python/examples/test.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

#! /usr/bin/env python
# -*- coding: utf-8 -*-

import sys
sys.path.insert(0, '../')
import lasso

lasso.init()

# creation d'une AuthnRequest
req = lasso.AuthnRequest("http://providerid.com")
req.set_forceAuthn(0)
req.set_isPassive(1)
req.set_protocolProfile(lasso.libProtocolProfilePost)
req.set_requestAuthnContext(["test1", "test2"],
                            None,
                            lasso.libAuthnContextComparisonExact)
req.set_scoping(proxyCount=1)

# url encodage de la request (+ signature)
query = req.export_to_query(1, "../../examples/rsakey.pem")
req.destroy()

# creation de la response AuthnResponse OU Response
# en fonction de la valeur de ProtocolProfile
protocolProfile = lasso.authn_request_get_protocolProfile(query)
if protocolProfile == lasso.libProtocolProfilePost:
    # partie IDP
    res = lasso.AuthnResponse.new_from_request_query(query, "http://providerid.com")
    # verification de la signature de la query
    print "Query signature check:", res.verify_signature("../../examples/rsapub.pem",
                                                         "../../examples/rsakey.pem")
    must_authenticate = res.must_authenticate(is_authenticated=0)
    print "Must authenticate?   :", must_authenticate

    if must_authenticate:
        # dump (sauvegarde avant authentification)
        dump_response = res.dump()
        res.destroy()
        
        # reconstruction de la reponse apres authentification du Principal
        res = lasso.AuthnResponse.new_from_dump(dump_response)
        res.process_authentication_result(1)

        # if NameIDPolicy omitted or none and federation KO
        #    statusCode = lib:FederationDoesNotExist
        
        # creation de l'assertion
        assertion = lasso.Assertion("issuer", res.get_attr_value("InResponseTo"))
        authentication_statement = lasso.AuthenticationStatement("password",
                                                                 "tralala",
                                                                 "dslqkjfslfj",
                                                                 "http://service-provider.com",
                                                                 "federated",
                                                                 "wxkfjesmqfj",
                                                                 "http://idp-provider.com",
                                                                 "federated")
        assertion.add_authenticationStatement(authentication_statement)
        assertion.set_signature(1, "../../examples/rsakey.pem",
                                "../../examples/rsacert.pem");
        # ajout de l'assertion
        res.add_assertion(assertion)

    # export de la response (base64 encod矇e) pr envoi au SP
    res_b64 = res.export_to_base64()
    res.destroy()
else:
    print "La Response (par artifact) n'est pas encore implement嶪"
    lasso.shutdown()
    sys.exit(0)

# partie SP
# reconstruction de la reponse
res = lasso.AuthnResponse.new_from_export(res_b64, type=1)
# Verification de la signature de l'assertion
assertion = res.get_child("Assertion")
if assertion:
    print "Assertion signature check: ", res.get_child("Assertion").verify_signature("../../examples/rootcert.pem")
# recuperation du StatusCode
status_code = res.get_child("StatusCode")
# recuperation de la valeur de l'attribut "Value"
print "Resultat de la demande d'authentification:", status_code.get_attr_value("Value")
res.destroy()

lasso.shutdown()