def test_split_backend_metadata_to_separate_files(self, tmpdir,
cert_and_key,
satosa_config_dict,
saml_frontend_config,
saml_backend_config):
satosa_config_dict["FRONTEND_MODULES"] = [saml_frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [
saml_backend_config, saml_backend_config
]
create_and_write_saml_metadata(satosa_config_dict,
cert_and_key[1],
cert_and_key[0],
str(tmpdir),
None,
split_backend_metadata=True)
conf = Config()
conf.cert_file = cert_and_key[0]
security_ctx = security_context(conf)
written_metadata_files = [
saml_backend_config["name"], saml_backend_config["name"]
]
for file in written_metadata_files:
md = MetaDataFile(None,
os.path.join(str(tmpdir),
"{}_0.xml".format(file)),
security=security_ctx)
assert md.load()
def test_sp_type_false(self):
fil = "sp_mdext_conf.py"
cnf = Config().load_file(fil, metadata_construction=True)
cnf.setattr('sp', 'sp_type_in_metadata', False)
ed = entity_descriptor(cnf)
assert all(e.tag is not SPType.c_tag for e in ed.extensions.extension_elements)
def create_metadata_string(configfile, config=None, valid=None, cert=None,
keyfile=None, mid=None, name=None, sign=None):
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
# paths = [".", "/opt/local/bin"]
if valid:
valid_for = int(valid) # Hours
eds = []
if config is None:
if configfile.endswith(".py"):
configfile = configfile[:-3]
config = Config().load_file(configfile, metadata_construction=True)
eds.append(entity_descriptor(config))
conf = Config()
conf.key_file = config.key_file or keyfile
conf.cert_file = config.cert_file or cert
conf.debug = 1
conf.xmlsec_binary = config.xmlsec_binary
secc = security_context(conf)
if mid:
eid, xmldoc = entities_descriptor(eds, valid_for, name, mid,
sign, secc)
else:
eid = eds[0]
if sign:
eid, xmldoc = sign_entity_descriptor(eid, mid, secc)
else:
xmldoc = None
valid_instance(eid)
return metadata_tostring_fix(eid, nspair, xmldoc)
def test_split_frontend_metadata_to_separate_files(
self, tmpdir, cert_and_key, satosa_config_dict,
saml_mirror_frontend_config, saml_backend_config,
oidc_backend_config):
satosa_config_dict["FRONTEND_MODULES"] = [saml_mirror_frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [
oidc_backend_config, saml_backend_config
]
create_and_write_saml_metadata(satosa_config_dict,
cert_and_key[1],
cert_and_key[0],
str(tmpdir),
None,
split_frontend_metadata=True)
conf = Config()
conf.cert_file = cert_and_key[0]
security_ctx = security_context(conf)
file_pattern = "{}*.xml".format(saml_mirror_frontend_config["name"])
written_metadata_files = glob.glob(
os.path.join(str(tmpdir), file_pattern))
assert len(written_metadata_files) == 2
for file in written_metadata_files:
md = MetaDataFile(None, file, security=security_ctx)
assert md.load()
def get_saml_client(domain):
"""Get SAML2 client."""
