def verify(self, keys=None): try: valid_instance(self.response) except NotValid as exc: logger.error("Not valid response: %s" % exc.args[0]) raise return self
def create_metadata_string(configfile, config=None, valid=None, cert=None, keyfile=None, mid=None, name=None, sign=None): valid_for = 0 nspair = {"xs": "http://www.w3.org/2001/XMLSchema"} # paths = [".", "/opt/local/bin"] if valid: valid_for = int(valid) # Hours eds = [] if config is None: if configfile.endswith(".py"): configfile = configfile[:-3] config = Config().load_file(configfile, metadata_construction=True) eds.append(entity_descriptor(config)) conf = Config() conf.key_file = config.key_file or keyfile conf.cert_file = config.cert_file or cert conf.debug = 1 conf.xmlsec_binary = config.xmlsec_binary secc = security_context(conf) if mid: eid, xmldoc = entities_descriptor(eds, valid_for, name, mid, sign, secc) else: eid = eds[0] if sign: eid, xmldoc = sign_entity_descriptor(eid, mid, secc) else: xmldoc = None valid_instance(eid) return metadata_tostring_fix(eid, nspair, xmldoc)
def import_metadata(self, xml_str, source): """ Import information; organization distinguish name, location and certificates from a metadata file. :param xml_str: The metadata as a XML string. :param source: A name by which this source should be known, has to be unique within this session. """ # now = time.gmtime() #print >> sys.stderr, "Loading %s" % (source,) entities_descr = md.entities_descriptor_from_string(xml_str) if not entities_descr: entity_descr = md.entity_descriptor_from_string(xml_str) if entity_descr: self.do_entity_descriptor(entity_descr, source) else: try: valid_instance(entities_descr) except NotValid, exc: print >> sys.stderr, exc.args[0] return try: valid(entities_descr.valid_until) except AttributeError: pass for entity_descr in entities_descr.entity_descriptor: self.do_entity_descriptor(entity_descr, source, entities_descr.valid_until)
def _loads(self, xmldata, binding=None, origdoc=None): # own copy self.xmlstr = xmldata[:] logger.info("xmlstr: %s" % (self.xmlstr,)) try: self.message = self.signature_check(xmldata, origdoc=origdoc) except TypeError: raise except Exception as excp: logger.info("EXCEPTION: %s", excp) if not self.message: logger.error("Response was not correctly signed") logger.info(xmldata) raise IncorrectlySigned() logger.info("request: %s" % (self.message,)) try: valid_instance(self.message) except NotValid as exc: logger.error("Not valid request: %s" % exc.args[0]) raise return self
def _loads(self, xmldata, binding=None, origdoc=None, must=None, only_valid_cert=False): if binding == BINDING_HTTP_REDIRECT: pass # own copy self.xmlstr = xmldata[:] logger.debug("xmlstr: %s" % (self.xmlstr,)) try: self.message = self.signature_check(xmldata, origdoc=origdoc, must=must, only_valid_cert=only_valid_cert) except TypeError: raise except Exception as excp: logger.info("EXCEPTION: %s", excp) if not self.message: logger.error("Response was not correctly signed") logger.info(xmldata) raise IncorrectlySigned() logger.info("request: %s" % (self.message,)) try: valid_instance(self.message) except NotValid as exc: logger.error("Not valid request: %s" % exc.args[0]) raise return self
def verify(self, keys=None): try: valid_instance(self.response) except NotValid as exc: logger.error("Not valid response: %s", exc.args[0]) raise return self
def parse(self, xmlstr): self.entities_descr = md.entities_descriptor_from_string(xmlstr) if not self.entities_descr: self.entity_descr = md.entity_descriptor_from_string(xmlstr) if self.entity_descr: self.do_entity_descriptor(self.entity_descr) else: try: valid_instance(self.entities_descr) except NotValid, exc: logger.error(exc.args[0]) return if self.check_validity: try: if not valid(self.entities_descr.valid_until): raise ToOld( "Metadata not valid anymore, it's after %s" % ( self.entities_descr.valid_until,)) except AttributeError: pass for entity_descr in self.entities_descr.entity_descriptor: self.do_entity_descriptor(entity_descr)
