diff --git a/tests/test_dienst_catalogus_creation.py b/tests/test_dienst_catalogus_creation.py index 054b6c7..7e1e7b7 100644 --- a/tests/test_dienst_catalogus_creation.py +++ b/tests/test_dienst_catalogus_creation.py @@ -1,6 +1,3 @@ -from io import StringIO - -from django.core.management import CommandError, call_command from django.test import TestCase import pytest @@ -13,7 +10,6 @@ generate_dienst_catalogus_metadata, ) -from .conftest import EHERKENNING_TEST_CERTIFICATE_FILE, EHERKENNING_TEST_KEY_FILE from .mixins import EherkenningMetadataMixin NAMESPACES = { @@ -274,7 +270,7 @@ def test_catalogus_with_requested_attributes_without_purpose_statement( @pytest.mark.django_db def test_makelaar_oin_is_configurable(eherkenning_config_defaults, temp_private_root): config = EherkenningConfiguration.get_solo() - config.organisation_name = "Example" + config.organization_name = "Example" config.service_name = "Example" config.oin = "00000000000000000000" config.makelaar_id = "00000000000000000123" @@ -679,331 +675,3 @@ def test_no_eidas_service(self): namespaces=NAMESPACES, ) self.assertEqual(0, len(classifier_node)) - - -@pytest.mark.django_db -def test_generate_metadata_all_options_specified(temp_private_root): - stdout = StringIO() - - call_command( - "generate_eherkenning_dienstcatalogus", - "--no-save-config", - stdout=stdout, - key_file=str(EHERKENNING_TEST_KEY_FILE), - cert_file=str(EHERKENNING_TEST_CERTIFICATE_FILE), - signature_algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - digest_algorithm="http://www.w3.org/2001/04/xmlenc#sha256", - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - organization_name="Test Organisation", - eh_attribute_consuming_service_index="9050", - eidas_attribute_consuming_service_index="9051", - oin="00000001112223330000", - service_name="Test Service Name", - service_description="Test Service Description", - makelaar_id="00000003332221110000", - privacy_policy="http://test-privacy.nl", - test=True, - ) - - output = stdout.getvalue() - service_catalogue_node = etree.XML(output.encode("utf-8")) - - signature_algorithm_node = service_catalogue_node.find( - ".//ds:SignatureMethod", - namespaces=NAMESPACES, - ) - assert ( - signature_algorithm_node.attrib["Algorithm"] - == "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" - ) - - digest_algorithm_node = service_catalogue_node.find( - ".//ds:DigestMethod", - namespaces=NAMESPACES, - ) - assert ( - digest_algorithm_node.attrib["Algorithm"] - == "http://www.w3.org/2001/04/xmlenc#sha256" - ) - - # Service Provider - service_provider_id_node = service_catalogue_node.find( - ".//esc:ServiceProviderID", - namespaces=NAMESPACES, - ) - assert service_provider_id_node.text == "00000001112223330000" - - oganisation_display_node = service_catalogue_node.find( - ".//esc:OrganizationDisplayName", - namespaces=NAMESPACES, - ) - assert oganisation_display_node.text == "Test Organisation" - - # Services - service_definition_nodes = service_catalogue_node.findall( - ".//esc:ServiceDefinition", - namespaces=NAMESPACES, - ) - assert len(service_definition_nodes) == 2 - - eherkenning_definition_node, eidas_definition_node = service_definition_nodes - - # eHerkenning service definition - uuid_node = eherkenning_definition_node.find( - ".//esc:ServiceUUID", - namespaces=NAMESPACES, - ) - assert uuid_node is not None - - service_name_node = eherkenning_definition_node.find( - ".//esc:ServiceName", - namespaces=NAMESPACES, - ) - assert service_name_node.text == "Test Service Name" - - service_description_node = eherkenning_definition_node.find( - ".//esc:ServiceDescription", - namespaces=NAMESPACES, - ) - assert service_description_node.text == "Test Service Description" - - loa_node = eherkenning_definition_node.find( - ".//saml:AuthnContextClassRef", - namespaces=NAMESPACES, - ) - assert loa_node.text == "urn:etoegang:core:assurance-class:loa3" - - makelaar_id_node = eherkenning_definition_node.find( - ".//esc:HerkenningsmakelaarId", - namespaces=NAMESPACES, - ) - assert makelaar_id_node.text == "00000003332221110000" - - entity_concerned_nodes = eherkenning_definition_node.findall( - ".