def entities_descriptor(eds, valid_for, name, ident, sign, secc, sign_alg=None, digest_alg=None): entities = md.EntitiesDescriptor(entity_descriptor=eds) if valid_for: entities.valid_until = in_a_while(hours=valid_for) if name: entities.name = name if ident: entities.id = ident if sign: if not ident: ident = sid() if not secc.key_file: raise SAMLError("If you want to do signing you should define " + "a key to sign with") if not secc.my_cert: raise SAMLError("If you want to do signing you should define " + "where your public key are") entities.signature = pre_signature_part(ident, secc.my_cert, 1, sign_alg=sign_alg, digest_alg=digest_alg) entities.id = ident xmldoc = secc.sign_statement("%s" % entities, class_name(entities)) entities = md.entities_descriptor_from_string(xmldoc) else: xmldoc = None return entities, xmldoc
def add_derek_info(sp): not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Derek"], "umuselin": ["deje0001"]} session_info["issuer"] = "urn:mace:example.com:saml:idp" session_info["name_id"] = nid session_info["not_on_or_after"] = not_on_or_after # subject_id, entity_id, info, timestamp sp.users.add_information_about_person(session_info)
def test_valid(): assert valid("2000-01-12T00:00:00Z") == False current_year = datetime.datetime.today().year assert valid("%d-01-12T00:00:00Z" % (current_year + 1)) == True this_instance = instant() time.sleep(1) assert valid(this_instance) is False # unless on a very fast machine :-) soon = in_a_while(seconds=10) assert valid(soon) == True
def not_on_or_after(self, sp_entity_id): """ When the assertion stops being valid, should not be used after this time. :param sp_entity_id: The SP entity ID :return: String representation of the time """ return in_a_while(**self.get_lifetime(sp_entity_id))
def test_set(self): not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Derek"]} self.cache.set(nid[0], "abcd", session_info, not_on_or_after) (ava, inactive) = self.cache.get_identity(nid[0]) assert inactive == [] assert list(ava.keys()) == ["givenName"] assert ava["givenName"] == ["Derek"]
def test_identity(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName":["Derek"]} self.cache.set("1234", "abcd", session_info, not_on_or_after) not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"mail":["*****@*****.**"]} self.cache.set("1234", "xyzv", session_info, not_on_or_after) (ident, _) = self.cache.get_identity("1234") print(ident) assert len(ident.keys()) == 2 assert "givenName" in ident.keys() assert "mail" in ident.keys() assert ident["mail"] == ["*****@*****.**"] assert ident["givenName"] == ["Derek"]
def test_identity(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Derek"]} self.cache.set("1234", "abcd", session_info, not_on_or_after) not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"mail": ["*****@*****.**"]} self.cache.set("1234", "xyzv", session_info, not_on_or_after) (ident, _) = self.cache.get_identity("1234") print(ident) assert len(ident.keys()) == 2 assert "givenName" in ident.keys() assert "mail" in ident.keys() assert ident["mail"] == ["*****@*****.**"] assert ident["givenName"] == ["Derek"]
def test_timeout(self): not_on_or_after = str_to_time(in_a_while(seconds=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Alex"], "surName": ["Rodriguez"]} self.cache.set(nid[2], "bcde", session_info, not_on_or_after) time.sleep(2) (ava, inactive) = self.cache.get_identity(nid[2]) assert inactive == ["bcde"] assert ava == {}
def _expiration(timeout, tformat=None): # Wed, 06-Jun-2012 01:34:34 GMT if not tformat: tformat = "%a, %d-%b-%Y %T GMT" if timeout == "now": return time_util.instant(tformat) else: # validity time should match lifetime of assertions return time_util.in_a_while(minutes=timeout, format=tformat)
def test_receivers(self): assert _eq(self.cache.receivers(nid[1]), ["abcd"]) not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Ichiro"], "surName": ["Suzuki"]} self.cache.set(nid[1], "bcde", session_info, not_on_or_after) assert _eq(self.cache.receivers(nid[1]), ["abcd", "bcde"]) assert nid_eq(self.cache.subjects(), nid[0:2])
