def load(self):
""" Imports metadata by the use of HTTP GET.
If the fingerprint is known the file will be checked for
compliance before it is imported.
"""
(response, content) = self.http.request(self.url)
if response.status == 200:
if verify_signature(content, self.xmlsec_binary, self.cert,
node_name="%s:%s" % (md.EntitiesDescriptor.c_namespace,
md.EntitiesDescriptor.c_tag)):
self.parse(content)
return True
else:
logger.info("Response status: %s" % response.status)
return False
def load(self):
""" Imports metadata by the use of HTTP GET.
If the fingerprint is known the file will be checked for
compliance before it is imported.
"""
(response, content) = self.http.request(self.url)
if response.status == 200:
if verify_signature(content,
self.xmlsec_binary,
self.cert,
node_name="%s:%s" %
(md.EntitiesDescriptor.c_namespace,
md.EntitiesDescriptor.c_tag)):
self.parse(content)
return True
else:
logger.info("Response status: %s" % response.status)
return False
def import_external_metadata(self, url, cert=None):
""" Imports metadata by the use of HTTP GET.
If the fingerprint is known the file will be checked for
compliance before it is imported.
:param url: The URL pointing to the metadata
:param cert: A cert to use for checking the signature
:return: True if the import worked out, otherwise False
"""
(response, content) = self.http.request(url)
if response.status == 200:
if verify_signature(content, self.xmlsec_binary, cert,
node_name="%s:%s" % (md.EntitiesDescriptor.c_namespace,
md.EntitiesDescriptor.c_tag)):
self.import_metadata(content, (url, cert))
return True
else:
if self.log:
self.log.info("Response status: %s" % response.status)
return False
def testAuthnRequestSignedExtraction(self):
from pas.plugins.suisseid.tests.utils import MockRequest, FormParser
from saml2.samlp import authn_request_from_string
plugin = self.createPlugin()
sp_pem = os.path.join(path, 'data', 'sp.pem')
sp_key = os.path.join(path, 'data', 'sp.key')
plugin.changeConfiguration('suisseID Test Portal', 'http://nohost/', '',
'', '', sp_key, sp_pem, xmlsec_binary, '')
request = MockRequest()
request.form['__ac_suisseid_provider_url'] = 'https://idp.swisssign.net/suisseid/eidp/'
plugin.extractCredentials(request)
parser = FormParser()
parser.parse(request.response.body)
saml_request = parser.inputs['SAMLRequest']
decoded_xml = base64.b64decode(saml_request)
request = authn_request_from_string(decoded_xml)
self.assertEquals(request.destination, 'https://idp.swisssign.net/suisseid/eidp/')
# Verify signature
from saml2.sigver import verify_signature
verified = verify_signature(xmlsec_binary, decoded_xml, sp_pem,
node_name='urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest',
cert_type='pem')
self.assertEquals(verified, True)
def import_external_metadata(self, url, cert=None, ca_certs=None):
""" Imports metadata by the use of HTTP GET.
If the fingerprint is known the file will be checked for
compliance before it is imported.
:param url: The URL pointing to the metadata
:param cert: A cert to use for checking the signature
:param ca_certs: Certificates to use to verify the HTTPS server certs
:return: True if the import worked out, otherwise False
"""
(response, content) = self.http.request(url)
if response.status == 200:
if verify_signature(content,
self.xmlsec_binary,
cert,
node_name="%s:%s" %
(md.EntitiesDescriptor.c_namespace,
md.EntitiesDescriptor.c_tag)):
self.import_metadata(content, (url, cert))
return True
else:
logger.info("Response status: %s" % response.status)
return False
