def cie_contacts(metadata): """ """ for prefix, uri in settings.CIE_PREFIXES.items(): ElementTree.register_namespace(prefix, uri) contact_map = settings.CIE_CONTACTS metadata.contact_person = [] for contact in contact_map: cie_contact = saml2.md.ContactPerson() cie_contact.contact_type = contact["contact_type"] contact_kwargs = { "email_address": [contact["email_address"]], "telephone_number": [contact["telephone_number"]], } cie_extensions = saml2.ExtensionElement( "Extensions", namespace="urn:oasis:names:tc:SAML:2.0:metadata") if contact["contact_type"] == "administrative": cie_contact.loadd(contact_kwargs) contact_kwargs["contact_type"] = contact["contact_type"] for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=settings.CIE_PREFIXES["cie"], text=v) cie_extensions.children.append(ext) elif contact["contact_type"] == "technical": cie_contact.loadd(contact_kwargs) contact_kwargs["contact_type"] = contact["contact_type"] elements = {} for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=settings.CIE_PREFIXES["cie"], text=v) elements[k] = ext cie_contact.extensions = cie_extensions metadata.contact_person.append(cie_contact)
def test_extension_element_loadd(): ava = { 'attributes': {}, 'tag': 'ExternalEntityAttributeAuthority', 'namespace': 'urn:oasis:names:tc:SAML:metadata:dynamicsaml', 'children': [{ "tag": "AssertingEntity", "namespace": "urn:oasis:names:tc:SAML:metadata:dynamicsaml", "children": [{ "tag": "NameID", "namespace": "urn:oasis:names:tc:SAML:metadata:dynamicsaml", "text": "http://federationX.org", "attributes": { "Format": "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" }, }] }, { "tag": "RetrievalEndpoint", "namespace": "urn:oasis:names:tc:SAML:metadata" ":dynamicsaml", "text": "https://federationX.org/?ID=a87s76a5765da76576a57as", }], } ee = saml2.ExtensionElement(ava["tag"]).loadd(ava) print(ee.__dict__) assert len(ee.children) == 2 for child in ee.children: assert child.namespace == "urn:oasis:names:tc:SAML:metadata:dynamicsaml" assert _eq(["AssertingEntity", "RetrievalEndpoint"], [c.tag for c in ee.children]) aes = [c for c in ee.children if c.tag == "AssertingEntity"] assert len(aes) == 1 assert len(aes[0].children) == 1 assert _eq(aes[0].attributes.keys(), []) nid = aes[0].children[0] assert nid.tag == "NameID" assert nid.namespace == "urn:oasis:names:tc:SAML:metadata:dynamicsaml" assert len(nid.children) == 0 assert _eq(nid.attributes.keys(), ["Format"]) assert nid.text.strip() == "http://federationX.org"
def spid_contacts_29_v3(metadata): """ https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf """ saml2.md.SamlBase.register_prefix(settings.SPID_PREFIXES) contact_map = settings.SPID_CONTACTS metadata.contact_person = [] for contact in contact_map: spid_contact = saml2.md.ContactPerson() spid_contact.contact_type = contact["contact_type"] contact_kwargs = { "email_address": [contact["email_address"]], "telephone_number": [contact["telephone_number"]], } spid_extensions = saml2.ExtensionElement( "Extensions", namespace="urn:oasis:names:tc:SAML:2.0:metadata") if contact["contact_type"] == "other": spid_contact.loadd(contact_kwargs) contact_kwargs["contact_type"] = contact["contact_type"] for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=settings.SPID_PREFIXES["spid"], text=v) # Avviso SPID n. 19 v.4 per enti AGGREGATORI il tag ContactPerson deve avere l’attributo spid:entityType valorizzato come spid:aggregator if k == "PublicServicesFullOperator": spid_contact.extension_attributes = { "spid:entityType": "spid:aggregator" } spid_extensions.children.append(ext) elif contact["contact_type"] == "billing": contact_kwargs["company"] = contact["company"] spid_contact.loadd(contact_kwargs) elements = {} for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=settings.SPID_PREFIXES["fpa"], text=v) elements[k] = ext # DatiAnagrafici IdFiscaleIVA = saml2.ExtensionElement( "IdFiscaleIVA", namespace=settings.SPID_PREFIXES["fpa"], ) Anagrafica = saml2.ExtensionElement( "Anagrafica", namespace=settings.SPID_PREFIXES["fpa"], ) Anagrafica.children.append(elements["Denominazione"]) IdFiscaleIVA.children.append(elements["IdPaese"]) IdFiscaleIVA.children.append(elements["IdCodice"]) DatiAnagrafici = saml2.ExtensionElement( "DatiAnagrafici", namespace=settings.SPID_PREFIXES["fpa"], ) if elements.get("CodiceFiscale"): DatiAnagrafici.children.append(elements["CodiceFiscale"]) DatiAnagrafici.children.append(IdFiscaleIVA) DatiAnagrafici.children.append(Anagrafica) CessionarioCommittente = saml2.ExtensionElement( "CessionarioCommittente", namespace=settings.SPID_PREFIXES["fpa"], ) CessionarioCommittente.children.append(DatiAnagrafici) # Sede Sede = saml2.ExtensionElement( "Sede", namespace=settings.SPID_PREFIXES["fpa"], ) Sede.children.append(elements["Indirizzo"]) Sede.children.append(elements["NumeroCivico"]) Sede.children.append(elements["CAP"]) Sede.children.append(elements["Comune"]) Sede.children.append(elements["Provincia"]) Sede.children.append(elements["Nazione"]) CessionarioCommittente.children.append(Sede) spid_extensions.children.append(CessionarioCommittente) spid_contact.extensions = spid_extensions metadata.contact_person.append(spid_contact)
def _metadata_contact_person(self, metadata, conf): ############## # avviso 29 v3 # # https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf # Avviso 29v3 SPID_PREFIXES = dict( spid = "https://spid.gov.it/saml-extensions", fpa = "https://spid.gov.it/invoicing-extensions" ) saml2.md.SamlBase.register_prefix(SPID_PREFIXES) metadata.contact_person = [] contact_map = conf.contact_person metadata.contact_person = [] for contact in contact_map: spid_contact = saml2.md.ContactPerson() spid_contact.contact_type = contact['contact_type'] contact_kwargs = { 'email_address' : [contact['email_address']], 'telephone_number' : [contact['telephone_number']] } spid_extensions = saml2.ExtensionElement( 'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata' ) if contact['contact_type'] == 'other': spid_contact.loadd(contact_kwargs) contact_kwargs['contact_type'] = contact['contact_type'] for k,v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=SPID_PREFIXES['spid'], text=v ) # Avviso SPID n. 19 v.4 per enti AGGREGATORI il tag ContactPerson deve avere l’attributo spid:entityType valorizzato come spid:aggregator if k == "PublicServicesFullOperator": spid_contact.extension_attributes= {"spid:entityType": "spid:aggregator"} spid_extensions.children.append(ext) spid_contact.extensions = spid_extensions elif contact['contact_type'] == 'billing': contact_kwargs['company'] = contact['company'] spid_contact.loadd(contact_kwargs) elements = {} for k,v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=SPID_PREFIXES['fpa'], text=v ) elements[k] = ext # DatiAnagrafici IdFiscaleIVA = saml2.ExtensionElement( 'IdFiscaleIVA', namespace=SPID_PREFIXES['fpa'], ) Anagrafica = saml2.ExtensionElement( 'Anagrafica', namespace=SPID_PREFIXES['fpa'], ) Anagrafica.children.append(elements['Denominazione']) IdFiscaleIVA.children.append(elements['IdPaese']) IdFiscaleIVA.children.append(elements['IdCodice']) DatiAnagrafici = saml2.ExtensionElement( 'DatiAnagrafici', namespace=SPID_PREFIXES['fpa'], ) if elements.get('CodiceFiscale'): DatiAnagrafici.children.append(elements['CodiceFiscale']) DatiAnagrafici.children.append(IdFiscaleIVA) DatiAnagrafici.children.append(Anagrafica) CessionarioCommittente = saml2.ExtensionElement( 'CessionarioCommittente', namespace=SPID_PREFIXES['fpa'], ) CessionarioCommittente.children.append(DatiAnagrafici) # Sede Sede = saml2.ExtensionElement( 'Sede', namespace=SPID_PREFIXES['fpa'], ) Sede.children.append(elements['Indirizzo']) Sede.children.append(elements['NumeroCivico']) Sede.children.append(elements['CAP']) Sede.children.append(elements['Comune']) Sede.children.append(elements['Provincia']) Sede.children.append(elements['Nazione']) CessionarioCommittente.children.append(Sede) spid_extensions.children.append(CessionarioCommittente) spid_contact.extensions = spid_extensions metadata.contact_person.append(spid_contact)