def test_add_ava_info(self): not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"surName": ["Jeter"]} self.cache.set(nid[0], "bcde", session_info, not_on_or_after) (ava, inactive) = self.cache.get_identity(nid[0]) assert inactive == [] assert _eq(ava.keys(), ["givenName", "surName"]) assert ava["givenName"] == ["Derek"] assert ava["surName"] == ["Jeter"]
def test_second_subject(self): not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Ichiro"], "surName": ["Suzuki"]} self.cache.set(nid[1], "abcd", session_info, not_on_or_after) (ava, inactive) = self.cache.get_identity(nid[1]) assert inactive == [] assert _eq(ava.keys(), ["givenName", "surName"]) assert ava["givenName"] == ["Ichiro"] assert ava["surName"] == ["Suzuki"] assert nid_eq(self.cache.subjects(), [nid[0], nid[1]])
def test_set_get_2(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(seconds=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Mariano"]} # subject_id, entity_id, info, timestamp self.cache.set("1235", "abcd", session_info, not_on_or_after) time.sleep(2) raises(ToOld, 'self.cache.get("1235", "abcd")') info = self.cache.get("1235", "abcd", False) assert info != {}
def test_set_get_2(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(seconds=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName":["Mariano"]} # subject_id, entity_id, info, timestamp self.cache.set("1235", "abcd", session_info, not_on_or_after) time.sleep(2) raises(ToOld, 'self.cache.get("1235", "abcd")') info = self.cache.get("1235", "abcd", False) assert info != {}
def test_set_get_1(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName":["Derek"]} # subject_id, entity_id, info, timestamp self.cache.set("1234", "abcd", session_info, not_on_or_after) info = self.cache.get("1234", "abcd") #{u'issuer': u'', u'came from': u'', u'ava': {u'givenName': [u'Derek']}, u'session_id': -1, u'not_on_or_after': 0} ava = info["ava"] print(ava) assert list(ava.keys()) == ["givenName"] assert ava["givenName"] == ["Derek"]
def _expiration(timeout, tformat="%a, %d-%b-%Y %H:%M:%S GMT"): """ :param timeout: :param tformat: :return: """ if timeout == "now": return time_util.instant(tformat) elif timeout == "dawn": return time.strftime(tformat, time.gmtime(0)) else: # validity time should match lifetime of assertions return time_util.in_a_while(minutes=timeout, format=tformat)
def test_set_get_1(self): if self.cache is not None: not_on_or_after = str_to_time(in_a_while(days=1)) session_info = SESSION_INFO_PATTERN.copy() session_info["ava"] = {"givenName": ["Derek"]} # subject_id, entity_id, info, timestamp self.cache.set("1234", "abcd", session_info, not_on_or_after) info = self.cache.get("1234", "abcd") #{u'issuer': u'', u'came from': u'', u'ava': {u'givenName': [u'Derek']}, u'session_id': -1, u'not_on_or_after': 0} ava = info["ava"] print(ava) assert list(ava.keys()) == ["givenName"] assert ava["givenName"] == ["Derek"]
def test_add_person(self): session_info = { "name_id": nid, "issuer": IDP_ONE, "not_on_or_after": in_a_while(minutes=15), "ava": { "givenName": "Anders", "surName": "Andersson", "mail": "*****@*****.**" } } self.population.add_information_about_person(session_info) issuers = self.population.issuers_of_info(nid) assert list(issuers) == [IDP_ONE] subjects = [code(c) for c in self.population.subjects()] assert subjects == [cnid] # Are any of the sources gone stale stales = self.population.stale_sources_for_person(nid) assert stales == [] # are any of the possible sources not used or gone stale possible = [IDP_ONE, IDP_OTHER] stales = self.population.stale_sources_for_person(nid, possible) assert stales == [IDP_OTHER] (identity, stale) = self.population.get_identity(nid) assert stale == [] assert identity == { 'mail': '*****@*****.**', 'givenName': 'Anders', 'surName': 'Andersson' } info = self.population.get_info_from(nid, IDP_ONE) assert sorted(list(info.keys())) == sorted( ["not_on_or_after", "name_id", "ava"]) assert info["name_id"] == nid assert info["ava"] == { 'mail': '*****@*****.**', 'givenName': 'Anders', 'surName': 'Andersson' }
