def entities_desc(service,
ename,
base,
cert_file=None,
validity="",
cache="",
social=None,
scopebase="social2saml.org"):
ed = []
if cert_file:
_cert = read_cert_from_file(cert_file, "pem")
key_descriptor = do_key_descriptor(_cert)
else:
key_descriptor = None
for name, desc in service.items():
if social is None or name in social:
scope = shibmd.Scope(text="%s.%s" % (name, scopebase))
loc = "%s/%s" % (base, desc["saml_endpoint"])
eid = "%s/%s" % (base, desc["entity_id"])
ed.append(entity_desc(loc, key_descriptor, eid, scope=scope))
return EntitiesDescriptor(
name=ename,
entity_descriptor=ed,
valid_until=in_a_while(hours=validity),
cache_duration=cache)
def get_cert():
try:
return sigver.read_cert_from_file(CONF.saml.certfile, "pem")
except (IOError, sigver.CertificateError) as e:
msg = _("Cannot open certificate %(cert_file)s. " "Reason: %(reason)s")
msg = msg % {"cert_file": CONF.saml.certfile, "reason": e}
LOG.error(msg)
raise IOError(msg)
def get_cert():
try:
return sigver.read_cert_from_file(CONF.saml.certfile, 'pem')
except (IOError, sigver.CertificateError) as e:
msg = _('Cannot open certificate %(cert_file)s. '
'Reason: %(reason)s')
msg = msg % {'cert_file': CONF.saml.certfile, 'reason': e}
LOG.error(msg)
raise IOError(msg)
def get_cert():
try:
return sigver.read_cert_from_file(CONF.saml.certfile, 'pem')
except (IOError, sigver.CertificateError) as e:
msg = _('Cannot open certificate %(cert_file)s. '
'Reason: %(reason)s')
msg = msg % {'cert_file': CONF.saml.certfile, 'reason': e}
LOG.error(msg)
raise IOError(msg)
def entities_desc(service, ename, base, cert_file=None, validity="", cache="",
social=None, scopebase="social2saml.org"):
ed = []
if cert_file:
_cert = read_cert_from_file(cert_file, "pem")
key_descriptor = do_key_descriptor(_cert)
else:
key_descriptor = None
for name, desc in service.items():
if social is None or name in social:
scope = shibmd.Scope(text="%s.%s" % (name, scopebase))
loc = "%s/%s" % (base, desc["saml_endpoint"])
eid = "%s/%s" % (base, desc["entity_id"])
ed.append(entity_desc(loc, key_descriptor, eid, scope=scope))
return EntitiesDescriptor(name=ename, entity_descriptor=ed,
valid_until = in_a_while(hours=validity),
cache_duration=cache)
from saml2.client import Saml2Client
from saml2.extension import pefim
from saml2.extension.pefim import SPCertEnc
from saml2.samlp import Extensions
from saml2.samlp import authn_request_from_string
from saml2.sigver import read_cert_from_file
from pathutils import full_path
__author__ = 'roland'
conf = config.SPConfig()
conf.load_file("server_conf")
client = Saml2Client(conf)
# place a certificate in an authn request
cert = read_cert_from_file(full_path("test.pem"), "pem")
spcertenc = SPCertEnc(
x509_data=ds.X509Data(
x509_certificate=ds.X509Certificate(text=cert)))
extensions = Extensions(
extension_elements=[element_to_extension_element(spcertenc)])
req_id, req = client.create_authn_request(
"http://www.example.com/sso",
"urn:mace:example.com:it:tek",
nameid_format=saml.NAMEID_FORMAT_PERSISTENT,
message_id="666",
extensions=extensions)
from saml2.client import Saml2Client
from saml2.extension import pefim
from saml2.extension.pefim import SPCertEnc
from saml2.samlp import Extensions
from saml2.samlp import authn_request_from_string
from saml2.sigver import read_cert_from_file
from pathutils import full_path
__author__ = 'roland'
conf = config.SPConfig()
conf.load_file("server_conf")
client = Saml2Client(conf)
# place a certificate in an authn request
cert = read_cert_from_file(full_path("test.pem"), "pem")
spcertenc = SPCertEnc(x509_data=ds.X509Data(
x509_certificate=ds.X509Certificate(text=cert)))
extensions = Extensions(
extension_elements=[element_to_extension_element(spcertenc)])
req_id, req = client.create_authn_request(
"http://www.example.com/sso",
"urn:mace:example.com:it:tek",
nameid_format=saml.NAMEID_FORMAT_PERSISTENT,
message_id="666",
