Exemplo n.º 1
0
    def test_split_backend_metadata_to_separate_files(self, tmpdir,
                                                      cert_and_key,
                                                      satosa_config_dict,
                                                      saml_frontend_config,
                                                      saml_backend_config):

        satosa_config_dict["FRONTEND_MODULES"] = [saml_frontend_config]
        satosa_config_dict["BACKEND_MODULES"] = [
            saml_backend_config, saml_backend_config
        ]

        create_and_write_saml_metadata(satosa_config_dict,
                                       cert_and_key[1],
                                       cert_and_key[0],
                                       str(tmpdir),
                                       None,
                                       split_backend_metadata=True)

        conf = Config()
        conf.cert_file = cert_and_key[0]
        security_ctx = security_context(conf)

        written_metadata_files = [
            saml_backend_config["name"], saml_backend_config["name"]
        ]
        for file in written_metadata_files:
            md = MetaDataFile(None,
                              os.path.join(str(tmpdir),
                                           "{}_0.xml".format(file)),
                              security=security_ctx)
            assert md.load()
Exemplo n.º 2
0
    def test_sp_type_false(self):
        fil = "sp_mdext_conf.py"
        cnf = Config().load_file(fil, metadata_construction=True)
        cnf.setattr('sp', 'sp_type_in_metadata', False)
        ed = entity_descriptor(cnf)

        assert all(e.tag is not SPType.c_tag for e in ed.extensions.extension_elements)
Exemplo n.º 3
0
def create_metadata_string(configfile, config=None, valid=None, cert=None,
                           keyfile=None, mid=None, name=None, sign=None):
    valid_for = 0
    nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
    # paths = [".", "/opt/local/bin"]

    if valid:
        valid_for = int(valid)  # Hours

    eds = []
    if config is None:
        if configfile.endswith(".py"):
            configfile = configfile[:-3]
        config = Config().load_file(configfile, metadata_construction=True)
    eds.append(entity_descriptor(config))

    conf = Config()
    conf.key_file = config.key_file or keyfile
    conf.cert_file = config.cert_file or cert
    conf.debug = 1
    conf.xmlsec_binary = config.xmlsec_binary
    secc = security_context(conf)

    if mid:
        eid, xmldoc = entities_descriptor(eds, valid_for, name, mid,
                                          sign, secc)
    else:
        eid = eds[0]
        if sign:
            eid, xmldoc = sign_entity_descriptor(eid, mid, secc)
        else:
            xmldoc = None

    valid_instance(eid)
    return metadata_tostring_fix(eid, nspair, xmldoc)
Exemplo n.º 4
0
    def test_split_frontend_metadata_to_separate_files(
            self, tmpdir, cert_and_key, satosa_config_dict,
            saml_mirror_frontend_config, saml_backend_config,
            oidc_backend_config):

        satosa_config_dict["FRONTEND_MODULES"] = [saml_mirror_frontend_config]
        satosa_config_dict["BACKEND_MODULES"] = [
            oidc_backend_config, saml_backend_config
        ]

        create_and_write_saml_metadata(satosa_config_dict,
                                       cert_and_key[1],
                                       cert_and_key[0],
                                       str(tmpdir),
                                       None,
                                       split_frontend_metadata=True)

        conf = Config()
        conf.cert_file = cert_and_key[0]
        security_ctx = security_context(conf)

        file_pattern = "{}*.xml".format(saml_mirror_frontend_config["name"])
        written_metadata_files = glob.glob(
            os.path.join(str(tmpdir), file_pattern))
        assert len(written_metadata_files) == 2
        for file in written_metadata_files:
            md = MetaDataFile(None, file, security=security_ctx)
            assert md.load()
Exemplo n.º 5
0
def get_saml_client(domain):
    """Get SAML2 client."""
    acs_url = domain + reverse('djangosaml2:acs')
    saml_settings = {
        'metadata': {
            'remote': [{
                'url': settings.SAML2_AUTH['METADATA_AUTO_CONF_URL']
            }]
        },
        'service': {
            'sp': {
                'endpoints': {
                    'assertion_consumer_service': [
                        (acs_url, BINDING_HTTP_REDIRECT),
                        (acs_url, BINDING_HTTP_POST)
                    ],
                },
                'allow_unsolicited': True,
                'authn_requests_signed': True,
                'logout_requests_signed': True,
                'want_assertions_signed': True,
                'want_response_signed': True,
            },
        },
    }

    sp_config = Config()
    sp_config.load(saml_settings)
    sp_config.allow_unknown_attributes = True
    saml_client = Saml2Client(config=sp_config)
    return saml_client
Exemplo n.º 6
0
    def __init__(self, cargs, kwargs):
        self.nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}

