Exemplo n.º 1
0
    def testAddX509KeyDescriptors(self):
        """
        Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
        """
        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
        sp_data = settings.get_sp_data()

        metadata = OneLogin_Saml2_Metadata.builder(sp_data)
        self.assertNotIn('<md:KeyDescriptor use="signing"', metadata)
        self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata)

        metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, None)
        self.assertNotIn('<md:KeyDescriptor use="signing"', metadata_without_descriptors)
        self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata_without_descriptors)

        metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, '')
        self.assertNotIn('<md:KeyDescriptor use="signing"', metadata_without_descriptors)
        self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata_without_descriptors)

        cert_path = settings.get_cert_path()
        cert = self.file_contents(join(cert_path, 'sp.crt'))

        metadata_with_descriptors = compat.to_string(OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert))
        self.assertIn('<md:KeyDescriptor use="signing"', metadata_with_descriptors)
        self.assertIn('<md:KeyDescriptor use="encryption"', metadata_with_descriptors)

        self.assertRaisesRegexp(Exception, 'Error parsing metadata',
                                OneLogin_Saml2_Metadata.add_x509_key_descriptors, '', cert)

        base_path = dirname(dirname(dirname(dirname(__file__))))
        unparsed_metadata = self.file_contents(join(base_path, 'data', 'metadata', 'unparsed_metadata.xml'))
        self.assertRaisesRegexp(Exception, 'Error parsing metadata',
                                OneLogin_Saml2_Metadata.add_x509_key_descriptors, unparsed_metadata, cert)
Exemplo n.º 2
0
    def testAddX509KeyDescriptors(self):
        """
        Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
        """
        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
        sp_data = settings.get_sp_data()

        metadata = OneLogin_Saml2_Metadata.builder(sp_data)
        self.assertNotIn('<md:KeyDescriptor use="signing"', metadata)
        self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata)

        metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, None)
        self.assertNotIn('<md:KeyDescriptor use="signing"',
                         metadata_without_descriptors)
        self.assertNotIn('<md:KeyDescriptor use="encryption"',
                         metadata_without_descriptors)

        metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, '')
        self.assertNotIn('<md:KeyDescriptor use="signing"',
                         metadata_without_descriptors)
        self.assertNotIn('<md:KeyDescriptor use="encryption"',
                         metadata_without_descriptors)

        cert_path = settings.get_cert_path()
        cert = self.file_contents(join(cert_path, 'sp.crt'))

        metadata_with_descriptors = compat.to_string(
            OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert))
        self.assertIn('<md:KeyDescriptor use="signing"',
                      metadata_with_descriptors)
        self.assertIn('<md:KeyDescriptor use="encryption"',
                      metadata_with_descriptors)

        self.assertRaisesRegexp(
            Exception, 'Error parsing metadata',
            OneLogin_Saml2_Metadata.add_x509_key_descriptors, '', cert)

        base_path = dirname(dirname(dirname(dirname(__file__))))
        unparsed_metadata = self.file_contents(
            join(base_path, 'data', 'metadata', 'unparsed_metadata.xml'))
        self.assertRaisesRegexp(
            Exception, 'Error parsing metadata',
            OneLogin_Saml2_Metadata.add_x509_key_descriptors,
            unparsed_metadata, cert)
Exemplo n.º 3
0
    def get_sp_metadata(self):
        """
        Gets the SP metadata. The XML representation.