def _loads(self, xmldata, binding=None, origdoc=None): # own copy self.xmlstr = xmldata[:] logger.info("xmlstr: %s" % (self.xmlstr, )) try: self.message = self.signature_check(xmldata, origdoc=origdoc) except TypeError: raise except Exception as excp: logger.info("EXCEPTION: %s", excp) if not self.message: logger.error("Response was not correctly signed") logger.info(xmldata) raise IncorrectlySigned() logger.info("request: %s" % (self.message, )) try: valid_instance(self.message) except NotValid as exc: logger.error("Not valid request: %s" % exc.args[0]) raise return self
def parse(self, xmlstr): self.entities_descr = md.entities_descriptor_from_string(xmlstr) if not self.entities_descr: self.entity_descr = md.entity_descriptor_from_string(xmlstr) if self.entity_descr: self.do_entity_descriptor(self.entity_descr) else: try: valid_instance(self.entities_descr) except NotValid as exc: logger.error("Invalid XML message: %s", exc.args[0]) return if self.check_validity: try: if not valid(self.entities_descr.valid_until): raise ToOld( "Metadata not valid anymore, it's only valid " "until %s" % (self.entities_descr.valid_until, )) except AttributeError: pass for entity_descr in self.entities_descr.entity_descriptor: self.do_entity_descriptor(entity_descr)
def verify(self, key_file="", decrypt=True): try: valid_instance(self.response) except NotValid as exc: logger.error("Not valid response: %s" % exc.args[0]) raise return self
def __init__(self, cargs, kwargs): self.nspair = {"xs": "http://www.w3.org/2001/XMLSchema"} _cnf = kwargs['conf'] res = read_multi_conf(_cnf, True) eds = [] for key, cnf in res.items(): eds.append(entity_descriptor(cnf)) valid_for = 0 """ Setting things to None here that are now unused, but might be useful someday """ conf = Config() conf.key_file = None conf.cert_file = None conf.debug = 1 conf.xmlsec_binary = None args_name = None args_id = None args_sign = None secc = security_context(conf) desc, xmldoc = entities_descriptor(eds, valid_for, args_name, args_id, args_sign, secc) valid_instance(desc) self.desc = desc self.xmldoc = xmldoc
def _metadata_endpoint(self, context): """ Endpoint for retrieving the backend metadata :type context: satosa.context.Context :rtype: satosa.response.Response :param context: The current context :return: response with metadata """ logger.debug("Sending metadata response") conf = self.sp.config metadata = entity_descriptor(conf) # creare gli attribute_consuming_service cnt = 0 for (attribute_consuming_service ) in metadata.spsso_descriptor.attribute_consuming_service: attribute_consuming_service.index = str(cnt) cnt += 1 cnt = 0 for (assertion_consumer_service ) in metadata.spsso_descriptor.assertion_consumer_service: assertion_consumer_service.is_default = "true" if not cnt else "" assertion_consumer_service.index = str(cnt) cnt += 1 # nameformat patch... tutto questo non rispecchia gli standard OASIS for reqattr in metadata.spsso_descriptor.attribute_consuming_service[ 0].requested_attribute: reqattr.name_format = None reqattr.friendly_name = None # attribute consuming service service name patch service_name = metadata.spsso_descriptor.attribute_consuming_service[ 0].service_name[0] service_name.lang = "it" service_name.text = metadata.entity_id # remove extension disco and uuinfo (spid-testenv2) # metadata.spsso_descriptor.extensions = [] # load ContactPerson Extensions self._metadata_contact_person(metadata, conf) # metadata signature secc = security_context(conf) # sign_dig_algs = self.get_kwargs_sign_dig_algs() eid, xmldoc = sign_entity_descriptor(metadata, None, secc, **sign_dig_algs) valid_instance(eid) return Response(text_type(xmldoc).encode("utf-8"), content="text/xml; charset=utf8")