extensions=extensions)
print req
def entity_descriptor(confd):
mycert = None
enc_cert = None
if confd.cert_file is not None:
mycert = []
mycert.append(read_cert_from_file(confd.cert_file))
if confd.additional_cert_files is not None:
for _cert_file in confd.additional_cert_files:
mycert.append(read_cert_from_file(_cert_file))
if confd.encryption_keypairs is not None:
enc_cert = []
for _encryption in confd.encryption_keypairs:
enc_cert.append(read_cert_from_file(_encryption["cert_file"]))
entd = md.EntityDescriptor()
entd.entity_id = confd.entityid
if confd.valid_for:
entd.valid_until = in_a_while(hours=int(confd.valid_for))
if confd.organization is not None:
entd.organization = do_organization_info(confd.organization)
if confd.contact_person is not None:
entd.contact_person = do_contact_persons_info(confd.contact_person)
if confd.assurance_certification:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.assurance_certification]
attr = Attribute(
attribute_value=ava,
name="urn:oasis:names:tc:SAML:attribute:assurance-certification",
)
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category]
attr = Attribute(attribute_value=ava,
name="http://macedir.org/entity-category")
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category_support:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category_support]
attr = Attribute(attribute_value=ava,
name="http://macedir.org/entity-category-support")
_add_attr_to_entity_attributes(entd.extensions, attr)
for item in algorithm_support_in_metadata(confd.xmlsec_binary):
if not entd.extensions:
entd.extensions = md.Extensions()
entd.extensions.add_extension_element(item)
conf_sp_type = confd.getattr('sp_type', 'sp')
conf_sp_type_in_md = confd.getattr('sp_type_in_metadata', 'sp')
if conf_sp_type and conf_sp_type_in_md is True:
if not entd.extensions:
entd.extensions = md.Extensions()
item = sp_type.SPType(text=conf_sp_type)
entd.extensions.add_extension_element(item)
serves = confd.serves
if not serves:
raise SAMLError(
'No service type ("sp","idp","aa") provided in the configuration')
if "sp" in serves:
confd.context = "sp"
entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert)
if "idp" in serves:
confd.context = "idp"
entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert)
if "aa" in serves:
confd.context = "aa"
entd.attribute_authority_descriptor = do_aa_descriptor(
confd, mycert, enc_cert)
if "pdp" in serves:
confd.context = "pdp"
entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert)
if "aq" in serves:
confd.context = "aq"
entd.authn_authority_descriptor = do_aq_descriptor(
confd, mycert, enc_cert)
return entd
from saml2 import saml
from saml2.client import Saml2Client
from saml2.extension import pefim
from saml2.extension.pefim import SPCertEnc
from saml2.samlp import Extensions
from saml2.samlp import authn_request_from_string
from saml2.sigver import read_cert_from_file
__author__ = 'roland'
conf = config.SPConfig()
conf.load_file("server_conf")
client = Saml2Client(conf)
# place a certificate in an authn request
cert = read_cert_from_file("test.pem", "pem")
spcertenc = SPCertEnc(
x509_data=ds.X509Data(
x509_certificate=ds.X509Certificate(text=cert)))
extensions = Extensions(
extension_elements=[element_to_extension_element(spcertenc)])
req_id, req = client.create_authn_request(
"http://www.example.com/sso",
"urn:mace:example.com:it:tek",
nameid_format=saml.NAMEID_FORMAT_PERSISTENT,
message_id="666",
extensions=extensions)
def test_der_certificate_loading():
assert read_cert_from_file(full_path("test_1.der"), "der") == \
read_cert_from_file(full_path("test_1.crt"))
def test_invalid_cert_raises_error():
with pytest.raises(CertificateError):
read_cert_from_file(full_path("malformed.crt"))
def test_cert_trailing_newlines_ignored():
assert read_cert_from_file(full_path("extra_lines.crt")) \
== read_cert_from_file(full_path("test_2.crt"))