        _cnf = kwargs['conf']
        res = read_multi_conf(_cnf, True)
        eds = []
        for key, cnf in res.items():
            eds.append(entity_descriptor(cnf))

        valid_for = 0

        """
            Setting things to None here that are now unused, but might be useful someday
        """
        conf = Config()
        conf.key_file = None
        conf.cert_file = None
        conf.debug = 1
        conf.xmlsec_binary = None
        args_name = None
        args_id = None
        args_sign = None
        secc = security_context(conf)

        desc, xmldoc = entities_descriptor(eds, valid_for, args_name, args_id,
                                           args_sign, secc)
        valid_instance(desc)

        self.desc = desc
        self.xmldoc = xmldoc
Exemplo n.º 7
0
def test_dual():
    cnf = Config().load_file(dotname("idp_sp_conf"))

    spe = cnf.getattr("endpoints", "sp")
    idpe = cnf.getattr("endpoints", "idp")
    assert spe
    assert idpe
    assert spe != idpe
Exemplo n.º 8
0
def test_dual():
    cnf = Config().load_file("idp_sp_conf")

    spe = cnf.getattr("endpoints", "sp")
    idpe = cnf.getattr("endpoints", "idp")
    assert spe
    assert idpe
    assert spe != idpe
Exemplo n.º 9
0
def test_load_local():
    # string representation of XML idp definition
    idp_metadata = open(full_path("metadata.xml")).read()

    saml_config = Config()

    config_dict = {"metadata": {"inline": [idp_metadata]}}
    cfg = saml_config.load(config_dict)
    assert cfg
Exemplo n.º 10
0
def test_dual():
    cnf = Config().load_file("idp_sp_conf")
    assert cnf.serves() == ["sp", "idp"]

    spcnf = cnf.copy_into("sp")
    assert isinstance(spcnf, SPConfig)
    assert spcnf.context == "sp"

    idpcnf = cnf.copy_into("idp")
    assert isinstance(idpcnf, IdPConfig)
    assert idpcnf.context == "idp"
Exemplo n.º 11
0
def test_dual():
    cnf = Config().load_file("idp_sp_conf")
    assert cnf.serves() == ["sp", "idp"]

    spcnf = cnf.copy_into("sp")
    assert isinstance(spcnf, SPConfig)
    assert spcnf.context == "sp"

    idpcnf = cnf.copy_into("idp")
    assert isinstance(idpcnf, IdPConfig)
    assert idpcnf.context == "idp"
Exemplo n.º 12
0
def test_load_local():
    # string representation of XML idp definition
    idp_metadata = open(full_path("metadata.xml")).read()

    saml_config = Config()

    config_dict = {
        "metadata": {"inline": [idp_metadata]}
    }
    cfg = saml_config.load(config_dict)
    assert cfg
Exemplo n.º 13
0
def test_3():
    cnf = Config()
    cnf.load_file(dotname("sp_1_conf"))
    assert cnf.entityid == "urn:mace:example.com:saml:roland:sp"
    assert cnf.debug == 1
    assert cnf.key_file == full_path("test.key")
    assert cnf.cert_file == full_path("test.pem")
    #assert cnf.xmlsec_binary ==  "/usr/local/bin/xmlsec1"
    assert cnf.accepted_time_diff == 60
    assert cnf.secret == "0123456789"
    assert cnf.metadata is not None
    assert cnf.attribute_converters is not None
Exemplo n.º 14
0
def test_3():
    cnf = Config()
    cnf.load_file("sp_1_conf")
    assert cnf.entityid == "urn:mace:example.com:saml:roland:sp"
    assert cnf.debug == 1
    assert cnf.key_file == "test.key"
    assert cnf.cert_file == "test.pem"
    #assert cnf.xmlsec_binary ==  "/usr/local/bin/xmlsec1"
    assert cnf.accepted_time_diff == 60
    assert cnf.secret == "0123456789"
    assert cnf.metadata is not None
    assert cnf.attribute_converters is not None
Exemplo n.º 15
0
    def dispatch(self, request, helper):
        if self.metadata_url is None:
            metadata_url = helper.fetch_state('metadata_url')
        else:
            metadata_url = self.metadata_url
        request_id = helper.fetch_state('request_id')
        settings = {
            'entityid':
            request.build_absolute_uri('/organizations/%s/' %
                                       helper.organization.slug),
            'metadata': {
                'remote': [{
                    'url': metadata_url,
                }],
            },
            'service': {
                'sp': {
                    'endpoints': {
                        'assertion_consumer_service':
                        [(request.build_absolute_uri(
                            reverse('sentry-auth-sso')), BINDING_HTTP_POST)],
                    },
                    'allow_unsolicited': False,
                    'authn_requests_signed': False,
                    'logout_requests_signed': True,
                    'want_assertions_signed': False,
                    'want_response_signed': True,
                },
            },
        }
        config = Config()
        config.load(settings)
        client = Saml2Client(config)
        response = client.parse_authn_request_response(
            request.POST['SAMLResponse'],
            BINDING_HTTP_POST,
            outstanding={request_id: True})
        extra = {
            key.lower(): value
            for key, value in response.get_identity().items()
        }
        user_info = response.get_subject()
        email = user_info.text
        username, domain = email.rsplit('@', 1)

