def _bearer_confirmed(self, data): if not data: return False if data.address: if not valid_address(data.address): return False # verify that I got it from the correct sender # These two will raise exception if untrue validate_on_or_after(data.not_on_or_after, self.timeslack) validate_before(data.not_before, self.timeslack) # not_before must be < not_on_or_after if not later_than(data.not_on_or_after, data.not_before): return False if self.asynchop and self.came_from is None: if data.in_response_to: if data.in_response_to in self.outstanding_queries: self.came_from = self.outstanding_queries[data.in_response_to] # del self.outstanding_queries[data.in_response_to] elif self.allow_unsolicited: pass else: # This is where I don't allow unsolicited reponses # Either in_response_to == None or has a value I don't # recognize logger.debug("in response to: '%s'", data.in_response_to) logger.info("outstanding queries: %s", self.outstanding_queries.keys()) raise Exception("Combination of session id and requestURI I don't " "recall") return True
def _bearer_confirmed(self, data): if not data: return False if data.address: if not valid_address(data.address): return False # These two will raise exception if untrue validate_on_or_after(data.not_on_or_after, self.timeslack) validate_before(data.not_before, self.timeslack) # not_before must be < not_on_or_after if not later_than(data.not_on_or_after, data.not_before): return False if self.asynchop and not self.came_from: if data.in_response_to: if data.in_response_to in self.outstanding_queries: self.came_from = self.outstanding_queries[ data.in_response_to] del self.outstanding_queries[data.in_response_to] elif self.allow_unsolicited: pass else: # This is where I don't allow unsolicited reponses # Either in_response_to == None or has a value I don't # recognize logger.debug("in response to: '%s'" % data.in_response_to) logger.info("outstanding queries: %s" % (self.outstanding_queries.keys(), )) raise Exception( "Combination of session id and requestURI I don't recall" ) return True
def condition_ok(self, lax=False): # The Identity Provider MUST include a <saml:Conditions> element #print "Conditions",assertion.conditions if self.test: lax = True assert self.assertion.conditions condition = self.assertion.conditions logger.debug("condition: %s" % condition) # if no sub-elements or elements are supplied, then the # assertion is considered to be valid. if not condition.keyswv(): return True # if both are present NotBefore must be earlier than NotOnOrAfter if condition.not_before and condition.not_on_or_after: if not later_than(condition.not_on_or_after, condition.not_before): return False try: if condition.not_on_or_after: self.not_on_or_after = validate_on_or_after( condition.not_on_or_after, self.timeslack) if condition.not_before: validate_before(condition.not_before, self.timeslack) except Exception, excp: logger.error("Exception on condition: %s" % (excp,)) if not lax: raise else: self.not_on_or_after = 0
def condition_ok(self, lax=False): # The Identity Provider MUST include a <saml:Conditions> element #print "Conditions",assertion.conditions if self.test: lax = True assert self.assertion.conditions condition = self.assertion.conditions logger.debug("condition: %s" % condition) # if no sub-elements or elements are supplied, then the # assertion is considered to be valid. if not condition.keyswv(): return True # if both are present NotBefore must be earlier than NotOnOrAfter if condition.not_before and condition.not_on_or_after: if not later_than(condition.not_on_or_after, condition.not_before): return False try: if condition.not_on_or_after: self.not_on_or_after = validate_on_or_after( condition.not_on_or_after, self.timeslack) if condition.not_before: validate_before(condition.not_before, self.timeslack) except Exception, excp: logger.error("Exception on condition: %s" % (excp, )) if not lax: raise else: self.not_on_or_after = 0
def get_subject(self): """ The assertion must contain a Subject """ assert self.assertion.subject subject = self.assertion.subject subjconf = [] for subject_confirmation in subject.subject_confirmation: data = subject_confirmation.subject_confirmation_data if not data: # I don't know where this belongs so I ignore it continue if data.address: if not valid_address(data.address): # ignore this subject_confirmation continue # These two will raise exception if untrue validate_on_or_after(data.not_on_or_after, self.timeslack) validate_before(data.not_before, self.timeslack) # not_before must be < not_on_or_after if not time_util.later_than(data.not_on_or_after, data.not_before): continue if self.asynchop and not self.came_from: if data.in_response_to in self.outstanding_queries: self.came_from = self.outstanding_queries[ data.in_response_to] del self.outstanding_queries[data.in_response_to] elif self.allow_unsolicited: pass else: # This is where I don't allow unsolicited reponses # Either in_response_to == None or has a value I don't # recognize if self.debug and self.log: self.log.info( "in response to: '%s'" % data.in_response_to) self.log.info("outstanding queries: %s" % \ self.outstanding_queries.keys()) raise Exception( "Combination of session id and requestURI I don't recall") subjconf.append(subject_confirmation) if not subjconf: raise Exception("No valid subject confirmation") subject.subject_confirmation = subjconf # The subject must contain a name_id assert subject.name_id self.name_id = subject.name_id.text.strip() return self.name_id