//esc:EntityConcernedTypesAllowed", - namespaces=NAMESPACES, - ) - assert len(entity_concerned_nodes) == 3 - assert entity_concerned_nodes[0].attrib["setNumber"] == "1" - assert entity_concerned_nodes[0].text == "urn:etoegang:1.9:EntityConcernedID:RSIN" - assert entity_concerned_nodes[1].attrib["setNumber"] == "1" - assert entity_concerned_nodes[1].text == "urn:etoegang:1.9:EntityConcernedID:KvKnr" - assert entity_concerned_nodes[2].attrib["setNumber"] == "2" - assert entity_concerned_nodes[2].text == "urn:etoegang:1.9:EntityConcernedID:KvKnr" - - # eIDAS service definition - uuid_node = eidas_definition_node.find( - ".//esc:ServiceUUID", - namespaces=NAMESPACES, - ) - assert uuid_node is not None - - service_name_node = eidas_definition_node.find( - ".//esc:ServiceName", - namespaces=NAMESPACES, - ) - assert service_name_node.text == "Test Service Name (eIDAS)" - - service_description_node = eidas_definition_node.find( - ".//esc:ServiceDescription", - namespaces=NAMESPACES, - ) - assert service_description_node.text == "Test Service Description" - - loa_node = eidas_definition_node.find( - ".//saml:AuthnContextClassRef", - namespaces=NAMESPACES, - ) - assert loa_node.text == "urn:etoegang:core:assurance-class:loa3" - - makelaar_id_node = eidas_definition_node.find( - ".//esc:HerkenningsmakelaarId", - namespaces=NAMESPACES, - ) - assert makelaar_id_node.text == "00000003332221110000" - - entity_concerned_nodes = eidas_definition_node.findall( - ".//esc:EntityConcernedTypesAllowed", - namespaces=NAMESPACES, - ) - assert len(entity_concerned_nodes) == 1 - assert entity_concerned_nodes[0].text == "urn:etoegang:1.9:EntityConcernedID:Pseudo" - - # Service instances - service_instance_nodes = service_catalogue_node.findall( - ".//esc:ServiceInstance", - namespaces=NAMESPACES, - ) - assert len(service_instance_nodes) == 2 - - eherkenning_instance_node, eidas_instance_node = service_instance_nodes - - # Service instance eHerkenning - service_id_node = eherkenning_instance_node.find( - ".//esc:ServiceID", - namespaces=NAMESPACES, - ) - assert service_id_node.text == "urn:etoegang:DV:00000001112223330000:services:9050" - - service_url_node = eherkenning_instance_node.find( - ".//esc:ServiceURL", - namespaces=NAMESPACES, - ) - assert service_url_node.text == "http://test-entity.id" - - privacy_url_node = eherkenning_instance_node.find( - ".//esc:PrivacyPolicyURL", - namespaces=NAMESPACES, - ) - assert privacy_url_node.text == "http://test-privacy.nl" - - makelaar_id_node = eherkenning_instance_node.find( - ".//esc:HerkenningsmakelaarId", - namespaces=NAMESPACES, - ) - assert makelaar_id_node.text == "00000003332221110000" - - key_name_node = eherkenning_instance_node.find( - ".//ds:KeyName", - namespaces=NAMESPACES, - ) - assert key_name_node is not None - certificate_node = eherkenning_instance_node.find( - ".//ds:X509Certificate", - namespaces=NAMESPACES, - ) - assert certificate_node is not None - - classifier_node = eherkenning_instance_node.findall( - ".//esc:Classifier", - namespaces=NAMESPACES, - ) - assert len(classifier_node) == 0 - - # Service instance eIDAS - service_id_node = eidas_instance_node.find( - ".//esc:ServiceID", - namespaces=NAMESPACES, - ) - assert service_id_node.text == "urn:etoegang:DV:00000001112223330000:services:9051" - - service_url_node = eidas_instance_node.find( - ".//esc:ServiceURL", - namespaces=NAMESPACES, - ) - assert service_url_node.text == "http://test-entity.id" - - privacy_url_node = eidas_instance_node.find( - ".//esc:PrivacyPolicyURL", - namespaces=NAMESPACES, - ) - assert privacy_url_node.text == "http://test-privacy.nl" - - makelaar_id_node = eidas_instance_node.find( - ".//esc:HerkenningsmakelaarId", - namespaces=NAMESPACES, - ) - assert makelaar_id_node.text == "00000003332221110000" - - key_name_node = eidas_instance_node.find( - ".//ds:KeyName", - namespaces=NAMESPACES, - ) - assert key_name_node is not None - certificate_node = eidas_instance_node.find( - ".