acs_url = domain + reverse('djangosaml2:acs')
saml_settings = {
'metadata': {
'remote': [{
'url': settings.SAML2_AUTH['METADATA_AUTO_CONF_URL']
}]
},
'service': {
'sp': {
'endpoints': {
'assertion_consumer_service': [
(acs_url, BINDING_HTTP_REDIRECT),
(acs_url, BINDING_HTTP_POST)
],
},
'allow_unsolicited': True,
'authn_requests_signed': True,
'logout_requests_signed': True,
'want_assertions_signed': True,
'want_response_signed': True,
},
},
}
sp_config = Config()
sp_config.load(saml_settings)
sp_config.allow_unknown_attributes = True
saml_client = Saml2Client(config=sp_config)
return saml_client
def __init__(self, cargs, kwargs):
self.nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
_cnf = kwargs['conf']
res = read_multi_conf(_cnf, True)
eds = []
for key, cnf in res.items():
eds.append(entity_descriptor(cnf))
valid_for = 0
"""
Setting things to None here that are now unused, but might be useful someday
"""
conf = Config()
conf.key_file = None
conf.cert_file = None
conf.debug = 1
conf.xmlsec_binary = None
args_name = None
args_id = None
args_sign = None
secc = security_context(conf)
desc, xmldoc = entities_descriptor(eds, valid_for, args_name, args_id,
args_sign, secc)
valid_instance(desc)
self.desc = desc
self.xmldoc = xmldoc
def test_dual():
cnf = Config().load_file(dotname("idp_sp_conf"))
spe = cnf.getattr("endpoints", "sp")
idpe = cnf.getattr("endpoints", "idp")
assert spe
assert idpe
assert spe != idpe
def test_dual():
cnf = Config().load_file("idp_sp_conf")
spe = cnf.getattr("endpoints", "sp")
idpe = cnf.getattr("endpoints", "idp")
assert spe
assert idpe
assert spe != idpe
def test_load_local():
# string representation of XML idp definition
idp_metadata = open(full_path("metadata.xml")).read()
saml_config = Config()
config_dict = {"metadata": {"inline": [idp_metadata]}}
cfg = saml_config.load(config_dict)
assert cfg
def test_dual():
cnf = Config().load_file("idp_sp_conf")
assert cnf.serves() == ["sp", "idp"]
spcnf = cnf.copy_into("sp")
assert isinstance(spcnf, SPConfig)
assert spcnf.context == "sp"
idpcnf = cnf.copy_into("idp")
assert isinstance(idpcnf, IdPConfig)
assert idpcnf.context == "idp"
def test_dual():
cnf = Config().load_file("idp_sp_conf")
assert cnf.serves() == ["sp", "idp"]
spcnf = cnf.copy_into("sp")
assert isinstance(spcnf, SPConfig)
assert spcnf.context == "sp"
idpcnf = cnf.copy_into("idp")
assert isinstance(idpcnf, IdPConfig)
assert idpcnf.context == "idp"
def test_load_local():
# string representation of XML idp definition
idp_metadata = open(full_path("metadata.xml")).read()
saml_config = Config()
config_dict = {
"metadata": {"inline": [idp_metadata]}
}
cfg = saml_config.load(config_dict)
assert cfg
def test_3():
cnf = Config()
cnf.load_file(dotname("sp_1_conf"))
assert cnf.entityid == "urn:mace:example.com:saml:roland:sp"
assert cnf.debug == 1
assert cnf.key_file == full_path("test.key")
assert cnf.cert_file == full_path("test.pem")
#assert cnf.xmlsec_binary == "/usr/local/bin/xmlsec1"
assert cnf.accepted_time_diff == 60
assert cnf.secret == "0123456789"
assert cnf.metadata is not None
assert cnf.attribute_converters is not None
def test_3():
cnf = Config()
cnf.load_file("sp_1_conf")
assert cnf.entityid == "urn:mace:example.com:saml:roland:sp"
assert cnf.debug == 1
assert cnf.key_file == "test.key"
assert cnf.cert_file == "test.pem"
#assert cnf.xmlsec_binary == "/usr/local/bin/xmlsec1"
assert cnf.accepted_time_diff == 60
assert cnf.secret == "0123456789"
assert cnf.metadata is not None
assert cnf.attribute_converters is not None
def dispatch(self, request, helper):
if self.metadata_url is None:
metadata_url = helper.fetch_state('metadata_url')
else:
metadata_url = self.metadata_url
request_id = helper.fetch_state('request_id')
settings = {
'entityid':
request.build_absolute_uri('/organizations/%s/' %
helper.organization.slug),
'metadata': {
'remote': [{
'url': metadata_url,
}],
},
'service': {
'sp': {
'endpoints': {
'assertion_consumer_service':
[(request.build_absolute_uri(
reverse('sentry-auth-sso')), BINDING_HTTP_POST)],
},
'allow_unsolicited': False,
'authn_requests_signed': False,
'logout_requests_signed': True,
'want_assertions_signed': False,
'want_response_signed': True,