        :returns: SP metadata (xml)
        :rtype: string
        """
        metadata = OneLogin_Saml2_Metadata.builder(
            self.__sp, self.__security['authnRequestsSigned'],
            self.__security['wantAssertionsSigned'], None, None,
            self.get_contacts(), self.get_organization())
        cert = self.get_sp_cert()
        metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, cert)

        # Sign metadata
        if 'signMetadata' in self.__security and self.__security[
                'signMetadata'] is not False:
            if self.__security['signMetadata'] is True:
                key_file_name = 'sp.key'
                cert_file_name = 'sp.crt'
            else:
                if ('keyFileName' not in self.__security['signMetadata'] or
                        'certFileName' not in self.__security['signMetadata']):
                    raise OneLogin_Saml2_Error(
                        'Invalid Setting: signMetadata value of the sp is not valid',
                        OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX)
                key_file_name = self.__security['signMetadata']['keyFileName']
                cert_file_name = self.__security['signMetadata'][
                    'certFileName']
            key_metadata_file = self.__paths['cert'] + key_file_name
            cert_metadata_file = self.__paths['cert'] + cert_file_name

            if not exists(key_metadata_file):
                raise OneLogin_Saml2_Error(
                    'Private key file not found: %s',
                    OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
                    key_metadata_file)

            if not exists(cert_metadata_file):
                raise OneLogin_Saml2_Error(
                    'Public cert file not found: %s',
                    OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
                    cert_metadata_file)

            f_metadata_key = open(key_metadata_file, 'r')
            key_metadata = f_metadata_key.read()
            f_metadata_key.close()

            f_metadata_cert = open(cert_metadata_file, 'r')
            cert_metadata = f_metadata_cert.read()
            f_metadata_cert.close()

            metadata = OneLogin_Saml2_Metadata.sign_metadata(
                metadata, key_metadata, cert_metadata)

        return metadata
Exemplo n.º 4
0
    def get_sp_metadata(self):
        """
        Gets the SP metadata. The XML representation.

        :returns: SP metadata (xml)
        :rtype: string
        """
        metadata = OneLogin_Saml2_Metadata.builder(
            self.__sp, self.__security['authnRequestsSigned'],
            self.__security['wantAssertionsSigned'], None, None,
            self.get_contacts(), self.get_organization()
        )
        cert = self.get_sp_cert()
        metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert)

        # Sign metadata
        if 'signMetadata' in self.__security and self.__security['signMetadata'] is not False:
            if self.__security['signMetadata'] is True:
                key_file_name = 'sp.key'
                cert_file_name = 'sp.crt'
            else:
                if ('keyFileName' not in self.__security['signMetadata'] or
                        'certFileName' not in self.__security['signMetadata']):
                    raise OneLogin_Saml2_Error(
                        'Invalid Setting: signMetadata value of the sp is not valid',
                        OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX
                    )
                key_file_name = self.__security['signMetadata']['keyFileName']
                cert_file_name = self.__security['signMetadata']['certFileName']
            key_metadata_file = self.__paths['cert'] + key_file_name
            cert_metadata_file = self.__paths['cert'] + cert_file_name

            if not exists(key_metadata_file):
                raise OneLogin_Saml2_Error(
                    'Private key file not found: %s',
                    OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
                    key_metadata_file
                )

            if not exists(cert_metadata_file):
                raise OneLogin_Saml2_Error(
                    'Public cert file not found: %s',
                    OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
                    cert_metadata_file
                )

            f_metadata_key = open(key_metadata_file, 'r')
            key_metadata = f_metadata_key.read()
            f_metadata_key.close()

            f_metadata_cert = open(cert_metadata_file, 'r')
            cert_metadata = f_metadata_cert.read()
            f_metadata_cert.close()

            metadata = OneLogin_Saml2_Metadata.sign_metadata(metadata, key_metadata, cert_metadata)

        return metadata
Exemplo n.º 5
0
    def testAddX509KeyDescriptors(self):
        """
        Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
        """
        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
        sp_data = settings.get_sp_data()

        metadata = OneLogin_Saml2_Metadata.builder(sp_data)
        self.assertNotIn('<md:KeyDescriptor use="signing"', metadata)
        self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata)

        metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, None)
        self.assertNotIn('<md:KeyDescriptor use="signing"',
                         metadata_without_descriptors)
        self.assertNotIn('<md:KeyDescriptor use="encryption"',
                         metadata_without_descriptors)

        metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, '')
        self.assertNotIn('<md:KeyDescriptor use="signing"',
                         metadata_without_descriptors)
        self.assertNotIn('<md:KeyDescriptor use="encryption"',
                         metadata_without_descriptors)

