Salve a tutti.
Premetto che ho installato l’ultima release dello spid-saml-check, attraverso il quale ho validato perfettamente i metadata generati, coperti da un certificato SSL rilasciato da una vera CA (non self signed).
Effettuando le operazioni di Check Strict - Check Certificates e Check Extra sulla Request SAML ottengo il seguente errore nei log del docker:
cd …/specs-compliance-tests && DATA_DIR=./data/https___spid_comunecatanzaro_it SSLLABS_SKIP=1 SP_METADATA=./data/https___spid_comunecatanzaro_it/sp-metadata.xml AUTHN_REQUEST=./data/https___spid_comunecatanzaro_it/authn-request.xml tox -e cleanup,sp-metadata-strict,sp-metadata-certs,sp-authn-request-strict,sp-authn-request-certs
cleanup run-test-pre: PYTHONHASHSEED=‘1680345370’
cleanup run-test: commands[0] | find ./data/https___spid_comunecatanzaro_it -type f -name ‘.json’ -delete
cleanup run-test: commands[1] | find ./data/https___spid_comunecatanzaro_it -type f -name '.pem’ -delete
cleanup run-test: commands[2] | find ./data/https___spid_comunecatanzaro_it -type f -name ‘.request.txt’ -delete
cleanup run-test: commands[3] | find ./data/https___spid_comunecatanzaro_it -type f -name '.response.txt’ -delete
sp-metadata-strict installed: certifi==2020.12.5,cffi==1.14.4,chardet==4.0.0,cryptography==3.4.3,decorator==4.4.2,idna==2.10,lxml==4.6.2,pycparser==2.20,pyOpenSSL==20.0.1,requests==2.25.1,six==1.15.0,urllib3==1.26.3,validators==0.18.2
sp-metadata-strict run-test-pre: PYTHONHASHSEED=‘1680345370’
sp-metadata-strict run-test: commands[0] | python -m unittest --verbose test/sp/metadata_strict.py
test_AssertionConsumerService (test.sp.metadata_strict.TestSPMetadata)
Test the compliance of AssertionConsumerService element(s) … ok
test_AttributeConsumingService (test.sp.metadata_strict.TestSPMetadata)
Test the compliance of AttributeConsumingService element(s) … ok
test_EntityDescriptor (test.sp.metadata_strict.TestSPMetadata)
Test the compliance of EntityDescriptor element … ok
test_KeyDescriptor (test.sp.metadata_strict.TestSPMetadata)
Test the compliance of KeyDescriptor element(s) … ok
test_Organization (test.sp.metadata_strict.TestSPMetadata)
Test the compliance of Organization element … ok
test_SPSSODescriptor (test.sp.metadata_strict.TestSPMetadata)
Test the compliance of SPSSODescriptor element … ok
test_Signature (test.sp.metadata_strict.TestSPMetadata)
Test the compliance of Signature element … ok
test_SingleLogoutService (test.sp.metadata_strict.TestSPMetadata)
Test the compliance of SingleLogoutService element(s) … ok
test_TLS12Support (test.sp.metadata_strict.TestSPMetadata)
Test the support of TLS 1.2 for Locations URL … skipped ‘x’
test_xmldsig (test.sp.metadata_strict.TestSPMetadata)
Verify the SP metadata signature … ok
Ran 10 tests in 0.027s
OK (skipped=1)
sp-metadata-certs installed: certifi==2020.12.5,cffi==1.14.4,chardet==4.0.0,cryptography==3.4.3,decorator==4.4.2,idna==2.10,lxml==4.6.2,pycparser==2.20,pyOpenSSL==20.0.1,requests==2.25.1,six==1.15.0,urllib3==1.26.3,validators==0.18.2
sp-metadata-certs run-test-pre: PYTHONHASHSEED=‘1680345370’
sp-metadata-certs run-test: commands[0] | python -m unittest --verbose test/sp/metadata_certs.py
test_encryption_certificates (test.sp.metadata_certs.TestSPMetadataCertificates)
Test the compliance of encryption certificate(s) … ok
test_signature_certificates (test.sp.metadata_certs.TestSPMetadataCertificates)
Test the compliance of signature certificate(s) … ok
test_signing_certificates (test.sp.metadata_certs.TestSPMetadataCertificates)
Test the compliance of signing certificate(s) … ok
Ran 3 tests in 0.136s
OK
sp-authn-request-strict installed: certifi==2020.12.5,cffi==1.14.4,chardet==4.0.0,cryptography==3.4.3,decorator==4.4.2,idna==2.10,lxml==4.6.2,pycparser==2.20,pyOpenSSL==20.0.1,requests==2.25.1,six==1.15.0,urllib3==1.26.3,validators==0.18.2
sp-authn-request-strict run-test-pre: PYTHONHASHSEED=‘1680345370’
sp-authn-request-strict run-test: commands[0] | python ./script/parse-request.py authn ./data/https___spid_comunecatanzaro_it/authn-request.xml ./data/https___spid_comunecatanzaro_it/sp-metadata.xml
sp-authn-request-strict run-test: commands[1] | python -m unittest --verbose test/sp/authn_request_strict.py
test_AuthnRequest (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of AuthnRequest element … FAIL
test_Conditions (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of Conditions element … ok
test_Issuer (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of Issuer element … ok
test_NameIDPolicy (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of NameIDPolicy element … ok
test_RelayState (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of RelayState parameter … ok
test_RequestedAuthnContext (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of RequestedAuthnContext element … ok
test_RequesterID (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of RequesterID element … ok
test_Scoping (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of Scoping element … ok
test_Signature (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of Signature element … ok
test_Subject (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of Subject element … ok
test_xsd_and_xmldsig (test.sp.authn_request_strict.TestAuthnRequest)
Test if the XSD validates and if the signature is valid … ok
======================================================================
FAIL: test_AuthnRequest (test.sp.authn_request_strict.TestAuthnRequest)
Test the compliance of AuthnRequest element
Traceback (most recent call last):
File “/spid-saml-check/specs-compliance-tests/test/sp/authn_request_strict.py”, line 112, in tearDown
self.fail(common.helpers.dump_failures(self.failures))
AssertionError:
/ Hey, there was an error! Take a look in
\ the list below… /
\
\
\ __---__
_- /--______
__--( / \ )XXXXXXXXXXX\v.
.-XXX( O O )XXXXXXXXXXXXXXX-
/XXX( U ) XXXXXXX\
/XXXXX( )--_ XXXXXXXXXXX\
/XXXXX/ ( O ) XXXXXX \XXXXX\
XXXXX/ / XXXXXX \__ \XXXXX
XXXXXX__/ XXXXXX \__---->
—___ XXX__/ XXXXXX __ /
- --__/ ___/\ XXXXXX / ___–/=
-\ _/ XXXXXX '— XXXXXX
-/XXX\ XXXXXX /XXXXX
\XXXXXXXXX \ /XXXXX/
\XXXXXX > _/XXXXX/
\XXXXX–/ __-- XXXX/
-XXXXXXXX--------------- XXXXXX-
\XXXXXXXXXXXXXXXXXXXXXXXXXX/
““VXXXXXXXXXXXXXXXXXXV””
[FAIL] The Destination attribute must be a valid HTTPS url - TR pag. 8
Ran 11 tests in 0.227s
FAILED (failures=1)
ERROR: InvocationError for command /spid-saml-check/specs-compliance-tests/.tox/sp-authn-request-strict/bin/python -m unittest --verbose test/sp/authn_request_strict.py (exited with code 1)
sp-authn-request-certs installed: certifi==2020.12.5,cffi==1.14.4,chardet==4.0.0,cryptography==3.4.3,decorator==4.4.2,idna==2.10,lxml==4.6.2,pycparser==2.20,pyOpenSSL==20.0.1,requests==2.25.1,six==1.15.0,urllib3==1.26.3,validators==0.18.2
sp-authn-request-certs run-test-pre: PYTHONHASHSEED=‘1680345370’
sp-authn-request-certs run-test: commands[0] | python -m unittest --verbose test/sp/authn_request_certs.py
test_signature_certificates (test.sp.authn_request_certs.TestAuthnRequestCertificates)
Test the compliance of signature certificate(s) … ok
Ran 1 test in 0.052s
OK
___________________________________ summary ____________________________________
cleanup: commands succeeded
sp-metadata-strict: commands succeeded
sp-metadata-certs: commands succeeded
ERROR: sp-authn-request-strict: commands failed
sp-authn-request-certs: commands succeeded
DATABASE : QUERY
“SELECT store FROM store WHERE user=‘validator’ AND entity_id=‘https://spid.comunecatanzaro.it’ AND type=‘main’”
DATABASE : QUERY
“SELECT organization FROM store WHERE user=‘validator’ AND entity_id=‘https://spid.comunecatanzaro.it’ AND type=‘main’”
DATABASE EXCEPTION (saveStore)
“TypeError [ERR_INVALID_ARG_TYPE]: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined”
DATABASE EXCEPTION (setMetadataValidation)
“TypeError [ERR_INVALID_ARG_TYPE]: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined”
(node:19) UnhandledPromiseRejectionWarning: TypeError [ERR_INVALID_ARG_TYPE]: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined
at Function.from (buffer.js:330:9)
at Function.btoa (/spid-saml-check/spid-validator/server/lib/utils.js:120:23)
at Database.saveStore (/spid-saml-check/spid-validator/server/lib/database.js:98:45)
at Database.setRequestValidation (/spid-saml-check/spid-validator/server/lib/database.js:387:18)
at /spid-saml-check/spid-validator/server/api/request.js:118:34
at runMicrotasks ()
at processTicksAndRejections (internal/process/task_queues.js:97:5)
(node:19) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag--unhandled-rejections=strict
(see Command-line API | Node.js v21.7.1 Documentation). (rejection id: 15)
A qualcuno è capitato ? Sa quale potrebbe essere il problema ?
Grazie mille