},
},
}
config = Config()
config.load(settings)
client = Saml2Client(config)
response = client.parse_authn_request_response(
request.POST['SAMLResponse'],
BINDING_HTTP_POST,
outstanding={request_id: True})
extra = {
key.lower(): value
for key, value in response.get_identity().items()
}
user_info = response.get_subject()
email = user_info.text
username, domain = email.rsplit('@', 1)
if not email:
return helper.error('no email')
helper.bind_state('email', email)
helper.bind_state('name', extra.get('name', username))
return helper.next_step()
def test_oidc_saml(self, tmpdir, cert_and_key, satosa_config_dict, oidc_frontend_config,
saml_backend_config):
satosa_config_dict["FRONTEND_MODULES"] = [oidc_frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]
create_and_write_saml_metadata(satosa_config_dict, cert_and_key[1], cert_and_key[0], str(tmpdir), None)
conf = Config()
conf.cert_file = cert_and_key[0]
security_ctx = security_context(conf)
md = MetaDataFile(None, os.path.join(str(tmpdir), "backend.xml"), security=security_ctx)
assert md.load()
assert not os.path.isfile(os.path.join(str(tmpdir), "frontend.xml"))
def test_entity_attributes(self):
fil = "sp_mdext_conf.py"
cnf = Config().load_file(fil, metadata_construction=True)
ed = entity_descriptor(cnf)
entity_attributes = next(
e
for e in ed.extensions.extension_elements
if e.tag == 'EntityAttributes'
)
attributes = [
parse_str_as(Attribute, e.to_string())
for e in entity_attributes.children
]
assert all(
a.name in [
"urn:oasis:names:tc:SAML:profiles:subject-id:req",
"somename",
]
for a in attributes
)
import saml2.attribute_converter
attrc = saml2.attribute_converter.ac_factory()
import saml2.mdstore
mds = saml2.mdstore.MetadataStore(attrc, cnf)
mds.load("inline", ed.to_string())
entityid = ed.entity_id
entity_attributes = mds.entity_attributes(entityid)
assert entity_attributes == {
'urn:oasis:names:tc:SAML:profiles:subject-id:req': ['any'],
'somename': ['x', 'y', 'z'],
}
def test_split_backend_metadata_to_separate_files(self, tmpdir, cert_and_key, satosa_config_dict,
saml_frontend_config, saml_backend_config):
satosa_config_dict["FRONTEND_MODULES"] = [saml_frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config, saml_backend_config]
create_and_write_saml_metadata(satosa_config_dict, cert_and_key[1], cert_and_key[0], str(tmpdir), None,
split_backend_metadata=True)
conf = Config()
conf.cert_file = cert_and_key[0]
security_ctx = security_context(conf)
written_metadata_files = [saml_backend_config["name"], saml_backend_config["name"]]
for file in written_metadata_files:
md = MetaDataFile(None, os.path.join(str(tmpdir), "{}_0.xml".format(file)), security=security_ctx)
assert md.load()
def test_oidc_saml(self, tmpdir, cert_and_key, satosa_config_dict,
oidc_frontend_config, saml_backend_config):
satosa_config_dict["FRONTEND_MODULES"] = [oidc_frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]
create_and_write_saml_metadata(satosa_config_dict, cert_and_key[1],
cert_and_key[0], str(tmpdir), None)
conf = Config()
conf.cert_file = cert_and_key[0]
security_ctx = security_context(conf)
md = MetaDataFile(None,
os.path.join(str(tmpdir), "backend.xml"),
security=security_ctx)
assert md.load()
assert not os.path.isfile(os.path.join(str(tmpdir), "frontend.xml"))
def __init__(self,
user,
passwd,
sp="",
idp=None,
metadata_file=None,
xmlsec_binary=None,
verbose=0,
ca_certs="",
disable_ssl_certificate_validation=True,
key_file=None,
cert_file=None,
config=None):
"""
:param user: user name
:param passwd: user password
:param sp: The SP URL
:param idp: The IdP PAOS endpoint
:param metadata_file: Where the metadata file is if used
:param xmlsec_binary: Where the xmlsec1 binary can be found (*)
:param verbose: Chatty or not
:param ca_certs: is the path of a file containing root CA certificates
for SSL server certificate validation (*)
:param disable_ssl_certificate_validation: If
disable_ssl_certificate_validation is true, SSL cert validation
will not be performed (*)
:param key_file: Private key filename (*)
:param cert_file: Certificate filename (*)
:param config: Config() instance, overrides all the parameters marked
with an asterisk (*) above
"""
