#! /usr/bin/env python # -*- coding: UTF-8 -*- # # $Id$ # # Python unit tests for Lasso library # # Copyright (C) 2004, 2005 Entr'ouvert # http://lasso.entrouvert.org # # Authors: See AUTHORS file. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA import os import unittest import sys if not '..' in sys.path: sys.path.insert(0, '..') if not '../.libs' in sys.path: sys.path.insert(0, '../.libs') import lasso try: dataDir except NameError: dataDir = '../../tests/data' class ServerTestCase(unittest.TestCase): def test01(self): """Server construction, dump & newFromDump.""" lassoServer = lasso.Server( os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'sp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleIdp, os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/public-key.pem'), os.path.join(dataDir, 'idp1-la/certificate.pem')) dump = lassoServer.dump() lassoServer2 = lassoServer.newFromDump(dump) dump2 = lassoServer2.dump() self.failUnlessEqual(dump, dump2) def test02(self): """Server construction without argument, dump & newFromDump.""" lassoServer = lasso.Server() lassoServer.addProvider( lasso.providerRoleIdp, os.path.join(dataDir, 'idp1-la/metadata.xml')) dump = lassoServer.dump() lassoServer2 = lassoServer.newFromDump(dump) dump2 = lassoServer2.dump() self.failUnlessEqual(dump, dump2) class LoginTestCase(unittest.TestCase): def test01(self): """SP login; testing access to authentication request.""" lassoServer = lasso.Server( os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'sp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleIdp, os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/public-key.pem'), os.path.join(dataDir, 'idp1-la/certificate.pem')) login = lasso.Login(lassoServer) login.initAuthnRequest() login.request login.request.protocolProfile = lasso.libProtocolProfileBrwsArt self.failUnlessEqual(login.request.protocolProfile, lasso.libProtocolProfileBrwsArt) def test02(self): """SP login; testing processing of an empty Response.""" lassoServer = lasso.Server( os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'sp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleIdp, os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/public-key.pem'), os.path.join(dataDir, 'idp1-la/certificate.pem')) login = lasso.Login(lassoServer) try: login.processResponseMsg('') except lasso.Error, error: if error[0] != lasso.PROFILE_ERROR_INVALID_MSG: raise class LogoutTestCase(unittest.TestCase): def test01(self): """SP logout without session and identity; testing initRequest.""" lassoServer = lasso.Server( os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'sp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleIdp, os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/public-key.pem'), os.path.join(dataDir, 'idp1-la/certificate.pem')) logout = lasso.Logout(lassoServer) try: logout.initRequest() except lasso.Error, error: if error[0] != lasso.PROFILE_ERROR_SESSION_NOT_FOUND: raise else: self.fail('logout.initRequest without having set identity before should fail') def test02(self): """IDP logout without session and identity; testing logout.getNextProviderId.""" lassoServer = lasso.Server( os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'idp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleSp, os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/public-key.pem'), os.path.join(dataDir, 'sp1-la/certificate.pem')) logout = lasso.Logout(lassoServer) self.failIf(logout.getNextProviderId()) def test03(self): """IDP logout; testing processRequestMsg with non Liberty query.""" lassoServer = lasso.Server( os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'idp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleSp, os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/public-key.pem'), os.path.join(dataDir, 'sp1-la/certificate.pem')) logout = lasso.Logout(lassoServer) # The processRequestMsg should fail but not abort. try: logout.processRequestMsg('passport=0&lasso=1') except lasso.Error, error: if error[0] != lasso.PROFILE_ERROR_INVALID_MSG: raise else: self.fail('Logout processRequestMsg should have failed.') def test04(self): """IDP logout; testing processResponseMsg with non Liberty query.""" lassoServer = lasso.Server( os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'idp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleSp, os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/public-key.pem'), os.path.join(dataDir, 'sp1-la/certificate.pem')) logout = lasso.Logout(lassoServer) # The processResponseMsg should fail but not abort. try: logout.processResponseMsg('liberty=&alliance') except lasso.Error, error: if error[0] != lasso.PROFILE_ERROR_INVALID_MSG: raise else: self.fail('Logout processResponseMsg should have failed.') def test05(self): """IDP logout; testing logout dump & newFromDump().""" lassoServer = lasso.Server( os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'idp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleSp, os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/public-key.pem'), os.path.join(dataDir, 'sp1-la/certificate.pem')) class DefederationTestCase(unittest.TestCase): def test01(self): """IDP initiated defederation; testing processNotificationMsg with non Liberty query.""" lassoServer = lasso.Server( os.path.join(dataDir, 'idp1-la/metadata.xml'), os.path.join(dataDir, 'idp1-la/private-key-raw.pem'), None, os.path.join(dataDir, 'idp1-la/certificate.pem')) lassoServer.addProvider( lasso.providerRoleSp, os.path.join(dataDir, 'sp1-la/metadata.xml'), os.path.join(dataDir, 'sp1-la/public-key.pem'), os.path.join(dataDir, 'sp1-la/certificate.pem')) defederation = lasso.Defederation(lassoServer) # The processNotificationMsg should fail but not abort. try: defederation.processNotificationMsg('nonLibertyQuery=1') except lasso.Error, error: if error[0] != lasso.PROFILE_ERROR_INVALID_MSG: raise else: self.fail('Defederation processNotificationMsg should have failed.') class IdentityTestCase(unittest.TestCase): def test01(self): """Identity newFromDump & dump.""" return # test disabled since dump format changed identityDump = """_CD739B41C602EAEA93626EBD1751CB46_11EA77A4FED32C41824AC5DE87298E65""" identity = lasso.Identity.newFromDump(identityDump) newIdentityDump = identity.dump() self.failUnlessEqual(identityDump, newIdentityDump) serverSuite = unittest.makeSuite(ServerTestCase, 'test') loginSuite = unittest.makeSuite(LoginTestCase, 'test') logoutSuite = unittest.makeSuite(LogoutTestCase, 'test') defederationSuite = unittest.makeSuite(DefederationTestCase, 'test') identitySuite = unittest.makeSuite(IdentityTestCase, 'test') allTests = unittest.TestSuite((serverSuite, loginSuite, logoutSuite, defederationSuite, identitySuite)) if __name__ == '__main__': sys.exit(not unittest.TextTestRunner(verbosity = 2).run(allTests).wasSuccessful())