def cie_contacts(metadata):
"""
"""
for prefix, uri in settings.CIE_PREFIXES.items():
ElementTree.register_namespace(prefix, uri)
contact_map = settings.CIE_CONTACTS
metadata.contact_person = []
for contact in contact_map:
cie_contact = saml2.md.ContactPerson()
cie_contact.contact_type = contact["contact_type"]
contact_kwargs = {
"email_address": [contact["email_address"]],
"telephone_number": [contact["telephone_number"]],
}
cie_extensions = saml2.ExtensionElement(
"Extensions", namespace="urn:oasis:names:tc:SAML:2.0:metadata")
if contact["contact_type"] == "administrative":
cie_contact.loadd(contact_kwargs)
contact_kwargs["contact_type"] = contact["contact_type"]
for k, v in contact.items():
if k in contact_kwargs:
continue
ext = saml2.ExtensionElement(
k, namespace=settings.CIE_PREFIXES["cie"], text=v)
cie_extensions.children.append(ext)
elif contact["contact_type"] == "technical":
cie_contact.loadd(contact_kwargs)
contact_kwargs["contact_type"] = contact["contact_type"]
elements = {}
for k, v in contact.items():
if k in contact_kwargs:
continue
ext = saml2.ExtensionElement(
k, namespace=settings.CIE_PREFIXES["cie"], text=v)
elements[k] = ext
cie_contact.extensions = cie_extensions
metadata.contact_person.append(cie_contact)
def test_extension_element_loadd():
ava = {
'attributes': {},
'tag':
'ExternalEntityAttributeAuthority',
'namespace':
'urn:oasis:names:tc:SAML:metadata:dynamicsaml',
'children': [{
"tag":
"AssertingEntity",
"namespace":
"urn:oasis:names:tc:SAML:metadata:dynamicsaml",
"children": [{
"tag": "NameID",
"namespace": "urn:oasis:names:tc:SAML:metadata:dynamicsaml",
"text": "http://federationX.org",
"attributes": {
"Format":
"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
},
}]
}, {
"tag":
"RetrievalEndpoint",
"namespace":
"urn:oasis:names:tc:SAML:metadata"
":dynamicsaml",
"text":
"https://federationX.org/?ID=a87s76a5765da76576a57as",
}],
}
ee = saml2.ExtensionElement(ava["tag"]).loadd(ava)
print(ee.__dict__)
assert len(ee.children) == 2
for child in ee.children:
assert child.namespace == "urn:oasis:names:tc:SAML:metadata:dynamicsaml"
assert _eq(["AssertingEntity", "RetrievalEndpoint"],
[c.tag for c in ee.children])
aes = [c for c in ee.children if c.tag == "AssertingEntity"]
assert len(aes) == 1
assert len(aes[0].children) == 1
assert _eq(aes[0].attributes.keys(), [])
nid = aes[0].children[0]
assert nid.tag == "NameID"
assert nid.namespace == "urn:oasis:names:tc:SAML:metadata:dynamicsaml"
assert len(nid.children) == 0
assert _eq(nid.attributes.keys(), ["Format"])
assert nid.text.strip() == "http://federationX.org"
def spid_contacts_29_v3(metadata):
"""
https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf
"""
saml2.md.SamlBase.register_prefix(settings.SPID_PREFIXES)
contact_map = settings.SPID_CONTACTS
metadata.contact_person = []
for contact in contact_map:
spid_contact = saml2.md.ContactPerson()
spid_contact.contact_type = contact["contact_type"]
contact_kwargs = {
"email_address": [contact["email_address"]],
