def testAddX509KeyDescriptors(self):
"""
Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
"""
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
sp_data = settings.get_sp_data()
metadata = OneLogin_Saml2_Metadata.builder(sp_data)
self.assertNotIn('<md:KeyDescriptor use="signing"', metadata)
self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata)
metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, None)
self.assertNotIn('<md:KeyDescriptor use="signing"', metadata_without_descriptors)
self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata_without_descriptors)
metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, '')
self.assertNotIn('<md:KeyDescriptor use="signing"', metadata_without_descriptors)
self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata_without_descriptors)
cert_path = settings.get_cert_path()
cert = self.file_contents(join(cert_path, 'sp.crt'))
metadata_with_descriptors = compat.to_string(OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert))
self.assertIn('<md:KeyDescriptor use="signing"', metadata_with_descriptors)
self.assertIn('<md:KeyDescriptor use="encryption"', metadata_with_descriptors)
self.assertRaisesRegexp(Exception, 'Error parsing metadata',
OneLogin_Saml2_Metadata.add_x509_key_descriptors, '', cert)
base_path = dirname(dirname(dirname(dirname(__file__))))
unparsed_metadata = self.file_contents(join(base_path, 'data', 'metadata', 'unparsed_metadata.xml'))
self.assertRaisesRegexp(Exception, 'Error parsing metadata',
OneLogin_Saml2_Metadata.add_x509_key_descriptors, unparsed_metadata, cert)
def testAddX509KeyDescriptors(self):
"""
Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
"""
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
sp_data = settings.get_sp_data()
metadata = OneLogin_Saml2_Metadata.builder(sp_data)
self.assertNotIn('<md:KeyDescriptor use="signing"', metadata)
self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata)
metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, None)
self.assertNotIn('<md:KeyDescriptor use="signing"',
metadata_without_descriptors)
self.assertNotIn('<md:KeyDescriptor use="encryption"',
metadata_without_descriptors)
metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, '')
self.assertNotIn('<md:KeyDescriptor use="signing"',
metadata_without_descriptors)
self.assertNotIn('<md:KeyDescriptor use="encryption"',
metadata_without_descriptors)
cert_path = settings.get_cert_path()
cert = self.file_contents(join(cert_path, 'sp.crt'))
metadata_with_descriptors = compat.to_string(
OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert))
self.assertIn('<md:KeyDescriptor use="signing"',
metadata_with_descriptors)
self.assertIn('<md:KeyDescriptor use="encryption"',
metadata_with_descriptors)
self.assertRaisesRegexp(
Exception, 'Error parsing metadata',
OneLogin_Saml2_Metadata.add_x509_key_descriptors, '', cert)
base_path = dirname(dirname(dirname(dirname(__file__))))
unparsed_metadata = self.file_contents(
join(base_path, 'data', 'metadata', 'unparsed_metadata.xml'))
self.assertRaisesRegexp(
Exception, 'Error parsing metadata',
OneLogin_Saml2_Metadata.add_x509_key_descriptors,
unparsed_metadata, cert)
def get_sp_metadata(self):
"""
Gets the SP metadata. The XML representation.
:returns: SP metadata (xml)
:rtype: string
"""
metadata = OneLogin_Saml2_Metadata.builder(
self.__sp, self.__security['authnRequestsSigned'],
self.__security['wantAssertionsSigned'], None, None,
self.get_contacts(), self.get_organization())
cert = self.get_sp_cert()
metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, cert)
# Sign metadata
if 'signMetadata' in self.__security and self.__security[
'signMetadata'] is not False:
if self.__security['signMetadata'] is True:
key_file_name = 'sp.key'
cert_file_name = 'sp.crt'
else:
if ('keyFileName' not in self.__security['signMetadata'] or
'certFileName' not in self.__security['signMetadata']):
raise OneLogin_Saml2_Error(
'Invalid Setting: signMetadata value of the sp is not valid',
OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX)
key_file_name = self.__security['signMetadata']['keyFileName']
cert_file_name = self.__security['signMetadata'][
'certFileName']
key_metadata_file = self.__paths['cert'] + key_file_name
cert_metadata_file = self.__paths['cert'] + cert_file_name
if not exists(key_metadata_file):
raise OneLogin_Saml2_Error(
'Private key file not found: %s',
OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
key_metadata_file)
if not exists(cert_metadata_file):
raise OneLogin_Saml2_Error(
'Public cert file not found: %s',
OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
cert_metadata_file)
f_metadata_key = open(key_metadata_file, 'r')
key_metadata = f_metadata_key.read()
f_metadata_key.close()
f_metadata_cert = open(cert_metadata_file, 'r')
cert_metadata = f_metadata_cert.read()
f_metadata_cert.close()
metadata = OneLogin_Saml2_Metadata.sign_metadata(
metadata, key_metadata, cert_metadata)
return metadata
def get_sp_metadata(self):
"""
Gets the SP metadata. The XML representation.
