def handle_metadata_save(self, environ, start_response, qs):
"""
Takes the input for the page metadata.mako.
Encrypts entity id and secret information for the social services.
Creates the partial xml to be added to the metadata for the service
provider.
:param environ: wsgi enviroment
:param start_response: wsgi start respons
:param qs: Query parameters in a dictionary.
:return: wsgi response for the mako file metadatasave.mako.
"""
resp = Response(mako_template="metadatasave.mako",
template_lookup=self.lookup,
headers=[])
if "entityId" not in qs or "secret" not in qs:
xml = ("Xml could not be generated because no entityId or secret"
"has been sent to the service.")
_logger.warning(xml)
else:
try:
secret_data = json.dumps({
"entityId": json.loads(qs["entityId"]),
"secret": json.loads(qs["secret"])
})
# create a JWE
jwe = JWE(secret_data, alg=self.alg, enc=self.enc)
secret_data_encrypted = jwe.encrypt([self.key])
val = AttributeValue()
val.set_text(secret_data_encrypted)
attr = Attribute(name_format=NAME_FORMAT_URI,
name="http://social2saml.nordu.net/customer",
attribute_value=[val])
eattr = mdattr.EntityAttributes(attribute=[attr])
nspair = {
"mdattr": "urn:oasis:names:tc:SAML:metadata:attribute",
"samla": "urn:oasis:names:tc:SAML:2.0:assertion",
}
xml = eattr.to_string(nspair)
xml_list = xml.split("\n", 1)
if len(xml_list) == 2:
xml = xml_list[1]
except Exception:
_logger.fatal('Unknown error in handle_metadata_save.',
exc_info=True)
xml = "Xml could not be generated."
argv = {
"home": CONST_METADATA,
"action": CONST_METADATAVERIFY,
"xml": xml
}
return resp(environ, start_response, **argv)
def handle_metadata_save(self, environ, start_response, qs):
"""
Takes the input for the page metadata.mako.
Encrypts entity id and secret information for the social services.
Creates the partial xml to be added to the metadata for the service
provider.
:param environ: wsgi enviroment
:param start_response: wsgi start respons
:param qs: Query parameters in a dictionary.
:return: wsgi response for the mako file metadatasave.mako.
"""
resp = Response(mako_template="metadatasave.mako",
template_lookup=self.lookup,
headers=[])
if "entityId" not in qs or "secret" not in qs:
xml = ("Xml could not be generated because no entityId or secret"
"has been sent to the service.")
_logger.warning(xml)
else:
try:
secret_data = json.dumps({"entityId": json.loads(qs["entityId"]),
"secret": json.loads(qs["secret"])})
# create a JWE
jwe = JWE(secret_data, alg=self.alg, enc=self.enc)
secret_data_encrypted = jwe.encrypt([self.key])
val = AttributeValue()
val.set_text(secret_data_encrypted)
attr = Attribute(
name_format=NAME_FORMAT_URI,
name="http://social2saml.nordu.net/customer",
attribute_value=[val])
eattr = mdattr.EntityAttributes(attribute=[attr])
nspair = {
"mdattr": "urn:oasis:names:tc:SAML:metadata:attribute",
"samla": "urn:oasis:names:tc:SAML:2.0:assertion",
}
xml = eattr.to_string(nspair)
xml_list = xml.split("\n", 1)
if len(xml_list) == 2:
xml = xml_list[1]
except Exception:
_logger.fatal('Unknown error in handle_metadata_save.',
exc_info=True)
xml = "Xml could not be generated."
argv = {
"home": CONST_METADATA,
"action": CONST_METADATAVERIFY,
"xml": xml
}
return resp(environ, start_response, **argv)
def handleMetadataSave(self, environ, start_response, qs):
"""
Takes the input for the page metadata.mako.
Encrypts entity id and secret information for the social services.
Creates the partial xml to be added to the metadata for the service provider.
:param environ: wsgi enviroment
:param start_response: wsgi start respons
:param qs: Query parameters in a dictionary.
:return: wsgi response for the mako file metadatasave.mako.