        cert_path = settings.get_cert_path()
        cert = self.file_contents(join(cert_path, 'sp.crt'))

        metadata_with_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, cert)
        self.assertIn('<md:KeyDescriptor use="signing"',
                      metadata_with_descriptors)
        self.assertIn('<md:KeyDescriptor use="encryption"',
                      metadata_with_descriptors)

        try:
            OneLogin_Saml2_Metadata.add_x509_key_descriptors('', cert)
            self.assertTrue(False)
        except Exception as e:
            self.assertIn('Error parsing metadata', e.message)

        base_path = dirname(dirname(dirname(dirname(__file__))))
        unparsed_metadata = self.file_contents(
            join(base_path, 'data', 'metadata', 'unparsed_metadata.xml'))
        try:
            metadata_with_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
                unparsed_metadata, cert)
            self.assertFalse(True)
        except Exception as e:
            self.assertIn('Error parsing metadata', e.message)
Exemplo n.º 6
0
    def testAddX509KeyDescriptors(self):
        """
        Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
        """
        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON())
        sp_data = settings.get_sp_data()

        metadata = OneLogin_Saml2_Metadata.builder(sp_data)
        self.assertNotIn('<md:KeyDescriptor use="signing"', metadata)
        self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata)

        metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, None)
        self.assertNotIn('<md:KeyDescriptor use="signing"', metadata_without_descriptors)
        self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata_without_descriptors)

        metadata_without_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, "")
        self.assertNotIn('<md:KeyDescriptor use="signing"', metadata_without_descriptors)
        self.assertNotIn('<md:KeyDescriptor use="encryption"', metadata_without_descriptors)

        cert_path = settings.get_cert_path()
        cert = self.file_contents(join(cert_path, "sp.crt"))

        metadata_with_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert)
        self.assertIn('<md:KeyDescriptor use="signing"', metadata_with_descriptors)
        self.assertIn('<md:KeyDescriptor use="encryption"', metadata_with_descriptors)

        try:
            OneLogin_Saml2_Metadata.add_x509_key_descriptors("", cert)
            self.assertTrue(False)
        except Exception as e:
            self.assertIn("Error parsing metadata", e.message)

        base_path = dirname(dirname(dirname(dirname(__file__))))
        unparsed_metadata = self.file_contents(join(base_path, "data", "metadata", "unparsed_metadata.xml"))
        try:
            metadata_with_descriptors = OneLogin_Saml2_Metadata.add_x509_key_descriptors(unparsed_metadata, cert)
            self.assertFalse(True)
        except Exception as e:
            self.assertIn("Error parsing metadata", e.message)
Exemplo n.º 7
0
    def get_sp_metadata(self):
        """
        Gets the SP metadata. The XML representation.

        :returns: SP metadata (xml)
        :rtype: string
        """
        metadata = OneLogin_Saml2_Metadata.builder(
            self.__sp, self.__security['authnRequestsSigned'],
            self.__security['wantAssertionsSigned'],
            self.__security['metadataValidUntil'],
            self.__security['metadataCacheDuration'], self.get_contacts(),
            self.get_organization())

        add_encryption = self.__security[
            'wantNameIdEncrypted'] or self.__security['wantAssertionsEncrypted']

        cert_new = self.get_sp_cert_new()
        metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, cert_new, add_encryption)

        cert = self.get_sp_cert()
        metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, cert, add_encryption)