:returns: SP metadata (xml)
:rtype: string
"""
metadata = OneLogin_Saml2_Metadata.builder(
self.__sp, self.__security['authnRequestsSigned'],
self.__security['wantAssertionsSigned'], None, None,
self.get_contacts(), self.get_organization()
)
cert = self.get_sp_cert()
metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert)
# Sign metadata
if 'signMetadata' in self.__security and self.__security['signMetadata'] is not False:
if self.__security['signMetadata'] is True:
key_file_name = 'sp.key'
cert_file_name = 'sp.crt'
else:
if ('keyFileName' not in self.__security['signMetadata'] or
'certFileName' not in self.__security['signMetadata']):
raise OneLogin_Saml2_Error(
'Invalid Setting: signMetadata value of the sp is not valid',
OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX
)
key_file_name = self.__security['signMetadata']['keyFileName']
cert_file_name = self.__security['signMetadata']['certFileName']
key_metadata_file = self.__paths['cert'] + key_file_name
cert_metadata_file = self.__paths['cert'] + cert_file_name
if not exists(key_metadata_file):
raise OneLogin_Saml2_Error(
'Private key file not found: %s',
OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
key_metadata_file
)
if not exists(cert_metadata_file):
raise OneLogin_Saml2_Error(
'Public cert file not found: %s',
OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
cert_metadata_file
)
f_metadata_key = open(key_metadata_file, 'r')
key_metadata = f_metadata_key.read()
f_metadata_key.close()
f_metadata_cert = open(cert_metadata_file, 'r')
cert_metadata = f_metadata_cert.read()
f_metadata_cert.close()
metadata = OneLogin_Saml2_Metadata.sign_metadata(metadata, key_metadata, cert_metadata)
return metadata
def testAddX509KeyDescriptors(self):
"""
Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
"""
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
sp_data = settings.get_sp_data()
metadata = OneLogin_Saml2_Metadata.builder(sp_data)
self.assertNotIn('<md:KeyDescriptor use="signing"', metadata)
self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata)
metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, None)
self.assertNotIn('<md:KeyDescriptor use="signing"',
metadata_without_descriptors)
self.assertNotIn('<md:KeyDescriptor use="encryption"',
metadata_without_descriptors)
metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, '')
self.assertNotIn('<md:KeyDescriptor use="signing"',
metadata_without_descriptors)
self.assertNotIn('<md:KeyDescriptor use="encryption"',
metadata_without_descriptors)
cert_path = settings.get_cert_path()
cert = self.file_contents(join(cert_path, 'sp.crt'))
metadata_with_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, cert)
self.assertIn('<md:KeyDescriptor use="signing"',
metadata_with_descriptors)
self.assertIn('<md:KeyDescriptor use="encryption"',
metadata_with_descriptors)
try:
OneLogin_Saml2_Metadata.add_x509_key_descriptors('', cert)
self.assertTrue(False)
except Exception as e:
self.assertIn('Error parsing metadata', e.message)
base_path = dirname(dirname(dirname(dirname(__file__))))
unparsed_metadata = self.file_contents(
join(base_path, 'data', 'metadata', 'unparsed_metadata.xml'))
try:
metadata_with_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
unparsed_metadata, cert)
self.assertFalse(True)
except Exception as e:
self.assertIn('Error parsing metadata', e.message)
def testAddX509KeyDescriptors(self):
"""
Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
"""
settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
sp_data = settings.get_sp_data()
metadata = OneLogin_Saml2_Metadata.builder(sp_data)
self.assertNotIn('<md:KeyDescriptor use="signing"', metadata)
self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata)
metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, None)
self.assertNotIn('<md:KeyDescriptor use="signing"', metadata_without_descriptors)
