Merge pull request #132 from italia/dev

v1.2.0

src/spid_sp_test/__init__.py

@@ -6,7 +6,7 @@
 
 
 BASE_DIR = Path(__file__).resolve().parent
-__version__ = "1.1.7"
+__version__ = "1.2.0"
 __name__ = "spid_sp_test"
 logger = logging.getLogger(__name__)
 
@@ -62,14 +62,16 @@ def handle_result(
             # here report as json
             data["result"] = "success"
             self.results.append(data)
+            self.logger.info(f"{method}: {msg}")
         elif level in ("error", "critical"):
             self.handle_error(title, description, traceback)
         elif level == "warning":
             data["result"] = "warning"
             self.results.append(data)
             self.warnings.append(data)
-        else:
-            getattr(self.logger, level, "debug")(f"{method}: {msg}")
+            self.logger.warning(f"{method}: {msg}")
+        elif level in ("debug"):
+            self.logger.debug(f"{method}: {msg}")
 
     def handle_error(
         self,

src/spid_sp_test/authn_request.py

@@ -246,11 +246,7 @@ def load(self):
             del_ns(self.doc)
         except Exception as e:
             _method = f"Error parsing AuthnRequest: {self.authn_request_decoded}"
-            self.handle_init_errors(
-                method = _method,
-                description = f"{e}",
-                traceback=e
-            )
+            self.handle_init_errors(method=_method, description=f"{e}", traceback=e)
 
         # binding detection
         self.IS_HTTP_REDIRECT = self.authn_request.get("Signature")
@@ -332,7 +328,7 @@ def test_xmldsig(self):
             cert_file = NamedTemporaryFile(suffix=".pem")
 
             # cert clean up ...
-            cert = re.sub(r'[\n\t\s]', '', cert)
+            cert = re.sub(r"[\n\t\s]", "", cert)
 
             cert_file.write(
                 f"-----BEGIN CERTIFICATE-----\n{cert}\n-----END CERTIFICATE-----".encode()
@@ -348,9 +344,7 @@ def test_xmldsig(self):
 
             if self.IS_HTTP_REDIRECT:
                 _sigalg = self.authn_request.get("SigAlg", "")
-                quoted_req = urllib.parse.quote_plus(
-                    self.authn_request["SAMLRequest"]
-                )
+                quoted_req = urllib.parse.quote_plus(self.authn_request["SAMLRequest"])
                 quoted_rs = urllib.parse.quote_plus(
                     self.authn_request.get("RelayState") or ""
                 )
@@ -416,20 +410,12 @@ def test_xmldsig(self):
                     lines = [msg]
                     if err.stderr:
                         stderr = "stderr: " + "\nstderr: ".join(
-                            list(
-                                filter(
-                                    None, err.stderr.decode().split(r"\n")
-                                )
-                            )
+                            list(filter(None, err.stderr.decode().split(r"\n")))
                         )
                         lines.append(stderr)
                     if err.stdout:
                         stdout = "stdout: " + "\nstdout: ".join(
-                            list(
-                                filter(
-                                    None, err.stdout.decode().split(r"\n")
-                                )
-                            )
+                            list(filter(None, err.stdout.decode().split(r"\n")))
                         )
                         lines.append(stdout)
                     _lines = "\n".join(lines)
@@ -925,15 +911,15 @@ def test_Conditions(self):
 
         elif len(e) == 1:
             e = e[0]
-            _data['description'] = e
+            _data["description"] = e
             for attr in ["NotBefore", "NotOnOrAfter"]:
                 self._assertTrue(
                     (attr in e.attrib),
                     f"The {attr} attribute MUST be present",
                     **_data,
                 )
                 value = e.get(attr)
-                _data['description'] = value
+                _data["description"] = value
                 self._assertTrue(
                     value,
                     f"The {attr} attribute MUST have a value",
@@ -1042,7 +1028,8 @@ def test_Signature(self):
 
                 self._assertTrue(
                     ("Algorithm" in method[0].attrib),
-                    "The Algorithm attribute MUST be present " "in SignatureMethod element",
+                    "The Algorithm attribute MUST be present "
+                    "in SignatureMethod element",
                     **_data,
                 )
 
@@ -1063,7 +1050,8 @@ def test_Signature(self):
 
                 self._assertTrue(
                     ("Algorithm" in method[0].attrib),
-                    "The Algorithm attribute MUST be present " "in DigestMethod element",
+                    "The Algorithm attribute MUST be present "
+                    "in DigestMethod element",
                     **_data,
                 )
 

src/spid_sp_test/bin/spid_sp_test

@@ -208,6 +208,8 @@ if __name__ == '__main__':
             'spid-sp-private',
             'spid-sp-ag-public-full',
             'spid-sp-ag-public-lite',
+            'spid-sp-ag-private-full',
+            'spid-sp-ag-private-lite',
             'spid-sp-op-public-full',
             'spid-sp-op-public-lite',
             'cie-sp-public',

src/spid_sp_test/compliant_certificates.py

@@ -6,22 +6,22 @@
 logger = logging.getLogger(__name__)
 