        # Sign metadata
        if 'signMetadata' in self.__security and self.__security[
                'signMetadata'] is not False:
            if self.__security['signMetadata'] is True:
                # Use the SP's normal key to sign the metadata:
                if not cert:
                    raise OneLogin_Saml2_Error(
                        'Cannot sign metadata: missing SP public key certificate.',
                        OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND)
                cert_metadata = cert
                key_metadata = self.get_sp_key()
                if not key_metadata:
                    raise OneLogin_Saml2_Error(
                        'Cannot sign metadata: missing SP private key.',
                        OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND)
            else:
                # Use a custom key to sign the metadata:
                if ('keyFileName' not in self.__security['signMetadata'] or
                        'certFileName' not in self.__security['signMetadata']):
                    raise OneLogin_Saml2_Error(
                        'Invalid Setting: signMetadata value of the sp is not valid',
                        OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX)
                key_file_name = self.__security['signMetadata']['keyFileName']
                cert_file_name = self.__security['signMetadata'][
                    'certFileName']
                key_metadata_file = self.__paths['cert'] + key_file_name
                cert_metadata_file = self.__paths['cert'] + cert_file_name

                try:
                    with open(key_metadata_file, 'r') as f_metadata_key:
                        key_metadata = f_metadata_key.read()
                except IOError:
                    raise OneLogin_Saml2_Error(
                        'Private key file not readable: %s',
                        OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
                        key_metadata_file)

                try:
                    with open(cert_metadata_file, 'r') as f_metadata_cert:
                        cert_metadata = f_metadata_cert.read()
                except IOError:
                    raise OneLogin_Saml2_Error(
                        'Public cert file not readable: %s',
                        OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
                        cert_metadata_file)

            signature_algorithm = self.__security['signatureAlgorithm']
            digest_algorithm = self.__security['digestAlgorithm']

            metadata = OneLogin_Saml2_Metadata.sign_metadata(
                metadata, key_metadata, cert_metadata, signature_algorithm,
                digest_algorithm)

        return metadata
Exemplo n.º 8
0
    def get_sp_metadata(self):
        """
        Gets the SP metadata. The XML representation.

        :returns: SP metadata (xml)
        :rtype: string
        """
        metadata = OneLogin_Saml2_Metadata.builder(
            self.__sp, self.__security['authnRequestsSigned'],
            self.__security['wantAssertionsSigned'],
            self.__security['metadataValidUntil'],
            self.__security['metadataCacheDuration'],
            self.get_contacts(), self.get_organization()
        )
        cert = self.get_sp_cert()
        metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert)

        # Sign metadata
        if 'signMetadata' in self.__security and self.__security['signMetadata'] is not False:
            if self.__security['signMetadata'] is True:
                # Use the SP's normal key to sign the metadata:
                if not cert:
                    raise OneLogin_Saml2_Error(
                        'Cannot sign metadata: missing SP public key certificate.',
                        OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND
                    )
                cert_metadata = cert
                key_metadata = self.get_sp_key()
                if not key_metadata:
                    raise OneLogin_Saml2_Error(
                        'Cannot sign metadata: missing SP private key.',
                        OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND
                    )
            else:
                # Use a custom key to sign the metadata:
                if ('keyFileName' not in self.__security['signMetadata'] or
                        'certFileName' not in self.__security['signMetadata']):
                    raise OneLogin_Saml2_Error(
                        'Invalid Setting: signMetadata value of the sp is not valid',
                        OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX
                    )
                key_file_name = self.__security['signMetadata']['keyFileName']
                cert_file_name = self.__security['signMetadata']['certFileName']
                key_metadata_file = self.__paths['cert'] + key_file_name
                cert_metadata_file = self.__paths['cert'] + cert_file_name

                try:
                    with open(key_metadata_file, 'r') as f_metadata_key:
                        key_metadata = f_metadata_key.read()
                except IOError:
                    raise OneLogin_Saml2_Error(
                        'Private key file not readable: %s',
                        OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
                        key_metadata_file
                    )

                try:
                    with open(cert_metadata_file, 'r') as f_metadata_cert:
                        cert_metadata = f_metadata_cert.read()
                except IOError:
                    raise OneLogin_Saml2_Error(
                        'Public cert file not readable: %s',
                        OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
                        cert_metadata_file
                    )

            metadata = OneLogin_Saml2_Metadata.sign_metadata(metadata, key_metadata, cert_metadata)

