def get_assertions_by_subject(self, name_id=None, session_index=None, requested_context=None): """ :param name_id: One of name_id or key can be used to get the authn statement :param session_index: If match against a session index should be done :param requested_context: Authn statements should match a specific authn context :return: """ result = [] key = sha1(code_binary(name_id)).hexdigest() for item in self.assertion.find({"name_id_key": key}): assertion = from_dict(item["assertion"], ONTS, True) if session_index or requested_context: for statement in assertion.authn_statement: if session_index: if statement.session_index == session_index: result.append(assertion) break if requested_context: if context_match(requested_context, statement.authn_context): result.append(assertion) break else: result.append(assertion) return result
def get_authn_statements(self, name_id=None, key="", session_index=None, requested_context=None): """ :param name_id: One of name_id or key can be used to get the authn statement :param key: :param session_index: :param requested_context: :return: """ result = [] key = sha1(code(name_id)).hexdigest() try: statements = [from_dict(t, ONTS, True) for t in self.authn[key]] except KeyError: logger.info("Unknown subject %s" % name_id) return [] for statement in statements: if session_index: if statement.session_index != session_index: continue if requested_context: if not context_match(requested_context, statement.authn_context): continue result.append(statement) return result
def extract(self): """ Creates separate metadata file for each Service Provider entityID in the original metadata files. It will weed out SPs that fulfills any of these criteria: 1. no valid keys 2. no Assertion Consuming Services endpoints with bindings supported by ADFS 3. no HTTPS based Assertion Consuming Service endpoints """ pshScript = "" pshScriptTemplate = Template(open(self.powershell_metadata_update, 'r').read()) # for EntityDescriptor extracts SP and write a single metadata file for eid, entity in self.mds.items(): if "spsso_descriptor" in entity: if not self.entity_to_ignore(eid): print "---- %s ----" % eid entity = self.stripRolloverKeys(entity) if not entity: print "No working keys for %s" % eid continue entity = self.stripBindingsNotSupported(entity) if not entity: print "No working endpoints for %s" % eid continue fname = eid.replace('/', '_').replace('.', '_').replace( ':', '_') fname = "".join( [x for x in fname if x.isalpha() or x.isdigit() or x == '-' or x == '_']) print " ".join(["Generating XML metadata for", eid]) entityFileName = pjoin(self.metadata_dir, fname + ".xml") entityFile = open(entityFileName, "w") entityFile.write("%s" % from_dict(entity, ONTS)) entityFile.close() rulesetFileName = pjoin(self.ruleset_dir, fname) self.ruleset_creation(self.my_claim_type, rulesetFileName, entity) pshScript += pshScriptTemplate.substitute( fedName=self.fed_name_prefix, metadataFile=entityFileName, rpName=eid, rulesetFile=rulesetFileName) if pshScript: print "Generating powershell script for Relying Party configuration update..." pshScriptBaseTemplate = Template(open(self.powershell_base, 'r').read()) pshScript = pshScriptBaseTemplate.substitute( fedName=self.fed_name_prefix) + pshScript pshScriptFile = open('update_adfs_rptrust.ps1', 'w') pshScriptFile.write(pshScript) pshScriptFile.close()
def get_assertion(self, cid): res = [] for item in self.assertion.find({"assertion_id": cid}): res.append({"assertion": from_dict(item["assertion"], ONTS, True), "to_sign": item["to_sign"]}) if len(res) == 1: return res[0] elif res is []: return None else: raise SystemError("More then one assertion with the same ID")
def test_construct_contact(): c = from_dict({ "__class__": _class(md.ContactPerson), "given_name":{"text":"Roland", "__class__": _class(md.GivenName)}, "sur_name": {"text":"Hedberg", "__class__": _class(md.SurName)}, "email_address": [{"text":"*****@*****.**", "__class__": _class(md.EmailAddress)}], }, ONTS) print c assert c.given_name.text == "Roland" assert c.sur_name.text == "Hedberg" assert c.email_address[0].text == "*****@*****.**" assert _eq(c.keyswv(), ["given_name","sur_name","email_address"])
def match_local_id(self, userid, sp_name_qualifier, name_qualifier): """ Match a local persistent identifier. Look for an existing persistent NameID matching userid, sp_name_qualifier and name_qualifier. """ filter = { "name_id.sp_name_qualifier": sp_name_qualifier, "name_id.name_qualifier": name_qualifier, "name_id.format": NAMEID_FORMAT_PERSISTENT, } res = self.mdb.get(value=userid, **filter) if not res: return None return from_dict(res[0]["name_id"], ONTS, True)
def find_nameid(self, userid, nformat=None, sp_name_qualifier=None, name_qualifier=None, sp_provided_id=None, **nvargs): kwargs = {} if nformat: kwargs["name_format"] = nformat if sp_name_qualifier: kwargs["sp_name_qualifier"] = sp_name_qualifier if name_qualifier: kwargs["name_qualifier"] = name_qualifier if sp_provided_id: kwargs["sp_provided_id"] = sp_provided_id res = [] for item in self.mdb.get(userid, **kwargs): res.append(from_dict(item["name_id"], ONTS, True)) return res
def find_nameid(self, userid, nformat=None, sp_name_qualifier=None, name_qualifier=None, sp_provided_id=None): kwargs = {} if nformat: kwargs["name_format"] = nformat if sp_name_qualifier: kwargs["sp_name_qualifier"] = sp_name_qualifier if name_qualifier: kwargs["name_qualifier"] = name_qualifier if sp_provided_id: kwargs["sp_provided_id"] = sp_provided_id res = [] for item in self.mdb.get(userid, **kwargs): res.append(from_dict(item["name_id"], ONTS, True)) return res
def test_construct_contact(): c = from_dict( { "__class__": _class(md.ContactPerson), "given_name": { "text": "Roland", "__class__": _class(md.GivenName) }, "sur_name": { "text": "Hedberg", "__class__": _class(md.SurName) }, "email_address": [{ "text": "*****@*****.**", "__class__": _class(md.EmailAddress) }], }, ONTS) print c assert c.given_name.text == "Roland" assert c.sur_name.text == "Hedberg" assert c.email_address[0].text == "*****@*****.**" assert _eq(c.keyswv(), ["given_name", "sur_name", "email_address"])
__author__ = 'rolandh' from saml2.mdie import from_dict import xmldsig import xmlenc from saml2 import md from saml2 import saml from saml2.extension import dri from saml2.extension import idpdisc from saml2.extension import mdattr from saml2.extension import mdui from saml2.extension import ui ONTS = { dri.NAMESPACE: dri, idpdisc.NAMESPACE: idpdisc, md.NAMESPACE: md, mdattr.NAMESPACE: mdattr, mdui.NAMESPACE: mdui, saml.NAMESPACE: saml, ui.NAMESPACE: ui, xmlenc.NAMESPACE: xmlenc, xmldsig.NAMESPACE: xmldsig, } _dict = eval(open(sys.argv[1]).read()) res = from_dict(_dict, ONTS) print res
def get_assertion(self, cid): _dict = self.assertion[cid] return {"assertion": from_dict(_dict["assertion"], ONTS, True), "to_sign": _dict["to_sign"]}