def _loads(self, xmldata, binding=None, origdoc=None):
# own copy
self.xmlstr = xmldata[:]
logger.info("xmlstr: %s" % (self.xmlstr, ))
try:
self.message = self.signature_check(xmldata, origdoc=origdoc)
except TypeError:
raise
except Exception as excp:
logger.info("EXCEPTION: %s", excp)
if not self.message:
logger.error("Response was not correctly signed")
logger.info(xmldata)
raise IncorrectlySigned()
logger.info("request: %s" % (self.message, ))
try:
valid_instance(self.message)
except NotValid as exc:
logger.error("Not valid request: %s" % exc.args[0])
raise
return self
class Request(object):
def __init__(self,
sec_context,
receiver_addrs,
attribute_converters=None,
timeslack=0):
self.sec = sec_context
self.receiver_addrs = receiver_addrs
self.timeslack = timeslack
self.xmlstr = ""
self.name_id = ""
self.message = None
self.not_on_or_after = 0
self.attribute_converters = attribute_converters
self.binding = None
self.relay_state = ""
self.signature_check = _dummy # has to be set !!!
def _clear(self):
self.xmlstr = ""
self.name_id = ""
self.message = None
self.not_on_or_after = 0
def _loads(self,
xmldata,
binding=None,
origdoc=None,
must=None,
only_valid_cert=False):
# own copy
self.xmlstr = xmldata[:]
logger.info("xmlstr: %s" % (self.xmlstr, ))
try:
self.message = self.signature_check(
xmldata,
origdoc=origdoc,
must=must,
only_valid_cert=only_valid_cert)
except TypeError:
raise
except Exception, excp:
logger.info("EXCEPTION: %s", excp)
if not self.message:
logger.error("Response was not correctly signed")
logger.info(xmldata)
raise IncorrectlySigned()
logger.info("request: %s" % (self.message, ))
try:
valid_instance(self.message)
except NotValid, exc:
logger.error("Not valid request: %s" % exc.args[0])
raise
def _loads(self,
xmldata,
binding=None,
origdoc=None,
must=None,
only_valid_cert=False,
relayState=None,
sigalg=None,
signature=None):
# own copy
self.xmlstr = xmldata[:]
logger.debug("xmlstr: %s, relayState: %s, sigalg: %s, signature: %s",
self.xmlstr, relayState, sigalg, signature)
# If redirect binding, and provided SigAlg, Signature use that to verify
# and skip signatureCheck withing SAMLRequest/xmldata
_need_redirect_sig_check, _saml_msg, must = self._should_do_redirect_sig_check(
binding, must, origdoc, relayState, sigalg, signature)
try:
self.message = self.signature_check(
xmldata,
origdoc=origdoc,
must=must,
only_valid_cert=only_valid_cert)
except TypeError:
raise
except Exception as excp:
self.message = None
logger.info("EXCEPTION: %s", excp)
if _need_redirect_sig_check and self.message is not None:
_verified_ok = self._do_redirect_sig_check(_saml_msg)
# Set self.message to None, it shall raise error further down.
if not _verified_ok:
self.message = None
logger.error('Failed to verify signature')
if not self.message:
logger.error("Request was not correctly signed")
logger.info("Request: %s", xmldata)
raise IncorrectlySigned()
logger.info("Request: %s", self.message)
try:
valid_instance(self.message)
except NotValid as exc:
logger.error("Not valid request: %s", exc.args[0])
raise
return self
class Request(object):
def __init__(self, sec_context, receiver_addrs, timeslack=0):
self.sec = sec_context
self.receiver_addrs = receiver_addrs
self.timeslack = timeslack
self.xmlstr = ""
self.name_id = ""
self.message = None
self.not_on_or_after = 0
self.signature_check = _dummy # has to be set !!!
def _clear(self):
self.xmlstr = ""
self.name_id = ""
self.message = None
self.not_on_or_after = 0
def _loads(self, xmldata, decode=True):
if decode:
logger.debug("Expected to decode and inflate xml data")
decoded_xml = s_utils.decode_base64_and_inflate(xmldata)
else:
decoded_xml = xmldata
# own copy
self.xmlstr = decoded_xml[:]
logger.info("xmlstr: %s" % (self.xmlstr, ))
try:
self.message = self.signature_check(decoded_xml)
except TypeError:
raise
except Exception, excp:
logger.info("EXCEPTION: %s", excp)
if not self.message:
logger.error("Response was not correctly signed")
logger.info(decoded_xml)
raise IncorrectlySigned()
logger.info("request: %s" % (self.message, ))
try:
valid_instance(self.message)
except NotValid, exc:
logger.error("Not valid request: %s" % exc.args[0])
raise
def _loads(self,
xmldata,
binding=None,
origdoc=None,
must=None,
only_valid_cert=False):
# See https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/request.py#L39
self.xmlstr = xmldata[:]
must = True if binding == BINDING_HTTP_POST else False
try:
self.message = self.signature_check(
xmldata,
origdoc=origdoc,
must=must,
only_valid_cert=only_valid_cert)
except TypeError as e:
raise
except Exception as excp:
pass
if not self.message:
raise IncorrectlySigned()
return self
def _loads(self,
xmldata,
binding=None,
origdoc=None,
must=None,
only_valid_cert=False):
if binding == BINDING_HTTP_REDIRECT:
pass
# own copy
self.xmlstr = xmldata[:]
logger.debug("xmlstr: %s" % (self.xmlstr, ))
try:
self.message = self.signature_check(
xmldata,
origdoc=origdoc,
must=must,
only_valid_cert=only_valid_cert)
except TypeError:
raise
except Exception as excp:
logger.info("EXCEPTION: %s", excp)
if not self.message:
logger.error("Response was not correctly signed")
logger.info(xmldata)
raise IncorrectlySigned()
logger.info("request: %s" % (self.message, ))
try:
valid_instance(self.message)
except NotValid as exc:
logger.error("Not valid request: %s" % exc.args[0])
raise
return self
def _loads(
self,
xmldata,
binding=None,
origdoc=None,
must=None,
only_valid_cert=False,
relay_state=None,
sigalg=None,
signature=None,
):
# own copy
self.xmlstr = xmldata[:]
logger.debug("xmlstr: %s, relay_state: %s, sigalg: %s, signature: %s",
self.xmlstr, relay_state, sigalg, signature)
sign_redirect = must and binding == BINDING_HTTP_REDIRECT
sign_post = must and not sign_redirect
incorrectly_signed = IncorrectlySigned("Request was not signed correctly")
try:
self.message = self.signature_check(
xmldata,
origdoc=origdoc,
must=sign_post,
only_valid_cert=only_valid_cert,
)
except Exception as e:
self.message = None
raise incorrectly_signed from e
if sign_redirect:
if sigalg is None or signature is None:
raise incorrectly_signed
_saml_msg = {
"SAMLRequest": origdoc,
"Signature": signature,
"SigAlg": sigalg,
}
if relay_state is not None:
_saml_msg["RelayState"] = relay_state
try:
sig_verified = self._do_redirect_sig_check(_saml_msg)
except Exception as e:
self.message = None
raise incorrectly_signed from e
else:
if not sig_verified:
self.message = None
raise incorrectly_signed
if not self.message:
logger.error("Request was not signed correctly")
logger.info("Request data: %s", xmldata)
raise incorrectly_signed
logger.info("Request message: %s", self.message)
try:
valid_instance(self.message)
except NotValid as exc:
logger.error("Request not valid: %s", exc.args[0])
raise
return self