        return metadata
Exemplo n.º 9
0
    def get_sp_metadata(self):
        """
        Gets the SP metadata. The XML representation.
        :returns: SP metadata (xml)
        :rtype: string
        """
        metadata = MetaDataBuilder(
            self._OneLogin_Saml2_Settings__sp,
            self._OneLogin_Saml2_Settings__security['authnRequestsSigned'],
            self._OneLogin_Saml2_Settings__security['wantAssertionsSigned'],
            self._OneLogin_Saml2_Settings__security['metadataValidUntil'],
            self._OneLogin_Saml2_Settings__security['metadataCacheDuration'],
            self.get_contacts(), self.get_organization())

        ##### SP SPid patch
        ## mapping xml tag
        tagMapping = {
            "md0:AssertionConsumerService": 'assertionConsumerService',
            "md0:AttributeConsumingService": 'attributeConsumingService',
            "md0:ServiceName": 'serviceName',
            "md0:ServiceDescription": 'serviceDescription',
            "md0:RequestedAttribute": 'requestedAttributes',
            "md1:AttributeValue": 'attributeValue'
        }

        ## edit meta data
        ns = {
            'md0': OneLogin_Saml2_Constants.NS_MD,
            'md1': OneLogin_Saml2_Constants.NS_SAML
        }
        xml.etree.ElementTree.register_namespace(
            'md0', OneLogin_Saml2_Constants.NS_MD)
        xml.etree.ElementTree.register_namespace(
            'md1', OneLogin_Saml2_Constants.NS_SAML)

        parsedMetadata = xml.etree.ElementTree.fromstring(metadata)
        SPSSODescriptor = parsedMetadata.find('md0:SPSSODescriptor', ns)

        if not self._OneLogin_Saml2_Settings__security[
                'putMetadataCacheDuration']:
            parsedMetadata.attrib.pop('cacheDuration')

        if not self._OneLogin_Saml2_Settings__security['putMetadataValidUntil']:
            parsedMetadata.attrib.pop('validUntil')

        ## fix AssertionConsumerService index 0
        assertionConsumerService = SPSSODescriptor.find(
            'md0:AssertionConsumerService', ns)
        assertionConsumerService.attrib['index'] = '0'
        assertionConsumerService.set('isDefault', 'true')

        ## fix AttributeConsumingService index 0
        attributeConsumingService = SPSSODescriptor.find(
            'md0:AttributeConsumingService', ns)
        attributeConsumingService.attrib['index'] = '0'
        attributeConsumingService.find('md0:ServiceName', ns).attrib[
            '{http://www.w3.org/XML/1998/namespace}lang'] = self._OneLogin_Saml2_Settings__sp[
                'lang']
        attributeConsumingService.find('md0:ServiceDescription', ns).attrib[
            '{http://www.w3.org/XML/1998/namespace}lang'] = self._OneLogin_Saml2_Settings__sp[
                'lang']

        ## add other AssertionConsumerService
        try:
            for index, value1 in enumerate(self._OneLogin_Saml2_Settings__sp[
                    'otherAssertionConsumerService']):

                #indexValue = str(index+1)
                tag = "md0:AssertionConsumerService"
                element = xml.etree.ElementTree.Element(
                    tag,
                    attrib={
                        'Location': value1[tagMapping[tag]]['url'],
                        'Binding': value1[tagMapping[tag]]['binding'],
                        'index': value1[tagMapping[tag]]['index']
                    })