//ds:X509Certificate", - namespaces=NAMESPACES, - ) - assert certificate_node is not None - - classifier_node = eidas_instance_node.findall( - ".//esc:Classifier", - namespaces=NAMESPACES, - ) - assert len(classifier_node) == 1 - assert classifier_node[0].text == "eIDAS-inbound" - - -@pytest.mark.django_db -def test_missing_required_properties(): - with pytest.raises(CommandError): - call_command("generate_eherkenning_dienstcatalogus") - - -@pytest.mark.django_db -def test_no_eidas_service(temp_private_root): - stdout = StringIO() - - call_command( - "generate_eherkenning_dienstcatalogus", - "--no-save-config", - stdout=stdout, - key_file=str(EHERKENNING_TEST_KEY_FILE), - cert_file=str(EHERKENNING_TEST_CERTIFICATE_FILE), - signature_algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - digest_algorithm="http://www.w3.org/2001/04/xmlenc#sha256", - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - organization_name="Test Organisation", - eh_attribute_consuming_service_index="9050", - no_eidas=True, - oin="00000001112223330000", - service_name="Test Service Name", - service_description="Test Service Description", - makelaar_id="00000003332221110000", - privacy_policy="http://test-privacy.nl", - test=True, - ) - - output = stdout.getvalue() - service_catalogue_node = etree.XML(output.encode("utf-8")) - - service_instance_nodes = service_catalogue_node.findall( - ".//esc:ServiceInstance", - namespaces=NAMESPACES, - ) - assert len(service_instance_nodes) == 1 - - eherkenning_instance_node = service_instance_nodes[0] - # Service instance eHerkenning - service_id_node = eherkenning_instance_node.find( - ".//esc:ServiceID", - namespaces=NAMESPACES, - ) - assert service_id_node.text == "urn:etoegang:DV:00000001112223330000:services:9050" - - service_url_node = eherkenning_instance_node.find( - ".//esc:ServiceURL", - namespaces=NAMESPACES, - ) - assert service_url_node.text == "http://test-entity.id" - - privacy_url_node = eherkenning_instance_node.find( - ".//esc:PrivacyPolicyURL", - namespaces=NAMESPACES, - ) - assert privacy_url_node.text == "http://test-privacy.nl" - - makelaar_id_node = eherkenning_instance_node.find( - ".//esc:HerkenningsmakelaarId", - namespaces=NAMESPACES, - ) - assert makelaar_id_node.text == "00000003332221110000" - - key_name_node = eherkenning_instance_node.find( - ".//ds:KeyName", - namespaces=NAMESPACES, - ) - assert key_name_node is not None - certificate_node = eherkenning_instance_node.find( - ".//ds:X509Certificate", - namespaces=NAMESPACES, - ) - assert certificate_node is not None - - classifier_node = eherkenning_instance_node.findall( - ".//esc:Classifier", - namespaces=NAMESPACES, - ) - assert len(classifier_node) == 0 diff --git a/tests/test_digid_metadata.py b/tests/test_digid_metadata.py index 3e52258..2255d10 100644 --- a/tests/test_digid_metadata.py +++ b/tests/test_digid_metadata.py @@ -1,16 +1,10 @@ -from io import StringIO - -from django.core.management import CommandError, call_command from django.test import TestCase import pytest from lxml import etree -from privates.test import temp_private_root -from digid_eherkenning.models import DigidConfiguration from digid_eherkenning.saml2.digid import generate_digid_metadata -from .conftest import DIGID_TEST_CERTIFICATE_FILE, DIGID_TEST_KEY_FILE from .mixins import DigidMetadataMixin NAME_SPACES = { @@ -19,329 +13,6 @@ } -@temp_private_root() -class DigidMetadataManagementCommandTests(TestCase): - def test_generate_metadata_all_options_specified(self): - stdout = StringIO() - - call_command( - "generate_digid_metadata", - "--no-save-config", - "--slo", - stdout=stdout, - want_assertions_encrypted=True, - want_assertions_signed=True, - key_file=str(DIGID_TEST_KEY_FILE), - cert_file=str(DIGID_TEST_CERTIFICATE_FILE), - signature_algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - digest_algorithm="http://www.w3.org/2001/04/xmlenc#sha256", - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - attribute_consuming_service_index="9050", - service_name="Test Service Name", - service_description="Test Service Description", - technical_contact_person_telephone="06123123123", - technical_contact_person_email="test@test.nl", - organization_name="Test organisation", - organization_url="http://test-organisation.nl", - test=True, - ) - - output = stdout.getvalue() - entity_descriptor_node = etree.XML(output.encode("utf-8")) - - self.assertEqual( - "http://test-entity.id", entity_descriptor_node.attrib["entityID"] - ) - - sspo_descriptor_node = entity_descriptor_node.find( - ".