"telephone_number": [contact["telephone_number"]],
}
spid_extensions = saml2.ExtensionElement(
"Extensions", namespace="urn:oasis:names:tc:SAML:2.0:metadata")
if contact["contact_type"] == "other":
spid_contact.loadd(contact_kwargs)
contact_kwargs["contact_type"] = contact["contact_type"]
for k, v in contact.items():
if k in contact_kwargs:
continue
ext = saml2.ExtensionElement(
k, namespace=settings.SPID_PREFIXES["spid"], text=v)
# Avviso SPID n. 19 v.4 per enti AGGREGATORI il tag ContactPerson deve avere l’attributo spid:entityType valorizzato come spid:aggregator
if k == "PublicServicesFullOperator":
spid_contact.extension_attributes = {
"spid:entityType": "spid:aggregator"
}
spid_extensions.children.append(ext)
elif contact["contact_type"] == "billing":
contact_kwargs["company"] = contact["company"]
spid_contact.loadd(contact_kwargs)
elements = {}
for k, v in contact.items():
if k in contact_kwargs:
continue
ext = saml2.ExtensionElement(
k, namespace=settings.SPID_PREFIXES["fpa"], text=v)
elements[k] = ext
# DatiAnagrafici
IdFiscaleIVA = saml2.ExtensionElement(
"IdFiscaleIVA",
namespace=settings.SPID_PREFIXES["fpa"],
)
Anagrafica = saml2.ExtensionElement(
"Anagrafica",
namespace=settings.SPID_PREFIXES["fpa"],
)
Anagrafica.children.append(elements["Denominazione"])
IdFiscaleIVA.children.append(elements["IdPaese"])
IdFiscaleIVA.children.append(elements["IdCodice"])
DatiAnagrafici = saml2.ExtensionElement(
"DatiAnagrafici",
namespace=settings.SPID_PREFIXES["fpa"],
)
if elements.get("CodiceFiscale"):
DatiAnagrafici.children.append(elements["CodiceFiscale"])
DatiAnagrafici.children.append(IdFiscaleIVA)
DatiAnagrafici.children.append(Anagrafica)
CessionarioCommittente = saml2.ExtensionElement(
"CessionarioCommittente",
namespace=settings.SPID_PREFIXES["fpa"],
)
CessionarioCommittente.children.append(DatiAnagrafici)
# Sede
Sede = saml2.ExtensionElement(
"Sede",
namespace=settings.SPID_PREFIXES["fpa"],
)
Sede.children.append(elements["Indirizzo"])
Sede.children.append(elements["NumeroCivico"])
Sede.children.append(elements["CAP"])
Sede.children.append(elements["Comune"])
Sede.children.append(elements["Provincia"])
Sede.children.append(elements["Nazione"])
CessionarioCommittente.children.append(Sede)
spid_extensions.children.append(CessionarioCommittente)
spid_contact.extensions = spid_extensions
metadata.contact_person.append(spid_contact)
def _metadata_contact_person(self, metadata, conf):
##############
# avviso 29 v3
#
# https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf
# Avviso 29v3
SPID_PREFIXES = dict(
spid = "https://spid.gov.it/saml-extensions",
fpa = "https://spid.gov.it/invoicing-extensions"
)
saml2.md.SamlBase.register_prefix(SPID_PREFIXES)
metadata.contact_person = []
contact_map = conf.contact_person
metadata.contact_person = []
for contact in contact_map:
spid_contact = saml2.md.ContactPerson()
spid_contact.contact_type = contact['contact_type']
contact_kwargs = {
'email_address' : [contact['email_address']],
'telephone_number' : [contact['telephone_number']]
}