                SPSSODescriptor.insert(index + 3, element)

                tag1 = "md0:AttributeConsumingService"
                element1 = xml.etree.ElementTree.Element(
                    tag1, attrib={'index': value1[tagMapping[tag]]['index']})
                SPSSODescriptor.append(element1)

                tag2 = "md0:ServiceName"
                element2 = xml.etree.ElementTree.Element(
                    tag2,
                    attrib={
                        'xml:lang': self._OneLogin_Saml2_Settings__sp['lang']
                    })
                element2.text = value1[tagMapping[tag]][tagMapping[tag1]][
                    tagMapping[tag2]]
                element1.append(element2)

                tag2 = "md0:ServiceDescription"
                element2 = xml.etree.ElementTree.Element(
                    tag2,
                    attrib={
                        'xml:lang': self._OneLogin_Saml2_Settings__sp['lang']
                    })
                element2.text = value1[tagMapping[tag]][tagMapping[tag1]][
                    tagMapping[tag2]]
                element1.append(element2)

                tag3 = "md0:RequestedAttribute"
                for index2, value2 in enumerate(value1[tagMapping[tag]][
                        tagMapping[tag1]][tagMapping[tag3]]):
                    if value2['isRequired']:
                        attrRequired = "true"
                    else:
                        attrRequired = "false"
                    attributi = {
                        'Name': value2['name'],
                        'FriendlyName': value2['friendlyName'],
                        'isRequired': attrRequired
                    }
                    element3 = xml.etree.ElementTree.Element(tag3,
                                                             attrib=attributi)
                    element1.append(element3)

                    for index3, value3 in enumerate(
                            value1[tagMapping[tag]][tagMapping[tag1]][
                                tagMapping[tag3]][index2]['attributeValue']):
                        xml.etree.ElementTree.Element(tag3, attrib=attributi)
                        tag4 = "md1:AttributeValue"
                        element4 = xml.etree.ElementTree.Element(tag4)
                        element4.text = value3
                        element3.append(element4)
        except:
            pass

        ## add other singleLogoutService
        try:
            for index, value1 in enumerate(
                    self.
                    _OneLogin_Saml2_Settings__sp['othersSingleLogoutService']):

                #indexValue = str(index+1)
                tag = "md0:SingleLogoutService"
                element = xml.etree.ElementTree.Element(tag,
                                                        attrib={
                                                            'Location':
                                                            value1['url'],
                                                            'Binding':
                                                            value1['binding']
                                                        })

                SPSSODescriptor.insert(index + 1, element)
        except:
            pass

        metadata = xml.etree.ElementTree.tostring(parsedMetadata,
                                                  encoding="unicode")
        ####
        add_encryption = self._OneLogin_Saml2_Settings__security[
            'wantNameIdEncrypted'] or self._OneLogin_Saml2_Settings__security[
                'wantAssertionsEncrypted']

        cert_new = self.get_sp_cert_new()
        metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, cert_new, add_encryption)

        cert = self.get_sp_cert()
        metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
            metadata, cert, add_encryption)

        # Sign metadata
        if 'signMetadata' in self._OneLogin_Saml2_Settings__security and self._OneLogin_Saml2_Settings__security[
                'signMetadata'] is not False:
            if self._OneLogin_Saml2_Settings__security['signMetadata'] is True:
                # Use the SP's normal key to sign the metadata:
                if not cert:
                    raise OneLogin_Saml2_Error(
                        'Cannot sign metadata: missing SP public key certificate.',
                        OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND)
                cert_metadata = cert
                key_metadata = self.get_sp_key()
                if not key_metadata:
                    raise OneLogin_Saml2_Error(
                        'Cannot sign metadata: missing SP private key.',
                        OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND)
            else:
                # Use a custom key to sign the metadata:
                if ('keyFileName' not in
                        self._OneLogin_Saml2_Settings__security['signMetadata']
                        or 'certFileName' not in self.
                        _OneLogin_Saml2_Settings__security['signMetadata']):
                    raise OneLogin_Saml2_Error(
                        'Invalid Setting: signMetadata value of the sp is not valid',
                        OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX)
                key_file_name = self._OneLogin_Saml2_Settings__security[
                    'signMetadata']['keyFileName']
                cert_file_name = self._OneLogin_Saml2_Settings__security[
                    'signMetadata']['certFileName']
                key_metadata_file = self._OneLogin_Saml2_Settings__paths[
                    'cert'] + key_file_name
                cert_metadata_file = self._OneLogin_Saml2_Settings__paths[
                    'cert'] + cert_file_name