//md:SPSSODescriptor", - namespaces=NAME_SPACES, - ) - - self.assertEqual("true", sspo_descriptor_node.attrib["AuthnRequestsSigned"]) - self.assertEqual("true", sspo_descriptor_node.attrib["WantAssertionsSigned"]) - - certificate_node = entity_descriptor_node.find( - ".//ds:X509Certificate", - namespaces=NAME_SPACES, - ) - self.assertIn( - "MIIC0DCCAbigAwIBAgIUEjGmfCGa1cOiTi+UKtDQVtySOHUwDQYJKoZIhvcNAQEL", - certificate_node.text, - ) - - signature_algorithm_node = entity_descriptor_node.find( - ".//ds:SignatureMethod", - namespaces=NAME_SPACES, - ) - self.assertEqual( - "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - signature_algorithm_node.attrib["Algorithm"], - ) - - digest_algorithm_node = entity_descriptor_node.find( - ".//ds:DigestMethod", - namespaces=NAME_SPACES, - ) - self.assertEqual( - "http://www.w3.org/2001/04/xmlenc#sha256", - digest_algorithm_node.attrib["Algorithm"], - ) - - assertion_consuming_service_node = entity_descriptor_node.find( - ".//md:AssertionConsumerService", - namespaces=NAME_SPACES, - ) - self.assertEqual( - "http://test-entity.id/digid/acs/", - assertion_consuming_service_node.attrib["Location"], - ) - - attribute_consuming_service_node = entity_descriptor_node.find( - ".//md:AttributeConsumingService", - namespaces=NAME_SPACES, - ) - self.assertEqual("9050", attribute_consuming_service_node.attrib["index"]) - - service_name_node = entity_descriptor_node.find( - ".//md:ServiceName", - namespaces=NAME_SPACES, - ) - self.assertEqual("Test Service Name", service_name_node.text) - - service_description_node = entity_descriptor_node.find( - ".//md:ServiceDescription", - namespaces=NAME_SPACES, - ) - self.assertEqual("Test Service Description", service_description_node.text) - - organisation_name_node = entity_descriptor_node.find( - ".//md:OrganizationName", - namespaces=NAME_SPACES, - ) - self.assertEqual("Test organisation", organisation_name_node.text) - - organisation_display_node = entity_descriptor_node.find( - ".//md:OrganizationDisplayName", - namespaces=NAME_SPACES, - ) - self.assertEqual("Test organisation", organisation_display_node.text) - - organisation_url_node = entity_descriptor_node.find( - ".//md:OrganizationURL", - namespaces=NAME_SPACES, - ) - self.assertEqual("http://test-organisation.nl", organisation_url_node.text) - - contact_person_node = entity_descriptor_node.find( - ".//md:ContactPerson", - namespaces=NAME_SPACES, - ) - self.assertEqual("technical", contact_person_node.attrib["contactType"]) - - contact_email_node = entity_descriptor_node.find( - ".//md:EmailAddress", - namespaces=NAME_SPACES, - ) - self.assertEqual("test@test.nl", contact_email_node.text) - - contact_telephone_node = entity_descriptor_node.find( - ".//md:TelephoneNumber", - namespaces=NAME_SPACES, - ) - self.assertEqual("06123123123", contact_telephone_node.text) - - slo_nodes = entity_descriptor_node.findall( - ".//md:SingleLogoutService", - namespaces=NAME_SPACES, - ) - self.assertEqual(len(slo_nodes), 2) - slo_soap, slo_redirect = slo_nodes - self.assertEqual( - slo_soap.attrib["Location"], "http://test-entity.id/digid/slo/soap/" - ) - self.assertEqual( - slo_soap.attrib["Binding"], "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" - ) - self.assertEqual( - slo_redirect.attrib["Location"], "http://test-entity.id/digid/slo/redirect/" - ) - self.assertEqual( - slo_redirect.attrib["Binding"], - "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - ) - - def test_missing_required_properties(self): - expected_error = ( - "Error: the following arguments are required: --key-file, --cert-file, " - "--entity-id, --base-url, --service-name, --service-description, " - "--save-config/--no-save-config" - ) - - with