"""
resp = Response(mako_template="metadatasave.mako",
template_lookup=self.lookup,
headers=[])
if "entityId" not in qs or "secret" not in qs:
xml = "Xml could not be generated because no entityId or secret has been sent to the service."
self.logger.warning(xml)
else:
try:
secretData = '{"entityId": ' + qs["entityId"] + ', "secret":' + qs["secret"] + '}'
secretDataEncrypted = encrypt(
secretData,
{"rsa": [self.publicKey]},
MetadataGeneration.CONST_ALG,
MetadataGeneration.CONST_ENCRYPT,
"public",
debug=False)
val = AttributeValue()
val.set_text(secretDataEncrypted)
attr = Attribute(name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
name="http://social2saml.nordu.net/customer",
attribute_value=[val])
eattr = mdattr.EntityAttributes(attribute=[attr])
nspair = {
"mdattr": "urn:oasis:names:tc:SAML:metadata:attribute",
"samla": "urn:oasis:names:tc:SAML:2.0:assertion"
}
xml = eattr.to_string(nspair)
xmlList = xml.split("\n", 1)
if len(xmlList) == 2:
xml = xmlList[1]
except Exception as exp:
self.logger.fatal('Unknown error in handleMetadataSave.',
exc_info=True)
xml = "Xml could not be generated."
argv = {
"home": MetadataGeneration.CONST_METADATA,
"action": MetadataGeneration.CONST_METADATAVERIFY,
"xml": xml
}
return resp(environ, start_response, **argv)
def test_filter_values_req_opt_0():
r = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
o = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="12345")]), ONTS)
ava = {"serialNumber": ["12345", "54321"]}
ava = filter_on_attributes(ava, [r], [o])
assert list(ava.keys()) == ["serialNumber"]
assert _eq(ava["serialNumber"], ["12345", "54321"])
def entity_descriptor(confd):
mycert = None
enc_cert = None
if confd.cert_file is not None:
mycert = []
mycert.append("".join(open(confd.cert_file).readlines()[1:-1]))
if confd.additional_cert_files is not None:
for _cert_file in confd.additional_cert_files:
mycert.append("".join(open(_cert_file).readlines()[1:-1]))
if confd.encryption_keypairs is not None:
enc_cert = []
for _encryption in confd.encryption_keypairs:
enc_cert.append("".join(
open(_encryption["cert_file"]).readlines()[1:-1]))
entd = md.EntityDescriptor()
entd.entity_id = confd.entityid
if confd.valid_for:
entd.valid_until = in_a_while(hours=int(confd.valid_for))
if confd.organization is not None:
entd.organization = do_organization_info(confd.organization)
if confd.contact_person is not None:
entd.contact_person = do_contact_person_info(confd.contact_person)
if confd.entity_category:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category]
attr = Attribute(attribute_value=ava,
name="http://macedir.org/entity-category")
item = mdattr.EntityAttributes(attribute=attr)
entd.extensions.add_extension_element(item)
serves = confd.serves
if not serves:
raise SAMLError(
'No service type ("sp","idp","aa") provided in the configuration')
if "sp" in serves:
confd.context = "sp"
entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert)
if "idp" in serves:
confd.context = "idp"
entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert)
if "aa" in serves:
confd.context = "aa"
entd.attribute_authority_descriptor = do_aa_descriptor(
confd, mycert, enc_cert)
if "pdp" in serves:
confd.context = "pdp"
entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert)
if "aq" in serves:
confd.context = "aq"
entd.authn_authority_descriptor = do_aq_descriptor(
confd, mycert, enc_cert)
return entd
def test_filter_values_req_4():
a = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
required = [a]
ava = {"serialNumber": ["12345"]}
raises(MissingValue, filter_on_attributes, ava, required)
def test_set_text(self):
av = AttributeValue()
av.set_text(True)
assert av.text == "true"
av.set_text(False)
assert av.text == "false"
# can't change value to another type
raises(AssertionError, "av.set_text(491)")
av = AttributeValue()
av.set_text(None)
assert av.text == ""
def test_filter_values_req_6():
a = to_dict(
Attribute(name="urn:oid:2.5.4.5", name_format=NAME_FORMAT_URI,
friendly_name="serialNumber",
