def __init__(self, attrc, config, ca_certs=None, check_validity=True, disable_ssl_certificate_validation=False, filter=None): """ :params attrc: :params config: Config() :params ca_certs: :params disable_ssl_certificate_validation: """ MetaData.__init__(self, attrc, check_validity=check_validity) if disable_ssl_certificate_validation: self.http = HTTPBase(verify=False, ca_bundle=ca_certs) else: self.http = HTTPBase(verify=True, ca_bundle=ca_certs) self.security = security_context(config) self.ii = 0 self.metadata = {} self.check_validity = check_validity self.filter = filter self.to_old = {}
def __init__(self, entity_type, config=None, config_file="", virtual_organization=""): self.entity_type = entity_type self.users = None if config: self.config = config elif config_file: self.config = config_factory(entity_type, config_file) else: raise SAMLError("Missing configuration") for item in ["cert_file", "key_file", "ca_certs"]: _val = getattr(self.config, item, None) if not _val: continue if _val.startswith("http"): r = requests.request("GET", _val) if r.status_code == 200: _, filename = make_temp(r.text, ".pem", False) setattr(self.config, item, filename) else: raise Exception( "Could not fetch certificate from %s" % _val) try: self.signkey = RSA.importKey( open(self.config.getattr("key_file", ""), 'r').read(), passphrase=self.config.key_file_passphrase) except (KeyError, TypeError): self.signkey = None HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, basestring): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None self.artifact = {} if self.metadata: self.sourceid = self.metadata.construct_source_id() else: self.sourceid = {}
def __init__(self, onts, attrc, config, ca_certs=None, check_validity=True, disable_ssl_certificate_validation=False): """ :params onts: :params attrc: :params config: Config() :params ca_certs: :params disable_ssl_certificate_validation: """ self.onts = onts self.attrc = attrc if disable_ssl_certificate_validation: self.http = HTTPBase(verify=False, ca_bundle=ca_certs) else: self.http = HTTPBase(verify=True, ca_bundle=ca_certs) self.security = security_context(config) self.ii = 0 self.metadata = {} self.check_validity = check_validity
def __init__(self, entity_type, config=None, config_file="", virtual_organization=""): self.entity_type = entity_type self.users = None if config: self.config = config elif config_file: self.config = config_factory(entity_type, config_file) else: raise SAMLError("Missing configuration") for item in ["cert_file", "key_file", "ca_certs"]: _val = getattr(self.config, item, None) if not _val: continue if _val.startswith("http"): r = requests.request("GET", _val) if r.status_code == 200: _, filename = make_temp(r.text, ".pem", False) setattr(self.config, item, filename) else: raise Exception( "Could not fetch certificate from %s" % _val) try: self.signkey = RSA.importKey( open(self.config.getattr("key_file", ""), 'r').read()) except (KeyError, TypeError): self.signkey = None HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, six.string_types): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None self.artifact = {} if self.metadata: self.sourceid = self.metadata.construct_source_id() else: self.sourceid = {}
def test_load_remote_encoding(): crypto = sigver._get_xmlsec_cryptobackend() sc = sigver.SecurityContext(crypto, key_type="", cert_type="") httpc = HTTPBase() mds = MetaDataExtern(ATTRCONV, 'http://metadata.aai.switch.ch/metadata.aaitest.xml', sc, full_path('SWITCHaaiRootCA.crt.pem'), httpc) mds.load()
def test_mdx_certs(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) http = HTTPBase(verify=False, ca_bundle=None) mdx = MetaDataMDX(quote_plus, ONTS.values(), ATTRCONV, "http://pyff-test.nordu.net", sec_config, None, http) foo = mdx.certs("https://idp.umu.se/saml2/idp/metadata.php", "idpsso") assert len(foo) == 1
def __init__(self, entity_type, config=None, config_file="", virtual_organization=""): self.entity_type = entity_type self.users = None if config: self.config = config elif config_file: self.config = config_factory(entity_type, config_file) else: raise SAMLError("Missing configuration") HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in list(self.config.vorg.values()): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() self.debug = self.config.debug self.seed = rndbytes(32) self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, str): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None self.artifact = {} if self.metadata: self.sourceid = self.metadata.construct_source_id() else: self.sourceid = {}
def __init__(self, config_file="", config=None, _cache="", stype="idp"): self.ident = None if config_file: self.load_config(config_file, stype) elif config: self.conf = config else: raise Exception("Missing configuration") HTTPBase.__init__(self, self.conf.verify_ssl_cert, self.conf.ca_certs, self.conf.key_file, self.conf.cert_file) self.conf.setup_logger() self.metadata = self.conf.metadata self.sec = security_context(self.conf) self._cache = _cache