if not config:
config = Config()
config.disable_ssl_certificate_validation = \
disable_ssl_certificate_validation
config.key_file = key_file
config.cert_file = cert_file
config.ca_certs = ca_certs
config.xmlsec_binary = xmlsec_binary
Entity.__init__(self, "sp", config)
self._idp = idp
self._sp = sp
self.user = user
self.passwd = passwd
self._verbose = verbose
if metadata_file:
self._metadata = MetadataStore([saml, samlp], None, config)
self._metadata.load("local", metadata_file)
logger.debug("Loaded metadata from '%s'" % metadata_file)
else:
self._metadata = None
self.metadata = self._metadata
self.cookie_handler = None
self.done_ecp = False
self.cookie_jar = cookielib.LWPCookieJar()
def create_metadata_string(configfile, config=None, valid=None, cert=None,
keyfile=None, mid=None, name=None, sign=None):
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
# paths = [".", "/opt/local/bin"]
if valid:
valid_for = int(valid) # Hours
eds = []
if config is None:
if configfile.endswith(".py"):
configfile = configfile[:-3]
config = Config().load_file(configfile, metadata_construction=True)
eds.append(entity_descriptor(config))
conf = Config()
conf.key_file = config.key_file or keyfile
conf.cert_file = config.cert_file or cert
conf.debug = 1
conf.xmlsec_binary = config.xmlsec_binary
secc = security_context(conf)
if mid:
eid, xmldoc = entities_descriptor(eds, valid_for, name, mid,
sign, secc)
else:
eid = eds[0]
if sign:
eid, xmldoc = sign_entity_descriptor(eid, mid, secc)
else:
xmldoc = None
valid_instance(eid)
return metadata_tostring_fix(eid, nspair, xmldoc)
def test_sp_type_true(self):
fil = "sp_mdext_conf.py"
cnf = Config().load_file(fil, metadata_construction=True)
ed = entity_descriptor(cnf)
assert ed.spsso_descriptor.extensions
assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
assert ed.extensions
assert len(ed.extensions.extension_elements) > 1
assert any(e.tag is SPType.c_tag for e in ed.extensions.extension_elements)
def _saml2_config(self):
if hasattr(self, '_v_cached_config') and self._v_cached_config:
return self._v_cached_config
config = Config()
conf=sp_config.copy()
metadata_file = self.config['metadata_file']
if not metadata_file:
path = os.path.dirname(__file__)
metadata_file = os.path.join(path, 'metadata.xml')
conf['metadata']['local'] = [metadata_file]
config.load(conf)
config['entityid'] = self.config['portal_url']
config['service']['sp']['name'] = self.config['portal_name']
config['service']['sp']['url'] = self.config['portal_url']
required_attributes = []
for attribute in self.config['required_attributes'].split('\r\n'):
name = attributes.get(attribute, None)
if name:
required_attributes.append(name)
elif attribute in attributes.values():
required_attributes.append(attribute)
optional_attributes = []
for attribute in self.config['optional_attributes'].split('\r\n'):
name = attributes.get(attribute, None)
if name:
optional_attributes.append(name)
elif attribute in attributes.values():
optional_attributes.append(attribute)
config['service']['sp']['required_attributes'] = required_attributes
config['service']['sp']['optional_attributes'] = optional_attributes
config['service']['sp']['privacy_notice'] = self.config['privacy_notice']
config['key_file'] = self.config['key_file']
config['cert_file'] = self.config['cert_file']
config['xmlsec_binary'] = self.config['xmlsec_binary']
# Get Idps from the metadata
config['service']['sp']['idp'] = {}
for location in config['metadata'].locations():
name = config['metadata'].name(location)
config['service']['sp']['idp'][name] = location
self._v_cached_config = config
return self._v_cached_config
def __init__(self, user, passwd, sp="", idp=None, metadata_file=None,
xmlsec_binary=None, verbose=0, ca_certs="",
disable_ssl_certificate_validation=True, key_file=None,
cert_file=None):
"""
:param user: user name
:param passwd: user password
:param sp: The SP URL
:param idp: The IdP PAOS endpoint
:param metadata_file: Where the metadata file is if used
:param xmlsec_binary: Where the xmlsec1 binary can be found
:param verbose: Chatty or not
:param ca_certs: is the path of a file containing root CA certificates
for SSL server certificate validation.