attribute_value=[AttributeValue(text="54321")]), ONTS)
required = [a]
ava = {"serialNumber": ["12345", "54321"]}
ava = filter_on_attributes(ava, required)
assert list(ava.keys()) == ["serialNumber"]
assert ava["serialNumber"] == ["54321"]
#!/usr/bin/env python
__author__ = 'rohe0002'
import sys
from saml2.extension import mdattr
from saml2.saml import Attribute
from saml2.saml import AttributeValue
consumer = sys.stdin.read()
val = AttributeValue()
val.set_text(consumer)
attr = Attribute(name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
name="http://social2saml.nordu.net/customer",
attribute_value=[val])
eattr = mdattr.EntityAttributes(attribute=[attr])
nspair = {
"mdattr": "urn:oasis:names:tc:SAML:metadata:attribute",
"samla":"urn:oasis:names:tc:SAML:2.0:assertion"
}
print eattr.to_string(nspair)
def entity_descriptor(confd):
mycert = None
enc_cert = None
if confd.cert_file is not None:
mycert = []
mycert.append("".join(read_cert(confd.cert_file)))
if confd.additional_cert_files is not None:
for _cert_file in confd.additional_cert_files:
mycert.append("".join(read_cert(_cert_file)))
if confd.encryption_keypairs is not None:
enc_cert = []
for _encryption in confd.encryption_keypairs:
enc_cert.append("".join(read_cert(_encryption["cert_file"])))
entd = md.EntityDescriptor()
entd.entity_id = confd.entityid
if confd.valid_for:
entd.valid_until = in_a_while(hours=int(confd.valid_for))
if confd.organization is not None:
entd.organization = do_organization_info(confd.organization)
if confd.contact_person is not None:
entd.contact_person = do_contact_persons_info(confd.contact_person)
if confd.assurance_certification:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.assurance_certification]
attr = Attribute(
attribute_value=ava,
name="urn:oasis:names:tc:SAML:attribute:assurance-certification",
)
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category]
attr = Attribute(
attribute_value=ava, name="http://macedir.org/entity-category"
)
_add_attr_to_entity_attributes(entd.extensions, attr)
if confd.entity_category_support:
if not entd.extensions:
entd.extensions = md.Extensions()
ava = [AttributeValue(text=c) for c in confd.entity_category_support]
attr = Attribute(
attribute_value=ava, name="http://macedir.org/entity-category-support"
)
_add_attr_to_entity_attributes(entd.extensions, attr)
for item in algorithm_support_in_metadata(confd.xmlsec_binary):
if not entd.extensions:
entd.extensions = md.Extensions()
entd.extensions.add_extension_element(item)
conf_sp_type = confd.getattr('sp_type', 'sp')
conf_sp_type_in_md = confd.getattr('sp_type_in_metadata', 'sp')
if conf_sp_type and conf_sp_type_in_md is True:
if not entd.extensions:
entd.extensions = md.Extensions()
item = sp_type.SPType(text=conf_sp_type)
entd.extensions.add_extension_element(item)
serves = confd.serves
if not serves:
raise SAMLError(
'No service type ("sp","idp","aa") provided in the configuration')
if "sp" in serves:
confd.context = "sp"
entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert)
if "idp" in serves:
confd.context = "idp"
entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert)
if "aa" in serves:
confd.context = "aa"
entd.attribute_authority_descriptor = do_aa_descriptor(confd, mycert,
enc_cert)
if "pdp" in serves:
confd.context = "pdp"
entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert)
if "aq" in serves:
confd.context = "aq"
entd.authn_authority_descriptor = do_aq_descriptor(confd, mycert,
enc_cert)
return entd
#!/usr/bin/env python
__author__ = 'rohe0002'
import sys
from saml2.extension import mdattr
from saml2.saml import Attribute
from saml2.saml import AttributeValue
consumer = sys.stdin.read()
val = AttributeValue()
val.set_text(consumer)
attr = Attribute(name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
name="http://social2saml.nordu.net/customer",
attribute_value=[val])
eattr = mdattr.EntityAttributes(attribute=[attr])
nspair = {
"mdattr": "urn:oasis:names:tc:SAML:metadata:attribute",
"samla": "urn:oasis:names:tc:SAML:2.0:assertion"
}
print eattr.to_string(nspair)
