def _bearer_confirmed(self, data):
if not data:
return False
if data.address:
if not valid_address(data.address):
return False
# verify that I got it from the correct sender
# These two will raise exception if untrue
validate_on_or_after(data.not_on_or_after, self.timeslack)
validate_before(data.not_before, self.timeslack)
# not_before must be < not_on_or_after
if not later_than(data.not_on_or_after, data.not_before):
return False
if self.asynchop and self.came_from is None:
if data.in_response_to:
if data.in_response_to in self.outstanding_queries:
self.came_from = self.outstanding_queries[data.in_response_to]
# del self.outstanding_queries[data.in_response_to]
elif self.allow_unsolicited:
pass
else:
# This is where I don't allow unsolicited reponses
# Either in_response_to == None or has a value I don't
# recognize
logger.debug("in response to: '%s'", data.in_response_to)
logger.info("outstanding queries: %s", self.outstanding_queries.keys())
raise Exception("Combination of session id and requestURI I don't " "recall")
return True
def _bearer_confirmed(self, data):
if not data:
return False
if data.address:
if not valid_address(data.address):
return False
# These two will raise exception if untrue
validate_on_or_after(data.not_on_or_after, self.timeslack)
validate_before(data.not_before, self.timeslack)
# not_before must be < not_on_or_after
if not later_than(data.not_on_or_after, data.not_before):
return False
if self.asynchop and not self.came_from:
if data.in_response_to:
if data.in_response_to in self.outstanding_queries:
self.came_from = self.outstanding_queries[
data.in_response_to]
del self.outstanding_queries[data.in_response_to]
elif self.allow_unsolicited:
pass
else:
# This is where I don't allow unsolicited reponses
# Either in_response_to == None or has a value I don't
# recognize
logger.debug("in response to: '%s'" % data.in_response_to)
logger.info("outstanding queries: %s" %
(self.outstanding_queries.keys(), ))
raise Exception(
"Combination of session id and requestURI I don't recall"
)
return True
def get_subject(self):
""" The assertion must contain a Subject
"""
assert self.assertion.subject
subject = self.assertion.subject
subjconf = []
for subject_confirmation in subject.subject_confirmation:
data = subject_confirmation.subject_confirmation_data
if not data:
# I don't know where this belongs so I ignore it
continue
if data.address:
if not valid_address(data.address):
# ignore this subject_confirmation
continue
# These two will raise exception if untrue
validate_on_or_after(data.not_on_or_after, self.timeslack)
validate_before(data.not_before, self.timeslack)
# not_before must be < not_on_or_after
if not time_util.later_than(data.not_on_or_after, data.not_before):
continue
if self.asynchop and not self.came_from:
if data.in_response_to in self.outstanding_queries:
self.came_from = self.outstanding_queries[
data.in_response_to]
del self.outstanding_queries[data.in_response_to]
elif self.allow_unsolicited:
pass
else:
# This is where I don't allow unsolicited reponses
# Either in_response_to == None or has a value I don't
# recognize
if self.debug and self.log:
self.log.info(
"in response to: '%s'" % data.in_response_to)
self.log.info("outstanding queries: %s" % \
self.outstanding_queries.keys())
raise Exception(
"Combination of session id and requestURI I don't recall")
subjconf.append(subject_confirmation)
if not subjconf:
raise Exception("No valid subject confirmation")
subject.subject_confirmation = subjconf
# The subject must contain a name_id
assert subject.name_id
self.name_id = subject.name_id.text.strip()
return self.name_id
def get_subject(self):
""" The assertion must contain a Subject
"""
assert self.assertion.subject
subject = self.assertion.subject
subjconf = []
for subject_confirmation in subject.subject_confirmation:
data = subject_confirmation.subject_confirmation_data
if not data:
# I don't know where this belongs so I ignore it
continue
if data.address:
if not valid_address(data.address):
# ignore this subject_confirmation
continue
# These two will raise exception if untrue
validate_on_or_after(data.not_on_or_after, self.timeslack)
validate_before(data.not_before, self.timeslack)
# not_before must be < not_on_or_after
if not time_util.later_than(data.not_on_or_after, data.not_before):
continue
if self.asynchop and not self.came_from:
if data.in_response_to in self.outstanding_queries:
self.came_from = self.outstanding_queries[
data.in_response_to]
del self.outstanding_queries[data.in_response_to]
elif self.allow_unsolicited:
pass
else:
# This is where I don't allow unsolicited reponses
# Either in_response_to == None or has a value I don't
# recognize
logger.debug("in response to: '%s'" % data.in_response_to)
logger.info("outstanding queries: %s" %
(self.outstanding_queries.keys(), ))
raise Exception(
"Combination of session id and requestURI I don't recall"
)
subjconf.append(subject_confirmation)
if not subjconf:
raise Exception("No valid subject confirmation")
subject.subject_confirmation = subjconf
# The subject must contain a name_id
assert subject.name_id
self.name_id = subject.name_id.text.strip()
return self.name_id
def test_valid_address():
assert valid_address("130.239.16.3")
assert valid_address("2001:8003:5555:9999:555a:5555:c77:d5c5")
assert valid_address("2001:8003:5555::555a:5555:c77:d5c5")
# See https://tools.ietf.org/html/rfc4038#section-5.1 regarding
# the inclusion of brackets in the ipv6 address below.
assert valid_address("[2001:8003:5555:9999:555a:5555:c77:d5c5]")
with raises(NotValid):
assert valid_address("127.0.0.256")
with raises(NotValid):
assert valid_address("127.0.0.")
with raises(NotValid):
assert valid_address("127.0.0")
with raises(NotValid):
assert valid_address("2001::5555:9999::5555:c77:d5c5]")
with raises(NotValid):
assert valid_address("2001:8003:5555:9999:555a:5555:c77:d5c5]")
with raises(NotValid):
assert valid_address("[2001:8003:5555:9999:555a:5555:c77:d5c5")
with raises(NotValid):
assert valid_address("[[2001:8003:5555:9999:555a:5555:c77:d5c5]")
