tests: add a SSO test with DSA keys to python bindings tests

3 files changed, 134 insertions, 0 deletions

diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py
index f5fd4637..0068d841 100755
--- a/bindings/python/tests/profiles_tests.py
+++ b/bindings/python/tests/profiles_tests.py
@@ -272,6 +272,34 @@ class LoginTestCase(unittest.TestCase):
         sp_login.processAuthnResponseMsg(idp_login.msgBody)
         sp_login.acceptSso()
 
+    def test07(self):
+        '''SAMLv2 SSO with DSA key for the IdP'''
+        sp = lasso.Server(
+            os.path.join(dataDir, 'sp5-saml2/metadata.xml'),
+            os.path.join(dataDir, 'sp5-saml2/private-key.pem'))
+        assert sp
+        sp.addProvider(
+            lasso.PROVIDER_ROLE_IDP,
+            os.path.join(dataDir, 'idp12-dsa-saml2/metadata.xml'))
+        sp_login = lasso.Login(sp)
+        assert sp_login
+        sp_login.initAuthnRequest(None, lasso.HTTP_METHOD_REDIRECT)
+        sp_login.buildAuthnRequestMsg()
+        idp = lasso.Server(
+            os.path.join(dataDir, 'idp12-dsa-saml2/metadata.xml'),
+            os.path.join(dataDir, 'idp12-dsa-saml2/private-key.pem'))
+        idp.signatureMethod = lasso.SIGNATURE_METHOD_DSA_SHA1
+        idp.addProvider(
+            lasso.PROVIDER_ROLE_SP,
+            os.path.join(dataDir, 'sp5-saml2/metadata.xml'))
+        idp_login = lasso.Login(idp)
+        print sp_login.msgUrl
+        idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
+        idp_login.protocolProfile = lasso.LOGIN_PROTOCOL_PROFILE_BRWS_POST;
+        idp_login.validateRequestMsg(True, True)
+        idp_login.buildAssertion("None", "None", "None", "None", "None")
+        idp_login.buildAuthnResponseMsg()
+
 class LogoutTestCase(unittest.TestCase):
     def test01(self):
         """SP logout without session and identity; testing initRequest."""
diff --git a/tests/data/idp12-dsa-saml2/metadata.xml b/tests/data/idp12-dsa-saml2/metadata.xml
new file mode 100644
index 00000000..b709c8eb
--- /dev/null
+++ b/tests/data/idp12-dsa-saml2/metadata.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0"?>
+<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    entityID="http://idp5/metadata">
+<IDPSSODescriptor
+    WantAuthnRequestsSigned="true"
+    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+<KeyDescriptor use="signing">
+    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+      <ds:X509Data><ds:X509Certificate>
+MIIDsDCCA3CgAwIBAgIBATAJBgcqhkjOOAQDMIGFMQswCQYDVQQGEwJVUzELMAkG
+A1UECBMCQ0ExCzAJBgNVBAcTAlNKMREwDwYDVQQKEwhJcm9uUG9ydDELMAkGA1UE
+CxMCcWExHDAaBgNVBAMME0RTQTEwMjRfU0hBMV9TRVJWRVIxHjAcBgkqhkiG9w0B
+CQEWD2hiYXJ6aW5AbWFpbC5xYTAeFw0xMjA0MDQwMDI3MDBaFw0xMzA0MDQwMDI3
+MDBaMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNKMREw
+DwYDVQQKEwhJcm9uUG9ydDELMAkGA1UECxMCcWExHDAaBgNVBAMME0RTQTEwMjRf
+U0hBMV9TRVJWRVIxHjAcBgkqhkiG9w0BCQEWD2hiYXJ6aW5AbWFpbC5xYTCCAbgw
+ggEsBgcqhkjOOAQBMIIBHwKBgQCcShHE1F8mmcKpd4dSPX5SB+SrlTyBGBBhlLyx
+iW7/VhMy9wQ/CL8bTOLh8QH1cB80TzYzHxDfYRGO/lEd6RyFjTxiug3s8ca91M2R
+H3dPIC1p5b7obs0jXJNGY52+54G4UFk9eFTRmcf7pE3GuPOtTtHxHkLvuzQJWHS8
+5xAPiwIVAKMz1hUnqArzTw0TJPtpHkT5cvtJAoGBAIAj9xJRC0xeXhlzvEXFLqnJ
+XTIrBEeQiwtH7yoGJCZVRkPB28pKFszDnt61IkdU5H+zhEqgiMOo+hGHH3imePCS
+xLGNnmAx/PR7qqPJPEK+nweLMixCFgjg3FzVc/Re3PbRbW0Rx9yIZjwnSFSq0som
+QACzJqZfTe421NGJilBuA4GFAAKBgQCW2Ts1hQ/2dPM+Qcuh+iCrHhhdvSda+4D+
+k/defiMm7Bmdj56Xrgjv9j9ZEXaZBHJkx1XnXbrEXfYQkSIK77+d+MLorC/SM5Yz
+2xXatP8tnSmQE9cE4Lb9/OfNFbs+JBNKjiBi5ZrB8phiPQULdh4vkE2QAj77DB3R
+feAGMljBHqNvMG0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUopBgnBRcDnmbgd42
+wcHXpHV94WMwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDAeBglghkgB
+hvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMAkGByqGSM44BAMDLwAwLAIUNrgbrTIl
+xUCNFUTbcILsXO2J4awCFF7XlpaByAVaK3OZxd+7C6sPq6yi