self.assertRaisesMessage(CommandError, expected_error): - call_command("generate_digid_metadata") - - def test_contact_telephone_no_email(self): - stdout = StringIO() - - call_command( - "generate_digid_metadata", - "--no-save-config", - "--slo", - want_assertions_encrypted=True, - want_assertions_signed=True, - key_file=str(DIGID_TEST_KEY_FILE), - cert_file=str(DIGID_TEST_CERTIFICATE_FILE), - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - service_name="Test Service Name", - service_description="Test Service Description", - technical_contact_person_telephone="06123123123", - test=True, - stdout=stdout, - ) - - output = stdout.getvalue() - entity_descriptor_node = etree.XML(output.encode("utf-8")) - - contact_email_node = entity_descriptor_node.find( - ".//md:EmailAddress", - namespaces=NAME_SPACES, - ) - contact_telephone_node = entity_descriptor_node.find( - ".//md:TelephoneNumber", - namespaces=NAME_SPACES, - ) - - self.assertIsNone(contact_email_node) - self.assertIsNone(contact_telephone_node) - - def test_organisation_url_no_service(self): - stdout = StringIO() - - call_command( - "generate_digid_metadata", - "--no-save-config", - "--slo", - stdout=stdout, - want_assertions_encrypted=True, - want_assertions_signed=True, - key_file=str(DIGID_TEST_KEY_FILE), - cert_file=str(DIGID_TEST_CERTIFICATE_FILE), - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - service_name="Test Service Name", - service_description="Test Service Description", - organization_url="http://test-organisation.nl", - test=True, - ) - - output = stdout.getvalue() - entity_descriptor_node = etree.XML(output.encode("utf-8")) - - organisation_name_node = entity_descriptor_node.find( - ".//md:OrganizationName", - namespaces=NAME_SPACES, - ) - organisation_display_node = entity_descriptor_node.find( - ".//md:OrganizationDisplayName", - namespaces=NAME_SPACES, - ) - organisation_url_node = entity_descriptor_node.find( - ".//md:OrganizationURL", - namespaces=NAME_SPACES, - ) - - self.assertIsNone(organisation_name_node) - self.assertIsNone(organisation_display_node) - self.assertIsNone(organisation_url_node) - - def test_slo_not_supported(self): - stdout = StringIO() - - call_command( - "generate_digid_metadata", - "--no-save-config", - "--no-slo", - stdout=stdout, - want_assertions_encrypted=True, - want_assertions_signed=True, - key_file=str(DIGID_TEST_KEY_FILE), - cert_file=str(DIGID_TEST_CERTIFICATE_FILE), - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - service_name="Test Service Name", - service_description="Test Service Description", - test=True, - ) - - output = stdout.getvalue() - entity_descriptor_node = etree.XML(output.encode("utf-8")) - - single_logout_service_node = entity_descriptor_node.find( - ".//md:SingleLogoutService", - namespaces=NAME_SPACES, - ) - self.assertIsNone(single_logout_service_node) - - def test_management_command_and_update_config(self): - stdout = StringIO() - assert not DigidConfiguration.objects.exists() - - call_command( - "generate_digid_metadata", - "--save-config", - "--want-assertions-encrypted", - "--no-only-assertions-signed", - ["--attribute-consuming-service-index", "1"], - key_file=str(DIGID_TEST_KEY_FILE), - cert_file=str(DIGID_TEST_CERTIFICATE_FILE), - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - service_name="Test Service Name", - service_description="Test Service Description", - stdout=stdout, - test=True, - ) - - self.assertTrue(DigidConfiguration.objects.exists()) - config = DigidConfiguration.get_solo() - self.assertTrue(config.want_assertions_encrypted) - self.assertFalse(config.want_assertions_signed) - self.assertEqual(config.service_name, "Test Service Name") - self.assertEqual(config.service_description, "Test Service Description") - self.assertEqual(config.attribute_consuming_service_index, "1") - - self.assertIsNotNone(config.certificate) - - with config.certificate.private_key.open("rb") as privkey: - with DIGID_TEST_KEY_FILE.open("rb") as source_privkey: - self.assertEqual(privkey.read(), source_privkey.read()) - - with