        if not email:
            return helper.error('no email')

        helper.bind_state('email', email)
        helper.bind_state('name', extra.get('name', username))

        return helper.next_step()
Exemplo n.º 16
0
    def test_oidc_saml(self, tmpdir, cert_and_key, satosa_config_dict, oidc_frontend_config,
                       saml_backend_config):
        satosa_config_dict["FRONTEND_MODULES"] = [oidc_frontend_config]
        satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]

        create_and_write_saml_metadata(satosa_config_dict, cert_and_key[1], cert_and_key[0], str(tmpdir), None)

        conf = Config()
        conf.cert_file = cert_and_key[0]
        security_ctx = security_context(conf)
        md = MetaDataFile(None, os.path.join(str(tmpdir), "backend.xml"), security=security_ctx)
        assert md.load()

        assert not os.path.isfile(os.path.join(str(tmpdir), "frontend.xml"))
Exemplo n.º 17
0
    def test_entity_attributes(self):
        fil = "sp_mdext_conf.py"
        cnf = Config().load_file(fil, metadata_construction=True)
        ed = entity_descriptor(cnf)

        entity_attributes = next(
            e
            for e in ed.extensions.extension_elements
            if e.tag == 'EntityAttributes'
        )
        attributes = [
            parse_str_as(Attribute, e.to_string())
            for e in entity_attributes.children
        ]
        assert all(
            a.name in [
                "urn:oasis:names:tc:SAML:profiles:subject-id:req",
                "somename",
            ]
            for a in attributes
        )

        import saml2.attribute_converter
        attrc = saml2.attribute_converter.ac_factory()

        import saml2.mdstore
        mds = saml2.mdstore.MetadataStore(attrc, cnf)

        mds.load("inline", ed.to_string())
        entityid = ed.entity_id
        entity_attributes = mds.entity_attributes(entityid)
        assert entity_attributes == {
            'urn:oasis:names:tc:SAML:profiles:subject-id:req': ['any'],
            'somename': ['x', 'y', 'z'],
        }
Exemplo n.º 18
0
    def test_split_backend_metadata_to_separate_files(self, tmpdir, cert_and_key, satosa_config_dict,
                                                      saml_frontend_config, saml_backend_config):

        satosa_config_dict["FRONTEND_MODULES"] = [saml_frontend_config]
        satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config, saml_backend_config]

        create_and_write_saml_metadata(satosa_config_dict, cert_and_key[1], cert_and_key[0], str(tmpdir), None,
                                       split_backend_metadata=True)

        conf = Config()
        conf.cert_file = cert_and_key[0]
        security_ctx = security_context(conf)

        written_metadata_files = [saml_backend_config["name"], saml_backend_config["name"]]
        for file in written_metadata_files:
            md = MetaDataFile(None, os.path.join(str(tmpdir), "{}_0.xml".format(file)), security=security_ctx)
            assert md.load()
Exemplo n.º 19
0
    def test_oidc_saml(self, tmpdir, cert_and_key, satosa_config_dict,
                       oidc_frontend_config, saml_backend_config):
        satosa_config_dict["FRONTEND_MODULES"] = [oidc_frontend_config]
        satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]

        create_and_write_saml_metadata(satosa_config_dict, cert_and_key[1],
                                       cert_and_key[0], str(tmpdir), None)

        conf = Config()
        conf.cert_file = cert_and_key[0]
        security_ctx = security_context(conf)
        md = MetaDataFile(None,
                          os.path.join(str(tmpdir), "backend.xml"),
                          security=security_ctx)
        assert md.load()

        assert not os.path.isfile(os.path.join(str(tmpdir), "frontend.xml"))
Exemplo n.º 20
0
    def __init__(self,
                 user,
                 passwd,
                 sp="",
                 idp=None,
                 metadata_file=None,
                 xmlsec_binary=None,
                 verbose=0,
                 ca_certs="",
                 disable_ssl_certificate_validation=True,
                 key_file=None,
                 cert_file=None,
                 config=None):
        """
        :param user: user name
        :param passwd: user password
        :param sp: The SP URL
        :param idp: The IdP PAOS endpoint
        :param metadata_file: Where the metadata file is if used
        :param xmlsec_binary: Where the xmlsec1 binary can be found (*)
        :param verbose: Chatty or not
        :param ca_certs: is the path of a file containing root CA certificates
            for SSL server certificate validation (*)
        :param disable_ssl_certificate_validation: If
            disable_ssl_certificate_validation is true, SSL cert validation
            will not be performed (*)
        :param key_file: Private key filename (*)
        :param cert_file: Certificate filename (*)
        :param config: Config() instance, overrides all the parameters marked
            with an asterisk (*) above
        """
        if not config:
            config = Config()
            config.disable_ssl_certificate_validation = \
                disable_ssl_certificate_validation
            config.key_file = key_file
            config.cert_file = cert_file
            config.ca_certs = ca_certs
            config.xmlsec_binary = xmlsec_binary