 
-def _get_tests(report:dict):
+def _get_tests(report: dict):
     _res = []
-    for i in report['tests']:
-        for e in i['checks']:
+    for i in report["tests"]:
+        for e in i["checks"]:
             _res.append(e)
     return _res
 
 
-def check_certificate(cert_path:str, sector:str = "public"):
+def check_certificate(cert_path: str, sector: str = "public"):
     _cert = PosixPath(cert_path)
     _val = validate(_cert, sector)
 
     report = _val.as_dict()
     return _get_tests(report)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     cert_path = PosixPath("src/spid_sp_test/idp/public.cert")
     res = check_certificate(cert_path)

src/spid_sp_test/constants.py

@@ -415,29 +415,43 @@
 ]
 
 XML_NAMESPACES = {"spid": "https://spid.gov.it/saml-extensions"}
-NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion'
+NAMESPACE = "urn:oasis:names:tc:SAML:2.0:assertion"
 # TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:assertion}%s'
 # XSI_NAMESPACE = 'http://www.w3.org/2001/XMLSchema-instance'
-SAMLP_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:protocol'
-XSI_NAMESPACE = 'http://www.w3.org/2001/XMLSchema-instance'
-XS_NAMESPACE = 'http://www.w3.org/2001/XMLSchema'
+SAMLP_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol"
+XSI_NAMESPACE = "http://www.w3.org/2001/XMLSchema-instance"
+XS_NAMESPACE = "http://www.w3.org/2001/XMLSchema"
 MD_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:metadata"
 MDUI_NAMESPACE = "urn:oasis:names:tc:SAML:metadata:ui"
-DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
+DS_NAMESPACE = "http://www.w3.org/2000/09/xmldsig#"
 XENC_NAMESPACE = "http://www.w3.org/2001/04/xmlenc#"
 ALG_NAMESPACE = "urn:oasis:names:tc:SAML:metadata:algsupport"
 MDATTR_NAMESPACE = "urn:oasis:names:tc:SAML:metadata:attribute"
 IDPDISC = "urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
 
-OASIS_DEFAULT_NS_PREFIXES = {'saml': NAMESPACE,
-                             'samlp': SAMLP_NAMESPACE,
-                             'ds': DS_NAMESPACE,
-                             'xsi': XSI_NAMESPACE,
-                             'xs': XS_NAMESPACE,
-                             'mdui': MDUI_NAMESPACE,
-                             'md': MD_NAMESPACE,
-                             'xenc': XENC_NAMESPACE,
-                             'alg': ALG_NAMESPACE,
-                             'mdattr': MDATTR_NAMESPACE,
-                             'idpdisc': IDPDISC
+OASIS_DEFAULT_NS_PREFIXES = {
+    "saml": NAMESPACE,
+    "samlp": SAMLP_NAMESPACE,
+    "ds": DS_NAMESPACE,
+    "xsi": XSI_NAMESPACE,
+    "xs": XS_NAMESPACE,
+    "mdui": MDUI_NAMESPACE,
+    "md": MD_NAMESPACE,
+    "xenc": XENC_NAMESPACE,
+    "alg": ALG_NAMESPACE,
+    "mdattr": MDATTR_NAMESPACE,
+    "idpdisc": IDPDISC,
 }
+
+
+SPID_PROFILES = [
+    "PublicServicesFullAggregator",
+    "PublicServicesLightAggregator",
+    "PrivateServicesFullAggregator",
+    "PrivateServicesLightAggregator",
+    "PublicServicesFullOperator",
+    "PublicServicesLightOperator",
+    "Public",
+    "Private",
+    "PublicOperator",
+]

src/spid_sp_test/indicepa.py

@@ -33,12 +33,16 @@ def get_indicepa_by_ipacode(value):
         response = requests.post(API_URL, headers=header, data=qs_final, timeout=5)
     except Exception as e:  # pragma: no cover
         logger.error(e)
-        return {-1, {}}
+        return [-1, {"errore": f"{e}"}]
     else:
         res = response.json()
         try:
-            result = (res["risposta"]["paginazione"]["numeroRigheTotali"], res)
-            return result
-        except KeyError:  # pragma: no cover
+            nrt = res["risposta"]["paginazione"]["numeroRigheTotali"]
+            result = (nrt, res)
+            if nrt <= 0:
+                return [-1, {"errore": f"risultato vuoto per {qs_final}"}]
+            else:
+                return result
+        except KeyError as e:  # pragma: no cover
             logger.error(f"{API_URL} invalid response")
-            return {-1, {}}
+            return [-1, {"errore": f"{e}"}]