:param disable_ssl_certificate_validation: If
disable_ssl_certificate_validation is true, SSL cert validation
will not be performed.
"""
config = Config()
config.disable_ssl_certificate_validation = disable_ssl_certificate_validation
config.key_file = key_file
config.cert_file = cert_file
config.ca_certs = ca_certs
Entity.__init__(self, "sp", config)
self._idp = idp
self._sp = sp
self.user = user
self.passwd = passwd
self._verbose = verbose
if metadata_file:
self._metadata = MetadataStore([saml, samlp], None, xmlsec_binary)
self._metadata.load("local", metadata_file)
logger.debug("Loaded metadata from '%s'" % metadata_file)
else:
self._metadata = None
self.cookie_handler = None
self.done_ecp = False
self.cookie_jar = cookielib.LWPCookieJar()
def test_split_frontend_metadata_to_separate_files(self, tmpdir, cert_and_key, satosa_config_dict,
saml_mirror_frontend_config, saml_backend_config,
oidc_backend_config):
satosa_config_dict["FRONTEND_MODULES"] = [saml_mirror_frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [oidc_backend_config, saml_backend_config]
create_and_write_saml_metadata(satosa_config_dict, cert_and_key[1], cert_and_key[0], str(tmpdir), None,
split_frontend_metadata=True)
conf = Config()
conf.cert_file = cert_and_key[0]
security_ctx = security_context(conf)
file_pattern = "{}*.xml".format(saml_mirror_frontend_config["name"])
written_metadata_files = glob.glob(os.path.join(str(tmpdir), file_pattern))
assert len(written_metadata_files) == 2
for file in written_metadata_files:
md = MetaDataFile(None, file, security=security_ctx)
assert md.load()
def dispatch(self, request, helper):
if self.metadata_url is None:
metadata_url = helper.fetch_state('metadata_url')
else:
metadata_url = self.metadata_url
org = self.get_active_organization(request)
settings = {
'entityid':
request.build_absolute_uri('/organizations/%s/' % org.slug),
'metadata': {
'remote': [{
'url': metadata_url,
}],
},
'service': {
'sp': {
'endpoints': {
'assertion_consumer_service':
[(request.build_absolute_uri(
reverse('sentry-auth-sso')), BINDING_HTTP_POST)],
},
'allow_unsolicited': False,
'authn_requests_signed': False,
'logout_requests_signed': True,
'want_assertions_signed': False,
'want_response_signed': True,
},
},
}
config = Config()
config.load(settings)
client = Saml2Client(config)
request_id, headers = client.prepare_for_authenticate()
helper.bind_state('request_id', request_id)
for key, value in headers['headers']:
if key is 'Location':
# helper.incr_step()
helper.request.session['auth']['idx'] += 1
helper.request.session.modified = True
return self.redirect(value)
def create_metadata_string(configfile, config, valid, cert, keyfile, id, name,
sign):
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
#paths = [".", "/opt/local/bin"]
if valid:
valid_for = int(valid) # Hours
eds = []
if config is not None:
eds.append(entity_descriptor(config))
else:
if configfile.endswith(".py"):
configfile = configfile[:-3]
config = Config().load_file(configfile, metadata_construction=True)
eds.append(entity_descriptor(config))
conf = Config()
conf.key_file = keyfile
conf.cert_file = cert
conf.debug = 1
conf.xmlsec_binary = config.xmlsec_binary
secc = security_context(conf)
if id:
desc = entities_descriptor(eds, valid_for, name, id,
sign, secc)
valid_instance(desc)
return metadata_tostring_fix(desc, nspair)
else:
for eid in eds:
if sign:
desc = sign_entity_descriptor(eid, id, secc)
else:
desc = eid
valid_instance(desc)
return metadata_tostring_fix(desc, nspair)
def _make_metadata(config_dict, option):
"""
Creates metadata from the given idp config
:type config_dict: dict[str, Any]
:type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption
:rtype: str
:param config_dict: config
:param option: metadata creation settings
:return: A xml string
"""
eds = []
cnf = Config()
cnf.load(copy.deepcopy(config_dict), metadata_construction=True)
if option.valid:
cnf.valid_for = option.valid
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = option.keyfile
conf.cert_file = option.cert
conf.debug = 1
conf.xmlsec_binary = option.xmlsec
secc = security_context(conf)
if option.id:
desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id, option.sign, secc)
valid_instance(desc)
print(desc.to_string(NSPAIR))
else:
for eid in eds:
if option.sign:
assert conf.key_file
assert conf.cert_file
eid, xmldoc = sign_entity_descriptor(eid, option.id, secc)
else:
xmldoc = None
valid_instance(eid)
xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode()
return xmldoc
def __init__(self, idp_conf, logger, conf, publicKey, privateKey, metadataList):
"""
Constructor.