def spid_sp_metadata(conf): metadata = entity_descriptor(conf) # this will renumber acs starting from 0 and set index=0 as is_default cnt = 0 for attribute_consuming_service in metadata.spsso_descriptor.attribute_consuming_service: attribute_consuming_service.index = str(cnt) cnt += 1 cnt = 0 for assertion_consumer_service in metadata.spsso_descriptor.assertion_consumer_service: assertion_consumer_service.is_default = 'true' if not cnt else '' assertion_consumer_service.index = str(cnt) cnt += 1 # nameformat patch... non proprio standard for reqattr in metadata.spsso_descriptor.attribute_consuming_service[ 0].requested_attribute: reqattr.name_format = None #"urn:oasis:names:tc:SAML:2.0:attrname-format:basic" # reqattr.is_required = None reqattr.friendly_name = None # remove unecessary encryption and digest algs # supported_algs = ['http://www.w3.org/2009/xmldsig11#dsa-sha256', # 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'] # new_list = [] # for alg in metadata.extensions.extension_elements: # if alg.attributes.get('Algorithm') in supported_algs: # new_list.append(alg) # metadata.extensions.extension_elements = new_list # ... Piuttosto non devo specificare gli algoritmi di firma/criptazione... metadata.extensions = None # attribute consuming service service name patch service_name = metadata.spsso_descriptor.attribute_consuming_service[ 0].service_name[0] service_name.lang = 'it' service_name.text = conf._sp_name ############## # avviso 29 v3 # # https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf saml2.md.SamlBase.register_prefix(settings.SPID_PREFIXES) contact_map = settings.SPID_CONTACTS cnt = 0 metadata.contact_person = [] for contact in contact_map: spid_contact = saml2.md.ContactPerson() spid_contact.contact_type = contact['contact_type'] contact_kwargs = { 'email_address': [contact['email_address']], 'telephone_number': [contact['telephone_number']] } if contact['contact_type'] == 'other': spid_contact.loadd(contact_kwargs) contact_kwargs['contact_type'] = contact['contact_type'] spid_extensions = saml2.ExtensionElement( 'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata') for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=settings.SPID_PREFIXES['spid'], text=v) spid_extensions.children.append(ext) elif contact['contact_type'] == 'billing': contact_kwargs['company'] = contact['company'] spid_contact.loadd(contact_kwargs) spid_extensions = saml2.ExtensionElement( 'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata') elements = {} for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=settings.SPID_PREFIXES['fpa'], text=v) elements[k] = ext # DatiAnagrafici IdFiscaleIVA = saml2.ExtensionElement( 'IdFiscaleIVA', namespace=settings.SPID_PREFIXES['fpa'], ) Anagrafica = saml2.ExtensionElement( 'Anagrafica', namespace=settings.SPID_PREFIXES['fpa'], ) Anagrafica.children.append(elements['Denominazione']) IdFiscaleIVA.children.append(elements['IdPaese']) IdFiscaleIVA.children.append(elements['IdCodice']) DatiAnagrafici = saml2.ExtensionElement( 'DatiAnagrafici', namespace=settings.SPID_PREFIXES['fpa'], ) if elements.get('CodiceFiscale'): DatiAnagrafici.children.append(elements['CodiceFiscale']) DatiAnagrafici.children.append(IdFiscaleIVA) DatiAnagrafici.children.append(Anagrafica) CessionarioCommittente = saml2.ExtensionElement( 'CessionarioCommittente', namespace=settings.SPID_PREFIXES['fpa'], ) CessionarioCommittente.children.append(DatiAnagrafici) # Sede Sede = saml2.ExtensionElement( 'Sede', namespace=settings.SPID_PREFIXES['fpa'], ) Sede.children.append(elements['Indirizzo']) Sede.children.append(elements['NumeroCivico']) Sede.children.append(elements['CAP']) Sede.children.append(elements['Comune']) Sede.children.append(elements['Provincia']) Sede.children.append(elements['Nazione']) CessionarioCommittente.children.append(Sede) spid_extensions.children.append(CessionarioCommittente) spid_contact.extensions = spid_extensions metadata.contact_person.append(spid_contact) cnt += 1 # # fine avviso 29v3 ################### # metadata signature secc = security_context(conf) sign_dig_algs = dict(sign_alg=conf._sp_signing_algorithm, digest_alg=conf._sp_digest_algorithm) eid, xmldoc = sign_entity_descriptor(metadata, None, secc, **sign_dig_algs) return xmldoc