                try:
                    with open(key_metadata_file, 'rb') as f_metadata_key:
                        key_metadata = f_metadata_key.read().decode("utf-8")
                except IOError:
                    raise OneLogin_Saml2_Error(
                        'Private key file not readable: %s',
                        OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
                        key_metadata_file)

                try:
                    with open(cert_metadata_file, 'rb') as f_metadata_cert:
                        cert_metadata = f_metadata_cert.read().decode("utf-8")
                except IOError:
                    raise OneLogin_Saml2_Error(
                        'Public cert file not readable: %s',
                        OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
                        cert_metadata_file)

            signature_algorithm = self._OneLogin_Saml2_Settings__security[
                'signatureAlgorithm']
            digest_algorithm = self._OneLogin_Saml2_Settings__security[
                'digestAlgorithm']

            #metadata = OneLogin_Saml2_Metadata.sign_metadata(metadata, key_metadata, cert_metadata, signature_algorithm, digest_algorithm)
            metadata = AddSign(metadata, key_metadata, cert_metadata, False,
                               signature_algorithm, digest_algorithm)

        return metadata
Exemplo n.º 10
0
    def signSpMetadata(self, sp_settings):
        try:

            temp = RequestObjNew(self.request.body)
            addKeyDescriptor = distutils.util.strtobool(
                self.get_argument('addSignCert', default='true'))
            addKeyValue = distutils.util.strtobool(
                self.get_argument('addKeyValue', default='false'))

            if temp.error["code"] == 2:
                response_obj = ResponseObj(debugMessage=temp.error["message"],
                                           httpcode=400)
                response_obj.setError('400')
                logging.getLogger(
                    type(self).__module__ + "." +
                    type(self).__qualname__).error(
                        'Validation error. Json input error')
                return response_obj

            elif temp.error["code"] > 0:
                raise tornado.web.HTTPError(httpcode=503,
                                            log_message=temp.error["message"])

            metadata = temp.request['metadata']

            if sp_settings['error'] == 0 and sp_settings['result'] is not None:
                spSettings = Saml2_Settings(sp_settings['result'])

                ## add KeyDescriptor used to sign to xml
                cert = spSettings.get_sp_cert()
                if addKeyDescriptor:
                    metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(
                        metadata, cert, True)

                ## get key
                key = spSettings.get_sp_key()

                signature_algorithm = spSettings._OneLogin_Saml2_Settings__security[
                    'signatureAlgorithm']
                digest_algorithm = spSettings._OneLogin_Saml2_Settings__security[
                    'digestAlgorithm']

                metadata = AddSign(metadata,
                                   key,
                                   cert,
                                   debug=False,
                                   sign_algorithm=signature_algorithm,
                                   digest_algorithm=digest_algorithm,
                                   addKeyValue=addKeyValue)
                metadata = str(metadata, 'utf-8')
                response_obj = ResponseObj(httpcode=200)
                response_obj.setError('200')
                response_obj.setResult(metadata=metadata)

            elif sp_settings['error'] == 0 and sp_settings['result'] == None:
                response_obj = ResponseObj(httpcode=404)
                response_obj.setError('easyspid101')

            elif sp_settings['error'] > 0:
                response_obj = ResponseObj(httpcode=500,
                                           debugMessage=sp_settings['result'])
                response_obj.setError("easyspid105")

        except tornado.web.MissingArgumentError as error:
            response_obj = ResponseObj(debugMessage=error.log_message,
                                       httpcode=error.status_code,
                                       devMessage=error.log_message)
            response_obj.setError(str(error.status_code))
            logging.getLogger(
                type(self).__module__ + "." + type(self).__qualname__).error(
                    '%s' % error, exc_info=True)

        except Exception as inst:
            response_obj = ResponseObj(httpcode=500)
            response_obj.setError('500')
            logging.getLogger(
                type(self).__module__ + "." + type(self).__qualname__).error(
                    'Exception', exc_info=True)

        response_obj.setID(temp.id)
        return response_obj