Initiates the class.
:param logger: Logger to be used when something needs to be logged.
:param conf: idp_proxy_conf see IdpProxy/conig/idp_proxy_conf.example.py
:param key: A RSA key to be used for encryption.
:param metadataList: A list of metadata files.
[{"local": ["swamid-1.0.xml"]}, {"local": ["sp.xml"]}]
:raise:
"""
if (logger is None) or (conf is None) or (publicKey is None)or (privateKey is None):
raise ValueError(
"A new instance must include a value for logger, conf and key.")
#Public key to be used for encryption.
self.publicKey = publicKey
self.privateKey = privateKey
#Used for presentation of mako files.
self.lookup = TemplateLookup(
directories=[MetadataGeneration.CONST_STATIC_MAKO + 'templates',
MetadataGeneration.CONST_STATIC_MAKO + 'htdocs'],
module_directory='modules',
input_encoding='utf-8',
output_encoding='utf-8')
#The logger.
self.logger = logger
#A list of all social services used by this IdPproxy.
self.socialServiceKeyList = []
#A list of all service providers used by this sp.
self.spKeyList = []
for key in conf:
self.socialServiceKeyList.append(conf[key]["name"])
try:
xmlsec_path = get_xmlsec_binary(["/opt/local/bin"])
except:
try:
xmlsec_path = get_xmlsec_binary(["/usr/local/bin"])
except:
self.logger.info('Xmlsec must be installed! Tries /usr/bin/xmlsec1.')
xmlsec_path = '/usr/bin/xmlsec1'
self.xmlsec_path = xmlsec_path
config = Config()
config.disable_ssl_certificate_validation = True
config.key_file = idp_conf["key_file"]
config.cert_file = idp_conf["cert_file"]
config.xmlsec_binary = idp_conf["xmlsec_binary"]
config.debug = idp_conf["debug"]
for metadata in metadataList:
mds = MetadataStore(MetadataGeneration.CONST_ONTS.values(),
MetadataGeneration.CONST_ATTRCONV, config)
mds.imp(metadata)
for entityId in mds.keys():
self.spKeyList.append(entityId)
def __init__(self, user, passwd, sp="", idp=None, metadata_file=None,
xmlsec_binary=None, verbose=0, ca_certs="",
disable_ssl_certificate_validation=True, key_file=None,
cert_file=None, config=None):
"""
:param user: user name
:param passwd: user password
:param sp: The SP URL
:param idp: The IdP PAOS endpoint
:param metadata_file: Where the metadata file is if used
:param xmlsec_binary: Where the xmlsec1 binary can be found (*)
:param verbose: Chatty or not
:param ca_certs: is the path of a file containing root CA certificates
for SSL server certificate validation (*)
:param disable_ssl_certificate_validation: If
disable_ssl_certificate_validation is true, SSL cert validation
will not be performed (*)
:param key_file: Private key filename (*)
:param cert_file: Certificate filename (*)
:param config: Config() instance, overrides all the parameters marked
with an asterisk (*) above
"""
if not config:
config = Config()
config.disable_ssl_certificate_validation = \
disable_ssl_certificate_validation
config.key_file = key_file
config.cert_file = cert_file
config.ca_certs = ca_certs
config.xmlsec_binary = xmlsec_binary
Entity.__init__(self, "sp", config)
self._idp = idp
self._sp = sp
self.user = user
self.passwd = passwd
self._verbose = verbose
if metadata_file:
self._metadata = MetadataStore([saml, samlp], None, config)
self._metadata.load("local", metadata_file)
logger.debug("Loaded metadata from '%s'" % metadata_file)
else:
self._metadata = None
self.metadata = self._metadata
self.cookie_handler = None
self.done_ecp = False
self.cookie_jar = http.cookiejar.LWPCookieJar()
def get_configurations(config_file, metadata_construction=True, metadata=None, cache=None):
if config_file.endswith(".py"):
config_file = config_file[:-3]
conf = None
try:
conf = __import__(config_file, level=-1)
except:
pass
assert conf, "No configuration/invalid file with the name: %s" % config_file
#idp_conf = config_factory("idp", config_file)
assert conf.SP_ENTITY_CATEGORIES, "The configuration file must contain a list of entity categories in." \
" SP_ENTITY_CATEGORIES"
assert isinstance(conf.SP_ENTITY_CATEGORIES, list), "SP_ENTITY_CATEGORIES must be a list."