spid_extensions = saml2.ExtensionElement(
'Extensions',
namespace='urn:oasis:names:tc:SAML:2.0:metadata'
)
if contact['contact_type'] == 'other':
spid_contact.loadd(contact_kwargs)
contact_kwargs['contact_type'] = contact['contact_type']
for k,v in contact.items():
if k in contact_kwargs:
continue
ext = saml2.ExtensionElement(
k,
namespace=SPID_PREFIXES['spid'],
text=v
)
# Avviso SPID n. 19 v.4 per enti AGGREGATORI il tag ContactPerson deve avere l’attributo spid:entityType valorizzato come spid:aggregator
if k == "PublicServicesFullOperator":
spid_contact.extension_attributes= {"spid:entityType": "spid:aggregator"}
spid_extensions.children.append(ext)
spid_contact.extensions = spid_extensions
elif contact['contact_type'] == 'billing':
contact_kwargs['company'] = contact['company']
spid_contact.loadd(contact_kwargs)
elements = {}
for k,v in contact.items():
if k in contact_kwargs:
continue
ext = saml2.ExtensionElement(
k,
namespace=SPID_PREFIXES['fpa'],
text=v
)
elements[k] = ext
# DatiAnagrafici
IdFiscaleIVA = saml2.ExtensionElement(
'IdFiscaleIVA',
namespace=SPID_PREFIXES['fpa'],
)
Anagrafica = saml2.ExtensionElement(
'Anagrafica',
namespace=SPID_PREFIXES['fpa'],
)
Anagrafica.children.append(elements['Denominazione'])
IdFiscaleIVA.children.append(elements['IdPaese'])
IdFiscaleIVA.children.append(elements['IdCodice'])
DatiAnagrafici = saml2.ExtensionElement(
'DatiAnagrafici',
namespace=SPID_PREFIXES['fpa'],
)
if elements.get('CodiceFiscale'):
DatiAnagrafici.children.append(elements['CodiceFiscale'])
DatiAnagrafici.children.append(IdFiscaleIVA)
DatiAnagrafici.children.append(Anagrafica)
CessionarioCommittente = saml2.ExtensionElement(
'CessionarioCommittente',
namespace=SPID_PREFIXES['fpa'],
)
CessionarioCommittente.children.append(DatiAnagrafici)
# Sede
Sede = saml2.ExtensionElement(
'Sede',
namespace=SPID_PREFIXES['fpa'],
)
Sede.children.append(elements['Indirizzo'])
Sede.children.append(elements['NumeroCivico'])
Sede.children.append(elements['CAP'])
Sede.children.append(elements['Comune'])
Sede.children.append(elements['Provincia'])
Sede.children.append(elements['Nazione'])
CessionarioCommittente.children.append(Sede)
spid_extensions.children.append(CessionarioCommittente)
spid_contact.extensions = spid_extensions
metadata.contact_person.append(spid_contact)
def spid_sp_metadata(conf):
metadata = entity_descriptor(conf)
# this will renumber acs starting from 0 and set index=0 as is_default
cnt = 0
for attribute_consuming_service in metadata.spsso_descriptor.attribute_consuming_service:
attribute_consuming_service.index = str(cnt)
cnt += 1
cnt = 0
for assertion_consumer_service in metadata.spsso_descriptor.assertion_consumer_service:
assertion_consumer_service.is_default = 'true' if not cnt else ''
assertion_consumer_service.index = str(cnt)
cnt += 1
# nameformat patch... non proprio standard
for reqattr in metadata.spsso_descriptor.attribute_consuming_service[
0].requested_attribute:
reqattr.name_format = None #"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
