def validate_metadata(self, xml): """ Validates an XML SP Metadata. :param xml: Metadata's XML that will be validate :type xml: string :returns: The list of found errors :rtype: list """ assert isinstance(xml, basestring) if len(xml) == 0: raise Exception('Empty string supplied as input') errors = [] res = OneLogin_Saml2_Utils.validate_xml( xml, 'saml-schema-metadata-2.0.xsd', self.__debug) if not isinstance(res, Document): errors.append(res) else: dom = res element = dom.documentElement if element.tagName not in 'md:EntityDescriptor': errors.append('noEntityDescriptor_xml') else: if len(element.getElementsByTagName( 'md:SPSSODescriptor')) != 1: errors.append('onlySPSSODescriptor_allowed_xml') else: valid_until = cache_duration = expire_time = None if element.hasAttribute('validUntil'): valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time( element.getAttribute('validUntil')) if element.hasAttribute('cacheDuration'): cache_duration = element.getAttribute('cacheDuration') expire_time = OneLogin_Saml2_Utils.get_expire_time( cache_duration, valid_until) if expire_time is not None and int( time()) > int(expire_time): errors.append('expired_xml') # TODO: Validate Sign return errors
def validate_metadata(self, xml): """ Validates an XML SP Metadata. :param xml: Metadata's XML that will be validate :type xml: string :returns: The list of found errors :rtype: list """ assert isinstance(xml, compat.text_types) if len(xml) == 0: raise Exception('Empty string supplied as input') errors = [] root = OneLogin_Saml2_XML.validate_xml(xml, 'saml-schema-metadata-2.0.xsd', self.__debug) if isinstance(root, str): errors.append(root) else: if root.tag != '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD: errors.append('noEntityDescriptor_xml') else: if (len( root.findall( './/md:SPSSODescriptor', namespaces=OneLogin_Saml2_Constants.NSMAP))) != 1: errors.append('onlySPSSODescriptor_allowed_xml') else: valid_until, cache_duration = root.get( 'validUntil'), root.get('cacheDuration') if valid_until: valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time( valid_until) expire_time = OneLogin_Saml2_Utils.get_expire_time( cache_duration, valid_until) if expire_time is not None and int( time()) > int(expire_time): errors.append('expired_xml') # TODO: Validate Sign return errors
def testGetExpireTime(self): """ Tests the get_expire_time method of the OneLogin_Saml2_Utils """ self.assertEqual(None, OneLogin_Saml2_Utils.get_expire_time()) self.assertNotEqual(None, OneLogin_Saml2_Utils.get_expire_time('PT360000S')) self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2010-12-10T04:39:31Z')) self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1291955971)) self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2074-12-10T04:39:31Z')) self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1418186371))
def testGetExpireTime(self): """ Tests the get_expire_time method of the OneLogin_Saml2_Utils """ self.assertEqual(None, OneLogin_Saml2_Utils.get_expire_time()) self.assertNotEqual(None, OneLogin_Saml2_Utils.get_expire_time('PT360000S')) self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2010-12-10T04:39:31Z')) self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1291955971)) self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2074-12-10T04:39:31Z')) self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1418186371))
def validate_metadata(self, xml): """ Validates an XML SP Metadata. :param xml: Metadata's XML that will be validate :type xml: string :returns: The list of found errors :rtype: list """ assert isinstance(xml, basestring) if len(xml) == 0: raise Exception('Empty string supplied as input') errors = [] res = OneLogin_Saml2_Utils.validate_xml(xml, 'saml-schema-metadata-2.0.xsd', self.__debug) if not isinstance(res, Document): errors.append(res) else: dom = res element = dom.documentElement if element.tagName not in 'md:EntityDescriptor': errors.append('noEntityDescriptor_xml') else: if len(element.getElementsByTagName('md:SPSSODescriptor')) != 1: errors.append('onlySPSSODescriptor_allowed_xml') else: valid_until = cache_duration = expire_time = None if element.hasAttribute('validUntil'): valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(element.getAttribute('validUntil')) if element.hasAttribute('cacheDuration'): cache_duration = element.getAttribute('cacheDuration') expire_time = OneLogin_Saml2_Utils.get_expire_time(cache_duration, valid_until) if expire_time is not None and int(datetime.now().strftime('%s')) > int(expire_time): errors.append('expired_xml') # TODO: Validate Sign return errors
def validate_metadata(self, xml): """ Validates an XML SP Metadata. :param xml: Metadata's XML that will be validate :type xml: string :returns: The list of found errors :rtype: list """ assert isinstance(xml, compat.text_types) if len(xml) == 0: raise Exception('Empty string supplied as input') errors = [] root = OneLogin_Saml2_XML.validate_xml(xml, 'saml-schema-metadata-2.0.xsd', self.__debug) if isinstance(root, str): errors.append(root) else: if root.tag != '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD: errors.append('noEntityDescriptor_xml') else: if (len(root.findall('.//md:SPSSODescriptor', namespaces=OneLogin_Saml2_Constants.NSMAP))) != 1: errors.append('onlySPSSODescriptor_allowed_xml') else: valid_until, cache_duration = root.get('validUntil'), root.get('cacheDuration') if valid_until: valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(valid_until) expire_time = OneLogin_Saml2_Utils.get_expire_time(cache_duration, valid_until) if expire_time is not None and int(time()) > int(expire_time): errors.append('expired_xml') # TODO: Validate Sign return errors
def validate_metadata(self, xml, fingerprint=None, fingerprintalg='sha1', validatecert=False): """ Validates an XML SP Metadata. :param xml: Metadata's XML that will be validate :type xml: string :param fingerprint: The fingerprint of the public cert :type: string :param fingerprintalg: The algorithm used to build the fingerprint :type: string :param validatecert: If true, will verify the signature and if the cert is valid. :type: bool :returns: a dictionary with the list of found validation errors and signature check :rtype: dict """ result = { 'schemaValidate': True, 'signCheck': False, 'error': 0, 'msg': '' } assert isinstance(xml, compat.text_types) if len(xml) == 0: raise Exception('Empty string supplied as input') #errors = {'validate':[], 'signCheck':0} root = OneLogin_Saml2_XML.validate_xml( xml, 'saml-schema-metadata-2.0.xsd', self._OneLogin_Saml2_Settings__debug) if isinstance(root, str): result['msg'] = root result['schemaValidate'] = False else: if root.tag != '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD: result['msg'] = 'noEntityDescriptor_xml' result['error'] = 1 result['schemaValidate'] = False #errors.append('noEntityDescriptor_xml') else: if (len( root.findall( './/md:SPSSODescriptor', namespaces=OneLogin_Saml2_Constants.NSMAP))) != 1: #errors.append('onlySPSSODescriptor_allowed_xml') result['msg'] = 'onlySPSSODescriptor_allowed_xml' result['error'] = 2 result['schemaValidate'] = False else: valid_until, cache_duration = root.get( 'validUntil'), root.get('cacheDuration') if valid_until: valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time( valid_until) expire_time = OneLogin_Saml2_Utils.get_expire_time( cache_duration, valid_until) if expire_time is not None and int( time()) > int(expire_time): #errors.append('expired_xml') result['msg'] = 'expired_xml' result['error'] = 3 result['schemaValidate'] = False # Validate Sign signCheck = OneLogin_Saml2_Utils.validate_metadata_sign( xml, fingerprint=fingerprint, fingerprintalg=fingerprintalg, validatecert=validatecert) if signCheck: result['signCheck'] = True return result