+</ds:X509Certificate></ds:X509Data>
+    </ds:KeyInfo>
+  </KeyDescriptor>
+<KeyDescriptor use="encryption">
+    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+      <ds:KeyValue>
+
+MIIDsDCCA3CgAwIBAgIBATAJBgcqhkjOOAQDMIGFMQswCQYDVQQGEwJVUzELMAkG
+A1UECBMCQ0ExCzAJBgNVBAcTAlNKMREwDwYDVQQKEwhJcm9uUG9ydDELMAkGA1UE
+CxMCcWExHDAaBgNVBAMME0RTQTEwMjRfU0hBMV9TRVJWRVIxHjAcBgkqhkiG9w0B
+CQEWD2hiYXJ6aW5AbWFpbC5xYTAeFw0xMjA0MDQwMDI3MDBaFw0xMzA0MDQwMDI3
+MDBaMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNKMREw
+DwYDVQQKEwhJcm9uUG9ydDELMAkGA1UECxMCcWExHDAaBgNVBAMME0RTQTEwMjRf
+U0hBMV9TRVJWRVIxHjAcBgkqhkiG9w0BCQEWD2hiYXJ6aW5AbWFpbC5xYTCCAbgw
+ggEsBgcqhkjOOAQBMIIBHwKBgQCcShHE1F8mmcKpd4dSPX5SB+SrlTyBGBBhlLyx
+iW7/VhMy9wQ/CL8bTOLh8QH1cB80TzYzHxDfYRGO/lEd6RyFjTxiug3s8ca91M2R
+H3dPIC1p5b7obs0jXJNGY52+54G4UFk9eFTRmcf7pE3GuPOtTtHxHkLvuzQJWHS8
+5xAPiwIVAKMz1hUnqArzTw0TJPtpHkT5cvtJAoGBAIAj9xJRC0xeXhlzvEXFLqnJ
+XTIrBEeQiwtH7yoGJCZVRkPB28pKFszDnt61IkdU5H+zhEqgiMOo+hGHH3imePCS
+xLGNnmAx/PR7qqPJPEK+nweLMixCFgjg3FzVc/Re3PbRbW0Rx9yIZjwnSFSq0som
+QACzJqZfTe421NGJilBuA4GFAAKBgQCW2Ts1hQ/2dPM+Qcuh+iCrHhhdvSda+4D+
+k/defiMm7Bmdj56Xrgjv9j9ZEXaZBHJkx1XnXbrEXfYQkSIK77+d+MLorC/SM5Yz
+2xXatP8tnSmQE9cE4Lb9/OfNFbs+JBNKjiBi5ZrB8phiPQULdh4vkE2QAj77DB3R
+feAGMljBHqNvMG0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUopBgnBRcDnmbgd42
+wcHXpHV94WMwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDAeBglghkgB
+hvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMAkGByqGSM44BAMDLwAwLAIUNrgbrTIl
+xUCNFUTbcILsXO2J4awCFF7XlpaByAVaK3OZxd+7C6sPq6yi
+</ds:KeyValue>
+    </ds:KeyInfo>
+  </KeyDescriptor>
+
+  <ArtifactResolutionService isDefault="true" index="0"
+    Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+    Location="http://idp5/artifact" />
+  <SingleLogoutService
+    Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+    Location="http://idp5/singleLogoutSOAP" />
+  <SingleLogoutService
+    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+    Location="http://idp5/singleLogout"
+    ResponseLocation="http://idp5/singleLogoutReturn" />
+  <ManageNameIDService
+    Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+    Location="http://idp5/manageNameIdSOAP" />
+  <ManageNameIDService
+    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+    Location="http://idp5/manageNameId"
+    ResponseLocation="http://idp5/manageNameIdReturn" />
+  <SingleSignOnService
+    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+    Location="http://idp5/singleSignOn" />
+  <SingleSignOnService
+    Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+    Location="http://idp5/singleSignOnSOAP" />
+  <SingleSignOnService
+    Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+    Location="http://idp5/singleSignOnArtifact" />
+</IDPSSODescriptor>
+<Organization>
+   <OrganizationName xml:lang="en">Entr'ouvert</OrganizationName>
+</Organization>
+
+</EntityDescriptor>
diff --git a/tests/data/idp12-dsa-saml2/private-key.pem b/tests/data/idp12-dsa-saml2/private-key.pem
new file mode 100644
index 00000000..5e8cfdc6
--- /dev/null
+++ b/tests/data/idp12-dsa-saml2/private-key.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQCcShHE1F8mmcKpd4dSPX5SB+SrlTyBGBBhlLyxiW7/VhMy9wQ/
+CL8bTOLh8QH1cB80TzYzHxDfYRGO/lEd6RyFjTxiug3s8ca91M2RH3dPIC1p5b7o
+bs0jXJNGY52+54G4UFk9eFTRmcf7pE3GuPOtTtHxHkLvuzQJWHS85xAPiwIVAKMz
+1hUnqArzTw0TJPtpHkT5cvtJAoGBAIAj9xJRC0xeXhlzvEXFLqnJXTIrBEeQiwtH
+7yoGJCZVRkPB28pKFszDnt61IkdU5H+zhEqgiMOo+hGHH3imePCSxLGNnmAx/PR7
+qqPJPEK+nweLMixCFgjg3FzVc/Re3PbRbW0Rx9yIZjwnSFSq0somQACzJqZfTe42
+1NGJilBuAoGBAJbZOzWFD/Z08z5By6H6IKseGF29J1r7gP6T915+IybsGZ2Pnpeu
+CO/2P1kRdpkEcmTHVeddusRd9hCRIgrvv534wuisL9IzljPbFdq0/y2dKZAT1wTg
+tv38580Vuz4kE0qOIGLlmsHymGI9BQt2Hi+QTZACPvsMHdF94AYyWMEeAhRv7V+3
+CzayXAXi95cvJTWAbc7dEQ==
+-----END DSA PRIVATE KEY-----