def _metadata_endpoint(self, context): """ Endpoint for retrieving the backend metadata :type context: satosa.context.Context :rtype: satosa.response.Response :param context: The current context :return: response with metadata """ logger.debug("Sending metadata response") conf = self.sp.config metadata = entity_descriptor(conf) # creare gli attribute_consuming_service cnt = 0 for attribute_consuming_service in metadata.spsso_descriptor.attribute_consuming_service: attribute_consuming_service.index = str(cnt) cnt += 1 cnt = 0 for assertion_consumer_service in metadata.spsso_descriptor.assertion_consumer_service: assertion_consumer_service.is_default = 'true' if not cnt else '' assertion_consumer_service.index = str(cnt) cnt += 1 # nameformat patch... tutto questo non rispecchia gli standard OASIS for reqattr in metadata.spsso_descriptor.attribute_consuming_service[ 0].requested_attribute: reqattr.name_format = None reqattr.friendly_name = None # attribute consuming service service name patch service_name = metadata.spsso_descriptor.attribute_consuming_service[ 0].service_name[0] service_name.lang = 'it' service_name.text = metadata.entity_id # remove extension disco and uuinfo (spid-testenv2) #metadata.spsso_descriptor.extensions = [] ############## # avviso 29 v3 # # https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf # Avviso 29v3 SPID_PREFIXES = dict(spid="https://spid.gov.it/saml-extensions", fpa="https://spid.gov.it/invoicing-extensions") saml2.md.SamlBase.register_prefix(SPID_PREFIXES) metadata.contact_person = [] contact_map = conf.contact_person cnt = 0 metadata.contact_person = [] for contact in contact_map: spid_contact = saml2.md.ContactPerson() spid_contact.contact_type = contact['contact_type'] contact_kwargs = { 'email_address': [contact['email_address']], 'telephone_number': [contact['telephone_number']] } if contact['contact_type'] == 'other': spid_contact.loadd(contact_kwargs) contact_kwargs['contact_type'] = contact['contact_type'] spid_extensions = saml2.ExtensionElement( 'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata') for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=SPID_PREFIXES['spid'], text=v) spid_extensions.children.append(ext) elif contact['contact_type'] == 'billing': contact_kwargs['company'] = contact['company'] spid_contact.loadd(contact_kwargs) spid_extensions = saml2.ExtensionElement( 'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata') elements = {} for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=SPID_PREFIXES['fpa'], text=v) elements[k] = ext # DatiAnagrafici IdFiscaleIVA = saml2.ExtensionElement( 'IdFiscaleIVA', namespace=SPID_PREFIXES['fpa'], ) Anagrafica = saml2.ExtensionElement( 'Anagrafica', namespace=SPID_PREFIXES['fpa'], ) Anagrafica.children.append(elements['Denominazione']) IdFiscaleIVA.children.append(elements['IdPaese']) IdFiscaleIVA.children.append(elements['IdCodice']) DatiAnagrafici = saml2.ExtensionElement( 'DatiAnagrafici', namespace=SPID_PREFIXES['fpa'], ) if elements.get('CodiceFiscale'): DatiAnagrafici.children.append(elements['CodiceFiscale']) DatiAnagrafici.children.append(IdFiscaleIVA) DatiAnagrafici.children.append(Anagrafica) CessionarioCommittente = saml2.ExtensionElement( 'CessionarioCommittente', namespace=SPID_PREFIXES['fpa'], ) CessionarioCommittente.children.append(DatiAnagrafici) # Sede Sede = saml2.ExtensionElement( 'Sede', namespace=SPID_PREFIXES['fpa'], ) Sede.children.append(elements['Indirizzo']) Sede.children.append(elements['NumeroCivico']) Sede.children.append(elements['CAP']) Sede.children.append(elements['Comune']) Sede.children.append(elements['Provincia']) Sede.children.append(elements['Nazione']) CessionarioCommittente.children.append(Sede) spid_extensions.children.append(CessionarioCommittente) spid_contact.extensions = spid_extensions metadata.contact_person.append(spid_contact) cnt += 1 # # fine avviso 29v3 ################### # metadata signature secc = security_context(conf) # sign_dig_algs = self.get_kwargs_sign_dig_algs() eid, xmldoc = sign_entity_descriptor(metadata, None, secc, **sign_dig_algs) valid_instance(eid) return Response(text_type(xmldoc).encode('utf-8'), content="text/xml; charset=utf8")