        Entity.__init__(self, "sp", config)
        self._idp = idp
        self._sp = sp
        self.user = user
        self.passwd = passwd
        self._verbose = verbose

        if metadata_file:
            self._metadata = MetadataStore([saml, samlp], None, config)
            self._metadata.load("local", metadata_file)
            logger.debug("Loaded metadata from '%s'" % metadata_file)
        else:
            self._metadata = None

        self.metadata = self._metadata

        self.cookie_handler = None

        self.done_ecp = False
        self.cookie_jar = cookielib.LWPCookieJar()
Exemplo n.º 21
0
def create_metadata_string(configfile, config=None, valid=None, cert=None,
                           keyfile=None, mid=None, name=None, sign=None):
    valid_for = 0
    nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
    # paths = [".", "/opt/local/bin"]

    if valid:
        valid_for = int(valid)  # Hours

    eds = []
    if config is None:
        if configfile.endswith(".py"):
            configfile = configfile[:-3]
        config = Config().load_file(configfile, metadata_construction=True)
    eds.append(entity_descriptor(config))

    conf = Config()
    conf.key_file = config.key_file or keyfile
    conf.cert_file = config.cert_file or cert
    conf.debug = 1
    conf.xmlsec_binary = config.xmlsec_binary
    secc = security_context(conf)

    if mid:
        eid, xmldoc = entities_descriptor(eds, valid_for, name, mid,
                                          sign, secc)
    else:
        eid = eds[0]
        if sign:
            eid, xmldoc = sign_entity_descriptor(eid, mid, secc)
        else:
            xmldoc = None

    valid_instance(eid)
    return metadata_tostring_fix(eid, nspair, xmldoc)
Exemplo n.º 22
0
    def test_sp_type_true(self):
        fil = "sp_mdext_conf.py"
        cnf = Config().load_file(fil, metadata_construction=True)
        ed = entity_descriptor(cnf)

        assert ed.spsso_descriptor.extensions
        assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
        assert ed.extensions
        assert len(ed.extensions.extension_elements) > 1
        assert any(e.tag is SPType.c_tag for e in ed.extensions.extension_elements)
Exemplo n.º 23
0
 def _saml2_config(self):
     if hasattr(self, '_v_cached_config') and self._v_cached_config:
         return self._v_cached_config
     config = Config()
     conf=sp_config.copy()
     metadata_file = self.config['metadata_file']
     if not metadata_file:
         path = os.path.dirname(__file__)
         metadata_file = os.path.join(path, 'metadata.xml')
     conf['metadata']['local'] = [metadata_file]
     config.load(conf)
     config['entityid'] = self.config['portal_url']
     config['service']['sp']['name'] = self.config['portal_name']
     config['service']['sp']['url'] = self.config['portal_url']
     required_attributes = []
     for attribute in self.config['required_attributes'].split('\r\n'):
         name = attributes.get(attribute, None)
         if name:
             required_attributes.append(name)
         elif attribute in attributes.values():
             required_attributes.append(attribute)
     optional_attributes = []
     for attribute in self.config['optional_attributes'].split('\r\n'):
         name = attributes.get(attribute, None)
         if name:
             optional_attributes.append(name)
         elif attribute in attributes.values():
             optional_attributes.append(attribute)
     config['service']['sp']['required_attributes'] = required_attributes
     config['service']['sp']['optional_attributes'] = optional_attributes
     config['service']['sp']['privacy_notice'] = self.config['privacy_notice']
     config['key_file'] = self.config['key_file']
     config['cert_file'] = self.config['cert_file']
     config['xmlsec_binary'] = self.config['xmlsec_binary']
     
     # Get Idps from the metadata
     config['service']['sp']['idp'] = {}
     for location in config['metadata'].locations():
         name = config['metadata'].name(location)
         config['service']['sp']['idp'][name] = location 
                 
     self._v_cached_config = config
     return self._v_cached_config
Exemplo n.º 24
0
    def __init__(self, user, passwd, sp="", idp=None, metadata_file=None,
                 xmlsec_binary=None, verbose=0, ca_certs="",
                 disable_ssl_certificate_validation=True, key_file=None,
                 cert_file=None):
        """
        :param user: user name
        :param passwd: user password
        :param sp: The SP URL
        :param idp: The IdP PAOS endpoint
        :param metadata_file: Where the metadata file is if used
        :param xmlsec_binary: Where the xmlsec1 binary can be found
        :param verbose: Chatty or not
        :param ca_certs: is the path of a file containing root CA certificates
            for SSL server certificate validation.
        :param disable_ssl_certificate_validation: If
            disable_ssl_certificate_validation is true, SSL cert validation
            will not be performed.
        """
        config = Config()
        config.disable_ssl_certificate_validation = disable_ssl_certificate_validation
        config.key_file = key_file
        config.cert_file = cert_file
        config.ca_certs = ca_certs

