Script to update the metadata that is used in some tests.

Added tests on new functionality.

Author: Roland Hedberg

tests/InCommon-metadata.xml

@@ -0,0 +1,2 @@
+curl -G -O http://md.incommon.org/InCommon/InCommon-metadata.xml
+curl -G -O http://metadata.aai.switch.ch/metadata.aaitest.xml

tests/get_metadata.sh

@@ -774,5 +774,27 @@ def test_assertion_with_zero_attributes():
     assert msg.attribute_statement == []
 
 
+def test_assertion_with_authn_instant():
+    ava = {}
+    ast = Assertion(ava)
+    policy = Policy({
+        "default": {
+            "lifetime": {"minutes": 240},
+            "attribute_restrictions": None,  # means all I have
+            "name_form": NAME_FORMAT_URI
+        },
+    })
+    name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
+    issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
+    msg = ast.construct("sp_entity_id", "in_response_to", "consumer_url",
+                        name_id, [AttributeConverterNOOP(NAME_FORMAT_URI)],
+                        policy, issuer=issuer, authn_decl=ACD,
+                        authn_auth="authn_authn",
+                        authn_instant=1234567890)
+
+    print msg
+    assert msg.authn_statement[0].authn_instant == "2009-02-13T23:31:30Z"
+
+
 if __name__ == "__main__":
-    test_assertion_with_zero_attributes()
+    test_assertion_with_authn_instant()

tests/metadata.aaitest.xml

@@ -126,10 +126,10 @@ def test_incommon_1():
     mds.imp(METADATACONF["2"])
 
     print mds.entities()
-    assert mds.entities() == 1727
+    assert mds.entities() > 1700
     idps = mds.with_descriptor("idpsso")
     print idps.keys()
-    assert len(idps) == 318  # ~ 18%
+    assert len(idps) > 300  # ~ 18%
     try:
         _ = mds.single_sign_on_service('urn:mace:incommon:uiuc.edu')
     except UnknownPrincipal:
@@ -191,7 +191,7 @@ def test_switch_1():
                         disable_ssl_certificate_validation=True)
 
     mds.imp(METADATACONF["5"])
-    assert len(mds.keys()) == 167
+    assert len(mds.keys()) > 160
     idps = mds.with_descriptor("idpsso")
     print idps.keys()
     idpsso = mds.single_sign_on_service(
@@ -200,7 +200,7 @@ def test_switch_1():
     print idpsso
     assert destinations(idpsso) == [
         'https://aai-demo-idp.switch.ch/idp/profile/SAML2/Redirect/SSO']
-    assert len(idps) == 31
+    assert len(idps) > 30
     aas = mds.with_descriptor("attribute_authority")
     print aas.keys()
     aad = aas['https://aai-demo-idp.switch.ch/idp/shibboleth']

tests/test_20_assertion.py

@@ -100,3 +100,8 @@ def test_only_use_keys_in_metadata(self):
         # should fail
         raises(MissingKey,
                'sc.correctly_signed_response("%s" % self._sign_resp_)')
+
+if __name__ == "__main__":
+    t = TestResponse()
+    t.setup_class()
+    t.test_1()

tests/test_30_mdstore.py

@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 import base64
 from urlparse import parse_qs
+from saml2.assertion import Policy
 from saml2.authn_context import INTERNETPROTOCOLPASSWORD
 from saml2.saml import NameID, NAMEID_FORMAT_TRANSIENT
 from saml2.samlp import response_from_string
@@ -241,22 +242,46 @@ def test_sso_response_with_identity(self):
     def test_sso_response_without_identity(self):
         resp = self.server.create_authn_response(
             {},
-            "id12",                             # in_response_to
-            "http://localhost:8087/",           # consumer_url
+            "id12",                                 # in_response_to
+            "http://localhost:8087/",               # consumer_url
             "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
             userid="USER1",
-            authn=AUTHN
+            authn=AUTHN,
+            release_policy=Policy(),
+            best_effort=True
         )
 
         print resp.keyswv()
         assert _eq(resp.keyswv(), ['status', 'destination', 'in_response_to',
-                                   'issue_instant', 'version', 'id', 'issuer'])
+                                   'issue_instant', 'version', 'id', 'issuer',
+                                   'assertion'])
         assert resp.destination == "http://localhost:8087/"
         assert resp.in_response_to == "id12"
         assert resp.status
         assert resp.status.status_code.value == samlp.STATUS_SUCCESS
         assert resp.issuer.text == "urn:mace:example.com:saml:roland:idp"
-        assert not resp.assertion 
+        assert not resp.assertion.attribute_statement
+
+    def test_sso_response_specific_instant(self):
+        _authn = AUTHN.copy()
+        _authn["authn_instant"] = 1234567890
+
+        resp = self.server.create_authn_response(
+            {},
+            "id12",                             # in_response_to
+            "http://localhost:8087/",           # consumer_url
+            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
+            userid="USER1",
+            authn=_authn,
+            best_effort=True
+        )
+
+        print resp.keyswv()
+        assert _eq(resp.keyswv(), ['status', 'destination', 'in_response_to',
+                                   'issue_instant', 'version', 'id', 'issuer',
+                                   'assertion'])
+        authn_statement = resp.assertion.authn_statement[0]
+        assert authn_statement.authn_instant == '2009-02-13T23:31:30Z'
 
     def test_sso_failure_response(self):
         exc = s_utils.MissingValue("eduPersonAffiliation missing")
@@ -477,4 +502,4 @@ def test_1(self):
 if __name__ == "__main__":
     ts = TestServer1()
     ts.setup_class()
-    ts.test_authn_response_0()
+    ts.test_sso_response_specific_instant()