self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata_without_descriptors)
metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, "")
self.assertNotIn('<md:KeyDescriptor use="signing"', metadata_without_descriptors)
self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata_without_descriptors)
cert_path = settings.get_cert_path()
cert = self.file_contents(join(cert_path, "sp.crt"))
metadata_with_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert)
self.assertIn('<md:KeyDescriptor use="signing"', metadata_with_descriptors)
self.assertIn('<md:KeyDescriptor use="encryption"', metadata_with_descriptors)
try:
OneLogin_Saml2_Metadata.add_x509_key_descriptors("", cert)
self.assertTrue(False)
except Exception as e:
self.assertIn("Error parsing metadata", e.message)
base_path = dirname(dirname(dirname(dirname(__file__))))
unparsed_metadata = self.file_contents(join(base_path, "data", "metadata", "unparsed_metadata.xml"))
try:
metadata_with_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(unparsed_metadata, cert)
self.assertFalse(True)
except Exception as e:
self.assertIn("Error parsing metadata", e.message)
def get_sp_metadata(self):
"""
Gets the SP metadata. The XML representation.
:returns: SP metadata (xml)
:rtype: string
"""
metadata = OneLogin_Saml2_Metadata.builder(
self.__sp, self.__security['authnRequestsSigned'],
self.__security['wantAssertionsSigned'],
self.__security['metadataValidUntil'],
self.__security['metadataCacheDuration'], self.get_contacts(),
self.get_organization())
add_encryption = self.__security[
'wantNameIdEncrypted'] or self.__security['wantAssertionsEncrypted']
cert_new = self.get_sp_cert_new()
metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, cert_new, add_encryption)
cert = self.get_sp_cert()
metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, cert, add_encryption)
# Sign metadata
if 'signMetadata' in self.__security and self.__security[
'signMetadata'] is not False:
if self.__security['signMetadata'] is True:
# Use the SP's normal key to sign the metadata:
if not cert:
raise OneLogin_Saml2_Error(
'Cannot sign metadata: missing SP public key certificate.',
OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND)
cert_metadata = cert
key_metadata = self.get_sp_key()
if not key_metadata:
raise OneLogin_Saml2_Error(
'Cannot sign metadata: missing SP private key.',
OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND)
else:
# Use a custom key to sign the metadata:
if ('keyFileName' not in self.__security['signMetadata'] or
'certFileName' not in self.__security['signMetadata']):
raise OneLogin_Saml2_Error(
'Invalid Setting: signMetadata value of the sp is not valid',
OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX)
key_file_name = self.__security['signMetadata']['keyFileName']
cert_file_name = self.__security['signMetadata'][
'certFileName']
key_metadata_file = self.__paths['cert'] + key_file_name
cert_metadata_file = self.__paths['cert'] + cert_file_name
try:
with open(key_metadata_file, 'r') as f_metadata_key:
key_metadata = f_metadata_key.read()
except IOError:
raise OneLogin_Saml2_Error(
'Private key file not readable: %s',
OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
key_metadata_file)
try:
with open(cert_metadata_file, 'r') as f_metadata_cert:
cert_metadata = f_metadata_cert.read()
except IOError:
raise OneLogin_Saml2_Error(
'Public cert file not readable: %s',
OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
cert_metadata_file)
signature_algorithm = self.__security['signatureAlgorithm']
digest_algorithm = self.__security['digestAlgorithm']
metadata = OneLogin_Saml2_Metadata.sign_metadata(
metadata, key_metadata, cert_metadata, signature_algorithm,
digest_algorithm)
return metadata
def get_sp_metadata(self):
"""
Gets the SP metadata. The XML representation.