# reqattr.is_required = None
reqattr.friendly_name = None
# remove unecessary encryption and digest algs
# supported_algs = ['http://www.w3.org/2009/xmldsig11#dsa-sha256',
# 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256']
# new_list = []
# for alg in metadata.extensions.extension_elements:
# if alg.attributes.get('Algorithm') in supported_algs:
# new_list.append(alg)
# metadata.extensions.extension_elements = new_list
# ... Piuttosto non devo specificare gli algoritmi di firma/criptazione...
metadata.extensions = None
# attribute consuming service service name patch
service_name = metadata.spsso_descriptor.attribute_consuming_service[
0].service_name[0]
service_name.lang = 'it'
service_name.text = conf._sp_name
##############
# avviso 29 v3
#
# https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf
saml2.md.SamlBase.register_prefix(settings.SPID_PREFIXES)
contact_map = settings.SPID_CONTACTS
cnt = 0
metadata.contact_person = []
for contact in contact_map:
spid_contact = saml2.md.ContactPerson()
spid_contact.contact_type = contact['contact_type']
contact_kwargs = {
'email_address': [contact['email_address']],
'telephone_number': [contact['telephone_number']]
}
if contact['contact_type'] == 'other':
spid_contact.loadd(contact_kwargs)
contact_kwargs['contact_type'] = contact['contact_type']
spid_extensions = saml2.ExtensionElement(
'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata')
for k, v in contact.items():
if k in contact_kwargs: continue
ext = saml2.ExtensionElement(
k, namespace=settings.SPID_PREFIXES['spid'], text=v)
spid_extensions.children.append(ext)
elif contact['contact_type'] == 'billing':
contact_kwargs['company'] = contact['company']
spid_contact.loadd(contact_kwargs)
spid_extensions = saml2.ExtensionElement(
'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata')
elements = {}
for k, v in contact.items():
if k in contact_kwargs: continue
ext = saml2.ExtensionElement(
k, namespace=settings.SPID_PREFIXES['fpa'], text=v)
elements[k] = ext
# DatiAnagrafici
IdFiscaleIVA = saml2.ExtensionElement(
'IdFiscaleIVA',
namespace=settings.SPID_PREFIXES['fpa'],
)
Anagrafica = saml2.ExtensionElement(
'Anagrafica',
namespace=settings.SPID_PREFIXES['fpa'],
)
Anagrafica.children.append(elements['Denominazione'])
IdFiscaleIVA.children.append(elements['IdPaese'])
IdFiscaleIVA.children.append(elements['IdCodice'])
DatiAnagrafici = saml2.ExtensionElement(
'DatiAnagrafici',
namespace=settings.SPID_PREFIXES['fpa'],
)
if elements.get('CodiceFiscale'):
DatiAnagrafici.children.append(elements['CodiceFiscale'])
DatiAnagrafici.children.append(IdFiscaleIVA)
DatiAnagrafici.children.append(Anagrafica)
CessionarioCommittente = saml2.ExtensionElement(
'CessionarioCommittente',
namespace=settings.SPID_PREFIXES['fpa'],
)
CessionarioCommittente.children.append(DatiAnagrafici)
# Sede
Sede = saml2.ExtensionElement(
'Sede',
namespace=settings.SPID_PREFIXES['fpa'],
)
Sede.children.append(elements['Indirizzo'])
Sede.children.append(elements['NumeroCivico'])
Sede.children.append(elements['CAP'])
Sede.children.append(elements['Comune'])
Sede.children.append(elements['Provincia'])
Sede.children.append(elements['Nazione'])
CessionarioCommittente.children.append(Sede)
spid_extensions.children.append(CessionarioCommittente)
spid_contact.extensions = spid_extensions
metadata.contact_person.append(spid_contact)
cnt += 1
#
# fine avviso 29v3
###################
# metadata signature
secc = security_context(conf)
sign_dig_algs = dict(sign_alg=conf._sp_signing_algorithm,
digest_alg=conf._sp_digest_algorithm)
eid, xmldoc = sign_entity_descriptor(metadata, None, secc, **sign_dig_algs)
return xmldoc
def _metadata_endpoint(self, context):
"""
Endpoint for retrieving the backend metadata
:type context: satosa.context.Context
:rtype: satosa.response.Response
:param context: The current context
:return: response with metadata
"""
logger.debug("Sending metadata response")
conf = self.sp.config
metadata = entity_descriptor(conf)