assert len(conf.SP_ENTITY_CATEGORIES)>0, "SP_ENTITY_CATEGORIES list must not be empty."
base_config = copy.deepcopy(copy.deepcopy(conf.CONFIG))
idp_config = copy.deepcopy(base_config)
idp_config["entityid"] = idp_config["entityid"] % ""
del(idp_config["service"]["sp"])
new_endpoints = {}
for endpoint in idp_config["service"]["idp"]["endpoints"]:
new_endpoint = []
for value in idp_config["service"]["idp"]["endpoints"][endpoint]:
new_endpoint.append((value[0] % "", value[1]))
new_endpoints[endpoint] = new_endpoint
idp_config["service"]["idp"]["endpoints"] = new_endpoints
sp_configs = {}
sp_config = {}
sp_entity_categories = copy.deepcopy(conf.SP_ENTITY_CATEGORIES)
if conf.SP_ENTITY_CATEGORIES_DEFAULT is not None:
sp_entity_categories.append({"name": "default", "entcat": conf.SP_ENTITY_CATEGORIES_DEFAULT})
for sp_cat in sp_entity_categories:
sp_name = sp_cat["name"]
sp_url = "/" + sp_name + "_sp"
tmp_sp_config = copy.deepcopy(base_config)
tmp_sp_config["entity_category"] = sp_cat["entcat"]
del(tmp_sp_config["service"]["idp"])
tmp_sp_config["entityid"] = tmp_sp_config["entityid"] % sp_url
new_endpoints = {}
for endpoint in tmp_sp_config["service"]["sp"]["endpoints"]:
new_endpoint = []
for value in tmp_sp_config["service"]["sp"]["endpoints"][endpoint]:
new_endpoint.append((value[0] % sp_url, value[1]))
new_endpoints[endpoint] = new_endpoint
tmp_sp_config["service"]["sp"]["endpoints"] = new_endpoints
if metadata is not None:
tmp_sp_config["metadata"] = {}
sp_config = {
"url": sp_url,
"name": sp_name,
"entity_id": tmp_sp_config["entityid"],
"config": Config().load(tmp_sp_config, metadata_construction=True)
}
if metadata is not None:
sp_config["config"].metadata = metadata
sp_configs[sp_name] = sp_config
if metadata is not None:
idp_config["metadata"] = {}
idp_config = Config().load(idp_config, metadata_construction=True)
if metadata is not None:
idp_config.metadata = metadata
return idp_config, sp_configs
#make_temp("%s" % cert_key_str, decode=False)
def signature_security_context(self, cert_and_key):
conf = Config()
conf.cert_file = cert_and_key[0]
conf.key_file = cert_and_key[1]
return security_context(conf)
def signature_security_context(self, cert_and_key):
conf = Config()
conf.cert_file = cert_and_key[0]
conf.key_file = cert_and_key[1]
return security_context(conf)
def verification_security_context(self, cert_and_key):
conf = Config()
conf.cert_file = cert_and_key[0]
return security_context(conf)
def _get_security_context(key, cert):
conf = Config()
conf.key_file = key
conf.cert_file = cert
return security_context(conf)
if args.valid:
# translate into hours
valid_for = int(args.valid) * 24
if args.xmlsec:
xmlsec = args.xmlsec
else:
xmlsec = get_xmlsec_binary(paths)
eds = []
for filespec in args.config:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
eds.append(entity_descriptor(cnf))
secc = SecurityContext(xmlsec, args.keyfile, cert_file=args.cert)
if args.id:
desc = entities_descriptor(eds, valid_for, args.name, args.id, args.sign,
secc)
valid_instance(desc)
print desc.to_string(nspair)
else:
for eid in eds:
if args.sign:
desc = sign_entity_descriptor(eid, id, secc)
else:
desc = eid
valid_instance(desc)
def _get_security_context(key, cert):
conf = Config()
conf.key_file = key
conf.cert_file = cert
return security_context(conf)
def _create_entity_descriptor(entity_config):
cnf = Config().load(copy.deepcopy(entity_config), metadata_construction=True)
return entity_descriptor(cnf)
def verification_security_context(self, cert_and_key):
conf = Config()
conf.cert_file = cert_and_key[0]
return security_context(conf)
def create_metadata_from_config_dict(config):
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
