python/examples/test.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

#! /usr/bin/env python
# -*- coding: utf-8 -*-

import sys
sys.path.insert(0, '../')
import lasso

lasso.init()

# creation d'une AuthnRequest
req = lasso.AuthnRequest("http://providerid.com")
req.set_forceAuthn(0)
req.set_isPassive(0)
req.set_protocolProfile(lasso.libProtocolProfilePost)
req.set_requestAuthnContext(["test1", "test2"],
                            None,
                            lasso.libAuthnContextComparisonExact)
req.set_scoping(proxyCount=1)

# url encodage + signature
query = req.url_encode(1, "../../examples/rsakey.pem")
req.destroy()

# creation de la response AuthnResponse OU Response
# en fonction de la valeur de ProtocolProfile
protocolProfile = lasso.authn_request_get_protocolProfile(query)
if protocolProfile == lasso.libProtocolProfilePost:
    # partie IDP
    res = lasso.AuthnResponse.new_from_request_query(query, "http://providerid.com")
    # verification de la signature de la query
    print "Query signature check:", res.verify_signature("../../examples/rsapub.pem",
                                                         "../../examples/rsakey.pem")
    print "Must authenticate?   :", res.must_authenticate(is_authenticated=0)
    res.process_authentication_result(1)
    # dump pour envoi au SP
    dump_response = res.dump()
    res.destroy()
    
    res = lasso.AuthnResponse.new_from_dump(dump_response)
    # creation de l'assertion
    assertion = lasso.Assertion("issuer", res.get_attr_value("InResponseTo"))
    authentication_statement = lasso.AuthenticationStatement("password",
                                                             "tralala",
                                                             "dslqkjfslfj",
                                                             "http://service-provider.com",
                                                             "federated",
                                                             "wxkfjesmqfj",
                                                             "http://idp-provider.com",
                                                             "federated")
    assertion.add_authenticationStatement(authentication_statement)
    # ajout de l'assertion
    res.add_assertion(assertion, "../../examples/rsakey.pem",
                      "../../examples/rsacert.pem")

    # partie SP
    # Verification de la signature de l'assertion
    print "Assertion signature check: ", res.get_child("Assertion").verify_signature("../../examples/rootcert.pem")
    # recuperation du StatusCode
    status_code = res.get_child("StatusCode")
    # recuperation de la valeur de l'attribut "Value"
    print "Resultat de la demande d'authentification:", status_code.get_attr_value("Value")
    res.destroy()
else:
    print "La Response (par artifact) n'est pas encore implementée"

lasso.shutdown()