def _loads(self, xmldata, binding=None, origdoc=None, must=None, only_valid_cert=False, relayState=None, sigalg=None, signature=None): # own copy self.xmlstr = xmldata[:] logger.debug("xmlstr: %s, relayState: %s, sigalg: %s, signature: %s", self.xmlstr, relayState, sigalg, signature) # If redirect binding, and provided SigAlg, Signature use that to verify # and skip signatureCheck withing SAMLRequest/xmldata _need_redirect_sig_check, _saml_msg, must = self._should_do_redirect_sig_check( binding, must, origdoc, relayState, sigalg, signature) try: self.message = self.signature_check( xmldata, origdoc=origdoc, must=must, only_valid_cert=only_valid_cert) except TypeError: raise except Exception as excp: self.message = None logger.info("EXCEPTION: %s", excp) if _need_redirect_sig_check and self.message is not None: _verified_ok = self._do_redirect_sig_check(_saml_msg) # Set self.message to None, it shall raise error further down. if not _verified_ok: self.message = None logger.error('Failed to verify signature') if not self.message: logger.error("Request was not correctly signed") logger.info("Request: %s", xmldata) raise IncorrectlySigned() logger.info("Request: %s", self.message) try: valid_instance(self.message) except NotValid as exc: logger.error("Not valid request: %s", exc.args[0]) raise return self
def _postamble(self): if not self.response: logger.error("Response was not correctly signed") if self.xmlstr: logger.info(self.xmlstr) raise IncorrectlySigned() logger.debug("response: %s" % (self.response,)) try: valid_instance(self.response) except NotValid, exc: logger.error("Not valid response: %s" % exc.args[0]) self._clear() return self
def _postamble(self): if not self.response: logger.error("Response was not correctly signed") if self.xmlstr: logger.info(self.xmlstr) raise IncorrectlySigned() logger.debug("response: %s" % (self.response, )) try: valid_instance(self.response) except NotValid, exc: logger.error("Not valid response: %s" % exc.args[0]) self._clear() return self
def _make_metadata(config_dict, option): """ Creates metadata from the given idp config :type config_dict: dict[str, Any] :type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption :rtype: str :param config_dict: config :param option: metadata creation settings :return: A xml string """ eds = [] cnf = Config() cnf.load(copy.deepcopy(config_dict), metadata_construction=True) if option.valid: cnf.valid_for = option.valid eds.append(entity_descriptor(cnf)) conf = Config() conf.key_file = option.keyfile conf.cert_file = option.cert conf.debug = 1 conf.xmlsec_binary = option.xmlsec secc = security_context(conf) if option.id: desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id, option.sign, secc) valid_instance(desc) print(desc.to_string(NSPAIR)) else: for eid in eds: if option.sign: assert conf.key_file assert conf.cert_file eid, xmldoc = sign_entity_descriptor(eid, option.id, secc) else: xmldoc = None valid_instance(eid) xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode() return xmldoc
class Request(object): def __init__(self, sec_context, receiver_addrs, attribute_converters=None, timeslack=0): self.sec = sec_context self.receiver_addrs = receiver_addrs self.timeslack = timeslack self.xmlstr = "" self.name_id = "" self.message = None self.not_on_or_after = 0 self.attribute_converters = attribute_converters self.binding = None self.relay_state = "" self.signature_check = _dummy # has to be set !!! def _clear(self): self.xmlstr = "" self.name_id = "" self.message = None self.not_on_or_after = 0 def _loads(self, xmldata, binding=None, origdoc=None, must=None, only_valid_cert=False): # own copy self.xmlstr = xmldata[:] logger.info("xmlstr: %s" % (self.xmlstr, )) try: self.message = self.signature_check( xmldata, origdoc=origdoc, must=must, only_valid_cert=only_valid_cert) except TypeError: raise except Exception, excp: logger.info("EXCEPTION: %s", excp) if not self.message: logger.error("Response was not correctly signed") logger.info(xmldata) raise IncorrectlySigned() logger.info("request: %s" % (self.message, )) try: valid_instance(self.message) except NotValid, exc: logger.error("Not valid request: %s" % exc.args[0]) raise