        Entity.__init__(self, "sp", config)
        self._idp = idp
        self._sp = sp
        self.user = user
        self.passwd = passwd
        self._verbose = verbose

        if metadata_file:
            self._metadata = MetadataStore([saml, samlp], None, xmlsec_binary)
            self._metadata.load("local", metadata_file)
            logger.debug("Loaded metadata from '%s'" % metadata_file)
        else:
            self._metadata = None

        self.cookie_handler = None

        self.done_ecp = False
        self.cookie_jar = cookielib.LWPCookieJar()
Exemplo n.º 25
0
    def test_split_frontend_metadata_to_separate_files(self, tmpdir, cert_and_key, satosa_config_dict,
                                                       saml_mirror_frontend_config, saml_backend_config,
                                                       oidc_backend_config):

        satosa_config_dict["FRONTEND_MODULES"] = [saml_mirror_frontend_config]
        satosa_config_dict["BACKEND_MODULES"] = [oidc_backend_config, saml_backend_config]

        create_and_write_saml_metadata(satosa_config_dict, cert_and_key[1], cert_and_key[0], str(tmpdir), None,
                                       split_frontend_metadata=True)

        conf = Config()
        conf.cert_file = cert_and_key[0]
        security_ctx = security_context(conf)

        file_pattern = "{}*.xml".format(saml_mirror_frontend_config["name"])
        written_metadata_files = glob.glob(os.path.join(str(tmpdir), file_pattern))
        assert len(written_metadata_files) == 2
        for file in written_metadata_files:
            md = MetaDataFile(None, file, security=security_ctx)
            assert md.load()
Exemplo n.º 26
0
 def dispatch(self, request, helper):
     if self.metadata_url is None:
         metadata_url = helper.fetch_state('metadata_url')
     else:
         metadata_url = self.metadata_url
     org = self.get_active_organization(request)
     settings = {
         'entityid':
         request.build_absolute_uri('/organizations/%s/' % org.slug),
         'metadata': {
             'remote': [{
                 'url': metadata_url,
             }],
         },
         'service': {
             'sp': {
                 'endpoints': {
                     'assertion_consumer_service':
                     [(request.build_absolute_uri(
                         reverse('sentry-auth-sso')), BINDING_HTTP_POST)],
                 },
                 'allow_unsolicited': False,
                 'authn_requests_signed': False,
                 'logout_requests_signed': True,
                 'want_assertions_signed': False,
                 'want_response_signed': True,
             },
         },
     }
     config = Config()
     config.load(settings)
     client = Saml2Client(config)
     request_id, headers = client.prepare_for_authenticate()
     helper.bind_state('request_id', request_id)
     for key, value in headers['headers']:
         if key is 'Location':
             # helper.incr_step()
             helper.request.session['auth']['idx'] += 1
             helper.request.session.modified = True
             return self.redirect(value)
Exemplo n.º 27
0
def create_metadata_string(configfile, config, valid, cert, keyfile, id, name,
                           sign):
    valid_for = 0
    nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
    #paths = [".", "/opt/local/bin"]

    if valid:
        valid_for = int(valid)  # Hours

    eds = []
    if config is not None:
        eds.append(entity_descriptor(config))
    else:
        if configfile.endswith(".py"):
            configfile = configfile[:-3]
        config = Config().load_file(configfile, metadata_construction=True)
        eds.append(entity_descriptor(config))

    conf = Config()
    conf.key_file = keyfile
    conf.cert_file = cert
    conf.debug = 1
    conf.xmlsec_binary = config.xmlsec_binary
    secc = security_context(conf)

    if id:
        desc = entities_descriptor(eds, valid_for, name, id,
                                   sign, secc)
        valid_instance(desc)

        return metadata_tostring_fix(desc, nspair)
    else:
        for eid in eds:
            if sign:
                desc = sign_entity_descriptor(eid, id, secc)
            else:
                desc = eid
            valid_instance(desc)
            return metadata_tostring_fix(desc, nspair)
Exemplo n.º 28
0
def _make_metadata(config_dict, option):
    """
    Creates metadata from the given idp config

    :type config_dict: dict[str, Any]
    :type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption
    :rtype: str

    :param config_dict: config
    :param option: metadata creation settings
    :return: A xml string
    """
    eds = []
    cnf = Config()
    cnf.load(copy.deepcopy(config_dict), metadata_construction=True)

    if option.valid:
        cnf.valid_for = option.valid
    eds.append(entity_descriptor(cnf))

    conf = Config()
    conf.key_file = option.keyfile
    conf.cert_file = option.cert
    conf.debug = 1
    conf.xmlsec_binary = option.xmlsec
    secc = security_context(conf)

    if option.id:
        desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id, option.sign, secc)
        valid_instance(desc)
        print(desc.to_string(NSPAIR))
    else:
        for eid in eds:
            if option.sign:
                assert conf.key_file
                assert conf.cert_file
                eid, xmldoc = sign_entity_descriptor(eid, option.id, secc)
            else:
                xmldoc = None

