From 512a5beb38660d35d8c950737e73c7156b3ef53a Mon Sep 17 00:00:00 2001 From: peppelinux Date: Thu, 18 Nov 2021 10:15:38 +0100 Subject: [PATCH] v1.1.1: fix minor bug on missing signature and moved certs check to `--production` --- src/spid_sp_test/__init__.py | 2 +- src/spid_sp_test/authn_request.py | 78 +++++++++++++++---------------- src/spid_sp_test/metadata.py | 21 ++++++--- 3 files changed, 55 insertions(+), 46 deletions(-) diff --git a/src/spid_sp_test/__init__.py b/src/spid_sp_test/__init__.py index 3bfb831..e000c9b 100644 --- a/src/spid_sp_test/__init__.py +++ b/src/spid_sp_test/__init__.py @@ -6,7 +6,7 @@ BASE_DIR = Path(__file__).resolve().parent -__version__ = "1.1.0" +__version__ = "1.1.1" __name__ = "spid_sp_test" logger = logging.getLogger(__name__) diff --git a/src/spid_sp_test/authn_request.py b/src/spid_sp_test/authn_request.py index 464e9f4..d53b330 100644 --- a/src/spid_sp_test/authn_request.py +++ b/src/spid_sp_test/authn_request.py @@ -1019,7 +1019,6 @@ def test_Signature(self): references=["TR pag. 10"], method=_method, ) - if not self.IS_HTTP_REDIRECT: sign = self.doc.xpath("//AuthnRequest/Signature") # desc = [etree.tostring(ent).decode() for ent in sign if sign] @@ -1030,49 +1029,50 @@ def test_Signature(self): **_data, ) - method = sign[0].xpath("./SignedInfo/SignatureMethod") - self._assertTrue( - (len(method) == 1), - "The SignatureMethod element MUST be present", - **_data, - ) + if sign: + method = sign[0].xpath("./SignedInfo/SignatureMethod") + self._assertTrue( + (len(method) == 1), + "The SignatureMethod element MUST be present", + **_data, + ) - self._assertTrue( - ("Algorithm" in method[0].attrib), - "The Algorithm attribute MUST be present " "in SignatureMethod element", - **_data, - ) + self._assertTrue( + ("Algorithm" in method[0].attrib), + "The Algorithm attribute MUST be present " "in SignatureMethod element", + **_data, + ) - alg = method[0].get("Algorithm") - self._assertTrue( - alg in constants.ALLOWED_XMLDSIG_ALGS, - "The signature algorithm MUST be valid", - description=f"One of {', '.join(constants.ALLOWED_XMLDSIG_ALGS)}", - **_data, - ) # noqa + alg = method[0].get("Algorithm") + self._assertTrue( + alg in constants.ALLOWED_XMLDSIG_ALGS, + "The signature algorithm MUST be valid", + description=f"One of {', '.join(constants.ALLOWED_XMLDSIG_ALGS)}", + **_data, + ) # noqa - method = sign[0].xpath("./SignedInfo/Reference/DigestMethod") - self._assertTrue( - (len(method) == 1), - "The DigestMethod element MUST be present", - **_data, - ) + method = sign[0].xpath("./SignedInfo/Reference/DigestMethod") + self._assertTrue( + (len(method) == 1), + "The DigestMethod element MUST be present", + **_data, + ) - self._assertTrue( - ("Algorithm" in method[0].attrib), - "The Algorithm attribute MUST be present " "in DigestMethod element", - **_data, - ) + self._assertTrue( + ("Algorithm" in method[0].attrib), + "The Algorithm attribute MUST be present " "in DigestMethod element", + **_data, + ) - alg = method[0].get("Algorithm") - self._assertTrue( - alg in constants.ALLOWED_DGST_ALGS, - ( - ("The digest algorithm MUST be one of [%s]") - % (", ".join(constants.ALLOWED_DGST_ALGS)) - ), - **_data, - ) + alg = method[0].get("Algorithm") + self._assertTrue( + alg in constants.ALLOWED_DGST_ALGS, + ( + ("The digest algorithm MUST be one of [%s]") + % (", ".join(constants.ALLOWED_DGST_ALGS)) + ), + **_data, + ) # save the grubbed certificate for future analysis # cert = sign[0].xpath('./KeyInfo/X509Data/X509Certificate')[0] diff --git a/src/spid_sp_test/metadata.py b/src/spid_sp_test/metadata.py index 4050432..6fc1d41 100644 --- a/src/spid_sp_test/metadata.py +++ b/src/spid_sp_test/metadata.py @@ -923,7 +923,8 @@ def test_profile_spid_sp_public(self): self.test_Contacts_VATFC() self.test_Contacts_IPACode() self.test_extensions_public_private(ext_type="Public") - self.test_spid_compliant_certificates(sector="public") + if self.production: + self.test_spid_compliant_certificates(sector="public") def test_profile_spid_sp_private(self): self.test_profile_spid_sp() @@ -931,7 +932,8 @@ def test_profile_spid_sp_private(self): self.test_Contacts_PubPriv(contact_type="billing") self.test_Extensions_PubPriv() self.test_extensions_public_private(ext_type="Private") - self.test_spid_compliant_certificates(sector="private") + if self.production: + self.test_spid_compliant_certificates(sector="private") # invalid ! to be removed soon # self.test_contactperson_email( @@ -952,7 +954,8 @@ def test_profile_spid_sp_ag_public_full(self): self.test_Contacts_VATFC() self.test_extensions_public_ag() self.test_Extensions_PubPriv() - self.test_spid_compliant_certificates(sector="public") + if self.production: + self.test_spid_compliant_certificates(sector="public") # The ContactPerson element of contactType “other” and spid:entityType “spid:aggregator” MUST be present # The ContactPerson element of contactType “other” and spid:entityType “spid:aggregated” MUST be present @@ -977,7 +980,8 @@ def test_profile_spid_sp_ag_public_lite(self): # The entityID MUST contain the activity code “pub-ag-lite” self.test_entityid_contains(value="pub-ag-lite") - self.test_spid_compliant_certificates(sector="public") + if self.production: + self.test_spid_compliant_certificates(sector="public") # Only one ContactPerson element of contactType “other” and spid:entityType “spid:aggregator” MUST be present # Only one ContactPerson element of contactType “other” and spid:entityType “spid:aggregated” MUST be present @@ -998,7 +1002,8 @@ def test_profile_spid_sp_ag_public_lite(self): def test_profile_spid_sp_op_public_full(self): self.test_profile_spid_sp() self.test_Contacts_VATFC() - self.test_spid_compliant_certificates(sector="public") + if self.production: + self.test_spid_compliant_certificates(sector="public") # The entityID MUST contain the activity code “pub-op-full” self.test_entityid_contains(value="pub-op-full") @@ -1017,7 +1022,8 @@ def test_profile_spid_sp_op_public_lite(self): self.test_Contacts_VATFC() self.test_extensions_public_private(ext_type="Public") - self.test_spid_compliant_certificates(sector="public") + if self.production: + self.test_spid_compliant_certificates(sector="public") # The entityID MUST contain the activity code “pub-op-lite” self.test_entityid_contains(value="pub-op-lite") @@ -1065,6 +1071,9 @@ def test_profile_ficep_eidas_sp(self): self.xsd_check(xsds_files=["saml-schema-metadata-2.0.xsd"]) self.test_profile_saml2core() + if self.production: + self.test_spid_compliant_certificates(sector="public") + self.test_SPSSODescriptor_SPID() self.test_contactperson_email() self.test_AttributeConsumingService_SPID()