config.certificate.public_certificate.open("rb") as cert: - with DIGID_TEST_CERTIFICATE_FILE.open("rb") as source_cert: - self.assertEqual(cert.read(), source_cert.read()) - - -@pytest.mark.django_db -def test_properties_in_db_config_not_required(digid_config): - """ - Assert that required properties already configured don't cause problems. - """ - digid_config.service_description = "CLI test" - digid_config.save() - try: - call_command( - "generate_digid_metadata", - "--no-save-config", - "--test", - stdout=StringIO(), - ) - except CommandError: - pytest.fail("Database configuration is valid for management commands.") - - @pytest.mark.usefixtures("digid_config", "temp_private_root") class DigidMetadataGenerationTests(DigidMetadataMixin, TestCase): def test_generate_metadata_all_options_specified(self): diff --git a/tests/test_eherkenning_metadata.py b/tests/test_eherkenning_metadata.py index 00c0f7b..1abfba6 100644 --- a/tests/test_eherkenning_metadata.py +++ b/tests/test_eherkenning_metadata.py @@ -1,11 +1,7 @@ -from io import StringIO - -from django.core.management import CommandError, call_command from django.test import TestCase import pytest from lxml import etree -from privates.test import temp_private_root from digid_eherkenning.models import EherkenningConfiguration from digid_eherkenning.saml2.eherkenning import ( @@ -13,7 +9,6 @@ generate_eherkenning_metadata, ) -from .conftest import EHERKENNING_TEST_CERTIFICATE_FILE, EHERKENNING_TEST_KEY_FILE from .mixins import EherkenningMetadataMixin NAME_SPACES = { @@ -22,345 +17,6 @@ } -@temp_private_root() -class EHerkenningMetadataManagementCommandTests(TestCase): - def test_generate_metadata_all_options_specified(self): - stdout = StringIO() - - call_command( - "generate_eherkenning_metadata", - "--no-save-config", - stdout=stdout, - want_assertions_encrypted=True, - want_assertions_signed=True, - key_file=str(EHERKENNING_TEST_KEY_FILE), - cert_file=str(EHERKENNING_TEST_CERTIFICATE_FILE), - signature_algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - digest_algorithm="http://www.w3.org/2001/04/xmlenc#sha256", - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - eh_attribute_consuming_service_index="9050", - eidas_attribute_consuming_service_index="9051", - oin="00000001112223330000", - service_name="Test Service Name", - service_description="Test Service Description", - technical_contact_person_telephone="06123123123", - technical_contact_person_email="test@test.nl", - organization_name="Test organisation", - organization_url="http://test-organisation.nl", - test=True, - ) - - output = stdout.getvalue() - entity_descriptor_node = etree.XML(output.encode("utf-8")) - - self.assertEqual( - "http://test-entity.id", entity_descriptor_node.attrib["entityID"] - ) - - sspo_descriptor_node = entity_descriptor_node.find( - ".//md:SPSSODescriptor", - namespaces=NAME_SPACES, - ) - - self.assertEqual("true", sspo_descriptor_node.attrib["AuthnRequestsSigned"]) - self.assertEqual("true", sspo_descriptor_node.attrib["WantAssertionsSigned"]) - - certificate_node = entity_descriptor_node.find( - ".//ds:X509Certificate", - namespaces=NAME_SPACES, - ) - self.assertIn( - "MIIC0DCCAbigAwIBAgIUEjGmfCGa1cOiTi+UKtDQVtySOHUwDQYJKoZIhvcNAQEL", - certificate_node.text, - ) - - signature_algorithm_node = entity_descriptor_node.find( - ".//ds:SignatureMethod", - namespaces=NAME_SPACES, - ) - self.assertEqual( - "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - signature_algorithm_node.attrib["Algorithm"], - ) - - digest_algorithm_node = entity_descriptor_node.find( - ".//ds:DigestMethod", - namespaces=NAME_SPACES, - ) - self.assertEqual( - "http://www.w3.org/2001/04/xmlenc#sha256", - digest_algorithm_node.attrib["Algorithm"], - ) - - assertion_consuming_service_node = entity_descriptor_node.find( - ".//md:AssertionConsumerService", - namespaces=NAME_SPACES, - ) - self.assertEqual( - "http://test-entity.id/eherkenning/acs/", - assertion_consuming_service_node.attrib["Location"], - ) - - attribute_consuming_service_nodes = entity_descriptor_node.findall( - ".