            valid_instance(eid)
            xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode()
            return xmldoc
Exemplo n.º 29
0
    def __init__(self, idp_conf, logger, conf, publicKey, privateKey, metadataList):
        """
        Constructor.
        Initiates the class.
        :param logger: Logger to be used when something needs to be logged.
        :param conf: idp_proxy_conf see IdpProxy/conig/idp_proxy_conf.example.py
        :param key: A RSA key to be used for encryption.
        :param metadataList: A list of metadata files.
            [{"local": ["swamid-1.0.xml"]}, {"local": ["sp.xml"]}]
        :raise:
        """
        if (logger is None) or (conf is None) or (publicKey is None)or (privateKey is None):
            raise ValueError(
                "A new instance must include a value for logger, conf and key.")
        #Public key to be used for encryption.
        self.publicKey = publicKey
        self.privateKey = privateKey
        #Used for presentation of mako files.
        self.lookup = TemplateLookup(
            directories=[MetadataGeneration.CONST_STATIC_MAKO + 'templates',
                         MetadataGeneration.CONST_STATIC_MAKO + 'htdocs'],
            module_directory='modules',
            input_encoding='utf-8',
            output_encoding='utf-8')
        #The logger.
        self.logger = logger
        #A list of all social services used by this IdPproxy.
        self.socialServiceKeyList = []
        #A list of all service providers used by this sp.
        self.spKeyList = []
        for key in conf:
            self.socialServiceKeyList.append(conf[key]["name"])

        try:
            xmlsec_path = get_xmlsec_binary(["/opt/local/bin"])
        except:
            try:
                xmlsec_path = get_xmlsec_binary(["/usr/local/bin"])
            except:
                self.logger.info('Xmlsec must be installed! Tries /usr/bin/xmlsec1.')
                xmlsec_path = '/usr/bin/xmlsec1'

        self.xmlsec_path = xmlsec_path

        config = Config()
        config.disable_ssl_certificate_validation = True
        config.key_file = idp_conf["key_file"]
        config.cert_file = idp_conf["cert_file"]
        config.xmlsec_binary = idp_conf["xmlsec_binary"]
        config.debug = idp_conf["debug"]

        for metadata in metadataList:
            mds = MetadataStore(MetadataGeneration.CONST_ONTS.values(),
                                MetadataGeneration.CONST_ATTRCONV, config)
            mds.imp(metadata)
            for entityId in mds.keys():
                self.spKeyList.append(entityId)
Exemplo n.º 30
0
    def __init__(self, user, passwd, sp="", idp=None, metadata_file=None,
                 xmlsec_binary=None, verbose=0, ca_certs="",
                 disable_ssl_certificate_validation=True, key_file=None,
                 cert_file=None, config=None):
        """
        :param user: user name
        :param passwd: user password
        :param sp: The SP URL
        :param idp: The IdP PAOS endpoint
        :param metadata_file: Where the metadata file is if used
        :param xmlsec_binary: Where the xmlsec1 binary can be found (*)
        :param verbose: Chatty or not
        :param ca_certs: is the path of a file containing root CA certificates
            for SSL server certificate validation (*)
        :param disable_ssl_certificate_validation: If
            disable_ssl_certificate_validation is true, SSL cert validation
            will not be performed (*)
        :param key_file: Private key filename (*)
        :param cert_file: Certificate filename (*)
        :param config: Config() instance, overrides all the parameters marked
            with an asterisk (*) above
        """
        if not config:
            config = Config()
            config.disable_ssl_certificate_validation = \
                disable_ssl_certificate_validation
            config.key_file = key_file
            config.cert_file = cert_file
            config.ca_certs = ca_certs
            config.xmlsec_binary = xmlsec_binary

        Entity.__init__(self, "sp", config)
        self._idp = idp
        self._sp = sp
        self.user = user
        self.passwd = passwd
        self._verbose = verbose

        if metadata_file:
            self._metadata = MetadataStore([saml, samlp], None, config)
            self._metadata.load("local", metadata_file)
            logger.debug("Loaded metadata from '%s'" % metadata_file)
        else:
            self._metadata = None

        self.metadata = self._metadata

        self.cookie_handler = None

        self.done_ecp = False
        self.cookie_jar = http.cookiejar.LWPCookieJar()
Exemplo n.º 31
0
def get_configurations(config_file, metadata_construction=True, metadata=None, cache=None):
    if config_file.endswith(".py"):
            config_file = config_file[:-3]
    conf = None
    try:
        conf = __import__(config_file, level=-1)
    except:
        pass
    assert conf, "No configuration/invalid file with the name: %s" % config_file
    #idp_conf = config_factory("idp", config_file)
    assert conf.SP_ENTITY_CATEGORIES, "The configuration file must contain a list of entity categories in." \
                                      " SP_ENTITY_CATEGORIES"
    assert isinstance(conf.SP_ENTITY_CATEGORIES, list), "SP_ENTITY_CATEGORIES must be a list."
    assert len(conf.SP_ENTITY_CATEGORIES)>0, "SP_ENTITY_CATEGORIES list must not be empty."

