def sign_response(self, response):
response = '%s' % response
# Sign assertion in the response
xmlsec = CryptoBackendXmlSec1(
os.environ.get('SAML2_XMLSEC', '/usr/bin/xmlsec1'))
seccont = SecurityContext(xmlsec,
key_file=os.path.join(
path, 'data', 'test.key'))
signed_response = seccont.sign_statement(
response, 'urn:oasis:names:tc:SAML:2.0:protocol:Response')
return signed_response
parser.add_argument('-c', dest='cert')
parser.add_argument('-a', dest='attrsmap')
parser.add_argument('-o', dest='output')
parser.add_argument('-x', dest='xmlsec')
parser.add_argument(dest="item")
args = parser.parse_args()
metad = None
if args.type == "local":
metad = MetaDataFile(list(ONTS.values()), args.item, args.item)
elif args.type == "external":
ATTRCONV = ac_factory(args.attrsmap)
httpc = HTTPBase()
crypto = _get_xmlsec_cryptobackend(args.xmlsec)
sc = SecurityContext(crypto)
metad = MetaDataExtern(list(ONTS.values()),
ATTRCONV,
args.url,
sc,
cert=args.cert,
http=httpc)
if metad:
try:
metad.load()
except:
raise
else:
print("OK")
if line[0] == "#":
continue
spec = line.split(" ")
if args.ignore_valid:
kwargs = {"check_validity": False}
else:
kwargs = {}
if spec[0] == "local":
metad = MetaDataFile(ONTS.values(), spec[1], spec[1], **kwargs)
elif spec[0] == "remote":
ATTRCONV = ac_factory(args.attrsmap)
httpc = HTTPBase()
crypto = _get_xmlsec_cryptobackend(args.xmlsec)
sc = SecurityContext(crypto, key_type="", cert_type="")
metad = MetaDataExtern(ONTS.values(),
ATTRCONV,
spec[1],
sc,
cert=spec[2],
http=httpc,
**kwargs)
if metad:
try:
metad.load()
except:
raise
output.entity_descriptor.extend(metad.entities_descr.entity_descriptor)
valid_for = int(args.valid) * 24
if args.xmlsec:
xmlsec = args.xmlsec
else:
xmlsec = get_xmlsec_binary(paths)
eds = []
for filespec in args.config:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
eds.append(entity_descriptor(cnf))
secc = SecurityContext(xmlsec, args.keyfile, cert_file=args.cert)
if args.id:
desc = entities_descriptor(eds, valid_for, args.name, args.id, args.sign,
secc)
valid_instance(desc)
print desc.to_string(nspair)
else:
for eid in eds:
if args.sign:
desc = sign_entity_descriptor(eid, id, secc)
else:
desc = eid
valid_instance(desc)
print desc.to_string(nspair)
return 2
if not xmlsec:
xmlsec = get_xmlsec_binary(path)
eds = []
for filespec in args:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
eds.append(entity_descriptor(cnf, valid_for))
secc = SecurityContext(xmlsec, keyfile, cert_file=pubkeyfile)
if entitiesid:
desc = entities_descriptor(eds, valid_for, name, id, sign, secc)
valid_instance(desc)
print desc.to_string(nspair)
else:
for eid in eds:
if sign:
desc = sign_entity_descriptor(eid, valid_for, id, secc)
else:
desc = eid
valid_instance(desc)
print desc.to_string(nspair)
if __name__ == "__main__":
import sys