//md:AttributeConsumingService", - namespaces=NAME_SPACES, - ) - self.assertEqual(2, len(attribute_consuming_service_nodes)) - - eh_attribute_consuming_service_node = attribute_consuming_service_nodes[0] - eidas_attribute_consuming_service_node = attribute_consuming_service_nodes[1] - - self.assertEqual( - "urn:etoegang:DV:00000001112223330000:services:9050", - eh_attribute_consuming_service_node.find( - ".//md:RequestedAttribute", namespaces=NAME_SPACES - ).attrib["Name"], - ) - self.assertEqual( - "Test Service Name", - eh_attribute_consuming_service_node.find( - ".//md:ServiceName", namespaces=NAME_SPACES - ).text, - ) - self.assertEqual( - "Test Service Description", - eh_attribute_consuming_service_node.find( - ".//md:ServiceDescription", namespaces=NAME_SPACES - ).text, - ) - self.assertEqual( - "urn:etoegang:DV:00000001112223330000:services:9051", - eidas_attribute_consuming_service_node.find( - ".//md:RequestedAttribute", namespaces=NAME_SPACES - ).attrib["Name"], - ) - self.assertEqual( - "Test Service Name (eIDAS)", - eidas_attribute_consuming_service_node.find( - ".//md:ServiceName", namespaces=NAME_SPACES - ).text, - ) - self.assertEqual( - "Test Service Description", - eidas_attribute_consuming_service_node.find( - ".//md:ServiceDescription", namespaces=NAME_SPACES - ).text, - ) - - organisation_name_node = entity_descriptor_node.find( - ".//md:OrganizationName", - namespaces=NAME_SPACES, - ) - self.assertEqual("Test organisation", organisation_name_node.text) - - organisation_display_node = entity_descriptor_node.find( - ".//md:OrganizationDisplayName", - namespaces=NAME_SPACES, - ) - self.assertEqual("Test organisation", organisation_display_node.text) - - organisation_url_node = entity_descriptor_node.find( - ".//md:OrganizationURL", - namespaces=NAME_SPACES, - ) - self.assertEqual("http://test-organisation.nl", organisation_url_node.text) - - contact_person_node = entity_descriptor_node.find( - ".//md:ContactPerson", - namespaces=NAME_SPACES, - ) - self.assertEqual("technical", contact_person_node.attrib["contactType"]) - - contact_email_node = entity_descriptor_node.find( - ".//md:EmailAddress", - namespaces=NAME_SPACES, - ) - self.assertEqual("test@test.nl", contact_email_node.text) - - contact_telephone_node = entity_descriptor_node.find( - ".//md:TelephoneNumber", - namespaces=NAME_SPACES, - ) - self.assertEqual("06123123123", contact_telephone_node.text) - - def test_missing_required_properties(self): - with self.assertRaises(CommandError): - call_command("generate_eherkenning_metadata") - - def test_contact_telephone_no_email(self): - stdout = StringIO() - - call_command( - "generate_eherkenning_metadata", - "--no-save-config", - stdout=stdout, - want_assertions_encrypted=True, - want_assertions_signed=True, - key_file=str(EHERKENNING_TEST_KEY_FILE), - cert_file=str(EHERKENNING_TEST_CERTIFICATE_FILE), - oin="00000001112223330000", - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - service_name="Test Service Name", - service_description="Test Service Description", - technical_contact_person_telephone="06123123123", - test=True, - ) - - output = stdout.getvalue() - entity_descriptor_node = etree.XML(output.encode("utf-8")) - - contact_email_node = entity_descriptor_node.find( - ".//md:EmailAddress", - namespaces=NAME_SPACES, - ) - contact_telephone_node = entity_descriptor_node.find( - ".//md:TelephoneNumber", - namespaces=NAME_SPACES, - ) - - self.assertIsNone(contact_email_node) - self.assertIsNone(contact_telephone_node) - - def test_organisation_url_no_service(self): - stdout = StringIO() - - call_command( - "generate_eherkenning_metadata", - "--no-save-config", - stdout=stdout, - want_assertions_encrypted=True, - want_assertions_signed=True, - oin="00000001112223330000", - key_file=str(EHERKENNING_TEST_KEY_FILE), - cert_file=str(EHERKENNING_TEST_CERTIFICATE_FILE), - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - service_name="Test Service Name", - service_description="Test Service Description", - organization_url="http://test-organisation.nl", - test=True, - ) - - output = stdout.getvalue() - entity_descriptor_node = etree.XML(output.encode("utf-8")) - - organisation_name_node = entity_descriptor_node.find( - ".