Skip to content

Commit 9d75552

Browse files
rhoerberhoerbe
committed
renamed Conversation.idp_constraints to msg_constraints (namefmt, sigalg pertaining to SAML message)
(+ adding upstream stuff - should merge there w/o issue)
1 parent 851bbad commit 9d75552

File tree

2 files changed

+37
-20
lines changed

2 files changed

+37
-20
lines changed

src/idp_test/base.py

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,18 @@
1414

1515
from saml2test import tool
1616
from saml2test import FatalError
17+
from saml2test.interaction import InteractionNeeded
18+
19+
try:
20+
from xml.etree import cElementTree as ElementTree
21+
if ElementTree.VERSION < '1.3.0':
22+
# cElementTree has no support for register_namespace
23+
# neither _namespace_map, thus we sacrify performance
24+
# for correctness
25+
from xml.etree import ElementTree
26+
except ImportError:
27+
import cElementTree as ElementTree
28+
1729

1830
__author__ = 'rohe0002'
1931

@@ -72,7 +84,7 @@ def __init__(self, client, config, interaction,
7284
self.position = ""
7385
self.response = None
7486
self.oper = None
75-
self.idp_constraints = constraints
87+
self.msg_constraints = constraints
7688

7789
def send(self):
7890
srvs = getattr(self.client.metadata, REQ2SRV[self.oper.request])(
@@ -98,12 +110,8 @@ def _send(self, srv):
98110
except KeyError:
99111
req = self.qfunc(**self.qargs)
100112

101-
self.request = self.oper.pre_processing(req, self.args)
102-
try:
103-
str_req = "%s" % self.request
104-
except TypeError:
105-
print >> sys.stderr, "self.request is of type " + type(self.request).__name__ + ", value: " + str(self.request)
106-
raise
113+
req_id, self.request = self.oper.pre_processing(req, self.args)
114+
str_req = "%s" % self.request
107115

108116
if use_artifact:
109117
saml_art = _client.use_artifact(str_req, self.args["entity_id"])
@@ -238,6 +246,8 @@ def handle_result(self):
238246
logger.info("Faulty response: %s" % _resp)
239247
logger.error("Exception %s" % ferr)
240248
raise
249+
except ElementTree.ParseError:
250+
return False
241251
except Exception, err:
242252
if _resp:
243253
logger.info("Faulty response: %s" % _resp)

src/idp_test/check.py

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -532,7 +532,7 @@ class VerifyAttributeNameFormat(Check):
532532
cid = "verify-attribute-name-format"
533533

534534
def _func(self, conv):
535-
if "name_format" not in conv.idp_constraints:
535+
if "name_format" not in conv.msg_constraints:
536536
return {}
537537

538538
# Should be a AuthnResponse or Response instance
@@ -546,15 +546,22 @@ def _func(self, conv):
546546
atrstat = assertion.attribute_statement[0]
547547
for attr in atrstat.attribute:
548548
try:
549-
assert attr.name_format == conv.idp_constraints[
549+
assert attr.name_format == conv.msg_constraints[
550550
"name_format"]
551+
logger.debug("Attribute name format valid: " +
552+
attr.name_format)
551553
except AssertionError:
552-
if NAME_FORMAT_UNSPECIFIED != conv.idp_constraints[
554+
if NAME_FORMAT_UNSPECIFIED != conv.msg_constraints[
553555
"name_format"]:
554556
self._message = \
555-
"Wrong name format: '%s'" % attr.name_format
557+
"Wrong name format: '%s', should be %s" % \
558+
(attr.name_format, \
559+
conv.msg_constraints["name_format"])
556560
self._status = CRITICAL
557561
break
562+
else:
563+
logger.debug("Accepting any attribute name format")
564+
558565
return {}
559566

560567

@@ -574,17 +581,17 @@ def _digest_algo(self, signature, allowed):
574581
return True
575582

576583
def _func(self, conv):
577-
if "digest_algorithm" not in conv.idp_constraints:
584+
if "digest_algorithm" not in conv.msg_constraints:
578585
logger.info("Not verifying digest_algorithm (not configured)")
579586
return {}
580587
else:
581588
try:
582-
assert len(conv.idp_constraints["digest_algorithm"]) > 0
589+
assert len(conv.msg_constraints["digest_algorithm"]) > 0
583590
except AssertionError:
584591
self._message = "List of allowed digest algorithm must not be empty"
585592
self._status = CRITICAL
586593
return {}
587-
_algs = conv.idp_constraints["digest_algorithm"]
594+
_algs = conv.msg_constraints["digest_algorithm"]
588595

589596
response = conv.saml_response[-1].response
590597

@@ -616,17 +623,17 @@ def _sig_algo(self, signature, allowed):
616623
return True
617624

618625
def _func(self, conv):
619-
if "signature_algorithm" not in conv.idp_constraints:
626+
if "signature_algorithm" not in conv.msg_constraints:
620627
logger.info("Not verifying signature_algorithm (not configured)")
621628
return {}
622629
else:
623630
try:
624-
assert len(conv.idp_constraints["signature_algorithm"]) > 0
631+
assert len(conv.msg_constraints["signature_algorithm"]) > 0
625632
except AssertionError:
626633
self._message = "List of allowed signature algorithm must not be empty"
627634
self._status = CRITICAL
628635
return {}
629-
_algs = conv.idp_constraints["signature_algorithm"]
636+
_algs = conv.msg_constraints["signature_algorithm"]
630637

631638
response = conv.saml_response[-1].response
632639

@@ -648,19 +655,19 @@ class VerifySignedPart(Check):
648655

649656
def _func(self, conv):
650657

651-
if "signed_part" not in conv.idp_constraints:
658+
if "signed_part" not in conv.msg_constraints:
652659
return {}
653660

654661
response = conv.saml_response[-1].response
655-
if "response" in conv.idp_constraints["signed_part"]:
662+
if "response" in conv.msg_constraints["signed_part"]:
656663
if response.signature:
657664
pass
658665
else:
659666
self._message = "Response not signed"
660667
self._status = CRITICAL
661668

662669
if self._status == OK:
663-
if "assertion" in conv.idp_constraints["signed_part"]:
670+
if "assertion" in conv.msg_constraints["signed_part"]:
664671
for assertion in response.assertion:
665672
if assertion.signature:
666673
pass

0 commit comments

Comments
 (0)