:returns: SP metadata (xml)
:rtype: string
"""
metadata = OneLogin_Saml2_Metadata.builder(
self.__sp, self.__security['authnRequestsSigned'],
self.__security['wantAssertionsSigned'],
self.__security['metadataValidUntil'],
self.__security['metadataCacheDuration'],
self.get_contacts(), self.get_organization()
)
cert = self.get_sp_cert()
metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert)
# Sign metadata
if 'signMetadata' in self.__security and self.__security['signMetadata'] is not False:
if self.__security['signMetadata'] is True:
# Use the SP's normal key to sign the metadata:
if not cert:
raise OneLogin_Saml2_Error(
'Cannot sign metadata: missing SP public key certificate.',
OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND
)
cert_metadata = cert
key_metadata = self.get_sp_key()
if not key_metadata:
raise OneLogin_Saml2_Error(
'Cannot sign metadata: missing SP private key.',
OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND
)
else:
# Use a custom key to sign the metadata:
if ('keyFileName' not in self.__security['signMetadata'] or
'certFileName' not in self.__security['signMetadata']):
raise OneLogin_Saml2_Error(
'Invalid Setting: signMetadata value of the sp is not valid',
OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX
)
key_file_name = self.__security['signMetadata']['keyFileName']
cert_file_name = self.__security['signMetadata']['certFileName']
key_metadata_file = self.__paths['cert'] + key_file_name
cert_metadata_file = self.__paths['cert'] + cert_file_name
try:
with open(key_metadata_file, 'r') as f_metadata_key:
key_metadata = f_metadata_key.read()
except IOError:
raise OneLogin_Saml2_Error(
'Private key file not readable: %s',
OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
key_metadata_file
)
try:
with open(cert_metadata_file, 'r') as f_metadata_cert:
cert_metadata = f_metadata_cert.read()
except IOError:
raise OneLogin_Saml2_Error(
'Public cert file not readable: %s',
OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
cert_metadata_file
)
metadata = OneLogin_Saml2_Metadata.sign_metadata(metadata, key_metadata, cert_metadata)
return metadata
def get_sp_metadata(self):
"""
Gets the SP metadata. The XML representation.
:returns: SP metadata (xml)
:rtype: string
"""
metadata = MetaDataBuilder(
self._OneLogin_Saml2_Settings__sp,
self._OneLogin_Saml2_Settings__security['authnRequestsSigned'],
self._OneLogin_Saml2_Settings__security['wantAssertionsSigned'],
self._OneLogin_Saml2_Settings__security['metadataValidUntil'],
self._OneLogin_Saml2_Settings__security['metadataCacheDuration'],
self.get_contacts(), self.get_organization())
##### SP SPid patch
## mapping xml tag
tagMapping = {
"md0:AssertionConsumerService": 'assertionConsumerService',
"md0:AttributeConsumingService": 'attributeConsumingService',
"md0:ServiceName": 'serviceName',
"md0:ServiceDescription": 'serviceDescription',
"md0:RequestedAttribute": 'requestedAttributes',
"md1:AttributeValue": 'attributeValue'
}
## edit meta data
ns = {
'md0': OneLogin_Saml2_Constants.NS_MD,
'md1': OneLogin_Saml2_Constants.NS_SAML
}
xml.etree.ElementTree.register_namespace(
'md0', OneLogin_Saml2_Constants.NS_MD)
xml.etree.ElementTree.register_namespace(
'md1', OneLogin_Saml2_Constants.NS_SAML)
parsedMetadata = xml.etree.ElementTree.fromstring(metadata)
SPSSODescriptor = parsedMetadata.find('md0:SPSSODescriptor', ns)
if not self._OneLogin_Saml2_Settings__security[
'putMetadataCacheDuration']:
parsedMetadata.attrib.pop('cacheDuration')
if not self._OneLogin_Saml2_Settings__security['putMetadataValidUntil']:
parsedMetadata.attrib.pop('validUntil')
## fix AssertionConsumerService index 0
assertionConsumerService = SPSSODescriptor.find(
'md0:AssertionConsumerService', ns)
assertionConsumerService.attrib['index'] = '0'
assertionConsumerService.set('isDefault', 'true')
## fix AttributeConsumingService index 0
attributeConsumingService = SPSSODescriptor.find(