def write_metadata(sp_configs): """ Generate SAML XML metadata from the pysaml2 JSON format. :param base: base url of the svs node :return: dictionary with the config for the two SP's """ for _, config in sp_configs.iteritems(): cnf = Config().load(config, metadata_construction=True) eid = entity_descriptor(cnf) valid_instance(eid) nspair = {"xs": "http://www.w3.org/2001/XMLSchema"} xmldoc = metadata_tostring_fix(eid, nspair, None) entity_id = config["entityid"] path = urlparse.urlparse(entity_id).path filename = os.path.basename(path) with open(filename, "w") as output_file: output_file.write(xmldoc)
def parse(self, xmlstr): self.entities_descr = md.entities_descriptor_from_string(xmlstr) if not self.entities_descr: self.entity_descr = md.entity_descriptor_from_string(xmlstr) if self.entity_descr: self.do_entity_descriptor(self.entity_descr) else: try: valid_instance(self.entities_descr) except NotValid, exc: logger.error(exc.args[0]) return try: valid(self.entities_descr.valid_until) except AttributeError: pass for entity_descr in self.entities_descr.entity_descriptor: self.do_entity_descriptor(entity_descr)
def _postamble(self): if not self.response: if self.log: self.log.error("Response was not correctly signed") if self.xmlstr: self.log.info(self.xmlstr) raise IncorrectlySigned() if self.debug: self.log.info("response: %s" % (self.response,)) try: valid_instance(self.response) except NotValid, exc: if self.log: self.log.error("Not valid response: %s" % exc.args[0]) else: print >> sys.stderr, "Not valid response: %s" % exc.args[0] self._clear() return self
def create_metadata_string(configfile, config, valid, cert, keyfile, id, name, sign): valid_for = 0 nspair = {"xs": "http://www.w3.org/2001/XMLSchema"} #paths = [".", "/opt/local/bin"] if valid: valid_for = int(valid) # Hours eds = [] if config is not None: eds.append(entity_descriptor(config)) else: if configfile.endswith(".py"): configfile = configfile[:-3] config = Config().load_file(configfile, metadata_construction=True) eds.append(entity_descriptor(config)) conf = Config() conf.key_file = keyfile conf.cert_file = cert conf.debug = 1 conf.xmlsec_binary = config.xmlsec_binary secc = security_context(conf) if id: desc = entities_descriptor(eds, valid_for, name, id, sign, secc) valid_instance(desc) return metadata_tostring_fix(desc, nspair) else: for eid in eds: if sign: desc = sign_entity_descriptor(eid, id, secc) else: desc = eid valid_instance(desc) return metadata_tostring_fix(desc, nspair)
def test_valid_instance(): attr_statem = saml.AttributeStatement() text = [ "value of test attribute", "value1 of test attribute", "value2 of test attribute", "value1 of test attribute2", "value2 of test attribute2", ] attr_statem.attribute.append(saml.Attribute()) attr_statem.attribute.append(saml.Attribute()) attr_statem.attribute[0].name = "testAttribute" attr_statem.attribute[0].name_format = saml.NAME_FORMAT_URI attr_statem.attribute[0].friendly_name = "test attribute" attr_statem.attribute[0].attribute_value.append(saml.AttributeValue()) attr_statem.attribute[0].attribute_value[0].text = text[0] attr_statem.attribute[1].name = "testAttribute2" attr_statem.attribute[1].name_format = saml.NAME_FORMAT_UNSPECIFIED attr_statem.attribute[1].friendly_name = text[2] attr_statem.attribute[1].attribute_value.append(saml.AttributeValue()) attr_statem.attribute[1].attribute_value[0].text = text[2] assert valid_instance(attr_statem) response = samlp.Response() response.id = "response id" response.in_response_to = "request id" response.version = saml2.VERSION response.issue_instant = "2007-09-14T01:05:02Z" response.destination = "http://www.example.com/Destination" response.consent = saml.CONSENT_UNSPECIFIED response.issuer = saml.Issuer() response.status = samlp.Status() response.assertion.append(saml.Assertion()) with raises(MustValueError): valid_instance(response)
