def load(self): """ Imports metadata by the use of HTTP GET. If the fingerprint is known the file will be checked for compliance before it is imported. """ (response, content) = self.http.request(self.url) if response.status == 200: if verify_signature(content, self.xmlsec_binary, self.cert, node_name="%s:%s" % (md.EntitiesDescriptor.c_namespace, md.EntitiesDescriptor.c_tag)): self.parse(content) return True else: logger.info("Response status: %s" % response.status) return False
def import_external_metadata(self, url, cert=None): """ Imports metadata by the use of HTTP GET. If the fingerprint is known the file will be checked for compliance before it is imported. :param url: The URL pointing to the metadata :param cert: A cert to use for checking the signature :return: True if the import worked out, otherwise False """ (response, content) = self.http.request(url) if response.status == 200: if verify_signature(content, self.xmlsec_binary, cert, node_name="%s:%s" % (md.EntitiesDescriptor.c_namespace, md.EntitiesDescriptor.c_tag)): self.import_metadata(content, (url, cert)) return True else: if self.log: self.log.info("Response status: %s" % response.status) return False
def testAuthnRequestSignedExtraction(self): from pas.plugins.suisseid.tests.utils import MockRequest, FormParser from saml2.samlp import authn_request_from_string plugin = self.createPlugin() sp_pem = os.path.join(path, 'data', 'sp.pem') sp_key = os.path.join(path, 'data', 'sp.key') plugin.changeConfiguration('suisseID Test Portal', 'http://nohost/', '', '', '', sp_key, sp_pem, xmlsec_binary, '') request = MockRequest() request.form['__ac_suisseid_provider_url'] = 'https://idp.swisssign.net/suisseid/eidp/' plugin.extractCredentials(request) parser = FormParser() parser.parse(request.response.body) saml_request = parser.inputs['SAMLRequest'] decoded_xml = base64.b64decode(saml_request) request = authn_request_from_string(decoded_xml) self.assertEquals(request.destination, 'https://idp.swisssign.net/suisseid/eidp/') # Verify signature from saml2.sigver import verify_signature verified = verify_signature(xmlsec_binary, decoded_xml, sp_pem, node_name='urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', cert_type='pem') self.assertEquals(verified, True)
def import_external_metadata(self, url, cert=None, ca_certs=None): """ Imports metadata by the use of HTTP GET. If the fingerprint is known the file will be checked for compliance before it is imported. :param url: The URL pointing to the metadata :param cert: A cert to use for checking the signature :param ca_certs: Certificates to use to verify the HTTPS server certs :return: True if the import worked out, otherwise False """ (response, content) = self.http.request(url) if response.status == 200: if verify_signature(content, self.xmlsec_binary, cert, node_name="%s:%s" % (md.EntitiesDescriptor.c_namespace, md.EntitiesDescriptor.c_tag)): self.import_metadata(content, (url, cert)) return True else: logger.info("Response status: %s" % response.status) return False