'md0:AttributeConsumingService', ns)
attributeConsumingService.attrib['index'] = '0'
attributeConsumingService.find('md0:ServiceName', ns).attrib[
'{http://www.w3.org/XML/1998/namespace}lang'] = self._OneLogin_Saml2_Settings__sp[
'lang']
attributeConsumingService.find('md0:ServiceDescription', ns).attrib[
'{http://www.w3.org/XML/1998/namespace}lang'] = self._OneLogin_Saml2_Settings__sp[
'lang']
## add other AssertionConsumerService
try:
for index, value1 in enumerate(self._OneLogin_Saml2_Settings__sp[
'otherAssertionConsumerService']):
#indexValue = str(index+1)
tag = "md0:AssertionConsumerService"
element = xml.etree.ElementTree.Element(
tag,
attrib={
'Location': value1[tagMapping[tag]]['url'],
'Binding': value1[tagMapping[tag]]['binding'],
'index': value1[tagMapping[tag]]['index']
})
SPSSODescriptor.insert(index + 3, element)
tag1 = "md0:AttributeConsumingService"
element1 = xml.etree.ElementTree.Element(
tag1, attrib={'index': value1[tagMapping[tag]]['index']})
SPSSODescriptor.append(element1)
tag2 = "md0:ServiceName"
element2 = xml.etree.ElementTree.Element(
tag2,
attrib={
'xml:lang': self._OneLogin_Saml2_Settings__sp['lang']
})
element2.text = value1[tagMapping[tag]][tagMapping[tag1]][
tagMapping[tag2]]
element1.append(element2)
tag2 = "md0:ServiceDescription"
element2 = xml.etree.ElementTree.Element(
tag2,
attrib={
'xml:lang': self._OneLogin_Saml2_Settings__sp['lang']
})
element2.text = value1[tagMapping[tag]][tagMapping[tag1]][
tagMapping[tag2]]
element1.append(element2)
tag3 = "md0:RequestedAttribute"
for index2, value2 in enumerate(value1[tagMapping[tag]][
tagMapping[tag1]][tagMapping[tag3]]):
if value2['isRequired']:
attrRequired = "true"
else:
attrRequired = "false"
attributi = {
'Name': value2['name'],
'FriendlyName': value2['friendlyName'],
'isRequired': attrRequired
}
element3 = xml.etree.ElementTree.Element(tag3,
attrib=attributi)
element1.append(element3)
for index3, value3 in enumerate(
value1[tagMapping[tag]][tagMapping[tag1]][
tagMapping[tag3]][index2]['attributeValue']):
xml.etree.ElementTree.Element(tag3, attrib=attributi)
tag4 = "md1:AttributeValue"
element4 = xml.etree.ElementTree.Element(tag4)
element4.text = value3
element3.append(element4)
except:
pass
## add other singleLogoutService
try:
for index, value1 in enumerate(
self.
_OneLogin_Saml2_Settings__sp['othersSingleLogoutService']):
#indexValue = str(index+1)
tag = "md0:SingleLogoutService"
element = xml.etree.ElementTree.Element(tag,
attrib={
'Location':
value1['url'],
'Binding':
value1['binding']
})
SPSSODescriptor.insert(index + 1, element)
except:
pass
metadata = xml.etree.ElementTree.tostring(parsedMetadata,
encoding="unicode")
####
add_encryption = self._OneLogin_Saml2_Settings__security[
'wantNameIdEncrypted'] or self._OneLogin_Saml2_Settings__security[
'wantAssertionsEncrypted']
cert_new = self.get_sp_cert_new()
metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, cert_new, add_encryption)
cert = self.get_sp_cert()
metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, cert, add_encryption)
# Sign metadata
if 'signMetadata' in self._OneLogin_Saml2_Settings__security and self._OneLogin_Saml2_Settings__security[
'signMetadata'] is not False:
if self._OneLogin_Saml2_Settings__security['signMetadata'] is True:
# Use the SP's normal key to sign the metadata:
if not cert:
raise OneLogin_Saml2_Error(
'Cannot sign metadata: missing SP public key certificate.',
OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND)
cert_metadata = cert
key_metadata = self.get_sp_key()
if not key_metadata:
raise OneLogin_Saml2_Error(
'Cannot sign metadata: missing SP private key.',
OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND)
else:
# Use a custom key to sign the metadata:
if ('keyFileName' not in
self._OneLogin_Saml2_Settings__security['signMetadata']
or 'certFileName' not in self.
