_str = "{0}".format(self.client.create_authn_request(
+            "http://www.example.com/sso", message_id="id1")[-1])
+        req = samlp.authn_request_from_string(req_str)
+        assert req.force_authn == "true"
+
+    def test_sp_type_only_in_request(self):
+        entd = metadata.entity_descriptor(self.conf)
+        req_str = "{0}".format(self.client.create_authn_request(
+            "http://www.example.com/sso", message_id="id1")[-1])
+        req = samlp.authn_request_from_string(req_str)
+        sp_type_elements = filter(lambda x: x.tag == "SPType",
+                                  req.extensions.extension_elements)
+        assert any(filter(lambda x: x.text == "public", sp_type_elements))
+        assert not any(filter(lambda x: x.tag == "SPType",
+                          entd.extensions.extension_elements))
+
+    def test_sp_type_in_metadata(self):
+        CONFIG["service"]["sp"]["sp_type_in_metadata"] = True
+        sconf = SPConfig()
+        sconf.load(CONFIG)
+        custom_client = Saml2Client(sconf)
+
+        req_str = "{0}".format(custom_client.create_authn_request(
+            "http://www.example.com/sso", message_id="id1")[-1])
+        req = samlp.authn_request_from_string(req_str)
+        sp_type_elements = filter(lambda x: x.tag == "SPType",
+                                  req.extensions.extension_elements)
+        assert not any(filter(lambda x: x.text == "public", sp_type_elements))
+
+        entd = metadata.entity_descriptor(sconf)
+        assert any(filter(lambda x: x.tag == "SPType",
+                          entd.extensions.extension_elements))
+
+    def test_node_country_in_metadata(self):
+        entd = metadata.entity_descriptor(self.conf)
+        assert any(filter(lambda x: x.tag == "NodeCountry",
+                          entd.extensions.extension_elements))
+
+
+if __name__ == '__main__':
+    TestSP()