//md:OrganizationName", - namespaces=NAME_SPACES, - ) - organisation_display_node = entity_descriptor_node.find( - ".//md:OrganizationDisplayName", - namespaces=NAME_SPACES, - ) - organisation_url_node = entity_descriptor_node.find( - ".//md:OrganizationURL", - namespaces=NAME_SPACES, - ) - - self.assertIsNone(organisation_name_node) - self.assertIsNone(organisation_display_node) - self.assertIsNone(organisation_url_node) - - def test_no_eidas_service(self): - stdout = StringIO() - - call_command( - "generate_eherkenning_metadata", - "--no-save-config", - stdout=stdout, - want_assertions_encrypted=True, - want_assertions_signed=True, - key_file=str(EHERKENNING_TEST_KEY_FILE), - cert_file=str(EHERKENNING_TEST_CERTIFICATE_FILE), - signature_algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - digest_algorithm="http://www.w3.org/2001/04/xmlenc#sha256", - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - eh_attribute_consuming_service_index="9050", - oin="00000001112223330000", - no_eidas=True, - service_name="Test Service Name", - service_description="Test Service Description", - technical_contact_person_telephone="06123123123", - technical_contact_person_email="test@test.nl", - organization_name="Test organisation", - organization_url="http://test-organisation.nl", - test=True, - ) - - output = stdout.getvalue() - entity_descriptor_node = etree.XML(output.encode("utf-8")) - - attribute_consuming_service_nodes = entity_descriptor_node.findall( - ".//md:AttributeConsumingService", - namespaces=NAME_SPACES, - ) - self.assertEqual(1, len(attribute_consuming_service_nodes)) - - eh_attribute_consuming_service_node = attribute_consuming_service_nodes[0] - - self.assertEqual( - "urn:etoegang:DV:00000001112223330000:services:9050", - eh_attribute_consuming_service_node.find( - ".//md:RequestedAttribute", namespaces=NAME_SPACES - ).attrib["Name"], - ) - self.assertEqual( - "Test Service Name", - eh_attribute_consuming_service_node.find( - ".//md:ServiceName", namespaces=NAME_SPACES - ).text, - ) - self.assertEqual( - "Test Service Description", - eh_attribute_consuming_service_node.find( - ".//md:ServiceDescription", namespaces=NAME_SPACES - ).text, - ) - - def test_management_command_and_update_config(self): - stdout = StringIO() - assert not EherkenningConfiguration.objects.exists() - - call_command( - "generate_eherkenning_metadata", - "--save-config", - "--want-assertions-encrypted", - "--no-only-assertions-signed", - ["--eh-attribute-consuming-service-index", "1"], - key_file=str(EHERKENNING_TEST_KEY_FILE), - cert_file=str(EHERKENNING_TEST_CERTIFICATE_FILE), - entity_id="http://test-entity.id", - base_url="http://test-entity.id", - service_name="Test Service Name", - service_description="Test Service Description", - oin="01234567890123456789", - stdout=stdout, - test=True, - ) - - self.assertTrue(EherkenningConfiguration.objects.exists()) - config = EherkenningConfiguration.get_solo() - self.assertTrue(config.want_assertions_encrypted) - self.assertFalse(config.want_assertions_signed) - self.assertEqual(config.oin, "01234567890123456789") - self.assertEqual(config.service_name, "Test Service Name") - self.assertEqual(config.service_description, "Test Service Description") - self.assertEqual(config.eh_attribute_consuming_service_index, "1") - - self.assertIsNotNone(config.certificate) - - with config.certificate.private_key.open("rb") as privkey: - with EHERKENNING_TEST_KEY_FILE.open("rb") as source_privkey: - self.assertEqual(privkey.read(), source_privkey.read()) - - with config.certificate.public_certificate.open("rb") as cert: - with EHERKENNING_TEST_CERTIFICATE_FILE.open("rb") as source_cert: - self.assertEqual(cert.read(), source_cert.read()) - - @pytest.mark.usefixtures("eherkenning_config", "temp_private_root") class EHerkenningClientTests(TestCase): def test_attribute_consuming_services_with_non_required_requested_attribute(self):