    base_config = copy.deepcopy(copy.deepcopy(conf.CONFIG))

    idp_config = copy.deepcopy(base_config)
    idp_config["entityid"] = idp_config["entityid"] % ""
    del(idp_config["service"]["sp"])
    new_endpoints = {}
    for endpoint in idp_config["service"]["idp"]["endpoints"]:
        new_endpoint = []
        for value in idp_config["service"]["idp"]["endpoints"][endpoint]:
            new_endpoint.append((value[0] % "", value[1]))
        new_endpoints[endpoint] = new_endpoint
    idp_config["service"]["idp"]["endpoints"] = new_endpoints

    sp_configs = {}
    sp_config = {}
    sp_entity_categories = copy.deepcopy(conf.SP_ENTITY_CATEGORIES)
    if conf.SP_ENTITY_CATEGORIES_DEFAULT is not None:
        sp_entity_categories.append({"name": "default", "entcat": conf.SP_ENTITY_CATEGORIES_DEFAULT})
    for sp_cat in sp_entity_categories:
        sp_name = sp_cat["name"]
        sp_url = "/" + sp_name + "_sp"
        tmp_sp_config = copy.deepcopy(base_config)
        tmp_sp_config["entity_category"] = sp_cat["entcat"]
        del(tmp_sp_config["service"]["idp"])
        tmp_sp_config["entityid"] = tmp_sp_config["entityid"] % sp_url
        new_endpoints = {}
        for endpoint in tmp_sp_config["service"]["sp"]["endpoints"]:
            new_endpoint = []
            for value in tmp_sp_config["service"]["sp"]["endpoints"][endpoint]:
                new_endpoint.append((value[0] % sp_url, value[1]))
            new_endpoints[endpoint] = new_endpoint
        tmp_sp_config["service"]["sp"]["endpoints"] = new_endpoints
        if metadata is not None:
            tmp_sp_config["metadata"] = {}
        sp_config = {
            "url": sp_url,
            "name": sp_name,
            "entity_id": tmp_sp_config["entityid"],
            "config": Config().load(tmp_sp_config, metadata_construction=True)
        }
        if metadata is not None:
            sp_config["config"].metadata = metadata
        sp_configs[sp_name] = sp_config
    if metadata is not None:
        idp_config["metadata"] = {}
    idp_config = Config().load(idp_config, metadata_construction=True)
    if metadata is not None:
        idp_config.metadata = metadata
    return idp_config, sp_configs

    #make_temp("%s" % cert_key_str, decode=False)
Exemplo n.º 32
0
 def signature_security_context(self, cert_and_key):
     conf = Config()
     conf.cert_file = cert_and_key[0]
     conf.key_file = cert_and_key[1]
     return security_context(conf)
Exemplo n.º 33
0
 def signature_security_context(self, cert_and_key):
     conf = Config()
     conf.cert_file = cert_and_key[0]
     conf.key_file = cert_and_key[1]
     return security_context(conf)
Exemplo n.º 34
0
 def verification_security_context(self, cert_and_key):
     conf = Config()
     conf.cert_file = cert_and_key[0]
     return security_context(conf)
Exemplo n.º 35
0
def _get_security_context(key, cert):
    conf = Config()
    conf.key_file = key
    conf.cert_file = cert
    return security_context(conf)
Exemplo n.º 36
0
if args.valid:
    # translate into hours
    valid_for = int(args.valid) * 24
if args.xmlsec:
    xmlsec = args.xmlsec
else:
    xmlsec = get_xmlsec_binary(paths)

eds = []
for filespec in args.config:
    bas, fil = os.path.split(filespec)
    if bas != "":
        sys.path.insert(0, bas)
    if fil.endswith(".py"):
        fil = fil[:-3]
    cnf = Config().load_file(fil, metadata_construction=True)
    eds.append(entity_descriptor(cnf))

secc = SecurityContext(xmlsec, args.keyfile, cert_file=args.cert)
if args.id:
    desc = entities_descriptor(eds, valid_for, args.name, args.id, args.sign,
                               secc)
    valid_instance(desc)
    print desc.to_string(nspair)
else:
    for eid in eds:
        if args.sign:
            desc = sign_entity_descriptor(eid, id, secc)
        else:
            desc = eid
        valid_instance(desc)
Exemplo n.º 37
0
def _get_security_context(key, cert):
    conf = Config()
    conf.key_file = key
    conf.cert_file = cert
    return security_context(conf)
Exemplo n.º 38
0
def _create_entity_descriptor(entity_config):
    cnf = Config().load(copy.deepcopy(entity_config), metadata_construction=True)
    return entity_descriptor(cnf)
Exemplo n.º 39
0
 def verification_security_context(self, cert_and_key):
     conf = Config()
     conf.cert_file = cert_and_key[0]
     return security_context(conf)
Exemplo n.º 40
0
Arquivo: util.py Projeto: trsau/SATOSA
def create_metadata_from_config_dict(config):
    nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
    conf = Config().load(config, metadata_construction=True)
    return entity_descriptor(conf).to_string(nspair).decode("utf-8")
Exemplo n.º 41
0
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
paths = [".", "/opt/local/bin"]