conf = Config().load(config, metadata_construction=True)
return entity_descriptor(conf).to_string(nspair).decode("utf-8")
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
paths = [".", "/opt/local/bin"]
if args.valid:
# translate into hours
valid_for = int(args.valid) * 24
eds = []
for filespec in args.config:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
if valid_for:
cnf.valid_for = valid_for
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)
if args.id:
desc, xmldoc = entities_descriptor(eds, valid_for, args.name, args.id,
args.sign, secc)
valid_instance(desc)
def _make_metadata(config_dict, option):
"""
Creates metadata from the given idp config
:type config_dict: dict[str, Any]
:type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption
:rtype: str
:param config_dict: config
:param option: metadata creation settings
:return: A xml string
"""
eds = []
cnf = Config()
cnf.load(copy.deepcopy(config_dict), metadata_construction=True)
if option.valid:
cnf.valid_for = option.valid
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = option.keyfile
conf.cert_file = option.cert
conf.debug = 1
conf.xmlsec_binary = option.xmlsec
secc = security_context(conf)
if option.id:
desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id,
option.sign, secc)
valid_instance(desc)
print(desc.to_string(NSPAIR))
else:
for eid in eds:
if option.sign:
assert conf.key_file
assert conf.cert_file
eid, xmldoc = sign_entity_descriptor(eid, option.id, secc)
else:
xmldoc = None
valid_instance(eid)
xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode()
return xmldoc
if args.valid:
# translate into hours
valid_for = int(args.valid) * 24
eds = []
for filespec in args.config:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)
if args.id:
desc = entities_descriptor(eds, valid_for, args.name, args.id,
args.sign, secc)
valid_instance(desc)
print desc.to_string(nspair)
else:
for eid in eds:
if args.sign:
assert conf.key_file
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
paths = [".", "/opt/local/bin"]
if args.valid:
# translate into hours
valid_for = int(args.valid) * 24
eds = []
for filespec in args.config:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil)
if valid_for:
cnf.valid_for = valid_for
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)
if args.id:
desc, xmldoc = entities_descriptor(eds, valid_for, args.name, args.id,
args.sign, secc)
valid_instance(desc)
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
paths = [".", "/opt/local/bin"]
if args.valid:
# translate into hours
valid_for = int(args.valid) * 24
eds = []
for filespec in args.config:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
if valid_for:
cnf.valid_for = valid_for
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)
if args.id:
desc, xmldoc = entities_descriptor(eds, valid_for, args.name, args.id,
args.sign, secc)
valid_instance(desc)
def _create_entity_descriptor(entity_config):
cnf = Config().load(copy.deepcopy(entity_config))
return entity_descriptor(cnf)
from saml2.config import Config
from saml2.metadata import entity_descriptor
from saml2.extension.sp_type import SPType
__author__ = 'roland'
fil = "sp_mdext_conf.py"
cnf = Config().load_file(fil, metadata_construction=True)
ed = entity_descriptor(cnf)
print(ed)
assert ed.spsso_descriptor.extensions
assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
assert ed.extensions
assert len(ed.extensions.extension_elements) > 1
assert any(e.tag is SPType.c_tag for e in ed.extensions.extension_elements)
cnf.setattr('sp', 'sp_type_in_metadata', False)
ed = entity_descriptor(cnf)
print(ed)
assert all(e.tag is not SPType.c_tag for e in ed.extensions.extension_elements)