# creare gli attribute_consuming_service
cnt = 0
for attribute_consuming_service in metadata.spsso_descriptor.attribute_consuming_service:
attribute_consuming_service.index = str(cnt)
cnt += 1
cnt = 0
for assertion_consumer_service in metadata.spsso_descriptor.assertion_consumer_service:
assertion_consumer_service.is_default = 'true' if not cnt else ''
assertion_consumer_service.index = str(cnt)
cnt += 1
# nameformat patch... tutto questo non rispecchia gli standard OASIS
for reqattr in metadata.spsso_descriptor.attribute_consuming_service[
0].requested_attribute:
reqattr.name_format = None
reqattr.friendly_name = None
# attribute consuming service service name patch
service_name = metadata.spsso_descriptor.attribute_consuming_service[
0].service_name[0]
service_name.lang = 'it'
service_name.text = metadata.entity_id
# remove extension disco and uuinfo (spid-testenv2)
#metadata.spsso_descriptor.extensions = []
##############
# avviso 29 v3
#
# https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf
# Avviso 29v3
SPID_PREFIXES = dict(spid="https://spid.gov.it/saml-extensions",
fpa="https://spid.gov.it/invoicing-extensions")
saml2.md.SamlBase.register_prefix(SPID_PREFIXES)
metadata.contact_person = []
contact_map = conf.contact_person
cnt = 0
metadata.contact_person = []
for contact in contact_map:
spid_contact = saml2.md.ContactPerson()
spid_contact.contact_type = contact['contact_type']
contact_kwargs = {
'email_address': [contact['email_address']],
'telephone_number': [contact['telephone_number']]
}
if contact['contact_type'] == 'other':
spid_contact.loadd(contact_kwargs)
contact_kwargs['contact_type'] = contact['contact_type']
spid_extensions = saml2.ExtensionElement(
'Extensions',
namespace='urn:oasis:names:tc:SAML:2.0:metadata')
for k, v in contact.items():
if k in contact_kwargs: continue
ext = saml2.ExtensionElement(
k, namespace=SPID_PREFIXES['spid'], text=v)
spid_extensions.children.append(ext)
elif contact['contact_type'] == 'billing':
contact_kwargs['company'] = contact['company']
spid_contact.loadd(contact_kwargs)
spid_extensions = saml2.ExtensionElement(
'Extensions',
namespace='urn:oasis:names:tc:SAML:2.0:metadata')
elements = {}
for k, v in contact.items():
if k in contact_kwargs: continue
ext = saml2.ExtensionElement(
k, namespace=SPID_PREFIXES['fpa'], text=v)
elements[k] = ext
# DatiAnagrafici
IdFiscaleIVA = saml2.ExtensionElement(
'IdFiscaleIVA',
namespace=SPID_PREFIXES['fpa'],
)
Anagrafica = saml2.ExtensionElement(
'Anagrafica',
namespace=SPID_PREFIXES['fpa'],
)
Anagrafica.children.append(elements['Denominazione'])
IdFiscaleIVA.children.append(elements['IdPaese'])
IdFiscaleIVA.children.append(elements['IdCodice'])
DatiAnagrafici = saml2.ExtensionElement(
'DatiAnagrafici',
namespace=SPID_PREFIXES['fpa'],
)
if elements.get('CodiceFiscale'):
DatiAnagrafici.children.append(elements['CodiceFiscale'])
DatiAnagrafici.children.append(IdFiscaleIVA)
DatiAnagrafici.children.append(Anagrafica)
CessionarioCommittente = saml2.ExtensionElement(
'CessionarioCommittente',
namespace=SPID_PREFIXES['fpa'],
)
CessionarioCommittente.children.append(DatiAnagrafici)
# Sede
Sede = saml2.ExtensionElement(
'Sede',
namespace=SPID_PREFIXES['fpa'],
)
Sede.children.append(elements['Indirizzo'])
Sede.children.append(elements['NumeroCivico'])
Sede.children.append(elements['CAP'])
Sede.children.append(elements['Comune'])
Sede.children.append(elements['Provincia'])
Sede.children.append(elements['Nazione'])
CessionarioCommittente.children.append(Sede)
spid_extensions.children.append(CessionarioCommittente)
spid_contact.extensions = spid_extensions
metadata.contact_person.append(spid_contact)
cnt += 1
#
# fine avviso 29v3
###################
# metadata signature
secc = security_context(conf)
#
sign_dig_algs = self.get_kwargs_sign_dig_algs()
eid, xmldoc = sign_entity_descriptor(metadata, None, secc,
**sign_dig_algs)
valid_instance(eid)
return Response(text_type(xmldoc).encode('utf-8'),
content="text/xml; charset=utf8")