v1.1.1: fix minor bug on missing signature and moved certs check to `…

…--production`
italia · Nov 18, 2021 · 512a5be · 512a5be
1 parent 4de2e77
commit 512a5be
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 46 deletions.
diff --git a/src/spid_sp_test/__init__.py b/src/spid_sp_test/__init__.py
@@ -6,7 +6,7 @@
 
 
 BASE_DIR = Path(__file__).resolve().parent
-__version__ = "1.1.0"
+__version__ = "1.1.1"
 __name__ = "spid_sp_test"
 logger = logging.getLogger(__name__)
 

diff --git a/src/spid_sp_test/authn_request.py b/src/spid_sp_test/authn_request.py
@@ -1019,7 +1019,6 @@ def test_Signature(self):
             references=["TR pag. 10"],
             method=_method,
         )
-
         if not self.IS_HTTP_REDIRECT:
             sign = self.doc.xpath("//AuthnRequest/Signature")
             # desc = [etree.tostring(ent).decode() for ent in sign if sign]
@@ -1030,49 +1029,50 @@ def test_Signature(self):
                 **_data,
             )
 
-            method = sign[0].xpath("./SignedInfo/SignatureMethod")
-            self._assertTrue(
-                (len(method) == 1),
-                "The SignatureMethod element MUST be present",
-                **_data,
-            )
+            if sign:
+                method = sign[0].xpath("./SignedInfo/SignatureMethod")
+                self._assertTrue(
+                    (len(method) == 1),
+                    "The SignatureMethod element MUST be present",
+                    **_data,
+                )
 
-            self._assertTrue(
-                ("Algorithm" in method[0].attrib),
-                "The Algorithm attribute MUST be present " "in SignatureMethod element",
-                **_data,
-            )
+                self._assertTrue(
+                    ("Algorithm" in method[0].attrib),
+                    "The Algorithm attribute MUST be present " "in SignatureMethod element",
+                    **_data,
+                )
 
-            alg = method[0].get("Algorithm")
-            self._assertTrue(
-                alg in constants.ALLOWED_XMLDSIG_ALGS,
-                "The signature algorithm MUST be valid",
-                description=f"One of {', '.join(constants.ALLOWED_XMLDSIG_ALGS)}",
-                **_data,
-            )  # noqa
+                alg = method[0].get("Algorithm")
+                self._assertTrue(
+                    alg in constants.ALLOWED_XMLDSIG_ALGS,
+                    "The signature algorithm MUST be valid",
+                    description=f"One of {', '.join(constants.ALLOWED_XMLDSIG_ALGS)}",
+                    **_data,
+                )  # noqa
 
-            method = sign[0].xpath("./SignedInfo/Reference/DigestMethod")
-            self._assertTrue(
-                (len(method) == 1),
-                "The DigestMethod element MUST be present",
-                **_data,
-            )
+                method = sign[0].xpath("./SignedInfo/Reference/DigestMethod")
+                self._assertTrue(
+                    (len(method) == 1),
+                    "The DigestMethod element MUST be present",
+                    **_data,
+                )
 
-            self._assertTrue(
-                ("Algorithm" in method[0].attrib),
-                "The Algorithm attribute MUST be present " "in DigestMethod element",
-                **_data,
-            )
+                self._assertTrue(
+                    ("Algorithm" in method[0].attrib),
+                    "The Algorithm attribute MUST be present " "in DigestMethod element",
+                    **_data,
+                )
 
-            alg = method[0].get("Algorithm")
-            self._assertTrue(
-                alg in constants.ALLOWED_DGST_ALGS,
-                (
-                    ("The digest algorithm MUST be one of [%s]")
-                    % (", ".join(constants.ALLOWED_DGST_ALGS))
-                ),
-                **_data,
-            )
+                alg = method[0].get("Algorithm")
+                self._assertTrue(
+                    alg in constants.ALLOWED_DGST_ALGS,
+                    (
+                        ("The digest algorithm MUST be one of [%s]")
+                        % (", ".join(constants.ALLOWED_DGST_ALGS))
+                    ),
+                    **_data,
+                )
 
             # save the grubbed certificate for future analysis
             # cert = sign[0].xpath('./KeyInfo/X509Data/X509Certificate')[0]

diff --git a/src/spid_sp_test/metadata.py b/src/spid_sp_test/metadata.py
@@ -923,15 +923,17 @@ def test_profile_spid_sp_public(self):
         self.test_Contacts_VATFC()
         self.test_Contacts_IPACode()
         self.test_extensions_public_private(ext_type="Public")
-        self.test_spid_compliant_certificates(sector="public")
+        if self.production:
+            self.test_spid_compliant_certificates(sector="public")
 
     def test_profile_spid_sp_private(self):
         self.test_profile_spid_sp()
         self.test_Contacts_PubPriv()
         self.test_Contacts_PubPriv(contact_type="billing")
         self.test_Extensions_PubPriv()
         self.test_extensions_public_private(ext_type="Private")
-        self.test_spid_compliant_certificates(sector="private")
+        if self.production:
+            self.test_spid_compliant_certificates(sector="private")
 
         # invalid ! to be removed soon
         # self.test_contactperson_email(
@@ -952,7 +954,8 @@ def test_profile_spid_sp_ag_public_full(self):
         self.test_Contacts_VATFC()
         self.test_extensions_public_ag()
         self.test_Extensions_PubPriv()
-        self.test_spid_compliant_certificates(sector="public")
+        if self.production:
+            self.test_spid_compliant_certificates(sector="public")
 
         # The ContactPerson element of contactType “other” and spid:entityType “spid:aggregator” MUST be present
         # The ContactPerson element of contactType “other” and spid:entityType “spid:aggregated” MUST be present
@@ -977,7 +980,8 @@ def test_profile_spid_sp_ag_public_lite(self):
 
         # The entityID MUST contain the activity code “pub-ag-lite”
         self.test_entityid_contains(value="pub-ag-lite")
-        self.test_spid_compliant_certificates(sector="public")
+        if self.production:
+            self.test_spid_compliant_certificates(sector="public")
 
         # Only one ContactPerson element of contactType “other” and spid:entityType “spid:aggregator” MUST be present
         # Only one ContactPerson element of contactType “other” and spid:entityType “spid:aggregated” MUST be present
@@ -998,7 +1002,8 @@ def test_profile_spid_sp_ag_public_lite(self):
     def test_profile_spid_sp_op_public_full(self):
         self.test_profile_spid_sp()
         self.test_Contacts_VATFC()
-        self.test_spid_compliant_certificates(sector="public")
+        if self.production:
+            self.test_spid_compliant_certificates(sector="public")
 
         # The entityID MUST contain the activity code “pub-op-full”
         self.test_entityid_contains(value="pub-op-full")
@@ -1017,7 +1022,8 @@ def test_profile_spid_sp_op_public_lite(self):
 
         self.test_Contacts_VATFC()
         self.test_extensions_public_private(ext_type="Public")
-        self.test_spid_compliant_certificates(sector="public")
+        if self.production:
+            self.test_spid_compliant_certificates(sector="public")
 
         # The entityID MUST contain the activity code “pub-op-lite”
         self.test_entityid_contains(value="pub-op-lite")
@@ -1065,6 +1071,9 @@ def test_profile_ficep_eidas_sp(self):
         self.xsd_check(xsds_files=["saml-schema-metadata-2.0.xsd"])
 
         self.test_profile_saml2core()
+        if self.production:
+            self.test_spid_compliant_certificates(sector="public")
+
         self.test_SPSSODescriptor_SPID()
         self.test_contactperson_email()
         self.test_AttributeConsumingService_SPID()