def _loads(self, xmldata, binding=None, origdoc=None, must=None, only_valid_cert=False): if binding == BINDING_HTTP_REDIRECT: pass # own copy self.xmlstr = xmldata[:] logger.debug("xmlstr: %s" % (self.xmlstr, )) try: self.message = self.signature_check( xmldata, origdoc=origdoc, must=must, only_valid_cert=only_valid_cert) except TypeError: raise except Exception as excp: logger.info("EXCEPTION: %s", excp) if not self.message: logger.error("Response was not correctly signed") logger.info(xmldata) raise IncorrectlySigned() logger.info("request: %s" % (self.message, )) try: valid_instance(self.message) except NotValid as exc: logger.error("Not valid request: %s" % exc.args[0]) raise return self
class Request(object): def __init__(self, sec_context, receiver_addrs, timeslack=0): self.sec = sec_context self.receiver_addrs = receiver_addrs self.timeslack = timeslack self.xmlstr = "" self.name_id = "" self.message = None self.not_on_or_after = 0 self.signature_check = _dummy # has to be set !!! def _clear(self): self.xmlstr = "" self.name_id = "" self.message = None self.not_on_or_after = 0 def _loads(self, xmldata, decode=True): if decode: logger.debug("Expected to decode and inflate xml data") decoded_xml = s_utils.decode_base64_and_inflate(xmldata) else: decoded_xml = xmldata # own copy self.xmlstr = decoded_xml[:] logger.info("xmlstr: %s" % (self.xmlstr, )) try: self.message = self.signature_check(decoded_xml) except TypeError: raise except Exception, excp: logger.info("EXCEPTION: %s", excp) if not self.message: logger.error("Response was not correctly signed") logger.info(decoded_xml) raise IncorrectlySigned() logger.info("request: %s" % (self.message, )) try: valid_instance(self.message) except NotValid, exc: logger.error("Not valid request: %s" % exc.args[0]) raise
def create_signed_entities_descriptor(entity_descriptors, security_context, valid_for=None): """ :param entity_descriptors: the entity descriptors to put in in an EntitiesDescriptor tag and sign :param security_context: security context for the signature :param valid_for: number of hours the metadata should be valid :return: the signed XML document :type entity_descriptors: Sequence[saml2.md.EntityDescriptor]] :type security_context: saml2.sigver.SecurityContext :type valid_for: Optional[int] """ entities_desc, xmldoc = entities_descriptor(entity_descriptors, valid_for=valid_for, name=None, ident=None, sign=True, secc=security_context) if not valid_instance(entities_desc): raise ValueError("Could not construct valid EntitiesDescriptor tag") return xmldoc
def create_signed_entity_descriptor(entity_descriptor, security_context, valid_for=None): """ :param entity_descriptor: the entity descriptor to sign :param security_context: security context for the signature :param valid_for: number of hours the metadata should be valid :return: the signed XML document :type entity_descriptor: saml2.md.EntityDescriptor] :type security_context: saml2.sigver.SecurityContext :type valid_for: Optional[int] """ if valid_for: entity_descriptor.valid_until = in_a_while(hours=valid_for) entity_desc, xmldoc = sign_entity_descriptor(entity_descriptor, None, security_context) if not valid_instance(entity_desc): raise ValueError("Could not construct valid EntityDescriptor tag") return xmldoc
def test_valid_instance(): attr_statem = saml.AttributeStatement() text = ["value of test attribute", "value1 of test attribute", "value2 of test attribute", "value1 of test attribute2", "value2 of test attribute2", ] attr_statem.attribute.append(saml.Attribute()) attr_statem.attribute.append(saml.Attribute()) attr_statem.attribute[0].name = "testAttribute" attr_statem.attribute[0].name_format = saml.NAME_FORMAT_URI attr_statem.attribute[0].friendly_name = "test attribute" attr_statem.attribute[0].attribute_value.append(saml.AttributeValue()) attr_statem.attribute[0].attribute_value[0].text = text[0] attr_statem.attribute[1].name = "testAttribute2" attr_statem.attribute[1].name_format = saml.NAME_FORMAT_UNSPECIFIED attr_statem.attribute[1].friendly_name = text[2] attr_statem.attribute[1].attribute_value.append(saml.AttributeValue()) attr_statem.attribute[1].attribute_value[0].text = text[2] assert valid_instance(attr_statem) response = samlp.Response() response.id = "response id" response.in_response_to = "request id" response.version = saml2.VERSION response.issue_instant = "2007-09-14T01:05:02Z" response.destination = "http://www.example.com/Destination" response.consent = saml.CONSENT_UNSPECIFIED response.issuer = saml.Issuer() response.status = samlp.Status() response.assertion.append(saml.Assertion()) raises(MustValueError, 'valid_instance(response)')