_OneLogin_Saml2_Settings__security['signMetadata']):
raise OneLogin_Saml2_Error(
'Invalid Setting: signMetadata value of the sp is not valid',
OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX)
key_file_name = self._OneLogin_Saml2_Settings__security[
'signMetadata']['keyFileName']
cert_file_name = self._OneLogin_Saml2_Settings__security[
'signMetadata']['certFileName']
key_metadata_file = self._OneLogin_Saml2_Settings__paths[
'cert'] + key_file_name
cert_metadata_file = self._OneLogin_Saml2_Settings__paths[
'cert'] + cert_file_name
try:
with open(key_metadata_file, 'rb') as f_metadata_key:
key_metadata = f_metadata_key.read().decode("utf-8")
except IOError:
raise OneLogin_Saml2_Error(
'Private key file not readable: %s',
OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
key_metadata_file)
try:
with open(cert_metadata_file, 'rb') as f_metadata_cert:
cert_metadata = f_metadata_cert.read().decode("utf-8")
except IOError:
raise OneLogin_Saml2_Error(
'Public cert file not readable: %s',
OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
cert_metadata_file)
signature_algorithm = self._OneLogin_Saml2_Settings__security[
'signatureAlgorithm']
digest_algorithm = self._OneLogin_Saml2_Settings__security[
'digestAlgorithm']
#metadata = OneLogin_Saml2_Metadata.sign_metadata(metadata, key_metadata, cert_metadata, signature_algorithm, digest_algorithm)
metadata = AddSign(metadata, key_metadata, cert_metadata, False,
signature_algorithm, digest_algorithm)
return metadata
def signSpMetadata(self, sp_settings):
try:
temp = RequestObjNew(self.request.body)
addKeyDescriptor = distutils.util.strtobool(
self.get_argument('addSignCert', default='true'))
addKeyValue = distutils.util.strtobool(
self.get_argument('addKeyValue', default='false'))
if temp.error["code"] == 2:
response_obj = ResponseObj(debugMessage=temp.error["message"],
httpcode=400)
response_obj.setError('400')
logging.getLogger(
type(self).__module__ + "." +
type(self).__qualname__).error(
'Validation error. Json input error')
return response_obj
elif temp.error["code"] > 0:
raise tornado.web.HTTPError(httpcode=503,
log_message=temp.error["message"])
metadata = temp.request['metadata']
if sp_settings['error'] == 0 and sp_settings['result'] is not None:
spSettings = Saml2_Settings(sp_settings['result'])
## add KeyDescriptor used to sign to xml
cert = spSettings.get_sp_cert()
if addKeyDescriptor:
metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
metadata, cert, True)
## get key
key = spSettings.get_sp_key()
signature_algorithm = spSettings._OneLogin_Saml2_Settings__security[
'signatureAlgorithm']
digest_algorithm = spSettings._OneLogin_Saml2_Settings__security[
'digestAlgorithm']
metadata = AddSign(metadata,
key,
cert,
debug=False,
sign_algorithm=signature_algorithm,
digest_algorithm=digest_algorithm,
addKeyValue=addKeyValue)
metadata = str(metadata, 'utf-8')
response_obj = ResponseObj(httpcode=200)
response_obj.setError('200')
response_obj.setResult(metadata=metadata)
elif sp_settings['error'] == 0 and sp_settings['result'] == None:
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid101')
elif sp_settings['error'] > 0:
response_obj = ResponseObj(httpcode=500,
debugMessage=sp_settings['result'])
response_obj.setError("easyspid105")
except tornado.web.MissingArgumentError as error:
response_obj = ResponseObj(debugMessage=error.log_message,
httpcode=error.status_code,
devMessage=error.log_message)
response_obj.setError(str(error.status_code))
logging.getLogger(
type(self).__module__ + "." + type(self).__qualname__).error(
'%s' % error, exc_info=True)
except Exception as inst:
response_obj = ResponseObj(httpcode=500)
response_obj.setError('500')
logging.getLogger(
type(self).__module__ + "." + type(self).__qualname__).error(
'Exception', exc_info=True)
response_obj.setID(temp.id)
return response_obj