if args.valid:
    # translate into hours
    valid_for = int(args.valid) * 24

eds = []
for filespec in args.config:
    bas, fil = os.path.split(filespec)
    if bas != "":
        sys.path.insert(0, bas)
    if fil.endswith(".py"):
        fil = fil[:-3]
    cnf = Config().load_file(fil, metadata_construction=True)
    if valid_for:
        cnf.valid_for = valid_for
    eds.append(entity_descriptor(cnf))

conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)

if args.id:
    desc, xmldoc = entities_descriptor(eds, valid_for, args.name, args.id,
                                       args.sign, secc)
    valid_instance(desc)
Exemplo n.º 42
0
def _make_metadata(config_dict, option):
    """
    Creates metadata from the given idp config

    :type config_dict: dict[str, Any]
    :type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption
    :rtype: str

    :param config_dict: config
    :param option: metadata creation settings
    :return: A xml string
    """
    eds = []
    cnf = Config()
    cnf.load(copy.deepcopy(config_dict), metadata_construction=True)

    if option.valid:
        cnf.valid_for = option.valid
    eds.append(entity_descriptor(cnf))

    conf = Config()
    conf.key_file = option.keyfile
    conf.cert_file = option.cert
    conf.debug = 1
    conf.xmlsec_binary = option.xmlsec
    secc = security_context(conf)

    if option.id:
        desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id,
                                           option.sign, secc)
        valid_instance(desc)
        print(desc.to_string(NSPAIR))
    else:
        for eid in eds:
            if option.sign:
                assert conf.key_file
                assert conf.cert_file
                eid, xmldoc = sign_entity_descriptor(eid, option.id, secc)
            else:
                xmldoc = None

            valid_instance(eid)
            xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode()
            return xmldoc
Exemplo n.º 43
0
if args.valid:
    # translate into hours
    valid_for = int(args.valid) * 24


eds = []
for filespec in args.config:
    bas, fil = os.path.split(filespec)
    if bas != "":
        sys.path.insert(0, bas)
    if fil.endswith(".py"):
        fil = fil[:-3]
    cnf = Config().load_file(fil, metadata_construction=True)
    eds.append(entity_descriptor(cnf))

conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)

if args.id:
    desc = entities_descriptor(eds, valid_for, args.name, args.id,
                               args.sign, secc)
    valid_instance(desc)
    print desc.to_string(nspair)
else:
    for eid in eds:
        if args.sign:
            assert conf.key_file
Exemplo n.º 44
0
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
paths = [".", "/opt/local/bin"]

if args.valid:
    # translate into hours
    valid_for = int(args.valid) * 24

eds = []
for filespec in args.config:
    bas, fil = os.path.split(filespec)
    if bas != "":
        sys.path.insert(0, bas)
    if fil.endswith(".py"):
        fil = fil[:-3]
    cnf = Config().load_file(fil)
    if valid_for:
        cnf.valid_for = valid_for
    eds.append(entity_descriptor(cnf))

conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)

if args.id:
    desc, xmldoc = entities_descriptor(eds, valid_for, args.name, args.id,
                                       args.sign, secc)
    valid_instance(desc)
Exemplo n.º 45
0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
paths = [".", "/opt/local/bin"]

if args.valid:
    # translate into hours
    valid_for = int(args.valid) * 24


eds = []
for filespec in args.config:
    bas, fil = os.path.split(filespec)
    if bas != "":
        sys.path.insert(0, bas)
    if fil.endswith(".py"):
        fil = fil[:-3]
    cnf = Config().load_file(fil, metadata_construction=True)
    if valid_for:
        cnf.valid_for = valid_for
    eds.append(entity_descriptor(cnf))

conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)

if args.id:
    desc, xmldoc = entities_descriptor(eds, valid_for, args.name, args.id,
                                       args.sign, secc)
    valid_instance(desc)
Exemplo n.º 46
0
def _create_entity_descriptor(entity_config):
    cnf = Config().load(copy.deepcopy(entity_config))
    return entity_descriptor(cnf)
Exemplo n.º 47
0
from saml2.config import Config
from saml2.metadata import entity_descriptor
from saml2.extension.sp_type import SPType

__author__ = 'roland'

fil = "sp_mdext_conf.py"

cnf = Config().load_file(fil, metadata_construction=True)
ed = entity_descriptor(cnf)

print(ed)

assert ed.spsso_descriptor.extensions
assert len(ed.spsso_descriptor.extensions.extension_elements) == 3

assert ed.extensions
assert len(ed.extensions.extension_elements) > 1

assert any(e.tag is SPType.c_tag for e in ed.extensions.extension_elements)

cnf.setattr('sp', 'sp_type_in_metadata', False)
ed = entity_descriptor(cnf)

print(ed)

assert all(e.tag is not SPType.c_tag for e in ed.extensions.extension_elements)