def test_add_another_person(self): session_info = { "name_id": nida, "issuer": IDP_ONE, "not_on_or_after": in_a_while(minutes=15), "ava": { "givenName": "Bertil", "surName": "Bertilsson", "mail": "*****@*****.**" } } self.population.add_information_about_person(session_info) issuers = self.population.issuers_of_info(nida) assert list(issuers) == [IDP_ONE] subjects = [code(c) for c in self.population.subjects()] assert _eq(subjects, [cnid, cnida]) stales = self.population.stale_sources_for_person(nida) assert stales == [] # are any of the possible sources not used or gone stale possible = [IDP_ONE, IDP_OTHER] stales = self.population.stale_sources_for_person(nida, possible) assert stales == [IDP_OTHER] (identity, stale) = self.population.get_identity(nida) assert stale == [] assert identity == {"givenName": "Bertil", "surName": "Bertilsson", "mail": "*****@*****.**" } info = self.population.get_info_from(nida, IDP_ONE) assert sorted(list(info.keys())) == sorted(["not_on_or_after", "name_id", "ava"]) assert info["name_id"] == nida assert info["ava"] == {"givenName": "Bertil", "surName": "Bertilsson", "mail": "*****@*****.**" }
def test_modify_person(self): session_info = { "name_id": nid, "issuer": IDP_ONE, "not_on_or_after": in_a_while(minutes=15), "ava": { "givenName": "Arne", "surName": "Andersson", "mail": "*****@*****.**" } } self.population.add_information_about_person(session_info) issuers = self.population.issuers_of_info(nid) assert _eq(issuers, [IDP_ONE, IDP_OTHER]) subjects = [code(c) for c in self.population.subjects()] assert _eq(subjects, [cnid, cnida]) # Are any of the sources gone stale stales = self.population.stale_sources_for_person(nid) assert stales == [] # are any of the possible sources not used or gone stale possible = [IDP_ONE, IDP_OTHER] stales = self.population.stale_sources_for_person(nid, possible) assert stales == [] (identity, stale) = self.population.get_identity(nid) assert stale == [] assert identity == {'mail': '*****@*****.**', 'givenName': 'Arne', 'surName': 'Andersson', "eduPersonEntitlement": "Anka"} info = self.population.get_info_from(nid, IDP_OTHER) assert sorted(list(info.keys())) == sorted(["not_on_or_after", "name_id", "ava"]) assert info["name_id"] == nid assert info["ava"] == {"eduPersonEntitlement": "Anka"}
def _expiration(timeout, time_format=None): if timeout == "now": return time_util.instant(time_format) else: # validity time should match lifetime of assertions return time_util.in_a_while(minutes=timeout, format=time_format)
def _expiration(timeout, tformat=None): if timeout == "now": return time_util.instant(tformat) else: # validity time should match lifetime of assertions return time_util.in_a_while(minutes=timeout, format=tformat)
def entity_descriptor(confd): mycert = None enc_cert = None if confd.cert_file is not None: mycert = [] mycert.append("".join(read_cert(confd.cert_file))) if confd.additional_cert_files is not None: for _cert_file in confd.additional_cert_files: mycert.append("".join(read_cert(_cert_file))) if confd.encryption_keypairs is not None: enc_cert = [] for _encryption in confd.encryption_keypairs: enc_cert.append("".join(read_cert(_encryption["cert_file"]))) entd = md.EntityDescriptor() entd.entity_id = confd.entityid if confd.valid_for: entd.valid_until = in_a_while(hours=int(confd.valid_for)) if confd.organization is not None: entd.organization = do_organization_info(confd.organization) if confd.contact_person is not None: entd.contact_person = do_contact_persons_info(confd.contact_person) if confd.assurance_certification: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.assurance_certification] attr = Attribute( attribute_value=ava, name="urn:oasis:names:tc:SAML:attribute:assurance-certification", ) _add_attr_to_entity_attributes(entd.extensions, attr) if confd.entity_category: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.entity_category] attr = Attribute(attribute_value=ava, name="http://macedir.org/entity-category") _add_attr_to_entity_attributes(entd.extensions, attr) if confd.entity_category_support: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.entity_category_support] attr = Attribute(attribute_value=ava, name="http://macedir.org/entity-category-support") _add_attr_to_entity_attributes(entd.extensions, attr) for item in algorithm_support_in_metadata(confd.xmlsec_binary): if not entd.extensions: entd.extensions = md.Extensions() entd.extensions.add_extension_element(item) conf_sp_type = confd.getattr('sp_type', 'sp') conf_sp_type_in_md = confd.getattr('sp_type_in_metadata', 'sp') if conf_sp_type and conf_sp_type_in_md is True: if not entd.extensions: entd.extensions = md.Extensions() item = sp_type.SPType(text=conf_sp_type) entd.extensions.add_extension_element(item) serves = confd.serves if not serves: raise SAMLError( 'No service type ("sp","idp","aa") provided in the configuration') if "sp" in serves: confd.context = "sp" entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert) if "idp" in serves: confd.context = "idp" entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert) if "aa" in serves: confd.context = "aa" entd.attribute_authority_descriptor = do_aa_descriptor( confd, mycert, enc_cert) if "pdp" in serves: confd.context = "pdp" entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert) if "aq" in serves: confd.context = "aq" entd.authn_authority_descriptor = do_aq_descriptor( confd, mycert, enc_cert) return entd
def test_timeout(): soon = in_a_while(seconds=1) time.sleep(2) assert valid(soon) == False
def entity_descriptor(confd): mycert = None enc_cert = None if confd.cert_file is not None: mycert = [] mycert.append("".join(read_cert(confd.cert_file))) if confd.additional_cert_files is not None: for _cert_file in confd.additional_cert_files: mycert.append("".join(read_cert(_cert_file))) if confd.encryption_keypairs is not None: enc_cert = [] for _encryption in confd.encryption_keypairs: enc_cert.append("".join(read_cert(_encryption["cert_file"]))) entd = md.EntityDescriptor() entd.entity_id = confd.entityid if confd.valid_for: entd.valid_until = in_a_while(hours=int(confd.valid_for)) if confd.organization is not None: entd.organization = do_organization_info(confd.organization) if confd.contact_person is not None: entd.contact_person = do_contact_persons_info(confd.contact_person) if confd.assurance_certification: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.assurance_certification] attr = Attribute( attribute_value=ava, name="urn:oasis:names:tc:SAML:attribute:assurance-certification", ) _add_attr_to_entity_attributes(entd.extensions, attr) if confd.entity_category: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.entity_category] attr = Attribute( attribute_value=ava, name="http://macedir.org/entity-category" ) _add_attr_to_entity_attributes(entd.extensions, attr) if confd.entity_category_support: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.entity_category_support] attr = Attribute( attribute_value=ava, name="http://macedir.org/entity-category-support" ) _add_attr_to_entity_attributes(entd.extensions, attr) for item in algorithm_support_in_metadata(confd.xmlsec_binary): if not entd.extensions: entd.extensions = md.Extensions() entd.extensions.add_extension_element(item) conf_sp_type = confd.getattr('sp_type', 'sp') conf_sp_type_in_md = confd.getattr('sp_type_in_metadata', 'sp') if conf_sp_type and conf_sp_type_in_md is True: if not entd.extensions: entd.extensions = md.Extensions() item = sp_type.SPType(text=conf_sp_type) entd.extensions.add_extension_element(item) serves = confd.serves if not serves: raise SAMLError( 'No service type ("sp","idp","aa") provided in the configuration') if "sp" in serves: confd.context = "sp" entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert) if "idp" in serves: confd.context = "idp" entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert) if "aa" in serves: confd.context = "aa" entd.attribute_authority_descriptor = do_aa_descriptor(confd, mycert, enc_cert) if "pdp" in serves: confd.context = "pdp" entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert) if "aq" in serves: confd.context = "aq" entd.authn_authority_descriptor = do_aq_descriptor(confd, mycert, enc_cert) return entd