def get_subject(self): """ The assertion must contain a Subject """ assert self.assertion.subject subject = self.assertion.subject subjconf = [] for subject_confirmation in subject.subject_confirmation: data = subject_confirmation.subject_confirmation_data if not data: # I don't know where this belongs so I ignore it continue if data.address: if not valid_address(data.address): # ignore this subject_confirmation continue # These two will raise exception if untrue validate_on_or_after(data.not_on_or_after, self.timeslack) validate_before(data.not_before, self.timeslack) # not_before must be < not_on_or_after if not time_util.later_than(data.not_on_or_after, data.not_before): continue if self.asynchop and not self.came_from: if data.in_response_to in self.outstanding_queries: self.came_from = self.outstanding_queries[ data.in_response_to] del self.outstanding_queries[data.in_response_to] elif self.allow_unsolicited: pass else: # This is where I don't allow unsolicited reponses # Either in_response_to == None or has a value I don't # recognize logger.debug("in response to: '%s'" % data.in_response_to) logger.info("outstanding queries: %s" % (self.outstanding_queries.keys(), )) raise Exception( "Combination of session id and requestURI I don't recall" ) subjconf.append(subject_confirmation) if not subjconf: raise Exception("No valid subject confirmation") subject.subject_confirmation = subjconf # The subject must contain a name_id assert subject.name_id self.name_id = subject.name_id.text.strip() return self.name_id
def condition_ok(self, lax=False): if not self.assertion.conditions: # Conditions is Optional for Assertion, so, if it's absent, then we # assume that its valid return True if self.test: lax = True conditions = self.assertion.conditions logger.debug("conditions: %s", conditions) # if no sub-elements or elements are supplied, then the # assertion is considered to be valid. if not conditions.keyswv(): return True # if both are present NotBefore must be earlier than NotOnOrAfter if conditions.not_before and conditions.not_on_or_after: if not later_than(conditions.not_on_or_after, conditions.not_before): return False try: if conditions.not_on_or_after: self.not_on_or_after = validate_on_or_after( conditions.not_on_or_after, self.timeslack) if conditions.not_before: validate_before(conditions.not_before, self.timeslack) except Exception as excp: logger.error("Exception on conditions: %s", excp) if not lax: raise else: self.not_on_or_after = 0 if not self.allow_unsolicited: if not for_me(conditions, self.entity_id): if not lax: raise Exception("Not for me!!!") if conditions.condition: # extra conditions for cond in conditions.condition: try: if cond.extension_attributes[ XSI_TYPE] in self.extension_schema: pass else: raise Exception("Unknown condition") except KeyError: raise Exception("Missing xsi:type specification") return True
def condition_ok(self, lax=False): if self.test: lax = True # The Identity Provider MUST include a <saml:Conditions> element assert self.assertion.conditions conditions = self.assertion.conditions logger.debug("conditions: %s" % conditions) # if no sub-elements or elements are supplied, then the # assertion is considered to be valid. if not conditions.keyswv(): return True # if both are present NotBefore must be earlier than NotOnOrAfter if conditions.not_before and conditions.not_on_or_after: if not later_than(conditions.not_on_or_after, conditions.not_before): return False try: if conditions.not_on_or_after: self.not_on_or_after = validate_on_or_after( conditions.not_on_or_after, self.timeslack) if conditions.not_before: validate_before(conditions.not_before, self.timeslack) except Exception as excp: logger.error("Exception on conditions: %s" % (excp, )) if not lax: raise else: self.not_on_or_after = 0 if not for_me(conditions, self.entity_id): if not lax: raise Exception("Not for me!!!") if conditions.condition: # extra conditions for cond in conditions.condition: try: if cond.extension_attributes[ XSI_TYPE] in self.extension_schema: pass else: raise Exception("Unknown condition") except KeyError: raise Exception("Missing xsi:type specification") return True
def condition_ok(self, lax=False): if self.test: lax = True # The Identity Provider MUST include a <saml:Conditions> element assert self.assertion.conditions conditions = self.assertion.conditions logger.debug("conditions: %s" % conditions) # if no sub-elements or elements are supplied, then the # assertion is considered to be valid. if not conditions.keyswv(): return True # if both are present NotBefore must be earlier than NotOnOrAfter if conditions.not_before and conditions.not_on_or_after: if not later_than(conditions.not_on_or_after, conditions.not_before): return False try: if conditions.not_on_or_after: self.not_on_or_after = validate_on_or_after(conditions.not_on_or_after, self.timeslack) if conditions.not_before: validate_before(conditions.not_before, self.timeslack) except Exception as excp: logger.error("Exception on conditions: %s" % (excp,)) if not lax: raise else: self.not_on_or_after = 0 if not for_me(conditions, self.entity_id): if not lax: raise Exception("Not for me!!!") if conditions.condition: # extra conditions for cond in conditions.condition: try: if cond.extension_attributes[XSI_TYPE] in self.extension_schema: pass else: raise Exception("Unknown condition") except KeyError: raise Exception("Missing xsi:type specification") return True
def condition_ok(self, lax=False): # The Identity Provider MUST include a <saml:Conditions> element #print "Conditions",assertion.conditions if self.test: lax = True assert self.assertion.conditions condition = self.assertion.conditions logger.debug("condition: %s" % condition) try: self.not_on_or_after = validate_on_or_after( condition.not_on_or_after, self.timeslack) validate_before(condition.not_before, self.timeslack) except Exception, excp: logger.error("Exception on condition: %s" % (excp, )) if not lax: raise else: self.not_on_or_after = 0
def condition_ok(self, lax=False): # The Identity Provider MUST include a <saml:Conditions> element #print "Conditions",assertion.conditions if self.test: lax = True assert self.assertion.conditions condition = self.assertion.conditions logger.debug("condition: %s" % condition) try: self.not_on_or_after = validate_on_or_after( condition.not_on_or_after, self.timeslack) validate_before(condition.not_before, self.timeslack) except Exception, excp: logger.error("Exception on condition: %s" % (excp,)) if not lax: raise else: self.not_on_or_after = 0