def do_authz_decision_query(self, entityid, assertion=None, log=None, sign=False): authz_decision_query = self.authz_decision_query(entityid, assertion) for destination in self.config.authz_services(entityid): to_sign = [] if sign: authz_decision_query.signature = pre_signature_part(authz_decision_query.id, self.sec.my_cert, 1) to_sign.append((class_name(authz_decision_query), authz_decision_query.id)) authz_decision_query = signed_instance_factory(authz_decision_query, self.sec, to_sign) response = send_using_soap( authz_decision_query, destination, self.config.key_file, self.config.cert_file, log=log, ca_certs=self.config.ca_certs, ) if response: if log: log.info("Verifying response") response = self.authz_decision_query_response(response, log) if response: # not_done.remove(entity_id) if log: log.info("OK response from %s" % destination) return response else: if log: log.info("NOT OK response from %s" % destination) return None
def use_soap(self, destination, query_type, **kwargs): _create_func = getattr(self, "create_%s" % query_type) _response_func = getattr(self, "%s_response" % query_type) try: response_args = kwargs["response_args"] del kwargs["response_args"] except KeyError: response_args = None query = _create_func(destination, **kwargs) response = send_using_soap( query, destination, self.config.key_file, self.config.cert_file, ca_certs=self.config.ca_certs ) if response: logger.info("Verifying response") if response_args: response = _response_func(response, **response_args) else: response = _response_func(response) if response: # not_done.remove(entity_id) logger.info("OK response from %s" % destination) return response else: logger.info("NOT OK response from %s" % destination) return None
def do_authz_decision_query(self, entityid, assertion=None, sign=False): authz_decision_query = self.authz_decision_query(entityid, assertion) for destination in self.config.authz_services(entityid): to_sign = [] if sign: authz_decision_query.signature = pre_signature_part( authz_decision_query.id, self.sec.my_cert, 1) to_sign.append((class_name(authz_decision_query), authz_decision_query.id)) authz_decision_query = signed_instance_factory( authz_decision_query, self.sec, to_sign) response = send_using_soap(authz_decision_query, destination, self.config.key_file, self.config.cert_file, ca_certs=self.config.ca_certs) if response: logger.info("Verifying response") response = self.authz_decision_query_response(response) if response: #not_done.remove(entity_id) logger.info("OK response from %s" % destination) return response else: logger.info("NOT OK response from %s" % destination) return None
def _logout(self, subject_id, entity_ids, reason, expire, sign=None, log=None, return_to="/"): # check time if not not_on_or_after(expire): # I've run out of time # Do the local logout anyway self.local_logout(subject_id) return 0, "504 Gateway Timeout", [], [] # for all where I can use the SOAP binding, do those first not_done = entity_ids[:] response = False if log is None: log = self.logger for entity_id in entity_ids: response = False for binding in [BINDING_SOAP, BINDING_HTTP_POST, BINDING_HTTP_REDIRECT]: destinations = self.config.single_logout_services(entity_id, binding) if not destinations: continue destination = destinations[0] if log: log.info("destination to provider: %s" % destination) request = self.construct_logout_request(subject_id, destination, entity_id, reason, expire) to_sign = [] # if sign and binding != BINDING_HTTP_REDIRECT: if sign is None: sign = self.logout_requests_signed_default if sign: request.signature = pre_signature_part(request.id, self.sec.my_cert, 1) to_sign = [(class_name(request), request.id)] if log: log.info("REQUEST: %s" % request) request = signed_instance_factory(request, self.sec, to_sign) if binding == BINDING_SOAP: response = send_using_soap( request, destination, self.config.key_file, self.config.cert_file, log=log, ca_certs=self.config.ca_certs, ) if response: if log: log.info("Verifying response") response = self.logout_response(response, log) if response: not_done.remove(entity_id) if log: log.info("OK response from %s" % destination) else: if log: log.info("NOT OK response from %s" % destination) else: session_id = request.id rstate = self._relay_state(session_id) self.state[session_id] = { "entity_id": entity_id, "operation": "SLO", "entity_ids": entity_ids, "subject_id": subject_id, "reason": reason, "not_on_of_after": expire, "sign": sign, "return_to": return_to, } if binding == BINDING_HTTP_POST: (head, body) = http_post_message(request, destination, rstate) code = "200 OK" else: (head, body) = http_redirect_message(request, destination, rstate) code = "302 Found" return session_id, code, head, body if not_done: # upstream should try later raise LogoutError("%s" % (entity_ids,)) return 0, "", [], response
def _logout(self, subject_id, entity_ids, reason, expire, sign=None, return_to="/"): # check time if not not_on_or_after(expire): # I've run out of time # Do the local logout anyway self.local_logout(subject_id) return 0, "504 Gateway Timeout", [], [] # for all where I can use the SOAP binding, do those first not_done = entity_ids[:] response = False for entity_id in entity_ids: response = False for binding in [ BINDING_SOAP, BINDING_HTTP_POST, BINDING_HTTP_REDIRECT ]: destinations = self.config.single_logout_services( entity_id, binding) if not destinations: continue destination = destinations[0] logger.info("destination to provider: %s" % destination) request = self.construct_logout_request( subject_id, destination, entity_id, reason, expire) to_sign = [] #if sign and binding != BINDING_HTTP_REDIRECT: if sign is None: sign = self.logout_requests_signed_default if sign: request.signature = pre_signature_part( request.id, self.sec.my_cert, 1) to_sign = [(class_name(request), request.id)] logger.info("REQUEST: %s" % request) request = signed_instance_factory(request, self.sec, to_sign) if binding == BINDING_SOAP: response = send_using_soap(request, destination, self.config.key_file, self.config.cert_file, ca_certs=self.config.ca_certs) if response: logger.info("Verifying response") response = self.logout_response(response) if response: not_done.remove(entity_id) logger.info("OK response from %s" % destination) else: logger.info("NOT OK response from %s" % destination) else: session_id = request.id rstate = self._relay_state(session_id) self.state[session_id] = { "entity_id": entity_id, "operation": "SLO", "entity_ids": entity_ids, "subject_id": subject_id, "reason": reason, "not_on_of_after": expire, "sign": sign, "return_to": return_to } if binding == BINDING_HTTP_POST: (head, body) = http_post_message(request, destination, rstate) code = "200 OK" else: (head, body) = http_redirect_message(request, destination, rstate) code = "302 Found" return session_id, code, head, body if not_done: # upstream should try later raise LogoutError("%s" % (entity_ids, )) return 0, "", [], response