def test_mdx_service(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) http = HTTPBase(verify=False, ca_bundle=None) mdx = MetaDataMDX(quote_plus, ONTS.values(), ATTRCONV, "http://pyff-test.nordu.net", sec_config, None, http) foo = mdx.service("https://idp.umu.se/saml2/idp/metadata.php", "idpsso_descriptor", "single_sign_on_service") assert len(foo) == 1 assert foo.keys()[0] == BINDING_HTTP_REDIRECT
def __init__(self, entity_type, config=None, config_file="", virtual_organization=""): self.entity_type = entity_type self.users = None if config: self.config = config elif config_file: self.config = config_factory(entity_type, config_file) else: raise SAMLError("Missing configuration") HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() self.debug = self.config.debug self.seed = rndstr(32) self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, basestring): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None self.artifact = {} if self.metadata: self.sourceid = self.metadata.construct_source_id() else: self.sourceid = {}
def test_load_remote_encoding(mock_request): filepath = os.path.join(TESTS_DIR, "remote_data/metadata.aaitest.xml") with open(filepath) as fd: data = fd.read() mock_request.return_value.ok = True mock_request.return_value.status_code = 200 mock_request.return_value.content = data crypto = sigver._get_xmlsec_cryptobackend() sc = sigver.SecurityContext(crypto, key_type="", cert_type="") httpc = HTTPBase() mds = MetaDataExtern(ATTRCONV, 'http://metadata.aai.switch.ch/metadata.aaitest.xml', sc, full_path('SWITCHaaiRootCA.crt.pem'), httpc) mds.load()
def validate_metadata_url(url: str) -> bool: """Validates metadata URL Args: url (str): Metadata URL Returns: bool: Wether the metadata URL is valid or not """ try: http_client = HTTPBase() metadata = MetaDataExtern(None, url=url, http=http_client) metadata.load() except: return False return True
parser.add_argument('-t', dest='type') parser.add_argument('-u', dest='url') parser.add_argument('-c', dest='cert') parser.add_argument('-a', dest='attrsmap') parser.add_argument('-o', dest='output') parser.add_argument('-x', dest='xmlsec') parser.add_argument(dest="item") args = parser.parse_args() metad = None if args.type == "local": metad = MetaDataFile(list(ONTS.values()), args.item, args.item) elif args.type == "external": ATTRCONV = ac_factory(args.attrsmap) httpc = HTTPBase() crypto = _get_xmlsec_cryptobackend(args.xmlsec) sc = SecurityContext(crypto) metad = MetaDataExtern(list(ONTS.values()), ATTRCONV, args.url, sc, cert=args.cert, http=httpc) if metad: try: metad.load() except: raise else:
def __init__(self, config=None, identity_cache=None, state_cache=None, virtual_organization="",config_file=""): """ :param config: A saml2.config.Config instance :param identity_cache: Where the class should store identity information :param state_cache: Where the class should keep state information :param virtual_organization: A specific virtual organization """ self.users = Population(identity_cache) # for server state storage if state_cache is None: self.state = {} # in memory storage else: self.state = state_cache if config: self.config = config elif config_file: self.config = config_factory("sp", config_file) else: raise Exception("Missing configuration") HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() # we copy the config.debug variable in an internal # field for convenience and because we may need to # change it during the tests self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, basestring): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None for foo in ["allow_unsolicited", "authn_requests_signed", "logout_requests_signed"]: if self.config.getattr("sp", foo) == 'true': setattr(self, foo, True) else: setattr(self, foo, False) # extra randomness self.seed = rndstr(32) self.logout_requests_signed_default = True self.allow_unsolicited = self.config.getattr("allow_unsolicited", "sp")
def __init__(self, config=None, identity_cache=None, state_cache=None, virtual_organization="", config_file=""): """ :param config: A saml2.config.Config instance :param identity_cache: Where the class should store identity information :param state_cache: Where the class should keep state information :param virtual_organization: A specific virtual organization """ self.users = Population(identity_cache) # for server state storage if state_cache is None: self.state = {} # in memory storage else: self.state = state_cache if config: self.config = config elif config_file: self.config = config_factory("sp", config_file) else: raise Exception("Missing configuration") HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() # we copy the config.debug variable in an internal # field for convenience and because we may need to # change it during the tests self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, basestring): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None for foo in [ "allow_unsolicited", "authn_requests_signed", "logout_requests_signed" ]: if self.config.getattr("sp", foo) == 'true': setattr(self, foo, True) else: setattr(self, foo, False) # extra randomness self.seed = rndstr(32) self.logout_requests_signed_default = True self.allow_unsolicited = self.config.getattr("allow_unsolicited", "sp")