def verify(self): return valid_instance(self)
def verify(self): try: valid_instance(self.response) except NotValid, exc: logger.error("Not valid response: %s" % exc.args[0]) raise
def _metadata_endpoint(self, context): """ Endpoint for retrieving the backend metadata :type context: satosa.context.Context :rtype: satosa.response.Response :param context: The current context :return: response with metadata """ logger.debug("Sending metadata response") conf = self.sp.config metadata = entity_descriptor(conf) # creare gli attribute_consuming_service cnt = 0 for attribute_consuming_service in metadata.spsso_descriptor.attribute_consuming_service: attribute_consuming_service.index = str(cnt) cnt += 1 cnt = 0 for assertion_consumer_service in metadata.spsso_descriptor.assertion_consumer_service: assertion_consumer_service.is_default = 'true' if not cnt else '' assertion_consumer_service.index = str(cnt) cnt += 1 # nameformat patch... tutto questo non rispecchia gli standard OASIS for reqattr in metadata.spsso_descriptor.attribute_consuming_service[ 0].requested_attribute: reqattr.name_format = None reqattr.friendly_name = None # attribute consuming service service name patch service_name = metadata.spsso_descriptor.attribute_consuming_service[ 0].service_name[0] service_name.lang = 'it' service_name.text = metadata.entity_id # remove extension disco and uuinfo (spid-testenv2) #metadata.spsso_descriptor.extensions = [] ############## # avviso 29 v3 # # https://www.agid.gov.it/sites/default/files/repository_files/spid-avviso-n29v3-specifiche_sp_pubblici_e_privati_0.pdf # Avviso 29v3 SPID_PREFIXES = dict(spid="https://spid.gov.it/saml-extensions", fpa="https://spid.gov.it/invoicing-extensions") saml2.md.SamlBase.register_prefix(SPID_PREFIXES) metadata.contact_person = [] contact_map = conf.contact_person cnt = 0 metadata.contact_person = [] for contact in contact_map: spid_contact = saml2.md.ContactPerson() spid_contact.contact_type = contact['contact_type'] contact_kwargs = { 'email_address': [contact['email_address']], 'telephone_number': [contact['telephone_number']] } if contact['contact_type'] == 'other': spid_contact.loadd(contact_kwargs) contact_kwargs['contact_type'] = contact['contact_type'] spid_extensions = saml2.ExtensionElement( 'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata') for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=SPID_PREFIXES['spid'], text=v) spid_extensions.children.append(ext) elif contact['contact_type'] == 'billing': contact_kwargs['company'] = contact['company'] spid_contact.loadd(contact_kwargs) spid_extensions = saml2.ExtensionElement( 'Extensions', namespace='urn:oasis:names:tc:SAML:2.0:metadata') elements = {} for k, v in contact.items(): if k in contact_kwargs: continue ext = saml2.ExtensionElement( k, namespace=SPID_PREFIXES['fpa'], text=v) elements[k] = ext # DatiAnagrafici IdFiscaleIVA = saml2.ExtensionElement( 'IdFiscaleIVA', namespace=SPID_PREFIXES['fpa'], ) Anagrafica = saml2.ExtensionElement( 'Anagrafica', namespace=SPID_PREFIXES['fpa'], ) Anagrafica.children.append(elements['Denominazione']) IdFiscaleIVA.children.append(elements['IdPaese']) IdFiscaleIVA.children.append(elements['IdCodice']) DatiAnagrafici = saml2.ExtensionElement( 'DatiAnagrafici', namespace=SPID_PREFIXES['fpa'], ) if elements.get('CodiceFiscale'): DatiAnagrafici.children.append(elements['CodiceFiscale']) DatiAnagrafici.children.append(IdFiscaleIVA) DatiAnagrafici.children.append(Anagrafica) CessionarioCommittente = saml2.ExtensionElement( 'CessionarioCommittente', namespace=SPID_PREFIXES['fpa'], ) CessionarioCommittente.children.append(DatiAnagrafici) # Sede Sede = saml2.ExtensionElement( 'Sede', namespace=SPID_PREFIXES['fpa'], ) Sede.children.append(elements['Indirizzo']) Sede.children.append(elements['NumeroCivico']) Sede.children.append(elements['CAP']) Sede.children.append(elements['Comune']) Sede.children.append(elements['Provincia']) Sede.children.append(elements['Nazione']) CessionarioCommittente.children.append(Sede) spid_extensions.children.append(CessionarioCommittente) spid_contact.extensions = spid_extensions metadata.contact_person.append(spid_contact) cnt += 1 # # fine avviso 29v3 ################### # metadata signature secc = security_context(conf) # sign_dig_algs = self.get_kwargs_sign_dig_algs() eid, xmldoc = sign_entity_descriptor(metadata, None, secc, **sign_dig_algs) valid_instance(eid) return Response(text_type(xmldoc).encode('utf-8'), content="text/xml; charset=utf8")
if args.xmlsec: xmlsec = args.xmlsec else: xmlsec = get_xmlsec_binary(paths) eds = [] for filespec in args.config: bas, fil = os.path.split(filespec) if bas != "": sys.path.insert(0, bas) if fil.endswith(".py"): fil = fil[:-3] cnf = Config().load_file(fil, metadata_construction=True) eds.append(entity_descriptor(cnf)) secc = SecurityContext(xmlsec, args.keyfile, cert_file=args.cert) if args.id: desc = entities_descriptor(eds, valid_for, args.name, args.id, args.sign, secc) valid_instance(desc) print desc.to_string(nspair) else: for eid in eds: if args.sign: desc = sign_entity_descriptor(eid, id, secc) else: desc = eid valid_instance(desc) print desc.to_string(nspair)
def _loads( self, xmldata, binding=None, origdoc=None, must=None, only_valid_cert=False, relay_state=None, sigalg=None, signature=None, ): # own copy self.xmlstr = xmldata[:] logger.debug("xmlstr: %s, relay_state: %s, sigalg: %s, signature: %s", self.xmlstr, relay_state, sigalg, signature) sign_redirect = must and binding == BINDING_HTTP_REDIRECT sign_post = must and not sign_redirect incorrectly_signed = IncorrectlySigned("Request was not signed correctly") try: self.message = self.signature_check( xmldata, origdoc=origdoc, must=sign_post, only_valid_cert=only_valid_cert, ) except Exception as e: self.message = None raise incorrectly_signed from e if sign_redirect: if sigalg is None or signature is None: raise incorrectly_signed _saml_msg = { "SAMLRequest": origdoc, "Signature": signature, "SigAlg": sigalg, } if relay_state is not None: _saml_msg["RelayState"] = relay_state try: sig_verified = self._do_redirect_sig_check(_saml_msg) except Exception as e: self.message = None raise incorrectly_signed from e else: if not sig_verified: self.message = None raise incorrectly_signed if not self.message: logger.error("Request was not signed correctly") logger.info("Request data: %s", xmldata) raise incorrectly_signed logger.info("Request message: %s", self.message) try: valid_instance(self.message) except NotValid as exc: logger.error("Request not valid: %s", exc.args[0]) raise return self
def create_sp_metadata(self): nspair = {"xs": "http://www.w3.org/2001/XMLSchema"} ed = entity_descriptor(self.config) valid_instance(ed) return metadata_tostring_fix(ed, nspair)
cnf = Config().load_file(fil, metadata_construction=True) if valid_for: cnf.valid_for = valid_for eds.append(entity_descriptor(cnf)) conf = Config() conf.key_file = args.keyfile conf.cert_file = args.cert conf.debug = 1 conf.xmlsec_binary = args.xmlsec secc = security_context(conf) if args.id: desc, xmldoc = entities_descriptor(eds, valid_for, args.name, args.id, args.sign, secc) valid_instance(desc) xmldoc = metadata_tostring_fix(desc, nspair, xmldoc) print(xmldoc.decode("utf-8")) else: for eid in eds: if args.sign: assert conf.key_file assert conf.cert_file eid, xmldoc = sign_entity_descriptor(eid, args.id, secc) else: xmldoc = None valid_instance(eid) xmldoc = metadata_tostring_fix(eid, nspair, xmldoc) print(xmldoc.decode("utf-8"))